-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
output_base64sha256 often returns the hash of an empty file instead of the hash of the contents #31
Comments
Do you have multiple instances of this archive_file (like multiple instance of its module)? If so, I suspect Terraform is recreating and hashing the file in parallel, leading to inconsistent results. Workarounds:
|
Though archive_file is problematic for other reasons as well, like being platform specific. |
I have also had this problem for a long time... I tried both options on #34 but still saw the problem. In my case, the zip is being created within a module, so the file should absolutely be identical for each instance of the module, however, the plan shows different hashes for the same file being used across the modules! Perhaps because each module instance is recreating the zip and a race condition is causing the hash to be generated when the zip hasn't finished being filled? So, I just tried to change my code from... resource "aws_lambda_function" "my_function" {
...
source_code_hash = data.archive_file.my_zip.output_base64sha256
} ...to... resource "aws_lambda_function" "my_function" {
...
source_code_hash = filebase64sha256("${path.module}/files/my_file.zip")
} ...to calculate the hash directly, and, running the plan a few times seems to consistently show the correct hash value... so I think I'll change all mine over for now... and I think it would be worth updating the documentation here to suggest the output may not be consistent. Note: The suggested |
Correct. |
In short, Terraform keeps wanting to re-deploy my lambda functions at random (not even consistent between plan-cancel-plan). It turns out that in each case, the computed hash for the lambda zip file in the plan is equal to the hash of the empty file:
touch /tmp/emptyfile openssl dgst -binary -sha256 /tmp/emptyfile | openssl base64
Output (same as the hash that's being returned by output_base64sha256 at random):
My guess is that there's a race condition whereby the hash is sometimes performed on an empty file.
Terraform Version
Terraform v0.11.8
Affected Resource(s)
Terraform Configuration Files
These are extracts from two submodules which declare the affected lambda functions. The problem seems to apply to all lambda functions in my entire stack though.
...
Expected Behavior
Once the lambda functions are deployed, Terraform will not try to re-deploy them unless the source code has changed.
Actual Behavior
Terraform often (but not always) wants to re-deploy some of the lambda functions because it thinks that their source code hash has changed. The lambda functions which it wants to deploy each time are seemingly random, and change even between consecutive plan operations without applying. The source code hash in every case where it wants to re-deploy is always the same hash code, even though the different lambda functions have different source code. Note that the supposedly new hash for two different lambda functions here is "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
Plan output
The text was updated successfully, but these errors were encountered: