Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Atlantis environment variables to be set in extra_args #659

Closed
rhughes1 opened this issue Jun 3, 2019 · 3 comments
Closed

Allow Atlantis environment variables to be set in extra_args #659

rhughes1 opened this issue Jun 3, 2019 · 3 comments
Labels
feature New functionality/enhancement

Comments

@rhughes1
Copy link

rhughes1 commented Jun 3, 2019

Atlantis Version: 0.7.2
Description: Trying to use the Atlantis environment variables inside of a custom workflow inside the extra_arguments. I realized after testing it's only allowed in the run portion of a custom workflow

For my example, I'm trying to access the workspace, base repo name inside the extra arguments:

repos:
  projects:
    - name: test_dev
      dir: test
      apply_requirements: ["approved"]
      autoplan:
        when_modified: ["../test/*.terraform", "*.tf", "*.tfvars"]
      workspace: dev
      workflow: vault
workflows:
  vault:
    plan:
      steps:
        - init
        - plan:
            extra_args: [
              "-var vault_secret=$(/path/to/script/to/execute.rb $WORKSPACE $BASE_REPO_NAME)"
            ]

However, it doesn't correctly read the environment variable. Ideally I just want to inject a variable which relies on Atlantis set environment variables without re-defining the Terraform commands

Workaround

Define the custom workflow as run commands, ensuring that you account for selecting the workspace.

workflows:
  vault:
    plan:
      steps:
        - init
        - run: terraform workspace list | grep -q $WORKSPACE || terraform workspace new $WORKSPACE && terraform workspace select $WORKSPACE >> /dev/null
        - run: terraform plan -input=false -refresh -no-color -out $PLANFILE -var vault_secret=$(/path/to/script/to/execute.rb $WORKSPACE $BASE_REPO_NAME)

However, when I do this, the output of the command in the GitHub pull request isn't exactly the prettiest and I don't know why... Notice the red highlighted lines along with the output of the tfplan. Normally Atlantis hides this output. Any ideas on how to fix this would be greatly appreciated.

AtlantisPRWithCustomRun
@lkysow lkysow added the feature New functionality/enhancement label Jun 10, 2019
@lkysow
Copy link
Member

lkysow commented Jun 10, 2019

However, when I do this, the output of the command in the GitHub pull request isn't exactly the prettiest and I don't know why

This is because the built-in plan step will delete that output for you (https://github.com/runatlantis/atlantis/blob/master/server/events/runtime/plan_step_runner.go#L232). You could implement this yourself in bash.

Implementation note for whoever implements this: should pass in the env vars from the *_step_runner's into the TerraformClient and extract the custom vars section from run_step_runner into a common function.

@DanielRis
Copy link

@rhughes1 I was running into the same issue and I wanted to keep the workflow definition clean and simple. You can achieve that by using the TF_CLI_ARGS and TF_CLI_ARGS_name functionality of Terraform.

This is how my Workflow definition look:

- env:
	name: TF_CLI_ARGS_init
	command: echo "-backend-config=\"${PROJECT_NAME}-backend.tfvars\""
- env:
	name: TF_CLI_ARGS_plan
	command: echo "-var-file=env/common.tfvars -var-file=env/$PROJECT_NAME.tfvars"
- run: |
	cat > ${PROJECT_NAME}-backend.tfvars <<EOL
	bucket = "removed"
	key    = "${BASE_REPO_OWNER}/${BASE_REPO_NAME}/${PROJECT_NAME}/${WORKSPACE}.tfstate"
	region = "removed"
	EOL
- init
- run: tflint --var-file=env/common.tfvars --var-file=env/${PROJECT_NAME}.tfvars
- plan
- run: terraform-compliance -f ./compliance -p $PLANFILE --no-ansi

@andyshinn andyshinn mentioned this issue Apr 27, 2020
Closed
@dupuy26
Copy link
Contributor

dupuy26 commented Mar 24, 2022

As an alternative to the TF_CLI_ARGS approach suggested by @DanielRis, environment variables that are explicitly set with env commands are passed in the environment to all steps (not just run – that is why TF_CLI_ARGS works). So an alternative (and to me, less implicit) workflow definition for the above could look like this (it also handles cases where no project name is defined, using the last component of the directory path in that case):

- env:
	name: ENV_NAME
	command: "PROJECT=${PROJECT_NAME:-$(pwd)}; echo ${PROJECT##*/}"
- run: |
	cat > ${PROJECT}-backend.tfvars <<EOL
	bucket = "removed"
	key    = "${BASE_REPO_OWNER}/${BASE_REPO_NAME}/${PROJECT}/${WORKSPACE}.tfstate"
	region = "removed"
	EOL
- init:
	extra_args: [-backend-config=${PROJECT}-backend.tfvars]
- run: tflint --var-file=env/common.tfvars --var-file=env/${PROJECT}.tfvars
- plan:
	extra-args: [-var-file=env/common.tfvars, -var-file=env/${PROJECT}.tfvars]
- run: terraform-compliance -f ./compliance -p $PLANFILE --no-ansi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New functionality/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lkysow @nitrocode @DanielRis @rhughes1 @dupuy26