Terraform module versioning

Hey Folks, I was trying to find a way to define module versioning using git SSH source URL. So that it’s easier to maintain specific/latest version based on constraints defined in different environments. Tried below but it doesn’t works for me. Not sure if its part of any version release or I am doing anything wrong here :slight_smile:

Thinking another approach, nor even variable interpolation worked in module source.

module “abc” {
source = “git::ssh://git@bitbucket.com/abc”
version = “~> 2.0”

Hi @parth995,

The version argument is only relevant when you are installing a module via a module registry, such as Terraform Registry or a third-party implementation of the same protocol. The registry protocol adds an extra level of indirection over the physical source addresses which allows Terraform to ask the registry which versions are available and then select one based on a version constraint. The registry then returns a physical source URL like your git::ssh://git@bitbucket.com/abc to specify exactly where that package’s source code can be found.

A module registry will typically refer to a particular tag as the location of source code for a particular version, so that subsequent changes in the repository won’t change the source code of that existing version. Module registries do that using the Selecting a Revision syntax, which involves an additional query string argument on the source URL.

If you don’t wish to use a module registry then you can specify a git URL with a specific revision directly in the source attribute with the same effect:

  source = "git::ssh://git@bitbucket.com/abc?ref=v2.0.1"

Terraform will treat the above the same as if that URL had been returned from a module registry.

However, direct source URLs can only ever specify exact versions, so if you wish to use an open-ended version constraint like you showed in your example then you will need to publish this module either in the public Terraform Registry or in a private Terraform registry hosted elsewhere.

There is private module registry support in a few different systems now. These are just the ones I remember off the top of my head, so I would encourage seeking out other options too and I cannot personally recommend any particular vendor:

I believe that all of these serve both as the registry index and as the file distribution server, and so will return module package addresses that belong to their own host rather than referring to a tag in your BitBucket repository. The module registry protocol does allow an implementation to only be a registry, returning URLs that are hosted in some other system like BitBucket, but I don’t know of a ready-to-use system like that off the top of my head.