#atlantis (2022-07)
| Discuss the Atlantis (<http://runatlantis.io | runatlantis.io>) |
**Archive: ** https://archive.sweetops.com/atlantis/
2022-07-03
is there an API spec someone for atlantis?
what endpoints are available to me?
no api on atlantis
2022-07-07
v0.19.5 What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1252642846” data-permission-text=”Title is private”…
v0.19.5 What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1252642846” data-permission-text=”Title is private”…
v0.19.5 Release
What's Changed
build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #2283
docs: fix security warning inconsistent formatting by @anakaiti in #2302
Further parse Gitlab MergeRequest Update events by @cucxabong in #1301
fix: Delete locks and workdirs with potentially stale previous plans which fixes 1624 by @giuli007 in #1704
[fix] Ignore commit checks for atlantis apply on Github by @chicocvenancio in #2311
test: update tests per command package refactoring by @chenrui333 in #2317
build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.5.0 by @dependabot in #2275
build(deps): bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.2 by @dependabot in #2321
docs: update streaming-logs by @alex-bezek in #2313
build(deps): bump github.com/xanzy/go-gitlab from 0.59.0 to 0.68.0 by @dependabot in #2319
fix: vcs-status-name hardcoded in PullIsMergeable function by @michelmzs in #2312
build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #2320
test: update null provider to support test run on m1 machine by @chenrui333 in #2318
deps: terraform 1.2.3, conftest 0.32.1 by @chenrui333 in #2328
Remove workaround for atlantis-data in entrypoint by @ysoldak in #2334
feat: stream output for custom workflows by @ascandella in #2261
trim whitespace from comments before parsing by @dominicbarnes in #2287
docs: update links for bitbucket-cloud create-an-app-password by @chenrui333 in #2340
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 by @dependabot in #2338
feat: Prometheus metrics support by @yoonsio in #2204
build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.5 by @dependabot in #2339
Revert "fix: Delete locks and workdirs with potentially stale previous plans which fixes 1624" by @jamengual in #2316
build(deps): bump github.com/uber-go/tally from 3.4.3+incompatible to 3.5.0+incompatible by @dependabot in #2303
links: update link for Specifying a Required Terraform Version by @chenrui333 in #2345
docs: Add allowed commands for workflow hooks by @gtirloni in #2331
feat: add execution order group by @tufitko in #2178
Update terragrunt workflow documentation by @ascandella in #2350
build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 by @dependabot in #2358
build(deps): bump github.com/xanzy/go-gitlab from 0.68.0 to 0.68.2 by @dependabot in #2356
deps: tf 1.2.4 by @chenrui333 in #2363
deps: upgrade github.com/docker/docker by @chenrui333 in #2366
fix(docker-compose): update docker-compose by @casperbiering in #2365
build(deps): bump github.com/microcosm-cc/bluemonday from 1.0.18 to 1.0.19 by @dependabot in #2357
workflows: build image in parallel by @waeltken in #2361
Add --var-file-allowlist in server configuration by @lilincmu in #2362
Add section for --var-file-allowlist in security doc by @lilincmu in #2369
Please give it a try and send us any feedback.
2022-07-08
v0.19.6 Summary Revert the docker image parallel build change What’s Changed Revert “workflows: build image in parallel” by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1299201419” data-permission-text=”Title is private”…
v0.19.6 Summary Revert the docker image parallel build change What’s Changed Revert “workflows: build image in parallel” by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1299201419” data-permission-text=”Title is private”…
v0.19.5 Use v0.19.6 due to an issue with the image parallelization. What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1252642846”…
Please use v0.19.6 Release since we had and issue with the muti Arch builds plus…..I screw up too….
2022-07-13
hi team, is it possible to add authorisation to the atlantis ui? i.e SSO/OIDC when using an application load balancer in aws?
i keep getting a 401 message
what url are you hitting ?
i’ve scrapped this for now.
will come back to it later
/events will always return a 401
because it needs a token
is all in the docs
i was going to /
not /events
that is the UI
the UI is /
and by default has pass auth
or maybe you enabled it
that too is on the docs
the UI doesn’t have password authentication by default.
sorry what I meant to say is that if you enable it you will get a 401
you can configure atlantis to start and enable webauth
hm, i’m kind of confused, can we forget okta/OIDC for a sec.
i have a new question here: https://sweetops.slack.com/archives/CDKPAK81Z/p1657753908374009
that is the only authentication Atlantis supports
would appreciate some help.
there is no commands, or log or anything, you need to give a lot more info
i can reach the ui via my ingress which was created via the helm chart.
run curl and post the output etc
but github, when pointed to the /events for the webhook, fails with a 404
but you have not say anything about your setup
ok, i’m using the helm chart, ingress enabled. ingress class is alb which is my aws load balancer controller.
aws, gcp, aure? ALB, nginx, K8s ?
etc etc etc
EKS, ALB, AWS
logs?
atlantis and alb ?
logs:
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:03.271Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:18.250Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:18.290Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:33.266Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:33.295Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
sorry but this kind of stuff are part of the how to get help 101 basic things you need to provide
that way you get more people interested
can you hit /events from aws?
or your computer?
yes i am using the alb
here are my values.
ingress:
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/target-type: 'ip'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/security-groups: sg-redacted, sg-redacted
alb.ingress.kubernetes.io/manage-backend-security-group-rules: "true"
enabled: true
host: atlantis-(( region )).(( environment )).redacted.net
ingressClassName: alb
loadEnvFromSecrets:
- atlantis-gh
i cannot reach /events from anywhere
if i exec into the atlantis pod, i can curl localhost:4141 just fine.
but curling localhost:4141/events fails with a 405
* Mark bundle as not supporting multiuse
< HTTP/1.1 405 Method Not Allowed
< Date: Wed, 13 Jul 2022 23:10:37 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
from my computer i get a 404 on /events
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 404
< server: awselb/2.0
< date: Wed, 13 Jul 2022 23:20:33 GMT
< content-type: text/plain; charset=utf-8
< content-length: 0
<
* Connection #0 to host atlantis-eu-west-1.dev.redacted.net left intact
from github i also get a 404 on /events
did you passed all the required atlantis values?
