Skip to content

Allow public terraform modules to anonymous users

João Alexandre Cunha requested to merge fix/allow-public-terraform-modules-to-anonymous-users into master

What does this MR do and why?

If the user does not send a token, there's no need to try to authenticate it. So specifying a blank token should be enough.

We could probably not even concatenate the token. It might actually be neater. Or maybe it's better to keep sending a blank token parameter as a response, just so we keep consistent on the API response always having a token in the URL. I've opted for the latter. I'm open minded to change it, though.

Relates to: #363268 (closed)

Screenshots or screen recordings

Edited_Test_Terraform_fix

Private projects return the following when running terraform init:

> terraform init
Initializing modules...

│ Error: Module has no versions

│ Module "gdk.test:3443/h5bp/random-pet/local" (config.tf:1) has no versions available on gdk.test:3443.

How to set up and validate locally

In your GDK, create or use a public project in a certain group:

  1. Create your sample modules/random-pet/main.tf:
terraform {
  required_providers {
      random = {
        source  = "hashicorp/random"
      version = "3.1.2"
    }
  }
}

provider "random" {}

resource "random_pet" "random_pet" {
  length = var.length
}
  1. Create your sample modules/random-pet/outputs.tf:
output "random_pet" {
  value = random_pet.random_pet.id
}
  1. Create your sample modules/random-pet/variables.tf:
variable "length" {
  default = 1
  type    = number
}
  1. Create your .gitlab-ci.yml to publish te module, and validate that the pipeline has published it afterwards:
stages:
  - upload-test-module

  upload:
    stage: upload-test-module
    script:
      - cd modules/random-pet
      - tar -cvzf ${CI_PROJECT_NAME}-local-${TERRAFORM_MODULE_VERSION}.tgz -C ${CI_PROJECT_DIR} .
      - 'curl -k --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${CI_PROJECT_NAME}-local-${TERRAFORM_MODULE_VERSION}.tgz ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/random-pet/local/${TERRAFORM_MODULE_VERSION}/file'
    variables:
      TERRAFORM_MODULE_VERSION: 0.0.1
    rules:
      - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
  1. On your local environment, create a file to install the, e.g.: config.tf:

Note that you should replace your GDK instance with your own hostname. In my case I have gdk.test running with https enabled on port 3443.

module "my_module_name" {
  source = "gdk.test:3443/h5bp/random-pet/local"
  version = "0.0.1"
}
  1. Run terraform init locally, and verify that you don't get a 401.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Hordur Freyr Yngvason

Merge request reports