Update JSON schema for Atmos manifests validation. Update `!terraform…

….output` YAML function (#1053) * updates * updates * updates * updates
cloudposse · Feb 12, 2025 · 82bdaa6 · 82bdaa6
1 parent f10f64c
commit 82bdaa6
Show file tree

Hide file tree

Showing 12 changed files with 136 additions and 7 deletions.
diff --git a/examples/demo-context/schemas/atmos-manifest.json b/examples/demo-context/schemas/atmos-manifest.json
@@ -231,6 +231,9 @@
         },
         "providers": {
           "$ref": "#/definitions/providers"
+        },
+        "hooks": {
+          "$ref": "#/definitions/hooks"
         }
       },
       "required": [],
@@ -349,6 +352,10 @@
           "description": "Custom configuration per component, not inherited by derived components",
           "additionalProperties": true,
           "title": "custom"
+        },
+        "locked": {
+          "type": "boolean",
+          "description": "Flag to lock the component and prevent modifications while allowing read operations"
         }
       },
       "required": [],
@@ -731,6 +738,12 @@
       "description": "Templates section",
       "additionalProperties": true,
       "title": "templates"
+    },
+    "hooks": {
+      "type": "object",
+      "description": "Hooks section",
+      "additionalProperties": true,
+      "title": "hooks"
     }
   }
 }
diff --git a/examples/demo-helmfile/schemas/atmos-manifest.json b/examples/demo-helmfile/schemas/atmos-manifest.json
@@ -231,6 +231,9 @@
         },
         "providers": {
           "$ref": "#/definitions/providers"
+        },
+        "hooks": {
+          "$ref": "#/definitions/hooks"
         }
       },
       "required": [],
@@ -349,6 +352,10 @@
           "description": "Custom configuration per component, not inherited by derived components",
           "additionalProperties": true,
           "title": "custom"
+        },
+        "locked": {
+          "type": "boolean",
+          "description": "Flag to lock the component and prevent modifications while allowing read operations"
         }
       },
       "required": [],
@@ -731,6 +738,12 @@
       "description": "Templates section",
       "additionalProperties": true,
       "title": "templates"
+    },
+    "hooks": {
+      "type": "object",
+      "description": "Hooks section",
+      "additionalProperties": true,
+      "title": "hooks"
     }
   }
 }
diff --git a/examples/demo-localstack/schemas/atmos-manifest.json b/examples/demo-localstack/schemas/atmos-manifest.json
@@ -231,6 +231,9 @@
         },
         "providers": {
           "$ref": "#/definitions/providers"
+        },
+        "hooks": {
+          "$ref": "#/definitions/hooks"
         }
       },
       "required": [],
@@ -349,6 +352,10 @@
           "description": "Custom configuration per component, not inherited by derived components",
           "additionalProperties": true,
           "title": "custom"
+        },
+        "locked": {
+          "type": "boolean",
+          "description": "Flag to lock the component and prevent modifications while allowing read operations"
         }
       },
       "required": [],
@@ -731,6 +738,12 @@
       "description": "Templates section",
       "additionalProperties": true,
       "title": "templates"
+    },
+    "hooks": {
+      "type": "object",
+      "description": "Hooks section",
+      "additionalProperties": true,
+      "title": "hooks"
     }
   }
 }
diff --git a/examples/quick-start-advanced/Dockerfile b/examples/quick-start-advanced/Dockerfile
@@ -6,7 +6,7 @@ ARG GEODESIC_OS=debian
 # https://atmos.tools/
 # https://github.com/cloudposse/atmos
 # https://github.com/cloudposse/atmos/releases
-ARG ATMOS_VERSION=1.160.4
+ARG ATMOS_VERSION=1.160.5
 
 # Terraform: https://github.com/hashicorp/terraform/releases
 ARG TF_VERSION=1.5.7

diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/internal/exec/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json b/internal/exec/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json
@@ -231,6 +231,9 @@
         },
         "providers": {
           "$ref": "#/definitions/providers"
+        },
+        "hooks": {
+          "$ref": "#/definitions/hooks"
         }
       },
       "required": [],
@@ -735,6 +738,12 @@
       "description": "Templates section",
       "additionalProperties": true,
       "title": "templates"
+    },
+    "hooks": {
+      "type": "object",
+      "description": "Hooks section",
+      "additionalProperties": true,
+      "title": "hooks"
     }
   }
 }
diff --git a/internal/exec/terraform_outputs.go b/internal/exec/terraform_outputs.go
@@ -3,6 +3,7 @@ package exec
 import (
 	"context"
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -19,6 +20,44 @@ import (
 
