Unable to use build_in_docker feature with Rancher Desktop or Colima #545
Description
Description
The build of a Poetry Project in docker with the lambda module fails. It seems related to a permissions problem with the temporary folder created and bound to the container during the build process.
Versions
- Module version [Required]: 7.2.1
- Terraform version: v1.5.2
- Docker: 25.0.3, build 4debf411d1
- MacOS: 13.6.3
Reproduction Code [Required]
Steps to reproduce the behavior:
- An Docker engine alternative to Docker Desktop (Rancher Desktop or Colima)
terraform initterraform apply
Project Structure
.
├── builds
│ └── lambda
├── lambda
│ ├── README.md
│ ├── docker
│ │ └── Dockerfile
│ ├── poetry.lock
│ ├── pyproject.toml
│ ├── src
│ │ └── api
│ │ ├── __init__.py
│ │ └── main.py
│ └── tests
│ └── __init__.py
├── main.tf
Terraform
module "lambda_backend" {
source = "terraform-aws-modules/lambda/aws"
function_name = "api-lambda"
description = "FastAPI in AWS Lambda"
handler = "api.main.handler"
publish = true
create_lambda_function_url = true
source_path = [
"${path.module}/lambda/src",
{
path = "${path.module}/lambda/pyproject.toml"
poetry_install = true
}
]
artifacts_dir = "${path.root}/builds/lambda/"
build_in_docker = true
runtime = "python3.10"
docker_image = "build-python3.10-poetry"
docker_file = "${path.module}/lambda/docker/Dockerfile"
cloudwatch_logs_retention_in_days = 3
}
output "lambda_url" {
value = module.lambda_backend.lambda_function_url
}
Lambda Source Code
from fastapi import FastAPI
from mangum import Mangum
app = FastAPI()
handler = Mangum(app, lifespan="off")
@app.get("/")
def root():
return {"Hello World !"}pyproject.toml
[tool.poetry]
name = "api"
version = "0.1.0"
description = ""
authors = ["mdesoeuvre <[email protected]>"]
readme = "README.md"
packages = [{include = "api", from = "src"}]
[tool.poetry.dependencies]
python = "^3.10"
fastapi = "^0.109.2"
mangum = "^0.17.0"
[tool.poetry.group.dev.dependencies]
uvicorn = {extras = ["standard"], version = "^0.27.1"}
[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"
Dockerfile
FROM public.ecr.aws/sam/build-python3.10:latest
RUN pip install poetry==1.7.1Expected behavior
The build should succeed as it does with Docker Desktop
Actual behavior
The build fails with the error: Poetry could not find a pyproject.toml file in /var/task or its parents
module.lambda_backend.null_resource.archive[0]: Creating...
module.lambda_backend.null_resource.archive[0]: Provisioning with 'local-exec'...
module.lambda_backend.null_resource.archive[0] (local-exec): Executing: ["python3" ".terraform/modules/lambda_backend/package.py" "build" "--timestamp" "1708445266894506000" "./builds/lambda/49f733814a0efd219e4697d12f75fcafa79f7c1d8ed6cce68f062dc7e8a2ef23.plan.json"]
module.lambda_backend.null_resource.archive[0] (local-exec): zip: creating './builds/lambda/49f733814a0efd219e4697d12f75fcafa79f7c1d8ed6cce68f062dc7e8a2ef23.zip' archive
module.lambda_backend.null_resource.archive[0] (local-exec): zip: adding content of directory: ./lambda/src
module.lambda_backend.null_resource.archive[0] (local-exec): zip: adding: api/
module.lambda_backend.null_resource.archive[0] (local-exec): zip: adding: api/__init__.py
module.lambda_backend.null_resource.archive[0] (local-exec): zip: adding: api/main.py
module.lambda_backend.null_resource.archive[0] (local-exec): > docker images '--format={{.ID}}' build-python3.10-poetry
module.lambda_backend.null_resource.archive[0] (local-exec): Installing python dependencies with poetry & pip: ./lambda/poetry.lock
module.lambda_backend.null_resource.archive[0] (local-exec): > mktemp -d terraform-aws-lambda-XXXXXXXX # /var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5
module.lambda_backend.null_resource.archive[0] (local-exec): Using poetry.lock file: ./lambda/poetry.lock
module.lambda_backend.null_resource.archive[0] (local-exec): > cd /var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5
module.lambda_backend.null_resource.archive[0] (local-exec): > docker run --rm -w /var/task -v /private/var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5:/var/task:z -v /Users/mdesoeuvre/.ssh/known_hosts:/root/.ssh/known_hosts:z --entrypoint '' fdbb6bb2ed34 /bin/sh -c 'poetry config --no-interaction virtualenvs.create true && poetry config --no-interaction virtualenvs.in-project true && poetry export --format requirements.txt --output requirements.txt --with-credentials && python3.10 -m pip install --no-compile --no-deps --prefix= --target=. --requirement=requirements.txt && chown -R 503:20 .'
