Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow read permission issue to be regarded as file missing #55

Open
guangie88 opened this issue Jan 28, 2021 · 0 comments
Open

Allow read permission issue to be regarded as file missing #55

guangie88 opened this issue Jan 28, 2021 · 0 comments
Labels
enhancement needs-investigation

Comments

@guangie88
Copy link

guangie88 commented Jan 28, 2021
edited

Terraform Version

Terraform v0.12.29

Affected Resource(s)

  • local_file

Terraform Configuration Files

resource "local_file" "some_file" {
  content  = "Can be anything"
  filename = "${var.output_path}/some_file.txt"
}

// var.output_path is interpolated in based on where the directory is located
// which is typically in a Git repo dir under a home username

Expected Behavior

  # local_file.some_file will be created
  + resource "local_file" "some_file" {
      + content              = "Can be anything"
      + directory_permission = "0777"
      + file_permission      = "0777"
      + filename             = "/home/my_user/some_repo/outputs/some_file.txt"
      + id                   = (known after apply)
    }

Actual Behavior

terraform plan gives:

Error: open /home/some_user/some_repo/outputs/some_file.txt: permission denied

Steps to Reproduce

Use the resource local_file to write into some directory. Change either the directory or file permissions such that your username can no longer read the file.

Now use back the same local_file resource, but change the filename value and write into another directory and try to do terraform plan. Even though the user has permission to write into this new directory, but because the provider tries to read the old path and fails due to missing read permission, the local_file read operation fails.

Note

While this is not a bug, in a scenario where multiple usernames need to use a shared instance to run Terraform operations with local_file resource, this will typically result in the above described permission denied situation, and can be annoying to mitigate.

One possible mitigation is to have every username open up their output directories to allow read permissions for every other usernames. However this is not ideal as it results in a weaker security posture.

On the other hand, if we could allow the provider to treat failed reading of content due to read permission issue, similarly to missing file (which is already present in the code), the whole issue can be avoided. It also resolves some edge cases; if the username chooses to create local_file without file read / dir execution permissions, every subsequent terraform plan would fail, since the previously created file cannot be read back, despite in the same filename location (admittedly, this is a far-fetched case).

References

PR: #56
This was referenced Jan 28, 2021
Open
Merged
guangie88 added a commit to dsaidgovsg/terraform-provider-local that referenced this issue Jan 28, 2021
@guangie88
fix: allow read permission error (#1)
898e67d 
Allow read permission error on `local_file` to be
regarded as a new resource creation.

Related issue:
<hashicorp#55>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement needs-investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@guangie88 @kmoe