Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to ignore terraform files and folders from atlantis run #26

Closed
atlantisbot opened this issue Mar 6, 2018 · 10 comments
Closed
Milestone

Comments

@atlantisbot
Copy link

Issue by @anubhavmishra
Monday Jun 26, 2017 at 06:05 GMT
Migrated from hootsuite/atlantis#50
Why was it migrated?


Currently, atlantis ignores certain folders such as _modules/ and modules/ but we want to extend this to ignore any folder that has .atlantisignore file or something along those lines. https://github.com/hootsuite/atlantis/blob/master/server/plan_executor.go#L196

@atlantisbot
Copy link
Author

Comment by @swladyka
Friday Aug 25, 2017 at 07:21 GMT


I like the option with .atlantisignore files very much, would be very helpful when working with terraform modules and having templates in a separate directory.

@atlantisbot
Copy link
Author

Comment by @anubhavmishra
Friday Aug 25, 2017 at 22:37 GMT


yea for sure. Currently, atlantis ignores certain folders ex: _modules/ and modules/ by default but we want to extend this. https://github.com/hootsuite/atlantis/blob/master/server/plan_executor.go#L196

@atlantisbot
Copy link
Author

Comment by @johntdyer
Friday Mar 02, 2018 at 18:43 GMT


So it seems like the fix in this ticket aws to rename your module folder to "_modules" or "modules" which would ignore them. However it looks like hootsuite/atlantis#211 changed this behavior.... Any chance you guys could re-evaluate the .atlantisignore suggestion ?

@atlantisbot
Copy link
Author

Comment by @lkysow
Friday Mar 02, 2018 at 20:25 GMT


@johntdyer is the issue you're having that Atlantis is running plan in the parent directory of modules/? If so, I've fixed this in the new repo here: #13. I'm working on Atlantis under that repo now and will soon be updating the tickets/README of this repo accordingly (if you're wondering why I've explained here). You can grab the latest release here: https://github.com/runatlantis/atlantis/releases

Does that change fix your issue or is there something else happening?

Regarding .atlantisignore, here's the direction I want to go:

  • in an upcoming release of Atlantis, we'll support automatically running plan on a new pull request
  • if there's no atlantis.yaml in the repo, then we'll attempt to figure out where to run plan following the current logic
  • if there is an atlantis.yaml, then you can configure where we run plan and on what changes using some new config options:
version: 2
pipelines:
  plan:
    on_push:
      enabled: true
      when_modified: ["*.tf", "../../modules/**/*.tf"] # If a modified file matches then we'll run plan in this project. Uses .gitignore syntax. It's optional, if not specified then will default to ["*.tf", "**/*.tfvars"].

So long-story short, you could use the when_modified key to achieve the same behaviour as .atlantisignore. Would that work for you? Thanks!

@atlantisbot
Copy link
Author

Comment by @johntdyer
Saturday Mar 03, 2018 at 04:23 GMT


Thanks for the update. So, yes this would work. Thanks for the update. Any idea on when we can expect this new behavior ?

@atlantisbot
Copy link
Author

Comment by @lkysow
Monday Mar 05, 2018 at 06:33 GMT


The new behaviour is being worked on right now but I can't give you an accurate ETA. There's a lot of features being considered for the next release: https://docs.google.com/document/d/13if7Bma_uTF1nhvdKx-vpU5ASakmPt-EfPSo3epv7JQ/edit#

Can you elaborate on why having the ability to run atlantis plan -d . isn't enough? That way I can make sure the new feature will fit your configuration.

@atlantisbot
Copy link
Author

Comment by @johntdyer
Monday Mar 05, 2018 at 16:14 GMT


Right now when I run atlantis plan -d . I get the following


Ran Plan in 2 directories:

  • _
  • sns_to_spark_lambda

_/

Plan Error

chdir /home/atlantis/.atlantis/repos/tropo-operations/tropo-terraform/66/default/_: no such file or directory: running "sh -c terraform init -no-color" in "/home/atlantis/.atlantis/repos/tropo-operations/tropo-terraform/66/default/_": 


sns_to_spark_lambda/

Plan Error

exit status 1: running "sh -c terraform plan -refresh -no-color -out /home/atlantis/.atlantis/repos/tropo-operations/tropo-terraform/66/default/sns_to_spark_lambda/default.tfplan -var atlantis_user=johndye -d ." in "/home/atlantis/.atlantis/repos/tropo-operations/tropo-terraform/66/default/sns_to_spark_lambda": 
flag provided but not defined: -d
Usage: terraform plan [options] [DIR-OR-PLAN]

  Generates an execution plan for Terraform.

