Comments (17)
We talked a bit more about it internally, and we are thinking this all potentially may be better on the AWS lambda resource itself, so that instead of S3 or a local zip, you can specify the files right there and it will create a zip with all the necessary settings for Lambda. If you would prefer that functionality, please open that issue on the AWS provider.
from terraform-provider-archive.
Inadvertently this broke recently deployed Python scripts for me:
START RequestId: b477b5d9-2dd8-11e8-abd7-adbc37f1bf90 Version: $LATEST
module initialization error: [Errno 13] Permission denied: '/var/task/lambda_function.py'
END RequestId: b477b5d9-2dd8-11e8-abd7-adbc37f1bf90
Lambda seems to require world-readable permissions and previous behavior of archive_file
was appropriate/suitable for at least Python scripts (presumably for any non-binary: nodejs, python, etc).
So to workaround this at the moment I'm going to use null_resource
with local-exec
provisioner to chmod a+r lambda_function.py
before archiving (to ensure file has appropriate perms).
Might be a good idea to add an optional parameter for archive_file
to allow people to set specific permissions on files before adding them to archive.
from terraform-provider-archive.
Fixed this issue by using source_dir
and placing the files I wanted to archive in their own directory, instead of the source
blocks I used above. Looks like referencing content
within the source
block (and I would assume source_content
in the base archive_file
block as well, but I haven't tested that) creates an entirely new file with the content provided and adds that file to the archive. I'm not sure if that's what is happening under the hood, but to me it seems that way based on the behavior. I feel like something should be mentioned in the documentation to clear things up for people if this is intended.
from terraform-provider-archive.
Something along the lines of the following works as a workaround...
data "external" "compile_and_zip_lambda" {
program = ["bash", "${path.module}/build_for_aws.sh", "${path.module}"]
}
build_for_aws.sh
:
#!/usr/bin/env bash
set -e
if [[ "$1" != "" ]]; then
DIR="$1"
else
DIR=.
fi
# make sure you have the `-q` flag to not mess with the output JSON
zip -jq ${DIR}/your_zip ${DIR}/your_input_dir
BASE_64_SHA256=$(shasum -a 256 -p ${DIR}/your_zip | base64)
echo "{ \"source_hash\": \"${BASE_64_SHA256}\"}"
from terraform-provider-archive.
This issue is still occurring on Mac OS X Catalina with Terraform 0.12.19, using archive_file
to zip multiple files like this
data "archive_file" "docs_archive" {
type = "zip"
output_path = "${path.module}/function.zip"
source {
content = data.local_file.bootstrap.content
filename = "bootstrap"
}
source {
content = data.local_file.function.content
filename = "function.sh"
}
}
The original files had -rwxr-xr-x
permissions but when I unzip and check the files those permissions get reset to -rw-r--r--
.
This makes custom runtimes in AWS Lambda not work due to permission errors. Is there anyway to reference a zip file without archive_file
since the permissions are preserved when just using zip
?
from terraform-provider-archive.
The workaround in #90 has been released in terraform-provider-archive v2.2.0. If output_file_mode
does not solve your problem, please comment on this issue or open a new one.
from terraform-provider-archive.
The fix to this is included in v1.0.1 and was released earlier today.
from terraform-provider-archive.
@paultyng should I raise a new issue for this (optional parameter to set perms before archiving)?
from terraform-provider-archive.
This issue is still occurring on Windows. Within the ZIP file created by archive_file
when running Terraform v0.12.18 with AWS provider v2.43 on Windows 10, the contained file has 666 permissions (no execute). Running the exact same Terraform plan with the same version on Linux results in the contained file having 777 permissions.
from terraform-provider-archive.
Same thing here on Linux. Executable bits are being unset.
$ terraform --version
Terraform v0.12.23
+ provider.archive v1.3.0
from terraform-provider-archive.
