Docker

Extension can run actions in a Docker container when container is specified on an extension block:

extension @terraform {
    container = "hashicorp/terraform:1.8.4"
    variables = [ "ARM_TENANT_ID"
                  "ARM_SUBSCRIPTION_ID"
                  "ARM_CLIENT_ID"
                  "ARM_CLIENT_SECRET"
                  "ARM_ACCESS_KEY" ]
}

All actions of this extension will run in the provided container - hence providing both isolation and avoiding configuration discrepancies.

Note actions are runned using following docker configuration:

  • Entrypoint and arguments are overriden by action (--entrypoint)
  • Container is removed after execution (--rm)
  • Docker host socket is exposed to container to allow Docker in Docker but does not allow privileged access (-v /var/run/docker.sock)
  • Container USER account is identified and used to map host homedir to USER homedir (-v)
  • Container workdir is the current project rootdir (-w)
  • Network is set to host (--net=host)
  • Environment variables can be passed from host to container
Last updated on