Hello,
I am setting up a new IaC code base (Terraform) for Azure, and I created a parent terraform module and my I used the User-Assigned-Managed-Identites for setting the authentication for my GitHub repo and the workflow (reference: here)
When I create local terraform module within my repo, and add it as a source from within the same repo, it worked fine no issues. However when I moved the terraform module to another Git Repo and when I use that as a source (as shown below):
module "postgres-server" {
source = "git::git@github.com:MyOrg/terraform-modules/postgres.git?ref=1.0.0"
location = var.location
name = var.pg_server_name
resource_group_name = var.pg_resource_group_name
}
Now my GitHub Action runner is complaining that it can’t reach the new Git repo (my source repo):
Downloading git::ssh://git@github.com/MyOrg/terraform-modules/postgres.git?ref=1.0.0 for postgres-server...
╷
│ Error: Failed to download module
│
│ on main.tf line 23:
│ 23: module "postgres-server" {
│
│ Could not download module "postgres-server" (main.tf:23) source code from
│ "git::ssh://git@github.com/MyOrg/terraform-modules/postgres.git?ref=1.0.0":
│ error downloading
│ 'ssh://git@github.com/MyOrg/terraform-modules/postgres.git?ref=1.0.0':
│ /usr/bin/git exited with 128: Cloning into
│ '.terraform/modules/postgres-server'...
│ git@github.com: Permission denied (publickey).
│ fatal: Could not read from remote repository.
│
│ Please make sure you have the correct access rights
│ and the repository exists.
│
╵
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.
I understand my GitHub runner needs permissions to this new source repo. I am trying to understand since I am using the Azure’s User-Assigned-Managed-Identity method, how can I provide the runner the necessary permission to be able to download the remote module?
Cheers for the help community 