Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to disable arbitrary terraform command arguments #110

Closed
sw-carlin opened this issue Apr 20, 2018 · 5 comments
Closed

Ability to disable arbitrary terraform command arguments #110

sw-carlin opened this issue Apr 20, 2018 · 5 comments
Labels
feature New functionality/enhancement

Comments

@sw-carlin
Copy link

Being able to add arbitrary arguments to the Atlantis apply comment makes it fairly easy to circumvent access restrictions to protected environments. We should be able to disable this feature.
@lkysow
Copy link
Member

lkysow commented Apr 20, 2018

Hi, can you elaborate on what you mean by this? Do you mean how you can add atlantis apply -- -var-file=foo? How does this allow access to protected environments (not saying it doesn't, just want to know the mechanism). Thanks!

@sw-carlin
Copy link
Author

In the case of my project, we're supplying the environment name as a terraform variable. So you could write something like atlantis apply -- -var="env=prod" and bam, they've deployed to prod.

@mechastorm
Copy link

mechastorm commented Apr 24, 2018
edited
Loading

@sw-carlin Would this be similar to another feature request I am also proposing at #113 ?

@sw-carlin
Copy link
Author

That's definitely related as they are using a similar multi-envrionment setup. I have decided that if my team uses Atlantis we'll convert to using workspaces which I guess solves this issue for us.

@lkysow
Copy link
Member

lkysow commented Apr 4, 2019

This can be achieved via a custom workflow that doesn't use the built-in commands and so won't allow the extra args to be applied:

workflows:
  custom:
    apply:
      steps:
      - run: terraform apply -out $PLANFILE

@lkysow lkysow closed this as completed Apr 4, 2019
@lkysow lkysow added the feature New functionality/enhancement label Apr 9, 2019
jamengual pushed a commit that referenced this issue Nov 23, 2022
@Aayyush @msarvar
Removed feature flag for PR locks (#110)
cdfc4a7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New functionality/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lkysow @mechastorm @sw-carlin