how to authenticate the docker provider in terraform cloud for "gcr.io"?

Question

I'm trying to deploy my cloud run services via terraform and I've been trying to use the docker provider to login to gcr.io and pickup the sha256 digest to set as the container image.

I have found some examples scattered across the internet but none of them touch on the authentication part. For general cloud interactions, I'm working with var.GOOGLE_CREDENTIALS which are set in terraform cloud.

Provider block:

data "google_client_config" "default" {}

provider "docker" {
  registry_auth {
    address  = "gcr.io"
    username = "oauth2accesstoken"
    password = data.google_client_config.default.access_token
  }
}
.......
required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "~> 2.9.0"
    }
  }

Unfortunately when trying to apply, I get:

Error pinging Docker server: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
│
│   with provider["registry.terraform.io/kreuzwerker/docker"]

Any advice or documentation/examples on the matter is appreciated.

Answer 1

Why not use GCP data source? Perhaps this will give what you need:

data "google_container_registry_image" "foobar" {
  name = "your-image"
}
output "gcr_location" {
  value = data.google_container_registry_image.foobar.digest
}

Answer 2

This error means that the docker daemon is not running. I am pretty sure that there is no docker daemon in terraform cloud.

using the docker provider with terraform cloud throws "Cannot connect to the Docker daemon at unix:///var/run/docker.sock"

Looking at that it sounds like it might be possible to interact with a remote docker, but that is likely to be a little more complicated.