AzP: Terraform modules private repo
So Terraform is all the rage at the moment, so why not cash in on some of that action?
So here is the pitch, write IaC with Terraform you should at least go down the path of creating modules and reference them in your code. This is a good move and something we know from previous experience with other languages makes everything more maintainable as entropy tries to run us over.
Though mixing modules and running terraform in a pipeline some new challenges arise. Especially if you want to host the modules in a private repository.
The Microsoft backed tasks for running Terraform in a AzD pipeline needs in it’s init phase to resolve and download all external referenced modules. This is not a problem for the ones that are public, but if you have module in a private repo then this phase will just fail.
So a solution is to host the modules in AzD git and leverage the access token the agent is given when running a pipeline.
Depending on the project structure you might need to give the build account you are running the Terraform pipeline under access to read the repo(s) where you host the terraform modules.
Now all you need is to create a powershell task that runs before Terraform init task and pass in the build access token to the powershell script below. This will use the token to configure git on the agent to use it to access repos where the modules are. If you have your own custom agents, make sure git is installed on all of them for this to work correctly.
Now for the code to set the git context:
So with this done you will want to clean up the context after the terraform init task has run with the following code:
Hope this helps anybody else struggling with this.