28 messages
👽️
pvalmost 2 years ago
Hi, I am confused by how the yaml is intended to be configured for this component:
https://github.com/slalombuild/terraform-atmos-accelerator/blob/main/components/terraform/gcp/network/README.md#input_cloud_nat
I need to configure
https://github.com/slalombuild/terraform-atmos-accelerator/blob/main/components/terraform/gcp/network/README.md#input_cloud_nat
I need to configure
source_ip_ranges_to_nat = optional(list(string), ["ALL_IP_RANGES"]) but no matter how I configure it, the tfvars leave that configuration empty. How is this part meant to be written in the yaml? I've tried everything
Dr.Gaoalmost 2 years ago(edited)
hello, I am seeing this issue while using
My config is like this. It was working a month ago, I did not change anything, it suddenly had this error. Any idea how to debug it?
cloudposse/github-action-pre-commitRun cloudposse/github-action-pre-commit@v3
install pre-commit
/opt/hostedtoolcache/Python/3.10.13/x64/bin/pre-commit run --show-diff-on-failure --color=always --all-files
[INFO] Initializing environment for <https://github.com/antonbabenko/pre-commit-terraform>.
[INFO] Initializing environment for <https://github.com/pre-commit/mirrors-prettier>.
[INFO] Initializing environment for <https://github.com/pre-commit/mirrors-prettier:prettier@2.7.1>.
[INFO] Installing environment for <https://github.com/pre-commit/mirrors-prettier>.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
Terraform fmt............................................................Failed
- hook id: terraform_fmt
- files were modified by this hook
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
main.tf
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
main.tf
variables.tf
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
main.tf
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
versions.tf
/home/runner/work/_temp/f964d667-191a-4b39-8afa-169af08623eb/terraform-bin fmt
Terraform docs...........................................................Failed
- hook id: terraform_docs
- exit code: 1
ERROR: terraform-docs is required by terraform_docs pre-commit hook but is not installed or in the system's PATH.
prettier.............................................(no files to check)Skipped
rebuild-adr-docs.........................................................Passed
pre-commit hook(s) made changes.
If you are seeing this message in CI, reproduce locally with: `pre-commit run --all-files`.
To run `pre-commit` as part of git workflow, use `pre-commit install`.
All changes made by hooks:My config is like this. It was working a month ago, I did not change anything, it suddenly had this error. Any idea how to debug it?
# Install terraform-docs for pre-commit hook
- name: Install terraform-docs
shell: bash
env:
INSTALL_PATH: "${{ github.workspace }}/bin"
run: |
make init
mkdir -p "${INSTALL_PATH}"
make packages/install/terraform-docs
echo "$INSTALL_PATH" >> $GITHUB_PATH
# pre-commit prerequisites
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- uses: actions/setup-node@v3
with:
node-version: '16'
# Install adr-tools for pre-commit hook
- name: Install adr-tools
shell: bash
run: |
wget <https://github.com/npryce/adr-tools/archive/refs/tags/$ADR_TOOLS_VERSION.tar.gz>
tar xvzf $ADR_TOOLS_VERSION.tar.gz
echo "adr-tools-$ADR_TOOLS_VERSION/src" >> $GITHUB_PATH
#pre-commit checks: fmt + terraform-docs
#We skip tf_validate as it requires an init
#of all root modules, which is to be avoided.
- uses: cloudposse/github-action-pre-commit@v3
env:
SKIP: tf_validate
with:
token: ${{ secrets.CCH_GITHUB_BOT_TOKEN }}
git_user_name: ${{ env.GIT_USER_NAME }}
git_user_email: ${{ env.GIT_USER_EMAIL }}
extra_args: --all-filesDr.Gaoalmost 2 years ago
What additional feature does
cloudposse/github-action-pre-commit provide in addtion of pre-commit that it forked from?pvalmost 2 years ago
Does atmos use terraform workspaces by default, and what for if not why and how would you use them with atmos?
