Wording in comment on unapproved pull requests is not accurate

[lukemassa]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

When apply is run against a request that needs but does not have approval, atlantis comments this error:

Apply Failed: Pull request must be approved by at least one person other than the author before running apply.

Presumably from this line of code: https://github.com/runatlantis/atlantis/blob/main/server/events/command_requirement_handler.go#L25

However, at least on my setup (using Approval Rules in gitlab), what is says is not true: the person authoring the request can in fact approve it. This is a setting one could put in an Approval Rule in gitlab, but is not required.

Peeking at other VCSs (https://github.com/runatlantis/atlantis/tree/master/server/events/vcs) I don't see any code that makes sure that the user is different from the person that said approved. It seems like atlantis just trusts whatever the underlying VCS calls "approved".

I'm not sure if it's best to fix this by making this line more vague ("Pull request must be approved according to the project's approval rules") or by trying to figure out what those rules are per-VCS, that's up to the atlantis team.

Reproduction Steps

1. Open an MR in a context with Approval Rules and Approvals Required (in my case in gitlab, not sure how this affects other VCSs)
2. Type "atlantis apply" without approving, and this comment will come up

Environment details

If not already included, please provide the following:

• Atlantis version: v0.19.3
• Atlantis flags:

      ATLANTIS_PARALLEL_POOL_SIZE = 5
      ATLANTIS_LOG_LEVEL          = "debug"
      ATLANTIS_AUTOMERGE          = "true"
      ATLANTIS_REPO_WHITELIST     = "gitlab.dev.tripadvisor.com/techops/terraform-aws,gitlab.dev.tripadvisor.com/techops/cloud/*"
      ATLANTIS_GITLAB_HOSTNAME    = "https://gitlab.dev.tripadvisor.com"
      ATLANTIS_GITLAB_USER        = "atlantis-svc"
      ATLANTIS_WRITE_GIT_CREDS    = "true"

Atlantis server-side config file:

repos:
- id: /.*/
  workflow: terragrunt
  allowed_overrides: [workflow]
  apply_requirements: ["approved", "mergeable"]
workflows:
  terragrunt:
    plan:
      steps:
      - env:
          name: TERRAGRUNT_TFPATH
          command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
      - run: terragrunt plan -no-color -out=$PLANFILE
    apply:
      steps:
      - env:
          name: TERRAGRUNT_TFPATH
          command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
      - run: terragrunt apply -no-color $PLANFILE

Repo atlantis.yaml file:

version: 3
projects:
- name: core-network
  workspace: core-network
  dir: .
  terraform_version: v1.1.7
- dir:  us-east-1
  workspace: core-network-us-east-1
  terraform_version: v1.1.7

[jamengual]

is this still happening with v0.19.8?

[lukemassa]

Hi sorry I missed this comment; we are now running v0.23.3 and I have seen the issue. I also updated the link to the line in the code where I believe the issue is.