Open bentmann opened 2 years ago
osterman
commented
2 years ago Yes, we're willing to remove/update any of those things that tied this module to our fork now that https://github.com/runatlantis/atlantis/pull/1694 finally made it in!
@jamengual is I think working on something to this end. @aknysh has been working to fix some upstream modules that needed to be updated for our recent security group changes.
jamengual
commented
2 years ago @bentmann you remember me?
I'm going to start working on updating this module and the upstream modules to be able to use the latest version and new features.
I think the Parameter store part will change a bit to make use of other CloudPosse modules that allow for simpler config file injection.
bentmann
commented
2 years ago Yup, I remember you PePe :-), it's a small world.
I'm going to start working on updating this module and the upstream modules to be able to use the latest version and new features.
Sweet, looking forward to the result.
As mentioned in https://github.com/cloudposse/terraform-aws-ecs-atlantis#caveats, this module is geared towards a fork of atlantis. That fork seems no longer actively maintained. Further the feature added to this fork, namely the "ability to restrict plan and apply to GitHub teams", has recently been integrated into the official atlantis via https://github.com/runatlantis/atlantis/pull/1694.
All in all we have a desire to use the official atlantis version. Using this Terraform module, we ran into a small issue with that: The parameter names for the GitHub team feature differ. In the forked version, it was gh-team-whitelist, in the official version, it became gh-team-allowlist (cf. https://www.runatlantis.io/docs/server-configuration.html#gh-team-allowlist).
As a consequence, the SSM parameter store entry name created in https://github.com/cloudposse/terraform-aws-ecs-atlantis/blob/0.24.1/main.tf#L232 does not match what the official atlantis ultimately needs as input.
I don't know whether the forked version still needs to be supported or not which would determine whether the existing parameter name could just be updated or whether it's safer to just write the setting to both the old and new name.