Skip to content

Commit

Permalink
fix(atlantis): allow .gitconfig write (#407)
Browse files Browse the repository at this point in the history
* fix(atlantis): allow .gitconfig write
  • Loading branch information
GMartinez-Sisti authored Jul 18, 2024
1 parent 18825fb commit 58ecee7
Show file tree
Hide file tree
Showing 8 changed files with 127 additions and 9 deletions.
2 changes: 1 addition & 1 deletion charts/atlantis/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: v1
appVersion: v0.28.3
description: A Helm chart for Atlantis https://www.runatlantis.io
name: atlantis
version: 5.4.0
version: 5.4.1
keywords:
- terraform
home: https://www.runatlantis.io
Expand Down
3 changes: 2 additions & 1 deletion charts/atlantis/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ extraManifests:
| extraVolumes | list | `[]` | Optionally specify additional volumes for the pod. Check values.yaml for examples. |
| fullnameOverride | string | `""` | Provide a name to substitute for the full names of resources. |
| gitconfig | string | `""` | When referencing Terraform modules in private repositories, it may be helpful (necessary?) to use redirection in a .gitconfig. Check values.yaml for examples. |
| gitconfigReadOnly | bool | `true` | When true gitconfig file is mounted as read only. When false, the gitconfig value will be copied to '/home/atlantis/.gitconfig' before starting the atlantis process, instead of being mounted as a file. |
| gitconfigSecretName | string | `""` | If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name |
| github | object | `{}` | If using GitHub, please enter your values as follows. The chart will perform the base64 encoding for values that are stored in secrets. The 'hostname' key is exclusive to GitHub Enterprise installations. Check values.yaml for examples. |
| githubApp | object | `{}` | If using a GitHub App, please enter your values as follows. The chart will perform the base64 encoding for you for values that are stored in secrets. installationId is necessary when there are multiple installs of the Github App. Check values.yaml for examples. |
Expand Down Expand Up @@ -404,4 +405,4 @@ make unit-test-run-atlantis
```

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.0](https://github.com/norwoodj/helm-docs/releases/v1.14.0)
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
18 changes: 18 additions & 0 deletions charts/atlantis/templates/configmap-gitconfig-init.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{{- if not .Values.gitconfigReadOnly }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "atlantis.fullname" . }}-gitconfig-init
labels:
{{- include "atlantis.labels" . | nindent 4 }}
{{- with .Values.extraAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
gitconfig-init.sh: |
#!/bin/sh
set -ex
cp -v /etc/.gitconfig /home/atlantis/.gitconfig
chown -v atlantis /home/atlantis/.gitconfig
{{- end }}
24 changes: 20 additions & 4 deletions charts/atlantis/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -105,14 +105,21 @@ spec:
{{- if .Values.gitconfig }}
- name: gitconfig-volume
secret:
defaultMode: 0660
secretName: {{ template "atlantis.fullname" . }}-gitconfig
{{- else if .Values.gitconfigSecretName }}
- name: gitconfig-volume
secret:
defaultMode: 0660
secretName: {{ .Values.gitconfigSecretName }}
{{- end }}
{{- if not .Values.gitconfigReadOnly }}
- name: gitconfig-init
configMap:
name: {{ template "atlantis.fullname" . }}-gitconfig-init
items:
- key: gitconfig-init.sh
path: gitconfig-init.sh
mode: 0555
{{- end }}
{{- if .Values.netrc }}
- name: netrc-volume
secret:
Expand Down Expand Up @@ -216,10 +223,10 @@ spec:
{{- end }}
{{- if .Values.command }}
command:
{{- range .Values.command }}
{{- range .Values.command }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}
args:
- server
{{- if .Values.config }}
Expand Down Expand Up @@ -536,9 +543,18 @@ spec:
{{- if or .Values.gitconfig .Values.gitconfigSecretName }}
- name: gitconfig-volume
readOnly: true
{{- if .Values.gitconfigReadOnly }}
mountPath: /home/atlantis/.gitconfig
{{- else }}
mountPath: /etc/.gitconfig
{{- end }}
subPath: gitconfig
{{- end }}
{{- if not .Values.gitconfigReadOnly }}
- name: gitconfig-init
mountPath: /docker-entrypoint.d/gitconfig-init.sh
