From 5ac00f72f9264170bd55c29b5d086db7de4092d7 Mon Sep 17 00:00:00 2001 From: Sergey Novikov Date: Wed, 15 Sep 2021 17:34:46 +0200 Subject: [PATCH 1/5] Remove parameter from main module --- README.md | 3 +-- outputs.tf | 4 ++-- terraform.tfvars.sample | 1 - variables.tf | 6 ------ 4 files changed, 3 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 45dc735f..db87f845 100644 --- a/README.md +++ b/README.md @@ -297,7 +297,6 @@ allow_github_webhooks = true | [allow\_unauthenticated\_access](#input\_allow\_unauthenticated\_access) | Whether to create ALB listener rule to allow unauthenticated access for certain CIDR blocks (eg. allow GitHub webhooks to bypass OIDC authentication) | `bool` | `false` | no | | [allow\_unauthenticated\_access\_priority](#input\_allow\_unauthenticated\_access\_priority) | ALB listener rule priority for allow unauthenticated access rule | `number` | `10` | no | | [allow\_unauthenticated\_webhook\_access\_priority](#input\_allow\_unauthenticated\_webhook\_access\_priority) | ALB listener rule priority for allow unauthenticated webhook access rule | `number` | `15` | no | -| [atlantis\_allowed\_repo\_names](#input\_atlantis\_allowed\_repo\_names) | Git repositories where webhook should be created | `list(string)` | `[]` | no | | [atlantis\_bitbucket\_base\_url](#input\_atlantis\_bitbucket\_base\_url) | Base URL of Bitbucket Server, use for Bitbucket on prem (Stash) | `string` | `""` | no | | [atlantis\_bitbucket\_user](#input\_atlantis\_bitbucket\_user) | Bitbucket username that is running the Atlantis command | `string` | `""` | no | | [atlantis\_bitbucket\_user\_token](#input\_atlantis\_bitbucket\_user\_token) | Bitbucket token of the user that is running the Atlantis command | `string` | `""` | no | @@ -399,7 +398,7 @@ allow_github_webhooks = true | [alb\_https\_listeners\_id](#output\_alb\_https\_listeners\_id) | Ids of alb https listeners | | [alb\_security\_group\_id](#output\_alb\_security\_group\_id) | Security group of alb | | [alb\_zone\_id](#output\_alb\_zone\_id) | Zone ID of alb | -| [atlantis\_allowed\_repo\_names](#output\_atlantis\_allowed\_repo\_names) | Git repositories where webhook should be created | +| [atlantis\_repo\_allowlist](#output\_atlantis\_repo\_allowlist) | Git repositories where webhook should be created | | [atlantis\_url](#output\_atlantis\_url) | URL of Atlantis | | [atlantis\_url\_events](#output\_atlantis\_url\_events) | Webhook events URL of Atlantis | | [ecs\_cluster\_arn](#output\_ecs\_cluster\_arn) | ECS cluster ARN | diff --git a/outputs.tf b/outputs.tf index d82d68e3..619dcf2a 100644 --- a/outputs.tf +++ b/outputs.tf @@ -9,9 +9,9 @@ output "atlantis_url_events" { value = local.atlantis_url_events } -output "atlantis_allowed_repo_names" { +output "atlantis_repo_allowlist" { description = "Git repositories where webhook should be created" - value = var.atlantis_allowed_repo_names + value = var.atlantis_repo_allowlist } output "webhook_secret" { diff --git a/terraform.tfvars.sample b/terraform.tfvars.sample index 9b59da74..a03a92dc 100644 --- a/terraform.tfvars.sample +++ b/terraform.tfvars.sample @@ -23,7 +23,6 @@ route53_zone_name = "example.com" ecs_service_assign_public_ip = true # Atlantis -atlantis_allowed_repo_names = ["awesome-repo", "another-awesome-repo"] atlantis_repo_allowlist = ["github.com/terraform-aws-modules/*"] # Specify one of the following block. diff --git a/variables.tf b/variables.tf index d349a88f..a2f885e2 100644 --- a/variables.tf +++ b/variables.tf @@ -517,12 +517,6 @@ variable "atlantis_repo_allowlist" { type = list(string) } -variable "atlantis_allowed_repo_names" { - description = "Git repositories where webhook should be created" - type = list(string) - default = [] -} - variable "allow_repo_config" { description = "When true allows the use of atlantis.yaml config files within the source repos." type = string From 5a1356c5b34b2607e8d49a89934048d3c959acfd Mon Sep 17 00:00:00 2001 From: Sergey Novikov Date: Wed, 15 Sep 2021 17:36:50 +0200 Subject: [PATCH 2/5] Rename parameter in sub-modules --- modules/github-repository-webhook/README.md | 2 +- modules/github-repository-webhook/main.tf | 4 ++-- modules/github-repository-webhook/variables.tf | 2 +- modules/gitlab-repository-webhook/README.md | 2 +- modules/gitlab-repository-webhook/main.tf | 4 ++-- modules/gitlab-repository-webhook/variables.tf | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/github-repository-webhook/README.md b/modules/github-repository-webhook/README.md index 5eae4e9c..9505a54b 100644 --- a/modules/github-repository-webhook/README.md +++ b/modules/github-repository-webhook/README.md @@ -28,7 +28,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [atlantis\_allowed\_repo\_names](#input\_atlantis\_allowed\_repo\_names) | List of names of repositories which belong to the owner specified in `github_owner` | `list(string)` | n/a | yes | +| [atlantis\_repo\_allowlist](#input\_atlantis\_repo\_allowlist) | List of names of repositories which belong to the owner specified in `github_owner` | `list(string)` | n/a | yes | | [create\_github\_repository\_webhook](#input\_create\_github\_repository\_webhook) | Whether to create Github repository webhook for Atlantis | `bool` | `true` | no | | [github\_base\_url](#input\_github\_base\_url) | Github base URL to use when creating webhook (when using GitHub Enterprise) | `string` | `null` | no | | [github\_owner](#input\_github\_owner) | Github owner to use when creating webhook | `string` | `""` | no | diff --git a/modules/github-repository-webhook/main.tf b/modules/github-repository-webhook/main.tf index 9af7660c..a3221da2 100644 --- a/modules/github-repository-webhook/main.tf +++ b/modules/github-repository-webhook/main.tf @@ -5,9 +5,9 @@ provider "github" { } resource "github_repository_webhook" "this" { - count = var.create_github_repository_webhook ? length(var.atlantis_allowed_repo_names) : 0 + count = var.create_github_repository_webhook ? length(var.atlantis_repo_allowlist) : 0 - repository = var.atlantis_allowed_repo_names[count.index] + repository = var.atlantis_repo_allowlist[count.index] configuration { url = var.webhook_url diff --git a/modules/github-repository-webhook/variables.tf b/modules/github-repository-webhook/variables.tf index 649ad245..6d6509e1 100644 --- a/modules/github-repository-webhook/variables.tf +++ b/modules/github-repository-webhook/variables.tf @@ -22,7 +22,7 @@ variable "github_owner" { default = "" } -variable "atlantis_allowed_repo_names" { +variable "atlantis_repo_allowlist" { description = "List of names of repositories which belong to the owner specified in `github_owner`" type = list(string) } diff --git a/modules/gitlab-repository-webhook/README.md b/modules/gitlab-repository-webhook/README.md index 18e6103a..3fb8140f 100644 --- a/modules/gitlab-repository-webhook/README.md +++ b/modules/gitlab-repository-webhook/README.md @@ -28,7 +28,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [atlantis\_allowed\_repo\_names](#input\_atlantis\_allowed\_repo\_names) | List of names of repositories which belong to the `gitlab_base_url` specified | `list(string)` | n/a | yes | +| [atlantis\_repo\_allowlist](#input\_atlantis\_repo\_allowlist) | List of names of repositories which belong to the