Terraform module to deploy Atlantis on AWS Fargate πΊπ¦
Home Page: https://registry.terraform.io/modules/terraform-aws-modules/atlantis/aws
License: Apache License 2.0
Atlantis - Add support for SSL (eg, download files from S3 when run task). Now Fargate doesn't have persisted volumes
More info here: https://www.terraform.io/docs/enterprise/workspaces/ssh-keys.html
There are common use cases where Terraform configurations can pull in Terraform modules from private Git repositories. To be able to access a private Git repository, it would typically require an SSH key or HTTPS login credentials.
This module will be of tremendous value if it allows supplying of SSH keys.
Hi,
how can we add Terragrunt to the mix?
In this article https://medium.com/@anton.babenko/atlantis-terragrunt-689b1aa2bf89 you mentioned an idea of aliasing terraform to terragrunt. Would custom docker container with Atlantis(where terragrunt is installed and alias applied) be sufficient and "plug-and-play" in this AWS Terraform stack?
Attempting to deploy using Terraform 0.12 and running into several alarms.
Terraform implementation:
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
name = "atlantis"
# VPC
vpc_id = var.vpc_id
private_subnet_ids = var.private_subnet_ids
public_subnet_ids = var.public_subnet_ids
# DNS (without trailing dot)
route53_zone_name = var.zone_name
# ACM (SSL certificate) - Specify ARN of an existing certificate or new one will be created and validated using Route53 DNS
acm_certificate_domain_name = var.domain_name
certificate_arn = var.acm_certificate_arn
# Atlantis
atlantis_github_user = var.github_user
atlantis_github_user_token_ssm_parameter_name = "/atlantis/user_token"
atlantis_repo_whitelist = ["github.com/terraform-aws-modules/*"]
allow_repo_config = "true"
}
terraform apply
Error: Missing resource instance key
on .terraform/modules/atlantis.acm/terraform-aws-modules-terraform-aws-acm-4c42634/main.tf line 29, in resource "aws_route53_record" "validation":
29: name = "${aws_acm_certificate.this.domain_validation_options.0.resource_record_name}"
Because aws_acm_certificate.this has "count" set, its attributes must be
accessed on specific instances.
For example, to correlate with indices of a referring resource, use:
aws_acm_certificate.this[count.index]
Error: Missing resource instance key
on .terraform/modules/atlantis.acm/terraform-aws-modules-terraform-aws-acm-4c42634/main.tf line 30, in resource "aws_route53_record" "validation":
30: type = "${aws_acm_certificate.this.domain_validation_options.0.resource_record_type}"
Because aws_acm_certificate.this has "count" set, its attributes must be
accessed on specific instances.
For example, to correlate with indices of a referring resource, use:
aws_acm_certificate.this[count.index]
Error: Missing resource instance key
on .terraform/modules/atlantis.acm/terraform-aws-modules-terraform-aws-acm-4c42634/main.tf line 34, in resource "aws_route53_record" "validation":
34: "${aws_acm_certificate.this.domain_validation_options.0.resource_record_value}",
Because aws_acm_certificate.this has "count" set, its attributes must be
accessed on specific instances.
For example, to correlate with indices of a referring resource, use:
aws_acm_certificate.this[count.index]
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 119, in resource "aws_security_group_rule" "ingress_with_cidr_blocks":
119: cidr_blocks = ["${split(",", lookup(var.ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 135, in resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks":
135: cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 151, in resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks":
151: ipv6_cidr_blocks = ["${split(",", lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 167, in resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks":
167: ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 295, in resource "aws_security_group_rule" "egress_with_cidr_blocks":
295: cidr_blocks = ["${split(",", lookup(var.egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 311, in resource "aws_security_group_rule" "computed_egress_with_cidr_blocks":
311: cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 327, in resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks":
327: ipv6_cidr_blocks = ["${split(",", lookup(var.egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_http_sg/terraform-aws-modules-terraform-aws-security-group-9c0d748/main.tf line 343, in resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks":
343: ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 119, in resource "aws_security_group_rule" "ingress_with_cidr_blocks":
119: cidr_blocks = ["${split(",", lookup(var.ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 135, in resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks":
135: cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 151, in resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks":
151: ipv6_cidr_blocks = ["${split(",", lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 167, in resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks":
167: ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 295, in resource "aws_security_group_rule" "egress_with_cidr_blocks":
295: cidr_blocks = ["${split(",", lookup(var.egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 311, in resource "aws_security_group_rule" "computed_egress_with_cidr_blocks":
311: cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 327, in resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks":
327: ipv6_cidr_blocks = ["${split(",", lookup(var.egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.alb_https_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 343, in resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks":
343: ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 119, in resource "aws_security_group_rule" "ingress_with_cidr_blocks":
119: cidr_blocks = ["${split(",", lookup(var.ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 135, in resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks":
135: cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 151, in resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks":
151: ipv6_cidr_blocks = ["${split(",", lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 167, in resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks":
167: ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 295, in resource "aws_security_group_rule" "egress_with_cidr_blocks":
295: cidr_blocks = ["${split(",", lookup(var.egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 311, in resource "aws_security_group_rule" "computed_egress_with_cidr_blocks":
311: cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
Inappropriate value for attribute "cidr_blocks": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 327, in resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks":
327: ipv6_cidr_blocks = ["${split(",", lookup(var.egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.atlantis_sg/terraform-aws-modules-terraform-aws-security-group-0fd7c5a/main.tf line 343, in resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks":
343: ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
Inappropriate value for attribute "ipv6_cidr_blocks": element 0: string
required.