subPath: gitconfig-init.sh
{{- end }}
{{- if or .Values.netrc .Values.netrcSecretName }}
- name: netrc-volume
readOnly: true
Expand Down
35 changes: 35 additions & 0 deletions charts/atlantis/tests/configmap-gitconfig-init_test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
suite: test configmap-gitconfig-init for gitconfig
templates:
- configmap-gitconfig-init.yaml
release:
name: my-release
tests:
- it: default values
template: configmap-gitconfig-init.yaml
asserts:
- hasDocuments:
count: 0
- it: gitconfig-read-write
template: configmap-gitconfig-init.yaml
set:
gitconfigReadOnly: false
commonLabels:
team: "infra"
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- isAPIVersion:
of: v1
- equal:
path: metadata.name
value: my-release-atlantis-gitconfig-init
- equal:
path: data["gitconfig-init.sh"]
value: |
#!/bin/sh
set -ex
cp -v /etc/.gitconfig /home/atlantis/.gitconfig
chown -v atlantis /home/atlantis/.gitconfig
44 changes: 41 additions & 3 deletions charts/atlantis/tests/statefulset_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -322,19 +322,19 @@ tests:
mountPath: /var/secrets/gcp-staging
name: gcp-staging
readOnly: true
- it: gitconfig
- it: gitconfig-read-only
template: statefulset.yaml
set:
gitconfig: |
[url "https://YOUR_GH_TOKEN@github.com"]
insteadOf = https://github.com
gitconfigReadOnly: true
asserts:
- equal:
path: spec.template.spec.volumes[1]
value:
name: gitconfig-volume
secret:
defaultMode: 432
secretName: my-release-atlantis-gitconfig
- equal:
path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
Expand All @@ -344,6 +344,45 @@ tests:
name: gitconfig-volume
readOnly: true
subPath: gitconfig
- it: gitconfig-read-write
template: statefulset.yaml
set:
gitconfig: |
[url "https://YOUR_GH_TOKEN@github.com"]
insteadOf = https://github.com
gitconfigReadOnly: false
asserts:
- equal:
path: spec.template.spec.volumes[?(@.name == "gitconfig-volume")]
value:
name: gitconfig-volume
secret:
secretName: my-release-atlantis-gitconfig
- equal:
path: spec.template.spec.volumes[?(@.name == "gitconfig-init")]
value:
name: gitconfig-init
configMap:
name: my-release-atlantis-gitconfig-init
items:
- key: gitconfig-init.sh
path: gitconfig-init.sh
mode: 0555
- equal:
path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
"gitconfig-volume")]
value:
mountPath: /etc/.gitconfig
name: gitconfig-volume
readOnly: true
subPath: gitconfig
- equal:
path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
"gitconfig-init")]
value:
mountPath: /docker-entrypoint.d/gitconfig-init.sh
name: gitconfig-init
subPath: gitconfig-init.sh
- it: gitconfigSecretName
template: statefulset.yaml
set:
Expand All @@ -354,7 +393,6 @@ tests:
value:
name: gitconfig-volume
secret:
defaultMode: 432
secretName: atlantis-gitconfig
- equal:
path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
Expand Down
5 changes: 5 additions & 0 deletions charts/atlantis/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,11 @@
"type": "string",
"description": "Contents of a file to be mounted to `~/.gitconfig`. Use to allow redirection for Terraform modules in private git repositories."
},
"gitconfigReadOnly": {
"type": "boolean",
"default": "true",
"description": "When true gitconfig file is mounted as read only. When false, the gitconfig value will be copied to '/home/atlantis/.gitconfig' before starting the atlantis process instead of being mounted as a file."
},
"gitconfigSecretName": {
"type": "string",
"description": "Name of a pre-existing Kubernetes `Secret` containing a `gitconfig` key. Use this instead of `gitconfig` (optional)"
Expand Down
5 changes: 5 additions & 0 deletions charts/atlantis/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ gitconfig: ""
# insteadOf = ssh://git@gitlab.com
# Source: https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token

# -- When true gitconfig file is mounted as read only.
# When false, the gitconfig value will be copied to '/home/atlantis/.gitconfig' before starting the atlantis process,
# instead of being mounted as a file.
gitconfigReadOnly: true

# -- If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name
gitconfigSecretName: ""

Expand Down

0 comments on commit 58ecee7

Please sign in to comment.