atlantis import does not set terraform.workspace

[drmaciej]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

When using atlantis import, it looks like the workspace is not set correctly.

Reproduction Steps

Here's a sample Route53 record I am trying to import (I have created it manually in the Route53 console):

resource "aws_route53_record" "txt_drmaciej_example_com" {
  count   = terraform.workspace == "ops" ? 1 : 0
  zone_id = "123456789"
  name    = "drmaciej.example.com"
  type    = "TXT"
  ttl     = 300
  records = ["drmaciej"]
}

I have tried importing using atlantis import -p route53-ops aws_route53_record.txt_drmaciej_example_com[0] 123456789_drmaciej.example.com_TXT and atlantis import -d route53 -w ops 'aws_route53_record.txt_drmaciej_example_com[0]' 123456789_drmaciej.example.com_TXT.

Both attempts fail when my code does a lookup based on terraform.workspace. Atlantis actually logs Ran Import for project: route53-ops dir: route53 workspace: ops but then terraform fails with (partial output):

│ Error: Invalid index
│     │ terraform.workspace is "default"
│ The given key does not identify an element in this collection value.

plan still works fine.

Environment details

v0.22.1, on k8s, with

- name: ATLANTIS_ALLOW_COMMANDS
  value: "version,plan,apply,unlock,approve_policies,import"

In the actual repo:

  - name: route53-ops
    dir: ./route53
    workspace: ops
    terraform_version: v1.1.7
    autoplan:
      when_modified: [ "*.tf", "*.tfvars", "templates/*", ".terraform-version", "../modules/**/*.tf" ]
      enabled: true

[drmaciej]

Note: upon further investigation, I think this happened because the plan for that workspace had not yet completed. After a successful plan, I was able to import, but without any approvals.
Approval was required for apply to happen. This leads me to believe I need to explicitly set import_requirements.

[drmaciej]

Note2: import_requirements does the trick, but in an approved PR I get

Ran Import for project: route53-ops dir: route53 workspace: ops

Import Failed: Pull request must be approved by at least one person other than the author before running import.

Server logs:

{"level":"error","ts":"2023-01-05T04:27:39.343Z","caller":"events/instrumented_project_command_runner.go:78","msg":"Failure running import operation: Pull reques
t must be approved by at least one person other than the author before running import.","json":{"repo":"***/***","pull":"292"},"stacktrace"
:"github.com/runatlantis/atlantis/server/events.RunAndEmitStats\n\tgit.luolix.top/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:78\ngithu
b.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandRunner).Import\n\tgit.luolix.top/runatlantis/atlantis/server/events/instrumented_project_command
_runner.go:53\ngit.luolix.top/runatlantis/atlantis/server/events.runProjectCmds\n\tgit.luolix.top/runatlantis/atlantis/server/events/project_command_pool_executor.go:48\
ngit.luolix.top/runatlantis/atlantis/server/events.(*ImportCommandRunner).Run\n\tgit.luolix.top/runatlantis/atlantis/server/events/import_command_runner.go:41\ngithub.co
m/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunCommentCommand\n\tgit.luolix.top/runatlantis/atlantis/server/events/command_runner.go:296"}

apply works and does not complain about missing approval, so there seems to be a discrepancy between how apply & import check for approval.

[krrrr38]

Thank you for trying import feature and raise a issue. I will check the behaviour.

[krrrr38]

Note2: import_requirements
there seems to be a discrepancy between how apply & import check for approval.

reason

• apply_command_runner set ctx.PullRequestStatus

  • atlantis/server/events/apply_command_runner.go

    Lines 103 to 115 in b1b0b89

    	// Get the mergeable status before we set any build statuses of our own.
    	// We do this here because when we set a "Pending" status, if users have
    	// required the Atlantis status checks to pass, then we've now changed
    	// the mergeability status of the pull request.
    	// This sets the approved, mergeable, and sqlocked status in the context.
    	ctx.PullRequestStatus, err = a.pullReqStatusFetcher.FetchPullStatus(baseRepo, pull, a.VCSStatusName)
    	if err != nil {
    	// On error we continue the request with mergeable assumed false.
    	// We want to continue because not all apply's will need this status,
    	// only if they rely on the mergeability requirement.
    	// All PullRequestStatus fields are set to false by default when error.
    	ctx.Log.Warn("unable to get pull request status: %s. Continuing with mergeable and approved assumed false", err)
    	}

• but import_command_runner doesn't do it

  • atlantis/server/events/import_command_runner.go

    Lines 25 to 44 in b1b0b89

    	func (v *ImportCommandRunner) Run(ctx *command.Context, cmd *CommentCommand) {
    	var err error
    	var projectCmds []command.ProjectContext
    	projectCmds, err = v.prjCmdBuilder.BuildImportCommands(ctx, cmd)
    	if err != nil {
    	ctx.Log.Warn("Error %s", err)
    	}
    	var result command.Result
    	if len(projectCmds) > 1 {
    	// There is no usecase to kick terraform import into multiple projects.
    	// To avoid incorrect import, suppress to execute terraform import in multiple projects.
    	result = command.Result{
    	Failure: "import cannot run on multiple projects. please specify one project.",
    	}
    	} else {
    	result = runProjectCmds(projectCmds, v.prjCmdRunner.Import)
    	}
    	v.pullUpdater.updatePull(ctx, cmd, result)
    	}

[krrrr38]

import_requirements is another issue, so move into #2933

[krrrr38]

I'm trying to reproduce the issue, but it works fine with following diff.

https://github.com/runatlantis/atlantis/pull/2932/files

atlantis import -d dir1 -w ops 'random_id.dummy1[0]' AA

resource "random_id" "dummy1" {
  count = terraform.workspace == "ops" ? 1 : 0

  keepers     = {}
  byte_length = 1
}

@drmaciej If you notice something is invalid in my reproduce step, let me know.

---

Atlantis actually logs Ran Import for project: route53-ops dir: route53 workspace: ops but then terraform fails with (partial output):

If atlantis says workspace: ops, I'm not sure why terraform says workspace error 🤔

[krrrr38]

ah, I got the issue and fix it soon.

[drmaciej]

@krrrr38 sounds great, thanks!