Error: Missing resource instance key
on .terraform/modules/atlantis.vpc/terraform-aws-modules-terraform-aws-vpc-d59af8f/main.tf line 31, in resource "aws_vpc_ipv4_cidr_block_association" "this":
31: vpc_id = "${aws_vpc.this.id}"
Because aws_vpc.this has "count" set, its attributes must be accessed on
specific instances.
For example, to correlate with indices of a referring resource, use:
aws_vpc.this[count.index]
Error: Incorrect attribute value type
on .terraform/modules/atlantis.vpc/terraform-aws-modules-terraform-aws-vpc-d59af8f/main.tf line 43, in resource "aws_vpc_dhcp_options" "this":
43: domain_name_servers = ["${var.dhcp_options_domain_name_servers}"]
Inappropriate value for attribute "domain_name_servers": element 0: string
required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.vpc/terraform-aws-modules-terraform-aws-vpc-d59af8f/main.tf line 44, in resource "aws_vpc_dhcp_options" "this":
44: ntp_servers = ["${var.dhcp_options_ntp_servers}"]
Inappropriate value for attribute "ntp_servers": element 0: string required.
Error: Incorrect attribute value type
on .terraform/modules/atlantis.vpc/terraform-aws-modules-terraform-aws-vpc-d59af8f/main.tf line 45, in resource "aws_vpc_dhcp_options" "this":
45: netbios_name_servers = ["${var.dhcp_options_netbios_name_servers}"]
Inappropriate value for attribute "netbios_name_servers": element 0: string
required.
Error: Unexpected resource instance key
on .terraform/modules/atlantis/terraform-aws-modules-terraform-aws-atlantis-3eae5e6/main.tf line 362, in data "aws_iam_policy_document" "ecs_task_access_secrets_with_kms":
362: source_json = "${data.aws_iam_policy_document.ecs_task_access_secrets.0.json}"
Because data.aws_iam_policy_document.ecs_task_access_secrets does not have
"count" or "for_each" set, references to it must not include an index key.
Remove the bracketed index to refer to the single instance of this resource.
Error: Invalid value for module argument
on .terraform/modules/atlantis/terraform-aws-modules-terraform-aws-atlantis-3eae5e6/main.tf line 401, in module "container_definition_github_gitlab":
401: log_options = [
402: {
403: "awslogs-region" = "${data.aws_region.current.name}"
404: "awslogs-group" = "${aws_cloudwatch_log_group.atlantis.name}"
405: "awslogs-stream-prefix" = "ecs"
406: },
407: ]
The given value is not suitable for child module variable "log_options"
defined at
.terraform/modules/atlantis.container_definition_github_gitlab/cloudposse-terraform-aws-ecs-container-definition-1e0a6da/variables.tf:91,1-23:
map of any single type required.
Error: Invalid value for module argument
on .terraform/modules/atlantis/terraform-aws-modules-terraform-aws-atlantis-3eae5e6/main.tf line 433, in module "container_definition_bitbucket":
433: log_options = [
434: {
435: "awslogs-region" = "${data.aws_region.current.name}"
436: "awslogs-group" = "${aws_cloudwatch_log_group.atlantis.name}"
437: "awslogs-stream-prefix" = "ecs"
438: },
439: ]
The given value is not suitable for child module variable "log_options"
defined at
.terraform/modules/atlantis.container_definition_bitbucket/cloudposse-terraform-aws-ecs-container-definition-1e0a6da/variables.tf:91,1-23:
map of any single type required.
Looking at the tf code, it looks like it's being passed in correctly. I'd like to fully eliminate the chances of the credentials being passed to Atlantis being incorrect. Can you verify what values were passed in to the container by creating a custom workflow that echo's out the environment variables?
# atlantis.yaml
version: 3
projects:
- dir: .
workflow: echo
workflows:
echo:
plan:
steps:
- run: echo $ATLANTIS_BITBUCKET_USER
- run: echo $ATLANTIS_BITBUCKET_TOKENOriginally posted by @lkysow in #54 (comment)
Adding an additional iam policy via the policies_arn variable throws the error in the issue description when that additional policy arn is computed:
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
version = "1.13.0"
name = "atlantis"
...