module.lambda_backend.null_resource.archive[0] (local-exec): Poetry could not find a pyproject.toml file in /var/task or its parents
module.lambda_backend.null_resource.archive[0] (local-exec): zip: Error during zip archive creation
module.lambda_backend.null_resource.archive[0] (local-exec): Traceback (most recent call last):
module.lambda_backend.null_resource.archive[0] (local-exec): File "/Users/mdesoeuvre/Downloads/FastApi/.terraform/modules/lambda_backend/package.py", line 1625, in build_command
module.lambda_backend.null_resource.archive[0] (local-exec): bpm.execute(build_plan, zs, query)
module.lambda_backend.null_resource.archive[0] (local-exec): File "/Users/mdesoeuvre/Downloads/FastApi/.terraform/modules/lambda_backend/package.py", line 900, in execute
module.lambda_backend.null_resource.archive[0] (local-exec): with install_poetry_dependencies(query, path) as rd:
module.lambda_backend.null_resource.archive[0] (local-exec): File "/Users/mdesoeuvre/.asdf/installs/python/3.11.2/lib/python3.11/contextlib.py", line 137, in __enter__
module.lambda_backend.null_resource.archive[0] (local-exec): return next(self.gen)
module.lambda_backend.null_resource.archive[0] (local-exec): ^^^^^^^^^^^^^^
module.lambda_backend.null_resource.archive[0] (local-exec): File "/Users/mdesoeuvre/Downloads/FastApi/.terraform/modules/lambda_backend/package.py", line 1229, in install_poetry_dependencies
module.lambda_backend.null_resource.archive[0] (local-exec): check_call(
module.lambda_backend.null_resource.archive[0] (local-exec): File "/Users/mdesoeuvre/.asdf/installs/python/3.11.2/lib/python3.11/subprocess.py", line 413, in check_call
module.lambda_backend.null_resource.archive[0] (local-exec): raise CalledProcessError(retcode, cmd)
module.lambda_backend.null_resource.archive[0] (local-exec): subprocess.CalledProcessError: Command '['docker', 'run', '--rm', '-w', '/var/task', '-v', '/private/var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5:/var/task:z', '-v', '/Users/mdesoeuvre/.ssh/known_hosts:/root/.ssh/known_hosts:z', '--entrypoint', '', 'fdbb6bb2ed34', '/bin/sh', '-c', 'poetry config --no-interaction virtualenvs.create true && poetry config --no-interaction virtualenvs.in-project true && poetry export --format requirements.txt --output requirements.txt --with-credentials && python3.10 -m pip install --no-compile --no-deps --prefix= --target=. --requirement=requirements.txt && chown -R 503:20 .']' returned non-zero exit status 1.
Error: local-exec provisioner error
with module.lambda_backend.null_resource.archive[0],
on .terraform/modules/lambda_backend/package.tf line 67, in resource "null_resource" "archive":
67: provisioner "local-exec" {
Error running command './builds/lambda/49f733814a0efd219e4697d12f75fcafa79f7c1d8ed6cce68f062dc7e8a2ef23.plan.json': exit status 1. Output: zip: creating
'./builds/lambda/49f733814a0efd219e4697d12f75fcafa79f7c1d8ed6cce68f062dc7e8a2ef23.zip' archive
zip: adding content of directory: ./lambda/src
zip: adding: api/
zip: adding: api/__init__.py
zip: adding: api/main.py
> docker images '--format={{.ID}}' build-python3.10-poetry
Installing python dependencies with poetry & pip: ./lambda/poetry.lock
> mktemp -d terraform-aws-lambda-XXXXXXXX # /var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5
Using poetry.lock file: ./lambda/poetry.lock
> cd /var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5
> docker run --rm -w /var/task -v /private/var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5:/var/task:z -v
/Users/mdesoeuvre/.ssh/known_hosts:/root/.ssh/known_hosts:z --entrypoint '' fdbb6bb2ed34 /bin/sh -c 'poetry config --no-interaction virtualenvs.create true && poetry
config --no-interaction virtualenvs.in-project true && poetry export --format requirements.txt --output requirements.txt --with-credentials && python3.10 -m pip install
--no-compile --no-deps --prefix= --target=. --requirement=requirements.txt && chown -R 503:20 .'
Poetry could not find a pyproject.toml file in /var/task or its parents
zip: Error during zip archive creation
Traceback (most recent call last):
File "/Users/mdesoeuvre/Downloads/FastApi/.terraform/modules/lambda_backend/package.py", line 1625, in build_command
bpm.execute(build_plan, zs, query)
File "/Users/mdesoeuvre/Downloads/FastApi/.terraform/modules/lambda_backend/package.py", line 900, in execute
with install_poetry_dependencies(query, path) as rd:
File "/Users/mdesoeuvre/.asdf/installs/python/3.11.2/lib/python3.11/contextlib.py", line 137, in __enter__
return next(self.gen)
^^^^^^^^^^^^^^
File "/Users/mdesoeuvre/Downloads/FastApi/.terraform/modules/lambda_backend/package.py", line 1229, in install_poetry_dependencies
check_call(
File "/Users/mdesoeuvre/.asdf/installs/python/3.11.2/lib/python3.11/subprocess.py", line 413, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['docker', 'run', '--rm', '-w', '/var/task', '-v',
'/private/var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-s8qm4qk5:/var/task:z', '-v', '/Users/mdesoeuvre/.ssh/known_hosts:/root/.ssh/known_hosts:z',
'--entrypoint', '', 'fdbb6bb2ed34', '/bin/sh', '-c', 'poetry config --no-interaction virtualenvs.create true && poetry config --no-interaction virtualenvs.in-project
true && poetry export --format requirements.txt --output requirements.txt --with-credentials && python3.10 -m pip install --no-compile --no-deps --prefix= --target=.
--requirement=requirements.txt && chown -R 503:20 .']' returned non-zero exit status 1.
Additional context
- Further investigation seems to point to a permissions problem with the temporary folder created during the build process and bound in the container :
ls command inside the container with an other folder mounted in the container : OK
❯ docker run --rm -w /var/task -v ~/Downloads/FastApi/lambda:/var/task:z -v /Users/mdesoeuvre/.ssh/known_hosts:/root/.ssh/known_hosts:z --entrypoint '' fdbb6bb2ed34 /bin/sh -c 'ls -la /var/task'
total 100
drwxr-xr-x 1 503 games 288 Feb 20 15:40 .
drwxr-xr-x 1 root root 4096 Feb 6 19:58 ..
drwxr-xr-x 1 503 games 96 Feb 20 15:33 docker
-rw-r--r-- 1 503 games 65930 Feb 20 15:27 poetry.lock
-rw-r--r-- 1 503 games 448 Feb 20 15:27 pyproject.toml
-rw-r--r-- 1 503 games 0 Feb 20 15:22 README.md
drwxr-xr-x 1 503 games 96 Feb 20 15:26 src
drwxr-xr-x 1 503 games 96 Feb 20 15:22 tests
-rw-r--r-- 1 503 games 15 Feb 20 15:25 .tool-versions
ls command inside the container with temp folder : fail
❯ mktemp -d "$TMPDIR/terraform-aws-lambda-XXXXXXXX"
/var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T//terraform-aws-lambda-eq7lvce5
❯ cp -r ./* /var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T//terraform-aws-lambda-eq7lvce5
❯ docker run --rm -w /var/task -v /var/folders/tt/zl9rh1j93pz1b_05kfm1p9lr0000gq/T/terraform-aws-lambda-eq7lvce5:/var/task:z -v /Users/mdesoeuvre/.ssh/known_hosts:/root/.ssh/known_hosts:z --entrypoint '' fdbb6bb2ed34 /bin/sh -c 'ls -la /var/task'
total 12
drwxr-xr-x 2 root root 4096 Feb 20 16:11 .
drwxr-xr-x 1 root root 4096 Feb 6 19:58 ..
- This issue is not the same as
#524because the build works fine with Docker Desktop but fails with Rancher Desktop or docker cli