Create local sensitive file error - permission denied

[kubiaki]

Terraform CLI and Provider Versions

Terraform v1.4.6 on darwin_arm64

• provider registry.terraform.io/hashicorp/google v4.63.1
• provider registry.terraform.io/hashicorp/google-beta v4.79.0
• provider registry.terraform.io/hashicorp/local v2.4.0

Terraform Configuration

data "google_secret_manager_secret_version" "certificate_crt" {
  secret = "projects/11111111111/secrets/certificate_crt"
}

resource "local_sensitive_file" "certificate_crt" {
  filename = "/etc/ssl/certificate.crt"
  content = data.google_secret_manager_secret_version.certificate_crt.secret_data
  file_permission = "0640"
  directory_permission = "0750"
}

Expected Behavior

Terraform will perform the following actions:

local_sensitive_file.certificate_crt will be created

• resource "local_sensitive_file" "certificate_crt" {
  • content = (sensitive value)
  • content_base64sha256 = (known after apply)
  • content_base64sha512 = (known after apply)
  • content_md5 = (known after apply)
  • content_sha1 = (known after apply)
  • content_sha256 = (known after apply)
  • content_sha512 = (known after apply)
  • directory_permission = "0750"
  • file_permission = "0640"
  • filename = "/etc/ssl/certificate.crt"
  • id = (known after apply) }

Actual Behavior

│ Error: Create local sensitive file error │ │ with local_sensitive_file.certificate_crt, │ on main.tf line 34, in resource "local_sensitive_file" "certificate_crt": │ 34: resource "local_sensitive_file" "certificate_crt" { │ │ An unexpected error occurred while writing the file │ │ +Original Error: open /etc/ssl/certificate.crt: permission denied

Steps to Reproduce

1. terraform plan
2. terraform apply

How much impact is this issue causing?

High

Logs

No response

Additional Information

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[tristanmorgan]

What user is terraform running under? /etc/ssl would normally be owned by root.