Commit 0e374c07 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat: support private registries authentication

parent 463cad05

README.md

+19 −0
Original line number Diff line number Diff line
@@ -285,6 +285,25 @@ Be aware of the following: 
* if the specified workspace doesn't exist, the template will create it,

* HTTP backend (default) doesn't support Workspaces. [See supported backends here](https://developer.hashicorp.com/terraform/language/state/workspaces#backends-supporting-multiple-workspaces).



### Using modules from private registries



The Terraform template supports using modules from private registries (GitLab's Registry or others).



Modules can be refered as usual in your Terraform code:



```terraform

module "<module>" {

  source = "tf.registry.address/organization/provider/module_name"

}

```



And finally authentication credentials shall be defined as secret [environment variable credentials](https://developer.hashicorp.com/terraform/cli/config/config-file#environment-variable-credentials). 

In the above example, that would mean defining a :lock: `TF_TOKEN_tf_registry_address` project variable containing the authentication token.



:warning: by default the template automatically sets the authentication token for the GitLab Modules Registry using the `$CI_JOB_TOKEN` value.

If you want to use another credential (personal access token or else), just define explicitly :lock: `TF_TOKEN_gitlab_com` (or the right one for your GitLab server)

as a project variable with the desired credential.



### Terraform lock file



As explained in [Terraform documentation](https://developer.hashicorp.com/terraform/language/files/dependency-lock#lock-file-location), _you should include the `.terraform.lock.hcl` file in your version control repository_.

templates/gitlab-ci-terraform.yml

+7 −0
Original line number Diff line number Diff line
@@ -407,6 +407,13 @@ stages: 
    export TF_VAR_environment_name=$environment_name

    export TF_VAR_environment_slug=$environment_slug



    # set auth token for GitLab (if not already set)

    token_var_for_gitlab="TF_TOKEN_${CI_SERVER_HOST//./_}"

    if [[ -z "$(eval echo \$"$token_var_for_gitlab")" ]]; then

      log_info "setting token for GitLab registry (\$$token_var_for_gitlab)..."

      export "$token_var_for_gitlab"="$CI_JOB_TOKEN"

    fi



    # make output dir

    mkdir -p "$TF_OUTPUT_DIR"