Add option to configure additional CA bundle
For self-managed instances using corporate CA it is necessary to have an option to add corporate CA into the image before terraform commands are executed. Otherwise terraform is unable to fetch/upload state file from GitLab instance.
$ export TF_LOG=trace
$ cd ${TF_ROOT}
$ gitlab-terraform init
...
Successfully configured the backend "http"! Terraform will automatically
use this backend unless the backend configuration changes.
2021/02/12 13:41:07 [TRACE] Meta.Backend: instantiated backend of type *http.Backend
2021/02/12 13:41:07 [DEBUG] checking for provisioner in "."
2021/02/12 13:41:07 [DEBUG] checking for provisioner in "/bin"
2021/02/12 13:41:07 [INFO] Failed to read plugin lock file .terraform/plugins/linux_amd64/lock.json: open .terraform/plugins/linux_amd64/lock.json: no such file or directory
2021/02/12 13:41:07 [TRACE] Meta.Backend: backend *http.Backend does not support operations, so wrapping it in a local backend
2021/02/12 13:41:07 [DEBUG] GET https://gitlab.eexample.com/api/v4/projects/123/terraform/state/master
2021/02/12 13:41:08 [ERR] GET https://gitlab.eexample.com/api/v4/projects/123/terraform/state/master request failed: Get "https://gitlab.eexample.com/api/v4/projects/475/terraform/state/master": x509: certificate signed by unknown authority
2021/02/12 13:41:08 [DEBUG] GET https://gitlab.eexample.com/api/v4/projects/123/terraform/state/master: retrying in 5s (2 left)
2021/02/12 13:41:13 [ERR] GET https://gitlab.eexample.com/api/v4/projects/123/terraform/state/master request failed: Get "https://gitlab.eexample.com/api/v4/projects/475/terraform/state/master": x509: certificate signed by unknown authority
2021/02/12 13:41:13 [DEBUG] GET https://gitlab.eexample.com/api/v4/projects/123/terraform/state/master: retrying in 10s (1 left)
2021/02/12 13:41:23 [ERR] GET https://gitlab.eexample.com/api/v4/projects/123/terraform/state/master request failed: Get "https://gitlab.eexample.com/api/v4/projects/475/terraform/state/master": x509: certificate signed by unknown authority
This can be achieved for example by using environmental variable that is processed in entrypoint script like SAST images.
Edited by Ghost User