Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.12 file() Function usage suggests filebase64() while other functions may be more appropriate #20664

Closed
bflad opened this issue Mar 13, 2019 · 2 comments · Fixed by #20675
Closed

0.12 file() Function usage suggests filebase64() while other functions may be more appropriate #20664

bflad opened this issue Mar 13, 2019 · 2 comments · Fixed by #20675
Labels
config enhancement
Milestone
v0.12.0

Comments

@bflad
Copy link
Contributor

bflad commented Mar 13, 2019

Current Terraform Version

Terraform v0.12.0-beta1

Description

In Terraform 0.12, the file() function only allows UTF-8 content to provide safety against state corruption. Prior to the introduction of the new file hashing functions in #20098, the filebase64() function was the only file conversion/hashing function available and the error messaging was coded to recommend it, however the recommendation can be incorrect in the following situations:

# Terraform 0.11 Usage

resource "aws_lambda_function" "example" {
  filename         = "example.zip"
  function_name    = "example"
  handler          = "exports.example"
  role             = "${aws_iam_role.example.arn}"
  runtime          = "nodejs8.10"
  source_code_hash = "${base64sha256(file("example.zip"))}"
}

resource "aws_s3_bucket_object" "example" {
  bucket = "${aws_s3_bucket.example.id}"
  etag   = "${md5(file("example.tar.gz"))}"
  key    = "example.tar.gz"
  source = "example.tar.gz"
}
config is invalid: Error in function call: Call to function "file" failed: contents of example.zip are not valid UTF-8; to read arbitrary bytes, use the filebase64 function instead.

config is invalid: Error in function call: Call to function "file" failed: contents of example.tar.gz are not valid UTF-8; to read arbitrary bytes, use the filebase64 function instead.

The correct configuration updates here are the filebase64sha256() and filemd5() functions respectively.

Proposal

It would be preferable to remove the explicit filebase64() function recommendation unless we know for certain it is the correct recommendation.

References
@apparentlymart
Copy link
Contributor

I had a feeling this would come up. It is unfortunate, indeed.

I think the compromise I'd like to try here is to reword the message to be clearer about what we have changed: binary data can no longer be used, if a base64-encoded result is suitable then use filebase64 instead, but note that the result will not be the same and so the value will need to be used in a different way.

@apparentlymart apparentlymart added this to the v0.12.0 milestone Mar 13, 2019
bflad added a commit that referenced this issue Mar 13, 2019
@bflad
config: Mention other file hashing functions when file() detects unsu…
398fe86 
…pported contents

Reference: #20664
@bflad bflad mentioned this issue Mar 13, 2019
Merged
@ghost
Copy link

ghost commented Aug 13, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Aug 13, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
config enhancement
Projects
None yet
Milestone
v0.12.0
2 participants
@apparentlymart @bflad