Documentation
¶
Index ¶
- Variables
- type ArgCount
- type Context
- type DefaultTeamAllowlistChecker
- func (checker *DefaultTeamAllowlistChecker) AllTeams() []string
- func (checker *DefaultTeamAllowlistChecker) HasRules() bool
- func (checker *DefaultTeamAllowlistChecker) IsCommandAllowedForAnyTeam(ctx models.TeamAllowlistCheckerContext, teams []string, command string) bool
- func (checker *DefaultTeamAllowlistChecker) IsCommandAllowedForTeam(_ models.TeamAllowlistCheckerContext, team string, command string) bool
- type Lock
- type LockMetadata
- type Name
- type ProjectContext
- type ProjectResult
- type ProjectScopeTags
- type Result
- type TeamAllowlistChecker
- type Trigger
Constants ¶
This section is empty.
Variables ¶
View Source
var AllCommentCommands = []Name{ Version, Plan, Apply, Cancel, Unlock, ApprovePolicies, Import, State, }
AllCommentCommands are list of commands that can be run from a comment.
Functions ¶
This section is empty.
Types ¶
type ArgCount ¶ added in v0.23.0
func (ArgCount) IsMatchCount ¶ added in v0.23.0
IsMatchCount returns true if the number of arguments matches the requirement
type Context ¶
type Context struct {
// HeadRepo is the repository that is getting merged into the BaseRepo.
// If the pull request branch is from the same repository then HeadRepo will
// be the same as BaseRepo.
// See https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges
HeadRepo models.Repo
Pull models.PullRequest
Scope tally.Scope
// User is the user that triggered this command.
User models.User
Log logging.SimpleLogging
// Current PR state
PullRequestStatus models.PullReqStatus
PullStatus *models.PullStatus
// PolicySet is the policy set to target (if specified) for the approve_policies command.
PolicySet string
// ClearPolicyApproval is true if approval should be cleared on specified policies.
ClearPolicyApproval bool
Trigger Trigger
// API is true if plan/apply by API endpoints
API bool
// TeamAllowlistChecker is used to check authorization on a project-level
TeamAllowlistChecker TeamAllowlistChecker
// Set true if there were any errors during the command execution
CommandHasErrors bool
}
Context represents the context of a command that should be executed for a pull request.
type DefaultTeamAllowlistChecker ¶ added in v0.30.0
type DefaultTeamAllowlistChecker struct {
// contains filtered or unexported fields
}
DefaultTeamAllowlistChecker implements checking the teams and the operations that the members of a particular team are allowed to perform
func NewTeamAllowlistChecker ¶ added in v0.30.0
func NewTeamAllowlistChecker(allowlist string) (*DefaultTeamAllowlistChecker, error)
NewTeamAllowlistChecker constructs a new checker
func (*DefaultTeamAllowlistChecker) AllTeams ¶ added in v0.33.0
func (checker *DefaultTeamAllowlistChecker) AllTeams() []string
AllTeams returns all teams configured in the allowlist
func (*DefaultTeamAllowlistChecker) HasRules ¶ added in v0.30.0
func (checker *DefaultTeamAllowlistChecker) HasRules() bool
func (*DefaultTeamAllowlistChecker) IsCommandAllowedForAnyTeam ¶ added in v0.30.0
func (checker *DefaultTeamAllowlistChecker) IsCommandAllowedForAnyTeam(ctx models.TeamAllowlistCheckerContext, teams []string, command string) bool
IsCommandAllowedForAnyTeam returns true if any of the teams is allowed to execute the command and false otherwise.
func (*DefaultTeamAllowlistChecker) IsCommandAllowedForTeam ¶ added in v0.30.0
func (checker *DefaultTeamAllowlistChecker) IsCommandAllowedForTeam(_ models.TeamAllowlistCheckerContext, team string, command string) bool
IsCommandAllowedForTeam returns true if the team is allowed to execute the command and false otherwise.
type Lock ¶
type Lock struct {
// Time is the time at which the lock was first created.
