Releases: runatlantis/terraform-gce-atlantis
v2.1.1
🚀 Enhancements
Allow configuring Shielded VM options @kpocius (#113)
Secure Boot (enabled in #93 -- my bad) causes issues when updating COS image, as noted by @dennislapchenko in #112. This is because it saves the known boot configuration and compares to it upon instance restart, but since we're swapping out the image, it fails.
One way around it is to run gcloud compute instances update <atlantis-vm-name> --shielded-learn-integrity-policy
, but there's no way to handle it gracefully in terraform.
This PR introduces an option to turn off secure boot, but does not change the current default behavior as it would cause instances to be recreated.
However, long term it would probably make sense to have secure boot set to off by default for most but the most locked down deployments. Otherwise as it currently stands, the instance needs to be either manually removed or the command given above needs to be executed after each COS update.
v2.1.0
Allow pinning vm's machine image, instead of always using latest …stable/cos_cloud @dennislapchenko (#112)
what
- Machine image is now pinnable
- Check the difference between two commits. If we keep only the first commit then
full
image name needs to be passed everytime. After the second commit you can just provide the short name and it will be verified. One drawback is that this it's not possible to move away from cos images, which probably is not desired anyway.
why
- Not always you would want to stay on the latest cos image. Not always you want to update it if you're performing other changes.
- It also seems that not all latest
cos
images work well with atlantis/secure vm configurations.. Just today i was making tweaks to the module and latest image got deployed too. As a result backend never could be reached.. could not find any logs as to why this happened, but reverting the image instantly fixed the issue.
v2.0.0
Breaking changes (OS Login, Secure Boot & Labels) @bschaatsbergen (#109)
what
- Introduces several breaking changes
- Feature: OS Login
- Feature: Secure Boot
- Feature: Labels
why
- These features were requested by the community
v1.3.1
Delete IAP example @bschaatsbergen (#108)
what
- Removed the IAP example
why
- IAP is extensively documented in the root README
- The IAP example created an IAP client that was missing a callback url, this is not possible to define in Terraform.
v1.3.0
🐛 Bug Fixes
examples: remove project from google_iap_client @tpolekhin (#106)
╷
│ Error: Unsupported argument
│
│ on modules/atlantis/iap.tf line 16, in resource "google_iap_client" "atlantis":
│ 16: project = var.project_id
│
│ An argument named "project" is not expected here.
╵
what
A small change to IAP example I found during my deployment
why
To make it work
references
- Use
Closes #123
, if this PR closes a GitHub issue#123
- If possible, link to the relevant documentation to add some context.
v1.2.14
🚀 Enhancements
Set `privileged` to `false` @bschaatsbergen (#104)
what
- When a container is given privileged mode it receives all permissions the host has, it's currently set to
true
but we should set it tofalse
as it doesn't affect the atlantis installation.
why
- Doesn't affect the atlantis installation.
references
- Closes #102
v1.2.13
fix: ignore lock file for terraform-docs @nitrocode (#103)
what
- ignore lock file for terraform-docs
why
- This maintains the
> x.y.z
qualifier in the readme docs for providers instead of reading resolved provider versionsa.b.c
directly from the lock file
references
v1.2.12
🚀 Enhancements
Adding IAP example and output for IAP backend service @cblkwell (#96)
what
This PR adds an additional output for the name of the IAP backend service, which is used as an input for the permissions binding used to gate access to the IAP-protected Atlantis deployment.
It also adds an additional example showing how to use IAP to protect Atlantis.
why
The output eliminates the need to pull the name of the service via a data source (which would require the name to get the data source, so...) which also helps Terraform determine order of operations.
IAP has enough extra configuration I thought it worthy of describing in more detail, especially since I suspect most people will not want to have their UI just hanging out there on the internet.
references
v1.2.11
🚀 Enhancements
Add redirect to domain for unmatched requests @kpocius (#95)
what
- Add
default_url_redirect
togoogle_compute_url_map
when IAP is enabled
why
- Even with IAP enabled, if you go to load balancer IP, you're taken straight to Atlantis UI, bypassing any authentication. This is because by default unmatched requests are handled by the
default
service
references
v1.2.10
Set sample rate to 1 @bschaatsbergen (#94)
what
- Fix idempotency issue with IAP backend log config
why
- Causes state diff on refresh