  This execution plan can be reviewed prior to running apply to get a
  sense for what Terraform will do. Optionally, the plan can be saved to
  a Terraform plan file, and apply can take this plan file to execute
  this plan exactly.

  If a saved plan is passed as an argument, this command will output
  the saved plan contents. It will not modify the given plan.

Options:

  -destroy            If set, a plan will be generated to destroy all resources
                      managed by the given configuration and state.

  -detailed-exitcode  Return detailed exit codes when the command exits. This
                      will change the meaning of exit codes to:
                      0 - Succeeded, diff is empty (no changes)
                      1 - Errored
                      2 - Succeeded, there is a diff

  -input=true         Ask for input for variables if not directly set.

  -lock=true          Lock the state file when locking is supported.

  -lock-timeout=0s    Duration to retry a state lock.

  -module-depth=n     Specifies the depth of modules to show in the output.
                      This does not affect the plan itself, only the output
                      shown. By default, this is -1, which will expand all.

  -no-color           If specified, output won't contain any color.

  -out=path           Write a plan file to the given path. This can be used as
                      input to the "apply" command.

  -parallelism=n      Limit the number of concurrent operations. Defaults to 10.

  -refresh=true       Update state prior to checking for differences.

  -state=statefile    Path to a Terraform state file to use to look
                      up Terraform-managed resources. By default it will
                      use the state "terraform.tfstate" if it exists.

  -target=resource    Resource to target. Operation will be limited to this
                      resource and its dependencies. This flag can be used
                      multiple times.

  -var 'foo=bar'      Set a variable in the Terraform configuration. This
                      flag can be set multiple times.

  -var-file=foo       Set variables in the Terraform configuration from
                      a file. If "terraform.tfvars" or any ".auto.tfvars"
                      files are present, they will be automatically loaded.

flag provided but not defined: -d
Usage: terraform plan [options] [DIR-OR-PLAN]

  Generates an execution plan for Terraform.

  This execution plan can be reviewed prior to running apply to get a
  sense for what Terraform will do. Optionally, the plan can be saved to
  a Terraform plan file, and apply can take this plan file to execute
  this plan exactly.

  If a saved plan is passed as an argument, this command will output
  the saved plan contents. It will not modify the given plan.

Options:

  -destroy            If set, a plan will be generated to destroy all resources
                      managed by the given configuration and state.

  -detailed-exitcode  Return detailed exit codes when the command exits. This
                      will change the meaning of exit codes to:
                      0 - Succeeded, diff is empty (no changes)
                      1 - Errored
                      2 - Succeeded, there is a diff

  -input=true         Ask for input for variables if not directly set.

  -lock=true          Lock the state file when locking is supported.

  -lock-timeout=0s    Duration to retry a state lock.

  -module-depth=n     Specifies the depth of modules to show in the output.
                      This does not affect the plan itself, only the output
                      shown. By default, this is -1, which will expand all.

  -no-color           If specified, output won't contain any color.

  -out=path           Write a plan file to the given path. This can be used as
                      input to the "apply" command.

  -parallelism=n      Limit the number of concurrent operations. Defaults to 10.

  -refresh=true       Update state prior to checking for differences.

  -state=statefile    Path to a Terraform state file to use to look
                      up Terraform-managed resources. By default it will
                      use the state "terraform.tfstate" if it exists.

  -target=resource    Resource to target. Operation will be limited to this
                      resource and its dependencies. This flag can be used
                      multiple times.

  -var 'foo=bar'      Set a variable in the Terraform configuration. This
                      flag can be set multiple times.

  -var-file=foo       Set variables in the Terraform configuration from
                      a file. If "terraform.tfvars" or any ".auto.tfvars"
                      files are present, they will be automatically loaded.


@atlantisbot
Copy link
Author

Comment by @lkysow
Monday Mar 05, 2018 at 16:55 GMT


Ahh sorry, you need to pull the latest release from here: https://github.com/runatlantis/atlantis
Atlantis is being maintained in that repo now (you can read why here) and I will be moving these issues over shortly. Sorry for the confusion, I forgot what repo this issue was in!

