terraform-provider-docker
terraform-provider-docker copied to clipboard
Image argument after v2.6.0 always replaces resources (mismatch between image name vs sha image id)
This issue was originally opened by @johnlane as https://github.com/hashicorp/terraform-provider-docker/issues/294. It was migrated here as a result of the community provider takeover from @kreuzwerker. The original body of the issue is below.
There is a difference between the handling of the
image
argument of v2.6.0 and v2.7.2.
The image specification shown below works with the 2.6.0 Docker provider but not with version 2.7.2.
resource "docker_container" "portainer" {
image = "portainer/portainer:1.23.0"
...
The documentation now shows having a reference to an image resource:
image = "${docker_image.ubuntu.latest}"
and configuring that image resource to specify the image name.
With 2.7.2 there is a perpetual mismatch between the image name spcified in the config and the image id that terraform plan
and apply
identifies.
I can't find any documentation covering this breaking change between versions, I don't know if this break is intentional or something that would be fixed. I see many examples illustrating the succinct way of referencing an image that works in version 2.6.0. It would be good if specifying the image directly in image
continued to work rather than requiring an additional image resource block containing the image name.
If the form that worked in 2.6.0 is not supported any more than an error during plan or apply to prevent its use would make this clear. Currently it's accepted as valid but causes resource replacement on every apply.
Terraform Version
Terraform 0.13.3 with Docker provider 2.6.0 and 2.7.2
Affected Resource(s)
docker_container
Expected Behavior
The resource should be matched with previous state so unnecessary changes are not made.
Actual Behavior
The resource is detected as a change because the given image value is matched against SHA and therefore is always detected as a change, requiring replacement of the resource.
Steps to Reproduce
-
terraform apply
References
https://github.com/hashicorp/terraform/issues/26382
Also https://github.com/terraform-providers/terraform-provider-docker/issues/291 is similar.
This issue is stale because it has been open 60 days with no activity.
Remove stale
label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned
.
remove stale
I checked the document of v2.6.0. image
is not name but id.
https://github.com/hashicorp/terraform-provider-docker/blob/v2.6.0/website/docs/r/container.html.markdown
resource "docker_container" "ubuntu" { name = "foo" image = "${docker_image.ubuntu.latest}" }
image - (Required, string) The ID of the image to back this container. The easiest way to get this value is to use the docker_image resource as is shown in the example above.
Same as v2.0.0 .
https://github.com/hashicorp/terraform-provider-docker/blob/v2.0.0/website/docs/r/container.html.markdown
Please use the latest version and check the problem occurs. If the problem occurs, please tell us how to reproduce.
https://github.com/kreuzwerker/terraform-provider-docker/blob/master/CONTRIBUTING.md#write-issue
I've just tried 2.11.0 of this provider
- source = "terraform-providers/docker"
- version = "~> 2.6.0"
+ source = "kreuzwerker/docker"
+ version = "~> 2.11.0"
I still get a plan change:
~ image = "sha256:ca5e0e73a5ed5ca74e5a71bc4cee02365ad92d0ba38dc446d5dc0cc61b697e0f" -> "images.example.com/myimage:latest" # forces replacement
If I revert to 2.6.0 this does not happen, instead I get
No changes. Infrastructure is up-to-date.
The configuration of images is like this
resource "docker_container" "myimage" {
image = "images.example.com/myimage:latest"
...
}
I'll try and find some time to make a stand-alone example for you.
Related to #161
This issue is stale because it has been open 60 days with no activity.
Remove stale
label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned
.
This still appears to be an issue with the current version.
main.tf
:
terraform {
backend "http" {
}
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~> 2.17.0"
}
}
}
resource "docker_image" "traefik_prod" {
name = "registry...traefik-docker:0.3"
keep_locally = true
}
resource "docker_container" "traefik_prod" {
name = "traefik_prod"
image = "registry...traefik-docker:0.3"
restart = "always"
terraform plan
output:
...
~ id = "12f79ea293..." -> (known after apply)
~ image = "sha256:7c752b98f2..." -> "registry...traefik-docker:0.3" # forces replacement
...
After trying a couple of different things it seems like an interplay between docker_image.name
and docker_container.image
...
If docker_container.image
is not a string but set to docker_image.name.latest
, the terraform apply
produces no reported change.