DOCKER_CONFIG is incompatible w/ docker CLI variable of same name

[atz]

trafficstars

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and docker Provider) Version

terraform version  
Terraform v1.8.5
on darwin_arm64
+ provider registry.terraform.io/kreuzwerker/docker v3.0.2

Affected Resource(s)

• provider Auth w/ DOCKER_CONFIG

Expected Behaviour

TF provider and docker CLI commands should interpret DOCKER_CONFIG the same way (or at least, in compatible ways).

Actual Behaviour

• docker CLI expects directory, the place that contains a config.json file, vs.
• terraform-docker-provider expects complete filepath, including config.json or equivalent

If we set the variable for docker CLI, we get, for example:

DOCKER_CONFIG=~/.docker terraform apply
Error: Error loading registry auth config: could not read and load config file: read /Users/atz/.docker: is a directory
│ 
│   with provider["registry.terraform.io/kreuzwerker/docker"],

But if we set it for TF provider, we break CLI auth.

DOCKER_CONFIG=~/.docker/config.json docker pull docker-proxy.examplecorp.io/nginx:latest 
WARNING: Error loading config file: /Users/atz/.docker/config.json: open /Users/atz/.docker/config.json: not a directory

To be clear, each tool "works", within its own documented (subtly divergent) expectations. But it is unreasonable to expect developers who are working with docker every day to toggle DOCKER_CONFIG between the directory and the path values.

Possible solutions

Ideally, this provider would adopt the docker semantics for DOCKER_CONFIG in its next major version. That might be too fast for SemVer, in which case the release methodology would be:

• next major version:
  • add two different (non-colliding) variables:
    • one that behaves like DOCKER_CONFIG does today (full filepath), say KW_DOCKER_CONFIG_JSON
    • another that behaves like CLI expects (directory containing config.json), say KW_DOCKER_CONFIG
  • add support for DOCKER_CONFIG pointing to directory containing config.json
  • add deprecation warning that fires when DOCKER_CONFIG points to a file instead of a dir
  • document priority of vars
• subsequent major version:
  • convert DOCKER_CONFIG to "directory only"
  • optionally, deprecate the KW_ vars

At a minimum, the current incompatibility between DOCKER_CONFIG semantics should be boldly documented.