Closed pbn4 closed 1 year ago
If I understand the problem correctly, you should be able to pass AWS_PROFILE
(option 2 in your list) like this:
docker_additional_options = [
"-eAWS_PROFILE=${aws_profile}",
# ...
]
And make aws_profile
a variable:
variable "aws_profile" {
type = string
default = "my-awesome-aws-profile-for-docker"
}
Alternatively, you should be able to use more complex Docker settings if you use docker-build
submodule.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
I'm trying to use docker_additional_options to authenticate with CodeArtifact to build a lambda dependent on some private python packages. The problem is: it's not possible to have idempotent builds, each apply has a non-empty plan because of variable authorization token created by CodeArtifact authorization token data source. Moving authentication logic to the entrypoint is not possible due to lack of environment variables expansion in
docker run
.Versions
Module version: 4.13
Terraform version: 1.3.7
Reproduction Code
and in the entrypoint.sh I configure pip.conf:
Additional context
Now the problem with this approach is that
is different on every terraform run. Now, my solution to this is to move the authentication to
entrypoint.sh
, but docker does not have any AWS credentials, no~/.aws/
nor environment variables. For this I see follow user approaches:Unfortunately all 3 require some way of passing environment variables of the host to the docker container. Maybe I'm missing something, but at the moment I do not see a way to do this.
I cannot pass an environment variable to the run because parameters passed to
docker_additional_options
are no expanded e.g.-eAWS_PROFILE=$AWS_PROFILE
will result in docker searching for profile named literally $AWS_PROFILE.I consider lack of variable expansion in docker options a bug, please correct me if I'm wrong so I'll open a feature request, not an expected behavior, hence the bug report and not feature request.