cloudposse/atmos v1.204.0-rc.1

on GitHub

• Add generate section to stack config inheritance pipeline with full support for base components, component-level overrides, and component overrides
• Implement atmos terraform generate files command with --all, --dry-run, and --clean flags for generating auxiliary configuration files
• Add auto_generate_files: true configuration option to automatically generate files during terraform operations
• Extension-aware serialization: .json, .yaml, .yml files serialize in their respective formats, .tf and .hcl files generate valid HCL
• Go template support: String values in generate sections are processed as Go templates with full access to component context
• Update all integration test snapshots to reflect new auto_generate_files configuration field

why

Teams often need to generate auxiliary configuration files alongside Terraform components—files like .tool-versions, terragrunt.hcl shims for gradual migration, or environment-specific locals. This feature brings file generation directly into Atmos's declarative configuration model, maintaining the principle that infrastructure configuration should be fully described in YAML and reproducible from stack manifests. The inheritance support ensures teams can define common generate patterns in base components while allowing component-specific customization.

references

• Implements declarative file generation PRD
• Feature branch: osterman/generate-section-prd

Summary by CodeRabbit

• New Features

  • Added declarative file generation for Terraform components via new generate sections in stack configurations.
  • New atmos terraform generate files command to automatically create auxiliary configuration files.
  • Support for extension-aware serialization (JSON, YAML, HCL, Terraform).
  • Go template processing for dynamic content in generated files.
  • Dry-run mode to preview generated files without writing.
  • Multi-level configuration inheritance for generated files.
  • Auto-generation toggle via auto_generate_files configuration.

• Documentation

  • Added comprehensive guides for declarative file generation and CLI usage.

• Tests

  • Added extensive test coverage for file generation and cleanup workflows.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[!NOTE]
This is my first PRD, so any feedback is appreciated!

Add PRD for native Okta authentication as a first-class identity provider in Atmos. Unlike the existing SAML-based integration, this introduces dedicated okta/* providers enabling:

• OAuth 2.0 Device Authorization Grant for CLI authentication
• Direct Okta API access with automatic token refresh
• AWS/Azure/GCP federation via OIDC (AssumeRoleWithWebIdentity)
• XDG-compliant credential storage (~/.config/atmos/okta/)

why

• Provides implementation reference following established auth patterns (AWS, Azure PRDs)
• Addresses user requests for native Okta support without browser-based SAML

Test plan

• PRD follows universal file isolation pattern
• Code samples reviewed for Atmos conventions
• Implementation checklist is complete and actionable

references

• #1884

Summary by CodeRabbit

• Documentation
  • Added a comprehensive Okta PRD defining goals, use cases (AWS OIDC federation, API access, multi-cloud), technical specification, token/file isolation and storage guidance, phased implementation roadmap, testing and security considerations, example policies, and an implementation checklist.
• Chores
  • Added a roadmap milestone for Native Okta Authentication (Device Code Flow).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

• Added extensible ImportAdapter interface for pluggable import sources
• Implemented ImportAdapterRegistry with lazy initialization and thread-safe registration
• Created GoGetterAdapter handling http, https, git, s3, oci, and other remote schemes
• Created LocalAdapter as default fallback for filesystem paths
• Created MockAdapter for testing with mock:// scheme
• Unified import handling via registry pattern instead of if/else chains
• Removed obsolete functions (isRemoteImport, processRemoteImport, processLocalImport, downloadRemoteConfig)
• Added comprehensive adapter tests with 90%+ coverage

why

• Extensible design: New import sources (terragrunt://, etc) can be added without modifying core logic
• Clear separation of concerns: Each adapter handles its own scheme
• Testability: Mock adapter enables unit testing without external dependencies
• Thread-safe: Lazy initialization with sync.Once prevents import cycles and race conditions
• Reduced complexity: Unified registry replaces scattered conditional logic
• Better error handling: Adapters can implement their own error strategies

references

• Implements design from docs/prd/import-adapter-registry.md
• Resolves circular dependency issues with lazy adapter initialization
• Provides foundation for future adapters (terragrunt, etc)

Summary by CodeRabbit

• New Features

  • Unified, extensible import adapter system enabling custom schemes, adapter-first routing, and improved handling of nested imports.

• Tests

  • Expanded adapter-focused tests covering routing, error handling, nested imports, mock scenarios, and registry behavior.

• Documentation

  • Added a detailed PRD for the Import Adapter Registry with architecture, examples, and phased rollout.

• Chores

  • Bumped Atmos version in build/config and added a roadmap milestone for the adapter registry.

_{✏️ Tip: You can customize this high-level summary in your review settings.}