Atlantis: Allow Atlantis environment variables to be set in extra_args

Created on 3 Jun 2019 · 2Comments · Source: runatlantis/atlantis

Atlantis Version: 0.7.2
Description: Trying to use the Atlantis environment variables inside of a custom workflow inside the extra_arguments. I realized after testing it's only allowed in the run portion of a custom workflow

For my example, I'm trying to access the workspace, base repo name inside the extra arguments:

repos:
  projects:
    - name: test_dev
      dir: test
      apply_requirements: ["approved"]
      autoplan:
        when_modified: ["../test/*.terraform", "*.tf", "*.tfvars"]
      workspace: dev
      workflow: vault
workflows:
  vault:
    plan:
      steps:
        - init
        - plan:
            extra_args: [
              "-var vault_secret=$(/path/to/script/to/execute.rb $WORKSPACE $BASE_REPO_NAME)"
            ]

However, it doesn't correctly read the environment variable. Ideally I just want to inject a variable which relies on Atlantis set environment variables without re-defining the Terraform commands

Workaround

Define the custom workflow as run commands, ensuring that you account for selecting the workspace.

workflows:
  vault:
    plan:
      steps:
        - init
        - run: terraform workspace list | grep -q $WORKSPACE || terraform workspace new $WORKSPACE && terraform workspace select $WORKSPACE >> /dev/null
        - run: terraform plan -input=false -refresh -no-color -out $PLANFILE -var vault_secret=$(/path/to/script/to/execute.rb $WORKSPACE $BASE_REPO_NAME)

However, when I do this, the output of the command in the GitHub pull request isn't exactly the prettiest and I don't know why... Notice the red highlighted lines along with the output of the tfplan. Normally Atlantis hides this output. Any ideas on how to fix this would be greatly appreciated.

AtlantisPRWithCustomRun

feature

Source

rhughes1

👍2

Most helpful comment

@rhughes1 I was running into the same issue and I wanted to keep the workflow definition clean and simple. You can achieve that by using the TF_CLI_ARGS and TF_CLI_ARGS_name functionality of Terraform.

This is how my Workflow definition look:

- env:
    name: TF_CLI_ARGS_init
    command: echo "-backend-config=\"${PROJECT_NAME}-backend.tfvars\""
- env:
    name: TF_CLI_ARGS_plan
    command: echo "-var-file=env/common.tfvars -var-file=env/$PROJECT_NAME.tfvars"
- run: |
    cat > ${PROJECT_NAME}-backend.tfvars <<EOL
    bucket = "removed"
    key    = "${BASE_REPO_OWNER}/${BASE_REPO_NAME}/${PROJECT_NAME}/${WORKSPACE}.tfstate"
    region = "removed"
    EOL
- init
- run: tflint --var-file=env/common.tfvars --var-file=env/${PROJECT_NAME}.tfvars
- plan
- run: terraform-compliance -f ./compliance -p $PLANFILE --no-ansi

DanielRis on 17 Sep 2019

👍3

All 2 comments

However, when I do this, the output of the command in the GitHub pull request isn't exactly the prettiest and I don't know why

This is because the built-in plan step will delete that output for you (https://github.com/runatlantis/atlantis/blob/master/server/events/runtime/plan_step_runner.go#L232). You could implement this yourself in bash.

Implementation note for whoever implements this: should pass in the env vars from the *_step_runner's into the TerraformClient and extract the custom vars section from run_step_runner into a common function.

lkysow on 10 Jun 2019

This is how my Workflow definition look:

- env:
    name: TF_CLI_ARGS_init
    command: echo "-backend-config=\"${PROJECT_NAME}-backend.tfvars\""
- env:
    name: TF_CLI_ARGS_plan
    command: echo "-var-file=env/common.tfvars -var-file=env/$PROJECT_NAME.tfvars"
- run: |
    cat > ${PROJECT_NAME}-backend.tfvars <<EOL
    bucket = "removed"
    key    = "${BASE_REPO_OWNER}/${BASE_REPO_NAME}/${PROJECT_NAME}/${WORKSPACE}.tfstate"
    region = "removed"
    EOL
- init
- run: tflint --var-file=env/common.tfvars --var-file=env/${PROJECT_NAME}.tfvars
- plan
- run: terraform-compliance -f ./compliance -p $PLANFILE --no-ansi

DanielRis on 17 Sep 2019

👍3

Was this page helpful?

0 / 5 - 0 ratings