-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consistently set archived file permissions #41
Conversation
+1 |
@findkim is there anything we might need to do to get this, or something similar in? |
Hello all, just commented on the longstanding issue #34. Thank you for for engaging in that conversation @bboe and for attempting to develop a fix here. I think you have found a common cause for the output hashing problem users run into across OSes and when using the AWS Lambda service in particular, but my main concern is just applying an arbitrary permission to the outputted archive's files. I think an alternative that is more explicit and we would accept on the provider is having the data source have the ability to explicitly override source file permissions. This way developers are aware they are applying a permission change to the files that live in the outputted folder. I will give you the opportunity to potentially adapt this PR to have that if you are interested, however it's something I can try and take over and get released, our apologies for not getting back to you sooner. We appreciate your participation in the Terraform Ecosystem. UPDATE: It appears #53 is proposing this feature, I will be linking that issue across here and #34 as the approach we can take. |
Thanks @appilon for the update. I agree that a more generalizable approach is appropriate. I ended up writing a little tool to help solve this problem which we've implemented into our workflow: https://github.com/bboe/deterministic_zip I would love to see first class support in terraform, however, I unfortunately won't have the cycles to dedicate to it. Thank you for the response, and the commitment to finding a suitable solution to the problem. |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
This pull request consistently sets archived file permissions to either
0444
or0555
depending on whether or not the file is executable. It's likely directories may also need to be consistently set to0555
or0777
depending on if they need to be writable or not (or perhaps they can simply be excluded from the archive). I can make that change if desired, or we can leave it for a separate PR.This fix should help to address #34.