Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

inconsistent build behavior with docker_registry_image resource #293

Closed
archen opened this issue Sep 29, 2021 · 11 comments
Closed

inconsistent build behavior with docker_registry_image resource #293

archen opened this issue Sep 29, 2021 · 11 comments
Labels
bug Something isn't working r/image Relates to the image resource
Milestone

Comments

@archen
Copy link

archen commented Sep 29, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and docker Provider) Version

➜  terraform -v
Terraform v1.0.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.60.0
+ provider registry.terraform.io/kreuzwerker/docker v2.15.0

Affected Resource(s)

  • docker_registry_image

Terraform Configuration Files

https://github.com/archen/docker-provider-error

Debug Output

╷
│ Error: Error building docker image: 1: The command '/bin/sh -c cat testfile' returned a non-zero code: 1
│
│   with docker_registry_image.image_sync["broke-registry"],
│   on main.tf line 56, in resource "docker_registry_image" "image_sync":
│   56: resource "docker_registry_image" "image_sync" {
│

Expected Behaviour

The image should have been created and preserved the file permissions from the host. Both docker build from the CLI with the context path and docker_image resources are consistent with this expectation.

Actual Behaviour

It appears as though the docker_registry_image strips the file permissions during handling of the context archive.

testuser@1ece18cc1980:/testroot$ ls -halF
total 20K
drwxr-xr-x 2 testuser testgroup 4.0K Sep 29 02:17 ./
drwxr-xr-x 1 root     root      4.0K Sep 29 02:34 ../
---------- 1 testuser testgroup   31 Jan  1  1970 testfile

Suspected code:

Steps to Reproduce

git clone https://github.com/archen/docker-provider-error
cd docker-provider-error
terraform init
terraform apply -auto-approve

Important Factoids

NA

References

NA

@mavogel mavogel added bug Something isn't working r/image Relates to the image resource labels Oct 15, 2021
@AndreasBergmeier6176
Copy link

Why is docker_image working so differently than docker_registry_image?
Currently get bitten by this problem - can this get fixed?

@moritzheiber
Copy link

Related to #280, since the reproduction of it also exhibits the bug mentioned in this report.

@github-actions
Copy link

github-actions bot commented Jan 9, 2022

This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.

@moritzheiber
Copy link

This is not fixed, and closed because it isn’t pinned.

@lesinigo
Copy link

I've been hit by this too, building images with docker_registry_image I get permissions 000 for every file and directory that I put in the container using COPY from my Dockerfile. This also seems to be inconsistent with the standard docker build and the automated builds on Docker Hub.

@pwt
Copy link

pwt commented May 4, 2022

Just to add another use case affected by this issue.

I'm using Terraform and docker_registry_image to create a container image in AWS ECR for use with AWS Lambda.

This issue means that the .py file that Lambda expects to run has the wrong permissions, and hence the function fails. Images that I build & push myself using the same Dockerfile work correctly.

Workaround for now: pin the kreuzwerker/docker module version to 2.11.0.

@pspot2
Copy link

pspot2 commented May 5, 2022

Ran into this issue as well. Tried to solve it by activating BuildKit mode just to discover that it is not supported either (#265). docker_registry_image in the current provider version is essentially not usable.

By the modification times in this repo it looks like this provider is not actively maintained. If this is the case, then it is probably also not actively used. But what would then be a preferred way (aka industry standard) for building Docker images that would integrate well with Terraform?

@Junkern
Copy link
Contributor

Junkern commented Jul 11, 2022

I just released a new version which should fix the permission issue: https://github.com/kreuzwerker/terraform-provider-docker/releases/tag/v2.18.0 @pwt @lesinigo @moritzheiber @archen
Even added the files from the issue description as a test case :)
Would be great to get some feedback whether it is working for you.

@pspot2 buildkit support is also implemented since v2.17.0

@AndreasBergmeier6176

Why is docker_image working so differently than docker_registry_image?

We will try to align the implementations of those two resources in the future or even make them one resource (but this would be a major release, as it is a breaking change)

@Junkern Junkern closed this as completed Jul 11, 2022
@pwt
Copy link

pwt commented Dec 14, 2022

Hi @archen Sorry for the long delay.

Thanks for your work on this -- I can confirm that this fixes the issue for me.

Now, it would also be nice if there were builds of the provider for Apple Silicon, to remove the requirement to produce them locally (e.g., using the very helpful: https://github.com/kreuzwerker/m1-terraform-provider-helper).

@Junkern
Copy link
Contributor

Junkern commented Dec 15, 2022

@pwt what exactly do you mean? I just looked at https://registry.terraform.io/v1/providers/kreuzwerker/docker/versions and we are releasing darwin/arm64 versions...

@pwt
Copy link

pwt commented Dec 15, 2022

@pwt what exactly do you mean? I just looked at https://registry.terraform.io/v1/providers/kreuzwerker/docker/versions and we are releasing darwin/arm64 versions...

Interesting. If I do terraform init -upgrade with the following in .tf:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.46.0"
    }
    docker = {
      source  = "kreuzwerker/docker"
      version = "2.23.1"
    }
  }
}

I receive error: Could not retrieve the list of available versions for provider kreuzwerker/docker: no available releases match the given constraints 2.23.1. I needed to use the provider helper to build it.

Perhaps I just have some m1-provider cruft left around that's confusing matters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working r/image Relates to the image resource
Projects
None yet
Development

No branches or pull requests

9 participants