owner specified in `github_owner` | `list(string)` | n/a | yes | | [create\_gitlab\_repository\_webhook](#input\_create\_gitlab\_repository\_webhook) | Whether to create Gitlab repository webhook for Atlantis | `bool` | `true` | no | | [gitlab\_base\_url](#input\_gitlab\_base\_url) | Gitlab base\_url use | `string` | `""` | no | | [gitlab\_token](#input\_gitlab\_token) | Gitlab token to use when creating webhook | `string` | `""` | no | diff --git a/modules/gitlab-repository-webhook/main.tf b/modules/gitlab-repository-webhook/main.tf index 4a7ce7eb..65d61d85 100644 --- a/modules/gitlab-repository-webhook/main.tf +++ b/modules/gitlab-repository-webhook/main.tf @@ -4,9 +4,9 @@ provider "gitlab" { } resource "gitlab_project_hook" "this" { - count = var.create_gitlab_repository_webhook ? length(var.atlantis_allowed_repo_names) : 0 + count = var.create_gitlab_repository_webhook ? length(var.atlantis_repo_allowlist) : 0 - project = var.atlantis_allowed_repo_names[count.index] + project = var.atlantis_repo_allowlist[count.index] url = var.webhook_url token = var.webhook_secret enable_ssl_verification = false diff --git a/modules/gitlab-repository-webhook/variables.tf b/modules/gitlab-repository-webhook/variables.tf index 7a74db9a..b0cd85ab 100644 --- a/modules/gitlab-repository-webhook/variables.tf +++ b/modules/gitlab-repository-webhook/variables.tf @@ -16,7 +16,7 @@ variable "gitlab_token" { default = "" } -variable "atlantis_allowed_repo_names" { +variable "atlantis_repo_allowlist" { description = "List of names of repositories which belong to the `gitlab_base_url` specified" type = list(string) } From b7a60f5a79a9c53d28adf210742456b014eb81c1 Mon Sep 17 00:00:00 2001 From: Sergey Novikov Date: Wed, 15 Sep 2021 17:37:25 +0200 Subject: [PATCH 3/5] Adjust example to use new parameter name --- examples/github-complete/README.md | 3 +-- examples/github-complete/main.tf | 3 +-- examples/github-complete/outputs.tf | 4 ++-- examples/github-complete/variables.tf | 5 ----- examples/github-repository-webhook/main.tf | 2 +- examples/gitlab-repository-webhook/main.tf | 2 +- 6 files changed, 6 insertions(+), 13 deletions(-) diff --git a/examples/github-complete/README.md b/examples/github-complete/README.md index c4fdbfb1..4d4b7383 100644 --- a/examples/github-complete/README.md +++ b/examples/github-complete/README.md @@ -61,7 +61,6 @@ Go to https://eu-west-1.console.aws.amazon.com/ecs/home?region=eu-west-1#/settin | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [alb\_ingress\_cidr\_blocks](#input\_alb\_ingress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all ingress rules of the ALB - use your personal IP in the form of `x.x.x.x/32` for restricted testing | `list(string)` | n/a | yes | -| [allowed\_repo\_names](#input\_allowed\_repo\_names) | Repositories that Atlantis will listen for events from and a webhook will be installed | `list(string)` | n/a | yes | | [domain](#input\_domain) | Route53 domain name to use for ACM certificate. Route53 zone for this domain should be created in advance | `string` | n/a | yes | | [github\_owner](#input\_github\_owner) | Github owner | `string` | n/a | yes | | [github\_token](#input\_github\_token) | Github token | `string` | n/a | yes | @@ -71,7 +70,7 @@ Go to https://eu-west-1.console.aws.amazon.com/ecs/home?region=eu-west-1#/settin | Name | Description | |------|-------------| -| [atlantis\_allowed\_repo\_names](#output\_atlantis\_allowed\_repo\_names) | Git repositories where webhook should be created | +| [atlantis\_repo\_allowlist](#output\_atlantis\_repo\_allowlist) | Git repositories where webhook should be created | | [atlantis\_url](#output\_atlantis\_url) | URL of Atlantis | | [ecs\_task\_definition](#output\_ecs\_task\_definition) | Task definition for ECS service (used for external triggers) | | [github\_webhook\_secret](#output\_github\_webhook\_secret) | Github webhook secret | diff --git a/examples/github-complete/main.tf b/examples/github-complete/main.tf index a3352006..7940d45b 100644 --- a/examples/github-complete/main.tf +++ b/examples/github-complete/main.tf @@ -75,7 +75,6 @@ module "atlantis" { atlantis_github_user = var.github_user atlantis_github_user_token = var.github_token atlantis_repo_allowlist = ["github.com/${var.github_owner}/*"] - atlantis_allowed_repo_names = var.allowed_repo_names # ALB access alb_ingress_cidr_blocks = var.alb_ingress_cidr_blocks @@ -102,7 +101,7 @@ module "github_repository_webhook" { github_owner = var.github_owner github_token = var.github_token - atlantis_allowed_repo_names = module.atlantis.atlantis_allowed_repo_names + atlantis_repo_allowlist = module.atlantis.atlantis_repo_allowlist webhook_url = module.atlantis.atlantis_url_events webhook_secret = module.atlantis.webhook_secret diff --git a/examples/github-complete/outputs.tf b/examples/github-complete/outputs.tf index b9e3a4e7..59959e1f 100644 --- a/examples/github-complete/outputs.tf +++ b/examples/github-complete/outputs.tf @@ -4,9 +4,9 @@ output "atlantis_url" { value = module.atlantis.atlantis_url } -output "atlantis_allowed_repo_names" { +output "atlantis_repo_allowlist" { description = "Git repositories where webhook should be created" - value = module.atlantis.atlantis_allowed_repo_names + value = module.atlantis.atlantis_repo_allowlist } output "task_role_arn" { diff --git a/examples/github-complete/variables.tf b/examples/github-complete/variables.tf index 9789efb0..f0d60ee9 100644 --- a/examples/github-complete/variables.tf +++ b/examples/github-complete/variables.tf @@ -22,8 +22,3 @@ variable "github_user" { description = "Github user for Atlantis to utilize when performing Github activities" type = string } - -variable "allowed_repo_names" { - description = "Repositories that Atlantis will listen for events from and a webhook will be installed" - type = list(string) -} diff --git a/examples/github-repository-webhook/main.tf b/examples/github-repository-webhook/main.tf index be9db82d..a863c67a 100644 --- a/examples/github-repository-webhook/main.tf +++ b/examples/github-repository-webhook/main.tf @@ -18,7 +18,7 @@ module "github_repository_webhook" { # # This assumes that you are the owner of these repositories and they are available at: # https://github.com/mygithubusername/awesome-repo and https://github.com/mygithubusername/another-awesome-repo - atlantis_allowed_repo_names = data.terraform_remote_state.atlantis.outputs.atlantis_allowed_repo_names + atlantis_repo_allowlist = data.terraform_remote_state.atlantis.outputs.atlantis_repo_allowlist webhook_url = element(data.terraform_remote_state.atlantis.outputs.github_webhook_urls, 0) webhook_secret = data.terraform_remote_state.atlantis.outputs.github_webhook_secret diff --git a/examples/gitlab-repository-webhook/main.tf b/examples/gitlab-repository-webhook/main.tf index 06d5f616..b9c0724b 100644 --- a/examples/gitlab-repository-webhook/main.tf +++ b/examples/gitlab-repository-webhook/main.tf @@ -15,7 +15,7 @@ module "gitlab_repository_webhook" { gitlab_base_url = var.gitlab_base_url # Fetching these attributes from created already Atlantis Terraform state file - atlantis_allowed_repo_names = data.terraform_remote_state.atlantis.outputs.atlantis_allowed_repo_names + atlantis_repo_allowlist = data.terraform_remote_state.atlantis.outputs.atlantis_repo_allowlist