cloudposse/atmos v1.180.0

on GitHub

why

• Use this workflow to generate a PR will a formatted screengrab
• We want to use these screengrabs for docs

references

• #934

Summary by CodeRabbit

• Chores
  • Introduced a new workflow to automate the generation and updating of screengrabs for Atmos documentation, streamlining the process via a manual trigger and automated pull requests.
  • Improved cross-platform compatibility for screengrab generation scripts, enhancing support for both macOS and Linux environments.
  • Updated screengrab installation path capitalization and disabled output paging for smoother terminal display.

Move the Atmos Pro config to the Atmos settings

why

To follow the same canonical pattern we are using to read settings for other parts of the Atmos application.

Summary by CodeRabbit

Summary by CodeRabbit

• New Features
  • Introduced structured configuration options for Atmos Pro integration, including support for specifying base URL, endpoint, API token, workspace ID, and GitHub OIDC settings.
• Refactor
  • Updated API client initialization and related commands to use the new configuration structure, improving clarity and maintainability.
• Tests
  • Refactored tests to align with the new configuration approach, removing reliance on environment variables and enhancing test reliability.

update viper config to read odic env vars

why

the env vars aren't currently bound the configuration, so they're not being read

Summary by CodeRabbit

• Chores
  • Updated environment variable handling for GitHub OIDC token retrieval to improve configuration consistency.
  • Simplified and enhanced tests related to GitHub OIDC token fetching and error handling.

Debugging atmos pro oidc exchange

why

Something isn't working properly in GHA

Summary by CodeRabbit

• Bug Fixes

  • Improved error handling and consistency of error messages during authentication and API interactions.

• Chores

  • Enhanced debug logging to provide more detailed information during API client setup, environment configuration, and network requests.
  • Updated method signatures and test cases for improved data handling in API requests.

• Replace all references to app.cloudposse.com with atmos-pro.com
• Update the ExchangeGitHubOIDCTokenResponse DTO to have the correct shape
• Move all DTOs into their own sub-folder
• Improve test coverage

why

To make the oidc exchange work properly

Summary by CodeRabbit

• New Features

  • Introduced new data structures to standardize interactions with Atmos Pro API, including support for stack locking, unlocking, affected stacks upload, and GitHub OIDC authentication workflows.

• Bug Fixes

  • Improved error handling and messaging for authentication and API communication scenarios.

• Documentation

  • Updated command help texts and documentation links to reference the new "atmos-pro.com" domain.

• Style

  • Cleaned up whitespace and formatting in configuration and help output.

• Tests

  • Added comprehensive tests for stack locking, unlocking, affected stacks upload, and authentication flows to ensure robust client behavior.

• Chores

  • Updated configuration files and integration endpoints to use "atmos-pro.com" instead of "app.cloudposse.com".

This pull request introduces significant enhancements to the AtmosProAPIClient to support GitHub OIDC token-based authentication, improve error handling, and add corresponding unit tests. The changes include the addition of new constants, error definitions, helper functions for OIDC token management, and updates to existing methods to handle the new authentication flow.

Authentication Enhancements:

• Added support for GitHub OIDC token-based authentication as a fallback when the API token is not provided. (pkg/pro/api_client.go, pkg/pro/requests.go) [1] [2] [3]
• Introduced helper functions getGitHubOIDCToken and exchangeOIDCTokenForAtmosToken to retrieve and exchange OIDC tokens for Atmos Pro tokens. (pkg/pro/api_client.go)

Error Handling Improvements:

• Centralized error definitions for better maintainability and consistency. (pkg/pro/api_client.go)
• Updated error messages across multiple methods to use formatted error constants. (pkg/pro/api_client.go) [1] [2] [3] [4] [5] [6] [7]

Configuration Updates:

• Replaced os.Getenv with viper.GetString for environment variable management, enabling better configuration handling. (pkg/pro/api_client.go)
• Added a new environment variable ATMOS_PRO_WORKSPACE_ID for OIDC authentication. (pkg/config/const.go)

Unit Tests:

• Added comprehensive unit tests for OIDC authentication, including scenarios for successful authentication, fallback to API token, and failure cases. (pkg/pro/api_client_test.go)

Struct Additions:

• Defined new request and response structs for OIDC token exchange (GitHubOIDCAuthRequest, GitHubOIDCAuthResponse, GitHubOIDCResponse). (pkg/pro/requests.go)

why

Currently all the Atmos Pro functionality reads the API token out of the environment. We should leave that in place, but should use that token second only if we can't exchange an OIDC token for an Atmos token.

references

• DEV-3258

Summary by CodeRabbit

• New Features

  • Added support for authentication using GitHub OIDC tokens as a fallback when an API token is not set.
  • Updated default API base URL and endpoint to new Atmos Pro service addresses.
  • Enhanced error reporting with more detailed and consistent error messages during authentication and API interactions.

• Bug Fixes

  • Improved handling of missing authentication credentials, providing clearer error messages when both OIDC and API tokens are unavailable.

• Tests

  • Introduced new tests to validate OIDC and API token authentication flows, including fallback scenarios and error handling.