Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update CLI for Terraform state backend #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 19, 2020
Merged

Update CLI for Terraform state backend #7

merged 6 commits into from
Nov 19, 2020

Conversation

@aknysh
Copy link
Member

@aknysh aknysh commented Nov 19, 2020
edited
Loading

what

  • Update CLI for Terraform state backend

why

  • Move the backend config logic from the variant files into YAML configuration
  • Separate the backend configs from Terraform configs - do not pollute Terraform vars with not-related variables
  • Make terraform-backend.variant completely generic - it will work with any backends (e.g. s3, remote) and is completely configuration driven

@aknysh aknysh requested a review from osterman November 19, 2020 22:00
@aknysh aknysh requested a review from a team as a code owner November 19, 2020 22:00
@aknysh aknysh self-assigned this Nov 19, 2020
@osterman
Copy link
Member

osterman commented Nov 19, 2020

This looks excellent! =)

@aknysh aknysh merged commit de31b28 into master Nov 19, 2020
@aknysh aknysh deleted the update-tf-backend branch November 19, 2020 22:52
osterman
osterman reviewed Nov 19, 2020
View reviewed changes
example/stacks/terraform-backend.yaml
@@ -0,0 +1,61 @@
type: s3
Copy link
Member

@osterman osterman Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hrmm... type at the top-level sounds too generic.

What if we had:

terraform:
  remote_backend: s3
  backend:
    s3:

Copy link
Member Author

@aknysh aknysh Nov 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will improve that in the next PR

osterman added a commit that referenced this pull request Nov 4, 2025
@osterman
Add Auth Default Settings PRD and integrate with Atmos Profiles
19e31ba 
This implements the auth.defaults configuration for deterministic
identity selection, solving the CI "multiple defaults" problem.

**New PRD: Auth Default Settings (auth-default-settings.md)**

Schema Addition:
- auth.defaults.identity (string) - Selected default identity
- auth.defaults.session (SessionConfig) - Global session defaults
- auth.defaults.console (ConsoleConfig) - Global console defaults
- auth.defaults.keyring (KeyringConfig) - Global keyring defaults

Identity Selection Precedence:
1. --identity=explicit (CLI flag)
2. ATMOS_IDENTITY (env var)
3. auth.defaults.identity (selected default) ← NEW
4. identity.default: true (favorites)
5. Error: no default identity

Key Concepts:
- auth.defaults.identity = "Selected default" (single, deterministic)
- identity.default: true = "Favorites" (multiple, interactive)
- Profiles use auth.defaults.identity for deterministic behavior
- Base config can use favorites without breaking CI

**Updates to Atmos Profiles PRD:**

Dependencies Section:
- Added reference to Auth Default Settings PRD
- Added challenge #7: Identity selection in CI

CI Profile Example:
- Updated to use auth.defaults.identity
- Fixed Gomplate syntax: {{ env "GITHUB_RUN_ID" }}
- Added session duration defaults
- Documented precedence chain and CI behavior

Developer Profile Example:
- Shows combined pattern: auth.defaults.identity + identity.default: true
- Demonstrates selected default + favorites for quick switching
- Added multiple identities (sandbox + prod)
- Documented usage patterns and benefits

Integration Section:
- Added "Integration with Auth Default Settings" section
- Problem/solution comparison (with/without auth.defaults)
- Three usage patterns: CI, Developer, Base Config
- Precedence with profiles active
- Key benefits for profiles

Technical Dependencies:
- Added auth-default-settings.md as explicit dependency

**Why This Design:**

Problem: Multiple identity.default: true causes errors in CI (no TTY)
Solution: auth.defaults.identity provides deterministic selection
Benefit: Profiles can encapsulate auth config for specific environments

Use Cases:
- CI profiles: Set auth.defaults.identity for non-interactive
- Developer profiles: Combine selected default + favorites
- Base config: Use favorites only (forces profile/explicit selection in CI)

Implementation: Both PRDs will be implemented together as they are
tightly coupled - profiles need auth.defaults for CI use cases.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@osterman osterman osterman approved these changes

Assignees

@aknysh aknysh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aknysh @osterman