Atlantis: Feature Request: "atlantis unlock"

Created on 13 Aug 2019 · 16Comments · Source: runatlantis/atlantis

What:

An atlantis command to discard all locks on a PR. For congruity with other commands, accepting a specific project (-d path/to/project) would likely be helpful as well.

Why:

I opened up a pull request for our repository with 10 projects and due to the autoplan trigger rules, it locked 10+ projects for our team. This is fine, and the usual workflow that we would like, ... Except then my change turned out to need some extensive re-working, and the existing locks were blocking another team member.

With a few dozen clicks in the atlantis web UI I was able to discard all the plans+locks, but it seems like there should be a way to do this more easily with the familiar interface of pull request comments.

feature

Source

mikedougherty

👍21

Most helpful comment

Another use case is that I haven't really found the need to expose the UI. Since most interactions happen using PR's it would be nice to not require the UI _just for_ unlocking the PR.

The close + open PR trick works though so agreed its not urgent. But def a nice QoL improvement.

pratikmallya on 1 Mar 2020

👍5 🚀2

All 16 comments

You can achieve this by declining the PR, and then Atlantis will remove all of the locks.

kipkoan on 13 Aug 2019

Ah, I see - that makes sense and sounds like it will be useful to help streamline this set of actions when needed. IIRC it is possible to close a PR and re-open it at a later date, and I expect atlantis would do the friendly thing in that case, so maybe I'll give that a try going forward.

That said, in the GitHub workflow that we use, we aren't in the habit of closing PRs often - even when changes are needed (as in this case), we almost always amend the changeset and keep the ongoing conversation between developers all on the same pull request. This has also been the case with other teams I've worked on, so I don't think this is entirely out of the norm. Is there any appetite to adopt a feature similar to what I described to enable teams to continue without changes to their workflows?

Thanks!

mikedougherty on 14 Aug 2019

Maybe if the UI was organized per pull request and had a button to unlock all projects in a PR?

I think an atlantis unlock command is doable but if opening and closing a PR works then it might not be urgent.

lkysow on 14 Aug 2019

👍1

Maybe if the UI was organized per pull request and had a button to unlock all projects in a PR?

Yes, that also sounds like a viable way to expose this type of functionality. Good idea!

mikedougherty on 14 Aug 2019

Can it be per repo, then project/pr? That way we could unlock all projects in a repo?

kipkoan on 15 Aug 2019

Also it'd be great to unlock all repos with one click/api call.

kipkoan on 15 Aug 2019

There is also another nice security benefit of having an atlantis unlock. The comments below might be GitHub specific.
We currently firewall the traffic to atlantis. White-listing only the hook servers from Github and some internal addresses. For us it's simple because we have a VPN in place to access the internal network.
But for smaller teams it can be a PITA to have a link to click, that might be an external link.
It can also help with going forward if Atlantis decides to have an ACL for users. You at least get the USER_NAME context when working with hooks.

brodul on 17 Dec 2019

This would also be pretty useful for our team where multiple people are occasionally working on modules that lock several AWS plans. Unfortunately since our Atlantis instance isn't accessible to all developers they have to request that locks be removed (or work to have another developers PR approved and merged so the locks are available).

The issue gets even more interesting since we have teams of people who can't easily release their own locks in different time zones.

adzuci on 28 Jan 2020

👍5

Another use case is that I haven't really found the need to expose the UI. Since most interactions happen using PR's it would be nice to not require the UI _just for_ unlocking the PR.

The close + open PR trick works though so agreed its not urgent. But def a nice QoL improvement.

pratikmallya on 1 Mar 2020

👍5 🚀2

Wanted to 👍 this idea, not needing to deal with http access to atlantis apart from github webhook cidr ranges makes it far easier to deal with when corporate policy is an issue.

But it does look like this feature is being worked on in this PR https://github.com/runatlantis/atlantis/pull/1003

matthewellis-pp on 18 May 2020

Are locks stored on the local filesystem that Atlantis is running on? if so, it would be nice if the documentation show how to manually remove locks without using the UI

This page doesn't explain if there's a way to do it manually:
https://www.runatlantis.io/docs/locking.html#why

ghostsquad on 11 Aug 2020

They can't be removed via the filesystem. They're stored in the boltdb file
database. I suppose they could be deleted without Atlantis if you stopped
Atlantis and used a boltdb UI to delete them.

On Mon, Aug 10, 2020, 7:36 PM Wes McNamee notifications@github.com wrote:

Are locks stored on the local filesystem that Atlantis is running on? if
so, it would be nice if the documentation show how to manually remove locks
without using the UI

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/runatlantis/atlantis/issues/732#issuecomment-671689750,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAH4RPODQAJL6BU7HPCNX3TSACVD5ANCNFSM4ILOQKRA
.

lkysow on 11 Aug 2020

👍1

+1 on this idea. just had to remove 88 locks via UI as there's no easy way to do it. The PR was already declined while a plan was in progress (Issue #1202)