From 74fb028fdef294b304fa67927db9afbf81886895 Mon Sep 17 00:00:00 2001 From: aknysh Date: Mon, 20 Jan 2025 22:48:45 -0500 Subject: [PATCH 01/19] updates --- examples/quick-start-advanced/Dockerfile | 2 +- website/docs/integrations/atlantis.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/quick-start-advanced/Dockerfile b/examples/quick-start-advanced/Dockerfile index 9da10491f0..2deda2d686 100644 --- a/examples/quick-start-advanced/Dockerfile +++ b/examples/quick-start-advanced/Dockerfile @@ -6,7 +6,7 @@ ARG GEODESIC_OS=debian # https://atmos.tools/ # https://github.com/cloudposse/atmos # https://github.com/cloudposse/atmos/releases -ARG ATMOS_VERSION=1.153.0 +ARG ATMOS_VERSION=1.154.0 # Terraform: https://github.com/hashicorp/terraform/releases ARG TF_VERSION=1.5.7 diff --git a/website/docs/integrations/atlantis.mdx b/website/docs/integrations/atlantis.mdx index 87df503676..39b2c5f676 100644 --- a/website/docs/integrations/atlantis.mdx +++ b/website/docs/integrations/atlantis.mdx @@ -673,7 +673,7 @@ on: branches: [ main ] env: - ATMOS_VERSION: 1.153.0 + ATMOS_VERSION: 1.154.0 ATMOS_CLI_CONFIG_PATH: ./ jobs: From 17baa9896363331e2088e0d54bcd7646921c5d82 Mon Sep 17 00:00:00 2001 From: aknysh Date: Tue, 21 Jan 2025 17:29:02 -0500 Subject: [PATCH 02/19] updates --- atmos.yaml | 2 +- .../complete/stacks/orgs/cp/_defaults.yaml | 56 +++++++++---------- .../orgs/cp/tenant1/prod/us-east-2.yaml | 6 +- 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/atmos.yaml b/atmos.yaml index 5b115043b4..08f5fe2f7c 100644 --- a/atmos.yaml +++ b/atmos.yaml @@ -15,7 +15,7 @@ # are independent settings (supporting both absolute and relative paths). # If 'base_path' is provided, 'components.terraform.base_path', 'components.helmfile.base_path', 'stacks.base_path' and 'workflows.base_path' # are considered paths relative to 'base_path'. -base_path: "" +base_path: "./tests/fixtures/scenarios/complete" vendor: # Path to vendor configuration file or directory containing vendor files diff --git a/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml b/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml index e432023a0a..ad996d4d5e 100644 --- a/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml +++ b/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml @@ -56,34 +56,34 @@ terraform: s3: role_arn: "arn:aws:iam::123456789012:role/cp-gbl-root-terraform" - providers: - context: - enabled: true - delimiter: "-" - properties: - namespace: - required: true - min_length: 2 - max_length: 4 - tenant: - required: true - min_length: 2 - max_length: 10 - environment: - required: true - min_length: 2 - max_length: 6 - stage: - required: true - min_length: 2 - max_length: 20 - values: - namespace: "{{ .vars.namespace }}" - tenant: "{{ .vars.tenant }}" - environment: "{{ .vars.environment }}" - stage: "{{ .vars.stage }}" - atmos_component: "{{ .atmos_component }}" - atmos_stack: "{{ .atmos_stack }}" +# providers: +# context: +# enabled: true +# delimiter: "-" +# properties: +# namespace: +# required: true +# min_length: 2 +# max_length: 4 +# tenant: +# required: true +# min_length: 2 +# max_length: 10 +# environment: +# required: true +# min_length: 2 +# max_length: 6 +# stage: +# required: true +# min_length: 2 +# max_length: 20 +# values: +# namespace: "{{ .vars.namespace }}" +# tenant: "{{ .vars.tenant }}" +# environment: "{{ .vars.environment }}" +# stage: "{{ .vars.stage }}" +# atmos_component: "{{ .atmos_component }}" +# atmos_stack: "{{ .atmos_stack }}" helmfile: vars: {} diff --git a/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml b/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml index d9723201bd..bfa115065d 100644 --- a/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml +++ b/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml @@ -15,9 +15,9 @@ import: - catalog/terraform/spacelift/infrastructure-tenant1 # Configurations to test `atmos.Component` template function - # - catalog/terraform/template-functions-test/defaults - # - catalog/terraform/template-functions-test2/defaults - # - catalog/terraform/template-functions-test3/defaults + - catalog/terraform/template-functions-test/defaults + - catalog/terraform/template-functions-test2/defaults + - catalog/terraform/template-functions-test3/defaults components: terraform: From e2fc4fddb5b18eb0fd553874ddf73a175a6338a9 Mon Sep 17 00:00:00 2001 From: aknysh Date: Thu, 23 Jan 2025 22:48:23 -0500 Subject: [PATCH 03/19] updates --- cmd/cmd_utils.go | 2 +- internal/exec/helmfile.go | 10 +++++++++- internal/exec/terraform.go | 10 +++++++++- internal/exec/utils.go | 1 - 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/cmd/cmd_utils.go b/cmd/cmd_utils.go index 66a989d3b7..79d3f242a9 100644 --- a/cmd/cmd_utils.go +++ b/cmd/cmd_utils.go @@ -587,7 +587,7 @@ func showUsageAndExit(cmd *cobra.Command, args []string) { os.Exit(1) } -// getConfigAndStacksInfo gets the +// getConfigAndStacksInfo processes the CLI config and stacks func getConfigAndStacksInfo(commandName string, cmd *cobra.Command, args []string) schema.ConfigAndStacksInfo { // Check Atmos configuration checkAtmosConfig() diff --git a/internal/exec/helmfile.go b/internal/exec/helmfile.go index ed5c9668a5..9c80e82cc7 100644 --- a/internal/exec/helmfile.go +++ b/internal/exec/helmfile.go @@ -93,7 +93,15 @@ func ExecuteHelmfile(info schema.ConfigAndStacksInfo) error { } // Check if component 'settings.validation' section is specified and validate the component - valid, err := ValidateComponent(atmosConfig, info.ComponentFromArg, info.ComponentSection, "", "", nil, 0) + valid, err := ValidateComponent( + atmosConfig, + info.ComponentFromArg, + info.ComponentSection, + "", + "", + nil, + 0, + ) if err != nil { return err } diff --git a/internal/exec/terraform.go b/internal/exec/terraform.go index ea712c1f29..a43dc94dfb 100644 --- a/internal/exec/terraform.go +++ b/internal/exec/terraform.go @@ -227,7 +227,15 @@ func ExecuteTerraform(info schema.ConfigAndStacksInfo) error { } // Check if component 'settings.validation' section is specified and validate the component - valid, err := ValidateComponent(atmosConfig, info.ComponentFromArg, info.ComponentSection, "", "", nil, 0) + valid, err := ValidateComponent( + atmosConfig, + info.ComponentFromArg, + info.ComponentSection, + "", + "", + nil, + 0, + ) if err != nil { return err } diff --git a/internal/exec/utils.go b/internal/exec/utils.go index 6436a6633f..faf42d1080 100644 --- a/internal/exec/utils.go +++ b/internal/exec/utils.go @@ -1127,7 +1127,6 @@ func processArgsAndFlags( // generateComponentBackendConfig generates backend config for components func generateComponentBackendConfig(backendType string, backendConfig map[string]any, terraformWorkspace string) (map[string]any, error) { - // Generate backend config file for Terraform Cloud // https://developer.hashicorp.com/terraform/cli/cloud/settings if backendType == "cloud" { From ce07fd238b7fe306d0e5166cc0688b63b8fe1dfe Mon Sep 17 00:00:00 2001 From: aknysh Date: Fri, 24 Jan 2025 01:40:35 -0500 Subject: [PATCH 04/19] updates --- cmd/terraform.go | 3 ++- go.mod | 24 ++++++++--------- go.sum | 55 +++++++++++++++++++------------------- internal/exec/terraform.go | 19 ++++++++++++- internal/exec/utils.go | 37 +++++++++++++++++++++++++ pkg/config/const.go | 2 ++ 6 files changed, 99 insertions(+), 41 deletions(-) diff --git a/cmd/terraform.go b/cmd/terraform.go index 452956b8c7..d190d426ab 100644 --- a/cmd/terraform.go +++ b/cmd/terraform.go @@ -1,10 +1,11 @@ package cmd import ( + "github.com/spf13/cobra" + e "github.com/cloudposse/atmos/internal/exec" "github.com/cloudposse/atmos/pkg/hooks" u "github.com/cloudposse/atmos/pkg/utils" - "github.com/spf13/cobra" ) type contextKey string diff --git a/go.mod b/go.mod index a1527e94e5..60d7465431 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/editorconfig-checker/editorconfig-checker/v3 v3.1.2 github.com/elewis787/boa v0.1.2 github.com/fatih/color v1.18.0 - github.com/go-git/go-git/v5 v5.13.1 + github.com/go-git/go-git/v5 v5.13.2 github.com/gofrs/flock v0.12.1 github.com/google/go-containerregistry v0.20.3 github.com/google/go-github/v59 v59.0.0 @@ -31,9 +31,9 @@ require ( github.com/hashicorp/hcl v1.0.0 github.com/hashicorp/hcl/v2 v2.23.0 github.com/hashicorp/terraform-config-inspect v0.0.0-20241129133400-c404f8227ea6 - github.com/hashicorp/terraform-exec v0.21.0 + github.com/hashicorp/terraform-exec v0.22.0 github.com/hexops/gotextdiff v1.0.3 - github.com/jfrog/jfrog-client-go v1.49.0 + github.com/jfrog/jfrog-client-go v1.49.1 github.com/json-iterator/go v1.1.12 github.com/jwalton/go-supportscolor v1.2.0 github.com/kubescape/go-git-url v0.0.30 @@ -43,7 +43,7 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 github.com/mitchellh/mapstructure v1.5.0 github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a - github.com/open-policy-agent/opa v1.0.0 + github.com/open-policy-agent/opa v1.0.1 github.com/otiai10/copy v1.14.1 github.com/pkg/errors v0.9.1 github.com/samber/lo v1.47.0 @@ -53,7 +53,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.10.0 - github.com/zclconf/go-cty v1.16.1 + github.com/zclconf/go-cty v1.16.2 golang.org/x/oauth2 v0.25.0 golang.org/x/term v0.28.0 gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 @@ -73,7 +73,7 @@ require ( github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/ProtonMail/go-crypto v1.1.3 // indirect + github.com/ProtonMail/go-crypto v1.1.5 // indirect github.com/Shopify/ejson v1.3.3 // indirect github.com/a8m/envsubst v1.4.2 // indirect github.com/agext/levenshtein v1.2.2 // indirect @@ -146,7 +146,7 @@ require ( github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.6.1 // indirect + github.com/go-git/go-billy/v5 v5.6.2 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -175,11 +175,11 @@ require ( github.com/hashicorp/consul/api v1.28.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-hclog v1.5.0 // indirect + github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.4.4 // indirect - github.com/hashicorp/go-retryablehttp v0.7.1 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect @@ -187,10 +187,10 @@ require ( github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.2 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/serf v0.10.1 // indirect - github.com/hashicorp/terraform-json v0.22.1 // indirect + github.com/hashicorp/terraform-json v0.24.0 // indirect github.com/hashicorp/vault/api v1.6.0 // indirect github.com/hashicorp/vault/sdk v0.5.0 // indirect github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect @@ -234,7 +234,7 @@ require ( github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect github.com/pierrec/lz4/v4 v4.1.21 // indirect - github.com/pjbgf/sha1cd v0.3.0 // indirect + github.com/pjbgf/sha1cd v0.3.2 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect diff --git a/go.sum b/go.sum index 02b3dcf375..96dc580fc8 100644 --- a/go.sum +++ b/go.sum @@ -676,8 +676,8 @@ github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= -github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4= +github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/Shopify/ejson v1.3.3 h1:dPzgmvFhUPTJIzwdF5DaqbwW1dWaoR8ADKRdSTy6Mss= github.com/Shopify/ejson v1.3.3/go.mod h1:VZMUtDzvBW/PAXRUF5fzp1ffb1ucT8MztrZXXLYZurw= github.com/a8m/envsubst v1.4.2 h1:4yWIHXOLEJHQEFd4UjrWDrYeYlV7ncFWJOCBRLOZHQg= @@ -966,8 +966,8 @@ github.com/editorconfig-checker/editorconfig-checker/v3 v3.1.2 h1:yQK/tIKH0x3082 github.com/editorconfig-checker/editorconfig-checker/v3 v3.1.2/go.mod h1:pyykRV3+SalXDuX1fAN7e5THne4+asZu/FhP5dXiWSo= github.com/editorconfig/editorconfig-core-go/v2 v2.6.2 h1:dKG8sc7n321deIVRcQtwlMNoBEra7j0qQ8RwxO8RN0w= github.com/editorconfig/editorconfig-core-go/v2 v2.6.2/go.mod h1:7dvD3GCm7eBw53xZ/lsiq72LqobdMg3ITbMBxnmJmqY= -github.com/elazarl/goproxy v1.2.3 h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ= -github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= +github.com/elazarl/goproxy v1.4.0 h1:4GyuSbFa+s26+3rmYNSuUVsx+HgPrV1bk1jXI0l9wjM= +github.com/elazarl/goproxy v1.4.0/go.mod h1:X/5W/t+gzDyLfHW4DrMdpjqYjpXsURlBt9lpBDxZZZQ= github.com/elewis787/boa v0.1.2 h1:xNKWJ9X2MWbLSLLOA31N4l1Jdec9FZSkbTvXy3C8rw4= github.com/elewis787/boa v0.1.2/go.mod h1:EFDKuz/bYgQAKJQBnfHmB9i+bBzsaZJyyoSmOz6eBZI= github.com/elliotchance/orderedmap v1.7.1 h1:8SR2DB391dw0HVI9572ElrY+KU0Q89OCXYwWZx7aAZc= @@ -1039,12 +1039,12 @@ github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2H github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.6.1 h1:u+dcrgaguSSkbjzHwelEjc0Yj300NUevrrPphk/SoRA= -github.com/go-git/go-billy/v5 v5.6.1/go.mod h1:0AsLr1z2+Uksi4NlElmMblP5rPcDZNRCD8ujZCRR2BE= +github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= +github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.13.1 h1:DAQ9APonnlvSWpvolXWIuV6Q6zXy2wHbN4cVlNR5Q+M= -github.com/go-git/go-git/v5 v5.13.1/go.mod h1:qryJB4cSBoq3FRoBRf5A77joojuBcmPJ0qu3XXXVixc= +github.com/go-git/go-git/v5 v5.13.2 h1:7O7xvsK7K+rZPKW6AQR1YyNhfywkv7B8/FsP3ki6Zv0= +github.com/go-git/go-git/v5 v5.13.2/go.mod h1:hWdW5P4YZRjmpGHwRH2v3zkWcNl6HeXaXQEMGb3NJ9A= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -1283,8 +1283,8 @@ github.com/hashicorp/go-getter v1.7.8/go.mod h1:2c6CboOEb9jG6YvmC9xdD+tyAFsrUaJP github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= -github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= @@ -1301,8 +1301,8 @@ github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7 github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= -github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= @@ -1329,14 +1329,15 @@ github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hc-install v0.6.4 h1:QLqlM56/+SIIGvGcfFiwMY3z5WGXT066suo/v9Km8e0= -github.com/hashicorp/hc-install v0.6.4/go.mod h1:05LWLy8TD842OtgcfBbOT0WMoInBMUSHjmDx10zuBIA= +github.com/hashicorp/hc-install v0.9.1 h1:gkqTfE3vVbafGQo6VZXcy2v5yoz2bE0+nhZXruCuODQ= +github.com/hashicorp/hc-install v0.9.1/go.mod h1:pWWvN/IrfeBK4XPeXXYkL6EjMufHkCK5DvwxeLKuBf0= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= @@ -1349,10 +1350,10 @@ github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hashicorp/terraform-config-inspect v0.0.0-20241129133400-c404f8227ea6 h1:146llE+6P/9YO8RcHRehzGNiS9+OoirKW9/aML6/JIA= github.com/hashicorp/terraform-config-inspect v0.0.0-20241129133400-c404f8227ea6/go.mod h1:Gz/z9Hbn+4KSp8A2FBtNszfLSdT2Tn/uAKGuVqqWmDI= -github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= -github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= -github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= -github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= +github.com/hashicorp/terraform-exec v0.22.0 h1:G5+4Sz6jYZfRYUCg6eQgDsqTzkNXV+fP8l+uRmZHj64= +github.com/hashicorp/terraform-exec v0.22.0/go.mod h1:bjVbsncaeh8jVdhttWYZuBGj21FcYw6Ia/XfHcNO7lQ= +github.com/hashicorp/terraform-json v0.24.0 h1:rUiyF+x1kYawXeRth6fKFm/MdfBS6+lW4NbeATsYz8Q= +github.com/hashicorp/terraform-json v0.24.0/go.mod h1:Nfj5ubo9xbu9uiAoZVBsNOjvNKB66Oyrvtit74kC7ow= github.com/hashicorp/vault/api v1.6.0 h1:B8UUYod1y1OoiGHq9GtpiqSnGOUEWHaA26AY8RQEDY4= github.com/hashicorp/vault/api v1.6.0/go.mod h1:h1K70EO2DgnBaTz5IsL6D5ERsNt5Pce93ueVS2+t0Xc= github.com/hashicorp/vault/sdk v0.5.0 h1:EED7p0OCU3OY5SAqJwSANofY1YKMytm+jDHDQ2EzGVQ= @@ -1416,8 +1417,8 @@ github.com/jfrog/build-info-go v1.10.8 h1:8D4wtvKzLS1hzfDWtfH4OliZLtLCgL62tXCnGW github.com/jfrog/build-info-go v1.10.8/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE= github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s= github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4= -github.com/jfrog/jfrog-client-go v1.49.0 h1:NaTK6+LQBEJafL//6ntnS/eVx1dZMJnxydALwWHKORQ= -github.com/jfrog/jfrog-client-go v1.49.0/go.mod h1:ohIfKpMBCQsE9kunrKQ1wvoExpqsPLaluRFO186B5EM= +github.com/jfrog/jfrog-client-go v1.49.1 h1:AdJ+x+BSka3pCVDu6MCEvojwOmXvy1Q5S0dILvpfoDw= +github.com/jfrog/jfrog-client-go v1.49.1/go.mod h1:ohIfKpMBCQsE9kunrKQ1wvoExpqsPLaluRFO186B5EM= github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= @@ -1599,8 +1600,8 @@ github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= -github.com/open-policy-agent/opa v1.0.0 h1:fZsEwxg1knpPvUn0YDJuJZBcbVg4G3zKpWa3+CnYK+I= -github.com/open-policy-agent/opa v1.0.0/go.mod h1:+JyoH12I0+zqyC1iX7a2tmoQlipwAEGvOhVJMhmy+rM= +github.com/open-policy-agent/opa v1.0.1 h1:+8F6HSx78bY6x2Eq6m1DKM41W0QKm9k47NG0yCqfDxI= +github.com/open-policy-agent/opa v1.0.1/go.mod h1:+JyoH12I0+zqyC1iX7a2tmoQlipwAEGvOhVJMhmy+rM= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -1623,8 +1624,8 @@ github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ= github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= +github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -1813,8 +1814,8 @@ github.com/yuin/goldmark-emoji v1.0.3 h1:aLRkLHOuBR2czCY4R8olwMjID+tENfhyFDMCRhb github.com/yuin/goldmark-emoji v1.0.3/go.mod h1:tTkZEbwu5wkPmgTcitqddVxY9osFZiavD+r4AzQrh1U= github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= -github.com/zclconf/go-cty v1.16.1 h1:a5TZEPzBFFR53udlIKApXzj8JIF4ZNQ6abH79z5R1S0= -github.com/zclconf/go-cty v1.16.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.16.2 h1:LAJSwc3v81IRBZyUVQDUdZ7hs3SYs9jv0eZJDWHD/70= +github.com/zclconf/go-cty v1.16.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= github.com/zealic/xignore v0.3.3 h1:EpLXUgZY/JEzFkTc+Y/VYypzXtNz+MSOMVCGW5Q4CKQ= diff --git a/internal/exec/terraform.go b/internal/exec/terraform.go index a43dc94dfb..395620d1b0 100644 --- a/internal/exec/terraform.go +++ b/internal/exec/terraform.go @@ -181,7 +181,6 @@ func ExecuteTerraform(info schema.ConfigAndStacksInfo) error { // Don't process variables when executing `terraform workspace` commands if info.SubCommand != "workspace" { u.LogDebug(atmosConfig, fmt.Sprintf("\nVariables for the component '%s' in the stack '%s':", info.ComponentFromArg, info.Stack)) - if atmosConfig.Logs.Level == u.LogLevelTrace || atmosConfig.Logs.Level == u.LogLevelDebug { err = u.PrintAsYAMLToFileDescriptor(atmosConfig, info.ComponentVarsSection) if err != nil { @@ -219,6 +218,24 @@ func ExecuteTerraform(info schema.ConfigAndStacksInfo) error { } } } + + /* + Variables provided on the command line + Terraform processes variables in the following order of precedence (from highest to lowest): + - Explicit -var flags: these have the highest priority and will override any other variable values, including those in --var-file + - Variables in --var-file: values in a variable file specified with --var-file override default values set in the Terraform configuration + - Environment variables: variables set as environment variables using the TF_VAR_ prefix + - Default values in the configuration file: these have the lowest priority + */ + if cliVars, ok := info.ComponentSection[cfg.CliVarsSectionName].(map[string]string); ok && len(cliVars) > 0 { + u.LogDebug(atmosConfig, "\nCLI variables (will override the variables defined in the stack manifests):") + if atmosConfig.Logs.Level == u.LogLevelTrace || atmosConfig.Logs.Level == u.LogLevelDebug { + err = u.PrintAsYAMLToFileDescriptor(atmosConfig, cliVars) + if err != nil { + return err + } + } + } } // Handle `terraform varfile` and `terraform write varfile` legacy commands diff --git a/internal/exec/utils.go b/internal/exec/utils.go index faf42d1080..411212e4bd 100644 --- a/internal/exec/utils.go +++ b/internal/exec/utils.go @@ -666,6 +666,16 @@ func ProcessStacks( configAndStacksInfo.ComponentSection["component_info"] = componentInfo + // Add command-line arguments and vars to the component section + // It will allow using them when validating with OPA policies or JSON Schema + configAndStacksInfo.ComponentSection[cfg.CliArgsSectionName] = configAndStacksInfo.AdditionalArgsAndFlags + + cliVars, err := getCliVars(configAndStacksInfo.AdditionalArgsAndFlags) + if err != nil { + return configAndStacksInfo, err + } + configAndStacksInfo.ComponentSection[cfg.CliVarsSectionName] = cliVars + return configAndStacksInfo, nil } @@ -1200,3 +1210,30 @@ func FindComponentDependencies(currentStack string, sources schema.ConfigSources sort.Strings(uniqueAll) return unique, uniqueAll, nil } + +// getCliVars returns a map of variables provided on the command-line +func getCliVars(args []string) (map[string]string, error) { + for i, arg := range args { + if arg == "-var" { + args[i] = "--var" + } + } + + flagSet := pflag.NewFlagSet("cliVars", pflag.ContinueOnError) + vars := flagSet.StringSlice("var", nil, "") + + err := flagSet.Parse(args) + if err != nil { + return nil, err + } + + varMap := make(map[string]string) + for _, v := range *vars { + parts := strings.SplitN(v, "=", 2) + if len(parts) == 2 { + varMap[parts[0]] = parts[1] + } + } + + return varMap, nil +} diff --git a/pkg/config/const.go b/pkg/config/const.go index 54b24e9839..fef5d7d149 100644 --- a/pkg/config/const.go +++ b/pkg/config/const.go @@ -62,6 +62,8 @@ const ( InheritanceSectionName = "inheritance" IntegrationsSectionName = "integrations" GithubSectionName = "github" + CliVarsSectionName = "cli_vars" + CliArgsSectionName = "cli_args" LogsLevelFlag = "--logs-level" LogsFileFlag = "--logs-file" From ed2dfee2a4e3aaefd74185ede73a425420a7a49c Mon Sep 17 00:00:00 2001 From: aknysh Date: Fri, 24 Jan 2025 09:01:10 -0500 Subject: [PATCH 05/19] updates --- internal/exec/terraform.