1

Where the pipelines run I do not have access to the underlying environment, I'm guessing the issue stems from attempting to use that provider at all with terraform? provider:

terraform {
  cloud {
    organization = "myorg"
    workspaces {
      tags = ["main"]
    }
  }

  required_providers {
    google = {
      source  = "hashicorp/google"
      version = ">= 4.39.0"
    }

    docker = {
      source  = "kreuzwerker/docker"
      version = "2.11.0"
    }
  }
}

data "google_client_config" "default" {}

provider "docker" {
  registry_auth {
    address  = "gcr.io"
    username = "oauth2accesstoken"
    password = data.google_client_config.default.access_token
  }
}

What's the expected process here? Is docker something that can't be used together with terraform cloud? Do I have to host a docker daemon somehow somehwere? I've been searching for any kind of examples/documentation/instruction.

SebastianG
  • 8,563
  • 8
  • 47
  • 111
  • 1
    Docker is not running wherever you are running terraform from. – Marko E Oct 11 '22 at 19:28
  • @MarkoE I'm using terraform cloud though, terraform will be running in their own pipeline. For good measure I exposed my WSL2 docker daemon on port 2375 and specified it as a host, same result, as the terraform operation isn't running on my machine. – SebastianG Oct 11 '22 at 19:30
  • It is 100% not running and that's whats causing this, I can tell that from the error, the point was to get it running/working in the terraform cloud pipeline evnrionment? – SebastianG Oct 11 '22 at 19:36
  • There is probably some kind of a Docker in Docker image you could use, but I'm only guessing. – Marko E Oct 11 '22 at 19:43
  • There is no Docker daemon running inside [the Terraform Cloud execution environment](https://www.terraform.io/cloud-docs/run/run-environment). You can use the Docker provider to manage a Docker daemon running somewhere else, but you'll need to specify its location in the `host` argument in your `provider "docker"` block. – Martin Atkins Oct 11 '22 at 21:27
  • If you intend to interact with a Docker daemon running on the local machine where you are running Terraform CLI then I think you'll need to disable remote operations for this workspace, because there's no way for Terraform Cloud's execution environment to access a local port on your system. – Martin Atkins Oct 11 '22 at 21:28
  • @MartinAtkins but I don't, I merely want to get the SHA256 from an image within GCR.io and there's currently no way of doing that except via docker, it doesn't have to be the docker on my machine or anything specific to my machine, it just has to work with any docker daemon via the official docker provider, surely this isn't an edge case? – SebastianG Oct 11 '22 at 21:59
  • It sounds like the provider you are intending to use requires a valid Docker daemon address even if you don't actually intend to manage anything in that Docker daemon. I agree that it seems weird that it would require that when you only intend to access the container registry, that seems to be how this provider is designed. It may be worth opening a feature request in the provider's repository if there isn't already one open for this. – Martin Atkins Oct 11 '22 at 22:04
  • Note also that this _isn't_ an official provider: it's a community provider maintained by Kreuzwerker. Official providers always have addresses starting with `hashicorp/`. – Martin Atkins Oct 11 '22 at 22:04
  • @MartinAtkins thanks for that, I've abandoned that avenue completely and instead edited the lifecycle of the cloud run services to ignore changes, then simply push new versions using `gcloud` commands in CI. Hopefully that won't cause any drift, as the only bits affected are the latest version. – SebastianG Oct 12 '22 at 09:27
  • You can pretty much post that as an answer. – SebastianG Oct 12 '22 at 09:27

0 Answers0