Title
#general
g

Gurpal Singh

09/07/2022, 1:14 PM
hi all, we currently use atlantis with out terragrunt repo. will this work with terragrunt? https://github.com/infracost/infracost-atlantis/
Tim (Infracost)

Tim (Infracost)

09/07/2022, 1:30 PM
Hi, yes integration should work. Please note the terragrunt specific section: https://github.com/infracost/infracost-atlantis/#terragrunt Let me know if that doesn’t work or if you run into any issues
g

Gurpal Singh

09/07/2022, 5:19 PM
@Tim (Infracost) hi tim this is my existing repos.yaml
repos:
  - id: "/.*/"
    apply_requirements: [approved, mergeable]
    pre_workflow_hooks:
      - run: terragrunt-atlantis-config generate --automerge --ignore-dependency-blocks --ignore-parent-terragrunt true --filter aws/accounts/ --autoplan --output atlantis.yaml
      - run: yq e -i '.projects[].autoplan.when_modified += "files"' atlantis.yaml
    workflow: terragrunt
workflows:
  terragrunt:
    plan:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt plan -input=false -out=$PLANFILE
        - run: direnv exec . terragrunt show -json $PLANFILE > $SHOWFILE
    apply:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt apply -input=false $PLANFILE
this is what it looks like after following the
README
repos:
  - id: "/.*/"
    apply_requirements: [approved, mergeable]
    pre_workflow_hooks:
      - run: |
        /tmp/infracost --version && [ $(/tmp/infracost --version 2>&1 | grep -c "A new version of Infracost is available") = 0 ] || \
          curl -L <https://infracost.io/downloads/v0.10/infracost-linux-amd64.tar.gz> --output infracost.tar.gz && \
          tar -xvf infracost.tar.gz && \
          mv infracost-linux-amd64 /tmp/infracost
      - run: terragrunt-atlantis-config generate --automerge --ignore-dependency-blocks --ignore-parent-terragrunt true --filter aws/accounts/ --autoplan --output atlantis.yaml
      - run: yq e -i '.projects[].autoplan.when_modified += "files"' atlantis.yaml
    workflow: terragrunt
workflows:
  terragrunt:
    plan:
      steps:
        - env:
            name: INFRACOST_OUTPUT
            command: 'echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\//-}-infracost.json"'
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt plan -input=false -out=$PLANFILE
        - run: direnv exec . terragrunt show -json $PLANFILE > $SHOWFILE
    apply:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - run: direnv-allow-all
        - run: direnv exec . terragrunt apply -input=false $PLANFILE
is that all i need to do ? 😒hocked_face_with_exploding_head:
5:25 PM
i don't understand the below section of the README
Also change references to the Infracost CLI invocation to /tmp/infracost
Tim (Infracost)

Tim (Infracost)

09/07/2022, 5:39 PM
Not quite, so it looks like you’re using your own atlantis image with the “Install in pre-workflow” method. So what you’ve done so far is install the infracost cli at /tmp/infracost and done the special terragrunt step. Now you need to add steps to process the $$SHOWFILE (that’s what
# Add custom steps here from the examples mentioned elsewhere in this readme
is trying to say). So if you need to pick how you want comments the comments to be handle (so an option from this table which points you to something in the examples dir). Assuming you have atlantis > 0.18.2 and you want to use the recommended option, you would go here to see how you would further modify your repos.yaml to run the infracost CLI to generate estimates and push them up to the comment.
5:43 PM
i don’t understand the below section of the README
Also change references to the Infracost CLI invocation to /tmp/infracost
When you’re copy the steps from the example you need to use
/tmp/infracost
to invoke the CLI wherever the example calls
infracost
. So instead of
infracost comment github …
you would write
/tmp/infracost comment github …
g

Gurpal Singh

09/07/2022, 5:43 PM
yes i'm running 0.19. will look at the recommended options instructions now
5:43 PM
@Tim (Infracost) if i self host, how do i pass the self hosted services url to infracost?
5:44 PM
i can't seen an ENV VAR for that
Tim (Infracost)

Tim (Infracost)

09/07/2022, 5:45 PM
you’re self hosting atlantis or infracost or something else?
g

Gurpal Singh

09/07/2022, 5:45 PM
i meant infracost.
Tim (Infracost)

Tim (Infracost)

09/07/2022, 5:46 PM
Yup, so if you look in those docs you’ll see the
INFRACOST_PRICING_API_ENDPOINT
env which tells the CLI to talk to your self hosted pricing api
g

Gurpal Singh

09/07/2022, 5:47 PM
INFRACOST_PRICING_API_ENDPOINT
5:47 PM
cool
5:47 PM
snap
5:47 PM
thanks
5:49 PM
so insetad of
- env:
          name: INFRACOST_ENABLE_CLOUD
          value: true
i can have
- env:
          name: INFRACOST_PRICING_API_ENDPOINT
          value: <http://mycustomendpoint.net>
Tim (Infracost)

