allowed_regexp_prefixes parameter is you use --enable-regexp-cmd

[ivanilves]

First, thank you for this awesome software! 🎉

Issue

If we use --enable-regexp-cmd flag in Atlantis, it would be nice to have such parameter in repository atlantis.yaml:

allowed_regexp_prefixes:
  - dev/
  - staging/

to allow, for example, execution of atlantis apply -p dev/.* and atlantis apply -p staging/.*, but don't allow any other regex matches, for safety and security reasons. It should be relatively easy to implement. WDYT? Any contradictions for this? 🙂

Thank you!

[ivanilves]

Another way could be making an analog of --disable-apply-all flag, but per-project.

Like, enabling atlantis apply globally, but having some flag like disable_apply_all: true or skip_apply_all: true for the particular sensitive projects, which we would like to apply only explicitly (boolean flags are usually easier to implement):

  - name: service/prod
    dir: service/prod
    disable_apply_all: true
    terraform_version: v1.0.3
    apply_requirements: [approved, mergeable]
    autoplan:
      enabled: true
      when_modified:
        - "*.tf"
        - "../dependency/*.tf"

[bmbferreira]

@chenrui333 I think this issue can now be closed! 🥳 thank you!

[ivanilves]

Thank you @bmbferreira 👏