Archive provider

Hello, I’m using archive to zip the contents of a folder for an AWS Lambda.

data "archive_file" "lambda" {
  type        = "zip"
  source_dir  = "lambda/"
  output_path = ""

I’d like to manually produce the exact same zip file from source code, such that it’s exactly the same as the one that the archive file data source produces, so that I can perform a sha256 checksum and base64 encode, so that I can compare this value to the sha256 value of a lambda in AWS to see if they match.

I know how to do the sha256 base64 encode using the zip file that terraform produces:

openssl dgst -sha256 -binary | openssl enc -base64

I just don’t know how to produce exactly the same zip file that the provider produces. The zip file I produce manually produces a different sha256 base64 value.

In general you can’t expect a compressed archive created by different implementations be byte-for-byte identical, so the hash and base64 encoding will be different. Archives may use different compression algorithms, each compression algorithm usually has variable options which can be used, and even with the same options different implementations may result in different output as long as it conforms to specification.

The closest you could come would be to write your own utility using the same libraries and settings as the provider to create the zip file.

Artifacts like this are typically better handled externally from Terraform, not as part of the planning operation. This will give you better control over their lifecycle, and not rely on implementation details of the provider.

@jbardin Compiled binaries are better handled externally from Terraform. In the case of Python, there is nothing to compile, only something to compress. Thanks for the pointers about using the same libraries and options. I was thinking that could be done, but was hoping for something simpler.

From the workflow’s perspective which does not execute the binary, one could say that there is little difference in compiling source files into a executable binary, and compiling source files into a non-executable compressed binary blob.