#atlantis (2022-07)

atlantis

Discuss the Atlantis (<http://runatlantis.iorunatlantis.io>)

**Archive: ** https://archive.sweetops.com/atlantis/

2022-07-03

Jurgen avatar

is there an API spec someone for atlantis?

Jurgen avatar

what endpoints are available to me?

jose.amengual avatar
jose.amengual

no api on atlantis

2022-07-07

Release notes from atlantis avatar
Release notes from atlantis
06:18:35 AM

v0.19.5 What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1252642846” data-permission-text=”Title is private”…

Release v0.19.5 · runatlantis/atlantisattachment image

What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #2283 docs: fix security warning inconsistent formatting by @anakaiti in #2302 Further parse Gitlab …

Dependabotattachment image

Automated dependency updates built into GitHub. Dependabot has 24 repositories available. Follow their code on GitHub.

Release notes from atlantis avatar
Release notes from atlantis
06:28:38 AM

v0.19.5 What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1252642846” data-permission-text=”Title is private”…

jose.amengual avatar
jose.amengual

v0.19.5 Release

What's Changed
build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #2283
docs: fix security warning inconsistent formatting by @anakaiti in #2302
Further parse Gitlab MergeRequest Update events by @cucxabong in #1301
fix: Delete locks and workdirs with potentially stale previous plans which fixes 1624 by @giuli007 in #1704
[fix] Ignore commit checks for atlantis apply on Github by @chicocvenancio in #2311
test: update tests per command package refactoring by @chenrui333 in #2317
build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.5.0 by @dependabot in #2275
build(deps): bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.2 by @dependabot in #2321
docs: update streaming-logs by @alex-bezek in #2313
build(deps): bump github.com/xanzy/go-gitlab from 0.59.0 to 0.68.0 by @dependabot in #2319
fix: vcs-status-name hardcoded in PullIsMergeable function by @michelmzs in #2312
build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #2320
test: update null provider to support test run on m1 machine by @chenrui333 in #2318
deps: terraform 1.2.3, conftest 0.32.1 by @chenrui333 in #2328
Remove workaround for atlantis-data in entrypoint by @ysoldak in #2334
feat: stream output for custom workflows by @ascandella in #2261
trim whitespace from comments before parsing by @dominicbarnes in #2287
docs: update links for bitbucket-cloud create-an-app-password by @chenrui333 in #2340
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 by @dependabot in #2338
feat: Prometheus metrics support by @yoonsio in #2204
build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.5 by @dependabot in #2339
Revert "fix: Delete locks and workdirs with potentially stale previous plans which fixes 1624" by @jamengual in #2316
build(deps): bump github.com/uber-go/tally from 3.4.3+incompatible to 3.5.0+incompatible by @dependabot in #2303
links: update link for Specifying a Required Terraform Version by @chenrui333 in #2345
docs: Add allowed commands for workflow hooks by @gtirloni in #2331
feat: add execution order group by @tufitko in #2178
Update terragrunt workflow documentation by @ascandella in #2350
build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 by @dependabot in #2358
build(deps): bump github.com/xanzy/go-gitlab from 0.68.0 to 0.68.2 by @dependabot in #2356
deps: tf 1.2.4 by @chenrui333 in #2363
deps: upgrade github.com/docker/docker by @chenrui333 in #2366
fix(docker-compose): update docker-compose by @casperbiering in #2365
build(deps): bump github.com/microcosm-cc/bluemonday from 1.0.18 to 1.0.19 by @dependabot in #2357
workflows: build image in parallel by @waeltken in #2361
Add --var-file-allowlist in server configuration by @lilincmu in #2362
Add section for --var-file-allowlist in security doc by @lilincmu in #2369

Please give it a try and send us any feedback.

2022-07-08

Release notes from atlantis avatar
Release notes from atlantis
04:38:37 PM

v0.19.6 Summary Revert the docker image parallel build change What’s Changed Revert “workflows: build image in parallel” by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1299201419” data-permission-text=”Title is private”…

Release v0.19.6 · runatlantis/atlantisattachment image

Revert the docker image parallel build change What’s Changed Revert “workflows: build image in parallel” by @chenrui333 in #2372 Full Changelog: v0.19.5…v0.19.6

chenrui333 - Overview

chenrui333 has 216 repositories available. Follow their code on GitHub.