@lkysow
Copy link
Member

lkysow commented Jul 4, 2018

Closed by #152. In version 0.4 now. Where Atlantis automatically runs plan can be configured via an atlantis.yaml file now: https://www.runatlantis.io/guide/atlantis-yaml-use-cases.html#configuring-autoplanning

@lkysow lkysow closed this as completed Jul 4, 2018
surminus added a commit to surminus/atlantis that referenced this issue Nov 6, 2020
I ran into an issue where I have a directory of templates I use that I
name `foo.tf.template`. I found that Atlantis was running against this
directory and failing, which was unexpected behaviour.

This is because we're just checking if `.tf` is contained within a
filename, rather than checking if it's the suffix of the filename.

Instead, we can use regex to ensure that we're only filtering on actual
Terraform files, inclusive of `.tf` and `.tfvars` suffixes.

There are obviously some alternative ways I could get around this:
rename my templates to `foo.template` without the `.tf`.

I also really liked the idea of a `.atlantisignore` file previously
cited[1], but it was rejected in favour of explicitly defining exactly
which directories to run it in. We have a large number of directories so
this wasn't appealing to me.

I felt this behaviour was sufficiently unexpected that it was worth
making a more explicit filter.

[1] runatlantis#26
surminus added a commit to surminus/atlantis that referenced this issue Nov 6, 2020
I ran into an issue where I have a directory of templates I use that I
name `foo.tf.template`. I found that Atlantis was running against this
directory and failing, which was unexpected behaviour.

This is because we're just checking if `.tf` is contained within a
filename, rather than checking if it's the suffix of the filename.

Instead, we can use regex to ensure that we're only filtering on actual
Terraform files, inclusive of `.tf` and `.tfvars` suffixes.

There are obviously some alternative ways I could get around this:
rename my templates to `foo.template` without the `.tf`.

I also really liked the idea of a `.atlantisignore` file previously
cited[1], but it was rejected in favour of explicitly defining exactly
which directories to run it in. We have a large number of directories so
this wasn't appealing to me.

I felt this behaviour was sufficiently unexpected that it was worth
making a more explicit filter.

[1] runatlantis#26
chenrui333 pushed a commit that referenced this issue Dec 13, 2020
I ran into an issue where I have a directory of templates I use that I
name `foo.tf.template`. I found that Atlantis was running against this
directory and failing, which was unexpected behaviour.

This is because we're just checking if `.tf` is contained within a
filename, rather than checking if it's the suffix of the filename.

Instead, we can use regex to ensure that we're only filtering on actual
Terraform files, inclusive of `.tf` and `.tfvars` suffixes.

There are obviously some alternative ways I could get around this:
rename my templates to `foo.template` without the `.tf`.

I also really liked the idea of a `.atlantisignore` file previously
cited[1], but it was rejected in favour of explicitly defining exactly
which directories to run it in. We have a large number of directories so
this wasn't appealing to me.

I felt this behaviour was sufficiently unexpected that it was worth
making a more explicit filter.

[1] #26
msarvar pushed a commit that referenced this issue Aug 20, 2021
* [ORCA-393] Add basic stats.

* Fmt.
@m00lecule
Copy link

m00lecule commented Nov 19, 2021

Hello @lkysow - i still think that feature would be nice to have - it would patch following security gap

Let's imagine a following situation

Team has decided that they will be using separate repositories with common terragrunt structure

test-env repo dir structure

- test
  - rds 
  - vpc
  - kafka

from particular reasons they cannot oneshot apply changes on kafka - each maintenance action would require targeting on each cluster node, one at the time - some manual actions are required and applying it would break cluster - so they have decided to remove that dir from atlantis.yaml

version: 3
projects:
- dir: test/vpc
- dir: test/rds

even if /test/kafka dir is not included in atlantis.yml evil employee with only read access or newbie might apply changes by adding following comment - atlantis apply -d test/kafka in someone else MR

ghaiszaher referenced this issue in ghaiszaher/atlantis Oct 7, 2022
* Move inline css to file
jamengual pushed a commit that referenced this issue Nov 23, 2022
* [ORCA-393] Add basic stats.

* Fmt.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants