S3 sources for modules takes precedence over local modules

[hangrybear666]

when you define terraform modules with a remote source in e.g. an s3 bucket such as:

module "waf" {
  source = "https://company-domain.s3-eu-west-1.amazonaws.com/terraform-repository/aws-factories/aws-waf-factory/snapshot/aws-waf-factory.tgz"
  }

then no matter what way I call terravision, it attempts to download this remote module, even if called without AWS and Terraform access using planfile & graphfile.

Meanwhile the module has already been downloaded locally by terraform init and is available in .terraform/modules.

This breaks my CI CD pipelines that create graph and planfiles in one step, then call terravision without internet access for security and isolation in another step

I fixed this by calling
sed -i 's|https://company-domain.s3-eu-west-1.amazonaws.com/terraform-repository/aws-factories/aws-waf-factory/snapshot/aws-waf-factory.tgz|./.terraform/modules/waf|g' main.tf prior to terravision calls but it requires manual checking all terraform code for remote sources.

[patrickchugh]

So is the solution to this to check if the modules are already available in .terraform/ and skip downloading if they are available ?

[hangrybear666]

So is the solution to this to check if the modules are already available in .terraform/ and skip downloading if they are available ?

Or a flag to force localOnly to put it in the hand of the user and not have to infer it automatically

[patrickchugh]

@hangrybear666 I have now changed terravision logic to use terraform's native module cache where available, and then fallback to regular HTTP/Git downloads if the folder cannot be found locally. Please let me know if I can close this?

[hangrybear666]

Will check tomorrow and get back to you. Thank you!

[hangrybear666]

My colleague has broken the pipeline and is not available currently, you can mark this as closed and I'll get back to you if the issue persists down the line. Thank you.