-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support and document -replace
(since terraform taint
subcommand is deprecated)
#527
Comments
I like this idea but I'd like to see it implemented as a file per project where the file lives in the project root. I could see a global file getting out of hand for larger repositories such as the one I manage containing over 250 projects. |
@k4k as I stated in #217 (comment) I don't think committing a file to SCM to taint resources is a good idea, what happens if someone does not then remove it before it gets merged? How would it know between the first and possibly multiple iterations (amending commits, running |
The idea with commiting a file is that atlantis will remove it after parsing it and tainting the resources. So the flow would be as follows:
With atlantis locks we should be ok, and since atlantis will delete the file, it's never actually committed to master. I do like the single comment idea. Only downside, is if someone just wants to run |
Not sure on how best to handle that. You could just add a comment to the file as to why and when you are but that also feels odd. I think it shares some commonality with #263. |
I am glad I've found this discussion, building on previous suggestions I was thinking something along the lines:
I think this apprach is closely related to the one suggested by @marcb1 but fixes the issue with an empty Pull Request being made. The differences being:
On the implementation side, Atlantis would have to look for Do you spot any problems I don't with that approach? |
I think a custom workflow would work to pass resources to taint via the PR comment. Looking at the notes here, there is a
This could also be extended to support untaint and import (#217). |
Not sure if there's been any progress on this yet, but I'd like to add my two cents. Every time I've needed to taint recently, it would have been sufficient to just have an For my needs, that would add enough of a record of the taint to the PR comment thread. |
Looks like Terraform 0.15.2 introduces the |
We’re an update away from TF15 but that would do the trick for me. |
|
@piotr-vimn Fine, then we need the ability to use the |
@grimm26 You can do this by passing the option as a comment arg i.e. `atlantis plan -- -replace="the_resource.the_name" |
@georgekaz I did not realize this because I run a custom workflow. I'm trying to incorporate COMMENT_ARGS now but it is painful. |
@grimm26 I'm annoyed with myself because I probably posted the answer you need in my previous comment and then removed it because I didn't want to assume. This or similar works:
|
@georgekaz I got way more involved than that in order to support indexed resources like
The extra escaping and whatever in the yaml and the |
atlantis taint
subcommand
@georgekaz I tried using the I want to recreate the user's password |
@SamuelMolling try passing in a
|
You folks are right, the And the |
atlantis taint
subcommand-replace
(since terraform taint
subcommand is deprecated)
Hey @nitrocode, i try too. Same problem. atlantis plan -d users/teste -- -replace="random_password.default" |
I tried to do the same command on another resource, but the same problem. It appears that there are no changes. |
Do you need some specific server config, some specific allow command? |
Terraform taint is a feature that forces certain resources to be destroyed and re-created on the next apply, https://www.terraform.io/docs/commands/taint.html
This would be really useful to have in atlantis, thought I'm not really sure how we can implement this, since we can't open empty PRs in github.
The simplest idea I have, is to have an
atlantis-taint.yaml
file where users can list modules to be tainted. When runningatlantis plan
on a PR, that file is checked and atlantis will runterraform taint
for any modules in that file and commit back an empty file on the branch. Atlantis will then runterraform plan
.When user runs
atlantis apply
the resources are re-created and an empty PR is merged to master.The text was updated successfully, but these errors were encountered: