-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
file(path) - flag for lazy evaluation of file's existence #10878
Comments
Hi @stephanlindauer. Thanks for creating this feature request! The idiom of using a Looking at your repo, one example I see is hitting the discovery endpoint on The other thing I see in your repo is a script that generates TLS certificates. We added the TLS provider to Terraform to allow certificates to be generated inline without the need to shell out to other programs, though I do see that you have some extra steps to interact with In 0.8 we added an "escape hatch" to allow running external programs to gather data without the need to temporarily stash the data into an on-disk file, in the form of the In general I'd prefer to see Terraform add features that allow us to avoid the need to write temporary files to disk rather than create features to make temporary files smoother to use. Perhaps the above features are not the right ones, but I think we can find a cleaner way to model your use-cases here than |
hi martin, thanks for your extensive feedback. i think there are probably a lot of very similar use-cases that have nothing to do with certs or kubernetes. for me having more flexible options for so thanks for looking into use-case and potentially putting it into consideration for future features. |
I'd like to add my support for this. I have a template_dir resource, and then a I would like to only run the An alternative to this, given I know the name of the file in question that I want to check the hash of, is for me to prepend the If we were able to set a flag as this issue proposed, I'd be able to deal with this case easily. Alternatively for my single use-case, I'm not 100% of how evaluation in Terraform works, but something like the following may work if there were to be a
Although that does depend on Terraform not evaluating |
In the mean time Terraform has got the Creating a companion With the benefit of hindsight, the |
@apparentlymart - we are seeing some very strange behaviour with the We are trying to generate the same template data "template_file" "namespaces" {
count = "${length(var.namespaces)}"
template = "${file("${path.module}/resources/namespace.tpl")}"
vars {
namespace = "${element(var.namespaces, count.index)}"
}
}
resource "local_file" "bootstrap_namespaces" {
content = "${join("---\n", data.template_file.namespaces.*.rendered)}"
filename = "${var.output_dir}/namespaces.yaml"
}
on the first |
oops, I wasn't able to reproduce the behaviour in a test project outside of our current project.. this is my sample project so maybe it's something else, I'll clarify when I found out the cause |
Sorry to hijacking this thread (although it seems related to
The result was that on the first run, on the second run, refresh tainted the on the third run, refresh tainted the rinse, repeat. So, I'm not sure if a To fix it, we had to live with handling specially rendered files differently and separate the target directories. After some restructuring, that works for us (but may not work for everyone). Edit: We found another fix, we use a |
Hi @so0k, What you described here sounds like a different problem. Sorry for the weirdness. The The different approach you described of keeping the two resources separate is the approach I would recommend here. In an ideal world this data source would not create anything on disk at all, but that's not really possible within current constraints, so it's best to act as if it is a pure data source, not expecting its result to persist between runs. If you'd like to dig into this some more I think it would be best to make a new issue in the template provider's repository so we can keep this issue focused. |
Thank you @apparentlymart - again, sorry for polluting this thread with a different problem, somehow my keywords for my issue turned up this thread, so hopefully others with the same issue who land here can resolve their issue through my explanation. Also note we found an alternative fix (which I edited in to the comment above). I will now stop posting in this thread :) |
Hi, any progress on this one? In our project we rely on some jar existence and their checksums to push them to ecr (with the help of null_resource local_exec).
Any ideas for a workaround? |
triggers {
something = "${! file_exists("foo.zip")}"
} would be awesome! |
Hi all, Sorry I didn't spot this issue when we were releasing it, but the This data source gives a new way to read files that is a node in the dependency graph and thus it can have a dependency on some other resource that creates the file. Unfortunately we're not totally out of the woods yet due to the need to implement something like the proposal in #17034 before this would be fully usable. In the mean time it's possible to use resource "null_resource" "example" {
provisioner "local-exec" {
command = "echo hello >${path.module}/hello.txt"
}
}
data "local_file" "example" {
filename = "${path.module}/hello.txt"
depends_on = ["null_resource.example"]
}
output "example" {
value = "${data.local_file.example.content}"
} The above may work for you if you are willing to tolerate the "perma-diff" it will create for |
@apparentlymart Doesn't that example explode if I managed finally to do this without external data source by first creating an empty file with |
I have another specific use case regarding TLS. Using TLS provider to create the certificates used to deploy a CoreOS environment with embedded consul & nomad. After nomad is functional, it then registers some jobs with nomad. This all worked - but then we wanted to run the consul and nomad clusters under TLS. The TLS certificates and created and deployed to the hosts as part of provisioning process, but the nomad provider needs a path to the CA file. At that point the nomad provider is failing because the ca file is not yet present.
I don't have a workaround yet (except disabling TLS) |
Running into this with provisioning Lambda ZIP files as well. I need to use |
This is a really desired feature. But step back and take a look, maybe we need null_resource to be able to run even in plan mode in some case to prepare all needed local files. Or we need global before/after hooks that in both plan and apply mode. |
My use case is that I need to download a file from remote resources and provide the local file to aws lambda function resource. Ideally, in plan mode, the file can be downloaded ( and verified), since it's an external resource. |
Same use case as above. Currently I'm wrapping terraform in a shell script which downloads all the Lambda .jar files using Maven. I'd really like to run the maven command inside terraform but I haven't found a way that will work. :( |
Apparently this is scheduled for 0.12 - but is there any workaround for 0.11 train? |
Not sure if something similar is mentioned anywhere, but my workaround for now, is to make resource "null_resource" "ssh_key_pair" {
provisioner "local-exec" {
command = <<EOF
set -ex
ssh-keygen ... -f "${path.module}/id_rsa"
gcloud kms encrypt ... --ciphertext-file="${path.module}/id_rsa.enc"
rm -f "${path.module}/id_rsa"
EOF
}
}
resource "kubernetes_secret" "ssh_key" {
data {
id_rsa.enc = "${file(replace("${path.module}/id_rsa.enc*${null_resource.ssh_key_pair.id}", "/[*].*/", ""))}"
}
} Basically, I'm appending the ID of the null resource to force the |
Thank you @msmans . This is effectively working for me and it's quite readable in terms of TF workarounds ! |
Thank you too, @msmans locals {
lambda-2fa-package-file = "${path.module}/lambda-2fa.zip"
}
data "external" "lambda-2fa-src-hash" {
program = ["bash", "${path.module}/2fa/get-src-sha256.sh"]
}
resource "null_resource" "lambda-2fa-builder" {
triggers = {
src_hash = "${data.external.lambda-2fa-src-hash.result["sha256"]}"
}
provisioner "local-exec" {
working_dir = "${path.module}/2fa/"
command = "bash ./make-lambda-package.sh"
}
}
# workarout to sync file creation
data "null_data_source" "lambda-2fa-builder-sync" {
inputs {
file = "${local.lambda-2fa-package-file}"
trigger = "${null_resource.lambda-2fa-builder.id}" # this is for sync only
}
}
resource "aws_lambda_function" "2fa" {
runtime = "python3.6"
function_name = "${local.lambda_2fa_name}"
filename = "${local.lambda-2fa-package-file}"
role = "${aws_iam_role.lambda-2fa.arn}"
handler = "main.lambda_handler"
# there is lazy/late evaluated 'file'
# this pattern is forced by another issue: https://github.com/hashicorp/terraform/issues/17173#issuecomment-360119040
source_code_hash = "${base64sha256(file(data.null_data_source.lambda-2fa-builder-sync.outputs["file"]))}"
}```
|
Hi all! Terraform 0.12 now includes As mentioned on the documentation page, this can now be used to conditionally access a file: fileexists("custom-section.sh") ? file("custom-section.sh") : local.default_content Over the years this issue seems to have grown to include a number of other things, but it seems like the remaining gap is represented by #17034, so we're going to close this one out to consolidate. If you are working with files that are generated as a side-effect of Thanks for the great discussion here, and sorry for the long delay since the last response to it. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Affected Resource(s)
Expected Behavior
I'd like to have a flag that I can set so Terraform doesn't abort
terraform apply
if the referenced file doesn't exist (yet), while they will be available at the point in time, when they are actually needed (because I run a local_exec before that). In my current setup ( https://github.com/stephanlindauer/terra-aws-core-kube ), I need to put dummy files to satisfy this requirement. It would be nice to have an optional parameter that enables lazy evaluation of whether that file exists at the point in time where it's actually needed.file(path,false)
or something like this.Actual Behavior
terraform apply
failsSteps to Reproduce
reference a file that doesn't exist with
file(path)
, thenterraform apply
The text was updated successfully, but these errors were encountered: