我在 Terraform 代码中使用来自同一 Azure DevOps 项目的模块。
所以 repos 结构如下所示:
org1/project1/keyvault
org1/project1/repo_that_uses_keyvault_module
代码本身如下所示:
module "key_vault" {
source = "git::https://[email protected]/org1/proj1/_git/keyvault"
# code here
}
我的管道任务非常简单:
- powershell: |
terraform init
displayName: 'Terraform Init'
workingDirectory: src/terraform
但是失败了:
Initializing Terraform without backend...
Initializing modules...
Downloading git::https://[email protected]/org1/proj1/_git/keyvault
for key_vault...
╷
│ Error: Failed to download module
│
│ on main.tf line 57:
│ 57: module "key_vault" {
│
│ Could not download module "key_vault" (main.tf:57) source code from
│ "git::https://[email protected]/org1/proj1/_git/keyvault":
│ error downloading
│ 'https://[email protected]/org1/proj1/_git/keyvault':
│ C:\agents\3.238.0\externals\ff_git\cmd\git.exe exited with 128: Cloning
│ into '.terraform\modules\key_vault'...
│ fatal: Cannot prompt because user interactivity has been disabled.
│ fatal: Cannot prompt because user interactivity has been disabled.
│ fatal: could not read Password for
│ 'https://git_url':
│ terminal prompts disabled
如何授权 Microsoft 托管代理在同一 ADO 项目中提取 GIT 模块?
我可以在我这边重现该错误。要解决该错误,请按照以下步骤操作:
terraform init
之前添加下面的任务,将组织名称替换为您的:- task: TerraformInstaller@1
inputs:
terraformVersion: 'latest'
- script: |
git config --global url."https://$(System.AccessToken)@dev.azure.com".insteadOf "https://<<orgname>>@dev.azure.com"
displayName: 'set extra header'
- powershell: |
terraform init -upgrade
由于它使用
system.accesstoken
访问目标仓库(模块),所以 by default
它具有权限。您可以通过转到项目设置来确认这一点,检查模块存储库上的构建服务帐户,它具有 read
权限。
管道工作:
您可以查看类似门票以供参考。