Archive provider

wayneworkman · May 16, 2024, 5:46pm

Hello, I’m using archive to zip the contents of a folder for an AWS Lambda.

data "archive_file" "lambda" {
  type        = "zip"
  source_dir  = "lambda/"
  output_path = "lambda.zip"
}

I’d like to manually produce the exact same zip file from source code, such that it’s exactly the same as the one that the archive file data source produces, so that I can perform a sha256 checksum and base64 encode, so that I can compare this value to the sha256 value of a lambda in AWS to see if they match.

I know how to do the sha256 base64 encode using the zip file that terraform produces:

openssl dgst -sha256 -binary lambda.zip | openssl enc -base64

I just don’t know how to produce exactly the same zip file that the provider produces. The zip file I produce manually produces a different sha256 base64 value.

jbardin · May 16, 2024, 8:18pm

In general you can’t expect a compressed archive created by different implementations be byte-for-byte identical, so the hash and base64 encoding will be different. Archives may use different compression algorithms, each compression algorithm usually has variable options which can be used, and even with the same options different implementations may result in different output as long as it conforms to specification.

The closest you could come would be to write your own utility using the same libraries and settings as the provider to create the zip file.

Artifacts like this are typically better handled externally from Terraform, not as part of the planning operation. This will give you better control over their lifecycle, and not rely on implementation details of the provider.

wayneworkman · May 17, 2024, 6:17pm

@jbardin Compiled binaries are better handled externally from Terraform. In the case of Python, there is nothing to compile, only something to compress. Thanks for the pointers about using the same libraries and options. I was thinking that could be done, but was hoping for something simpler.

jbardin · May 17, 2024, 7:14pm

From the workflow’s perspective which does not execute the binary, one could say that there is little difference in compiling source files into a executable binary, and compiling source files into a non-executable compressed binary blob.

Topic		Replies	Views
Aws_lambda_function gets file hash different from the one exported by archive_file Terraform Providers	2	1322	November 4, 2022
Lambda source_code_hash Terraform	0	784	October 7, 2021
AWS Lambda Function AWS	3	327	January 25, 2023
Provider produced inconsistent final plan on aws_lambda_function {source_code_hash} AWS	4	2864	May 24, 2024
Lambda archive_file output_path error in module Terraform	1	3187	April 22, 2021

Archive provider

Related topics