Open cachaldora opened 1 year ago
@cachaldora the "module" attribute in this instance is expected to be a git or https module path as in the example here: https://github.com/upbound/provider-terraform/blob/main/examples/workspace-remote.yaml#L19
it is not passed directly to Terraform for handling.
You could use an Inline Workspace and point it at the remote module that you specified and then terraform will see it and execute the appropriate processing.
Hey @cachaldora, it looks like you hit the right spot with tf module registry! :)
I performed some investigation:
So adding TF Module Registry protocol support looks not trivial but is doable so we can include it in the project backlog.
While the feature is not implemented, I suggest the following workaround:
https://registry.terraform.io/v1/modules/terraform-aws-modules/vpc/aws/3.19.0/download
source: Remote
#Instead of module: terraform-aws-modules/vpc/aws we specify the registry download URL
module: https://registry.terraform.io/v1/modules/terraform-aws-modules/vpc/aws/3.19.0/download
I've just tested it on my side, and it worked! I hope this workaround is helpful to you. The download URLs should be consistent and easily discoverable for a private registry as well.
The problem is that we need to authenticate in our private registry so the workaround you suggested @ytsarev doesn't work. @bobh66's suggestion to use inline block instead of remote directly seems to be working pretty good.
However, I think that would be great if this provider could use the same remote types as Terraform supports.
@cachaldora Thanks, I created https://github.com/upbound/provider-terraform/issues/78 after a discussion with @infbase yesterday, especially highlighting the auth problem.
@cachaldora @infbase if we add propagation of https://developer.hashicorp.com/terraform/cli/config/config-file#credentials from a k8s secret, similar to git creds, will it mitigate the issue?
I think that it will work. We already use a secret with .git-credentials file and it's working as expected so if you add the same logic for .terraformrc I think that it will solve the issue.
@cachaldora https://github.com/upbound/provider-terraform/pull/109 is available for the test
What happened?
I'm trying to use a TF module from a private registry and I got the following error:
It seem be looking for a local module instead of a remote one. However, the registry implements the Terraform Module Registry Protocol (https://developer.hashicorp.com/terraform/internals/module-registry-protocol) and I've tested with Terraform locally by running:
The provider documentation refers that:
How can we reproduce it?
Create and apply a controller config yaml with private registry authentication:
Create a resource:
(module and registry written above are dummy data)
What environment did it happen in?