...
policies_arn = ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", "${aws_iam_policy.atlantis_run_terraform_policy.arn}"]
}
Per hashicorp/terraform#10857, this is Terraform's desired behavior, because we are "performing a function call length on a computed value" and we're trying to call length before that value is computed (or the resource created).
length is called here -- https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/master/main.tf#L331
Workaround is to create aws_iam_policy.atlantis_run_terraform_policy first, then add it to the module's policies_arn var on a subsequent terraform apply run. It can't be created and applied in a single run.
I am using version 1.12.0 of the module.
When I use the module with this configuration, I get an error. Some details are obscured with asterisks.
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
version = "1.12.0"
name = "atlantis"
# VPC
vpc_id = "${data.aws_vpc.vpc.id}"
private_subnet_ids = ["${data.aws_subnet_ids.private.ids}"]
public_subnet_ids = ["${data.aws_subnet_ids.public.ids}"]
# DNS (without trailing dot)
route53_zone_name = "****.com"
certificate_arn = "${data.aws_acm_certificate.star_star_star_star_com.arn}"
# Atlantis
atlantis_repo_whitelist = ["gitlab.****.com/terraform/*"]
atlantis_gitlab_user = "****"
atlantis_gitlab_user_token = "****"
}
Outcome:
17:54 $ terraform plan
Error: module.atlantis.module.vpc.aws_eip.nat: 1 error(s) occurred:
* module.atlantis.module.vpc.aws_eip.nat: element: element() may not be used with an empty list in:
${merge(map("Name", format("%s-%s", var.name, element(var.azs, (var.single_nat_gateway ? 0 : count.index)))), var.tags, var.nat_eip_tags)}
Error: module.atlantis.module.vpc.aws_vpc_ipv4_cidr_block_association.this: 1 error(s) occurred:
* module.atlantis.module.vpc.aws_vpc_ipv4_cidr_block_association.this: element: element() may not be used with an empty list in:
${element(var.secondary_cidr_blocks, count.index)}
Error: module.atlantis.module.vpc.aws_vpc.this: expected cidr_block to contain a valid CIDR, got: with err: invalid CIDR address:
I had to add an IAM policy to the task execution role for the ECS task definition in order to give it permission to GetParameters from the SSM parameter store. In order to do this via Terraform I needed to reference the role that your terraform-aws-atlantis module creates. I wasn't sure how to do it other than to fork the code and create an output that did this, and then reference it in my module that wraps terraform-aws-atlantis:
output "task_role_name" {
description = "The Atlantis ECS task role name"
value = "${aws_iam_role.ecs_task_execution.name}"
}
Would it be possible to create this output for the 1.x and 2.x branches of this repo?
We are running Atlantis on Fargate via this module. Recently, we started to get this error on running an atlantis plan:
running git clone --branch patch/rds_alerts_raw_delivery --depth=1 --single-branch https://atlantis-bot:<redacted>@github.com/<redacted>/terraform.git /home/atlantis/.atlantis/repos/<redacted>/terraform/293/default: Cloning into '/home/atlantis/.atlantis/repos/<redacted>/terraform/293/default'...
error: unable to write file _legacy/permissions/policies/README.md
error: unable to write file _legacy/permissions/policies/step_functions_start_stop_execution.tf
error: unable to write file _legacy/permissions/role_policy_attachments.tf
fatal: cannot create directory at '_legacy/permissions/roles': No space left on device
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry the checkout with 'git checkout -f HEAD'
: exit status 128
This indicates that the instance is out of disk space, but I don't see any way to increase the disk size in the module inputs. What should we do to address this?
terraform-aws-atlantis/main.tf
Line 495 in 1195897
Error: Failed getting task definition ClientException: Unable to describe task definition.
status code: 400, request id: 0cd48c37-8d35-11e9-9e00-5ff346cf8ee8 "atlantis"
on .terraform/modules/atlantis/terraform-aws-modules-terraform-aws-atlantis-ca4ff06/main.tf line 491, in data "aws_ecs_task_definition" "atlantis":
491: data "aws_ecs_task_definition" "atlantis" {
This is related to #15.
Iβm unable to get Atlantis to work as itβs failing on host key verification when downloading modules from Bitbucket:
running "/usr/local/bin/terraform init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/foo/terraform/24/default/acct-dev/monitoring": exit status 1
Upgrading modules...
- monitoring in modules
Downloading git::ssh://[email protected]:/foo/aws-sns-topic.git?ref=v0.0.1 for monitoring.aws_sns_topic_high_priority...
Error: Failed to download module
Could not download module "aws_sns_topic_high_priority"
(modules/aws-sns-topic-high-priority.tf:1) source code from
"git::ssh://[email protected]:/foo/aws-sns-topic.git?ref=v0.0.1": error
downloading 'ssh://[email protected]:/foo/aws-sns-topic.git?ref=v0.0.1':
/usr/bin/git exited with 128: Cloning into
'.terraform/modules/monitoring.aws_sns_topic_high_priority'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Error: Failed to download module
Could not download module "aws_sns_topic_high_priority"
(modules/aws-sns-topic-high-priority.tf:1) source code from
"git::ssh://[email protected]:/foo/aws-sns-topic.git?ref=v0.0.1": error
downloading 'ssh://[email protected]:/foo/aws-sns-topic.git?ref=v0.0.1':
/usr/bin/git exited with 128: Cloning into
'.terraform/modules/monitoring.aws_sns_topic_high_priority'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The container Iβm running is the latest runatlantis/atlantis image and Iβve added a private SSH key and SSH config with StrictHostKeyChecking no to the atlantis user.
