github cloudposse/atmos v1.212.1-rc.0
on GitHub

latest release: v1.213.0-test.4
pre-releaseone hour ago

🚀 Enhancements

fix: thread auth identity through describe/list affected for S3 state reads @osterman (#2250) ## what
  • Thread AuthManager through the entire describe affected call chain so ExecuteDescribeStacks receives the identity credentials instead of nil
  • Fix GetTerraformState to use the resolved component-specific AuthContext for S3 backend reads instead of the (potentially nil) passed-in authContext
  • Add per-component identity resolution in ExecuteDescribeStacks gated behind processYamlFunctions, so each component can use its own identity for !terraform.state reads
  • Wire the --identity / -i flag through the list affected command, which had the flag registered (inherited from listCmd) but never read it or created an AuthManager

why

  • Customer reported atmos list affected --ref refs/heads/main failing with S3 auth errors despite valid atmos auth identity
  • Debug logs showed resolveAuthManagerForNestedComponent correctly created per-component AuthManagers, but the credentials were never used for the actual S3 GetObject call
  • Four independent bugs: (1) AuthManager dropped in describe affected call chain, (2) GetTerraformState ignored resolved AuthContext for backend reads, (3) no per-component identity resolution in ExecuteDescribeStacks, (4) list affected never read the --identity flag
  • Running inside atmos auth shell worked because it sets ATMOS_IDENTITY env var (viper fallback), but explicit -i admin-account was silently ignored by list affected

references

  • docs/fixes/2026-03-25-describe-affected-auth-identity-not-used.md — detailed fix documentation
  • docs/fixes/nested-terraform-state-auth-context-propagation.md — original nested auth fix
  • docs/fixes/2026-03-03-yaml-functions-auth-multi-component.md — multi-component auth fix

Summary by CodeRabbit

  • New Features

    • Added --identity flag to list affected for explicit identity selection.

  • Bug Fixes

    • Ensure authentication context is propagated into affected/describe flows.
    • Terraform backend state reads now use the resolved identity/auth for S3.
    • Per-component identity resolution applied during stack processing.

  • Documentation

    • Added end-to-end fix description for affected/describe identity handling.

  • Tests

    • Added and updated tests covering identity parsing and auth-manager propagation.
fix: preserve deleted and deletion_type fields in upload strip @milldr (#2249) ## What

Preserve deleted and deletion_type fields in StripAffectedForUpload so they reach Atmos Pro when using --upload.

Why

StripAffectedForUpload constructs a new schema.Affected with only the fields needed by Atmos Pro, but it was missing Deleted and DeletionType. This caused deleted components to arrive at Atmos Pro without their deletion metadata, making them appear as "disabled" instead of "deleted".

References

Summary by CodeRabbit

  • Bug Fixes
    • Fixed an issue where deletion-related information was not being properly preserved during the data upload process.
Check out latest releases or
releases around cloudposse/atmos v1.212.1-rc.0

Don't miss a new atmos release

NewReleases is sending notifications on new releases.

Get notifications