Release v1.206.0-rc.1 · cloudposse/atmos

feat: version-aware JIT source provisioning with TTL-based cleanup @osterman (#2010)

## what

Implement version-aware JIT source provisioning that automatically re-provisions workdirs when remote source version or URI changes
Add incremental local sync using per-file checksum comparison (SyncDir) instead of full directory copy
Support TTL-based cleanup for stale workdirs with --expired, --ttl, and --dry-run flags
Move workdir metadata from .workdir-metadata.json to .atmos/metadata.json for better organization
Track source_uri, source_version, and last_accessed timestamps in metadata

Additional Fixes

Closes #2019 - Fix JIT provisioning gaps in generate commands
- terraform generate varfile / terraform generate backend - now support JIT-sourced components
- helmfile generate varfile - now supports JIT-sourced components
- packer output - now supports JIT-sourced components

Previously, changing a component's source version required manually cleaning the workdir before changes took effect
Full directory copy was inefficient for local development with frequent small changes
No mechanism existed to automatically clean up stale workdirs that accumulate over time
Enhanced metadata enables intelligent provisioning decisions and better observability
Generate commands failed with JIT-sourced components because they lacked source provisioning (#2019)

New pkg/duration package extracted for reusable duration parsing
Updated workdir list and workdir show commands display version and access information
Blog post: website/blog/2025-01-22-version-aware-jit-provisioning.mdx

New Features
- JIT source provisioning now takes precedence over local components across all terraform commands when source and workdir are enabled.
- Automatic component refresh when version or source URI changes.
- TTL-based cleanup for stale workdirs using --ttl flag (e.g., --ttl=7d).
- Enhanced workdir information displays source type, version, and last accessed timestamp.
- Incremental file synchronization—only changed files sync to workdirs.

fix: Terraform shell command not working from Atmos interactive UI @aknysh (#2055)

## what

Fix terraform shell command when invoked from the Atmos interactive UI (TUI)
Route terraform shell directly to ExecuteTerraformShell() from the UI dispatcher, bypassing ExecuteTerraform()
Add AuthManager propagation to terraform shell for YAML functions like !terraform.state
Add --identity flag support to terraform shell command
Extract testable helpers (shellInfoFromOptions, resolveWorkdirPath, shellOptionsForUI) from inline logic
Add auth orchestration functions (createAndAuthenticateAuthManager, getMergedAuthConfig, storeAutoDetectedIdentity) to utils_auth.go

The Atmos interactive UI dispatches commands through ExecuteTerraform(), which had no handler for the shell subcommand. Since terraform shell is an Atmos-only command (not a native Terraform subcommand), it fell through and attempted to execute terraform shell as a native command, which doesn't exist, resulting in: Terraform has no command named "shell"
AuthManager was not being passed to ProcessStacks in the shell command, causing !terraform.state and !terraform.output YAML functions to fail with authentication errors
The --identity flag was missing from terraform shell, preventing users from specifying which AWS identity to use for authentication

New Features
- Added --identity flag (alias -i) to the terraform shell command to specify AWS identity.
Improvements
- Shell execution now surfaces identity in dry-run output, uses improved workdir resolution, and routes the UI path through the interactive shell flow.
- Enhanced authentication handling with merged global/component auth and auto-detected identity fallback.
Documentation
- CLI docs updated with --identity flag and examples.
Tests
- Extensive unit tests for auth merging, identity handling, shell options mapping, and workdir logic.