Title
w
worried-soccer-67640
09/07/2022, 1:14 PMhi all, we currently use atlantis with out terragrunt repo.
will this work with terragrunt? https://github.com/infracost/infracost-atlantis/
c
crooked-daybreak-55253
09/07/2022, 1:30 PMHi, yes integration should work. Please note the terragrunt specific section: https://github.com/infracost/infracost-atlantis/#terragrunt
Let me know if that doesn’t work or if you run into any issues
w
worried-soccer-67640
09/07/2022, 5:19 PM@crooked-daybreak-55253 hi tim
this is my existing repos.yaml
repos:
- id: "/.*/"
apply_requirements: [approved, mergeable]
pre_workflow_hooks:
- run: terragrunt-atlantis-config generate --automerge --ignore-dependency-blocks --ignore-parent-terragrunt true --filter aws/accounts/ --autoplan --output atlantis.yaml
- run: yq e -i '.projects[].autoplan.when_modified += "files"' atlantis.yaml
workflow: terragrunt
workflows:
terragrunt:
plan:
steps:
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- run: direnv-allow-all
- run: direnv exec . terragrunt plan -input=false -out=$PLANFILE
- run: direnv exec . terragrunt show -json $PLANFILE > $SHOWFILE
apply:
steps:
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- run: direnv-allow-all
- run: direnv exec . terragrunt apply -input=false $PLANFILEREADMErepos:
- id: "/.*/"
apply_requirements: [approved, mergeable]
pre_workflow_hooks:
- run: |
/tmp/infracost --version && [ $(/tmp/infracost --version 2>&1 | grep -c "A new version of Infracost is available") = 0 ] || \
curl -L <https://infracost.io/downloads/v0.10/infracost-linux-amd64.tar.gz> --output infracost.tar.gz && \
tar -xvf infracost.tar.gz && \
mv infracost-linux-amd64 /tmp/infracost
- run: terragrunt-atlantis-config generate --automerge --ignore-dependency-blocks --ignore-parent-terragrunt true --filter aws/accounts/ --autoplan --output atlantis.yaml
- run: yq e -i '.projects[].autoplan.when_modified += "files"' atlantis.yaml
workflow: terragrunt
workflows:
terragrunt:
plan:
steps:
- env:
name: INFRACOST_OUTPUT
command: 'echo "/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\//-}-infracost.json"'
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- run: direnv-allow-all
- run: direnv exec . terragrunt plan -input=false -out=$PLANFILE
- run: direnv exec . terragrunt show -json $PLANFILE > $SHOWFILE
apply:
steps:
- env:
name: TERRAGRUNT_TFPATH
command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
- run: direnv-allow-all
- run: direnv exec . terragrunt apply -input=false $PLANFILEi don't understand the below section of the README
Also change references to the Infracost CLI invocation to /tmp/infracostc
crooked-daybreak-55253
09/07/2022, 5:39 PMNot quite, so it looks like you’re using your own atlantis image with the “Install in pre-workflow” method. So what you’ve done so far is install the infracost cli at /tmp/infracost and done the special terragrunt step.
Now you need to add steps to process the $$SHOWFILE (that’s what
# Add custom steps here from the examples mentioned elsewhere in this readmei don’t understand the below section of the README
When you’re copy the steps from the example you need to useAlso change references to the Infracost CLI invocation to /tmp/infracost
/tmp/infracostinfracostinfracost comment github …/tmp/infracost comment github …w
worried-soccer-67640
09/07/2022, 5:43 PMyes i'm running 0.19.
will look at the recommended options instructions now
@crooked-daybreak-55253 if i self host, how do i pass the self hosted services url to infracost?
i can't seen an ENV VAR for that
c
crooked-daybreak-55253
09/07/2022, 5:45 PMyou’re self hosting atlantis or infracost or something else?
w
worried-soccer-67640
09/07/2022, 5:45 PMi meant infracost.
