Terragrunt/-form clone in Gitlab pipeline when using git::ssh://git@ for module source

324 views Asked by At

I have a pipeline where I want to run terragrunt. I so far run everything local and use ssh to authenticate against Gitlab. Therefore, in my Terraform modules, I also use a git::ssh URL like below.

module "data_org" {
  source = "git::ssh://[email protected]/bar/xdf/terraform_modules.git//modules/data_org?ref=develop"
}

Now, I do not know how to port this to a Gitlab pipeline. I would prefer using short-lived pipeline credentials like the Gitlab job token, but do not know how to make use of it. Did anybody know how to use this with Terraform?

What I come across already:

Update 2023-10-26 https: I tested git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@git.foobar.de.insteadOf ssh://[email protected] and got a bit further. Now I get the error "not found" for the repository, and I assume the problem is the .git suffix at the end. I do not know how to get rid of it yet but hope this is solvable.

1

There are 1 answers

2
lony On BEST ANSWER

Credits to @harshavmb from the comment above for his recommendation of insteadOf which solved the problem.

The solution was twofold

  • a) Using git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@git.foobar.de.insteadOf ssh://[email protected] so my ssh URL was rewritten to an HTTP one using the Gitlab job token to authenticate.
  • b) Allow access needs to happen from the target repos side. Meaning I want to clone repo A but my pipeline and the job token is in repo B. To allow access I have to allow access in repo A so B can "access" it. The settings are under Settings->CI/CD->Token Access.