🚀 Enhancements
fix(auth): skip identity resolution in describe when functions disabled @johncblandii (#2262)
## what- Skip identity resolution in all four describe commands (
describe component,describe stacks,describe affected,describe dependents) when--process-functions=false - Use
cmd.Flags().Changed(IdentityFlagName)instead ofidentityName != ""so that only an explicit--identityCLI flag bypasses the guard —ATMOS_IDENTITYenv vars no longer trigger auth when functions are disabled - Add 10 regression tests covering: auth skipped when functions disabled, env var doesn't bypass guard, explicit
--identityflag forces auth, and unit tests for theChangedvs env var distinction
why
- When all YAML functions are disabled via
--process-functions=false, describe commands were still attempting identity resolution (SSO login, credential fetching, etc.) - YAML functions (
!terraform.state,!terraform.output) are the only consumers of auth credentials during describe — no functions means no auth needed - The original guard treated env vars (
ATMOS_IDENTITY) as equivalent to explicit CLI flags, causing auth to run even when the user only wanted raw config inspection - This caused unnecessary authentication prompts/errors in CI and local development
references
- Affects
cmd/describe_component.go,cmd/describe_stacks.go,cmd/describe_affected.go,cmd/describe_dependents.go
Summary by CodeRabbit
-
Bug Fixes
- Describe commands now skip unnecessary authentication resolution unless YAML functions processing is enabled or an identity flag was explicitly provided, avoiding spurious auth errors and improving reliability.
-
Tests
- Added regression tests covering auth-skip behavior across describe commands and verifying explicit identity-flag vs environment-variable semantics.
-
Refactor
- Reworked describe command wiring to improve dependency injection and execution plumbing for component description.
fix: add actionable hints and doc links to Atmos Pro API errors @osterman (#2264)
## what- Wrap all Atmos Pro API errors in the Error Builder pattern with status-specific hints and documentation links
- Add
ui.Success/ui.Errormessages when--uploadcompletes or fails (previously silent on success, swallowed on failure) - Consolidate fragmented hints into self-contained statements (each hint gets its own lightbulb icon)
- Remove duplicate quickstart links from 404 hints
- Replace
fmt.Errorferror wrapping witherrors.Join+buildProAPIErroracross all Pro API paths (uploads, lock/unlock, OIDC exchange)
why
- Users seeing a 403 from Atmos Pro had no guidance on what to do — the error message was opaque (e.g.
API request failed with status 403). The most common cause is per-repo permissions not being configured. - Each HTTP status now links to the most relevant Atmos Pro doc page:
- 403 → Permissions + Quickstart
- 401 → GitHub Workflows + Authentication
- 404 → Install
- 5xx → Troubleshooting
- Successful uploads were completely silent — users had no confirmation the upload worked
- Upload failures were silently swallowed (
log.Warnonly) — now they surface as proper errors with hints
references
- Triggered by user report: 403 on
atmos describe affected --uploadwith no actionable guidance - Atmos Pro docs: https://atmos-pro.com/docs/learn/permissions
Summary by CodeRabbit
-
Bug Fixes
- API errors now include richer context (HTTP status, operation, trace IDs) and status-specific troubleshooting hints; non-JSON responses include a troubleshooting link. Token exchange and lock/unlock failures surface improved, consistent error information.
-
New Features
- User-facing success and error notifications when uploading affected stacks.
-
Tests
- Added tests validating status-specific hints, non-JSON error handling, and trace ID presence.