Release notes from atlantis avatar
Release notes from atlantis
04:58:35 PM

v0.19.6 Summary Revert the docker image parallel build change What’s Changed Revert “workflows: build image in parallel” by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1299201419” data-permission-text=”Title is private”…

Release notes from atlantis avatar
Release notes from atlantis
05:08:36 PM

v0.19.5 Use v0.19.6 due to an issue with the image parallelization. What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1252642846”…

Release v0.19.5 · runatlantis/atlantisattachment image

Use v0.19.6 due to an issue with the image parallelization. What’s Changed build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #2283 docs: fix security warning inconsi…

Dependabotattachment image

Automated dependency updates built into GitHub. Dependabot has 24 repositories available. Follow their code on GitHub.

jose.amengual avatar
jose.amengual

Please use v0.19.6 Release since we had and issue with the muti Arch builds plus…..I screw up too….

2022-07-13

atlantisdude avatar
atlantisdude

hi team, is it possible to add authorisation to the atlantis ui? i.e SSO/OIDC when using an application load balancer in aws?

atlantisdude avatar
atlantisdude

i keep getting a 401 message

jose.amengual avatar
jose.amengual

what url are you hitting ?

atlantisdude avatar
atlantisdude

i’ve scrapped this for now.

atlantisdude avatar
atlantisdude

will come back to it later

jose.amengual avatar
jose.amengual

/events will always return a 401

jose.amengual avatar
jose.amengual

because it needs a token

jose.amengual avatar
jose.amengual

is all in the docs

atlantisdude avatar
atlantisdude

i was going to /

atlantisdude avatar
atlantisdude

not /events

jose.amengual avatar
jose.amengual

that is the UI

atlantisdude avatar
atlantisdude

the UI is /

jose.amengual avatar
jose.amengual

and by default has pass auth

jose.amengual avatar
jose.amengual

or maybe you enabled it

jose.amengual avatar
jose.amengual

that too is on the docs

atlantisdude avatar
atlantisdude

the UI doesn’t have password authentication by default.

jose.amengual avatar
jose.amengual

sorry what I meant to say is that if you enable it you will get a 401

jose.amengual avatar
jose.amengual

you can configure atlantis to start and enable webauth

atlantisdude avatar
atlantisdude

hm, i’m kind of confused, can we forget okta/OIDC for a sec.

atlantisdude avatar
atlantisdude

can anyone tell why i can reach the atlantis ui, but not the /events page? i get a 404 from the github webhook.

jose.amengual avatar
jose.amengual

that is the only authentication Atlantis supports

atlantisdude avatar
atlantisdude

would appreciate some help.

jose.amengual avatar
jose.amengual

there is no commands, or log or anything, you need to give a lot more info

atlantisdude avatar
atlantisdude

i can reach the ui via my ingress which was created via the helm chart.

jose.amengual avatar
jose.amengual

run curl and post the output etc

atlantisdude avatar
atlantisdude

but github, when pointed to the /events for the webhook, fails with a 404

jose.amengual avatar
jose.amengual

but you have not say anything about your setup

atlantisdude avatar
atlantisdude

ok, i’m using the helm chart, ingress enabled. ingress class is alb which is my aws load balancer controller.

jose.amengual avatar
jose.amengual

aws, gcp, aure? ALB, nginx, K8s ?

jose.amengual avatar
jose.amengual

etc etc etc

atlantisdude avatar
atlantisdude

EKS, ALB, AWS

jose.amengual avatar
jose.amengual

logs?

jose.amengual avatar
jose.amengual

atlantis and alb ?

atlantisdude avatar
atlantisdude

logs:

atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:03.271Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:18.250Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:18.290Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:33.266Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:16:33.295Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}
jose.amengual avatar
jose.amengual

sorry but this kind of stuff are part of the how to get help 101 basic things you need to provide

jose.amengual avatar
jose.amengual

that way you get more people interested

jose.amengual avatar
jose.amengual

can you hit /events from aws?

jose.amengual avatar
jose.amengual

or your computer?

atlantisdude avatar
atlantisdude

yes i am using the alb

here are my values.

ingress:
  annotations:
    alb.ingress.kubernetes.io/backend-protocol: HTTP
    alb.ingress.kubernetes.io/target-type: 'ip'
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/security-groups: sg-redacted, sg-redacted
    alb.ingress.kubernetes.io/manage-backend-security-group-rules: "true"
  enabled: true
  host: atlantis-(( region )).(( environment )).redacted.net
  ingressClassName: alb

loadEnvFromSecrets:
  - atlantis-gh
atlantisdude avatar
atlantisdude

i cannot reach /events from anywhere

atlantisdude avatar
atlantisdude

if i exec into the atlantis pod, i can curl localhost:4141 just fine.

