[Bug]: aws_ecr_authorization_token returns incorrect proxy_endpoint when registry_id is specified #38601
Description
Terraform Core Version
1.8.1
AWS Provider Version
5.60.0
Affected Resource(s)
aws_ecr_authorization_tokendata source
Expected Behavior
When specifying registry_id the proxy_endpoint returned should match the ECR registry endpoint of the specified account ID.
Actual Behavior
The proxy_endpoint returned is for the native account of the provider.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
data "aws_ecr_authorization_token" "ecr" {
registry_id = "SOME ACCOUNT ID OTHER THAN THE ONE USED BY THE AWS PROVIDER"
}Steps to Reproduce
- Use the
aws_ecr_authorization_tokendata source - Specify
registry_idto any account other than the one the provider is authenticated with - Observe the value of the
proxy_endpointattribute.
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
It appears the code to handle the registry_id attribute was removed in the migration to AWS Go SDK v2. It seems registry_id is not relevant for issuing the authorization token as it will be valid for any registry the IAM principal has access to. However it remains relevant for the proxy_endpoint attribute.
This represents a breaking change in the provider since earlier versions would return the endpoint of the account specified by registry_id.
Would you like to implement a fix?
None