Skip to content

Commit

Permalink
feat: atlantis import
Browse files Browse the repository at this point in the history
  • Loading branch information
@krrrr38
krrrr38 committed Dec 13, 2022
1 parent f974fb5 commit 65c4963
Show file tree
Hide file tree
Showing 78 changed files with 2,519 additions and 743 deletions.
19 changes: 10 additions & 9 deletions cmd/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -985,30 +985,31 @@ func (s *ServerCmd) securityWarnings(userConfig *server.UserConfig) {
// being used. Right now this only applies to flags that have been made obsolete
// due to server-side config.
func (s *ServerCmd) deprecationWarnings(userConfig *server.UserConfig) error {
var applyReqs []string
var commandReqs []string
var deprecatedFlags []string
if userConfig.RequireApproval {
deprecatedFlags = append(deprecatedFlags, RequireApprovalFlag)
applyReqs = append(applyReqs, valid.ApprovedApplyReq)
commandReqs = append(commandReqs, valid.ApprovedCommandReq)
}
if userConfig.RequireMergeable {
deprecatedFlags = append(deprecatedFlags, RequireMergeableFlag)
applyReqs = append(applyReqs, valid.MergeableApplyReq)
commandReqs = append(commandReqs, valid.MergeableCommandReq)
}

// Build up strings with what the recommended yaml and json config should
// be instead of using the deprecated flags.
yamlCfg := "---\nrepos:\n- id: /.*/"
jsonCfg := `{"repos":[{"id":"/.*/"`
if len(applyReqs) > 0 {
yamlCfg += fmt.Sprintf("\n apply_requirements: [%s]", strings.Join(applyReqs, ", "))
jsonCfg += fmt.Sprintf(`, "apply_requirements":["%s"]`, strings.Join(applyReqs, "\", \""))

if len(commandReqs) > 0 {
yamlCfg += fmt.Sprintf("\n apply_requirements: [%s]", strings.Join(commandReqs, ", "))
yamlCfg += fmt.Sprintf("\n import_requirements: [%s]", strings.Join(commandReqs, ", "))
jsonCfg += fmt.Sprintf(`, "apply_requirements":["%s"]`, strings.Join(commandReqs, "\", \""))
jsonCfg += fmt.Sprintf(`, "import_requirements":["%s"]`, strings.Join(commandReqs, "\", \""))
}
if userConfig.AllowRepoConfig {
deprecatedFlags = append(deprecatedFlags, AllowRepoConfigFlag)
yamlCfg += "\n allowed_overrides: [apply_requirements, workflow]\n allow_custom_workflows: true"
jsonCfg += `, "allowed_overrides":["apply_requirements","workflow"], "allow_custom_workflows":true`
yamlCfg += "\n allowed_overrides: [apply_requirements, import_requirements, workflow]\n allow_custom_workflows: true"
jsonCfg += `, "allowed_overrides":["apply_requirements","import_requirements","workflow"], "allow_custom_workflows":true`
}
jsonCfg += "}]}"

Expand Down
2 changes: 1 addition & 1 deletion runatlantis.io/.vuepress/config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ module.exports = {
'custom-workflows',
'repo-level-atlantis-yaml',
'upgrading-atlantis-yaml',
'apply-requirements',
'command-requirements',
'checkout-strategy',
'terraform-versions',
'terraform-cloud',
Expand Down
32 changes: 20 additions & 12 deletions runatlantis.io/docs/apply-requirements.md → runatlantis.io/docs/command-requirements.md
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# Apply Requirements
# Command Requirements
[[toc]]

## Intro
Atlantis allows you to require certain conditions be satisfied **before** an `atlantis apply`
command can be run:
Atlantis allows you to require certain conditions be satisfied **before** `atlantis apply` and `atlantis import`
commands can be run:

* [Approved](#approved) – requires pull requests to be approved by at least one user other than the author
* [Mergeable](#mergeable) – requires pull requests to be able to be merged
Expand Down Expand Up @@ -70,12 +70,12 @@ You can set the `mergeable` requirement by:
apply_requirements: [mergeable]
```

1. Or by allowing an `atlantis.yaml` file to specify the `apply_requirements` key in your `repos.yaml` config:
1. Or by allowing an `atlantis.yaml` file to specify `apply_requirements` and `import_requirements` keys in your `repos.yaml` config:
#### repos.yaml
```yaml
repos:
- id: /.*/
allowed_overrides: [apply_requirements]
allowed_overrides: [apply_requirements, import_requirements]
```

#### atlantis.yaml
Expand All @@ -84,6 +84,7 @@ You can set the `mergeable` requirement by:
projects:
- dir: .
apply_requirements: [mergeable]
import_requirements: [mergeable]
```