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/exec/terraform.go b/internal/exec/terraform.go index 395620d1b0..5b135ce613 100644 --- a/internal/exec/terraform.go +++ b/internal/exec/terraform.go @@ -221,6 +221,7 @@ func ExecuteTerraform(info schema.ConfigAndStacksInfo) error { /* Variables provided on the command line + https://developer.hashicorp.com/terraform/language/values/variables#variables-on-the-command-line Terraform processes variables in the following order of precedence (from highest to lowest): - Explicit -var flags: these have the highest priority and will override any other variable values, including those in --var-file - Variables in --var-file: values in a variable file specified with --var-file override default values set in the Terraform configuration From 20bc095591709ba62b77249122910e27889c6f40 Mon Sep 17 00:00:00 2001 From: aknysh Date: Fri, 24 Jan 2025 11:05:50 -0500 Subject: [PATCH 06/19] updates --- internal/exec/utils.go | 59 +++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/internal/exec/utils.go b/internal/exec/utils.go index 411212e4bd..9c6f42679f 100644 --- a/internal/exec/utils.go +++ b/internal/exec/utils.go @@ -1213,27 +1213,44 @@ func FindComponentDependencies(currentStack string, sources schema.ConfigSources // getCliVars returns a map of variables provided on the command-line func getCliVars(args []string) (map[string]string, error) { - for i, arg := range args { - if arg == "-var" { - args[i] = "--var" + var variables = make(map[string]string) + for i := 0; i < len(args); i++ { + if args[i] == "-var" && i+1 < len(args) { + kv := args[i+1] + parts := strings.SplitN(kv, "=", 2) + if len(parts) == 2 { + varName := parts[0] + varValue := strings.Trim(parts[1], "{}") // Handle the map-like syntax + variables[varName] = varValue + } + i++ } } - - flagSet := pflag.NewFlagSet("cliVars", pflag.ContinueOnError) - vars := flagSet.StringSlice("var", nil, "") - - err := flagSet.Parse(args) - if err != nil { - return nil, err - } - - varMap := make(map[string]string) - for _, v := range *vars { - parts := strings.SplitN(v, "=", 2) - if len(parts) == 2 { - varMap[parts[0]] = parts[1] - } - } - - return varMap, nil + return variables, nil } + +//func getCliVars(args []string) (map[string]string, error) { +// for i, arg := range args { +// if arg == "-var" { +// args[i] = "--var" +// } +// } +// +// flagSet := pflag.NewFlagSet("cliVars", pflag.ContinueOnError) +// vars := flagSet.StringSlice("var", nil, "") +// +// err := flagSet.Parse(args) +// if err != nil { +// return nil, err +// } +// +// varMap := make(map[string]string) +// for _, v := range *vars { +// parts := strings.SplitN(v, "=", 2) +// if len(parts) == 2 { +// varMap[parts[0]] = parts[1] +// } +// } +// +// return varMap, nil +//} From f4ea14a554fb57ec217171ba0c041d0a8788e3f4 Mon Sep 17 00:00:00 2001 From: aknysh Date: Fri, 24 Jan 2025 20:30:17 -0500 Subject: [PATCH 07/19] updates --- internal/exec/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/exec/utils.go b/internal/exec/utils.go index 9c6f42679f..67e1595bf7 100644 --- a/internal/exec/utils.go +++ b/internal/exec/utils.go @@ -1220,7 +1220,7 @@ func getCliVars(args []string) (map[string]string, error) { parts := strings.SplitN(kv, "=", 2) if len(parts) == 2 { varName := parts[0] - varValue := strings.Trim(parts[1], "{}") // Handle the map-like syntax + varValue := strings.Trim(parts[1], "{}") variables[varName] = varValue } i++ From 11bd3be619977cef4a15368ee407fe2ba016a70f Mon Sep 17 00:00:00 2001 From: aknysh Date: Fri, 24 Jan 2025 21:28:42 -0500 Subject: [PATCH 08/19] updates --- examples/quick-start-advanced/Dockerfile | 2 +- go.mod | 28 ++++++------ go.sum | 56 ++++++++++++------------ website/docs/integrations/atlantis.mdx | 2 +- 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/examples/quick-start-advanced/Dockerfile b/examples/quick-start-advanced/Dockerfile index 2deda2d686..270478e02d 100644 --- a/examples/quick-start-advanced/Dockerfile +++ b/examples/quick-start-advanced/Dockerfile @@ -6,7 +6,7 @@ ARG GEODESIC_OS=debian # https://atmos.tools/ # https://github.com/cloudposse/atmos # https://github.com/cloudposse/atmos/releases -ARG ATMOS_VERSION=1.154.0 +ARG ATMOS_VERSION=1.156.0 # Terraform: https://github.com/hashicorp/terraform/releases ARG TF_VERSION=1.5.7 diff --git a/go.mod b/go.mod index 60d7465431..02b4e3207d 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,9 @@ require ( github.com/Masterminds/sprig/v3 v3.3.0 github.com/alecthomas/chroma v0.10.0 github.com/arsham/figurine v1.3.0 - github.com/aws/aws-sdk-go-v2 v1.33.0 - github.com/aws/aws-sdk-go-v2/config v1.29.1 - github.com/aws/aws-sdk-go-v2/service/ssm v1.56.7 + github.com/aws/aws-sdk-go-v2 v1.34.0 + github.com/aws/aws-sdk-go-v2/config v1.29.2 + github.com/aws/aws-sdk-go-v2/service/ssm v1.56.8 github.com/bmatcuk/doublestar/v4 v4.8.0 github.com/charmbracelet/bubbles v0.20.0 github.com/charmbracelet/bubbletea v1.2.4 @@ -89,22 +89,22 @@ require ( github.com/atotto/clipboard v0.1.4 // indirect github.com/aws/aws-sdk-go v1.44.206 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.54 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.55 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 // indirect github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.6 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.5 // indirect github.com/aws/aws-sdk-go-v2/service/s3 v1.26.10 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 // indirect - github.com/aws/smithy-go v1.22.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 // indirect + github.com/aws/smithy-go v1.22.2 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/baulk/chardet v0.1.0 // indirect diff --git a/go.sum b/go.sum index 96dc580fc8..66ef033d36 100644 --- a/go.sum +++ b/go.sum @@ -743,49 +743,49 @@ github.com/aws/aws-sdk-go v1.44.206 h1:xC7O40wdnKH4A95KdYt+smXl9hig1vu9b3mFxAxUo github.com/aws/aws-sdk-go v1.44.206/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.16.2/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU= github.com/aws/aws-sdk-go-v2 v1.16.4/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU= -github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs= -github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.34.0 h1:9iyL+cjifckRGEVpRKZP3eIxVlL06Qk1Tk13vreaVQU= +github.com/aws/aws-sdk-go-v2 v1.34.0/go.mod h1:JgstGg0JjWU1KpVJjD5H0y0yyAIpSdKEq556EI6yOOM= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 h1:SdK4Ppk5IzLs64ZMvr6MrSficMtjY2oS0WOORXTlxwU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1/go.mod h1:n8Bs1ElDD2wJ9kCRTczA83gYbBmjSwZp3umc6zF4EeM= github.com/aws/aws-sdk-go-v2/config v1.15.3/go.mod h1:9YL3v07Xc/ohTsxFXzan9ZpFpdTOFl4X65BAKYaz8jg= github.com/aws/aws-sdk-go-v2/config v1.15.9/go.mod h1:rv/l/TbZo67kp99v/3Kb0qV6Fm1KEtKyruEV2GvVfgs= -github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ= -github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk= +github.com/aws/aws-sdk-go-v2/config v1.29.2 h1:JuIxOEPcSKpMB0J+khMjznG9LIhIBdmqNiEcPclnwqc= +github.com/aws/aws-sdk-go-v2/config v1.29.2/go.mod h1:HktTHregOZwNSM/e7WTfVSu9RCX+3eOv+6ij27PtaYs= github.com/aws/aws-sdk-go-v2/credentials v1.11.2/go.mod h1:j8YsY9TXTm31k4eFhspiQicfXPLZ0gYXA50i4gxPE8g= github.com/aws/aws-sdk-go-v2/credentials v1.12.4/go.mod h1:7g+GGSp7xtR823o1jedxKmqRZGqLdoHQfI4eFasKKxs= -github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAulBfyTJQUaYy4+hEI= -github.com/aws/aws-sdk-go-v2/credentials v1.17.54/go.mod h1:RTdfo0P0hbbTxIhmQrOsC/PquBZGabEPnCaxxKRPSnI= +github.com/aws/aws-sdk-go-v2/credentials v1.17.55 h1:CDhKnDEaGkLA5ZszV/qw5uwN5M8rbv9Cl0JRN+PRsaM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.55/go.mod h1:kPD/vj+RB5MREDUky376+zdnjZpR+WgdBBvwrmnlmKE= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.3/go.mod h1:uk1vhHHERfSVCUnqSqz8O48LBYDSC+k6brng09jcMOk= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.5/go.mod h1:WAPnuhG5IQ/i6DETFl5NmX3kKqCzw7aau9NHAGcm4QE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 h1:kU7tmXNaJ07LsyN3BUgGqAmVmQtq0w6duVIHAKfp0/w= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25/go.mod h1:OiC8+OiqrURb1wrwmr/UbOVLFSWEGxjinj5C299VQdo= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.3/go.mod h1:0dHuD2HZZSiwfJSy1FO5bX1hQ1TxVV1QXXjpn3XUE44= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.14 h1:qpJmFbypCfwPok5PGTSnQy1NKbv4Hn8xGsee9l4xOPE= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.14/go.mod h1:IOYB+xOZik8YgdTlnDSwbvKmCkikA3nVue8/Qnfzs0c= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.9/go.mod h1:AnVH5pvai0pAF4lXRq0bmhbes1u9R8wTE+g+183bZNM= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.11/go.mod h1:tmUB6jakq5DFNcXsXOA/ZQ7/C8VnSKYkx58OI7Fh79g= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 h1:igORFSiH3bfq4lxKFkTSYDhJEUCYo6C8VKiWJjYwQuQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28/go.mod h1:3So8EA/aAYm36L7XIvCVwLa0s5N0P7o2b1oqnx/2R4g= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 h1:Ej0Rf3GMv50Qh4G4852j2djtoDb7AzQ7MuQeFHa3D70= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29/go.mod h1:oeNTC7PwJNoM5AznVr23wxhLnuJv0ZDe5v7w0wqIs9M= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.3/go.mod h1:ssOhaLpRlh88H3UmEcsBoVKq309quMvm3Ds8e9d4eJM= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.5/go.mod h1:fV1AaS2gFc1tM0RCb015FJ0pvWVUfJZANzjwoO4YakM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 h1:1mOW9zAUMhTSrMDssEHS/ajx8JcAj/IcftzcmNlmVLI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28/go.mod h1:kGlXVIWDfvt2Ox5zEaNglmq0hXPHgQFNMix33Tw22jA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 h1:6e8a71X+9GfghragVevC5bZqvATtc3mAMgxpSNbgzF0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29/go.mod h1:c4jkZiQ+BWpNqq7VtrxjwISrLrt/VvPq3XiopkUIolI= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.10/go.mod h1:8DcYQcz0+ZJaSxANlHIsbbi6S+zMwjwdDqwW3r9AzaE= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.12/go.mod h1:00c7+ALdPh4YeEUPXJzyU0Yy01nPGOq2+9rUaz05z9g= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.2 h1:1fs9WkbFcMawQjxEI0B5L0SqvBhJZebxWM6Z3x/qHWY= github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.2/go.mod h1:0jDVeWUFPbI3sOfsXXAsIdiawXcn7VBLx/IlFVTRP64= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.1/go.mod h1:GeUru+8VzrTXV/83XyMJ80KpH8xO89VPoUileyNQ+tc= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.3/go.mod h1:Seb8KNmD6kVTjwRjVEgOT5hPin6sq+v4C2ycJQDwuH8= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.6 h1:9mvDAsMiN+07wcfGM+hJ1J3dOKZ2YOpDiPZ6ufRJcgw= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.6/go.mod h1:Eus+Z2iBIEfhOvhSdMTcscNOMy6n3X9/BJV0Zgax98w= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.3/go.mod h1:wlY6SVjuwvh3TVRpTqdy4I1JpBFLX4UGeKZdWntaocw= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.5/go.mod h1:ZbkttHXaVn3bBo/wpJbQGiiIWR90eTBUVBrEHUEQlho= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 h1:hN4yJBGswmFTOVYqmbz1GBs9ZMtQe8SrYxPwrkrlRv8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10/go.mod h1:TsxON4fEZXyrKY+D+3d2gSTyJkGORexIYab9PTf56DA= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.3/go.mod h1:Bm/v2IaN6rZ+Op7zX+bOUMdL4fsrYZiD0dsjLhNKwZc= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.5 h1:DyPYkrH4R2zn+Pdu6hM3VTuPsQYAE6x2WB24X85Sgw0= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.5/go.mod