When I run the image locally, Iβm am able to clone the repo without issue. Below is showing it failing, then working:
28d492ee4645:~$ whoami
#atlantis
28d492ee4645:~$
28d492ee4645:~$
28d492ee4645:~$ ls -al .ssh/
total 16
drwxr-xr-x 1 #atlanti root 4096 Jun 14 14:36 .
drwxrwxr-x 1 #atlanti root 4096 Jun 14 14:36 ..
-rw------- 1 #atlanti root 25 Jun 14 04:21 config.foo
-rw------- 1 #atlanti root 1811 Jun 14 04:21 id_rsa
28d492ee4645:~$
28d492ee4645:~$
28d492ee4645:~$ git clone [email protected]:foo/aws-sns-topic.git
Cloning into 'aws-sns-topic'...
The authenticity of host 'bitbucket.org (18.205.93.1)' can't be established.
RSA key fingerprint is SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A.
Are you sure you want to continue connecting (yes/no)? ^C
28d492ee4645:~$
28d492ee4645:~$
28d492ee4645:~$ mv .ssh/config.foo .ssh/config
28d492ee4645:~$
28d492ee4645:~$
28d492ee4645:~$ git clone [email protected]:foo/aws-sns-topic.git
Cloning into 'aws-sns-topic'...
Warning: Permanently added 'bitbucket.org,18.205.3.1' (RSA) to the list of known hosts.
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 5 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (5/5), done.
28d492ee4645:~$ ls -al
total 16
drwxrwxr-x 1 #atlanti root 4096 Jun 14 14:37 .
drwxr-xr-x 1 root root 4096 Mar 14 19:25 ..
drwxr-xr-x 1 #atlanti root 4096 Jun 14 14:37 .ssh
drwxr-xr-x 3 #atlanti atlantis 4096 Jun 14 14:37 aws-sns-topic
What am I missing?
Just curious why this line got commented out:
https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/master/main.tf#L321
Authy has application requests feature which allows sending a request to a user to confirm his intention.
API docs:
https://www.twilio.com/docs/authy/api
Redirect ingress on port 80 HTTP to port 443 HTTPS.
Opening the atlantis page in a browser simply times out but should be redirected to HTTPS.
This is necessary if the user wishes to use terraform enterprise state storage with atlantis. https://www.runatlantis.io/docs/terraform-cloud.html#generating-a-terraform-cloud-token
One should be able to pass this in as an environment variable just like the other environment variables or via ssm just like the atlantis_github_user_token variable.
I'm invoking the module atlantis using following variable settings:
atlantis_repo_whitelist = [our primary repository]
allow_repo_config = true
atlantis_allowed_repo_names = []
atlantis_github_user = "userbot"
atlantis_github_user_token = "EXAMPLE"
azs = "${data.terraform_remote_state.vpc.avail_zones}"
ecs_service_assign_public_ip = true
private_subnet_ids = "${data.terraform_remote_state.vpc.private_subnets}"
public_subnet_ids = "${data.terraform_remote_state.vpc.public_subnets}"
route53_zone_name = "${data.terraform_remote_state.r53.fqdn}"
vpc_id = "${data.terraform_remote_state.vpc.vpc_id}"
But then I get an error message:
Error: module.atlantis.module.vpc.aws_vpc.this: expected cidr_block to contain a valid CIDR, got: with err: invalid CIDR address:
Investigate what to do when multiple comments are sent to Atlantis.
What about locking?
Will there be a need to resolve cold starts (eg, use GitHub -> SQS -> SNS -> Lambda -> Fargate) ?
Hi,
Looks like something regarding the secrets is broken. We discovered this during our upgrade to 0.12 and the v2.1.0 of this module.
The following config used to work:
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
version = "~> 2.1.0"
name = "atlantis"
# VPC
cidr = "10.20.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
public_subnets = ["10.20.101.0/24", "10.20.102.0/24", "10.20.103.0/24"]
# DNS (without trailing dot)
route53_zone_name = "example.com"
# Atlantis
atlantis_github_user = "atlantis-bot"
atlantis_repo_whitelist = ["github.com/terraform-aws-modules/*"]
}
provider "aws" {
region = "us-east-1"
}
Note that that's the same code from the example, without atlantis_github_user_token defined. We don't want to have that in code so we put it in SSM.
This module is smart enough that it can take it from SSM if it's not in the Terrafrom config. That's what was happening in v1.9.0.
