I’ve built a new module and using the same mechanism as always I’ve created a new Terraform module. Terraform uses CI_JOB_TOKEN to work with modules. So, it should work for a brand new one. It does not.
Let me show you this strange behaviour:
That’s a stdout from my pipeline job:
curl -H "Authorization: Bearer $CI_JOB_TOKEN" https://git.[redacted].pl/api/v4/packages/terraform/modules/v1/spartakus/hellmet/gcp/versions
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1148 100 1148 0 0 8631 0 --:--:-- --:--:-- --:--:-- 8631
{"modules":[{"versions":[{"version":"2.2.1","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"2.2.0","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"2.1.0","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"2.0.0","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"1.2.2","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"1.2.1","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"1.2.0","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"1.1.1","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"1.1.0","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}},{"version":"1.0.0","submodules":[],"root":{"dependencies":[],"providers":[{"name":"gcp","version":""}]}}],"source":"https://git.[redcated].pl/spartakus/shared-infra/modules/hellmet"}]}
$ curl -H "Authorization: Bearer $CI_JOB_TOKEN" https://git.[redacted].pl/api/v4/packages/terraform/modules/v1/spartakus/key-keeper/gcp/versions
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 27 100 27 0 0 236 0 --:--:-- --:--:-- --:--:-- 238
{"message":"403 Forbidden"}
curl -H "Authorization: Bearer $CI_JOB_TOKEN" https://git.[redacted].pl/api/v4/packages/terraform/modules/v1/spartakus/xyzx/gcp/versions
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 29 100 29 0 0 271 0 --:--:-- --:--:-- --:--:-- 271
{"modules":[{"versions":[]}]}
where,
- hellmet is an old existing module,
- api-key-steward is the problematic one
- xyzx does not exists
Terraform code collapes with:
- monitor.secret_shovel in .terraform/modules/monitor.secret_shovel
╷
│ Error: Error accessing remote module registry
│
│ on modules/app/bootstrap-services.tf line 52:
│ 52: module "module_name" {
│
│ Failed to retrieve available versions for module
│ "module_name" (modules/app/bootstrap-services.tf:52) from
│ git.[redacted].pl: error looking up module versions: 403 Forbidden.
╵
Using a private access token I can easily get versions from problematic module, but not with CI_JOB_TOKEN. What could be the reason?
giltab: v16.0