search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
41.66k stars 9.41k forks source link

Failed to parse module registry address, for module in Gitlab project, using SSH URL #35395

Open dnmvisser opened 1 week ago

dnmvisser commented 1 week ago

Terraform Version

Terraform v1.8.5
on darwin_arm64

Terraform Configuration Files

module "vpc" {
  source = "git::ssh://git@gitlab.foo.org:team/system/tfmods/aws-vpc.git"
  version = "~> 0.5.0"
}

Debug Output

https://gist.github.com/dnmvisser/54d3d39aa6ff15019a80b75acac53b65

Expected Behavior

There should not be a restriction on three or four slash-separated components and the module should be fetched correctly.

Actual Behavior

Terraform failed to parse the module registry address

Steps to Reproduce

  1. terraform init
  2. terraform plan

Additional Context

We have a module that is maintained as a project in a self-hosted Gitlab instance. The projects in that Gitlab are structured using groups and subgroups. This means that the project URLs have paths that contain multiple slashes, as those are use as delimiters. In the project's Terraform modules tab, it says:

module "my_module_name" {
  source = "gitlab.foo.org/team/aws-vpc/aws"
  version = "0.5.0"
}

But, we need to access the repo with SSH, and not with tokens. According to Gitlab itself (curl -s https:/gitlab.foo.org/api/v4/projects/123 | jq -r .ssh_url_to_repo), the SSH URL is:

ssh://git@gitlab.foo.org:team/system/tfmods/aws-vpc.git"

Looking at https://developer.hashicorp.com/terraform/language/modules/sources, I think I should use the Generic Git Repository instructions, which say:

module "storage" {
  source = "git::ssh://username@example.com/storage.git"
}

So, this is what I end up using:

module "vpc" {
  source = "git::ssh://git@gitlab.foo.org/team/system/tfmods/aws-vpc.git"
  version = "~> 0.5.0"
}

I have tried several permutations of ssh:// addresses, scp-like addresses, slashes, colons, but have not found one that works.

There are dedicated docs for GitHub, Bitbucket, etc, but none for Gitlab. If it is possible to get a Gitlab scenario like we have to work, then it would be great to have a dedicated Gitlab documentation paragraph.

References

No response

liamcervante commented 1 week ago

Hi @dnmvisser, thanks for filing this. The error message you linked contains the following explanation:

Terraform assumed that you intended a module registry source address because you also set the argument "version", which applies only to registry modules.

What this means is that Terraform is attempting to parse the address provided as a registry address (eg. terraform-aws-modules/iam/aws), and then failing since the syntax doesn't match up. When referencing Git repositories directly you should not include a version constraint.

Is the version number you are specifying a Git tag or reference to a specific branch? If so, I think something like the might work:

module "vpc" {
  source = "git::ssh://git@gitlab.foo.org/team/system/tfmods/aws-vpc.git?ref=0.5.0"
}

Hopefully this resolves the issue for you! Let me know if I've misunderstood anything!