terraform-provider-docker icon indicating copy to clipboard operation
terraform-provider-docker copied to clipboard

Published 20 hours ago verified publisher icon kreuzwerker

Image argument after v2.6.0 always replaces resources (mismatch between image name vs sha image id)

Open mavogel opened this issue 3 years ago • 10 comments

This issue was originally opened by @johnlane as https://github.com/hashicorp/terraform-provider-docker/issues/294. It was migrated here as a result of the community provider takeover from @kreuzwerker. The original body of the issue is below.

There is a difference between the handling of the image argument of v2.6.0 and v2.7.2.

The image specification shown below works with the 2.6.0 Docker provider but not with version 2.7.2.

resource "docker_container" "portainer" {
  image   = "portainer/portainer:1.23.0"
  ...

The documentation now shows having a reference to an image resource:

   image = "${docker_image.ubuntu.latest}"

and configuring that image resource to specify the image name.

With 2.7.2 there is a perpetual mismatch between the image name spcified in the config and the image id that terraform plan and apply identifies.

I can't find any documentation covering this breaking change between versions, I don't know if this break is intentional or something that would be fixed. I see many examples illustrating the succinct way of referencing an image that works in version 2.6.0. It would be good if specifying the image directly in image continued to work rather than requiring an additional image resource block containing the image name.

If the form that worked in 2.6.0 is not supported any more than an error during plan or apply to prevent its use would make this clear. Currently it's accepted as valid but causes resource replacement on every apply.

Terraform Version

Terraform 0.13.3 with Docker provider 2.6.0 and 2.7.2

Affected Resource(s)

docker_container

Expected Behavior

The resource should be matched with previous state so unnecessary changes are not made.

Actual Behavior

The resource is detected as a change because the given image value is matched against SHA and therefore is always detected as a change, requiring replacement of the resource.

Steps to Reproduce

  1. terraform apply

References

https://github.com/hashicorp/terraform/issues/26382

Also https://github.com/terraform-providers/terraform-provider-docker/issues/291 is similar.

mavogel avatar Dec 25 '20 19:12 mavogel

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days. If you don't want this issue to be closed, please set the label pinned.

github-actions[bot] avatar Mar 29 '21 10:03 github-actions[bot]

remove stale

johnlane avatar Apr 01 '21 19:04 johnlane

I checked the document of v2.6.0. image is not name but id.

https://github.com/hashicorp/terraform-provider-docker/blob/v2.6.0/website/docs/r/container.html.markdown

resource "docker_container" "ubuntu" {
  name  = "foo"
  image = "${docker_image.ubuntu.latest}"
}

image - (Required, string) The ID of the image to back this container. The easiest way to get this value is to use the docker_image resource as is shown in the example above.

suzuki-shunsuke avatar Apr 01 '21 23:04 suzuki-shunsuke

Same as v2.0.0 .

https://github.com/hashicorp/terraform-provider-docker/blob/v2.0.0/website/docs/r/container.html.markdown

suzuki-shunsuke avatar Apr 01 '21 23:04 suzuki-shunsuke

Please use the latest version and check the problem occurs. If the problem occurs, please tell us how to reproduce.

https://github.com/kreuzwerker/terraform-provider-docker/blob/master/CONTRIBUTING.md#write-issue

suzuki-shunsuke avatar Apr 01 '21 23:04 suzuki-shunsuke

I've just tried 2.11.0 of this provider

-      source  = "terraform-providers/docker"
-      version = "~> 2.6.0"
+      source = "kreuzwerker/docker"
+      version = "~> 2.11.0"

I still get a plan change:

~ image             = "sha256:ca5e0e73a5ed5ca74e5a71bc4cee02365ad92d0ba38dc446d5dc0cc61b697e0f" -> "images.example.com/myimage:latest" # forces replacement

If I revert to 2.6.0 this does not happen, instead I get

No changes. Infrastructure is up-to-date.

The configuration of images is like this

resource "docker_container" "myimage" {
  image    = "images.example.com/myimage:latest"
  ...
}

I'll try and find some time to make a stand-alone example for you.

johnlane avatar Apr 30 '21 08:04 johnlane

Related to #161

mavogel avatar Jun 23 '21 09:06 mavogel

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days. If you don't want this issue to be closed, please set the label pinned.

github-actions[bot] avatar Aug 23 '21 10:08 github-actions[bot]

This still appears to be an issue with the current version.

main.tf:

terraform {
  backend "http" {
  }
  required_providers {
    docker = {
      source = "kreuzwerker/docker"
      version = "~> 2.17.0"
    }
  }
}
resource "docker_image" "traefik_prod" {
  name         = "registry...traefik-docker:0.3"
  keep_locally = true
}
resource "docker_container" "traefik_prod" {
  name  = "traefik_prod"
  image = "registry...traefik-docker:0.3"
  restart = "always"

terraform plan output:

...
      ~ id                = "12f79ea293..." -> (known after apply)
      ~ image             = "sha256:7c752b98f2..." -> "registry...traefik-docker:0.3" # forces replacement
...

kphunter avatar Jun 28 '22 02:06 kphunter

After trying a couple of different things it seems like an interplay between docker_image.name and docker_container.image...

If docker_container.image is not a string but set to docker_image.name.latest, the terraform apply produces no reported change.

kphunter avatar Jun 28 '22 03:06 kphunter