rssalmost 2 years ago(edited)
v1.65.0
Add
Add
providers section to Atmos manifests. Update docs @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2167232934" data-permission-text="Title is private" data-url="https://github.com/cloudposse/atmos/issues/555"...pvalmost 2 years ago
Are these atmos accelerators supported?
https://github.com/slalombuild/terraform-atmos-accelerator/blob/main/components/terraform/gcp/network/README.md
We were given a link to these for GCP use. Most of them are empty placeholders and the readmes give no examples of their yaml configurations. For example with the one I shared, it does not give any examples on how to configure routes or cloud nat or firewall rules so this example is completely useless for anything other than a basic deployment. Whenever I try to configure something new, atmos complains because the yaml is not formatted properly
https://github.com/slalombuild/terraform-atmos-accelerator/blob/main/components/terraform/gcp/network/README.md
We were given a link to these for GCP use. Most of them are empty placeholders and the readmes give no examples of their yaml configurations. For example with the one I shared, it does not give any examples on how to configure routes or cloud nat or firewall rules so this example is completely useless for anything other than a basic deployment. Whenever I try to configure something new, atmos complains because the yaml is not formatted properly
pvalmost 2 years ago
Does Atmos automatically migrate state if you change the backend for a stack?
Andy Wortmanalmost 2 years ago
I’m attempting to expand our atmos architecture to support multiple accounts and regions. I’ve found the docs for overriding the provider, but I also need to override the component’s S3 backend. Is there a way to do that? I’m not finding it in the docs…
Patrick McDonaldalmost 2 years ago
We're managing a multi-tenant architecture where each tenant operates within their own AWS account. I'm looking for efficient ways to monitor and detect changes within each tenant's stack. Upon detecting changes, I would like to automatically run
atmos terraform plan specific to the affected stack and tenant in their respective AWS account.pvalmost 2 years ago
Does anyone know how to get Atmos to work with https_proxy env var? Normal terraform is picking it up but it appears the Atmos binary is not passing the env var of the OS it is run on to use the proxy.
Andy Wortmanalmost 2 years ago
I’m struggling a bit with overriding providers. I’ve been able to override the backend config; the migration to dynamically-generated backends was complicated, but not too painful. But the same method doesn’t seem to be working with provider overrides.
Here’s the yaml I created for a particular account, within my catalog: (data redacted)
Then I import this file into the stack yaml. The backend override is working fine, but my plan appears to ignore the providers override. It’s not creating a providers_override.tf.json in the component directory, and the resources are set to be provisioned in my default account, instead of the one I specified in the providers block.
Am I missing something?
Here’s the yaml I created for a particular account, within my catalog: (data redacted)
terraform:
providers:
aws:
region: us-west-2
assume_role: "arn:aws:iam::XXXX:role/<role_name>"
backend_type: s3
backend:
s3:
acl: "bucket-owner-full-control"
encrypt: true
bucket: <bucket_name>
dynamodb_table: <table_name>
key: "terraform.tfstate"
region: "us-west-2"
role_arn: "arn:aws:iam::XXXX:role/<role_name>"Then I import this file into the stack yaml. The backend override is working fine, but my plan appears to ignore the providers override. It’s not creating a providers_override.tf.json in the component directory, and the resources are set to be provisioned in my default account, instead of the one I specified in the providers block.
Am I missing something?
prwnd9almost 2 years ago(edited)
Hi, I have trouble vendoring on atmos:
I got this error after
I suspect I have wrong source syntax in vendor.yaml? I could clone successfully using
# vendor.yaml
# <https://atmos.tools/quick-start/vendor-components>
apiVersion: atmos/v1
kind: AtmosVendorConfig
metadata:
name: vendor-config
description: Atmos vendoring manifest
spec:
sources:
# <https://github.com/cloudposse/terraform-aws-codebuild>
- component: "codebuild"
source: "github.com/cloudposse/terraform-aws-codebuild.git"
targets:
- "components/terraform/codebuild"
included_paths:
- "**/*.tf"I got this error after
atmos vendor pull:error downloading '<https://github.com/cloudposse/terraform-aws-codebuild.git>': /usr/bin/git exited with 128: fatal: not a git repository (or any of the parent directories): .gitI suspect I have wrong source syntax in vendor.yaml? I could clone successfully using
git clone <https://github.com/cloudposse/terraform-aws-codebuild.git>; git version 2.34.1
Selçuk KUBURalmost 2 years ago
Hi everyone , I’m new into Atmos looking for a repo structure for Provisioning EKS Cluster within an Organizational Units.