Thanks, @OliverEhrhardt. That worked for me, as well.
from terraform-provider-archive.
this example definitely suffers from this issue:
data "archive_file" "modify_dms_instance" {
type = "zip"
output_path = "${path.module}/lambda/modify_dms_instance.zip"
source {
content = file("${path.module}/lambda/bootstrap")
filename = "bootstrap"
}
source {
content = file("${path.module}/lambda/modify_dms_instance.sh")
filename = "main.sh"
}
}
this, however, worked fine:
data "archive_file" "modify_dms_instance" {
type = "zip"
output_path = "${path.module}/lambda/modify_dms_instance.zip"
source_dir = "${path.module}/lambda/modify_dms_instance/"
}
from terraform-provider-archive.
Weirdly, I see the file permissions to be preserved, but I would like them to become 644 (so that the deployment is completely reproducible). Would it be possible to add an optional flag to set file permissions via archive_file
?
from terraform-provider-archive.
Yup, this is not happening on my Mac, but it is happening on our CentOS build server and it it's driving me bonkers.
from terraform-provider-archive.
I had no issue with file permissions when I used source { content ... }
but moving to source_dir
, I am seeing a binary being invoked by my lambda function's permissions changing from 0755 to 0666.
from terraform-provider-archive.
output_file_mode
did not fix it for me.
The tf worked in development but was running across permission denied
issue in the CI/CD. Creating a zip file in the /tmp folder worked for me as the tmp folder has permissions of 777 and the created zip will also have 777 permissions.
locals {
zip_file = "/tmp/some_zip.zip"
}
data "archive_file" "lambda_zip" {
type = "zip"
source_file = "${path.module}/lambda.py"
output_path = local.zip_file
}
resource "aws_lambda_function" "function" {
function_name = "${var.function_name}"
filename = "${data.archive_file.lambda_zip.output_path}"
source_code_hash = "${data.archive_file.lambda_zip.output_base64sha256}"
from terraform-provider-archive.
output_file_mode
works for me on windows when i set it to 0777
, that is, grant permission to make the file executable.
// build the binary for the lambda function in a specified path
resource "null_resource" "fn_subscription_binary" {
provisioner "local-exec" {
command = "env GOOS=linux go build -o ${local.binary_path_subscription_fn} -ldflags='-s -w' ${local.src_path_subscription_fn}"
}
}
// zip the binary, as we can use only zip files to AWS lambda
data "archive_file" "fn_subscription_archive" {
depends_on = [null_resource.chmod]
type = "zip"
source_file = local.binary_path_subscription_fn
output_path = local.archive_path_subscription_fn
output_file_mode = "0777" // grant permission to make file executable for linux environment
}
When I experimented with other chmod values that do not grant execution, e.g. 0666
, I get the error message {"errorMessage":"fork/exec /var/task/main: permission denied","errorType":"PathError"}
from terraform-provider-archive.
Related Issues (20)
- Migrate to terraform-plugin-framework HOT 1
- Run archive_file on each apply HOT 2
- data.archive_file does not support resource tainting HOT 2
- Bump Development/Build Minimum Go Version to 1.17 HOT 2
- Issue archiving base64 encoded content w/ source block HOT 5
- Bump Expected Minimum Go Version to 1.18 HOT 1
- archive_file doesn't re-create the archive upon content change
- Source_dir conflicts with source HOT 1
- Zip file created by terraform archive_file cannot be properly read by python
- Generated archive contents include an extra (empty) file when `output_path` is configured within same directory as `source_dir`. HOT 2
- Migrate acceptance testing to terraform-plugin-testing HOT 1
- Bump Expected Minimum Go Version to 1.19 HOT 1
- GitHub Actions - deprecated warnings found - action required! HOT 2
- archive_file data source gets created during "terraform plan" vs "terraform apply" and also is not deleted during destroy HOT 10
- Error generated during the execution of acceptance test on archive_file resource
- Documentation and changelog require updating HOT 1
- Support Additional Compression Types(Ex: tar.gz format) HOT 4
- Update Go Module to Go 1.20 Minimum HOT 1
- archive_file produces a corrupted zip file HOT 5
- Error generating archive with archive_file when symlink is present and exclude_symlink_directories is set to true HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-archive.