cloudposse · aknysh · Jan 10, 2025 · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025
@@ -94,6 +94,16 @@ func ExecuteHelmfile(info schema.ConfigAndStacksInfo) error {
 			"by 'metadata.type: abstract' attribute", filepath.Join(info.ComponentFolderPrefix, info.Component))
 	}
 
+	// Check if the component is locked (`metadata.locked` is set to true)
+	if info.ComponentIsLocked {
+		// Allow read-only commands, block modification commands
+		switch info.SubCommand {
+		case "sync", "apply", "deploy", "delete", "destroy":
+			return fmt.Errorf("component '%s' is locked and cannot be modified (metadata.locked = true)",
+				filepath.Join(info.ComponentFolderPrefix, info.Component))
+		}
+	}
+
 	// Print component variables
 	u.LogDebug(atmosConfig, fmt.Sprintf("\nVariables for the component '%s' in the stack '%s':", info.ComponentFromArg, info.Stack))
 

@@ -349,6 +349,10 @@
           "description": "Custom configuration per component, not inherited by derived components",
           "additionalProperties": true,
           "title": "custom"
+        },
+        "locked": {
+          "type": "boolean",
+          "description": "Flag to lock the component and prevent modifications while allowing read operations"
         }
       },
       "required": [],

@@ -55,14 +55,15 @@ func BuildTerraformWorkspace(atmosConfig schema.AtmosConfiguration, configAndSta
 }
 
 // ProcessComponentMetadata processes component metadata and returns a base component (if any) and whether
-// the component is real or abstract and whether the component is disabled or not
+// the component is real or abstract and whether the component is disabled or not and whether the component is locked
 func ProcessComponentMetadata(
 	component string,
 	componentSection map[string]any,
-) (map[string]any, string, bool, bool) {
+) (map[string]any, string, bool, bool, bool) {
 	baseComponentName := ""
 	componentIsAbstract := false
 	componentIsEnabled := true
+	componentIsLocked := false
 	var componentMetadata map[string]any
 
 	// Find base component in the `component` attribute
@@ -82,6 +83,11 @@ func ProcessComponentMetadata(
 				componentIsEnabled = false
 			}
 		}
+		if lockedValue, exists := componentMetadata["locked"]; exists {
+			if locked, ok := lockedValue.(bool); ok && locked {
+				componentIsLocked = true
+			}
+		}
 		// Find base component in the `metadata.component` attribute
 		// `metadata.component` overrides `component`
 		if componentMetadataComponent, componentMetadataComponentExists := componentMetadata[cfg.ComponentSectionName].(string); componentMetadataComponentExists {
@@ -94,7 +100,7 @@ func ProcessComponentMetadata(
 		baseComponentName = ""
 	}
 
-	return componentMetadata, baseComponentName, componentIsAbstract, componentIsEnabled
+	return componentMetadata, baseComponentName, componentIsAbstract, componentIsEnabled, componentIsLocked
 }
 
 // BuildDependentStackNameFromDependsOnLegacy builds the dependent stack name from "settings.spacelift.depends_on" config

@@ -173,6 +173,16 @@ func ExecuteTerraform(info schema.ConfigAndStacksInfo) error {
 			"by 'metadata.type: abstract' attribute", filepath.Join(info.ComponentFolderPrefix, info.Component))
 	}
 
+	// Check if the component is locked (`metadata.locked` is set to true)
+	if info.ComponentIsLocked {
+		// Allow read-only commands, block modification commands
+		switch info.SubCommand {
+		case "apply", "deploy", "destroy", "import", "state", "taint", "untaint":
+			return fmt.Errorf("component '%s' is locked and cannot be modified (metadata.locked = true)",
+				filepath.Join(info.ComponentFolderPrefix, info.Component))
+		}
+	}
+
 	if info.SubCommand == "clean" {
 		err := handleCleanSubCommand(info, componentPath, atmosConfig)
 		if err != nil {

@@ -153,8 +153,9 @@ func ProcessComponentConfig(
 	}
 
 	// Process component metadata and find a base component (if any) and whether the component is real or abstract
-	componentMetadata, baseComponentName, componentIsAbstract, componentIsEnabled := ProcessComponentMetadata(component, componentSection)
+	componentMetadata, baseComponentName, componentIsAbstract, componentIsEnabled, componentIsLocked := ProcessComponentMetadata(component, componentSection)
 	configAndStacksInfo.ComponentIsEnabled = componentIsEnabled
+	configAndStacksInfo.ComponentIsLocked = componentIsLocked
 
 	// Remove the ENV vars that are set to `null` in the `env` section.
 	// Setting an ENV var to `null` in stack config has the effect of unsetting it
@@ -610,9 +611,10 @@ func ProcessStacks(
 	configAndStacksInfo.ComponentEnvList = u.ConvertEnvVars(configAndStacksInfo.ComponentEnvSection)
 
 	// Process component metadata
-	_, baseComponentName, _, componentIsEnabled := ProcessComponentMetadata(configAndStacksInfo.ComponentFromArg, configAndStacksInfo.ComponentSection)
+	_, baseComponentName, _, componentIsEnabled, componentIsLocked := ProcessComponentMetadata(configAndStacksInfo.ComponentFromArg, configAndStacksInfo.ComponentSection)
 	configAndStacksInfo.BaseComponentPath = baseComponentName
 	configAndStacksInfo.ComponentIsEnabled = componentIsEnabled
+	configAndStacksInfo.ComponentIsLocked = componentIsLocked
 
 	// Process component path and name
 	configAndStacksInfo.ComponentFolderPrefix = ""

@@ -242,6 +242,7 @@ type ConfigAndStacksInfo struct {
 	NeedHelp                      bool
 	ComponentIsAbstract           bool
 	ComponentIsEnabled            bool
+	ComponentIsLocked             bool
 	ComponentMetadataSection      AtmosSectionMapType
 	TerraformWorkspace            string
 	JsonSchemaDir                 string

@@ -172,7 +172,7 @@ func TransformStackConfigToSpaceliftStacks(
 					}
 
 					// Process component metadata and find a base component (if any) and whether the component is real or abstract
-					componentMetadata, baseComponentName, componentIsAbstract, componentIsEnabled := e.ProcessComponentMetadata(component, componentMap)
+					componentMetadata, baseComponentName, componentIsAbstract, componentIsEnabled, _ := e.ProcessComponentMetadata(component, componentMap)
 