In the v2.1.0 this leads to the following in the JSON task definition:
"secrets": [
{
"valueFrom": "unknown_secret_name_value",
"name": "unknown_secret_name_key"
},
{
"valueFrom": "/atlantis/webhook/secret",
"name": "unknown_secret_webhook_key"
}
],
This is obviously wrong and leads to the Task definition failing cause it cannot find those SSM secrets.
I think in https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/master/main.tf#L17-L23 there's something bad. That breaks the definitions in https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/master/main.tf#L67-L81. Maybe instead of the token there should've been user as I define the user, but the token is always empty.
Am I missing something?
I'm in the middle of trying to upgrade from a much older version of atlantis which managed the Github webhooks for you.
The docs still indicate that the module can create the github webhooks for you:
Github webhook is automatically created if
github_token,github_organizationandgithub_repo_nameswere specified.
However looking at the code I am not seeing how this actually works - I can't find any reference to the github_repo_names in the code for example.
I think this functionality might've been removed during the refactor to support gitlab? In any case just wanted to confirm, and wondering what the recommended way to set up the webhooks is now.
I've gone the path of running via solution three, "running in own environment." But my service is not running, probably due to combination of entrypoint (which I left blank) and command (which gets displayed in log message shown below.)
/usr/local/bin/docker-entrypoint.sh: exec: line 46: atlantis server --log-level=debug \
--gh-user=XXXX --gh-token="YYYYY" --gh-webhook-secret="something" --repo-config-json='
{
"repos": [
{
"id": "/.*/",
"allowed_overrides": [
"workflow"
],
"allow_custom_workflows": true,
"apply_requirements": [
"approved",
"mergeable"
]
}
]
}
' --repo-whitelist=github.com/our/repository: not found
Where did I go wrong?
terraform-aws-atlantis/main.tf
Line 47 in 508eb0c
I found that opening Atlantis to the world is risky and inline with the principle of least privilege.
So I restricted it to the CIDR blocks that Github advertises as their own on https://api.github.com/meta
in addition to perhaps the office network, bastion for instance.
PS: I know Atlantis uses the --repo-whitelist but adding another layer of (network) security doesn't harm IMO...
Hello. I've tried using your module and I've added my own Atlantis image from v0.11.0 and copied the AWS credentials and config files to the image. From further investigations I realised that the AWS credentials are not retrieved at all from those files, but from the task's role.
2020/02/06 09:14:16 [INFO] Setting AWS metadata API timeout to 100ms
2020/02/06 09:14:16 [INFO] ECS container credentials detected, RemoteCredProvider added to auth chain
2020/02/06 09:14:16 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id
2020/02/06 09:14:16 [INFO] AWS Auth provider used: "CredentialsEndpointProvider"
Could you help and provide a way so that when terraform runs, to look for the AWS credentials, not the container task role and also to respect the AWS chain of finding credentials.
To-do:
atlantis plan automaticallyatlantis apply only for specific github accounts to execute examplesterraform destroy for the executed examples once PR is merged to cleanup resourcesatlantis.yaml which suits all terraform-aws-modulesInstead of this -
terraform-aws-atlantis/main.tf
Lines 226 to 282 in 8d873d4
Do something like this:
locals {
log_group = "test-group"
definition = {
name = "example"
memory = "500"
}
default_definition = {
name = "test"
image = "test_image"
memory = 200
essential = true
command = "node"
portMappings = [
{
containerPort = 8008
hostPort = 80
}
]
logConfiguration = {
logDriver = "awslogs"
options = {
awslogs-group = "${local.log_group}"
awslogs-region = "us-west-2"
}
}
}
}
output "test" {
value = "${jsonencode(merge(local.default_definition, local.definition))}"
}Kudos to @osterman
Need to add code that allows for use of Gitlab webhooks as well.
So you could use something like:
# Atlantis
atlantis_gitlab_user = "atlantis-bot"
atlantis_gitlab_user_token = "examplegitlabtoken"
atlantis_repo_whitelist = ["gitlab.com/terraform-aws-modules/*"]"
Hi, I'm trying to setup atlantis on AWS Fargate via Gitlab, but am getting error in cloudwatch on init:
2019/06/08 19:13:45+0000 [EROR] terraform_client.go:189 meshwatch/infrastructure/terraform-gsuite#1: Running "/usr/local/bin/terraform init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/meshwatch/infrastructure/terraform-gsuite/1/default": exit status 1
Any idea what might be wrong (I know the error is not very descriptive)? I would assume that is has to do with permissions, as I didnt configure any. What credentials does it use by default? How to configure them?
terraform-aws-atlantis/main.tf
Line 18 in 508eb0c
Great work Anton!
Recently I also developed an Atlantis module to which I pass a vpc_id as a variable instead of a cidr_block to create a new one - under the assumption that it's more common for someone to deploy Atlantis in an existing VPC.
My proposal:
cidr_block and vpc_id), both with dummy defaults.count to determine whether a new VPC is needed, in which case the cidr_block would be used.When running terraform in my work environment, I need to switch accounts for different projects. My $HOME/.aws/credentials provides 6-7 sets of profiles, and I need to specify which one when I invoke AWS CLI commands. How can I integrate this situation when using this module?
We use codecommit to save our state file + tfvars. I am wondering if we can use atlantis to manage our gitops workflow.
Is codecommit could be used a an git host like github or bitbucket ?
When using an access token and storing in to SSM it stores the token as plain text. Am I missing something in the vars?
I tested the access to the parameters via a new user with generic power user rights. That user could see the secret in plain text.
When encrypting the token via a custom key it fails to decrypt.(the ARN has been placed in to the vars file, the role execution task has the decrypt action set.)
Thoughts?
I'm having issues with setting env variables for the container. With the definition below
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
version = "~> v1.0"
name = "atlantis"
atlantis_version = "v0.7.2"
allow_repo_config = true
policies_arn = ["arn:aws:iam::aws:policy/AdministratorAccess"]
# VPC
vpc_id = "XXXXXXXXX"
cidr = "XXXXXXXXX"
azs = ["XXXXXXXXX"]
private_subnet_ids = ["XXXXXXXXX"]
public_subnet_ids = ["XXXXXXXXX"]
# DNS (without trailing dot)
route53_zone_name = "XXXXXX"
# ACM (SSL certificate) - Specify ARN of an existing certificate or new one will be created and validated using Route53 DNS
certificate_arn = "XXXXX"
# Atlantis
atlantis_github_user = "X"
atlantis_github_user_token = "XXXXX"
atlantis_repo_whitelist = ["github.com/XXXX/Xxxxxxxxx"]
custom_environment_variables = [{
name = "ATLANTIS_REPO_CONFIG_JSON"
value = "XXXXXX"
}]
}
When I try to list the env variables in custom plan, I can't see any env variable named ATLANTIS_REPO_CONFIG_JSON.
Content of atlantis.yaml with custom workflow:
version: 3
automerge: true
projects:
- name: XXXX
dir: XXXX
workspace: default
terraform_version: v0.11.14
autoplan:
when_modified: ["*.tf", "../modules/**.tf"]
enabled: true
workflow: custom
workflows:
custom:
plan:
steps:
- run: env
- init
- plan
apply:
steps:
- apply
My goal is to modify the default workflow using env variable ATLANTIS_REPO_CONFIG_JSON and json as argument as described here https://www.runatlantis.io/docs/server-side-repo-config.html#enabling-server-side-repo-config
Error: Error putting IAM role policy ECSTaskAccessSecretsPolicy: MalformedPolicyDocument: Partition "aws" is not valid for resource "arn:aws:ssm:us-gov-east-1:account:parameter/atlantis/webhook/secret".
status code: 400, request id: a30c5ba6-2e10-4841-afc2-7ae4d5806024
on .terraform/modules/atlantis/terraform-aws-modules-terraform-aws-atlantis-b97e816/main.tf line 388, in resource "aws_iam_role_policy" "ecs_task_access_secrets":
388: resource "aws_iam_role_policy" "ecs_task_access_secrets" {
I assume part of this is to blame.
terraform-aws-atlantis/main.tf
Line 357 in ee46717
I believe #50 should be re-opened. I am running into this issue using my own VPC.
Error: module.atlantis11.module.vpc.aws_vpc.this: expected cidr_block to contain a valid CIDR, got: with err: invalid CIDR address:
I'm not sure I really understand what this line does, https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/master/main.tf#L148, but I'm not confident that it's NOT trying to create a new VPC. I am specifying a single vpc_id (as a string, not a list) in my module, calling terraform-aws-modules/atlantis/aws
I think a fix would have to be implemented in both the 1.x and 2.x 'branches of this code. We still have Terraform 11 code in production.
I need to inject environment variables to the ECS container_definitions regarding the API tokens for different terraform providers (like fastly, pagerduty, etc.)
Initially I was thinking to create a new container_definition module to override the existing one.
Per this code, container_definitions = "${var.custom_container_definitions == "" ? module.container_definition.json : var.custom_container_definitions}"
But then I realize it is pretty parameterized already inside this module and what I want is just override the environment list. So I guess maybe I just need to override the list?
What would be the better way?
terraform-aws-atlantis/main.tf
Line 197 in 508eb0c
Instead of having it inline, it may be more flexible and allow further interpolations :
data "template_file" "container" {
template = "${file("${path.module}/atlantis-container-definition.json")}"
vars {
port = "${var.atlantis_port}"
log_level = "${var.log_level}"
cw_logs_prefix = "${var.cw_logs_prefix}"
}
}
The above is a minimalistic example. The input variable can have defaults, but module users should have the liberty to easily change them at instantiation time if they want to.
PS: I found that changing Atlantis port from 4141 to 80 helped when accessing it from the office network or via VPN - hence my thought that since they allow it to be changed, why not also have it as an input..
Hello,
While using this module, I get the following message every time I do terraform apply.
