Repo not allowlisted with atlantis on AKS

[papanito]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

We are currently running 2 instances of atlantis on-prem. I migrated the first instance to AKS, which works fine. Now with the second instance to AKS I always get

Error: This repo is not allowlisted for Atlantis.

Interestingly all the instances use the same repo.yaml (deployed automatically from the same repo).

Reproduction Steps

1. add this config

   - id: /.*/
      apply_requirements: [approved, mergeable, undiverged]
      workflow: default
      allowed_overrides: [workflow]
      allow_custom_workflows: false
      delete_source_branch_on_merge: true
    - id: /.*/Platform/.*/
      apply_requirements: [approved, mergeable, undiverged]
      workflow: default-lego
      allowed_overrides: [workflow]
      allow_custom_workflows: false
      delete_source_branch_on_merge: true
      ...

2. Run atlantis plan

Logs

{"level":"info","ts":"2024-05-08T09:27:32.103Z","caller":"server/server.go:443","msg":"Utilizing BoltDB","json":{}}
2024-05-08T09:27:32.108609319Z {"level":"info","ts":"2024-05-08T09:27:32.108Z","caller":"policy/conftest_client.go:151","msg":"failed to get default conftest version. Will attempt request scoped lazy loads DEFAULT_CONFTEST_VERSION not set","json":{}}
2024-05-08T09:27:32.109053774Z {"level":"info","ts":"2024-05-08T09:27:32.108Z","caller":"server/server.go:974","msg":"Atlantis started - listening on port 4141","json":{}}
2024-05-08T09:27:32.109071327Z {"level":"info","ts":"2024-05-08T09:27:32.108Z","caller":"scheduled/executor_service.go:51","msg":"Scheduled Executor Service started","json":{}}
{"level":"info","ts":"2024-05-08T09:28:42.274Z","caller":"events/events_controller.go:550","msg":"parsed comment as command=\"plan\" verbose=false dir=\"\" workspace=\"\" project=\"\" policyset=\"\", clear-policy-approval=false, flags=\"\"","json":{}}
{"level":"error","ts":"2024-05-08T09:28:42.426Z","caller":"events/events_controller.go:747","msg":"Repo not allowlisted","json":{},"stacktrace":"github.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).respond\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:747\ngithub.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).HandleBitbucketServerCommentEvent\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:360\ngithub.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).handleBitbucketServerPost\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:257\ngithub.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).Post\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:131\nnet/http.HandlerFunc.ServeHTTP\n\tnet/http/server.go:2136\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\tgithub.com/gorilla/mux@v1.8.0/mux.go:210\ngithub.com/urfave/negroni/v3.(*Negroni).UseHandler.Wrap.func1\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:59\ngithub.com/urfave/negroni/v3.HandlerFunc.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:33\ngithub.com/urfave/negroni/v3.middleware.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:51\ngithub.com/runatlantis/atlantis/server.(*RequestLogger).ServeHTTP\n\tgithub.com/runatlantis/atlantis/server/middleware.go:70\ngithub.com/urfave/negroni/v3.middleware.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:51\ngithub.com/urfave/negroni/v3.(*Recovery).ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/recovery.go:210\ngithub.com/urfave/negroni/v3.middleware.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:51\ngithub.com/urfave/negroni/v3.(*Negroni).ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:111\nnet/http.serverHandler.ServeHTTP\n\tnet/http/server.go:2938\nnet/http.(*conn).serve\n\tnet/http/server.go:200
9"}

Environment details

• Atlantis version: 0.25.0
• Deployment method: helm
• If not running the latest Atlantis version have you tried to reproduce this issue on the latest version: NO
• Atlantis flags: -

Atlantis server-side config file:

   - id: /.*/
      apply_requirements: [approved, mergeable, undiverged]
      workflow: default
      allowed_overrides: [workflow]
      allow_custom_workflows: false
      delete_source_branch_on_merge: true
    - id: /.*/Platform/.*/
      apply_requirements: [approved, mergeable, undiverged]
      workflow: default-lego
      allowed_overrides: [workflow]
      allow_custom_workflows: false
      delete_source_branch_on_merge: true
      ...

Repo atlantis.yaml file:

version: 3
automerge: true
parallel_plan: false
delete_source_branch_on_merge: true
projects:
- name: local
  dir: local
  workflow: default
  autoplan:
    enabled: true
    when_modified: ["*.tf*", "*.yaml"]
...

Additional Context

[anryko]

The repo.yaml doesn't configure the repo allow-list. You have to pass an atlantis server command line argument or set an ENV var to set it up. Check the repo-allowlist docs.

[papanito]

Thanks @anryko