h1:XtL92YWo0Yq80iN3AgYRERJqohg4TozrqRlxYhHGJ7g= @@ -797,21 +797,21 @@ github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.4/go.mod h1:PJc8s+lxyU github.com/aws/aws-sdk-go-v2/service/sns v1.17.4/go.mod h1:kElt+uCcXxcqFyc+bQqZPFD9DME/eC6oHBXvFzQ9Bcw= github.com/aws/aws-sdk-go-v2/service/sqs v1.18.3/go.mod h1:skmQo0UPvsjsuYYSYMVmrPc1HWCbHUJyrCEp+ZaLzqM= github.com/aws/aws-sdk-go-v2/service/ssm v1.24.1/go.mod h1:NR/xoKjdbRJ+qx0pMR4mI+N/H1I1ynHwXnO6FowXJc0= -github.com/aws/aws-sdk-go-v2/service/ssm v1.56.7 h1:vv7lah/6QrqHry4gcYPCcy7ByAmBAtGNjPfTf4HTH/s= -github.com/aws/aws-sdk-go-v2/service/ssm v1.56.7/go.mod h1:8HjMkoX1B6HEsxGMPLu6hnx3135hwxpi6eI9aErNTAg= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.8 h1:MBdLPDbhwvgIpjIVAo2K49b+mJgthRfq3pJ57OMF7Ro= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.8/go.mod h1:9XDwaJPbim0IsiHqC/jWwXviigOiQJC+drPPy6ZfIlE= github.com/aws/aws-sdk-go-v2/service/sso v1.11.3/go.mod h1:7UQ/e69kU7LDPtY40OyoHYgRmgfGM4mgsLYtcObdveU= github.com/aws/aws-sdk-go-v2/service/sso v1.11.7/go.mod h1:TFVe6Rr2joVLsYQ1ABACXgOC6lXip/qpX2x5jWg/A9w= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 h1:kuIyu4fTT38Kj7YCC7ouNbVZSSpqkZ+LzIfhCr6Dg+I= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.11/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSbkj01jIi+SM0wYsj3y/hY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 h1:kznaW4f81mNMlREkU9w3jUuJvU5g/KsqDV43ab7Rp6s= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.12/go.mod h1:bZy9r8e0/s0P7BSDHgMLXK2KvdyRRBIQ2blKlvLt0IU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 h1:mUwIpAvILeKFnRx4h1dEgGEFGuV8KJ3pEScZWVFYuZA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11/go.mod h1:JDJtD+b8HNVv71axz8+S5492KM8wTzHRFpMKQbPlYxw= github.com/aws/aws-sdk-go-v2/service/sts v1.16.3/go.mod h1:bfBj0iVmsUyUg4weDB4NxktD9rDGeKSVWnjTnwbx9b8= github.com/aws/aws-sdk-go-v2/service/sts v1.16.6/go.mod h1:rP1rEOKAGZoXp4iGDxSXFvODAtXpm34Egf0lL0eshaQ= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 h1:BRVDbewN6VZcwr+FBOszDKvYeXY1kJ+GGMCcpghlw0U= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.9/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 h1:g9d+TOsu3ac7SgmY2dUf1qMgu/uJVTlQ4VCbH6hRxSw= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.10/go.mod h1:WZfNmntu92HO44MVZAubQaz3qCuIdeOdog2sADfU6hU= github.com/aws/smithy-go v1.11.2/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM= -github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= -github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/aymanbagabas/go-udiff v0.2.0 h1:TK0fH4MteXUDspT88n8CKzvK0X9O2xu9yQjWpi6yML8= diff --git a/website/docs/integrations/atlantis.mdx b/website/docs/integrations/atlantis.mdx index 39b2c5f676..e083ac92d8 100644 --- a/website/docs/integrations/atlantis.mdx +++ b/website/docs/integrations/atlantis.mdx @@ -673,7 +673,7 @@ on: branches: [ main ] env: - ATMOS_VERSION: 1.154.0 + ATMOS_VERSION: 1.156.0 ATMOS_CLI_CONFIG_PATH: ./ jobs: From 70534b82ae5ea555e0f35deeea08881ceff9091a Mon Sep 17 00:00:00 2001 From: aknysh Date: Sat, 25 Jan 2025 12:15:55 -0500 Subject: [PATCH 09/19] updates --- internal/exec/terraform.go | 2 +- internal/exec/utils.go | 44 +++++++------------ .../test/template-functions-test/outputs.tf | 5 +++ 3 files changed, 21 insertions(+), 30 deletions(-) diff --git a/internal/exec/terraform.go b/internal/exec/terraform.go index 5b135ce613..004e78ea50 100644 --- a/internal/exec/terraform.go +++ b/internal/exec/terraform.go @@ -228,7 +228,7 @@ func ExecuteTerraform(info schema.ConfigAndStacksInfo) error { - Environment variables: variables set as environment variables using the TF_VAR_ prefix - Default values in the configuration file: these have the lowest priority */ - if cliVars, ok := info.ComponentSection[cfg.CliVarsSectionName].(map[string]string); ok && len(cliVars) > 0 { + if cliVars, ok := info.ComponentSection[cfg.CliVarsSectionName].(map[string]any); ok && len(cliVars) > 0 { u.LogDebug(atmosConfig, "\nCLI variables (will override the variables defined in the stack manifests):") if atmosConfig.Logs.Level == u.LogLevelTrace || atmosConfig.Logs.Level == u.LogLevelDebug { err = u.PrintAsYAMLToFileDescriptor(atmosConfig, cliVars) diff --git a/internal/exec/utils.go b/internal/exec/utils.go index 67e1595bf7..09155450cd 100644 --- a/internal/exec/utils.go +++ b/internal/exec/utils.go @@ -1212,15 +1212,27 @@ func FindComponentDependencies(currentStack string, sources schema.ConfigSources } // getCliVars returns a map of variables provided on the command-line -func getCliVars(args []string) (map[string]string, error) { - var variables = make(map[string]string) +// atmos terraform apply template-functions-test -s tenant1-ue2-prod -var name=test2 -var stage=dev -var 'tags={"a":"value2", "Name":"test"}' +func getCliVars(args []string) (map[string]any, error) { + var variables = make(map[string]any) for i := 0; i < len(args); i++ { if args[i] == "-var" && i+1 < len(args) { kv := args[i+1] parts := strings.SplitN(kv, "=", 2) if len(parts) == 2 { varName := parts[0] - varValue := strings.Trim(parts[1], "{}") + part2 := parts[1] + var varValue any + if u.IsJSON(part2) { + v, err := u.ConvertFromJSON(part2) + if err != nil { + return nil, err + } + varValue = v + } else { + varValue = strings.TrimSpace(part2) + } + variables[varName] = varValue } i++ @@ -1228,29 +1240,3 @@ func getCliVars(args []string) (map[string]string, error) { } return variables, nil } - -//func getCliVars(args []string) (map[string]string, error) { -// for i, arg := range args { -// if arg == "-var" { -// args[i] = "--var" -// } -// } -// -// flagSet := pflag.NewFlagSet("cliVars", pflag.ContinueOnError) -// vars := flagSet.StringSlice("var", nil, "") -// -// err := flagSet.Parse(args) -// if err != nil { -// return nil, err -// } -// -// varMap := make(map[string]string) -// for _, v := range *vars { -// parts := strings.SplitN(v, "=", 2) -// if len(parts) == 2 { -// varMap[parts[0]] = parts[1] -// } -// } -// -// return varMap, nil -//} diff --git a/tests/fixtures/scenarios/complete/components/terraform/test/template-functions-test/outputs.tf b/tests/fixtures/scenarios/complete/components/terraform/test/template-functions-test/outputs.tf index 2af5e9cef6..a650b8d781 100644 --- a/tests/fixtures/scenarios/complete/components/terraform/test/template-functions-test/outputs.tf +++ b/tests/fixtures/scenarios/complete/components/terraform/test/template-functions-test/outputs.tf @@ -20,3 +20,8 @@ output "test_map" { } description = "Test map" } + +output "tags" { + value = module.test_label.tags + description = "Tags" +} From 36522933aa86d0f31c3bce96587f522ddec31fb6 Mon Sep 17 00:00:00 2001 From: aknysh Date: Sat, 25 Jan 2025 20:34:07 -0500 Subject: [PATCH 10/19] updates --- .../template-functions-test/defaults.yaml | 19 +++++++++++++++++++ ...ate-template-functions-test-component.rego | 6 ++++++ 2 files changed, 25 insertions(+) create mode 100644 tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego diff --git a/tests/fixtures/scenarios/complete/stacks/catalog/terraform/template-functions-test/defaults.yaml b/tests/fixtures/scenarios/complete/stacks/catalog/terraform/template-functions-test/defaults.yaml index cc9b5e6947..54f1a7f453 100644 --- a/tests/fixtures/scenarios/complete/stacks/catalog/terraform/template-functions-test/defaults.yaml +++ b/tests/fixtures/scenarios/complete/stacks/catalog/terraform/template-functions-test/defaults.yaml @@ -10,6 +10,25 @@ components: settings: spacelift: workspace_enabled: false + # Validation + # Supports JSON Schema and OPA policies + # All validation steps must succeed to allow the component to be provisioned + validation: + check-template-functions-test-component-with-opa-policy: + schema_type: opa + # 'schema_path' can be an absolute path or a path relative to 'schemas.opa.base_path' defined in `atmos.yaml` + schema_path: "test/template-functions-test/validate-template-functions-test-component.rego" + # An array of filesystem paths (folders or individual files) to the additional modules for schema validation + # Each path can be an absolute path or a path relative to `schemas.opa.base_path` defined in `atmos.yaml` + # In this example, we have the additional Rego modules in `stacks/schemas/opa/catalog/constants` + module_paths: + - "catalog/constants" + description: Check 'template-functions-test' component using OPA policy + # Set `disabled` to `true` to skip the validation step + # `disabled` is set to `false` by default, the step is allowed if `disabled` is not declared + disabled: false + # Validation timeout in seconds + timeout: 5 vars: enabled: true name: "test" diff --git a/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego b/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego new file mode 100644 index 0000000000..c05f7f6d41 --- /dev/null +++ b/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego @@ -0,0 +1,6 @@ +# 'package atmos' is required in all `atmos` OPA policies +package atmos + +errors["for the 'template-functions-test' component, the variable 'name' must be provided on the command line using the '-var' flag"] { + not input.cli_vars.name +} From 93b9bf9bb1a54953356a1e227918f0d3c32f9a76 Mon Sep 17 00:00:00 2001 From: aknysh Date: Sat, 25 Jan 2025 20:41:25 -0500 Subject: [PATCH 11/19] updates --- go.mod | 4 ++-- go.sum | 8 ++++---- ...alidate-template-functions-test-component.rego | 15 +++++++++++++++ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 02b4e3207d..ccd37c53cc 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/aws/aws-sdk-go-v2 v1.34.0 github.com/aws/aws-sdk-go-v2/config v1.29.2 github.com/aws/aws-sdk-go-v2/service/ssm v1.56.8 - github.com/bmatcuk/doublestar/v4 v4.8.0 + github.com/bmatcuk/doublestar/v4 v4.8.1 github.com/charmbracelet/bubbles v0.20.0 github.com/charmbracelet/bubbletea v1.2.4 github.com/charmbracelet/glamour v0.8.0 @@ -46,7 +46,7 @@ require ( github.com/open-policy-agent/opa v1.0.1 github.com/otiai10/copy v1.14.1 github.com/pkg/errors v0.9.1 - github.com/samber/lo v1.47.0 + github.com/samber/lo v1.48.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 github.com/spf13/cobra v1.8.1 diff --git a/go.sum b/go.sum index 66ef033d36..f67d81d6a5 100644 --- a/go.sum +++ b/go.sum @@ -828,8 +828,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bmatcuk/doublestar/v4 v4.8.0 h1:DSXtrypQddoug1459viM9X9D3dp1Z7993fw36I2kNcQ= -github.com/bmatcuk/doublestar/v4 v4.8.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= +github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38= +github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= @@ -1695,8 +1695,8 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA= github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y= -github.com/samber/lo v1.47.0 h1:z7RynLwP5nbyRscyvcD043DWYoOcYRv3mV8lBeqOCLc= -github.com/samber/lo v1.47.