gh-team-allowlist not working

[cloudmatt]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

I'm setting the flag --gh-team-allowlist to - --gh-team-allowlist="Security:apply, Security:import" where Security is the team name of a group within my Github organization. I'm a member of that team but when I put the comment atlantis apply I get an error message saying that I'm not permitted to.

Reproduction Steps

Deploy atlantis via helm to a GKE cluster and set the following field in the values.yaml file:

extraArgs:
    - --gh-org=MYORG
    - --enable-diff-markdown-format
    - --write-git-creds
    - --hide-prev-plan-comments
    - --gh-team-allowlist="Security:apply, Security:import"

Logs

I don't see anything in the logs that seems remotely related but can provide them if helpful

Environment details

Atlantis server-side config file:

repoConfig: |
    workflows:
      terragrunt:
        plan:
          steps:
          - env:
              name: TERRAGRUNT_TFPATH
              command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
          - env:
              name: TF_IN_AUTOMATION
              value: 'true'
          - run:
              command: terragrunt plan -input=false -out=$PLANFILE
              output: strip_refreshing
          - run: terragrunt show -json $PLANFILE > $SHOWFILE
        apply:
          steps:
          - env:
              name: TERRAGRUNT_TFPATH
              command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
          - env:
              # Reduce Terraform suggestion output
              name: TF_IN_AUTOMATION
              value: 'true'
          - run: terragrunt apply -input=false $PLANFILE
    repos:
        - id: /.*/
          workflow: terragrunt
          allow_custom_workflows: true
          allowed_overrides: [apply_requirements, workflow]
          apply_requirements: [approved, mergeable, undiverged]
          import_requirements: [approved, mergeable, undiverged]
          pre_workflow_hooks:
            - run: |
                echo "generating atlantis.yaml"
                terragrunt-atlantis-config generate --output atlantis.yaml --autoplan --parallel  --workflow terragrunt
              description: Generating atlantis.yaml
              shell: bash
              shellArgs: -cv

Running the latest version of the atlantis docker image on a kubernetes cluster deployed into the GKE Autopilot cluster using the helm chart.

[jamengual]

make sure the team name is spelled exactly the same otherwise you get 404 errors and make sure atlantis has permissions to read the org

[cloudmatt]

make sure the team name is spelled exactly the same otherwise you get 404 errors and make sure atlantis has permissions to read the org

The names are spelled the same and the Github App has the right perms as far as I can tell

When I tail the logs, I don't even see a 404 or anything so I don't know what it's even doing. There is nothing in the logs even when it's set to debug level

[MichaelKora]

@cloudmatt does the GH token used for atlantis have the following scopes: ['read:org', 'read:discussion']?

[cloudmatt]

@cloudmatt does the GH token used for atlantis have the following scopes: ['read:org', 'read:discussion']?

@MichaelKora - I'm using the Github app integration so it has whatever permissions are added during that setup. I additionally just gave it discussions read permissions and still get the same error. When tailing the logs, I see nothing indicating that it's even attempting to resolve the group so I'm just stumped on why this isn't working.

