Search code examples
terraform

How to pass dynamic values to a module's 'source'

I am looking for options to specify the reusable aws modules which are stored in a separate project in gitlab. For example, if there is a generic ec2 component I will call that in my module and pass any specific variables etc.,

module "terraform_tags" {
  source = "git::https://gitlab.my.company.com/aws-ec2.git"
}

The approach works if i explicitly add username and token in the source:

i.e., source = "git::https://username:<tokenvalue>@gitlab.my.company.com/aws-ec2.git"

But I would like to have the code for this module written in such a way that token value is passed as a variable instead of being explicitly mentioned in the code itself. If I try to add it as a gitlab variable it gives an error saying 'value must be known'.

Any ideas on how this can be achieved?

Solution

  • The source argument in a module block specifies only the location of the module, and is not the appropriate place to configure credentials used to fetch it.

    Because you are installing from a Git repository, you must configure Git itself to have an appropriate username and password for accessing this Git repository. Git has various options for configuring credentials, including some that can integrate with your operating system's "keychain" abstraction, or similar.

    If you wish to just statically configure the credentials, rather than fetching them dynamically from another place, you can configure Git to do that.

    First, you can tell Git which username to use for this repository by editing your Git configuration file, which is typically at ~/.gitconfig on a Unix operating system. The following entry configures a username to use for your GitLab server:

    [credential "https://gitlab.my.company.com"]
    username = example

    When you aren't using a separate store to retain your password, Git stores passwords in another separate file, ~/.git-credentials.

    This credentials file stores a password to use for each pair of username and URL. If your username were "example" (as above) and your password were "secret" then you'd place the following entry in that file:

    https://example:[email protected]

    With this configuration file entry and credentials entry, Git should send the necessary credentials to your Git server. Terraform installs modules from Git by running a normal git clone command, which will then make use of these settings.

    The settings described above are for Git alone and are not directly related to Terraform, so this configuration would also work for any other access to git, including access by the module installation command for other programming languages.