LockMetadata LockMetadata
CommandName Name
}
Lock represents a global lock for an atlantis command (plan, apply, policy_check). It is used to prevent commands from being executed
type LockMetadata ¶
type LockMetadata struct {
UnixTime int64
}
LockMetadata contains additional data provided to the lock
type Name ¶
type Name int
Name is which command to run.
const ( // Apply is a command to run terraform apply. Apply Name = iota // Plan is a command to run terraform plan. Plan // Unlock is a command to discard previous plans as well as the atlantis locks. Unlock // PolicyCheck is a command to run conftest test. PolicyCheck // ApprovePolicies is a command to approve policies with owner check ApprovePolicies // Autoplan is a command to run terraform plan on PR open/update if autoplan is enabled Autoplan // Version is a command to run terraform version. Version // Import is a command to run terraform import Import // State is a command to run terraform state rm State // Cancel is a command to cancel running plan or apply operations Cancel )
func ParseCommandName ¶ added in v0.22.0
ParseCommandName parses raw name into a command name.
func (Name) CommandArgCount ¶ added in v0.23.0
CommandArgCount returns the number of required arguments for the command
func (Name) DefaultUsage ¶ added in v0.22.0
DefaultUsage returns the command default usage
func (Name) SubCommands ¶ added in v0.23.0
SubCommands returns the list of sub commands for the command
func (Name) TitleString ¶
TitleString returns the string representation in title form. ie. policy_check becomes Policy Check
type ProjectContext ¶
type ProjectContext struct {
CommandName Name
// ApplyCmd is the command that users should run to apply this plan. If
// this is an apply then this will be empty.
ApplyCmd string
// ApprovePoliciesCmd is the command that users should run to approve policies for this plan. If
// this is an apply then this will be empty.
ApprovePoliciesCmd string
// PlanRequirements is the list of requirements that must be satisfied
// before we will run the plan stage.
PlanRequirements []string
// ApplyRequirements is the list of requirements that must be satisfied
// before we will run the apply stage.
ApplyRequirements []string
// ImportRequirements is the list of requirements that must be satisfied
// before we will run the import stage.
ImportRequirements []string
// AutomergeEnabled is true if automerge is enabled for the repo that this
// project is in.
AutomergeEnabled bool
// ParallelApplyEnabled is true if parallel apply is enabled for this project.
ParallelApplyEnabled bool
// ParallelPlanEnabled is true if parallel plan is enabled for this project.
ParallelPlanEnabled bool
// ParallelPolicyCheckEnabled is true if parallel policy_check is enabled for this project.
ParallelPolicyCheckEnabled bool
// AutoplanEnabled is true if autoplanning is enabled for this project.
AutoplanEnabled bool
// BaseRepo is the repository that the pull request will be merged into.
BaseRepo models.Repo
// EscapedCommentArgs are the extra arguments that were added to the atlantis
// command, ex. atlantis plan -- -target=resource. We then escape them
// by adding a \ before each character so that they can be used within
// sh -c safely, i.e. sh -c "terraform plan $(touch bad)".
EscapedCommentArgs []string
// HeadRepo is the repository that is getting merged into the BaseRepo.
// If the pull request branch is from the same repository then HeadRepo will
// be the same as BaseRepo.
HeadRepo models.Repo
// Dependencies are a list of project that this project relies on
// their apply status. These projects must be applied first.
//
// Atlantis uses this information to valid the apply
// orders and to warn the user if they're applying a project that
// depends on other projects.
DependsOn []string
// Log is a logger that's been set up for this context.
Log logging.SimpleLogging
// Scope is the scope for reporting stats setup for this context
Scope tally.Scope
// PullReqStatus holds state about the PR that requires additional computation outside models.PullRequest
PullReqStatus models.PullReqStatus
// CurrentProjectPlanStatus is the status of the current project prior to this command.
ProjectPlanStatus models.ProjectPlanStatus
//PullStatus is the status of the current pull request prior to this command.
PullStatus *models.PullStatus
// ProjectPolicyStatus is the status of policy sets of the current project prior to this command.
ProjectPolicyStatus []models.PolicySetStatus
// Pull is the pull request we're responding to.
Pull models.PullRequest
// ProjectName is the name of the project set in atlantis.yaml. If there was
// no name this will be an empty string.
ProjectName string
// RepoConfigVersion is the version of the repo's atlantis.yaml file. If
// there was no file, this will be 0.
RepoConfigVersion int
// RePlanCmd is the command that users should run to re-plan this project.
// If this is an apply then this will be empty.
RePlanCmd string
// RepoRelDir is the directory of this project relative to the repo root.
RepoRelDir string
// Steps are the sequence of commands we need to run for this project and this
// stage.
Steps []valid.Step
// TerraformDistribution is the distribution of terraform we should use when
// executing commands for this project. This can be set to nil in which case
// we will use the default Atlantis terraform distribution.
TerraformDistribution *string
// TerraformVersion is the version of terraform we should use when executing
// commands for this project. This can be set to nil in which case we will
// use the default Atlantis terraform version.
TerraformVersion *version.Version
// Configuration metadata for a given project.
User models.User
// Verbose is true when the user would like verbose output.
Verbose bool
// Workspace is the Terraform workspace this project is in. It will always
// be set.
Workspace string
// PolicySets represent the policies that are run on the plan as part of the
// policy check stage
PolicySets valid.PolicySets
// PolicySetTarget describes which policy sets to target on the approve_policies step.