Tim (Infracost)

09/07/2022, 5:54 PM
Those are actually independent, INFRACOST_ENABLE_CLOUD sends estimates up to our SaaS product so they appear in the dashboard (for managers or whoever). The INFRACOST_PRICING_API_ENDPOINT tells the CLI where to look up prices when building the estimates.
g

Gurpal Singh

09/07/2022, 5:54 PM
so to clarify, i need both?
Tim (Infracost)

Tim (Infracost)

09/07/2022, 5:56 PM
You need a pricing service (either ours or your self hosted one). You don’t need the cloud dashboard, you’ll still be able to push the estimates to PR comments with it disabled.
g

Gurpal Singh

09/07/2022, 5:56 PM
ahhhh!!!
5:56 PM
i see!
5:56 PM
got ya
8:07 PM
@Tim (Infracost) i'm getting a bit confused with the keys and the secrets. i ran
infracost configure get api_key
to get an api_key which my self hosted install needs to download the pricing data from the api. however, i don't know how i should pass this to the self hosted install that i'm deploying via the chart. i can see there is a value for
infracostAPIKey
but it's a string value and i don't really want it in plaintext on github. i can see this value
api.existingSecretSelfHostedAPIKey
but i'm not sure if that's something else?
9:17 PM
as well as the above questions, i have another: i have created a secret with my desired postgresql password. does the key of that password value in the secret need to be set to something specific?
9:47 PM
unless i'm being really stupid it seems like the naming of the secrets is very confusing. there doesn't seem to be clear differentations between the cloudpricing api key and the infracosts api key
9:50 PM
for example, shouldn't this value:
api.selfHostedInfracostAPIKey
be called
api.selfHostedCloudPricingAPIKey
9:51 PM
according to the docs here: https://www.infracost.io/docs/cloud_pricing_api/self_hosted/ the cloud pricing API is the bit that can be self hosted. not the infracosts api.
Tim (Infracost)

Tim (Infracost)

09/07/2022, 9:53 PM
hey let me see if I can explain. When you’re not self hosting, you need to give the infracost cli an API key that it passes to the (non-selfhosted) cloud pricing api. That’s the key you get when you run
infracost auth login
.
9:56 PM
When you run a self hosted cloud pricing api, the infracost CLIs need to pass an API key to your self hosted cloud pricing API. For simplicity you define the key for your clients to use in the config, then give it to whoever is running the infracost CLI. It’s really just a basic thing to prevent random people from querying your self hosted cloud pricing API.
9:57 PM
So that is one you just make up yourself and treat it like a shared secret between self hosted api and your CLIs.
9:59 PM
The self hosted API also needs to download bulk pricing data from the infracost hosted cloud pricing api, and to do that you need an infracost issued (via
infracost auth login
) API key.
10:00 PM
That API key is used to download an initial db dump of all the prices, and I think the docs recommend setting up a weekly job to keep up with any price changes.
g

Gurpal Singh

09/07/2022, 11:07 PM
yeah thanks for the explanation. do you have any idea on my questions around the chart values? i.e which value should I be using if I want to provide the infracost issued API key (
infracost auth login
)to the self hosted API, via a k8s secret and not a string?
11:08 PM
does the chart automatically create and manage the key for the cli? which I then need to pass to the Atlantis container?
11:09 PM
plus the other question about the postgres password
11:10 PM
many thanks for your help so far
Tim (Infracost)

Tim (Infracost)

09/08/2022, 1:23 AM
So
SELF_HOSTED_INFRACOST_API_KEY
is the api key that CLIs should be using to connect. That can be set by either
selfHostedInfracostAPIKey
as a string, or if you want to use a secret with
existingSecretSelfHostedAPIKey
or, per the readme, “If left empty, the helm chat will generate one for you.“.
infracostAPIKey
is used to download the pricing data, it don’t see a way to provide that as a secret. I’m not 100% certain on the postgres password, @Alistair (Infracost) may have an idea.
Alistair (Infracost)

Alistair (Infracost)

09/08/2022, 6:55 AM
i have created a secret with my desired postgresql password.
does the key of that password value in the secret need to be set to something specific?
It should be
postgresql-password
(link to helm chart section)
g

Gurpal Singh

09/08/2022, 9:28 AM
@Alistair (Infracost) @Tim (Infracost) cheers. can you confirm you there is no way for me to provide the
infracostAPIKey
as a k8s secret?
9:30 AM
if not, what perms does that key have, other than being able to download pricing data? i'd rather not have it in plaintext in our github repo.
9:48 AM
what about
existingSecretAPIKey
?
Alistair (Infracost)

Alistair (Infracost)

09/08/2022, 9:48 AM
you can set the
existingSecretAPIKey
value
9:48 AM
Yeah, if it has a key with
infracost-api-key
in it, it should work
g

Gurpal Singh

09/08/2022, 9:49 AM
awesome!