Skip to content

fix: secret policy not created with github bot #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: secret policy not created with github bot #166

wants to merge 1 commit into from

Conversation

kieranbrown
Copy link

Description

With the addition of #151, we can now specify an atlantis_github_webhook_secret, however, with only this parameter the policy to access the secret in SSM is never created.

The policy will only be created when atlantis_github_user_token is specified, which isn't necessary for a GitHub Bot.

Motivation and Context

To run Atlantis as a Github App you only need to supply 3 variables, ATLANTIS_GH_APP_ID, ATLANTIS_GH_APP_KEY_FILE and atlantis_github_webhook_secret. With this setup, Atlantis should be able to access the webhook secret via SSM.

Breaking Changes

n/a

How Has This Been Tested?

Specifying an atlantis_github_webhook_secret will now attach the appropriate policy.

@DanielWright
Copy link

DanielWright commented Jun 29, 2021
edited
Loading

Apologies for posting to a presumably stale issue, but I'm fairly sure #151 doesn't add support for the GitHub App authentication flow, as there's no affordance for supplying the app ID or private key in the TF module. Maybe I'm missing something?

@thundering-herd
Copy link

@DanielWright AFAIK this is correct. The workflow to install atlantis as a GitHub App and use it is following:

  • run atlantis visit the endpoint https://$ATLANTIS_HOST/github-app/setup
  • install atlantis into your GitHub tenant
  • GitHub returns the App ID and a private key
  • inject those value and private key into atlantis on the next start

So actually we are missing:

  • ATLANTIS_GH_APP_ID
  • ATLANTIS_GH_APP_KEY_FILE which is pointing to our pem file

Cheers!

@xiao-pp
Copy link

xiao-pp commented Sep 16, 2021

@DanielWright I think you are right about #151 - I got confused too when I read the PR. However it does not stop one from setting it with Github App as both ATLANTIS_GH_APP_ID and ATLANTIS_GH_APP_KEY_FILE can be set via the variable custom_environment_variables? It's not ideal as it'd be nice if the module supports them as direct variables. But this PR is valid as it is indeed a bug there.

@github-actions
Copy link

github-actions bot commented Jan 7, 2022

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Jan 7, 2022
@github-actions
Copy link

This PR was automatically closed because of stale in 10 days

@github-actions github-actions bot closed this Jan 18, 2022
@github-actions
Copy link

github-actions bot commented Nov 9, 2022

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 9, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kieranbrown @DanielWright @thundering-herd @xiao-pp