#atlantis (2021-08)

atlantis

Discuss the Atlantis (http://runatlantis.io|runatlantis.io) *Archive: * https://archive.sweetops.com/atlantis/

2021-08-12

Yoni Leitersdorf (Indeni Cloudrail) avatar
Yoni Leitersdorf (Indeni Cloudrail)

Imagine you need to use a specific Python package as a run step in the custom workflow in Atlantis, and that package needs to be installed in advance.

Where do you install that package? • As a set of run in the init phase

• As part of your dockerfile or environment where you run Atlantis

• Pre-workflow hook (https://www.runatlantis.io/docs/pre-workflow-hooks.html#usage) Something else?

Pre Workflow Hooks | Atlantis

Atlantis: Terraform Pull Request Automation

David avatar
David

I think the dockerfile is the cleanest, as it can be installed system wide. There may be many run steps that run or pre-workflow hooks, and some of those may be done in parallel, which can get messy with certain package managers.

Pre Workflow Hooks | Atlantis

Atlantis: Terraform Pull Request Automation

jose.amengual avatar
jose.amengual

you build your own image

jose.amengual avatar
jose.amengual

you could add a lot of stuff as run commands but it gets messy pretty quickly as @David said

Yoni Leitersdorf (Indeni Cloudrail) avatar
Yoni Leitersdorf (Indeni Cloudrail)

Great thanks!

Yoni Leitersdorf (Indeni Cloudrail) avatar
Yoni Leitersdorf (Indeni Cloudrail)

Another question - if you need Atlantis to have secrets (like an API key to another service), where are you storing them?

jose.amengual avatar
jose.amengual

Parameter Store or Secret Manager

jose.amengual avatar
jose.amengual

expose as secrets in the Task Def/Container/Pod

jose.amengual avatar
jose.amengual

external secrets provider etc

jose.amengual avatar
jose.amengual

some they get created in TF ( which will be stored in the state)

jose.amengual avatar
jose.amengual

some will be created with clickops and read from

jose.amengual avatar
jose.amengual

( master secrets that need to be created by hand before any gitops can happen and might be stored in a password manager like lastpass or 1password)

Yoni Leitersdorf (Indeni Cloudrail) avatar
Yoni Leitersdorf (Indeni Cloudrail)

OK so Atlantis runs within some context that gives it access to secrets (For example, under a role in AWS that has access to the secrets). Then, you pull those secrets into env variables (using env with a command), and you use the env variables?

jose.amengual avatar
jose.amengual

yes

jose.amengual avatar
jose.amengual

in the case of ECS in AWS for example, you can expose a secret as a ENV variable to the container OR terraform will read something like this :

resource "aws_ssm_parameter" "datadog_key" {
  name        = "/datadog/api-key"
  description = "Test Datadog key"
  type        = "SecureString"
  value       = "testkey"
}
jose.amengual avatar
jose.amengual

with the data resource

2021-08-09

2021-08-07

sohel2020 avatar
sohel2020
repo config not allowed to set 'workflow' key: server-side config needs 'allowed_overrides: [workflow]' · Issue #1743 · runatlantis/atlantis attachment image

atlantis version: 0.17.2 Helm chart: V3.14.0 (latest) /etc/atlantis/repos.yaml present inside container and having my config. Though ENV also there but have passed –repo-config=/etc/atlantis/repos…

jose.amengual avatar
jose.amengual

that is an invalid regex format

repo config not allowed to set 'workflow' key: server-side config needs 'allowed_overrides: [workflow]' · Issue #1743 · runatlantis/atlantis attachment image

atlantis version: 0.17.2 Helm chart: V3.14.0 (latest) /etc/atlantis/repos.yaml present inside container and having my config. Though ENV also there but have passed –repo-config=/etc/atlantis/repos…

jose.amengual avatar
jose.amengual

- id: [github.com/sohel2020/*](http://github.com/sohel2020/*) that is not valid

jose.amengual avatar
jose.amengual

- id: /github.com\/sohel2020\/.*/ maybe is what you want

jose.amengual avatar
jose.amengual

look at the issue comments

2021-08-06

2021-08-05

jack fenton avatar
jack fenton

hey guys, how do I get atlantis to point to nothing (i.e. plan to destroy everything) we use export TF_CLI_INIT_FROM_MODULE=git::<https://github.com/>....

with

source_up
use envrc
use terraform
use tfenv
jose.amengual avatar
jose.amengual

Atlantis runs terraform

hey guys, how do I get atlantis to point to nothing (i.e. plan to destroy everything) we use export TF_CLI_INIT_FROM_MODULE=git::<https://github.com/>....

with

source_up
use envrc
use terraform
use tfenv
jose.amengual avatar
jose.amengual

if you can do it with terraform then you can do it with atlantis

jose.amengual avatar
jose.amengual

you can run a custom command that calls a script

jack fenton avatar
jack fenton

yep, atlantis runs terraform, but what we want is a nice way to pull down infrastructure that atlantis created, through gitops ? thanks!

jose.amengual avatar
jose.amengual

again, Atlantis did not created it, terraform did so if you need to destroy for example you could have something like count = var.enabled == true ? 1 : 0 in all your resources and then you can set that variable to false and run apply and it will delete the resources

jose.amengual avatar
jose.amengual

instead of running destroy

jack fenton avatar
jack fenton

yeah, think i’ll need to add enabled to our component

jack fenton avatar
jack fenton

i’ve had to destroy it from terraform personally rather than use atlantis

jack fenton avatar
jack fenton

but would prefer if there was an easier way, thanks!

jose.amengual avatar
jose.amengual

you can run destroy in atlantis

jose.amengual avatar
jose.amengual

but you need a custom command

jack fenton avatar
jack fenton

atlantis plan -- -destroy seems to be getting parsed out by direnv or something

jack fenton avatar
jack fenton

but that’s our problem i think

jose.amengual avatar
jose.amengual

but the “safest” ( and more cloudposse) way will be to use count

jose.amengual avatar
jose.amengual

BUT when you do that then you need to add an index to all resource references

jack fenton avatar
jack fenton

plus it’s a bit of a weird way to run it, as you have to raise a PR in a strange way to get it

1
jack fenton avatar
jack fenton

yeah i’m going to just refactor the enabled bits into my component

jose.amengual avatar
jose.amengual

module.forwarder_rds_label[0].id for example

2021-08-02

2021-08-01

vFondevilla avatar
vFondevilla

Anyone having issues trying to run Atlantis github app with GitHub Enterprise 3.0.3? Having issues when Atlantis tries to write in the PR, GH is returning 401

Reinholds Zviedris avatar
Reinholds Zviedris

Looks like you’re missing some perms for Atlantis user.

Reinholds Zviedris avatar
Reinholds Zviedris

Or haven’t provided correct GH auth info to Atlantis.

Reinholds Zviedris avatar
Reinholds Zviedris

This could lead you to some idea what could be done: https://github.com/github/hub/issues/1067

hub complains "Unauthorized (HTTP 401)" and "Bad credentials" · Issue #1067 · github/hub attachment image

hub 2.2.2 on OS X complains &quot;Unauthorized (HTTP 401)&quot; and &quot;Bad credentials&quot; when I try to check out a pull request. I have not used hub before. My credentials work in curl and o…

vFondevilla avatar
vFondevilla

Finally figured it out, I forgot to remove the fake user configuration for the github app installation.

1
    keyboard_arrow_up