The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Hey,
in our pipeline
defintions we're trying to use a custom terraform module which is hosted in a private bitbucket cloud repository.
Our config looks like the following:
"bitbucket-pipelines.yml"
main:
- step: *build
- step:
name: Deploy to Staging
image: hashicorp/terraform:latest
deployment: Staging
script:
- echo "$BITBUCKET_SA" | base64 -d >> /tmp/gcloud.json
- export GOOGLE_APPLICATION_CREDENTIALS=/tmp/gcloud.json
- cd terraform/
- terraform init -backend-config=./backend/file-for-backend..hcl
- terraform apply -auto-approve -var-file='./setup.tfvars' -var-file='./backend/file-for-vars.tfvars'
"terraform - main.tf"
module "cloud_function" {
source = "git::https://bitbucket.org/<company-workspace>/tfm-gcp.git//cloud_function"
for_each = var.functions
project_id = var.project_id
region = var.region
name = each.value.name
entry_point = each.value.entry_point
trigger_event = each.value.trigger_event
trigger_resource = each.value.trigger_resource
environment_variables = each.value.environment_variables
runtime = var.runtime
source_path = "../functions/"
permissions = ["roles/bigquery.dataEditor"]
}
+ terraform init -backend-config=./backend/dspl-dev-fs.hcl
Initializing modules...
Downloading git::https://$AZR_IMG_USERNAME.org/dmk-group/tfm-gcp.git for cloud_function...
╷
│ Error: Failed to download module
$AZR_IMG_USERNAME is the first variable defined in our workspace variables for pipelines but is not used within the repository or project... so it seems like a bug within the pipeline runtime or am I wrong?
It should just download the defined module, specified in main.tf, but theres an substitution with the word "bitbucket" in URL.
Hello @hemp0r ,
Thank you for reaching out to Atlassian Community!
What I think might be happening here is that your workspace variable $AZR_IMG_USERNAME is configured as a secure variable and the value of this variable is most likely bitbucket. Since secure variables are masked from the pipeline build logs, if a value matching a secured variable appears in the logs (in this case bitbucket), Pipelines will replace it with $VARIABLE_NAME. The value your script/terraform will see is the actual value for the variable, but it will not be revealed in the logs.
Even though you are not directly using the variable in this repository, all the workspace variables are made available to the build container, and in the run time if we find any value in the logs matching a secure variable, it will be masked with the variable name.
Hope that helps to clarify your questions! Let me know in case you have any doubt.
Thank you, @hemp0r .
Kind regards,
Patrik S
Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...
Connect with like-minded Atlassian users at free events near you!
Find an eventConnect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.
Host an eventYou're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.