PolicySetTarget string
// ClearPolicyApproval determines whether policy counts will be incremented or cleared.
ClearPolicyApproval bool
// DeleteSourceBranchOnMerge will attempt to allow a branch to be deleted when merged (AzureDevOps & GitLab Support Only)
DeleteSourceBranchOnMerge bool
// Repo locks mode: disabled, on plan or on apply
RepoLocksMode valid.RepoLocksMode
// RepoConfigFile
RepoConfigFile string
// UUID for atlantis logs
JobID string
// The index of order group. Before planning/applying it will use to sort projects. Default is 0.
ExecutionOrderGroup int
// If plans/applies should be aborted if any prior plan/apply fails
AbortOnExecutionOrderFail bool
// Allows custom policy check tools outside of Conftest to run in checks
CustomPolicyCheck bool
SilencePRComments []string
// TeamAllowlistChecker is used to check authorization on a project-level
TeamAllowlistChecker TeamAllowlistChecker
}
ProjectContext defines the context for a plan or apply stage that will be executed for a project.
func (ProjectContext) GetPolicyCheckResultFileName ¶ added in v0.24.0
func (p ProjectContext) GetPolicyCheckResultFileName() string
GetPolicyCheckResultFileName returns the filename (not the path) to store the result from conftest_client.
func (ProjectContext) GetShowResultFileName ¶
func (p ProjectContext) GetShowResultFileName() string
GetShowResultFileName returns the filename (not the path) to store the tf show result
func (ProjectContext) PolicyCleared ¶ added in v0.24.0
func (p ProjectContext) PolicyCleared() bool
PolicyCleared returns whether all policies are passing or not.
func (ProjectContext) PullInfo ¶
func (p ProjectContext) PullInfo() string
Gets a unique identifier for the current pull request as a single string
func (ProjectContext) SetProjectScopeTags ¶ added in v0.22.0
func (p ProjectContext) SetProjectScopeTags(scope tally.Scope) tally.Scope
SetProjectScopeTags adds ProjectContext tags to a new returned scope.
type ProjectResult ¶
type ProjectResult struct {
Command Name
SubCommand string
RepoRelDir string
Workspace string
Error error
Failure string
PlanSuccess *models.PlanSuccess
PolicyCheckResults *models.PolicyCheckResults
ApplySuccess string
VersionSuccess string
ImportSuccess *models.ImportSuccess
StateRmSuccess *models.StateRmSuccess
ProjectName string
SilencePRComments []string
}
ProjectResult is the result of executing a plan/policy_check/apply for a specific project.
func (ProjectResult) CommitStatus ¶
func (p ProjectResult) CommitStatus() models.CommitStatus
CommitStatus returns the vcs commit status of this project result.
func (ProjectResult) IsSuccessful ¶
func (p ProjectResult) IsSuccessful() bool
IsSuccessful returns true if this project result had no errors.
func (ProjectResult) PlanStatus ¶
func (p ProjectResult) PlanStatus() models.ProjectPlanStatus
PlanStatus returns the plan status.
func (ProjectResult) PolicyStatus ¶ added in v0.24.0
func (p ProjectResult) PolicyStatus() []models.PolicySetStatus
PolicyStatus returns the approval status of policy sets of this project result.
type ProjectScopeTags ¶ added in v0.22.0
type ProjectScopeTags struct {
BaseRepo string
PrNumber string
Project string
ProjectPath string
TerraformDistribution string
TerraformVersion string
Workspace string
}
func (ProjectScopeTags) Loadtags ¶ added in v0.22.0
func (s ProjectScopeTags) Loadtags() map[string]string
type Result ¶
type Result struct {
Error error
Failure string
ProjectResults []ProjectResult
// PlansDeleted is true if all plans created during this command were
// deleted. This happens if automerging is enabled and one project has an
// error since automerging requires all plans to succeed.
PlansDeleted bool
}
Result is the result of running a Command.
type TeamAllowlistChecker ¶ added in v0.30.0
type TeamAllowlistChecker interface {
// HasRules returns true if the checker has rules defined
HasRules() bool
// IsCommandAllowedForTeam determines if the specified team can perform the specified action
IsCommandAllowedForTeam(ctx models.TeamAllowlistCheckerContext, team, command string) bool
// IsCommandAllowedForAnyTeam determines if any of the specified teams can perform the specified action
IsCommandAllowedForAnyTeam(ctx models.TeamAllowlistCheckerContext, teams []string, command string) bool
// AllTeams returns all teams configured in the allowlist
AllTeams() []string
}
Source Files
Click to show internal directories.
Click to hide internal directories.