level":"debug","ts":"2023-07-31T11:56:11.736Z","caller":"events/events_controller.go:103","msg":"handling GitHub post","json":{}}
{"level":"debug","ts":"2023-07-31T11:56:11.736Z","caller":"events/events_controller.go:169","msg":"request valid","json":{"gh-request-id":"X-Github-Delivery=VALUEREMOVEDFORSNIPPET"}}
{"level":"info","ts":"2023-07-31T11:56:11.737Z","caller":"events/events_controller.go:550","msg":"parsed comment as command=\"apply\" verbose=false dir=\"\" workspace=\"\" project=\"\" policyset=\"\", clear-policy-approval=false, flags=\"\"","json":{"gh-request-id":"X-Github-Delivery=VALUEREMOVEDFORSNIPPET"}}
{"level":"debug","ts":"2023-07-31T11:56:11.737Z","caller":"vcs/github_client.go:203","msg":"POST /repos/ORG/REPO/issues/comments/UIDreactions","json":{}}
{"level":"debug","ts":"2023-07-31T11:56:12.049Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.github.react_to_comment.execution_time","value":0.311784043,"tags":{},"type":"timer"}}
{"level":"debug","ts":"2023-07-31T11:56:12.049Z","caller":"events/events_controller.go:590","msg":"executing command","json":{"gh-request-id":"X-Github-Delivery=VALUEREMOVEDFORSNIPPET"}}
{"level":"debug","ts":"2023-07-31T11:56:12.049Z","caller":"server/middleware.go:72","msg":"POST /events – respond HTTP 200","json":{}}
{"level":"debug","ts":"2023-07-31T11:56:12.305Z","caller":"vcs/github_client.go:192","msg":"POST /repos/ORG/REPO/issues/565/comments","json":{}}
{"level":"debug","ts":"2023-07-31T11:56:12.412Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github.react_to_comment.execution_success","value":1,"tags":{},"type":"counter"}}
{"level":"debug","ts":"2023-07-31T11:56:12.412Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github_event.comment_created.success_200","value":1,"tags":{"base_repo":"ORG/REPO","pr_number":"565"},"type":"counter"}}
{"level":"debug","ts":"2023-07-31T11:56:13.026Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.github.create_comment.execution_time","value":0.720944141,"tags":{"base_repo":"ORG/REPO","pr_number":"565"},"type":"timer"}}
{"level":"debug","ts":"2023-07-31T11:56:13.026Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.cmd.comment.apply.execution_time","value":0.977000231,"tags":{},"type":"timer"}}
{"level":"debug","ts":"2023-07-31T11:56:13.412Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github.create_comment.execution_success","value":1,"tags":{"base_repo":"ORG/REPO","pr_number":"565"},"type":"counter"}}

[jamengual]

the github app permission when you set it up dos not add permissions for this option , that is why you need to add additional permissions after and I believe is documented.

On Mon, Jul 31, 2023, 4:59 a.m. Matt @.***> wrote:

@cloudmatt https://github.com/cloudmatt does the GH token used for atlantis have the following scopes: ['read:org', 'read:discussion']?

@MichaelKora https://github.com/MichaelKora - I'm using the Github app integration so it has whatever permissions are added during that setup. I additionally just gave it discussions read permissions and still get the same error. When tailing the logs, I see nothing indicating that it's even attempting to resolve the group so I'm just stumped on why this isn't working.

level":"debug","ts":"2023-07-31T11:56:11.736Z","caller":"events/events_controller.go:103","msg":"handling GitHub post","json":{}} {"level":"debug","ts":"2023-07-31T11:56:11.736Z","caller":"events/events_controller.go:169","msg":"request valid","json":{"gh-request-id":"X-Github-Delivery=VALUEREMOVEDFORSNIPPET"}} {"level":"info","ts":"2023-07-31T11:56:11.737Z","caller":"events/events_controller.go:550","msg":"parsed comment as command=\"apply\" verbose=false dir=\"\" workspace=\"\" project=\"\" policyset=\"\", clear-policy-approval=false, flags=\"\"","json":{"gh-request-id":"X-Github-Delivery=VALUEREMOVEDFORSNIPPET"}} {"level":"debug","ts":"2023-07-31T11:56:11.737Z","caller":"vcs/github_client.go:203","msg":"POST /repos/ORG/REPO/issues/comments/UIDreactions","json":{}} {"level":"debug","ts":"2023-07-31T11:56:12.049Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.github.react_to_comment.execution_time","value":0.311784043,"tags":{},"type":"timer"}} {"level":"debug","ts":"2023-07-31T11:56:12.049Z","caller":"events/events_controller.go:590","msg":"executing command","json":{"gh-request-id":"X-Github-Delivery=VALUEREMOVEDFORSNIPPET"}} {"level":"debug","ts":"2023-07-31T11:56:12.049Z","caller":"server/middleware.go:72","msg":"POST /events – respond HTTP 200","json":{}} {"level":"debug","ts":"2023-07-31T11:56:12.305Z","caller":"vcs/github_client.go:192","msg":"POST /repos/ORG/REPO/issues/565/comments","json":{}} {"level":"debug","ts":"2023-07-31T11:56:12.412Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github.react_to_comment.execution_success","value":1,"tags":{},"type":"counter"}} {"level":"debug","ts":"2023-07-31T11:56:12.412Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github_event.comment_created.success_200","value":1,"tags":{"base_repo":"ORG/REPO","pr_number":"565"},"type":"counter"}} {"level":"debug","ts":"2023-07-31T11:56:13.026Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.github.create_comment.execution_time","value":0.720944141,"tags":{"base_repo":"ORG/REPO","pr_number":"565"},"type":"timer"}} {"level":"debug","ts":"2023-07-31T11:56:13.026Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.cmd.comment.apply.execution_time","value":0.977000231,"tags":{},"type":"timer"}} {"level":"debug","ts":"2023-07-31T11:56:13.412Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github.create_comment.execution_success","value":1,"tags":{"base_repo":"ORG/REPO","pr_number":"565"},"type":"counter"}}