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU= +github.com/samber/lo v1.48.0 h1:ELOfcaM7vdYPe0egBS2Nxa8LxkY4lR+9LBzj0l6cHJ0= +github.com/samber/lo v1.48.0/go.mod h1:dO6KHFzUKXgP8LDhU0oI8d2hekjXnGOu0DB8Jecxd6o= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= diff --git a/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego b/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego index c05f7f6d41..c8a2aa2f1d 100644 --- a/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego +++ b/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego @@ -1,6 +1,21 @@ # 'package atmos' is required in all `atmos` OPA policies package atmos +# Atmos looks for the 'errors' (array of strings) output from all OPA policies +# If the 'errors' output contains one or more error messages, Atmos considers the policy failed + errors["for the 'template-functions-test' component, the variable 'name' must be provided on the command line using the '-var' flag"] { not input.cli_vars.name } + +# https://www.openpolicyagent.org/docs/latest/policy-language +# https://www.openpolicyagent.org/ +# https://blog.openpolicyagent.org/rego-design-principle-1-syntax-should-reflect-real-world-policies-e1a801ab8bfb +# https://github.com/open-policy-agent/library +# https://github.com/open-policy-agent/example-api-authz-go +# https://github.com/open-policy-agent/opa/issues/2104 +# https://www.fugue.co/blog/5-tips-for-using-the-rego-language-for-open-policy-agent-opa +# https://medium.com/@agarwalshubhi17/rego-cheat-sheet-5e25faa6eee8 +# https://code.tutsplus.com/tutorials/regular-expressions-with-go-part-1--cms-30403 +# https://www.styra.com/blog/how-to-write-your-first-rules-in-rego-the-policy-language-for-opa +# https://www.openpolicyagent.org/docs/v0.12.2/how-does-opa-work From 2edc623a81021e26b3f0e52e3c5ceafdad0687ea Mon Sep 17 00:00:00 2001 From: aknysh Date: Sat, 25 Jan 2025 22:19:25 -0500 Subject: [PATCH 12/19] updates --- .../core-concepts/validate/editorconfig.mdx | 2 +- .../validate/terraform-variables.mdx | 170 ++++++++++++++++++ 2 files changed, 171 insertions(+), 1 deletion(-) create mode 100644 website/docs/core-concepts/validate/terraform-variables.mdx diff --git a/website/docs/core-concepts/validate/editorconfig.mdx b/website/docs/core-concepts/validate/editorconfig.mdx index 6cc3756419..125510555a 100644 --- a/website/docs/core-concepts/validate/editorconfig.mdx +++ b/website/docs/core-concepts/validate/editorconfig.mdx @@ -1,6 +1,6 @@ --- title: EditorConfig Validation -sidebar_position: 2 +sidebar_position: 3 sidebar_label: EditorConfig description: Use EditorConfig Checker to validate your configurations. id: editorconfig-validation diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx new file mode 100644 index 0000000000..c18543e9de --- /dev/null +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -0,0 +1,170 @@ +--- +title: Terraform Input Variables Validation +sidebar_position: 4 +sidebar_label: Terraform Input Variables +description: Use OPA policies to validate terraform input variables. +id: terraform-variables +--- + +import Terminal from '@site/src/components/Terminal' +import File from '@site/src/components/File' +import EmbedFile from '@site/src/components/EmbedFile' +import Intro from '@site/src/components/Intro' + + +The [Open Policy Agent](https://www.openpolicyagent.org/docs/latest/) (OPA) is the open-source industry standard for policy-as-code validation. It provides a general-purpose policy engine to unify policy enforcement across your stacks. + + +The OPA (pronounced “oh-pa”) language (Rego) is a high-level declarative language for specifying policy as code. Atmos has native support for the OPA decision-making engine to enforce policies across all the components in your stacks (e.g. for microservice configurations). + +This is powerful stuff: because you can define many policies, it's possible to apply different policies depending on where a component is defined in the stacks. For example, it could validate differently based on environments or teams. + +## Use Cases + +Use Open Policy Agent (OPA) policies to validate Atmos stacks and component configurations. + +* Validate component config (`vars`, `settings`, `backend`, `env`, `overrides` and other sections) using JSON Schema + +* Check if the component config (including relations between different component variables) is correct to allow or deny component provisioning using + OPA/Rego policies + +## Usage + +Atmos `validate component` command supports `--schema-path`, `--schema-type` and `--module-paths` command line arguments. +If the arguments are not provided, Atmos will try to find and use the `settings.validation` section defined in the component's YAML config. + +:::tip + +Refer to [atmos validate component](/cli/commands/validate/component) CLI command for more information + +::: + + +```shell + +# Validate 'vpc' component using OPA policy in the 'plat-ue2-prod' stack +atmos validate component vpc -s plat-ue2-prod --schema-path vpc/validate-vpc-component.rego --schema-type opa + +# Validate 'vpc' component using OPA policy in the 'plat-ue2-dev' stack with additional module paths 'catalog/constants' +atmos validate component vpc -s plat-ue2-dev --schema-path vpc/validate-vpc-component.rego --schema-type opa --module-paths catalog/constants + +# Validate 'vpc' component using OPA policy in the 'plat-ue2-dev' stack with additional module paths 'catalog' +atmos validate component vpc -s plat-ue2-dev --schema-path vpc/validate-vpc-component.rego --schema-type opa --module-paths catalog + +# Validate 'vpc' component in the 'plat-ue2-prod' stack +atmos validate component vpc -s plat-ue2-prod + +# Validate 'vpc' component in the 'plat-ue2-dev' stack +atmos validate component vpc -s plat-ue2-dev + +# Validate 'vpc' component in the 'plat-ue2-dev' stack with a timeout of 15 seconds +atmos validate component vpc -s plat-ue2-dev --timeout 15 +``` + + +### Configure Component Validation + +In [`atmos.yaml`](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/rootfs/usr/local/etc/atmos/atmos.yaml), add the `schemas` +section: + + +```yaml +# Validation schemas for OPA for validating atmos stacks and components +schemas: + # https://www.openpolicyagent.org + opa: + # Can also be set using `ATMOS_SCHEMAS_OPA_BASE_PATH` ENV var, or `--schemas-opa-dir` command-line arguments + # Supports both absolute and relative paths + base_path: "stacks/schemas/opa" +``` + + +In the component [manifest](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/stacks/catalog/vpc/defaults.yaml), add +the `settings.validation` section: + + + +Add the following Rego package in the file [`stacks/schemas/opa/catalog/constants/constants.rego`](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/stacks/schemas/opa/catalog/constants/constants.rego): + + + +Add the following OPA policy in the file [`stacks/schemas/opa/vpc/validate-vpc-component.rego`](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/stacks/schemas/opa/vpc/validate-vpc-component.rego): + + + +### Use One Policy File or Many + +Atmos supports OPA policies for components validation in a single Rego file and in multiple Rego files. + +As shown in the example above, you can define some Rego constants, modules and helper functions in a separate +file `stacks/schemas/opa/catalog/constants/constants.rego`, and then import them into the main policy +file `stacks/schemas/opa/vpc/validate-vpc-component.rego`. + +You also need to specify the `module_paths` attribute in the component's `settings.validation` section. +The `module_paths` attribute is an array of filesystem paths (folders or individual files) to the additional modules for schema validation. +Each path can be an absolute path or a path relative to `schemas.opa.base_path` defined in `atmos.yaml`. +If a folder is specified in `module_paths`, Atmos will recursively process the folder and all its sub-folders and load all Rego files into the OPA +engine. + +This allows you to separate the common OPA modules, constants and helper functions into a catalog of reusable Rego modules, +and to structure your OPA policies to make them DRY. + +## Examples + +### Validate VPC Component in Stacks + +Run the following commands to validate the component in the stacks: + + +```console +Mapping public IPs on launch is not allowed in 'prod'. Set 'map_public_ip_on_launch' variable to 'false' + +exit status 1 +``` + + + +```console +In 'dev', only 2 Availability Zones are allowed +VPC name must be a valid string from 2 to 20 alphanumeric chars + +exit status 1 +``` + + + +### Validate Before Provisioning + +Try to run the following commands to provision the component in the stacks: + + +```bash +atmos terraform apply vpc -s plat-ue2-prod +atmos terraform apply vpc -s plat-ue2-dev +``` + + +Since the OPA validation policies don't pass, Atmos does not allow provisioning the component in the stacks: + + +![atmos-validate-vpc-in-plat-ue2-prod](/img/atmos-validate-infra-vpc-in-tenant1-ue2-dev.png) + + + +![atmos-validate-vpc-in-plat-ue2-dev](/img/atmos-validate-infra-vpc-in-tenant1-ue2-dev.png) + + +### Advanced Policy Examples + + + +:::note + +- If a regex pattern in the 're_match' function contains a backslash to escape special chars (e.g. '\.' or '\-'), + it must be escaped with another backslash when represented as a regular Go string ('\\.', '\\-'). + +- The reason is that backslash is also used to escape special characters in Go strings like newline (\n). + +- If you want to match the backslash character itself, you'll need four slashes. + +::: From 92791b2be36aa6ed1596820823c52adce2a8ea5a Mon Sep 17 00:00:00 2001 From: aknysh Date: Sun, 26 Jan 2025 23:17:23 -0500 Subject: [PATCH 13/19] updates --- atmos.yaml | 2 +- go.mod | 2 +- go.sum | 4 +- .../complete/stacks/orgs/cp/_defaults.yaml | 56 ++--- .../orgs/cp/tenant1/prod/us-east-2.yaml | 6 +- .../validate/terraform-variables.mdx | 191 +++++++----------- 6 files changed, 111 insertions(+), 150 deletions(-) diff --git a/atmos.yaml b/atmos.yaml index 08f5fe2f7c..5b115043b4 100644 --- a/atmos.yaml +++ b/atmos.yaml @@ -15,7 +15,7 @@ # are independent settings (supporting both absolute and relative paths). # If 'base_path' is provided, 'components.terraform.base_path', 'components.helmfile.base_path', 'stacks.base_path' and 'workflows.base_path' # are considered paths relative to 'base_path'. -base_path: "./tests/fixtures/scenarios/complete" +base_path: "" vendor: # Path to vendor configuration file or directory containing vendor files diff --git a/go.mod b/go.mod index ccd37c53cc..a0c275ef08 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( github.com/open-policy-agent/opa v1.0.1 github.com/otiai10/copy v1.14.1 github.com/pkg/errors v0.9.1 - github.com/samber/lo v1.48.0 + github.com/samber/lo v1.49.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 github.com/spf13/cobra v1.8.1 diff --git a/go.sum b/go.sum index f67d81d6a5..84f44f73d5 100644 --- a/go.sum +++ b/go.sum @@ -1695,8 +1695,8 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA= github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y= -github.com/samber/lo v1.48.0 h1:ELOfcaM7vdYPe0egBS2Nxa8LxkY4lR+9LBzj0l6cHJ0= -github.com/samber/lo v1.48.0/go.mod h1:dO6KHFzUKXgP8LDhU0oI8d2hekjXnGOu0DB8Jecxd6o= +github.com/samber/lo v1.49.0 h1:AGnTnQrg1jpFuwECPUSoxZCfVH5W22b605kWSry3YxM= +github.com/samber/lo v1.49.0/go.mod h1:dO6KHFzUKXgP8LDhU0oI8d2hekjXnGOu0DB8Jecxd6o= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= diff --git a/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml b/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml index ad996d4d5e..e432023a0a 100644 --- a/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml +++ b/tests/fixtures/scenarios/complete/stacks/orgs/cp/_defaults.yaml @@ -56,34 +56,34 @@ terraform: s3: role_arn: "arn:aws:iam::123456789012:role/cp-gbl-root-terraform" -# providers: -# context: -# enabled: true -# delimiter: "-" -# properties: -# namespace: -# required: true -# min_length: 2 -# max_length: 4 -# tenant: -# required: true -# min_length: 2 -# max_length: 10 -# environment: -# required: true -# min_length: 2 -# max_length: 6 -# stage: -# required: true -# min_length: 2 -# max_length: 20 -# values: -# namespace: "{{ .vars.namespace }}" -# tenant: "{{ .vars.tenant }}" -# environment: "{{ .vars.environment }}" -# stage: "{{ .vars.stage }}" -# atmos_component: "{{ .atmos_component }}" -# atmos_stack: "{{ .atmos_stack }}" + providers: + context: + enabled: true + delimiter: "-" + properties: + namespace: + required: true + min_length: 2 + max_length: 4 + tenant: + required: true + min_length: 2 + max_length: 10 + environment: + required: true + min_length: 2 + max_length: 6 + stage: + required: true + min_length: 2 + max_length: 20 + values: + namespace: "{{ .vars.namespace }}" + tenant: "{{ .vars.tenant }}" + environment: "{{ .vars.environment }}" + stage: "{{ .vars.stage }}" + atmos_component: "{{ .atmos_component }}" + atmos_stack: "{{ .atmos_stack }}" helmfile: vars: {} diff --git a/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml b/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml index bfa115065d..d9723201bd 100644 --- a/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml +++ b/tests/fixtures/scenarios/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml @@ -15,9 +15,9 @@ import: - catalog/terraform/spacelift/infrastructure-tenant1 # Configurations to test `atmos.Component` template function - - catalog/terraform/template-functions-test/defaults - - catalog/terraform/template-functions-test2/defaults - - catalog/terraform/template-functions-test3/defaults + # - catalog/terraform/template-functions-test/defaults + # - catalog/terraform/template-functions-test2/defaults + # - catalog/terraform/template-functions-test3/defaults components: terraform: diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx index c18543e9de..a63659f8c3 100644 --- a/website/docs/core-concepts/validate/terraform-variables.mdx +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -2,7 +2,7 @@ title: Terraform Input Variables Validation sidebar_position: 4 sidebar_label: Terraform Input Variables -description: Use OPA policies to validate terraform input variables. +description: Use OPA policies to validate Terraform input variables. id: terraform-variables --- @@ -12,62 +12,73 @@ import EmbedFile from '@site/src/components/EmbedFile' import Intro from '@site/src/components/Intro' -The [Open Policy Agent](https://www.openpolicyagent.org/docs/latest/) (OPA) is the open-source industry standard for policy-as-code validation. It provides a general-purpose policy engine to unify policy enforcement across your stacks. +Use [Open Policy Agent](https://www.openpolicyagent.org/docs/latest/) (OPA) policies to validate Terraform input variables. -The OPA (pronounced “oh-pa”) language (Rego) is a high-level declarative language for specifying policy as code. Atmos has native support for the OPA decision-making engine to enforce policies across all the components in your stacks (e.g. for microservice configurations). +## Introduction -This is powerful stuff: because you can define many policies, it's possible to apply different policies depending on where a component is defined in the stacks. For example, it could validate differently based on environments or teams. +When executing `atmos terraform ` commands, you can provide +[Terraform input variables](https://developer.hashicorp.com/terraform/language/values/variables) on the command line +using the `-var` flag. -## Use Cases +For example: -Use Open Policy Agent (OPA) policies to validate Atmos stacks and component configurations. - -* Validate component config (`vars`, `settings`, `backend`, `env`, `overrides` and other sections) using JSON Schema - -* Check if the component config (including relations between different component variables) is correct to allow or deny component provisioning using - OPA/Rego policies +```shell +atmos terraform apply -s -var name=api -var 'tags={"Team":"api", "Group":"web"}' +``` -## Usage +:::note +Terraform processes variables in the following order of precedence (from highest to lowest): -Atmos `validate component` command supports `--schema-path`, `--schema-type` and `--module-paths` command line arguments. -If the arguments are not provided, Atmos will try to find and use the `settings.validation` section defined in the component's YAML config. +- Explicit `-var` flags: these variables have the highest priority and will override any other variable values, including those specified in `--var-file`. -:::tip +- Variables in `--var-file`: values in a variable file override default values set in the Terraform configuration. + Atmos generates varfiles from stack configurations and provides it to Terraform using the `--var-file` flag. -Refer to [atmos validate component](/cli/commands/validate/component) CLI command for more information +- Environment variables: variables set as environment variables using the `TF_VAR_` prefix. +- Default values in the Terraform configuration files: these have the lowest priority. ::: - -```shell +When log level `Trace` is used, Atmos prints the Terraform variables specified on the command line in the "CLI variables" output. +For example: -# Validate 'vpc' component using OPA policy in the 'plat-ue2-prod' stack -atmos validate component vpc -s plat-ue2-prod --schema-path vpc/validate-vpc-component.rego --schema-type opa - -# Validate 'vpc' component using OPA policy in the 'plat-ue2-dev' stack with additional module paths 'catalog/constants' -atmos validate component vpc -s plat-ue2-dev --schema-path vpc/validate-vpc-component.rego --schema-type opa --module-paths catalog/constants - -# Validate 'vpc' component using OPA policy in the 'plat-ue2-dev' stack with additional module paths 'catalog' -atmos validate component vpc -s plat-ue2-dev --schema-path vpc/validate-vpc-component.rego --schema-type opa --module-paths catalog - -# Validate 'vpc' component in the 'plat-ue2-prod' stack -atmos validate component vpc -s plat-ue2-prod - -# Validate 'vpc' component in the 'plat-ue2-dev' stack -atmos validate component vpc -s plat-ue2-dev +```shell +ATMOS_LOGS_LEVEL=Trace / +atmos terraform apply my-component -s plat-ue2-dev -var name=api -var 'tags={"Team":"api", "Group":"web"}' +``` -# Validate 'vpc' component in the 'plat-ue2-dev' stack with a timeout of 15 seconds -atmos validate component vpc -s plat-ue2-dev --timeout 15 +```console +Variables for the component 'my-component' in the stack 'plat-ue2-dev': + +enabled: true +environment: ue2 +namespace: cp +region: us-east-2 +stage: dev +tenant: plat +tags: + atmos_component: my-component + atmos_stack: plat-ue2-dev + +Writing the variables to file: +components/terraform/my-component/plat-ue2-dev-my-component.terraform.tfvars.json + +CLI variables (will override the variables defined in the stack manifests): + +name: api +tags: + Team: api + Group: web ``` - -### Configure Component Validation +Atmos exposes the Terraform variables passed on the command line in the `cli_vars` section, which can be used in OPA policies. + +## Terraform Variables Validation using OPA policies In [`atmos.yaml`](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/rootfs/usr/local/etc/atmos/atmos.yaml), add the `schemas` section: - ```yaml # Validation schemas for OPA for validating atmos stacks and components schemas: @@ -77,94 +88,44 @@ schemas: # Supports both absolute and relative paths base_path: "stacks/schemas/opa" ``` - In the component [manifest](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/stacks/catalog/vpc/defaults.yaml), add the `settings.validation` section: - - -Add the following Rego package in the file [`stacks/schemas/opa/catalog/constants/constants.rego`](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/stacks/schemas/opa/catalog/constants/constants.rego): - - - -Add the following OPA policy in the file [`stacks/schemas/opa/vpc/validate-vpc-component.rego`](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/stacks/schemas/opa/vpc/validate-vpc-component.rego): - - - -### Use One Policy File or Many - -Atmos supports OPA policies for components validation in a single Rego file and in multiple Rego files. - -As shown in the example above, you can define some Rego constants, modules and helper functions in a separate -file `stacks/schemas/opa/catalog/constants/constants.rego`, and then import them into the main policy -file `stacks/schemas/opa/vpc/validate-vpc-component.rego`. - -You also need to specify the `module_paths` attribute in the component's `settings.validation` section. -The `module_paths` attribute is an array of filesystem paths (folders or individual files) to the additional modules for schema validation. -Each path can be an absolute path or a path relative to `schemas.opa.base_path` defined in `atmos.yaml`. -If a folder is specified in `module_paths`, Atmos will recursively process the folder and all its sub-folders and load all Rego files into the OPA -engine. - -This allows you to separate the common OPA modules, constants and helper functions into a catalog of reusable Rego modules, -and to structure your OPA policies to make them DRY. - -## Examples +```yaml +components: + terraform: + my-component: + settings: + # Validation + # Supports JSON Schema and OPA policies + # All validation steps must succeed to allow the component to be provisioned + validation: + check-template-functions-test-component-with-opa-policy: + schema_type: opa + # 'schema_path' can be an absolute path or a path relative to 'schemas.opa.base_path' defined in `atmos.yaml` + schema_path: "my-component/validate-my-component.rego" + description: Check 'my-component' component using OPA policy + # Validation timeout in seconds + timeout: 5 +``` -### Validate VPC Component in Stacks +Add the following OPA policy in the file `stacks/schemas/opa/my-component/validate-my-component.rego` -Run the following commands to validate the component in the stacks: +```rego title="stacks/schemas/opa/my-component/validate-my-component.rego" +# 'package atmos' is required in all `atmos` OPA policies +package atmos - -```console -Mapping public IPs on launch is not allowed in 'prod'. Set 'map_public_ip_on_launch' variable to 'false' +# Atmos looks for the 'errors' (array of strings) output from all OPA policies +# If the 'errors' output contains one or more error messages, Atmos considers the policy failed -exit status 1 +errors["for the 'my-component' component, the variable 'name' must be provided on the command line using the '-var' flag"] { + not input.cli_vars.name +} ``` - - ```console -In 'dev', only 2 Availability Zones are allowed -VPC name must be a valid string from 2 to 20 alphanumeric chars +Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego' -exit status 1 +for the 'my-component' component, the variable 'name' must be provided on the command line using the '-var' flag ``` - - - -### Validate Before Provisioning - -Try to run the following commands to provision the component in the stacks: - - -```bash -atmos terraform apply vpc -s plat-ue2-prod -atmos terraform apply vpc -s plat-ue2-dev -``` - - -Since the OPA validation policies don't pass, Atmos does not allow provisioning the component in the stacks: - - -![atmos-validate-vpc-in-plat-ue2-prod](/img/atmos-validate-infra-vpc-in-tenant1-ue2-dev.png) - - - -![atmos-validate-vpc-in-plat-ue2-dev](/img/atmos-validate-infra-vpc-in-tenant1-ue2-dev.png) - - -### Advanced Policy Examples - - - -:::note - -- If a regex pattern in the 're_match' function contains a backslash to escape special chars (e.g. '\.' or '\-'), - it must be escaped with another backslash when represented as a regular Go string ('\\.', '\\-'). - -- The reason is that backslash is also used to escape special characters in Go strings like newline (\n). - -- If you want to match the backslash character itself, you'll need four slashes. - -::: From 9f81f7d9625bf75efe71822433a579664dd69967 Mon Sep 17 00:00:00 2001 From: aknysh Date: Sun, 26 Jan 2025 23:20:02 -0500 Subject: [PATCH 14/19] updates --- .../docs/core-concepts/validate/terraform-variables.mdx | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx index a63659f8c3..ff72c8b8a8 100644 --- a/website/docs/core-concepts/validate/terraform-variables.mdx +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -76,11 +76,10 @@ Atmos exposes the Terraform variables passed on the command line in the `cli_var ## Terraform Variables Validation using OPA policies -In [`atmos.yaml`](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/rootfs/usr/local/etc/atmos/atmos.yaml), add the `schemas` -section: +In `atmos.yaml`, configure the `schemas.opa` section: ```yaml -# Validation schemas for OPA for validating atmos stacks and components +# Validation schemas schemas: # https://www.openpolicyagent.org opa: @@ -89,8 +88,7 @@ schemas: base_path: "stacks/schemas/opa" ``` -In the component [manifest](https://github.com/cloudposse/atmos/blob/master/examples/quick-start-advanced/stacks/catalog/vpc/defaults.yaml), add -the `settings.validation` section: +In the component manifest, add the `settings.validation` section to point to the OPA policy file: ```yaml components: From 136fbeb866de7465e6c29c4193bcc4156688e065 Mon Sep 17 00:00:00 2001 From: aknysh Date: Sun, 26 Jan 2025 23:52:57 -0500 Subject: [PATCH 15/19] updates --- .../validate/terraform-variables.mdx | 58 +++++++++++++++++-- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx index ff72c8b8a8..baf1e4efed 100644 --- a/website/docs/core-concepts/validate/terraform-variables.mdx +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -19,7 +19,7 @@ Use [Open Policy Agent](https://www.openpolicyagent.org/docs/latest/) (OPA) poli When executing `atmos terraform ` commands, you can provide [Terraform input variables](https://developer.hashicorp.com/terraform/language/values/variables) on the command line -using the `-var` flag. +using the `-var` flag. These variables will override the variables configured in Atmos stack manifests. For example: @@ -74,7 +74,7 @@ tags: Atmos exposes the Terraform variables passed on the command line in the `cli_vars` section, which can be used in OPA policies. -## Terraform Variables Validation using OPA policies +## Terraform Variables Validation using OPA Policies In `atmos.yaml`, configure the `schemas.opa` section: @@ -108,22 +108,70 @@ components: timeout: 5 ``` -Add the following OPA policy in the file `stacks/schemas/opa/my-component/validate-my-component.rego` +### Require a Terraform variable to be specified on the command line + +If you need to enforce that a Terraform variable must be specified on the command line (and not in Atmos stack manifests), +add the following OPA policy in the file `stacks/schemas/opa/my-component/validate-my-component.rego` ```rego title="stacks/schemas/opa/my-component/validate-my-component.rego" # 'package atmos' is required in all `atmos` OPA policies package atmos -# Atmos looks for the 'errors' (array of strings) output from all OPA policies -# If the 'errors' output contains one or more error messages, Atmos considers the policy failed +# Atmos looks for the 'errors' (array of strings) output from all OPA policies. +# If the 'errors' output contains one or more error messages, Atmos considers the policy failed. errors["for the 'my-component' component, the variable 'name' must be provided on the command line using the '-var' flag"] { not input.cli_vars.name } ``` +When executing the following command, Atmos will validate the component using the OPA policy, which will fail and prevent +the component from being provisioned: + +```shell +atmos terraform apply my-component -s plat-ue2-dev +``` + ```console Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego' for the 'my-component' component, the variable 'name' must be provided on the command line using the '-var' flag ``` + +On the other hand, when passing the `name` variable on the command line using the `-var name=api` flag, this command will succeed: + +```shell +atmos terraform apply my-component -s plat-ue2-dev -var name=api +``` + +### Restrict a Terraform variable from being provided on the command line + +If you need to prevent a Terraform variable from being passed (and overridden) on the command line, +add the following OPA policy in the file `stacks/schemas/opa/my-component/validate-my-component.rego` + +```rego title="stacks/schemas/opa/my-component/validate-my-component.rego" +package atmos + +errors["for the 'my-component' component, the variable 'name' can't be overridden on the command line using the '-var' flag"] { + input.cli_vars.name +} +``` + +When executing the following command, Atmos will validate the component using the OP policy, which will fail and prevent +the component from being provisioned: + +```shell +atmos terraform apply my-component -s plat-ue2-dev -var name=api +``` + +```console +Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego' + +for the 'my-component' component, the variable 'name' can't be overridden on the command line using the '-var' flag +``` + +This command will pass the validation and succeed: + +```shell +atmos terraform apply my-component -s plat-ue2-dev +``` From 66f5fc6d2dcccb9514b8dd32ead300decb72ece7 Mon Sep 17 00:00:00 2001 From: aknysh Date: Mon, 27 Jan 2025 00:10:05 -0500 Subject: [PATCH 16/19] updates --- .../validate/terraform-variables.mdx | 52 +++++++++++-------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx index baf1e4efed..1c88fde28c 100644 --- a/website/docs/core-concepts/validate/terraform-variables.mdx +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -23,9 +23,12 @@ using the `-var` flag. These variables will override the variables configured in For example: + ```shell -atmos terraform apply -s -var name=api -var 'tags={"Team":"api", "Group":"web"}' +atmos terraform apply -s -var name=api +atmos terraform apply -s -- -var name=api -var 'tags={"Team":"api", "Group":"web"}' ``` + :::note Terraform processes variables in the following order of precedence (from highest to lowest): @@ -43,41 +46,37 @@ Terraform processes variables in the following order of precedence (from highest When log level `Trace` is used, Atmos prints the Terraform variables specified on the command line in the "CLI variables" output. For example: + ```shell ATMOS_LOGS_LEVEL=Trace / atmos terraform apply my-component -s plat-ue2-dev -var name=api -var 'tags={"Team":"api", "Group":"web"}' -``` -```console Variables for the component 'my-component' in the stack 'plat-ue2-dev': - -enabled: true environment: ue2 namespace: cp region: us-east-2 stage: dev tenant: plat -tags: - atmos_component: my-component - atmos_stack: plat-ue2-dev Writing the variables to file: components/terraform/my-component/plat-ue2-dev-my-component.terraform.tfvars.json CLI variables (will override the variables defined in the stack manifests): - name: api tags: Team: api Group: web ``` + -Atmos exposes the Terraform variables passed on the command line in the `cli_vars` section, which can be used in OPA policies. +Atmos exposes the Terraform variables passed on the command line in the `cli_vars` section, which can be used in +OPA policies for validation. ## Terraform Variables Validation using OPA Policies In `atmos.yaml`, configure the `schemas.opa` section: + ```yaml # Validation schemas schemas: @@ -87,16 +86,16 @@ schemas: # Supports both absolute and relative paths base_path: "stacks/schemas/opa" ``` + In the component manifest, add the `settings.validation` section to point to the OPA policy file: + ```yaml components: terraform: my-component: settings: - # Validation - # Supports JSON Schema and OPA policies # All validation steps must succeed to allow the component to be provisioned validation: check-template-functions-test-component-with-opa-policy: @@ -107,13 +106,15 @@ components: # Validation timeout in seconds timeout: 5 ``` + ### Require a Terraform variable to be specified on the command line If you need to enforce that a Terraform variable must be specified on the command line (and not in Atmos stack manifests), add the following OPA policy in the file `stacks/schemas/opa/my-component/validate-my-component.rego` -```rego title="stacks/schemas/opa/my-component/validate-my-component.rego" + +```rego # 'package atmos' is required in all `atmos` OPA policies package atmos @@ -124,54 +125,61 @@ errors["for the 'my-component' component, the variable 'name' must be provided o not input.cli_vars.name } ``` + When executing the following command, Atmos will validate the component using the OPA policy, which will fail and prevent the component from being provisioned: + ```shell atmos terraform apply my-component -s plat-ue2-dev -``` -```console Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego' for the 'my-component' component, the variable 'name' must be provided on the command line using the '-var' flag ``` + -On the other hand, when passing the `name` variable on the command line using the `-var name=api` flag, this command will succeed: +On the other hand, when passing the `name` variable on the command line using the `-var name=api` flag, the command will succeed: + ```shell atmos terraform apply my-component -s plat-ue2-dev -var name=api ``` + ### Restrict a Terraform variable from being provided on the command line If you need to prevent a Terraform variable from being passed (and overridden) on the command line, add the following OPA policy in the file `stacks/schemas/opa/my-component/validate-my-component.rego` -```rego title="stacks/schemas/opa/my-component/validate-my-component.rego" + +```rego package atmos -errors["for the 'my-component' component, the variable 'name' can't be overridden on the command line using the '-var' flag"] { +errors["for the 'my-component' component, the variable 'name' cannot be overridden on the command line using the '-var' flag"] { input.cli_vars.name } ``` + -When executing the following command, Atmos will validate the component using the OP policy, which will fail and prevent +When executing the following command, Atmos will validate the component using the OPA policy, which will fail and prevent the component from being provisioned: + ```shell atmos terraform apply my-component -s plat-ue2-dev -var name=api -``` -```console Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego' -for the 'my-component' component, the variable 'name' can't be overridden on the command line using the '-var' flag +for the 'my-component' component, the variable 'name' cannot be overridden on the command line using the '-var' flag ``` + This command will pass the validation and succeed: + ```shell atmos terraform apply my-component -s plat-ue2-dev ``` + From bb070c48059d71883ff5209f96752fa8ef8889f3 Mon Sep 17 00:00:00 2001 From: aknysh Date: Mon, 27 Jan 2025 00:18:18 -0500 Subject: [PATCH 17/19] updates --- .../validate/terraform-variables.mdx | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx index 1c88fde28c..9c9b8d828b 100644 --- a/website/docs/core-concepts/validate/terraform-variables.mdx +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -26,11 +26,22 @@ For example: ```shell atmos terraform apply -s -var name=api + +## double-dash -- can be used to signify the end of the options for Atmos and the start +## of the additional native arguments and flags for the Terraform commands atmos terraform apply -s -- -var name=api -var 'tags={"Team":"api", "Group":"web"}' ``` -:::note +:::tip +Double-dash `--` can be used to signify the end of the options for Atmos and the start +of the additional native arguments and flags for the Terraform commands. + +Refer to [Terraform CLI commands usage](/cli/commands/terraform/usage) for more details. + +::: + +:::info Terraform processes variables in the following order of precedence (from highest to lowest): - Explicit `-var` flags: these variables have the highest priority and will override any other variable values, including those specified in `--var-file`. @@ -127,8 +138,8 @@ errors["for the 'my-component' component, the variable 'name' must be provided o ``` -When executing the following command, Atmos will validate the component using the OPA policy, which will fail and prevent -the component from being provisioned: +When executing the following command (and not passing the `name` variable on the command line), Atmos will validate +the component using the OPA policy, which will fail and prevent the component from being provisioned: ```shell From 15807b6c1dfe7dbc44d9e4e45eab3564361724f8 Mon Sep 17 00:00:00 2001 From: aknysh Date: Mon, 27 Jan 2025 00:57:44 -0500 Subject: [PATCH 18/19] updates --- website/docs/core-concepts/validate/terraform-variables.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx index 9c9b8d828b..58e06c6a9b 100644 --- a/website/docs/core-concepts/validate/terraform-variables.mdx +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -58,7 +58,7 @@ When log level `Trace` is used, Atmos prints the Terraform variables specified o For example: -```shell +```console ATMOS_LOGS_LEVEL=Trace / atmos terraform apply my-component -s plat-ue2-dev -var name=api -var 'tags={"Team":"api", "Group":"web"}' @@ -142,7 +142,7 @@ When executing the following command (and not passing the `name` variable on the the component using the OPA policy, which will fail and prevent the component from being provisioned: -```shell +```console atmos terraform apply my-component -s plat-ue2-dev Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego' @@ -178,7 +178,7 @@ When executing the following command, Atmos will validate the component using th the component from being provisioned: -```shell +```console atmos terraform apply my-component -s plat-ue2-dev -var name=api Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego' From 7c3372af41946d00353d0d1b0c04250701e7eb66 Mon Sep 17 00:00:00 2001 From: aknysh Date: Mon, 27 Jan 2025 11:07:06 -0500 Subject: [PATCH 19/19] updates --- internal/exec/terraform.go | 2 +- internal/exec/utils.go | 2 +- pkg/config/const.go | 2 +- ...date-template-functions-test-component.rego | 2 +- .../validate/terraform-variables.mdx | 18 ++++++++---------- 5 files changed, 12 insertions(+), 14 deletions(-) diff --git a/internal/exec/terraform.go b/internal/exec/terraform.go index 004e78ea50..d76980d1db 100644 --- a/internal/exec/terraform.go +++ b/internal/exec/terraform.go @@ -228,7 +228,7 @@ func ExecuteTerraform(info schema.ConfigAndStacksInfo) error { - Environment variables: variables set as environment variables using the TF_VAR_ prefix - Default values in the configuration file: these have the lowest priority */ - if cliVars, ok := info.ComponentSection[cfg.CliVarsSectionName].(map[string]any); ok && len(cliVars) > 0 { + if cliVars, ok := info.ComponentSection[cfg.TerraformCliVarsSectionName].(map[string]any); ok && len(cliVars) > 0 { u.LogDebug(atmosConfig, "\nCLI variables (will override the variables defined in the stack manifests):") if atmosConfig.Logs.Level == u.LogLevelTrace || atmosConfig.Logs.Level == u.LogLevelDebug { err = u.PrintAsYAMLToFileDescriptor(atmosConfig, cliVars) diff --git a/internal/exec/utils.go b/internal/exec/utils.go index 09155450cd..0b659f6114 100644 --- a/internal/exec/utils.go +++ b/internal/exec/utils.go @@ -674,7 +674,7 @@ func ProcessStacks( if err != nil { return configAndStacksInfo, err } - configAndStacksInfo.ComponentSection[cfg.CliVarsSectionName] = cliVars + configAndStacksInfo.ComponentSection[cfg.TerraformCliVarsSectionName] = cliVars return configAndStacksInfo, nil } diff --git a/pkg/config/const.go b/pkg/config/const.go index fef5d7d149..1445140c6d 100644 --- a/pkg/config/const.go +++ b/pkg/config/const.go @@ -62,7 +62,7 @@ const ( InheritanceSectionName = "inheritance" IntegrationsSectionName = "integrations" GithubSectionName = "github" - CliVarsSectionName = "cli_vars" + TerraformCliVarsSectionName = "tf_cli_vars" CliArgsSectionName = "cli_args" LogsLevelFlag = "--logs-level" diff --git a/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego b/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego index c8a2aa2f1d..0683d574dc 100644 --- a/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego +++ b/tests/fixtures/scenarios/complete/stacks/schemas/opa/test/template-functions-test/validate-template-functions-test-component.rego @@ -5,7 +5,7 @@ package atmos # If the 'errors' output contains one or more error messages, Atmos considers the policy failed errors["for the 'template-functions-test' component, the variable 'name' must be provided on the command line using the '-var' flag"] { - not input.cli_vars.name + not input.tf_cli_vars.name } # https://www.openpolicyagent.org/docs/latest/policy-language diff --git a/website/docs/core-concepts/validate/terraform-variables.mdx b/website/docs/core-concepts/validate/terraform-variables.mdx index 58e06c6a9b..0c8c3ff6c9 100644 --- a/website/docs/core-concepts/validate/terraform-variables.mdx +++ b/website/docs/core-concepts/validate/terraform-variables.mdx @@ -25,16 +25,14 @@ For example: ```shell -atmos terraform apply -s -var name=api +atmos terraform apply -s -- -var name=api -## double-dash -- can be used to signify the end of the options for Atmos and the start -## of the additional native arguments and flags for the Terraform commands atmos terraform apply -s -- -var name=api -var 'tags={"Team":"api", "Group":"web"}' ``` :::tip -Double-dash `--` can be used to signify the end of the options for Atmos and the start +Use double-dash `--` to signify the end of the options for Atmos and the start of the additional native arguments and flags for the Terraform commands. Refer to [Terraform CLI commands usage](/cli/commands/terraform/usage) for more details. @@ -60,7 +58,7 @@ For example: ```console ATMOS_LOGS_LEVEL=Trace / -atmos terraform apply my-component -s plat-ue2-dev -var name=api -var 'tags={"Team":"api", "Group":"web"}' +atmos terraform apply my-component -s plat-ue2-dev -- -var name=api -var 'tags={"Team":"api", "Group":"web"}' Variables for the component 'my-component' in the stack 'plat-ue2-dev': environment: ue2 @@ -80,7 +78,7 @@ tags: ``` -Atmos exposes the Terraform variables passed on the command line in the `cli_vars` section, which can be used in +Atmos exposes the Terraform variables passed on the command line in the `tf_cli_vars` section, which can be used in OPA policies for validation. ## Terraform Variables Validation using OPA Policies @@ -133,7 +131,7 @@ package atmos # If the 'errors' output contains one or more error messages, Atmos considers the policy failed. errors["for the 'my-component' component, the variable 'name' must be provided on the command line using the '-var' flag"] { - not input.cli_vars.name + not input.tf_cli_vars.name } ``` @@ -155,7 +153,7 @@ On the other hand, when passing the `name` variable on the command line using th ```shell -atmos terraform apply my-component -s plat-ue2-dev -var name=api +atmos terraform apply my-component -s plat-ue2-dev -- -var name=api ``` @@ -169,7 +167,7 @@ add the following OPA policy in the file `stacks/schemas/opa/my-component/valida package atmos errors["for the 'my-component' component, the variable 'name' cannot be overridden on the command line using the '-var' flag"] { - input.cli_vars.name + input.tf_cli_vars.name } ``` @@ -179,7 +177,7 @@ the component from being provisioned: ```console -atmos terraform apply my-component -s plat-ue2-dev -var name=api +atmos terraform apply my-component -s plat-ue2-dev -- -var name=api Validating the component 'my-component' using OPA file 'my-component/validate-my-component.rego'