GH user, Token, make sure it has permissions in the org and all that?
what are the logs when atlantis starts?
logs from the beginning:
stern atlantis
+ atlantis-0 › atlantis
atlantis-0 atlantis {"level":"warn","ts":"2022-07-13T23:09:58.853Z","caller":"cmd/server.go:841","msg":"no GitHub webhook secret set. This could allow attackers to spoof requests from GitHub","json":{},"stacktrace":"github.com/runatlantis/atlantis/cmd.(*ServerCmd).securityWarnings\n\tgithub.com/runatlantis/atlantis/cmd/server.go:841\ngithub.com/runatlantis/atlantis/cmd.(*ServerCmd).run\n\tgithub.com/runatlantis/atlantis/cmd/server.go:621\ngithub.com/runatlantis/atlantis/cmd.(*ServerCmd).Init.func2\n\tgithub.com/runatlantis/atlantis/cmd/server.go:516\ngithub.com/runatlantis/atlantis/cmd.(*ServerCmd).withErrPrint.func1\n\tgithub.com/runatlantis/atlantis/cmd/server.go:918\ngithub.com/spf13/cobra.(*Command).execute\n\tgithub.com/spf13/[email protected]/command.go:650\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\tgithub.com/spf13/[email protected]/command.go:729\ngithub.com/spf13/cobra.(*Command).Execute\n\tgithub.com/spf13/[email protected]/command.go:688\ngithub.com/runatlantis/atlantis/cmd.Execute\n\tgithub.com/runatlantis/atlantis/cmd/root.go:30\nmain.main\n\tgithub.com/runatlantis/atlantis/main.go:49\nruntime.main\n\truntime/proc.go:255"}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:09:59.551Z","caller":"scheduled/executor_service.go:46","msg":"Scheduled Executor Service started","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:09:59.551Z","caller":"server/server.go:853","msg":"Atlantis started - listening on port 4141","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:10:11.869Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
@jose.amengual
"no GitHub webhook secret set. This could allow attackers to spoof requests from GitHub"
yes, i tried with a secret, and that error disappears but still 404 on /events.
atlantis docs say secret is optional too. obviously i will add it, once i can get it working, but i removed it just to narrow the cause down.
I will recommend you to run atlantis locally with the same settings you are using
you can use testdrive with ngrok and still use it from github
once you get it working and have all the startup options figured out then you change the chart values
I think you are missing some settings
like base urls etc
join the altlantis slack for more help too
do you have a link to the atlantis slack?
but before you ask the same question there try to run the config using testdrive and make sure it works there
@jose.amengual found the issue.
the alb ingress doesn’t create proper rules for the load balancer.
notice the Path is / meaning, nothing is accepted after the /
awesome, glad you found it
but I think the chart should create both
As part of the commitment we have with Atlantis as contributors we tried as much as we can to do not release breaking changes but when it comes down to security we think a breaking change is better than a security issue and because of this we want to bring awareness of a recent change that might affect a few users :
https://github.com/runatlantis/atlantis/pull/2375
If you have any questions, please let use know. Thanks.
v0.19.7-pre.20220713 What’s Changed deps(conftest): 0.32.1 -> 0.33.0 by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1296699449” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2367“…
2022-07-14
2022-07-19
v0.19.7 What’s Changed deps(conftest): 0.32.1 -> 0.33.0 by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1296699449” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2367“…
v0.19.7 Release
deps(conftest): 0.32.1 -> 0.33.0 by @chenrui333 in #2367
Add section for --var-file-allowlist in changelog by @lilincmu in #2375
Add permission to allow GET required_status_checks, linked to #2310 by @daconstenla in #2380
fix: Log streaming broken with TFE local execution mode by @casperbiering in #2364
Mag/reuse ngrok by @magmax in #2378
fix: Only highlight Terraform changes on GitHub by @pauloconnor in #2337
Revert "[fix] Ignore commit checks for atlantis apply on Github (#2311)" by @lilincmu in #2388
fix: use constant time comparison of webhook secret in gitlab event validator by @cedws in #2392
build(deps): bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 by @dependabot in #2382
CHANGED - update streaming-logs doc to mention terragrunt support by @tweeks-reify in #2395
Docs: Fix link to current helm chart by @megakid in #2393
release v0.19.7 by @jamengual in #2404
Please give it a try and send us any feedback.
2022-07-27
v0.19.8-pre.20220722 What’s Changed Fix helm chart url in website_link_check by @lilincmu in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1310208153” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2407“…
v0.19.8-pre.20220722 What’s Changed Fix helm chart url in website_link_check by @lilincmu in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1310208153” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2407“…
v0.19.8-pre.20220722
Fix helm chart url in website_link_check by @lilincmu in #2407
build(deps): bump github.com/bradleyfalzon/ghinstallation/v2 from 2.0.4 to 2.1.0 by @dependabot in #2401
build(deps): bump github.com/xanzy/go-gitlab from 0.68.2 to 0.69.0 by @dependabot in #2402
issue: add feature_request template by @chenrui333 in #2397
fix: repository cloning race condition (#2341) by @ribejara-te in #2348
fix: Update multienv_step_runner Env Var Parsing Logic (#2351) by @austinsherron in #2354
Add the /plan and /apply endpoints by @remilapeyre in #997