— Reply to this email directly, view it on GitHub https://github.com/runatlantis/atlantis/issues/3627#issuecomment-1658230813, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQ3ERA35HMJPVYN2GFWB3TXS6M2LANCNFSM6AAAAAA2ZHQCHY . You are receiving this because you commented.Message ID: @.***>

[cloudmatt]

@jamengual - I have all the permissions on the Github app as indicated in the docs. I don't know what else more it could need? As shown in the error logs in my previous comment, there's nothing indicating it event attempting to resolve the group (no error or anything).

[jamengual]

what version of Atlantis ? if you just upgraded it , I would try to go back a few versions and see if it works.

On Mon, Jul 31, 2023, 9:09 a.m. Matt @.***> wrote:

@jamengual https://github.com/jamengual - I have all the permissions on the Github app as indicated in the docs https://www.runatlantis.io/docs/access-credentials.html#github-app. I don't know what else more it could need? As shown in the error logs in my previous comment, there's nothing indicating it event attempting to resolve the group (no error or anything).

— Reply to this email directly, view it on GitHub https://github.com/runatlantis/atlantis/issues/3627#issuecomment-1658696398, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQ3ERHYJ3QOGVNWQOQOOFLXS7KB5ANCNFSM6AAAAAA2ZHQCHY . You are receiving this because you were mentioned.Message ID: @.***>

[cloudmatt]

I tried downgrading to v0.23.5 to the latest version of the last 'major' release but now I just get

Error: initializing server: parsing /etc/atlantis/repos.yaml file: workflows: (terragrunt: (plan: (steps: (2: "run" is not a valid step type.).).).).

repoConfig: |
    workflows:
      terragrunt:
        plan:
          steps:
          - env:
              name: TERRAGRUNT_TFPATH
              command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
          - env:
              name: TF_IN_AUTOMATION
              value: 'true'
          - run:
              command: terragrunt plan -input=false -out=$PLANFILE
              output: strip_refreshing
          - run: terragrunt show -json $PLANFILE > $SHOWFILE
        apply:
          steps:
          - env:
              name: TERRAGRUNT_TFPATH
              command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
          - env:
              # Reduce Terraform suggestion output
              name: TF_IN_AUTOMATION
              value: 'true'
          - run: terragrunt apply -input=false $PLANFILE

the docs say run is a step so I don't know what else to do here. Is there a different version I could test with? Or just randomly keep picking old versions until I find one that works? I'm a bit stumped on what to do here because there's just no error logging for this gh-team-allowlist showing up anywhere 😕

Well now I've downgraded and I can't even run plan now so that's an improvement 😢

[cloudmatt]

Okay - so it looks like maybe the helm chart isn't passing the value in correctly. I switched to using the ATLANTIS_GH_TEAM_ALLOWLIST env var and that seems to have resolved it?