~ resource "aws_ecs_service" "atlantis" {
cluster = "arn:aws:ecs:eu-west-1:[REDACTED]:cluster/atlantis"
deployment_maximum_percent = 200
deployment_minimum_healthy_percent = 50
desired_count = 1
enable_ecs_managed_tags = false
health_check_grace_period_seconds = 0
iam_role = "aws-service-role"
id = "arn:aws:ecs:eu-west-1:[REDACTED]:service/atlantis"
launch_type = "FARGATE"
name = "atlantis"
platform_version = "LATEST"
propagate_tags = "NONE"
scheduling_strategy = "REPLICA"
tags = {}
~ task_definition = "atlantis:2" -> (known after apply)
Is there any way to avoid this?
The following is my module usage:
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
version = "~> 2.0"
name = "atlantis"
vpc_id = "${aws_vpc.myvpc.id}"
private_subnet_ids = ["${aws_subnet.private-1a.id}", "${aws_subnet.private-1b.id}", "${aws_subnet.private-1c.id}"]
public_subnet_ids = ["${aws_subnet.public-1a.id}", "${aws_subnet.public-1b.id}", "${aws_subnet.public-1c.id}"]
certificate_arn = "redacted"
create_route53_record = false
atlantis_github_user = "${local.atlantis_github_username}"
atlantis_github_user_token = "${local.atlantis_github_access_token}"
atlantis_repo_whitelist = ["redacted"]
ssm_kms_key_arn = "redacted"
}
Getting this error when updating to 2.0.0 from 1.17.0
$ terraform apply
...
module.atlantis.data.aws_route53_zone.this[0]: Refreshing state...
module.atlantis.module.acm.aws_acm_certificate.this[0]: Refreshing state... [id=arn:aws:acm:us-east-2:697393925297:certificate/29c16798-e810-47d9-8972-d7ea5e6a9d31]
Error: Invalid count argument
on .terraform/modules/atlantis.acm/terraform-aws-modules-terraform-aws-acm-566067c/main.tf line 30, in resource "aws_route53_record" "validation":
30: count = var.create_certificate && var.validation_method == "DNS" && var.validate_certificate ? length(local.distinct_domain_names) : 0
The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.
Releasing state lock. This may take a few moments...
terraform-aws-atlantis/main.tf
Line 186 in 508eb0c
When I tried to use atlantis plan or apply I found that it needed permissions for at least for (depending on the config files of course):
Initially I began by attaching existing policies, before I determine the which ones are most restrictive. Alternatively, one could pass the overly permissive https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator if they're confident that the Task runs securely.
To-do:
start one Fargate Task 15 minutes before 9:00 on workdays)As an end-to-end demonstration of modules.tf generator (https://twitter.com/antonbabenko/status/1065150464457654272)
Hi,
It would be great if this module would have support for Azure DevOps aswell, as Atlantis itself recently added it.
Cheers.
I basically have the same problem that was discussed in #54 but with Bitbucket Server, instead of Bitbucket Cloud.
Since the original issue was closed without resolution and no further input, I would like to investigate this issue more in-depth since I was able to reproduce it.
I set these params:
atlantis_bitbucket_user = "<user>"
atlantis_bitbucket_user_token = "<password>"
In addition, I introduced the Terraform variable "atlantis_bitbucket_base_url" to set the environment parameter "ATLANTIS_BITBUCKET_BASE_URL" which is needed to run Bitbucket Server with Atlantis (see runatlantis/atlantis#622).
I used this custom workflow:
# atlantis.yaml
version: 3
projects:
- dir: .