Kubheraalmost 2 years ago
It worked now 🙂 i had to add force protocol prefix as git::.
source: "git::<https://CentralCIRepoToken>:<my_token_goes here>@gitlab.env.io/enterprise/platform-tooling/terraform-modules/terraform-datautility-aws-account-configuration.git///?ref={{.Version}}"Kubheraalmost 2 years ago
how do we hide sensitive data from being exposed in a stack file? is there anyway I can read from environment variable into stack?
Erik Osterman (Cloud Posse)almost 2 years ago
Please share your stories: https://www.reddit.com/r/Terraform/comments/1bbm6e7/anybody_use_atmos/
cricketscalmost 2 years ago
Is there a canonical way of setting booleans using stack manifest templating?
Andy Wortmanalmost 2 years ago
Having some trouble with cloudposse/github-action-atmos-affected-stacks. Is there a dependency between that atmos version and the version of the atmos-affected-stacks action? I recently upgraded to atmos 1.65. The actions all worked for that commit, but recently we’ve started seeing the below error on every PR. I’ve tried the upgrading the versions of cloudposse/github-action-setup-atmos and loudposse/github-action-atmos-affected-stack, we’re using while staying on v1 of both. Same error as below. Upgrading to v2 of both took care of this error, but broke the matrix code that triggers the plan/apply steps.
Run atmos describe affected --file affected-stacks.json --verbose=true --repo-path "$GITHUB_WORKSPACE/main-branch"
atmos describe affected --file affected-stacks.json --verbose=true --repo-path "$GITHUB_WORKSPACE/main-branch"
affected=$(jq -c '.' < affected-stacks.json)
printf "%s" "affected=$affected" >> $GITHUB_OUTPUT
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
ATMOS_CLI_PATH: /home/runner/work/_actions/cloudposse/github-action-setup-atmos/atmos
TERRAFORM_CLI_PATH: /home/runner/work/_temp/2b951b22-3979-4563-9e42-c061f9ebb96f
ATMOS_CLI_CONFIG_PATH: atmos.yaml
Current working repo HEAD: ad0b5b3d6d9f6ce34f82c1222a47b77488982893 HEAD
Remote repo HEAD: 738d0df4ab18f9d845a20049457fca92ef47639e refs/heads/main
template: describe-stacks-all-sections:35: function "SessionName" not defined
Error: Process completed with exit code 1.
Andrew Ochsneralmost 2 years ago
Curious what the right approach is or how to do what i'm trying to do. I'm in Azure land and defining policies via json that just gets jsondecoded and i create a resource...not unlike aws https://github.com/cloudposse/terraform-aws-service-control-policies/tree/main/catalog...
I am trying to figure out where the right place to put those files is and initially i'm thinking
I am trying to figure out where the right place to put those files is and initially i'm thinking
stacks/catalog/policy-definnitions But i'm not sure how to get the right path to flow throught ot he terraform component that lives in components/terraform/policy-definitions Am i just stuck needing to define those in the component itself?
Ryanalmost 2 years ago(edited)
Hey all - new to the updated Atmos - I'm trying to create a local repo to bounce a few ideas around but I'm unsuccessful thus far getting Atmos to path through a basic name pattern. It works in my work environment but I didn't do initial config, maybe I'm missing something.
Atmos.yaml -
stacks\example.yaml -
command -> atmos terraform plan fetch-location -s example
Thanks everyone, have a good weekend otherwise.