 					if componentIsAbstract || !componentIsEnabled {
 						continue

@@ -0,0 +1,50 @@
+# Example Terraform Weather Component
+
+This Terraform "root" module fetches weather information for a specified location with custom display options.
+It queries data from the [`wttr.in`](https://wttr.in) weather service and stores the result in a local file (`cache.txt`). 
+It also provides several outputs like weather information, request URL, stage, location, language, and units of measurement.
+
+## Features
+
+- Fetch weather updates for a location using HTTP request.
+- Write the obtained weather data in a local file.
+- Customizable display options.
+- View the request URL.
+- Get informed about the stage, location, language, and units in the metadata.
+
+## Usage
+
+To include this module in your [Atmos Stacks](https://atmos.tools/core-concepts/stacks) configuration:
+
+```yaml
+components:
+  terraform:
+    weather:
+      vars:
+        stage: dev
+        location: New York
+        options: 0T
+        format: v2
+        lang: en
+        units: m
+```
+
+### Inputs
+- `stage`: Stage where it will be deployed.
+- `location`: Location for which the weather is reported. Default is "Los Angeles".
+- `options`: Options to customize the output. Default is "0T".
+- `format`: Specifies the output format. Default is "v2".
+- `lang`: Language in which the weather will be displayed. Default is "en".
+- `units`: Units in which the weather will be displayed. Default is "m".
+
+### Outputs
+- `weather`: The fetched weather data.
+- `url`: Requested URL.
+- `stage`: Stage of deployment.
+- `location`: Location of the reported weather.
+- `lang`: Language used for weather data.
+- `units`: Units of measurement for the weather data.
+
+Please note, this module requires Terraform version >=1.0.0, and you need to specify no other required providers.
+
+Happy Weather Tracking!
@@ -0,0 +1,22 @@
+locals {
+  url = format("https://wttr.in/%v?%v&format=%v&lang=%v&u=%v",
+    urlencode(var.location),
+    urlencode(var.options),
+    urlencode(var.format),
+    urlencode(var.lang),
+    urlencode(var.units),
+  )
+}
+
+data "http" "weather" {
+  url = local.url
+  request_headers = {
+    User-Agent = "curl"
+  }
+}
+
+# Now write this to a file (as an example of a resource)
+resource "local_file" "cache" {
+  filename = "cache.${var.stage}.txt"
+  content  = data.http.weather.response_body
+}
@@ -0,0 +1,27 @@
+output "weather" {
+  value = data.http.weather.response_body
+}
+
+output "url" {
+  value = local.url
+}
+
+output "stage" {
+  value       = var.stage
+  description = "Stage where it was deployed"
+}
+
+output "location" {
+  value       = var.location
+  description = "Location of the weather report."
+}
+
+output "lang" {
+  value       = var.lang
+  description = "Language which the weather is displayed."
+}
+
+output "units" {
+  value       = var.units
+  description = "Units the weather is displayed."
+}
@@ -0,0 +1,34 @@
+variable "stage" {
+  description = "Stage where it will be deployed"
+  type        = string
+}
+
+variable "location" {
+  description = "Location for which the weather."
+  type        = string
+  default     = "Los Angeles"
+}
+
+variable "options" {
+  description = "Options to customize the output."
+  type        = string
+  default     = "0T"
+}
+
+variable "format" {
+  description = "Format of the output."
+  type        = string
+  default     = "v2"
+}
+
+variable "lang" {
+  description = "Language in which the weather is displayed."
+  type        = string
+  default     = "en"
+}
+
+variable "units" {
+  description = "Units in which the weather is displayed."
+  type        = string
+  default     = "m"
+}
@@ -0,0 +1,5 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {}
+}
@@ -0,0 +1,10 @@
+**/.terraform/**
+**/.terraform.lock.hcl
+**/.terraform.tfstate/**
+**/.terraform.tfstate.backup/**
+**/*.tfvars.json
+**/*.planfile
+**/terraform.tfstate
+**/terraform.tfstate.backup
+**/terraform.tfstate.d/**
+**/cache.*.txt
@@ -0,0 +1,21 @@
+base_path: "./"
+
+components:
+  terraform:
+    base_path: "../../components/terraform"
+    apply_auto_approve: false
+    deploy_run_init: true
+    init_run_reconfigure: true
+    auto_generate_backend_file: false
+
+stacks:
+  base_path: "stacks"
+  included_paths:
+    - "deploy/**/*"
+  excluded_paths:
+    - "**/_defaults.yaml"
+  name_pattern: "{stage}"
+
+logs:
+  file: "/dev/stderr"
+  level: Info
@@ -0,0 +1,11 @@
+# yaml-language-server: $schema=https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json
+
+components:
+  terraform:
+    myapp:
+      vars:
+        location: Los Angeles
+        lang: en
+        format: ''
+        options: '0'
+        units: m
@@ -0,0 +1,14 @@
+# yaml-language-server: $schema=https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json
+
+vars:
+  stage: nonprod
+
+import:
+  - catalog/myapp
+
+components:
+  terraform:
+    myapp:
+      vars:
+        location: Stockholm
+        lang: se
@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json
+
+vars:
+  stage: prod
+
+import:
+  - catalog/myapp
+
+components:
+  terraform:
+    myapp:
+      metadata:
+        locked: true
+      vars:
+        location: Los Angeles
+        lang: en
@@ -349,6 +349,10 @@
           "description": "Custom configuration per component, not inherited by derived components",
           "additionalProperties": true,
           "title": "custom"
+        },
+        "locked": {
+          "type": "boolean",
+          "description": "Flag to lock the component and prevent modifications while allowing read operations"
         }
       },
       "required": [],