Using private Terraform Cloud modules from Gitlab CI

We are looking to extend our static analysis toolset to automatically scan Terraform code during our pipelines within Gitlab CI.

I have terrascan running from the pipeline successfully but have come across an issue which will stop us adopting it and wonder if anyone can help.

We make use of the Terraform Cloud private module registry, so have to authenticate with a Token to run Terraform from Gitlab CI normally. When we run terrascan we get the following error for each module.

2021-03-26T12:36:19.449Z error downloader/module-download.go:113 error while fetching available modules for module: app.terraform.io/redacted/module/path, at registry: app.terraform.io

For Terraform itself we write a token into the $HOME/.terraformrc file and this is used. Is there a similar option to specify the token for terrascan?

Thanks in advance,

Mick

Hey @Mick_Sheppard - I took a peek at this today and was able to reproduce what you're seeing, and I think I see where I can add support for TF cloud's user tokens within terrascan. Give us a few days to work through that and hopefully we'll be back with good news soon.

FYI, I'll track that on the github side in issue 631.

John

That's great.

I did take a quick look at the code and it seemed that only a header will be needed with the token in it. Glad to see its been picked up and will look forward to using it in our pipeline.

1 Like

Just to followup here - this took a little longer than hoped, but we merged in support for authenticated/private terraform registries this morning. That's now available on the master branch, and we'll be cutting a new release within the next week or two.

Thanks John.

I'll take a look over the weekend and get it running across our pipelines.

Mick

Thanks for doing this Mick. I joined Accurics just a few weeks ago to lead Developer Advocacy which includes community functions! Testing terrascan with TF Cloud and Env0 was one of the first things I planned to test once I was able to get my hands dirty.

If you have any interest in jointly submitting a CFP to Gitlab Commit, let me know. Would love to coordinate with you.

Gitlab Commit