Allow public terraform modules to anonymous users
What does this MR do and why?
If the user does not send a token, there's no need to try to authenticate it. So specifying a blank token should be enough.
We could probably not even concatenate the token. It might actually be neater. Or maybe it's better to keep sending a blank token parameter as a response, just so we keep consistent on the API response always having a token
in the URL. I've opted for the latter. I'm open minded to change it, though.
Relates to: #363268 (closed)
Screenshots or screen recordings
terraform init
:
Private projects return the following when running > terraform init
Initializing modules...
╷
│ Error: Module has no versions
│
│ Module "gdk.test:3443/h5bp/random-pet/local" (config.tf:1) has no versions available on gdk.test:3443.
╵
How to set up and validate locally
In your GDK, create or use a public project in a certain group:
- Create your sample
modules/random-pet/main.tf
:
terraform {
required_providers {
random = {
source = "hashicorp/random"
version = "3.1.2"
}
}
}
provider "random" {}
resource "random_pet" "random_pet" {
length = var.length
}
- Create your sample
modules/random-pet/outputs.tf
:
output "random_pet" {
value = random_pet.random_pet.id
}
- Create your sample
modules/random-pet/variables.tf
:
variable "length" {
default = 1
type = number
}
- Create your
.gitlab-ci.yml
to publish te module, and validate that the pipeline has published it afterwards:
stages:
- upload-test-module
upload:
stage: upload-test-module
script:
- cd modules/random-pet
- tar -cvzf ${CI_PROJECT_NAME}-local-${TERRAFORM_MODULE_VERSION}.tgz -C ${CI_PROJECT_DIR} .
- 'curl -k --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${CI_PROJECT_NAME}-local-${TERRAFORM_MODULE_VERSION}.tgz ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/random-pet/local/${TERRAFORM_MODULE_VERSION}/file'
variables:
TERRAFORM_MODULE_VERSION: 0.0.1
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- On your local environment, create a file to install the, e.g.:
config.tf
:
Note that you should replace your GDK instance with your own hostname. In my case I have gdk.test
running with https enabled on port 3443.
module "my_module_name" {
source = "gdk.test:3443/h5bp/random-pet/local"
version = "0.0.1"
}
- Run
terraform init
locally, and verify that you don't get a 401.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.