Comments (6)
I encountered a similar problem as I was expecting it to read an existing value in var.atlantis_github_user_token_ssm_parameter_name
, but it does not and just sets it to unknown causing errors.
You should be able to work around this though without having to hardcode your token. For me I do the following in my terraform that calls this module:
data "aws_ssm_parameter" "atlantis_user_token" {
name = "/atlantis/github/user/initial_token" # note `initial_token` vs default `token`
}
module "atlantis" {
...
atlantis_github_user = "myuser"
atlantis_github_user_token = data.aws_ssm_parameter.atlantis_user_token.value
atlantis_gitlab_user_token_ssm_parameter_name
...
}
Note that you cannot use the same param path though as atlantis or it will error with ParameterAlreadyExists
when the module tries to write the secret. To prevent this the module could be updated to add the overwrite option to the aws_ssm_parameter resources here. That way it would allow you to read and write from the same path, but this feels like a minor detail.
from terraform-aws-atlantis.
+1
Complex unparenthesised conditionals added as part of Terraform 0.12 compatibility commit make completely no sense when trying to invoke the module in an existing infra. Secrets don't get populated, IAM policy which should allow the task to access SSM secrets doesn't get applied.
I suspect that the configuration will still work in the "standalone" mode where you have a standalone copy of the repo and create terraform.tfvars
from the sample file, so that secret(s) get populated from there. For all other cases everything is broken, unless you hardcode your token into the module invocation, which is bad. Pre-created secrets are not supported at all in such configuration.
This needs to be fixed, and at the very least explicitly mentioned in documentation.
from terraform-aws-atlantis.
Those ternary operators definitely aren't working correctly when using SSM.
It seems like the logic for local.has_secrets
is missing a reference to the SSM settings at all.
It might be good to have an additional "switch" variable to tell the module to use SSM instead of the regular token variables, so that the logic to coalesce whichever secret it should be using is less complicated.
from terraform-aws-atlantis.
This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days
from terraform-aws-atlantis.
This issue has been resolved in version 4.0.0 🎉
from terraform-aws-atlantis.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
from terraform-aws-atlantis.
Related Issues (20)
- Invalid index in module "ecs_service" in v 4.0.1 HOT 3
- security_group_egress_rules uses wrong input HOT 2
- Missing secretsmanager:GetSecretValue policy action HOT 2
- ATLANTIS_ATLANTIS_URL not correctly picked up from atlantis.fqdn HOT 3
- Allow custom ALB Security Group rules HOT 7
- Job details lost after re-deployment HOT 2
- Document that setting ATLANTIS_GH_USER breaks the github app (ATLANTIS_GH_APP_ID / ATLANTIS_GH_APP_KEY) scenario HOT 2
- Atlantis default UID of 100 vs 1000 HOT 2
- Redeploying fargate atlantis task always breaks HOT 6
- atlantis_repo_allowlist format for Atlantis and the github_repository_webhooks HOT 2
- Do we need to call github_organization_webhook instead of github_repository_webhook for * ? HOT 1
- When EFS is Enabled, the Created EFS File System has an empty 'Name' Tag HOT 2
- The ALB Target Group Name is not set to the 'name' Variable HOT 2
- No possibility to pass a created SG for Atlantis ALB to ECS Service if we set var.create_alb = true, and var.alb.create_security_group = false HOT 1
- Just curious how to allow atlantis to comment on Bitbucket PRs using this tf module. HOT 3
- (re-open #384) atlantis_repo_allowlist format for Atlantis and the github_repository_webhooks HOT 4
- "Encountering 'Unsupported attribute' Errors with OIDC Configuration in AWS LB Listener" HOT 1
- Issues with ACM Certificate Validation Timeout and ECS Service Creation Due to Target Group Association HOT 7
- Secret manager version reported changes HOT 3
- Political ware breaks Atlantis module HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-atlantis.