🚀 Enhancements
fix: Resolve assume role issues and improve error handling @aknysh (#1938)
## what- Fix panic when using
!terraform.outputwith authentication enabled - Fix silent/confusing errors when referenced component is missing in template functions
- Add comprehensive documentation for env template function behavior
- Document
base_pathbehavior change as a breaking change in changelog
why
Issue #1921: Panic in !terraform.output with Authentication
When using !terraform.output with AWS SSO authentication, Atmos panicked with:
panic: authContextWrapper.GetChain should not be called
Root Cause: The authContextWrapper.GetChain() method was implemented as a panic stub, but the auth system evolution now calls this method during nested component resolution.
Fix: Changed GetChain() to return an empty slice instead of panicking. An empty chain means no inherited identity from the wrapper, so nested components use their own defaults.
Issue #1030: Missing Component Results in Silent Failure
When using template functions like atmos.Component() or !terraform.output to reference components that are removed from configuration, Atmos produced confusing errors or silent failures.
Root Cause: The ErrInvalidComponent error chain was preserved when wrapping errors from DescribeComponent. This caused the component type fallback logic (detectComponentType()) to incorrectly trigger, producing misleading "component not found as Helmfile/Packer" errors instead of clear "referenced component missing" errors.
Fix: Added WrapComponentDescribeError() helper in errors/error_funcs.go that breaks the ErrInvalidComponent chain using %v instead of %w formatting, ensuring errors about referenced components are returned immediately with clear messages.
Env Template Function Analysis (Not a Bug)
Investigated user report that env template function returns empty strings while .vars.* works correctly. Analysis confirmed this is expected behavior:
-
The
envfunction is from Sprig and callsos.Getenv() -
When an env var is NOT set, it returns empty string (standard Go behavior)
-
.vars.*works because it comes from stack YAML config passed to template -
User needs to ensure env vars are set before running atmos commands
-
Generated files (backend.tf.json) looking correct is from cached runs when vars WERE set
-
Closes #1909
Document base_path Behavior Change
A recent Atmos CLI change (v1.202.0) altered how base_path is interpreted in atmos.yaml. Previously, base_path: "" was implicitly treated as the current directory. Now it triggers git root discovery.
Impact: Users with multiple Atmos projects in a single repo, or where the Atmos project root differs from the git root, must update their configuration:
# Before (no longer works as expected)
base_path: ""
# After (explicit current directory)
base_path: "."Fix: Added breaking change blog post to the changelog documenting:
- The behavior change and affected versions
- Who is affected (multi-project repos, non-git-root configs)
- Migration steps with examples
- Path resolution semantics table
references
Testing
- Unit tests: All new functionality covered with tests
- Error chain verification: Tests use
assert.NotErrorIs()to verify chain is broken - Regression test:
TestAuthContextWrapper_GetChain_NoLongerPanicsprevents future panics - Env function tests: Document expected behavior when env vars are/aren't set
Summary by CodeRabbit
-
Bug Fixes
- Prevented incorrect error propagation when describing missing components and eliminated panics during authenticated Terraform output handling, improving error stability and clarity.
-
Tests
- Added regression tests for component error wrapping, auth-chain behavior, and template env-var rendering (populated and unset scenarios).
-
Documentation
- Added a troubleshooting guide for Terraform output issues and a blog post explaining base_path behavior changes and migration guidance.
-
Diagnostics
- Added debug logging for YAML/template function errors.
✏️ Tip: You can customize this high-level summary in your review settings.