[jamengual]

in latest or 0.23?

On Tue, Aug 1, 2023 at 6:48 AM Matt @.***> wrote:

Okay - so it looks like maybe the helm chart isn't passing the value in correctly. I switched to using the ATLANTIS_GH_TEAM_ALLOWLIST env var and that seems to have resolved it?

— Reply to this email directly, view it on GitHub https://github.com/runatlantis/atlantis/issues/3627#issuecomment-1660373367, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQ3ERHLNOOKXO2H3E2K7HDXTECLBANCNFSM6AAAAAA2ZHQCHY . You are receiving this because you were mentioned.Message ID: @.***>

[cloudmatt]

in latest or 0.23?

On Tue, Aug 1, 2023 at 6:48 AM Matt @.***> wrote:

Okay - so it looks like maybe the helm chart isn't passing the value in

correctly. I switched to using the ATLANTIS_GH_TEAM_ALLOWLIST env var and

that seems to have resolved it?

—

Reply to this email directly, view it on GitHub

https://github.com/runatlantis/atlantis/issues/3627#issuecomment-1660373367,

or unsubscribe

https://github.com/notifications/unsubscribe-auth/AAQ3ERHLNOOKXO2H3E2K7HDXTECLBANCNFSM6AAAAAA2ZHQCHY

.

You are receiving this because you were mentioned.Message ID:

@.***>

Both. Upgraded back to latest and observed the same behavior

[jamengual]

if the HELM chart is not doing that right, please feel free to create a PR. I'm glad you found out the issue.

[carlitos081]

Hello, I have the same issue, this are the permission on my token:

This is the configuration on my helm chart:

            - name: ATLANTIS_GH_TEAM_ALLOWLIST
              value: "ambt:plan, ambt:apply"

This is on my pod:

atlantis-79cfc75cb5-c7tvx:~$ env | grep GH
ATLANTIS_GH_TEAM_ALLOWLIST=ambt:plan, ambt-atlantis-github-prod:apply
ATLANTIS_GH_HOSTNAME=ghe.megaleo.com
ATLANTIS_GH_TOKEN=<RETRACTED>
ATLANTIS_GH_WEBHOOK_SECRET=<RETRACTED>
ATLANTIS_GH_USER=ambt-atlantis-prod
atlantis-79cfc75cb5-c7tvx:~$ 

this is my team in github:

This is the issue I'm getting:

This is the log from atlantis pod:

