[GH-ISSUE #168] S3 sources for modules takes precedence over local modules #96

New issue

Closed

opened 2026-05-06 12:37:25 +02:00 by BreizhHardware · 5 comments

BreizhHardware commented 2026-05-06 12:37:25 +02:00

Owner

Copy link

Originally created by @hangrybear666 on GitHub (Feb 10, 2026).
Original GitHub issue: https://github.com/patrickchugh/terravision/issues/168

when you define terraform modules with a remote source in e.g. an s3 bucket such as:

module "waf" {
  source = "https://company-domain.s3-eu-west-1.amazonaws.com/terraform-repository/aws-factories/aws-waf-factory/snapshot/aws-waf-factory.tgz"
  }

then no matter what way I call terravision, it attempts to download this remote module, even if called without AWS and Terraform access using planfile & graphfile.

Meanwhile the module has already been downloaded locally by terraform init and is available in .terraform/modules.

This breaks my CI CD pipelines that create graph and planfiles in one step, then call terravision without internet access for security and isolation in another step

I fixed this by calling
sed -i 's|https://company-domain.s3-eu-west-1.amazonaws.com/terraform-repository/aws-factories/aws-waf-factory/snapshot/aws-waf-factory.tgz|./.terraform/modules/waf|g' main.tf prior to terravision calls but it requires manual checking all terraform code for remote sources.

Originally created by @hangrybear666 on GitHub (Feb 10, 2026). Original GitHub issue: https://github.com/patrickchugh/terravision/issues/168 when you define terraform modules with a remote source in e.g. an s3 bucket such as: ``` module "waf" { source = "https://company-domain.s3-eu-west-1.amazonaws.com/terraform-repository/aws-factories/aws-waf-factory/snapshot/aws-waf-factory.tgz" } ``` then no matter what way I call terravision, it attempts to download this remote module, even if called without AWS and Terraform access using planfile & graphfile. Meanwhile the module has already been downloaded locally by `terraform init` and is available in `.terraform/modules`. This breaks my CI CD pipelines that create graph and planfiles in one step, then call terravision without internet access for security and isolation in another step I fixed this by calling `sed -i 's|https://company-domain.s3-eu-west-1.amazonaws.com/terraform-repository/aws-factories/aws-waf-factory/snapshot/aws-waf-factory.tgz|./.terraform/modules/waf|g' main.tf` prior to terravision calls but it requires manual checking all terraform code for remote sources.

BreizhHardware closed this issue 2026-05-06 12:37:25 +02:00

BreizhHardware commented 2026-05-06 12:37:26 +02:00

Author

Owner

Copy link

@patrickchugh commented on GitHub (Feb 10, 2026):

So is the solution to this to check if the modules are already available in .terraform/ and skip downloading if they are available ?

<!-- gh-comment-id:3880613399 --> @patrickchugh commented on GitHub (Feb 10, 2026): So is the solution to this to check if the modules are already available in .terraform/ and skip downloading if they are available ?

BreizhHardware commented 2026-05-06 12:37:26 +02:00

Author

Owner

Copy link

@hangrybear666 commented on GitHub (Feb 10, 2026):

So is the solution to this to check if the modules are already available in .terraform/ and skip downloading if they are available ?

Or a flag to force localOnly to put it in the hand of the user and not have to infer it automatically

<!-- gh-comment-id:3880863242 --> @hangrybear666 commented on GitHub (Feb 10, 2026): > So is the solution to this to check if the modules are already available in .terraform/ and skip downloading if they are available ? Or a flag to force localOnly to put it in the hand of the user and not have to infer it automatically

BreizhHardware commented 2026-05-06 12:37:26 +02:00

Author

Owner

Copy link

@patrickchugh commented on GitHub (Mar 1, 2026):

@hangrybear666 I have now changed terravision logic to use terraform's native module cache where available, and then fallback to regular HTTP/Git downloads if the folder cannot be found locally. Please let me know if I can close this?

<!-- gh-comment-id:3980395601 --> @patrickchugh commented on GitHub (Mar 1, 2026): @hangrybear666 I have now changed terravision logic to use terraform's native module cache where available, and then fallback to regular HTTP/Git downloads if the folder cannot be found locally. Please let me know if I can close this?

BreizhHardware commented 2026-05-06 12:37:26 +02:00

Author

Owner

Copy link

@hangrybear666 commented on GitHub (Mar 1, 2026):

Will check tomorrow and get back to you. Thank you!

<!-- gh-comment-id:3980786480 --> @hangrybear666 commented on GitHub (Mar 1, 2026): Will check tomorrow and get back to you. Thank you!

BreizhHardware commented 2026-05-06 12:37:26 +02:00

Author

Owner

Copy link

@hangrybear666 commented on GitHub (Mar 2, 2026):

My colleague has broken the pipeline and is not available currently, you can mark this as closed and I'll get back to you if the issue persists down the line. Thank you.

<!-- gh-comment-id:3983313129 --> @hangrybear666 commented on GitHub (Mar 2, 2026): My colleague has broken the pipeline and is not available currently, you can mark this as closed and I'll get back to you if the issue persists down the line. Thank you.

BreizhHardware referenced this issue 2026-05-06 12:37:56 +02:00

[PR #96] [MERGED] Bugfix windows #166

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

gh-pages

013-ai-backends-and-wsl

010-hybrid-ai-diagrams

patrickchugh-patch-2

011-interactive-html-output

008-terragrunt-support

feature/datasources

bugfix/resourcematching

bugfix/simplediagram

feature-simplified

007-external-plan-input

006-multi-source-diagrams

fix/terraform_module

001-gcp-core-services

005-gcp-2024-style-icons

003-azure-handler-implementation

feature/pipx

002-aws-handler-refinement

experiment-resource-handler-config

HEAD

001-azure-provider

hcl

ecs-fixes

patrickchugh-patch-1

feature-llm-refinement

ai-server

feature-security-group

feature-tfplan

bugfix-relationship

bugfix-variantmetadata

bugfix-gha

backup/no_terraform_version

bugfix-gitref

feature/increase-test-coverage

expand-test-coverage

v0.39.0

v0.38.1

v0.38.0

v0.37.0

v0.36.0

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.0

v0.27.0

v0.26.0

v0.25.0

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.0

v0.18.0

v0.16.2

v0.16.0

v0.15.0

v0.14.0

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.3

v0.10.2

v0.10.1

v0.9.13

v0.9.12

v0.9.9

v0.9.8

v0.9.7

Labels

Clear labels   

bug

  

enhancement

  

enhancement

  

good first issue

  

good first issue

  

good first issue

  

pipeline

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

enhancement

enhancement

good first issue

good first issue

good first issue

pipeline

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/terravision#96

No description provided.