but curling localhost:4141/events fails with a 405

* Mark bundle as not supporting multiuse
< HTTP/1.1 405 Method Not Allowed
< Date: Wed, 13 Jul 2022 23:10:37 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact 
atlantisdude avatar
atlantisdude

from my computer i get a 404 on /events

* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 404
< server: awselb/2.0
< date: Wed, 13 Jul 2022 23:20:33 GMT
< content-type: text/plain; charset=utf-8
< content-length: 0
<
* Connection #0 to host atlantis-eu-west-1.dev.redacted.net left intact
atlantisdude avatar
atlantisdude

from github i also get a 404 on /events

jose.amengual avatar
jose.amengual

did you passed all the required atlantis values?

jose.amengual avatar
jose.amengual

GH user, Token, make sure it has permissions in the org and all that?

jose.amengual avatar
jose.amengual

what are the logs when atlantis starts?

atlantisdude avatar
atlantisdude

logs from the beginning:

stern atlantis
+ atlantis-0 › atlantis
atlantis-0 atlantis {"level":"warn","ts":"2022-07-13T23:09:58.853Z","caller":"cmd/server.go:841","msg":"no GitHub webhook secret set. This could allow attackers to spoof requests from GitHub","json":{},"stacktrace":"github.com/runatlantis/atlantis/cmd.(*ServerCmd).securityWarnings\n\tgithub.com/runatlantis/atlantis/cmd/server.go:841\ngithub.com/runatlantis/atlantis/cmd.(*ServerCmd).run\n\tgithub.com/runatlantis/atlantis/cmd/server.go:621\ngithub.com/runatlantis/atlantis/cmd.(*ServerCmd).Init.func2\n\tgithub.com/runatlantis/atlantis/cmd/server.go:516\ngithub.com/runatlantis/atlantis/cmd.(*ServerCmd).withErrPrint.func1\n\tgithub.com/runatlantis/atlantis/cmd/server.go:918\ngithub.com/spf13/cobra.(*Command).execute\n\tgithub.com/spf13/[email protected]/command.go:650\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\tgithub.com/spf13/[email protected]/command.go:729\ngithub.com/spf13/cobra.(*Command).Execute\n\tgithub.com/spf13/[email protected]/command.go:688\ngithub.com/runatlantis/atlantis/cmd.Execute\n\tgithub.com/runatlantis/atlantis/cmd/root.go:30\nmain.main\n\tgithub.com/runatlantis/atlantis/main.go:49\nruntime.main\n\truntime/proc.go:255"}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:09:59.551Z","caller":"scheduled/executor_service.go:46","msg":"Scheduled Executor Service started","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:09:59.551Z","caller":"server/server.go:853","msg":"Atlantis started - listening on port 4141","json":{}}
atlantis-0 atlantis {"level":"info","ts":"2022-07-13T23:10:11.869Z","caller":"server/server.go:928","msg":"Apply Lock: {false 0001-01-01 00:00:00 +0000 UTC }","json":{}}

@jose.amengual

jose.amengual avatar
jose.amengual

"no GitHub webhook secret set. This could allow attackers to spoof requests from GitHub"

atlantisdude avatar
atlantisdude

yes, i tried with a secret, and that error disappears but still 404 on /events.

atlantisdude avatar
atlantisdude

atlantis docs say secret is optional too. obviously i will add it, once i can get it working, but i removed it just to narrow the cause down.

jose.amengual avatar
jose.amengual

I will recommend you to run atlantis locally with the same settings you are using

jose.amengual avatar
jose.amengual

you can use testdrive with ngrok and still use it from github

jose.amengual avatar
jose.amengual

once you get it working and have all the startup options figured out then you change the chart values

jose.amengual avatar
jose.amengual

I think you are missing some settings

jose.amengual avatar
jose.amengual

like base urls etc

jose.amengual avatar
jose.amengual

join the altlantis slack for more help too

atlantisdude avatar
atlantisdude

do you have a link to the atlantis slack?

jose.amengual avatar
jose.amengual

but before you ask the same question there try to run the config using testdrive and make sure it works there

atlantisdude avatar
atlantisdude

@jose.amengual found the issue.

the alb ingress doesn’t create proper rules for the load balancer.

notice the Path is / meaning, nothing is accepted after the /

jose.amengual avatar
jose.amengual

awesome, glad you found it

jose.amengual avatar
jose.amengual

but I think the chart should create both

atlantisdude avatar
atlantisdude
attachment image

latest 4.0.5 chart.

ingress:
  annotations:
    alb.ingress.kubernetes.io/backend-protocol: HTTP
    alb.ingress.kubernetes.io/target-type: 'ip'
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/security-groups: sg-redacted, sg-redacted
    alb.ingress.kubernetes.io/manage-backend-security-group-rules: "true"
  enabled: true
  host: atlantis.dev.com #redacted real value
  ingressClassName: alb

