邢亜豪
05/01/2024, 3:30 AMErnesto Huizar
05/02/2024, 2:45 PMNelson W
05/02/2024, 3:41 PMplan
pulling in a malicious provider and executing something on the atlantis server?André Luís Soares
05/03/2024, 2:50 PMErnesto Huizar
05/03/2024, 3:06 PMatlantis force-unlock $ID
JT
05/03/2024, 5:23 PMChecking if workspace exists: stat /atlantis/repos/ORGNAME/REPONAME/PRNUMBER/default: no such file or directory
JT
05/03/2024, 5:25 PMvijay Rathna
05/05/2024, 3:15 PMPePe Amengual
05/05/2024, 4:42 PMEvey Eve
05/06/2024, 5:32 PMNelson W
05/06/2024, 9:14 PMatlantis
so I can have multiple servers apply distinct checks to a PR?oponomarov-tu
05/07/2024, 12:08 PMpre_workflow_hooks
are not picked up by Atlantis?
---
My little reproduction repo -- https://github.com/oponomarov-tu/terramate-atlantis/pull/1.
Key points:
• main.tf
is vanilla Terraform, the file is committed and it works (both during manual atlantis plan
and autodiscovery)
• stacks/example.tm.hcl
contains Terramate's code to generate gen_example.tf
files in two stacks: /stacks/stack-1
& /stacks/stack-2
• terramate generate
is successfully executed inside pre_workflow_hooks
thus generating Terraform /stacks/stack-1/gen_example.tf
& /stacks/stack-2/gen_example.tf
respectively, these files are NOT committed
• My server-side YAML config for Atlantis: https://github.com/oponomarov-tu/terramate-atlantis/blob/main/repos.yaml
• Environmental variables with which Atlantis is started: https://github.com/oponomarov-tu/terramate-atlantis/blob/main/.env.exampleNwokolo Bueze
05/07/2024, 10:42 PMSeth Floyd
05/08/2024, 1:17 PMCallum
05/08/2024, 1:21 PMZing
05/09/2024, 10:59 AMJT
05/09/2024, 3:12 PM$ docker pull <http://ghcr.io/runatlantis/atlantis:v0.27.3-debian|ghcr.io/runatlantis/atlantis:v0.27.3-debian>
Error response from daemon: Head "<https://ghcr.io/v2/runatlantis/atlantis/manifests/v0.27.3-debian>": denied: denied
Rohit Raut
05/09/2024, 3:28 PMTim Wisbauer
05/10/2024, 1:39 PMatlantis apply
it runs for every project with a plan whether the plan contains changes or not. This normally wouldn't be a problem, but we have some custom workflows that set up network connectivity before running terraform apply
so it can take a while.Dylan Page
05/12/2024, 12:38 AMVinicius Oliveira
05/13/2024, 9:04 PMasdfasdfasdfasdfsd asdfasdfsadf
05/14/2024, 1:09 AMrunning "/bin/terraform init -input=false -upgrade" in "/root/.atlantis/repos/.../dynamodb/audit": exit status 1
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding hashicorp/aws versions matching "5.40.0"...
- Installing hashicorp/aws v5.40.0...
╷
│ Error: Failed to install provider
│
│ Error while installing hashicorp/aws v5.40.0: open
│ /root/.atlantis/plugin-cache/registry.terraform.io/hashicorp/aws/5.40.0/linux_amd64/terraform-provider-aws_v5.40.0_x5:
│ text file busy
╵
is this a concurrency issue?
because it looks like two projects are init-ing the same providerAndré Luís Soares
05/14/2024, 1:05 PMRui
05/14/2024, 6:25 PMNelson W
05/15/2024, 4:28 PMRui
05/16/2024, 2:06 PMMathijs van Mourick
05/16/2024, 3:15 PMapply_requirements
for each individual workflow for a given repository from within the server side repo config?
Thank you!Matías Arranz García
05/17/2024, 8:26 AM{"level":"info","ts":"2024-05-17T08:12:00.320Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"iceye-ltd/analytics-deployment-configurations","pull-num":"209","src":"atlantis/plan","description":"1/1 projects planned successfully.","state":"success","url":""}}
{"level":"info","ts":"2024-05-17T08:12:00.675Z","caller":"events/plan_command_runner.go:289","msg":"Running policy check for command=\"plan\" verbose=false dir=\"\" workspace=\"\" project=\"\" policyset=\"\", clear-policy-approval=false, flags=\"\"","json":{"repo":"redacted","pull":"209"}}
{"level":"info","ts":"2024-05-17T08:12:00.675Z","caller":"events/policy_check_command_runner.go:42","msg":"no projects to run policy_check in","json":{"repo":"redacted","pull":"209"}}
{"level":"info","ts":"2024-05-17T08:12:00.675Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"redacted","pull-num":"209","src":"atlantis/policy_check","description":"0/0 projects policies checked successfully.","state":"success","url":""}}
atlantis.yaml
version: 3
parallel_plan: true
parallel_apply: true
projects:
- name: atlantis-test
branch: /.*/
dir: terraform/atlantis-test
autoplan:
when_modified: ["*.tf", "../modules/**/*.tf", ".terraform.lock.hcl"]
enabled: true
repo config
repos:
- id: /.*/
plan_requirements: [undiverged]
apply_requirements: [approved, mergeable, undiverged]
import_requirements: [approved, mergeable, undiverged]
policy_check: true
policies:
owners:
teams:
- iceye-ltd/analytics-infrastructure
policy_sets:
- name: policies
path: /home/atlantis/conftest/policies.rego
source: local
config
config: |
repo-allowlist: redacted
checkout-strategy: merge
enable-diff-markdown-format: true
hide-prev-plan-comments: true
autoplan-file-list: '**/*.tf,**/.terraform.lock.hcl'
autoplan-modules: true
parallel-apply: true
parallel-plan: true
var-file-allowlist: ""
silence-no-projects: true
Rui
05/17/2024, 6:30 PMSteve Wade
05/17/2024, 6:33 PM