i want to use this: https://www.infracost.io/docs/cloud_pricing_api/self_hosted/
c
crooked-daybreak-55253
09/07/2022, 5:46 PMYup, so if you look in those docs you’ll see the
INFRACOST_PRICING_API_ENDPOINTw
worried-soccer-67640
09/07/2022, 5:47 PMINFRACOST_PRICING_API_ENDPOINTcool
snap
thanks
so insetad of
- env:
name: INFRACOST_ENABLE_CLOUD
value: true- env:
name: INFRACOST_PRICING_API_ENDPOINT
value: <http://mycustomendpoint.net>c
crooked-daybreak-55253
09/07/2022, 5:54 PMThose are actually independent, INFRACOST_ENABLE_CLOUD sends estimates up to our SaaS product so they appear in the dashboard (for managers or whoever). The INFRACOST_PRICING_API_ENDPOINT tells the CLI where to look up prices when building the estimates.
w
worried-soccer-67640
09/07/2022, 5:54 PMso to clarify, i need both?
c
crooked-daybreak-55253
09/07/2022, 5:56 PMYou need a pricing service (either ours or your self hosted one). You don’t need the cloud dashboard, you’ll still be able to push the estimates to PR comments with it disabled.
w
worried-soccer-67640
09/07/2022, 5:56 PMahhhh!!!
i see!
got ya
@crooked-daybreak-55253 i'm getting a bit confused with the keys and the secrets.
i ran
infracost configure get api_keyinfracostAPIKeyapi.existingSecretSelfHostedAPIKeyas well as the above questions, i have another:
i have created a secret with my desired postgresql password.
does the key of that password value in the secret need to be set to something specific?
unless i'm being really stupid it seems like the naming of the secrets is very confusing.
there doesn't seem to be clear differentations between the cloudpricing api key and the infracosts api key
for example, shouldn't this value:
api.selfHostedInfracostAPIKeyapi.selfHostedCloudPricingAPIKeyaccording to the docs here: https://www.infracost.io/docs/cloud_pricing_api/self_hosted/ the cloud pricing API is the bit that can be self hosted. not the infracosts api.
c
crooked-daybreak-55253
09/07/2022, 9:53 PMhey let me see if I can explain. When you’re not self hosting, you need to give the infracost cli an API key that it passes to the (non-selfhosted) cloud pricing api. That’s the key you get when you run
infracost auth loginWhen you run a self hosted cloud pricing api, the infracost CLIs need to pass an API key to your self hosted cloud pricing API. For simplicity you define the key for your clients to use in the config, then give it to whoever is running the infracost CLI. It’s really just a basic thing to prevent random people from querying your self hosted cloud pricing API.
So that is one you just make up yourself and treat it like a shared secret between self hosted api and your CLIs.
The self hosted API also needs to download bulk pricing data from the infracost hosted cloud pricing api, and to do that you need an infracost issued (via
infracost auth loginThat API key is used to download an initial db dump of all the prices, and I think the docs recommend setting up a weekly job to keep up with any price changes.
w
worried-soccer-67640
09/07/2022, 11:07 PMyeah thanks for the explanation. do you have any idea on my questions around the chart values? i.e which value should I be using if I want to provide the infracost issued API key (
infracost auth logindoes the chart automatically create and manage the key for the cli? which I then need to pass to the Atlantis container?
plus the other question about the postgres password
many thanks for your help so far
c
crooked-daybreak-55253
09/08/2022, 1:23 AMSo
SELF_HOSTED_INFRACOST_API_KEYselfHostedInfracostAPIKeyexistingSecretSelfHostedAPIKeyinfracostAPIKeyl
little-author-61621
09/08/2022, 6:55 AMi have created a secret with my desired postgresql password.
does the key of that password value in the secret need to be set to something specific?It should be
postgresql-passwordw
worried-soccer-67640
09/08/2022, 9:28 AM@little-author-61621 @crooked-daybreak-55253 cheers.
can you confirm you there is no way for me to provide the
infracostAPIKeyif not, what perms does that key have, other than being able to download pricing data? i'd rather not have it in plaintext in our github repo.
what about
existingSecretAPIKeyl
little-author-61621
09/08/2022, 9:48 AMyou can set the
existingSecretAPIKeyYeah, if it has a key with
infracost-api-keyw
worried-soccer-67640
09/08/2022, 9:49 AMawesome!