webhook_url = data.terraform_remote_state.atlantis.outputs.atlantis_url_events webhook_secret = data.terraform_remote_state.atlantis.outputs.webhook_secret } From f633b81ec599deaafc83700dde1d8807ba67b7e8 Mon Sep 17 00:00:00 2001 From: Sergey Novikov Date: Wed, 15 Sep 2021 17:37:43 +0200 Subject: [PATCH 4/5] Fix example in documentation --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index db87f845..910c2304 100644 --- a/README.md +++ b/README.md @@ -102,8 +102,8 @@ module "atlantis" { custom_environment_variables = [ { - "name" : "ATLANTIS_REPO_CONFIG_JSON", - "value" : jsonencode(yamldecode(file("${path.module}/server-atlantis.yaml"))), + name : "ATLANTIS_REPO_CONFIG_JSON", + value : jsonencode(yamldecode(file("${path.module}/server-atlantis.yaml"))), }, ] From 047e2b00bb2ea3d2b4773e37a9a8a3d9f41428de Mon Sep 17 00:00:00 2001 From: Sergey Novikov Date: Wed, 15 Sep 2021 18:35:45 +0200 Subject: [PATCH 5/5] Fix docs and formatting --- examples/github-complete/main.tf | 6 +++--- examples/gitlab-repository-webhook/main.tf | 4 ++-- modules/gitlab-repository-webhook/README.md | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/github-complete/main.tf b/examples/github-complete/main.tf index 7940d45b..04ead8e9 100644 --- a/examples/github-complete/main.tf +++ b/examples/github-complete/main.tf @@ -72,9 +72,9 @@ module "atlantis" { trusted_principals = ["ssm.amazonaws.com"] # Atlantis - atlantis_github_user = var.github_user - atlantis_github_user_token = var.github_token - atlantis_repo_allowlist = ["github.com/${var.github_owner}/*"] + atlantis_github_user = var.github_user + atlantis_github_user_token = var.github_token + atlantis_repo_allowlist = ["github.com/${var.github_owner}/*"] # ALB access alb_ingress_cidr_blocks = var.alb_ingress_cidr_blocks diff --git a/examples/gitlab-repository-webhook/main.tf b/examples/gitlab-repository-webhook/main.tf index b9c0724b..f4b36ccd 100644 --- a/examples/gitlab-repository-webhook/main.tf +++ b/examples/gitlab-repository-webhook/main.tf @@ -16,6 +16,6 @@ module "gitlab_repository_webhook" { # Fetching these attributes from created already Atlantis Terraform state file atlantis_repo_allowlist = data.terraform_remote_state.atlantis.outputs.atlantis_repo_allowlist - webhook_url = data.terraform_remote_state.atlantis.outputs.atlantis_url_events - webhook_secret = data.terraform_remote_state.atlantis.outputs.webhook_secret + webhook_url = data.terraform_remote_state.atlantis.outputs.atlantis_url_events + webhook_secret = data.terraform_remote_state.atlantis.outputs.webhook_secret } diff --git a/modules/gitlab-repository-webhook/README.md b/modules/gitlab-repository-webhook/README.md index 3fb8140f..8708cea1 100644 --- a/modules/gitlab-repository-webhook/README.md +++ b/modules/gitlab-repository-webhook/README.md @@ -28,7 +28,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [atlantis\_repo\_allowlist](#input\_atlantis\_repo\_allowlist) | List of names of repositories which belong to the owner specified in `github_owner` | `list(string)` | n/a | yes | +| [atlantis\_repo\_allowlist](#input\_atlantis\_repo\_allowlist) | List of names of repositories which belong to the `gitlab_base_url` specified | `list(string)` | n/a | yes | | [create\_gitlab\_repository\_webhook](#input\_create\_gitlab\_repository\_webhook) | Whether to create Gitlab repository webhook for Atlantis | `bool` | `true` | no | | [gitlab\_base\_url](#input\_gitlab\_base\_url) | Gitlab base\_url use | `string` | `""` | no | | [gitlab\_token](#input\_gitlab\_token) | Gitlab token to use when creating webhook | `string` | `""` | no |