Skip to content

Commit

Permalink
Remove option to allow repo
Browse files Browse the repository at this point in the history
  • Loading branch information
lukemassa committed Nov 4, 2023
1 parent 8a87d2e commit 0d4e308
Show file tree
Hide file tree
Showing 11 changed files with 241 additions and 291 deletions.
13 changes: 0 additions & 13 deletions cmd/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ const (
ADHostnameFlag = "azuredevops-hostname"
AllowCommandsFlag = "allow-commands"
AllowForkPRsFlag = "allow-fork-prs"
AllowRepoConfigFlag = "allow-repo-config"
AtlantisURLFlag = "atlantis-url"
AutomergeFlag = "automerge"
ParallelPlanFlag = "parallel-plan"
Expand Down Expand Up @@ -424,13 +423,6 @@ var boolFlags = map[string]boolFlag{
description: "Allow Atlantis to run on pull requests from forks. A security issue for public repos.",
defaultValue: false,
},
AllowRepoConfigFlag: {
description: "Allow repositories to use atlantis.yaml files to customize the commands Atlantis runs." +
" Should only be enabled in a trusted environment since it enables a pull request to run arbitrary commands" +
" on the Atlantis server.",
defaultValue: false,
hidden: true,
},
AutoplanModules: {
description: "Automatically plan projects that have a changed module from the local repository.",
defaultValue: false,
Expand Down Expand Up @@ -1119,11 +1111,6 @@ func (s *ServerCmd) deprecationWarnings(userConfig *server.UserConfig) error {
jsonCfg += fmt.Sprintf(`, "apply_requirements":["%s"]`, strings.Join(commandReqs, "\", \""))
jsonCfg += fmt.Sprintf(`, "import_requirements":["%s"]`, strings.Join(commandReqs, "\", \""))
}
if userConfig.AllowRepoConfig {
deprecatedFlags = append(deprecatedFlags, AllowRepoConfigFlag)
yamlCfg += "\n allowed_overrides: [plan_requirements, apply_requirements, import_requirements, workflow, policy_check]\n allow_custom_workflows: true"
jsonCfg += `, "allowed_overrides":["plan_requirements","apply_requirements","import_requirements","workflow", "policy_check"], "allow_custom_workflows":true`
}
jsonCfg += "}]}"

if len(deprecatedFlags) > 0 {
Expand Down
1 change: 0 additions & 1 deletion cmd/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ var testFlags = map[string]interface{}{
AtlantisURLFlag: "url",
AllowCommandsFlag: "version,plan,unlock,import,approve_policies", // apply is disabled by DisableApply
AllowForkPRsFlag: true,
AllowRepoConfigFlag: true,
AutomergeFlag: true,
AutoplanFileListFlag: "**/*.tf,**/*.yml",
BitbucketBaseURLFlag: "https://bitbucket-base-url.com",
Expand Down
8 changes: 4 additions & 4 deletions server/controllers/events/events_controller_e2e_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1272,10 +1272,10 @@ func setupE2E(t *testing.T, repoDir string, opt setupOption) (events_controllers
parser := &config.ParserValidator{}

globalCfgArgs := valid.GlobalCfgArgs{
RepoConfigFile: opt.repoConfigFile,
AllowRepoCfg: true,
MergeableReq: false,
ApprovedReq: false,
RepoConfigFile: opt.repoConfigFile,
AllowAllRepoSettings: true,
MergeableReq: false,
ApprovedReq: false,
PreWorkflowHooks: []*valid.WorkflowHook{
{
StepName: "global_hook",
Expand Down
33 changes: 12 additions & 21 deletions server/core/config/parser_validator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ import (
)

var globalCfgArgs = valid.GlobalCfgArgs{
AllowRepoCfg: true,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
AllowAllRepoSettings: true,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
}

var globalCfg = valid.NewGlobalCfgFromArgs(globalCfgArgs)
Expand Down Expand Up @@ -105,7 +105,6 @@ func TestParseCfgs_InvalidYAML(t *testing.T) {
_, err = r.ParseRepoCfg(tmpDir, globalCfg, "", "")
ErrContains(t, c.expErr, err)
globalCfgArgs := valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand Down Expand Up @@ -1146,7 +1145,6 @@ workflows:

r := config.ParserValidator{}
globalCfgArgs := valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand All @@ -1159,7 +1157,6 @@ workflows:
func TestParseGlobalCfg_NotExist(t *testing.T) {
r := config.ParserValidator{}
globalCfgArgs := valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand All @@ -1170,7 +1167,6 @@ func TestParseGlobalCfg_NotExist(t *testing.T) {

func TestParseGlobalCfg(t *testing.T) {
globalCfgArgs := valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand Down Expand Up @@ -1604,7 +1600,6 @@ workflows:
Ok(t, os.WriteFile(path, []byte(c.input), 0600))

globalCfgArgs := valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand Down Expand Up @@ -1711,7 +1706,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) {
"empty object": {
json: "{}",
exp: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand Down Expand Up @@ -1780,7 +1774,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) {
exp: valid.GlobalCfg{
Repos: []valid.Repo{
valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand All @@ -1803,7 +1796,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) {
},
Workflows: map[string]valid.Workflow{
"default": valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand All @@ -1829,7 +1821,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) {
t.Run(name, func(t *testing.T) {
pv := &config.ParserValidator{}
globalCfgArgs := valid.GlobalCfgArgs{
AllowRepoCfg: false,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
Expand Down Expand Up @@ -1894,10 +1885,10 @@ func TestParseRepoCfg_V2ShellParsing(t *testing.T) {

p := &config.ParserValidator{}
globalCfgArgs := valid.GlobalCfgArgs{
AllowRepoCfg: true,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
AllowAllRepoSettings: true,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
}
v2Cfg, err := p.ParseRepoCfg(v2Dir, valid.NewGlobalCfgFromArgs(globalCfgArgs), "", "")
if c.expV2Err != "" {
Expand All @@ -1908,10 +1899,10 @@ func TestParseRepoCfg_V2ShellParsing(t *testing.T) {
Equals(t, c.expV2, v2Cfg.Workflows["custom"].Apply.Steps[0].RunCommand)
}
globalCfgArgs = valid.GlobalCfgArgs{
AllowRepoCfg: true,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
AllowAllRepoSettings: true,
MergeableReq: false,
ApprovedReq: false,
UnDivergedReq: false,
}
v3Cfg, err := p.ParseRepoCfg(v3Dir, valid.NewGlobalCfgFromArgs(globalCfgArgs), "", "")
Ok(t, err)
Expand Down
48 changes: 12 additions & 36 deletions server/core/config/valid/global_cfg.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,42 +174,18 @@ var DefaultStateRmStage = Stage{
},
}

// Deprecated: use NewGlobalCfgFromArgs
func NewGlobalCfgWithHooks(allowRepoCfg bool, mergeableReq bool, approvedReq bool, unDivergedReq bool, preWorkflowHooks []*WorkflowHook, postWorkflowHooks []*WorkflowHook) GlobalCfg {
return NewGlobalCfgFromArgs(GlobalCfgArgs{
AllowRepoCfg: allowRepoCfg,
MergeableReq: mergeableReq,
ApprovedReq: approvedReq,
UnDivergedReq: unDivergedReq,
PreWorkflowHooks: preWorkflowHooks,
PostWorkflowHooks: postWorkflowHooks,
})
}

// NewGlobalCfg returns a global config that respects the parameters.
// allowRepoCfg is true if users want to allow repos full config functionality.
// mergeableReq is true if users want to set the mergeable apply requirement
// for all repos.
// approvedReq is true if users want to set the approved apply requirement
// for all repos.
// Deprecated: use NewGlobalCfgFromArgs
func NewGlobalCfg(allowRepoCfg bool, mergeableReq bool, approvedReq bool) GlobalCfg {
return NewGlobalCfgFromArgs(GlobalCfgArgs{
AllowRepoCfg: allowRepoCfg,
MergeableReq: mergeableReq,
ApprovedReq: approvedReq,
})
}

type GlobalCfgArgs struct {
RepoConfigFile string
AllowRepoCfg bool
MergeableReq bool
ApprovedReq bool
UnDivergedReq bool
PolicyCheckEnabled bool
PreWorkflowHooks []*WorkflowHook
PostWorkflowHooks []*WorkflowHook
RepoConfigFile string
// No longer a user option as of https://github.com/runatlantis/atlantis/pull/3911,
// but useful for tests to set to true to not require enumeration of allowed settings
// on the repo side
AllowAllRepoSettings bool
MergeableReq bool
ApprovedReq bool
UnDivergedReq bool
PolicyCheckEnabled bool
PreWorkflowHooks []*WorkflowHook
PostWorkflowHooks []*WorkflowHook
}

func NewGlobalCfgFromArgs(args GlobalCfgArgs) GlobalCfg {
Expand Down Expand Up @@ -245,7 +221,7 @@ func NewGlobalCfgFromArgs(args GlobalCfgArgs) GlobalCfg {
deleteSourceBranchOnMerge := false
repoLockingKey := true
customPolicyCheck := false
if args.AllowRepoCfg {
if args.AllowAllRepoSettings {
allowedOverrides = []string{PlanRequirementsKey, ApplyRequirementsKey, ImportRequirementsKey, WorkflowKey, DeleteSourceBranchOnMergeKey, RepoLockingKey, PolicyCheckKey}
allowCustomWorkflows = true
}
Expand Down
Loading

0 comments on commit 0d4e308

Please sign in to comment.