Atmos.yaml -
components:
terraform:
base_path: "components/terraform"
stacks:
base_path: "stacks"
name_pattern: "{stage}"
schemas:
jsonschema:
base_path: "stacks/schemas/jsonschema"
opa:
base_path: "stacks/schemas/opa"
atmos:
manifest: "stacks/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json"stacks\example.yaml -
import: []
vars:
stage: example
terraform:
vars: {}
helmfile:
vars: {}
components:
terraform:
fetch-location:
vars: {}
fetch-weather:
vars: {}
output-results:
vars:
print_users_weather_enabled: true
helmfile: {}command -> atmos terraform plan fetch-location -s example
Thanks everyone, have a good weekend otherwise.
S
Selçuk KUBURalmost 2 years ago
Hello everyone , I’m trying to provision eks component but getting below issue when running atmos plan on this component “module.eks.data.utils_component_config.config” and it says failed to find a match for the import etc. any idea how I can fix that issue ?
Shivalmost 2 years ago(edited)
Hi Team,
Could you explain how changing a component’s location or stacks location in our atmos/Cloud Posse setup affects its state? Are there any recommended practices or considerations we should be aware of when moving components to different locations or environments to ensure ? If there is a documentation goes in detail that will do as well?
Thanks for your help.
Could you explain how changing a component’s location or stacks location in our atmos/Cloud Posse setup affects its state? Are there any recommended practices or considerations we should be aware of when moving components to different locations or environments to ensure ? If there is a documentation goes in detail that will do as well?
Thanks for your help.
Rafael Oliveiraalmost 2 years ago(edited)
Hi team, I'm looking to build a single ECS cluster on a multi-tenant setup which has multiple different domains. However, the component appears to be tied to a single DNS zone according to the children (dns-primary and dns-delegated)
As I have these domains on an external registrar, I've tried to disable dns-delegated but it throws the error below:
I'm assuming by checking the code that it's a 1-1 relationship, but I'm wondering if I'm doing something wrong or there's an alternative to use a single ECS cluster with multiple (isolated) clients.
References:
• https://github.com/cloudposse/terraform-aws-components/tree/main/modules/ecs
• https://github.com/cloudposse/terraform-aws-components/tree/main/modules/dns-primary
• https://github.com/cloudposse/terraform-aws-components/tree/main/modules/dns-delegated
As I have these domains on an external registrar, I've tried to disable dns-delegated but it throws the error below:
Error: Attempt to get attribute from null value
│
│ on main.tf line 9, in locals:
│ 9: acm_certificate_domain = try(length(var.acm_certificate_domain) > 0, false) ? var.acm_certificate_domain : try(length(var.acm_certificate_domain_suffix) > 0, false) ? format("%s.%s.%s", var.acm_certificate_domain_suffix, var.environment, module.dns_delegated.outputs.default_domain_name) : format("%s.%s", var.environment, module.dns_delegated.outputs.default_domain_name)I'm assuming by checking the code that it's a 1-1 relationship, but I'm wondering if I'm doing something wrong or there's an alternative to use a single ECS cluster with multiple (isolated) clients.
References:
• https://github.com/cloudposse/terraform-aws-components/tree/main/modules/ecs
• https://github.com/cloudposse/terraform-aws-components/tree/main/modules/dns-primary
• https://github.com/cloudposse/terraform-aws-components/tree/main/modules/dns-delegated
Marat Bakeevalmost 2 years ago
Hi everyone, atmos newbie here.
Could anyone explain, why would I want to exclude
Example file excludes it, and I've been blindly copying it ever since, but want to understand the why... thanks!
Could anyone explain, why would I want to exclude
providers.tf in atmos's vendor.yaml file?Example file excludes it, and I've been blindly copying it ever since, but want to understand the why... thanks!
Royalmost 2 years ago(edited)
Hey Guys! I'm currently exploring Atmos for our company. I have one question regarding stack's var sections – is there any equivalent of
jsonencode (or just possibility of passing pure yaml)? As we are using TF also to configure our SaaS solutions it is sometimes impossible to fit into TF type system, for that cases we stringify input and this functionality is quite hard requirement then. I couldn't find any clue on the web. Thanks for any info!
Monish Devendranalmost 2 years ago
is there atmos docker image ?