Dockerfile COPY requires --chown=root:root

[jeff-cook]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and docker Provider) Version

2024-10-29T16:38:07.005Z [INFO] Terraform version: 1.3.1
2024-10-29T16:38:07.008Z [INFO] Go runtime version: go1.19.1
2024-10-29T16:38:07.009Z [INFO] CLI args: []string{"terraform", "-v"}
2024-10-29T16:38:07.016Z [INFO] CLI command args: []string{"version", "-v"}
Terraform v1.3.1
on linux_amd64

docker = {
  source  = "kreuzwerker/docker"
  version = "3.0.2"
}

Affected Resource(s)

• docker_image

Terraform Configuration Files

resource "docker_image" "image" {
  # build docker image
  # https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image
  name = local.image_uri
  build {
    context    = "../../transform"
  }
}

FROM public.ecr.aws/lambda/python:3.12
USER root
ENV LAMBDA_TASK_ROOT=/var/task
WORKDIR ${LAMBDA_TASK_ROOT}
COPY requirements.txt ${LAMBDA_TASK_ROOT}
RUN pip install -r requirements.txt
COPY lambda_function.py ${LAMBDA_TASK_ROOT}
CMD [ "lambda_function.lambda_handler" ]

Debug Output

Panic Output

Expected Behaviour

When building the image with the docker_image resource I would expect it to run like it does when run with the docker build command.

Actual Behaviour

When building the image with the docker_image resource the COPY commands are run as nobody and not the current USER. The Dockerfile(s) need to all be updated to

COPY --chown=root:root requirements.txt ${LAMBDA_TASK_ROOT}
...
COPY --chown=root:root lambda_function.py ${LAMBDA_TASK_ROOT}

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000