Improve Atmos Auth

[aknysh]

what

• Code Refactoring: Extracted common component processing logic into reusable helper functions, eliminating ~991 lines of duplicated code
• Auth Section Deep-Merging: Implemented complete deep-merge support for auth section following the same hierarchy as vars/env/settings:
  • Global → Component-Type-Specific → Base Component → Component → Overrides
  • Supports all three component types: Terraform, Helmfile, and Packer
  • Consistent with existing section merge behavior
• Comprehensive Testing: Created extensive test coverage for all new helper functions with 29 test cases

why

• The ProcessStackConfig function contained nearly identical logic repeated 3 times for Terraform, Helmfile, and Packer components
• This duplication made the codebase harder to maintain, more error-prone, and difficult to extend
• The auth section needed proper deep-merge support to enable hierarchical authentication configuration across the stack
• Centralized logic improves code quality, maintainability, and makes future enhancements easier
• Better test coverage ensures reliability and prevents regressions

changes

Auth Section Deep-Merge Implementation

Merge Hierarchy

The auth section now merges through the complete hierarchy (later values override earlier ones):

1. Global auth (auth: at stack root)
2. Component-type-specific auth (terraform.auth:, helmfile.auth:, or packer.auth:)
3. Base component auth (from component: inheritance)
4. Component auth (component-specific auth:)
5. Component overrides auth (overrides.auth:)

Test Coverage

• All existing test cases updated with auth fields
• Auth assertion added to test validation
• Tests verify auth merges correctly through the hierarchy
• ✅ All tests passing

Comprehensive test coverage with:

• TestProcessComponent

  • Terraform component with all sections
  • Helmfile component without Terraform-specific sections
  • Packer component
  • Component with overrides
  • Component with inheritance
  • Invalid configuration error cases

• TestProcessTerraformBackend

  • S3, GCS, Azure backend processing
  • Base component name handling
  • Backend type precedence
  • Path normalization (component names with slashes)

• TestProcessTerraformRemoteStateBackend

  • Inheritance from backend type
  • Type precedence rules
  • Section merging

• TestMergeComponentConfigurations

  • All component types (Terraform, Helmfile, Packer)
  • Base component handling
  • Abstract component special processing
  • Auth section merging validation

• TestProcessAuthConfig

  • Auth configuration merging

testing

Test Results

✅ All new test cases pass
✅ All auth merging tests pass

Test Quality

• Table-driven test pattern
• Real behavior testing (not stub/tautological)
• Comprehensive coverage of happy paths and error cases
• Clear test names describing expected behavior
• Proper error validation
• Auth section merge hierarchy fully tested

Auth Section Usage Examples

# Stack manifest: stacks/catalog/vpc.yaml

# Global auth (applies to all components)
auth:
  aws:
    profile: default-profile
    region: us-east-1

# Terraform-specific auth (applies to all Terraform components)
terraform:
  auth:
    aws:
      profile: terraform-profile

components:
  terraform:
    vpc:
      # Component-specific auth
      auth:
        aws:
          profile: vpc-specific-profile

Result: The final merged auth for the vpc component will be:

auth:
  aws:
    profile: vpc-specific-profile  # From vpc.auth (highest precedence)
    region: us-east-1              # From global auth (merged in)

# Stack manifest: stacks/catalog/vpc.yaml

# Global auth (applies to all components)
auth:
  aws:
    profile: default-profile
    region: us-east-1

# Terraform-specific auth (applies to all Terraform components)
terraform:
  auth:
    aws:
      profile: terraform-profile

components:
  terraform:
    vpc:
      # Component-specific auth
      auth:
        aws:
          profile: vpc-specific-profile
      
# Override auth takes highest precedence
overrides:
  auth:
    aws:
      profile: override-profile

Result: The final merged auth for the vpc component will be:

auth:
  aws:
    profile: override-profile  # From overrides.auth (highest precedence)
    region: us-east-1          # From global auth (merged in)

notes

✅ Auth deep-merge implementation complete

• Full hierarchy support: Global → Component-Type → Base → Component → Overrides
• Consistent with vars/env/settings merge behavior
• All errors properly wrapped with static errors
• Comprehensive test coverage

Current status:

• ✅ Code refactoring complete
• ✅ Auth section deep-merge complete
• ✅ Test coverage complete
• ✅ Error wrapping complete
• ✅ Backward compatibility verified

Summary by CodeRabbit

• New Features

  • Richer stack/component processing: deeper merges for vars/settings/env/auth, base-component auth support, inheritance and overrides resolution, and unified per-stack component assembly.
  • Terraform backend & remote-state handling with sensible defaults and generated state keys for S3/GCS/Azure.

• Improvements

  • More granular, standardized error signaling for invalid manifest sections and clearer provenance for imports.
  • New utilities to process stack manifests and query component relationships.

• Chores

  • Dependency version bumps for stability.

• Tests

  • Expanded unit test coverage across stack processing, merging, inheritance, overrides, and backend resolution.

[mergify]

Warning

This PR exceeds the recommended limit of 1,000 lines.

Large PRs are difficult to review and may be rejected due to their size.

Please verify that this PR does not address multiple issues.
Consider refactoring it into smaller, more focused PRs to facilitate a smoother review process.

[github-advanced-security]

golangci-lint found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[codecov]

Codecov Report

❌ Patch coverage is 81.53974% with 223 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.53%. Comparing base (aefb2b3) to head (a43609c).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/exec/stack_processor_process_stacks.go	86.01%	36 Missing and 18 partials ⚠️
internal/exec/stack_processor_utils.go	73.96%	34 Missing and 10 partials ⚠️
internal/exec/stack_processor_merge.go	79.14%	26 Missing and 13 partials ⚠️
internal/exec/stack_processor_backend.go	81.02%	18 Missing and 8 partials ⚠️
...ack_processor_process_stacks_helpers_extraction.go	76.92%	16 Missing and 8 partials ⚠️
...tack_processor_process_stacks_helpers_overrides.go	69.56%	15 Missing and 6 partials ⚠️
...ck_processor_process_stacks_helpers_inheritance.go	93.28%	6 Missing and 3 partials ⚠️
...nal/exec/stack_processor_process_stacks_helpers.go	72.72%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1602      +/-   ##
==========================================
+ Coverage   63.49%   64.53%   +1.04%     
==========================================
  Files         323      330       +7     
  Lines       37067    37011      -56     
==========================================
+ Hits        23535    23885     +350     
+ Misses      11582    11214     -368     
+ Partials     1950     1912      -38     

Flag	Coverage Δ
unittests	64.53% <81.53%> (+1.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
errors/errors.go	0.00% <ø> (ø)
pkg/schema/schema.go	93.13% <ø> (ø)
...nal/exec/stack_processor_process_stacks_helpers.go	72.72% <72.72%> (ø)
...ck_processor_process_stacks_helpers_inheritance.go	93.28% <93.28%> (ø)
...tack_processor_process_stacks_helpers_overrides.go	69.56% <69.56%> (ø)
...ack_processor_process_stacks_helpers_extraction.go	76.92% <76.92%> (ø)
internal/exec/stack_processor_backend.go	81.02% <81.02%> (ø)
internal/exec/stack_processor_merge.go	79.14% <79.14%> (ø)
internal/exec/stack_processor_utils.go	76.93% <73.96%> (+16.02%)	⬆️
internal/exec/stack_processor_process_stacks.go	86.01% <86.01%> (ø)

... and 5 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[aknysh]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.