如何使用 azure devops 从一个组织中的一个项目消费或调用 terraform 模块到另一个组织的另一个项目

Question

I would like to know the way to consume or call terraform modules from one project in one organisation to another project from another organisation using azure devops. I tried to explore ways but found one solution using the below but my IT team is not letting to use this method as this is braking the subsequent pipelines. Any suggestions please?

Also, requirement is I just need to refer the modules of terraform which are in another organization but as per my POC its downloading/checkout the code from that organization/project and then I am able to refer those modules. I would like to only refer those modules instead checkout the code from another organization and utilising/referencing.

Below is the reply from pipeline team:

Can you exclude this part as it is not ideal and you need to take a different approach?

          echo "Git config update start"

          MY_PAT=$(yourPAT)

          B64_PAT=$(printf "%s"":$MY_PAT" | base64)

          git config --global http.extraheader "Authorization: Basic ${B64_PAT}"

          echo "Git config update end"

          terraform init

          terraform plan

you are introducing your cred in.gitconfig that's breaking all subsequent pipelines in the agent.

POC: The below code is cloning the entire modules code from another organization and we are referecing those modules but I just need to refer those modules directly instead of downloading and calling/referencing modules.

resources:
  repositories:
  - repository: Modules
    type: git
    name: 'Compute Platforms/CES-Terraform-Automation-Service'
    endpoint: Repo-bp-digital # Azure DevOps service connection
    ref: Modules
  - repository: self
    type: git
    name: 'Cloud Onboarding/terraform-testing-by-vivek'

Answer 1

AFAIK, There's only one option to connect to the project of another Azure DevOps organization that is by creating a Service Connection in the organization from where you want to run the pipeline and by creating a PAT token in the target organization and referencing it in the service connection,

I created 2 Organizations, 1) Organization alpha1 and 2) Organization beta2. I created 2 projects in both organizations with one YAML script and a task.

Created a PAT Token in Organization beta2.

Created service connection in the Alpha organization from where I am running the pipeline to beta org by referencing PAT token from beta org like below:-

trigger:

- master

variables:

pythonVersion: '3.8'

vmImageName: 'ubuntu-latest'

resources:

repositories:

- repository: remoteRepo

type: git

name: remote-access/shared-common-install

endpoint: remoteaccesstemp # Service connection name

ref: refs/heads/main

stages:

- stage: remote_git_test

jobs:

- job: git_test

steps:

# Running the template from the same repsitory

- template: templates/hello-alpha.yaml

# Checkout the remote repository

- checkout: remoteRepo

persistCredentials: true

# Call the template that is located in another repository in another organization

- template: templates/hello-beta.yaml@remoteRepo

Alternatively, you can create a terraform task in Azure DevOps and call your terraform module from another organization with the below script:-

terraform init -backend-config="repository=organization-beta2/project-beta2/_git/beta-2" -backend-config="token=Pat-token"

and

provider "azuredevops"{
    org_service_url = var.org_service_url
    personal_access_token = var.personal_access_token
}

You can add this code in your terraform init script in your Organization repo from where you're running pipeline and reference the template in System.Artifacts.

Even Azure DevOps Rest API does not support connecting to different Azure DevOps organizations.

References:-

GitHub - Azure-Samples/azure-pipelines-remote-tasks

Trying to setup an Azure DevOps organization using Terraform:: my tech ramblings — A blog for writing about my techie ramblings By Carlos

Azure DevOps Git: Fork into another Repo using Azure DevOps REST API - Stack Overflow By Andi Li-MSFT