#### Meaning
Expand Down Expand Up @@ -152,18 +153,19 @@ Applies to `merge` checkout strategy only.

#### Usage
You can set the `undiverged` requirement by:
1. Creating a `repos.yaml` file with the `apply_requirements` key:
1. Creating a `repos.yaml` file with `apply_requirements` and `import_requirements` keys:
```yaml
repos:
- id: /.*/
apply_requirements: [undiverged]
import_requirements: [undiverged]
```
1. Or by allowing an `atlantis.yaml` file to specify the `apply_requirements` key in your `repos.yaml` config:
#### repos.yaml
```yaml
repos:
- id: /.*/
allowed_overrides: [apply_requirements]
allowed_overrides: [apply_requirements, apply_requirements]
```

#### atlantis.yaml
Expand All @@ -172,6 +174,7 @@ You can set the `undiverged` requirement by:
projects:
- dir: .
apply_requirements: [undiverged]
import_requirements: [undiverged]
```
#### Meaning
The `merge` checkout strategy creates a temporary merge commit and runs the `plan` on the Atlantis local version of the PR
Expand All @@ -180,8 +183,8 @@ if there are no changes to the source branch. `undiverged` enforces that Atlanti
with remote so that the state of the source during the `apply` is identical to that if you were to merge the PR at that
time.

## Setting Apply Requirements
As mentioned above, you can set apply requirements via flags, in `repos.yaml`, or in `atlantis.yaml` if `repos.yaml`
## Setting Command Requirements
As mentioned above, you can set command requirements via flags, in `repos.yaml`, or in `atlantis.yaml` if `repos.yaml`
allows the override.

### Flags Override
Expand All @@ -197,27 +200,30 @@ If you only want some projects/repos to have apply requirements, then you must
repos:
- id: /.*/
apply_requirements: [approved]
import_requirements: [approved]
# Regex that defaults all repos to requiring approval
- id: /github.com/runatlantis/.*/
# Regex to match any repo under the atlantis namespace, and not require approval
# except for repos that might match later in the chain
apply_requirements: []
import_requirements: []
- id: github.com/runatlantis/atlantis
apply_requirements: [approved]
import_requirements: [approved]
# Exact string match of the github.com/runatlantis/atlantis repo
# that sets apply_requirements to approved
```

1. Specify which projects have which requirements via an `atlantis.yaml` file, and allowing
`apply_requirements` to be set in in `atlantis.yaml` by the server side `repos.yaml`
`apply_requirements` and `import_requirements` to be set in `atlantis.yaml` by the server side `repos.yaml`
config.

For example if I have two directories, `staging` and `production`, I might use:
#### repos.yaml
```yaml
repos:
- id: /.*/
allowed_overrides: [apply_requirements]
allowed_overrides: [apply_requirements, import_requirements]
# Allow any repo to specify apply_requirements in atlantis.yaml
```

Expand All @@ -226,13 +232,15 @@ If you only want some projects/repos to have apply requirements, then you must
version: 3
projects:
- dir: staging
# By default, apply_requirements is empty so this
# By default, apply_requirements and import_requirements are empty so this
# isn't strictly necessary.
apply_requirements: []
import_requirements: []
- dir: production
# This requirement will only apply to the
# production directory.
apply_requirements: [mergeable]
import_requirements: [mergeable]
### Multiple Requirements
Expand Down
36 changes: 20 additions & 16 deletions runatlantis.io/docs/repo-level-atlantis-yaml.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ projects:
autoplan:
when_modified: ["*.tf", "../modules/**/*.tf"]
enabled: true
apply_requirements: [mergeable, approved]
apply_requirements: [mergeable, approved, undiverged]
import_requirements: [mergeable, approved, undiverged]
workflow: myworkflow
workflows:
myworkflow:
Expand Down Expand Up @@ -215,10 +216,11 @@ projects:
- dir: staging
- dir: production
apply_requirements: [approved]
import_requirements: [approved]
```
:::warning
`apply_requirements` is a restricted key so this repo will need to be configured
to be allowed to set this key. See [Server-Side Repo Config Use Cases](server-side-repo-config.html#repos-can-set-their-own-apply-requirements).
`apply_requirements` and `import_requirements` are restricted keys so this repo will need to be configured
to be allowed to set this key. See [Server-Side Repo Config Use Cases](server-side-repo-config.html#repos-can-set-their-own-apply-or-import-requirements).
:::

### Order of planning/applying
Expand Down Expand Up @@ -269,22 +271,24 @@ repo_locking: true
autoplan:
terraform_version: 0.11.0
apply_requirements: ["approved"]
import_requirements: ["approved"]
workflow: myworkflow
```

| Key | Type | Default | Required | Description |
|----------------------------------------|-----------------------|-------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| name | string | none | maybe | Required if there is more than one project with the same `dir` and `workspace`. This project name can be used with the `-p` flag. |
| branch | string | none | no | Regex matching projects by the base branch of pull request (the branch the pull request is getting merged into). Only projects that match the PR's branch will be considered. By default, all branches are matched. |
| dir | string | none | **yes** | The directory of this project relative to the repo root. For example if the project was under `./project1` then use `project1`. Use `.` to indicate the repo root. |
| workspace | string | `"default"` | no | The [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html) for this project. Atlantis will switch to this workplace when planning/applying and will create it if it doesn't exist. |
| execution_order_group | int | `0` | no | Index of execution order group. Projects will be sort by this field before planning/applying. |
| delete_source_branch_on_merge | bool | `false` | no | Automatically deletes the source branch on merge. |
| repo_locking | bool | `true` | no | Get a repository lock in this project when plan. |
| autoplan | [Autoplan](#autoplan) | none | no | A custom autoplan configuration. If not specified, will use the autoplan config. See [Autoplanning](autoplanning.html). |
| terraform_version | string | none | no | A specific Terraform version to use when running commands for this project. Must be [Semver compatible](https://semver.org/), ex. `v0.11.0`, `0.12.0-beta1`. |
| apply_requirements<br />*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis apply` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Apply Requirements](apply-requirements.html) for more details. |
| workflow <br />*(restricted)* | string | none | no | A custom workflow. If not specified, Atlantis will use its default workflow. |
| Key | Type | Default | Required | Description |
|-----------------------------------------|-----------------------|-------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| name | string | none | maybe | Required if there is more than one project with the same `dir` and `workspace`. This project name can be used with the `-p` flag. |
| branch | string | none | no | Regex matching projects by the base branch of pull request (the branch the pull request is getting merged into). Only projects that match the PR's branch will be considered. By default, all branches are matched. |
| dir | string | none | **yes** | The directory of this project relative to the repo root. For example if the project was under `./project1` then use `project1`. Use `.` to indicate the repo root. |
| workspace | string | `"default"` | no | The [Terraform workspace](https://www.terraform.io/docs/state/workspaces.html) for this project. Atlantis will switch to this workplace when planning/applying and will create it if it doesn't exist. |
| execution_order_group | int | `0` | no | Index of execution order group. Projects will be sort by this field before planning/applying. |
| delete_source_branch_on_merge | bool | `false` | no | Automatically deletes the source branch on merge. |
| repo_locking | bool | `true` | no | Get a repository lock in this project when plan. |
| autoplan | [Autoplan](#autoplan) | none | no | A custom autoplan configuration. If not specified, will use the autoplan config. See [Autoplanning](autoplanning.html). |
| terraform_version | string | none | no | A specific Terraform version to use when running commands for this project. Must be [Semver compatible](https://semver.org/), ex. `v0.11.0`, `0.12.0-beta1`. |
| apply_requirements<br />*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis apply` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. |
| import_requirements<br />*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis import` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. |
| workflow <br />*(restricted)* | string | none | no | A custom workflow. If not specified, Atlantis will use its default workflow. |

::: tip
A project represents a Terraform state. Typically, there is one state per directory and workspace however it's possible to
Expand Down
8 changes: 4 additions & 4 deletions runatlantis.io/docs/server-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -495,9 +495,9 @@ and set `--autoplan-modules` to `false`.

### `--gh-team-allowlist`
```bash
atlantis server --gh-team-allowlist="myteam:plan, secteam:apply, DevOps Team:apply"
atlantis server --gh-team-allowlist="myteam:plan, secteam:apply, DevOps Team:apply, DevOps Team:import"
# or
ATLANTIS_GH_TEAM_ALLOWLIST="myteam:plan, secteam:apply, DevOps Team:apply"
ATLANTIS_GH_TEAM_ALLOWLIST="myteam:plan, secteam:apply, DevOps Team:apply, DevOps Team:import"
```
In versions v0.21.0 and later, the GitHub team name can be a name or a slug.

Expand Down Expand Up @@ -779,7 +779,7 @@ and set `--autoplan-modules` to `false`.
ATLANTIS_REQUIRE_APPROVAL=true
```
This flag is deprecated. It requires all pull requests to be approved
before `atlantis apply` is allowed. See [Apply Requirements](apply-requirements.html) for more details.
before `atlantis apply` is allowed. See [Command Requirements](command-requirements.html) for more details.

Instead of using this flag, create a server-side `--repo-config` file:
```yaml
Expand All @@ -798,7 +798,7 @@ and set `--autoplan-modules` to `false`.
ATLANTIS_REQUIRE_MERGEABLE=true
```
This flag is deprecated. It causes all pull requests to be mergeable
before `atlantis apply` is allowed. See [Apply Requirements](apply-requirements.html) for more details.
before `atlantis apply` is allowed. See [Command Requirements](command-requirements.html) for more details.

Instead of using this flag, create a server-side `--repo-config` file:
```yaml
Expand Down
Loading

0 comments on commit 65c4963

Please sign in to comment.