Open bengaywins opened 2 weeks ago
Voting for Prioritization
Volunteering to Work on This Issue
Hey @bengaywins 👋 Thank you for taking the time to raise this! I see what you're saying, but I'm not sure there's anything that needs to change at the moment, for a couple of reasons.
It starts with something that you've already mentioned -- it's not really "required" in any case. The upstream API doesn't have a value that maps to source_code_hash
-- it's a virtual attribute that the provider uses internally in order to help make Lambda functions more "Terraform friendly" (a bit of an oversimplification). Terraform's Provider Design Principles, which discuss matching as closely to the underlying API as possible. Since the underlying API doesn't require it, marking source_code_hash
would diverge from the API in a way that might be unexpected to someone coming to the resource for the first time.
Doesn't the virtual attribute violate that too?
Imo the docs should have a way of saying something about this. As I mentioned, this is a pretty horrendous UX that until you realize this, it feels like you did something wrong when the reality is that neither the docs talk about this very well nor is it obvious. A coworker and I spent hours trying to figure out what the deal was (we had included some sensitive files by accident) and I found something about this on a blog basically.
Description
When deploying a lambda with TF, if you do not do something about hashing the file, changes are not noticed. And as such, it is very misleading if you haven't done this a lot. This is a bad UX and can bite you when trying to troubleshoot. I am sure there are circumstances where using it is not good, like if you use images instead of zip packages.
Affected Resource(s) and/or Data Source(s)
aws_lambda_function
Potential Terraform Configuration
No response
References
No response
Would you like to implement a fix?
No