I was wondering, why does terraform downloads the modules to the local machine during terraform init command. What is the need to download the modules in our local machine? Why can't terraform directly refers to the file present in the repository?
Example of referring a remote module as follow:
module "signalR" {
source = "[email protected]:fifa-x/terraform-azurerm-signalr.git?ref=v1.1.0"
}
Terraform needs to download the contents of the repository in order to work with it, because otherwise it would have no way to know what is defined in the repository.
However, I think you are asking why Terraform writes what it downloaded into the local filesystem rather than just using it in memory for the duration of the operation. There are a few different reasons for that design tradeoff:
Security: A remote Terraform module is arbitrary code installed over the internet, which you'll presumably eventually be running with access to high-value credentials.
Terraform performs all loading of code from remote systems in terraform init and no other command so that you can review what terraform init installed -- either manually or with some automated security tools -- before you actually execute the module.
Other commands like terraform apply work only with modules already cached on the local system, so that once you've checked what was installed you can be confident that Terraform will be evaluating exactly that code.
Performance: Fetching code over the network can potentially be slow and/or expensive, particularly from Git repositories where the protocol requires always retrieving at least the entire content of the current commit.
By downloading remote code only once during terraform init and then reusing it for subsequent commands Terraform can amortize the cost of downloading the dependencies across multiple commands.
Debugging: If something goes wrong when you run terraform apply, Terraform might report an error that refers to source code in an external module. Although Terraform does include a minimal snippet of the part of the module which was in error, you may need to review other parts of that module's source code to fully understand what went wrong.
Keeping a copy of the source code on your local system means that you can more easily inspect the rest of the module source code and be sure that you're looking at the module code that Terraform was really reading. If Terraform instead only kept that source code briefly in memory while it was running, you'd need to look up the rest of the source code in the original repository and you might inadvertently be looking at the wrong commit and therefore get a misleading answer as to how the rest of the module behaves.
Creating a local cache of remote dependencies is a typical design choice for computer languages that support direct installation of remote libraries, and it's often for similar reasons as with Terraform. Terraform's details are not exactly the same, but the same general principles apply as with other programming languages.