cloudposse/atmos v1.198.0-rc.3

on GitHub

• Replaced flaky schema validation test that depended on external URL (json.schemastore.org/bower.json) with comprehensive mock HTTP server implementation
• Updated test to use GitHub Actions workflow schema as a realistic, modern example instead of obsolete bower.json
• Test now validates three schema sources: file-based (package.json), HTTP (mock server), and inline JSON
• Includes complex schema features: patternProperties, oneOf, nested objects
• Multiple jobs workflow demonstrates real-world GitHub Actions usage

why

• External dependency on json.schemastore.org was causing test failures with 503 errors
• Bower.json is an obsolete package manager and not relevant to modern development
• Mock HTTP server eliminates network dependency and makes tests reliable and reproducible
• GitHub Actions workflows are widely used and more relevant for demonstrating schema validation
• Tests should be independent of external services to ensure consistent CI/CD execution

references

• Fixes flaky test failures when jsonschema.org has service interruptions
• Uses httptest.NewServer for controlled, offline test execution
• All test files created in temporary directory via t.TempDir() for proper test isolation

• This improves the user experience for the list_components and list_stacks commands by providing clearer feedback when no results are found. Instead of displaying nothing, the commands now print a helpful message to inform the user.

what

• cmd/list_components.go: Added a message to inform the user when no components are found, using the appropriate color for informational messages.
• cmd/list_stacks.go: Added a message to inform the user when no stacks are found, using the appropriate color for informational messages.

usage

Example usage:

❯ atmos list components
cp/configuration

❯ atmos list stacks
acme
lab

❯ atmos list stacks -c cp/configuration
acme
lab

❯ atmos list stacks -c cp/not-a-component
No stacks found

Summary by CodeRabbit

• Bug Fixes
  • Commands now print a clear informational message when no components or stacks are found instead of emitting empty output.
• Tests
  • Expanded test coverage for empty-result and no-match scenarios, including integration-style checks to validate behavior when components or stacks are missing.

• Added automatic OpenTofu 1.8+ module source interpolation support
• Implemented two-tier OpenTofu detection (fast path: basename check, slow path: version command)
• Added intelligent validation skipping for OpenTofu-specific features
• Created comprehensive test suite with 67+ unit tests and 3 integration tests
• Added complete user documentation for OpenTofu 1.8+ features
• Fixed linter warnings by creating named constant for repeated string literal

why

• Users with OpenTofu 1.8+ were unable to use module source variable interpolation (source = "${var.context.build.module_path}") because Atmos's terraform-config-inspect validation rejected it before any OpenTofu commands could execute
• The validation library uses Terraform's HCL parser which doesn't support OpenTofu-specific syntax
• Zero-configuration solution ensures users don't need manual workarounds or special flags
• Automatic detection respects user's configured command (when using command: "tofu")
• Enables dynamic module loading based on runtime configuration

references

• Closes #1753
• OpenTofu 1.8.0 Release Notes
• PRD: docs/prd/opentofu-module-source-interpolation.md

Summary by CodeRabbit

Release Notes

• New Features

  • Automatic OpenTofu 1.8+ module source interpolation support enabled with zero-configuration requirements
  • Validation errors for known OpenTofu-specific patterns are automatically skipped
  • Full backward compatibility maintained for Terraform users

• Documentation

  • Added comprehensive guide for OpenTofu 1.8+ module source interpolation support
  • Included configuration examples, migration notes, and troubleshooting guidance

• Chores

  • Updated dependencies

• Fixed MFA authentication issue where users had to run atmos auth user configure every ~30 seconds
• Session tokens no longer overwrite long-lived credentials in keyring
• Credential expiration times now display in user's local timezone instead of UTC

why

• Session tokens were being cached in keyring, overwriting the long-lived credentials needed for subsequent authentication attempts
• This caused users to lose their MFA configuration and session duration settings after the first authentication
• Timezone inconsistency made it confusing for users to understand when credentials would expire (UTC vs local time)

references

• Internal Slack discussion about MFA authentication failures
• Session tokens are already persisted to AWS credential files via LoadCredentials() - no benefit to caching them in keyring
• Long-lived credentials in keyring are needed to generate new session tokens

Summary by CodeRabbit

• New Features

  • Session tokens are no longer cached, preserving long-lived credentials in storage.

• Bug Fixes

  • Credential expiration timestamps now display in local timezone for improved readability.

• Tests

  • Added validation for session token handling and long-lived credential preservation.

• Chores

  • Updated ignore rules for temporary analysis files.