{"level":"debug","ts":"2024-01-03T11:12:12.065Z","caller":"events/events_controller.go:169","msg":"request valid","json":{"gh-request-id":"X-Github-Delivery=d6393070-aa28-11ee-80bc-4665a01cc370"}}
{"level":"info","ts":"2024-01-03T11:12:12.067Z","caller":"events/events_controller.go:550","msg":"parsed comment as command=\"plan\" verbose=false dir=\"\" workspace=\"\" project=\"\" policyset=\"\", clear-policy-approval=false, flags=\"\"","json":{"gh-request-id":"X-Github-Delivery=d6393070-aa28-11ee-80bc-4665a01cc370"}}
{"level":"debug","ts":"2024-01-03T11:12:12.067Z","caller":"vcs/github_client.go:203","msg":"POST /repos/ambt/terraform-artifactory-gcp/issues/comments/1637386/reactions","json":{}}
{"level":"debug","ts":"2024-01-03T11:12:12.289Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.github.react_to_comment.execution_time","value":0.222623376,"tags":{},"type":"timer"}}
{"level":"debug","ts":"2024-01-03T11:12:12.289Z","caller":"events/events_controller.go:590","msg":"executing command","json":{"gh-request-id":"X-Github-Delivery=d6393070-aa28-11ee-80bc-4665a01cc370"}}
{"level":"debug","ts":"2024-01-03T11:12:12.289Z","caller":"server/middleware.go:72","msg":"POST /events – respond HTTP 200","json":{}}
{"level":"debug","ts":"2024-01-03T11:12:12.359Z","caller":"vcs/github_client.go:192","msg":"POST /repos/ambt/terraform-artifactory-gcp/issues/21/comments","json":{}}
{"level":"debug","ts":"2024-01-03T11:12:12.668Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github_event.comment_created.success_200","value":1,"tags":{"base_repo":"ambt/terraform-artifactory-gcp","pr_number":"21"},"type":"counter"}}
{"level":"debug","ts":"2024-01-03T11:12:12.668Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github.react_to_comment.execution_success","value":1,"tags":{},"type":"counter"}}
{"level":"debug","ts":"2024-01-03T11:12:12.719Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.github.create_comment.execution_time","value":0.360236452,"tags":{"base_repo":"ambt/terraform-artifactory-gcp","pr_number":"21"},"type":"timer"}}
{"level":"debug","ts":"2024-01-03T11:12:12.719Z","caller":"metrics/debug.go:52","msg":"timer","json":{"name":"atlantis.cmd.comment.plan.execution_time","value":0.429502396,"tags":{},"type":"timer"}}
{"level":"debug","ts":"2024-01-03T11:12:12.738Z","caller":"server/middleware.go:45","msg":"POST /events – from 10.192.0.6:56466","json":{}}
{"level":"debug","ts":"2024-01-03T11:12:12.738Z","caller":"events/events_controller.go:103","msg":"handling GitHub post","json":{}}
{"level":"debug","ts":"2024-01-03T11:12:12.750Z","caller":"events/events_controller.go:169","msg":"request valid","json":{"gh-request-id":"X-Github-Delivery=d6a363f0-aa28-11ee-804e-e76e98ffdd03"}}
{"level":"debug","ts":"2024-01-03T11:12:12.750Z","caller":"server/middleware.go:72","msg":"POST /events – respond HTTP 200","json":{}}
{"level":"debug","ts":"2024-01-03T11:12:13.668Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github_event.comment_created.success_200","value":1,"tags":{"base_repo":"ambt/terraform-artifactory-gcp","pr_number":"21"},"type":"counter"}}
{"level":"debug","ts":"2024-01-03T11:12:13.668Z","caller":"metrics/debug.go:42","msg":"counter","json":{"name":"atlantis.github.create_comment.execution_success","value":1,"tags":{"base_repo":"ambt/terraform-artifactory-gcp","pr_number":"21"},"type":"counter"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.cpu.goroutines","value":10,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.cpu.cgo_calls","value":0,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.stack.sys","value":325920,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.stack.mspan_inuse","value":277368,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.stack.mcache_inuse","value":19200,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.stack.mcache_sys","value":31200,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.stack.inuse","value":1114112,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.total","value":24685104,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.sys","value":24878096,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.lookups","value":0,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.malloc","value":175924,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.frees","value":147723,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.othersys","value":3105038,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.alloc","value":5822592,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.gc.sys","value":4633480,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.gc.next","value":9890000,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.gc.last","value":1704280316668990700,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.gc.pause_total","value":732679,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.gc.count","value":9,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.heap.objects","value":28201,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.heap.alloc","value":5822592,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.heap.sys","value":15663104,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.heap.idle","value":7331840,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.heap.inuse","value":8331264,"tags":{},"type":"gauge"}}
{"level":"debug","ts":"2024-01-03T11:12:16.668Z","caller":"metrics/debug.go:47","msg":"gauge","json":{"name":"atlantis.scheduled.runtime.memory.heap.released","value":4038656,"tags":{},"type":"gauge"}}

I really don't know what to do anymore, I know the ATLANTIS_GH_TEAM_ALLOWLIST get read as if I remove it it works without issue, it also work when i set it to ATLANTIS_GH_TEAM_ALLOWLIST=*:plan

Atlantis version v0.25.0 Any help?

[carlitos081]

It was that the atlantis service account which is a github user was not in the organization as my github team

[jamengual]

@cloudmatt is this still an issue?