Terraform or Terragrunt modules from another repository in Azure DevOps

Azure DevOps (AZDO) is pretty tool, but sometimes it can be a huge pain in the ass. One painful topic is git operations. I use Terraform and Terragrunt very often to manage multiple environments so using modules is a must. To achieve stability, I am maintaining modules in separate repository with git tags.

Loading external modules is same for Terraform and for Terragrunt, it uses same syntax and same commands under the hood.

I am executing Terraform/Terragrunt within CICD pipelines, which brings a lot of advantages when you are working in a team.

To load Terraform/Terragrunt modules from external repository within AZDO organisation, I was even able to load moduels from different project. You need to setup couple things:

1. Module source syntax

Note the double slash (//) syntax – described here.

  syntax:
  source = "git::https://dev.azure.com///_git////?ref="

  example:
  source = "git::https://dev.azure.com/my-organisation/awesome-project/_git/tf-modules//modules/aws_ec2?ref=v1.2.1"

2. Pipeline

Within the pipeline, you need to place following task which somehow enables git operations so repository could be checkout fine. See Use predefined variables article in Microsoft docs to learn about used variables.

  - task: Bash@3
    displayName: 'Configure git'
    inputs:
      targetType: 'inline'
      script: |
        git config --global http.$(System.CollectionUri)$(System.TeamProject).extraheader "Authorization: bearer $(System.AccessToken)"

3. Permissions

This is still a little bit unknown to me, AZDO permissions model is not great so I keep this open and maybe add some info later.

Organization Settings/Pipelines/Settings
Switch off Limit job authorization scope to current project for non-release pipelines
Switch off Limit job authorization scope to current project for release pipelines
Switch off Limit job authorization scope to referenced Azure DevOps repositories

4. Errors

Know errors which can be solved by following steps above ↑

remote: TF401019: The Git repository with name or identifier terraform-modules does not exist or you do not have permissions for the operation you are attempting.
fatal: could not read Username for 'https://dev.azure.com': terminal prompts disabled
fatal: could not read Password for 'https://dev.azure.com': terminal prompts disabled