First: I am very new to GCP, Terraform so pardon me if this is a dumb question / has been answered before. I have tried googling for it and havent got anywhere.
I am trying to pull a docker image from gcr.io to refer to its SHA. In my terraform scripts, I am hoping to deploy to Cloud Run when the SHA changes - the actual build happens in my Github Actions outside of Terraform. But when the action fires, I get a 401 Unauthorized error! The rest of the terraform actions with google provider resources work fine.
Note: my registry is private.
In order to achieve this, I am using the package kreuzwerker/docker: Pasting relevant sections of my scripts here:
Terraform script:
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 5.0"
}
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 4.0"
}
docker = {
source = "kreuzwerker/docker"
version = "~> 3.0"
}
}
}
...
provider "docker" {
registry_auth {
address = "gcr.io"
username = "oauth2accesstoken"
password = data.google_client_config.current-user.access_token
}
}
...
data "docker_registry_image" "backend_services_image_metadata" {
name = "gcr.io/${var.project_id}/${var.repo-name}:${var.repo-tag}"
}
data "google_container_registry_image" "backend_services_image_data" {
name = var.services-image-repo-name
digest = data.docker_registry_image.backend_services_image_metadata.sha256_digest
}
...
When i execute this script, I get the following error:
Error: Got error when attempting to fetch image version project-XXXX/repo-XXXX:latest from registry: Bad credentials: 401 Unauthorized
I expected this to work and return me a SHA