runatlantis
atlantis custom commands instead of just `plan` and `apply`
Problems
When I run the apply command, my workflow will assume the role engineer but sometimes I want it to assume the role mega-engineer for more permissions.
I can do this using an assume role in my aws provider BUT I'd like to do this directly from an atlantis gh comment without modifying the existing tf code.
I'd also like to be explicit and not always assume the elevated iam role. Our default iam role is the engineer role so if that will suffice, then that's ok. If this fails, then we can try again with the elevated role.
Solutions
I'd like to run variation of the apply command using atlantis apply for engineer role and atlantis applymega for mega-engineer role.
server atlantis.yaml
workflows:
applystuff:
apply:
steps:
- run: AWS_PROFILE=engineer terraform apply -no-color $PLANFILE
applymega:
steps:
- run: AWS_PROFILE=mega-engineer terraform apply -no-color $PLANFILE
repo atlantis.yaml
version: 3
projects:
- dir: .
terraform_version: v0.14.6
workflow: applystuff
You can already have custom run steps that'll allow you to have different workflows you can transition between so the fallback case would be covered there.
Support completely custom commands is out of scope for atlantis. Code complexity will just increase and Atlantis at that point kind of just becomes a workflow engine.
You can already have custom run steps that'll allow you to have different workflows you can transition between so the fallback case would be covered there.
As described in the original post, this unfortunately does not satisfy the use case.
Support completely custom commands is out of scope for atlantis. Code complexity will just increase and Atlantis at that point kind of just becomes a workflow engine.
Perhaps the solution I proposed is not the best, but would you have an alternative that would work?
Basically what I'd need is the ability to change the workflow based on a comment w/o changing the code. In this case, I'd like to optionally change an environment variable for an atlantis plan / atlantis apply.
Perhaps, the environment name and value could be allowlisted in the workflow itself and then if the user tried to change it to an appropriate value, it would work, otherwise it would not.
