Modules Repository
Terrateam Configuration
Terrateam behavior can be configured via a config.yml. This file is located in
a directory named .terrateam at the root of your Terraform repository:
.terrateam/config.yml.
See Configuration documentation for details.
It’s possible to use a separate repository that your Terraform code references as a Terraform Module Source.
GitHub Repository using a Git HTTPS URL
Terraform automatically recognizes github.com URLs and will interpret them as
module "consul" {
source = "github.com/hashicorp/example"
}Install the Terrateam GitHub application against your GitHub modules repository. This grants Terrateam the permission to clone the repository.
If you don’t want Terrateam operations to run against your modules repository,
which you probably don’t, then create the following .terrateam/config.yml in
your modules repository default branch:
enabled: falseGitHub Repository using a Git SSH URL
Prerequisites
These instructions require you to run commands from a terminal.
TERRATEAM_SSH_KEY
The Terrateam GitHub Action will detect all GitHub Action secrets
starting with TERRATEAM_SSH_KEY and automatically create the
required Terrateam Action runtime SSH client changes in order for
the Terraform CLI to work with module source repositories. This is
only compatible for modules using a Git SSH URL.
Terrateam expects TERRATEAM_SSH_KEY secret values to have an
SSH private key format.
GitHub Deploy Key
When specifying a private GitHub repository as a Terraform module source, SSH keys must be properly configured against your repositories. The following instructions explain how to use a GitHub repository with Git SSH URL as a Terraform Module Source.
Example configuration:
module "example_module" {
source = "git::ssh://git@github.com/OWNER/TERRAFORM-MODULES-REPO.git"
}- Export your
organization/repositorycombination that contains your Terraform code for resources:
export TERRAFORM_REPO="OWNER/TERRAFORM-REPO"- Export your
organization/repositorycombination that contains your Terraform modules code:
export MODULES_REPO="OWNER/TERRAFORM-MODULES-REPO"- Generate a passwordless SSH key
ssh-keygen -t ed25519 -C "my description" -N "" -f ~/.ssh/terrateam-ssh-key- Add the SSH public key to your Terraform Modules repository as a GitHub deploy key
gh repo deploy-key --repo "$MODULES_REPO" add ~/.ssh/terrateam-ssh-key.pub- Add the SSH private key to your Terraform repository as a GitHub Actions Secret
gh secret --repo "$TERRAFORM_REPO" set TERRATEAM_SSH_KEY < ~/.ssh/terrateam-ssh-key- Clean up your SSH key from your local workstation
rm -f ~/.ssh/terrateam-ssh-key ~/.ssh/terrateam-ssh-key.pubNon-GitHub Repository using a Git SSH URL
It’s possible to use a non-GitHub repository as your Terraform modules source.
Example configuration:
module "example_module" {
source = "git::ssh://username@example.com/TERRAFORM-MDOULES-REPO.git"
}- Export your
organization/repositorycombination that contains your Terraform code for resources:
export TERRAFORM_REPO="OWNER/TERRAFORM-REPO"- Generate a passwordless SSH key
ssh-keygen -t ed25519 -C "my description" -N "" -f ~/.ssh/terrateam-ssh-key- Add the SSH public key to the Git host of your Terraform Modules repository as an authorized key. See your Git hosting provider instructions for details.
cat ~/.ssh/terrateam-ssh-key.pub- Add the SSH private key to your Terraform repository as a GitHub Actions Secret
gh secret --repo "$TERRAFORM_REPO" set TERRATEAM_SSH_KEY < ~/.ssh/terrateam-ssh-key- Clean up your SSH key from your local workstation
rm -f ~/.ssh/terrateam-ssh-key ~/.ssh/terrateam-ssh-key.pub- Create or modify your
.terrateam/config.ymlto SSH keyscan your Git repository domain before a Plan or Apply operation
hooks:
plan:
pre:
- type: run
cmd: ['ssh-keyscan-pre-hook', 'example1.com', 'example2.com']
apply:
pre:
- type: run
cmd: ['ssh-keyscan-pre-hook', 'example1.com', 'example2.com']The ssh-keyscan-pre-hook script is a simple wrapper for the ssh-keyscan command.
Source code found here.