I’m trying to figure out what CDKTF is doing differently from terraform regarding generation of the .terraform.lock.hcl file. In my environment I have a local mirror (setup using terraform providers mirror) and I am expecting no network calls based on my configuration (included below). If I do the following
- cdktf synth
- cdktf diff <stack_name>
I see that terraform is generating the HCL, initializing the stack, and then performing a plan. What I can’t figure out though, is that in addition to initializing, there appears to be another step (as compared to running terraform init manually) where terraform is reaching out to registry.terraform.io to retrieve additional checksums as evidenced by the following logs
staging - Fetching hashicorp/aws 5.44.0 for linux_amd64...
staging - Retrieved hashicorp/aws 5.44.0 for linux_amd64 (signed by HashiCorp)
staging - Fetching hashicorp/null 3.2.2 for linux_amd64...
staging - Retrieved hashicorp/null 3.2.2 for linux_amd64 (signed by HashiCorp)
- Obtained hashicorp/aws checksums for linux_amd64; Additional checksums for this platform are now tracked in the lock file
- Obtained hashicorp/null checksums for linux_amd64; Additional checksums for this platform are now tracked in the lock file
and the lock file gets populated with platforms other than the one I’m running on. Is it possible to stop this additional call out to registry.terraform.io?
.terraformrc
provider_installation {
filesystem_mirror {
path = "/root/terraform_mirror"
include = ["registry.terraform.io/*/*"]
}
}