workflow: echo
workflows:
echo:
plan:
steps:
- run: echo $ATLANTIS_BITBUCKET_USER
- run: echo $ATLANTIS_BITBUCKET_TOKENOriginally posted by @lkysow in #54 (comment)
I verified access via cURL:
curl --location --request GET
'https://<BitbucketServerEndpoint>/rest/api/1.0/projects/<BitbucketProject>/repos/infrastructure/pull-requests/23/changes?start=0' \
--header 'Authorization: Bearer <Token>'
(works)
This is the output after opening a new PR:
[DBUG] events_controller.go:122 server: Handling Bitbucket Server post
[DBUG] events_controller.go:208 server: Handling as pull request state changed event
[INFO] events_controller.go:304 server: Identified event as type "opened"
[INFO] events_controller.go:345 server: Executing autoplan
[INFO] middleware.go:42 server: POST /events β respond HTTP 200
[WARN] command_runner.go:114 <BitbucketProject+Repo>#23: Unable to update commit status: making request "POST https://<BitbucketServer>/rest/build-status/1.0/commits/081a96ff9e6d001c56db8eb70d824008c54ad8d8" unexpected status code: 401, body:
{
"errors": [
{
"context": null,
"message": "Authentication failed. Please check your credentials and try again.",
"exceptionName": "com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException"
}
]
}
[DBUG] project_command_builder.go:106 <BitbucketProject+Repo>#23: Got workspace lock
[WARN] command_runner.go:120 <BitbucketProject+Repo>#23: Unable to update commit status: making request "POST https://<BitbucketServer>/rest/build-status/1.0/commits/081a96ff9e6d001c56db8eb70d824008c54ad8d8" unexpected status code: 401, body:
{
"errors": [
{
"context": null,
"message": "Authentication failed. Please check your credentials and try again.",
"exceptionName": "com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException"
}
]
}
[EROR] command_runner.go:419 <BitbucketProject+Repo>#23: Making request "GET https://<BitbucketServer>/rest/api/1.0/projects/<BitbucketProject>/repos/infrastructure/pull-requests/23/changes?start=0" unexpected status code: 401, body:
{
"errors": [
{
"context": null,
"message": "Authentication failed. Please check your credentials and try again.",
"exceptionName": "com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException"
}
]
}
[EROR] command_runner.go:426 <BitbucketProject+Repo>#23: Unable to comment: making request "POST https://<BitbucketServer>/rest/api/1.0/projects/<BitbucketProject>/repos/infrastructure/pull-requests/23/comments" unexpected status code: 401, body:
{
"errors": [
{
"context": null,
"message": "Authentication failed. Please check your credentials and try again.",
"exceptionName": "com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException"
}
]
}What it says in the description. In our setup it would be ideal if the load balancer was internal, on the private subnets so it's not publicly routed. It seems like it'd be fairly straightforward to implement.
Hi,
I am currently using this as As a Terraform module approach, but I could not find a good way to do retrieve the token as well as the events url.
The webhook events url is easy to setup though with appending /events behind the domain, but how can I get the token that I need for setting up the repo's webohook?
Right now the github_user and github_user_token are passed in as build env variables:
# Atlantis
atlantis_github_user = "${var.BOT_USERNAME}"
atlantis_github_user_token = "${var.BOT_TOKEN}"
atlantis_repo_whitelist = ["github.com/org/*"]
I am running into the following error when using a pre-existing certificate:
Error: Invalid index
on .terraform/modules/atlantis.acm/terraform-aws-modules-terraform-aws-acm-566067c/main.tf line 6, in locals:
6: validation_domains = [for k, v in aws_acm_certificate.this[0].domain_validation_options : tomap(v) if contains(local.distinct_domain_names, v.domain_name)]
|----------------
| aws_acm_certificate.this is empty tuple
The given key does not identify an element in this collection value.This is an issue with the underlying ACM module, see here. However, there is a PR open for a change to the module.
This occurs if you explicit supply a certificate ARN when using the atlantis module:
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
version = "~> 2.0"
name = "atlantis"
# ACM (SSL certificate)
certificate_arn = module.acm.this_acm_certificate_arn
...I'm running into problems, presumably with bitbucket authentication.
I've verified the bitbucket username and app password using curl.
My terraform.tfvars has the following (with actual username and app password):
atlantis_bitbucket_user = "foo"
atlantis_bitbucket_user_token = "bar"
I see the ATLANTIS_BITBUCKET_USER populated correctly as an environment variable for the Fargate container.
However, when I test it fails with the following:
2019/06/06 02:52:20+0000 [DBUG] events_controller.go:100 server: Handling Bitbucket Cloud post
2019/06/06 02:52:20+0000 [DBUG] events_controller.go:154 server: Handling as comment created event
2019/06/06 02:52:20+0000 [INFO] events_controller.go:367 server: Parsed comment as command="plan" verbose=false dir="" workspace="" project="" flags=""
2019/06/06 02:52:20+0000 [DBUG] events_controller.go:389 server: Executing command
2019/06/06 02:52:20+0000 [INFO] middleware.go:42 server: POST /events β respond HTTP 200
2019/06/06 02:52:20+0000 [WARN] command_runner.go:208 foo/terraform#24: Unable to update commit status: making request "POST https://api.bitbucket.org/2.0/repositories/foo/terraform/commit/3a050fbb589a/statuses/build" unexpected status code: 401, body:
2019/06/06 02:52:20+0000 [DBUG] project_command_builder.go:102 foo/terraform#24: Got workspace lock
2019/06/06 02:52:21+0000 [WARN] command_runner.go:223 foo/terraform#24: Unable to update commit status: making request "POST https://api.bitbucket.org/2.0/repositories/foo/terraform/commit/3a050fbb589a/statuses/build" unexpected status code: 401, body:
2019/06/06 02:52:21+0000 [EROR] command_runner.go:383 foo/terraform#24: Making request "GET https://api.bitbucket.org/2.0/repositories/foo/terraform/pullrequests/24/diffstat" unexpected status code: 401, body:
2019/06/06 02:52:21+0000 [EROR] command_runner.go:390 foo/terraform#24: Unable to comment: making request "POST https://api.bitbucket.org/2.0/repositories/foo/terraform/pullrequests/24/comments" unexpected status code: 401, body:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google β€οΈ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.