Open kumaresh0 opened 7 months ago
similar issuer reported here : https://github.com/runatlantis/atlantis/issues/4308
Adding some update on this:
From console, i can see policy test results
example
Resources: {"aws_security_group.inline_invalid_security_group"}
4 tests, 2 passed, 0 warnings, 2 failures, 0 exceptions
But in PR it show unable to unmarshal conftest output
and anyone able to approve the policy failures
Community Note
Overview of the Issue
Anyone ( non policy owners ) able to approve Atlantis policy failures ( seems major bug ) I am using below server config with
custom_policy_check: true
&policy_check: true
if I use
custom_policy_check: flase
&policy_check: true
i get theunable to unmarshal conftest output
errorBut based on this documentation https://www.runatlantis.io/docs/policy-checking.html#step-2-define-the-policy-configuration we tried the config as i mentioned below
Reproduction Steps
Nothing special just used Alpine image and added the below server-side workflow and repo side workflow then triggered policy failure, if anyone comments the
atlantis approve_policies
policy failures are fixed with approvalLogs
Issue screen shot
Environment details
If not already included, please provide the following:
Atlantis flags: No custom flags ( using default flags with repo details )
ECS environment variables
Atlantis server-side config file:
Repo
atlantis.yaml
file:Our Atlantis is deployed in ECS fargate with
ghcr.io/runatlantis/atlantis:v0.27-alpine
Additional Context