fix: Correctly handle build files and context for docker_registry_image (#398)

* tests: Add file_permission test which is failing for now.

* tests: Add whitelist_dockerignore test which is failing for now.

* fix: Various issues with docker_registry_image build process.

internal/provider/resource_docker_registry_image_funcs.go

@@ -248,20 +248,15 @@ func buildDockerRegistryImage(ctx context.Context, client *client.Client, buildO
 		buildContext = buildContext[:lastIndex]
 	}
 
-	dockerContextTarPath, err := buildDockerImageContextTar(buildContext)
+	excludes, err := build.ReadDockerignore(buildContext)
 	if err != nil {
-		return fmt.Errorf("unable to build context: %v", err)
+		return fmt.Errorf("unable to read dockerignore: %v", err)
 	}
-	defer os.Remove(dockerContextTarPath)
-	dockerBuildContext, err := os.Open(dockerContextTarPath)
+	excludes = build.TrimBuildFilesFromExcludes(excludes, imageBuildOptions.Dockerfile, false)
+	log.Printf("[DEBUG] Excludes: %v", excludes)
+	buildResponse, err := client.ImageBuild(ctx, getBuildContext(buildContext, excludes), imageBuildOptions)
 	if err != nil {
-		return err
-	}
-	defer dockerBuildContext.Close()
-
-	buildResponse, err := client.ImageBuild(ctx, dockerBuildContext, imageBuildOptions)
-	if err != nil {
-		return err
+		return fmt.Errorf("unable to build image for docker_registry_image: %v", err)
 	}
 	defer buildResponse.Body.Close()
 

internal/provider/resource_docker_registry_image_test.go

@@ -208,6 +208,47 @@ func TestAccDockerRegistryImageResource_buildWithDockerignore(t *testing.T) {
 	})
 }
 
+// Tests for issue https://github.com/kreuzwerker/terraform-provider-docker/issues/293
+// First we check if we can build the docker_registry_image resource at all
+// TODO in a second step we want to check whether the file has the correct permissions
+func TestAccDockerRegistryImageResource_correctFilePermissions(t *testing.T) {
+	pushOptions := createPushImageOptions("127.0.0.1:15000/tftest-dockerregistryimage-filepermissions:1.0")
+	wd, _ := os.Getwd()
+	context := strings.ReplaceAll((filepath.Join(wd, "..", "..", "scripts", "testing", "docker_registry_image_file_permissions")), "\\", "\\\\")
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(loadTestConfiguration(t, RESOURCE, "docker_registry_image", "testDockerRegistryImageFilePermissions"), pushOptions.Registry, pushOptions.Name, context, "Dockerfile"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("docker_registry_image.file_permissions", "sha256_digest"),
+				),
+				// TODO another check which starts the the newly built docker image and checks the file permissions to see if they are correct
+			},
+		},
+	})
+}
+
+// Test for https://github.com/kreuzwerker/terraform-provider-docker/issues/249
+func TestAccDockerRegistryImageResource_whitelistDockerignore(t *testing.T) {
+	pushOptions := createPushImageOptions("127.0.0.1:15000/tftest-dockerregistryimage-whitelistdockerignore:1.0")
+	wd, _ := os.Getwd()
+	context := strings.ReplaceAll((filepath.Join(wd, "..", "..", "scripts", "testing", "docker_registry_image_file_whitelist_dockerignore")), "\\", "\\\\")
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(loadTestConfiguration(t, RESOURCE, "docker_registry_image", "testDockerRegistryImageFilePermissions"), pushOptions.Registry, pushOptions.Name, context, "Dockerfile"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("docker_registry_image.file_permissions", "sha256_digest"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccDockerRegistryImageResource_pushMissingImage(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck:          func() { testAccPreCheck(t) },

scripts/testing/docker_registry_image_file_permissions/Dockerfile

@@ -0,0 +1,11 @@
+FROM debian:9.13-slim
+
+RUN groupadd -r testgroup && useradd -r testuser -G testgroup
+
+
+COPY --chown=testuser:testgroup . /testroot
+
+USER testuser
+
+WORKDIR /testroot
+RUN cat testfile

scripts/testing/docker_registry_image_file_permissions/testfile

@@ -0,0 +1 @@
+this file should totally exist

scripts/testing/docker_registry_image_file_whitelist_dockerignore/.dockerignore

@@ -0,0 +1,3 @@
+*
+
+!empty

scripts/testing/docker_registry_image_file_whitelist_dockerignore/Dockerfile

@@ -0,0 +1,2 @@
+FROM scratch
+COPY empty /empty

scripts/testing/docker_registry_image_file_whitelist_dockerignore/empty

@@ -0,0 +1 @@
+# This this an empty file

testdata/resources/docker_registry_image/testDockerRegistryImageFilePermissions.tf

@@ -0,0 +1,17 @@
+provider "docker" {
+  alias = "private"
+  registry_auth {
+    address = "%s"
+  }
+}
+
+resource "docker_registry_image" "file_permissions" {
+  provider             = "docker.private"
+  name                 = "%s"
+  insecure_skip_verify = true
+
+  build {
+    context      = "%s"
+    dockerfile   = "%s"
+  }
+}