github cloudposse/atmos v1.41.0
on GitHub

latest releases: v1.88.1, v1, v1.88.0...
14 months ago

what

  • Add exampes and tests for validation of components with multiple hierarchical inheritance

why

  • Show that the settings.validation section is inherited all the way down the inheritance chain, even when using multiple abstract bae components, and atmos validate component command executes the validation policies placed at any level of the inheritance hierarchy

    • base-component-1 is an abstract component, and it has the settings.validation section defined using an OPA policy
    • base-component-3 is an abstract component that inherits from the base-component-1 abstract component
    • base-component-4 is an abstract component that inherits from the base-component-3 abstract component (and, by Multilevel Inheritance, from the base-component-1 component
    • derived-component-3 is a real component that inherits from the base-component-4 component (and from base-component-3 and base-component-1 components) 
components:
  terraform:
    base-component-1:
      metadata:
        type: abstract
        component: "test/test-component"
      settings:
        validation:
          check-test-component-config-with-opa-policy:
            schema_type: opa
            # 'schema_path' can be an absolute path or a path relative to 'schemas.opa.base_path' defined in `atmos.yaml`
            schema_path: "test-component/validate-test-component.rego"
            description: Check 'test/test-component' configuration using OPA policy
      vars:
        service_1_name: "base-component-1-service-1"
        service_2_name: "base-component-1-service-2"

    base-component-3:
      metadata:
        type: abstract
        component: "test/test-component"
        inherits:
          - base-component-1
      vars:
        service_1_name: "base-component-3-service-1"
        service_2_name: "base-component-3-service-2"

    base-component-4:
      metadata:
        type: abstract
        component: "test/test-component"
        inherits:
          - base-component-3
      vars:
        service_1_name: "base-component-4-service-1"
        service_2_name: "base-component-4-service-2"

    derived-component-3:
      metadata:
        component: "test/test-component"
        inherits:
          - base-component-4
      vars:
        enabled: true
        service_1_name: "bad-name"

When running the command atmos validate component derived-component-3 -s tenant1-ue2-test-1, Atmos finds the validation section from the inheritance chain (in base-component-1) and outputs the following error: 

Validating the component 'derived-component-3' using 'opa' file 'test-component/validate-test-component.rego'

'service_1_name' variable length must be greater than 10 chars

The settings.validation section can be defined at any level of the inheritance chain (can be placed on base-component-1, base-component-3, base-component-4 or derived-component-3, and the command atmos validate component derived-component-3 -s tenant1-ue2-test-1 finds it and outputs the same error.

The inheritance chain shown above works and produces the following final variables: 

atmos describe component derived-component-3 -s tenant1-ue2-test-1
vars:
  enabled: true
  environment: ue2
  namespace: cp
  region: us-east-2
  service_1_name: bad-name
  service_2_name: base-component-4-service-2
  stage: test-1
  tenant: tenant1

references

  • To test the issue described in #404
Check out latest releases or
releases around cloudposse/atmos v1.41.0

Don't miss a new atmos release

NewReleases is sending notifications on new releases.

Get notifications