Using the above values in my values.yaml results in only the [atlantis.dev.com/](http://atlantis.dev.com/) path being resolved by the alb. [atlantis.dev.com/events](http://atlantis.dev.com/events) and [atlantis.dev.com/status](http://atlantis.dev.com/status) all fail with 404 not found.

see below image of the resulting alb listener rule in aws when using the above values.

image

Instead i had to add the below values in addition to get it to forward all paths after the slash.

ingress:
  path: /*
  pathType: ImplementationSpecific

the alb ingressClassName is referring to my deployment of the aws load balancer controller chart version 1.4.1

jose.amengual avatar
jose.amengual

As part of the commitment we have with Atlantis as contributors we tried as much as we can to do not release breaking changes but when it comes down to security we think a breaking change is better than a security issue and because of this we want to bring awareness of a recent change that might affect a few users :

https://github.com/runatlantis/atlantis/pull/2375

If you have any questions, please let use know. Thanks.

Add changelog section as a follow-up of #2362

Release notes from atlantis avatar
Release notes from atlantis
12:28:32 AM

v0.19.7-pre.20220713 What’s Changed deps(conftest): 0.32.1 -> 0.33.0 by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1296699449” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2367“…

Release v0.19.7-pre.20220713 · runatlantis/atlantisattachment image

What’s Changed deps(conftest): 0.32.1 -> 0.33.0 by @chenrui333 in #2367 Add section for –var-file-allowlist in changelog by @lilincmu in #2375 Add permission to allow GET required_status_checks, …

deps(conftest): 0.32.1 -> 0.33.0 by chenrui333 · Pull Request #2367 · runatlantis/atlantis

Terraform Pull Request Automation. Contribute to runatlantis/atlantis development by creating an account on GitHub.

2022-07-14

2022-07-19

Release notes from atlantis avatar
Release notes from atlantis
11:48:35 PM

v0.19.7 What’s Changed deps(conftest): 0.32.1 -> 0.33.0 by @chenrui333 in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1296699449” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2367“…

deps(conftest): 0.32.1 -> 0.33.0 by chenrui333 · Pull Request #2367 · runatlantis/atlantis

Terraform Pull Request Automation. Contribute to runatlantis/atlantis development by creating an account on GitHub.

jose.amengual avatar
jose.amengual

v0.19.7 Release

deps(conftest): 0.32.1 -> 0.33.0 by @chenrui333 in #2367
Add section for --var-file-allowlist in changelog by @lilincmu in #2375
Add permission to allow GET required_status_checks, linked to #2310 by @daconstenla in #2380
fix: Log streaming broken with TFE local execution mode by @casperbiering in #2364
Mag/reuse ngrok by @magmax in #2378
fix: Only highlight Terraform changes on GitHub by @pauloconnor in #2337
Revert "[fix] Ignore commit checks for atlantis apply on Github (#2311)" by @lilincmu in #2388
fix: use constant time comparison of webhook secret in gitlab event validator by @cedws in #2392
build(deps): bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 by @dependabot in #2382
CHANGED - update streaming-logs doc to mention terragrunt support by @tweeks-reify in #2395
Docs: Fix link to current helm chart by @megakid in #2393
release v0.19.7 by @jamengual in #2404

Please give it a try and send us any feedback.

2022-07-27

Release notes from atlantis avatar
Release notes from atlantis
06:58:33 PM

v0.19.8-pre.20220722 What’s Changed Fix helm chart url in website_link_check by @lilincmu in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1310208153” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2407“…

lilincmu - Overview

lilincmu has 7 repositories available. Follow their code on GitHub.

Release notes from atlantis avatar
Release notes from atlantis
07:18:35 PM

v0.19.8-pre.20220722 What’s Changed Fix helm chart url in website_link_check by @lilincmu in <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1310208153” data-permission-text=”Title is private” data-url=”https://github.com/runatlantis/atlantis/issues/2407“…

jose.amengual avatar
jose.amengual

v0.19.8-pre.20220722

Fix helm chart url in website_link_check by @lilincmu in #2407
build(deps): bump github.com/bradleyfalzon/ghinstallation/v2 from 2.0.4 to 2.1.0 by @dependabot in #2401
build(deps): bump github.com/xanzy/go-gitlab from 0.68.2 to 0.69.0 by @dependabot in #2402
issue: add feature_request template by @chenrui333 in #2397
fix: repository cloning race condition (#2341) by @ribejara-te in #2348
fix: Update multienv_step_runner Env Var Parsing Logic (#2351) by @austinsherron in #2354
Add the /plan and /apply endpoints by @remilapeyre in #997
1
    keyboard_arrow_up