terraform注册表和Hashicorp版本的目标ip

我们在公司防火墙后面运行一个自托管构建代理。除非目的ip在防火墙上被允许，否则所有到internet的出站流量都被阻止。

当terraform init语句在管道中执行时，容器实例试图从registry.terraform.io下载最新的提供程序包，并从Terraform/Hashicorp服务器上发布releases.hashicorp.com，因此它崩溃了:

Initializing the backend...
Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding latest version of hashicorp/time...
- Finding hashicorp/azurerm versions matching "~> 3.0"...
╷
│ Error: Failed to query available provider packages
│ 
│ Could not retrieve the list of available versions for provider
│ hashicorp/time: could not connect to registry.terraform.io: Failed to
│ request discovery document: Get
│ "https://registry.terraform.io/.well-known/terraform.json": net/http:
│ request canceled while waiting for connection (Client.Timeout exceeded
│ while awaiting headers)
╵

如果我们允许流量到这个IP一会儿，当它试图安装提供程序时，我们收到同样的错误:

Initializing provider plugins...
- Finding hashicorp/azurerm versions matching "~> 3.0"...
- Finding latest version of hashicorp/azuread...
╷
│ Error: Failed to install provider
│ 
│ Error while installing hashicorp/azurerm v3.40.0: could not query provider
│ registry for registry.terraform.io/hashicorp/azurerm: failed to retrieve
│ authentication checksums for provider: the request failed after 2 attempts,
│ please try again later: Get
│ "https://releases.hashicorp.com/terraform-provider-azurerm/3.40.0/terraform-provider-azurerm_3.40.0_SHA256SUMS":
│ net/http: request canceled while waiting for connection (Client.Timeout
│ exceeded while awaiting headers)
╵

我们尝试手动添加ip，但它们是动态管理的，并且可能会发生变化(可能在CDN或负载平衡器掩盖ip之后)。我们还尝试将整个FQDN (registry.terraform)列入白名单。IO和releases.hashicorp.com)，但也没有工作。

是否有人处理过类似的配置并修复了此问题?或者在某个地方有一个列表，该列表与所有Terraform/Hashicorp目标ip/子网/fqdn保持最新?