atlantis icon indicating copy to clipboard operation
atlantis copied to clipboard
verified publisher icon runatlantis

Atlantis should expose the SCM's username who summoned it as an env variable

Open marcosdiez opened this issue 2 years ago • 4 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

We run atlantis on AWS. It works great, but it renders CloudTrail useless, for every single change in our environment is done by atlantis.

If atlantis could provide an environmental variable called TFVAR_SCM_USERNAME, one could get that value from terraform and use it in the session_name in the aws provider (example):

provider "aws" {
  region = "us-east-1"
  assume_role {
    role_arn     = "arn:aws:iam::XXXXXXXXXXXXXX:role/Atlantis"
    session_name = "terraform-atlantis-${var.SCM_USERNAME)"
  }

and that would make cloud trail more interesting.

We could even create one role per github username and then each user could only do whatever he would have permission to.

I have not used terraform with other clouds, but I believe they would also profit from this env variable. Maybe the Pull Request (or Merge Request) URL as well.

marcosdiez avatar Jul 28 '23 22:07 marcosdiez

What about extending this to basically allow for any member to become an env var?

chb0github avatar Oct 13 '23 16:10 chb0github

Please give us an example.

On Fri, Oct 13, 2023 at 9:48 AM Christian Bongiorno < @.***> wrote:

What about extending this to basically allow for any member to become an env var?

— Reply to this email directly, view it on GitHub https://github.com/runatlantis/atlantis/issues/3634#issuecomment-1761813876, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQ3ERASUV4DKTF5CF7OIKLX7FWG7ANCNFSM6AAAAAA24AZFDU . You are receiving this because you are subscribed to this thread.Message ID: @.***>

jamengual avatar Oct 13 '23 16:10 jamengual

Sorry, when I said "member" I meant any part of the web hook it receives (member of the payload), so that it can be embedded.

I am just offering to generalize the request to extract more than just the SCM user.

chb0github avatar Oct 13 '23 19:10 chb0github

It would be great if we could have at least:

  • SCM (github/gitlab/etc)
  • github_organization (and the equivalent for gitlab), example: runatlantis
  • github_project (and the equivalent for gitlab), example: atlantis
  • pull_request number (and the equivalent for gitlab), example: 3634
  • scm_user who triggered the atlantis plan/apply

marcosdiez avatar Oct 13 '23 20:10 marcosdiez