 var terraformOutputsCache = sync.Map{}
 
+const (
+	cliArgsEnvVar            = "TF_CLI_ARGS"
+	inputEnvVar              = "TF_INPUT"
+	automationEnvVar         = "TF_IN_AUTOMATION"
+	logEnvVar                = "TF_LOG"
+	logCoreEnvVar            = "TF_LOG_CORE"
+	logPathEnvVar            = "TF_LOG_PATH"
+	logProviderEnvVar        = "TF_LOG_PROVIDER"
+	reattachEnvVar           = "TF_REATTACH_PROVIDERS"
+	appendUserAgentEnvVar    = "TF_APPEND_USER_AGENT"
+	workspaceEnvVar          = "TF_WORKSPACE"
+	disablePluginTLSEnvVar   = "TF_DISABLE_PLUGIN_TLS"
+	skipProviderVerifyEnvVar = "TF_SKIP_PROVIDER_VERIFY"
+
+	varEnvVarPrefix    = "TF_VAR_"
+	cliArgEnvVarPrefix = "TF_CLI_ARGS_"
+)
+
+var prohibitedEnvVars = []string{
+	cliArgsEnvVar,
+	inputEnvVar,
+	automationEnvVar,
+	logEnvVar,
+	logCoreEnvVar,
+	logPathEnvVar,
+	logProviderEnvVar,
+	reattachEnvVar,
+	appendUserAgentEnvVar,
+	workspaceEnvVar,
+	disablePluginTLSEnvVar,
+	skipProviderVerifyEnvVar,
+}
+
+var prohibitedEnvVarPrefixes = []string{
+	varEnvVarPrefix,
+	cliArgEnvVarPrefix,
+}
+
 func execTerraformOutput(
 	atmosConfig *schema.AtmosConfiguration,
 	component string,
@@ -131,8 +170,8 @@ func execTerraformOutput(
 			envMap, ok2 := envSection.(map[string]any)
 			if ok2 && len(envMap) > 0 {
 				l.Debug("Setting environment variables from the component's 'env' section", "env", envMap)
-				// Get all environment variables from the parent process
-				environMap := u.EnvironToMap()
+				// Get all environment variables (excluding the variables prohibited by terraform-exec/tfexec) from the parent process
+				environMap := environToMap()
 				// Add/override the environment variables from the component's 'env' section
 				for k, v := range envMap {
 					environMap[k] = fmt.Sprintf("%v", v)
@@ -142,6 +181,7 @@ func execTerraformOutput(
 				if err != nil {
 					return nil, err
 				}
+				l.Debug("Final environment variables", "environ", environMap)
 			}
 		}
 
@@ -339,3 +379,19 @@ func getStaticRemoteStateOutput(
 
 	return res
 }
+
+// environToMap converts all the environment variables (excluding the variables prohibited by terraform-exec/tfexec)
+// in the environment into a map of strings
+// TODO: review this (find another way to execute `terraform output` not using `terraform-exec/tfexec`)
+func environToMap() map[string]string {
+	envMap := make(map[string]string)
+	for _, env := range os.Environ() {
+		pair := u.SplitStringAtFirstOccurrence(env, "=")
+		k := pair[0]
+		v := pair[1]
+		if !u.SliceContainsString(prohibitedEnvVars, k) && !u.SliceContainsStringStartsWith(prohibitedEnvVarPrefixes, k) {
+			envMap[k] = v
+		}
+	}
+	return envMap
+}
diff --git a/tests/fixtures/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json b/tests/fixtures/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json
@@ -231,6 +231,9 @@
         },
         "providers": {
           "$ref": "#/definitions/providers"
+        },
+        "hooks": {
+          "$ref": "#/definitions/hooks"
         }
       },
       "required": [],
@@ -735,6 +738,12 @@
       "description": "Templates section",
       "additionalProperties": true,
       "title": "templates"
+    },
+    "hooks": {
+      "type": "object",
+      "description": "Hooks section",
+      "additionalProperties": true,
+      "title": "hooks"
     }
   }
 }
diff --git a/tests/test-cases/atmos-functions.yaml b/tests/test-cases/atmos-functions.yaml
@@ -77,6 +77,13 @@ tests:
       - "component-6"
       - "-s"
       - "nonprod"
+    env:
+      # The ENV variables will not be set in the child process (that executes the functions from `terraform-exec`)
+      # (because they are prohibited in the `terraform-exec` library)
+      TF_VAR_spacelift_stack: "test"
+      TF_CLI_ARGS_plan: "-refresh=false"
+      TF_IN_AUTOMATION: true
+      TF_APPEND_USER_AGENT: false
     expect:
       exit_code: 0
       stdout:

diff --git a/website/docs/integrations/atlantis.mdx b/website/docs/integrations/atlantis.mdx
@@ -673,7 +673,7 @@ on:
     branches: [ main ]
 
 env:
-  ATMOS_VERSION: 1.160.4
+  ATMOS_VERSION: 1.160.5
   ATMOS_CLI_CONFIG_PATH: ./
 
 jobs:

diff --git a/website/static/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json b/website/static/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json
@@ -231,6 +231,9 @@
         },
         "providers": {
           "$ref": "#/definitions/providers"
+        },
+        "hooks": {
+          "$ref": "#/definitions/hooks"
         }
       },
       "required": [],
@@ -735,6 +738,12 @@
       "description": "Templates section",
       "additionalProperties": true,
       "title": "templates"
+    },
+    "hooks": {
+      "type": "object",
+      "description": "Hooks section",
+      "additionalProperties": true,
+      "title": "hooks"
     }
   }
 }