github cloudposse/atmos v1.45.0

latest releases: v1.105.0, v1, v1.104.0...
14 months ago

what

  • Add dependencies on external files and folders to settings.depends_on
  • Fix context inheritance in Atmos imports with Go templates with Multiple inheritance
  • Add/update docs

why

  • Add dependencies on external files and folders to settings.depends_on. Allow specifying that an Atmos component depends on external files or folders. When the files or folders are modified, the command atmos describe affected will detect that and include the dependent component to the affected output list. This is used to specify dependencies on external files and folders to trigger the affected stacks in GitHub Actions and Spacelift

    Dependencies on external files (not in the component's folder) are defined using the file attribute in the settings.depends_on map. For example:

    components:
      terraform:
        top-level-component3:
          metadata:
            component: "top-level-component1"
          settings:
            depends_on:
              1:
                file: "examples/complete/components/terraform/mixins/introspection.mixin.tf"

    In the configuration above, we specify that the Atmos component top-level-component3 depends on the file
    examples/complete/components/terraform/mixins/introspection.mixin.tf (which is not in the component's folder). If the file gets modified, the component top-level-component3 will be included in the atmos describe affected command output. For example:

      [
        {
          "component": "top-level-component3",
          "component_type": "terraform",
          "component_path": "components/terraform/top-level-component1",
          "stack": "tenant1-ue2-test-1",
          "stack_slug": "tenant1-ue2-test-1-top-level-component3",
          "atlantis_project": "tenant1-ue2-test-1-top-level-component3",
          "affected": "file",
          "file": "examples/complete/components/terraform/mixins/introspection.mixin.tf"
        }
      ]

    Dependencies on external folders are defined using the folder attribute in the settings.depends_on map.
    For example:

    components:
      terraform:
        top-level-component3:
          metadata:
            component: "top-level-component1"
          settings:
            depends_on:
              1:
                file: "examples/complete/components/terraform/mixins/introspection.mixin.tf"
              2:
                folder: "examples/complete/components/helmfile/infra/infra-server"

    In the configuration above, we specify that the Atmos component top-level-component3 depends on the folder
    examples/complete/components/helmfile/infra/infra-server. If any file in the folder gets modified,
    the component top-level-component3 will be included in the atmos describe affected command output. For example:

      [
        {
          "component": "top-level-component3",
          "component_type": "terraform",
          "component_path": "components/terraform/top-level-component1",
          "stack": "tenant1-ue2-test-1",
          "stack_slug": "tenant1-ue2-test-1-top-level-component3",
          "atlantis_project": "tenant1-ue2-test-1-top-level-component3",
          "affected": "folder",
          "folder": "examples/complete/components/helmfile/infra/infra-server"
        }
      ]
  • Fix context inheritance in Atmos imports with Go templates with Multiple inheritance. The multiple inheritance of the context in imports with hierarchical Go templates had an issue which was not detected by the tests. Now the hierarchical configurations like the following are working:

# examples/complete/stacks/catalog/terraform/service-iam-role/defaults.tmpl
components:
  terraform:
    service-iam-role/{{ .app_name }}/{{ .service_environment }}:
      metadata:
        component: infra/service-iam-role
      settings:
        spacelift:
          workspace_enabled: false
      vars:
        enabled: {{ .enabled }}
        tags:
          Service: {{ .app_name }}
        service_account_name: {{ .app_name }}
        service_account_namespace: {{ .service_account_namespace }}
        {{ if hasKey . "iam_managed_policy_arns" }}
        iam_managed_policy_arns:
          {{ range $i, $iam_managed_policy_arn := .iam_managed_policy_arns }}
          - '{{ $iam_managed_policy_arn }}'
          {{ end }}
        {{ end }}
        {{ if hasKey . "iam_source_policy_documents" }}
        iam_source_policy_documents:
          {{ range $i, $iam_source_policy_document := .iam_source_policy_documents }}
          - '{{ $iam_source_policy_document }}'
          {{ end }}
        {{ end }}
# examples/complete/stacks/catalog/terraform/service-iam-role/webservices/defaults.tmpl
import:
  - path: catalog/terraform/service-iam-role/defaults.tmpl
    context:
      enabled: true
      app_name: webservices
      iam_managed_policy_arns:
        - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
        - arn:aws:iam::aws:policy/AmazonKinesisFullAccess
# examples/complete/stacks/catalog/terraform/service-iam-role/webservices/prod.defaults.tmpl
import:
  - path: catalog/terraform/service-iam-role/webservices/defaults.tmpl
    context:
      iam_managed_policy_arns:
        - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
        - arn:aws:iam::aws:policy/AmazonKinesisFullAccess
        - arn:aws:iam::aws:policy/AmazonS3FullAccess
        - arn:aws:iam::aws:policy/AmazonSNSFullAccess
        - arn:aws:iam::aws:policy/AmazonSQSFullAccess
        - arn:aws:iam::aws:policy/AmazonECS_FullAccess
        - arn:aws:iam::aws:policy/CloudWatchFullAccess
        - arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess
        - arn:aws:iam::aws:policy/CloudFrontFullAccess
# examples/complete/stacks/catalog/terraform/service-iam-role/webservices/prod.yaml
import:
  - path: catalog/terraform/service-iam-role/webservices/prod.defaults.tmpl
    context:
      service_account_namespace: prod
      service_environment: prod
# examples/complete/stacks/orgs/cp/tenant2/prod/us-east-2.yaml
import:
  - catalog/terraform/service-iam-role/webservices/prod
atmos describe component service-iam-role/webservices/prod -s tenant2-ue2-prod

The iam_managed_policy_arns variable is correctly inherited from examples/complete/stacks/catalog/terraform/service-iam-role/webservices/prod.defaults.tmpl

Don't miss a new atmos release

NewReleases is sending notifications on new releases.