search

hashicorp / terraform-provider-local

Utility provider used to manage local resources, such as creating files.
https://registry.terraform.io/providers/hashicorp/local/latest
Mozilla Public License 2.0
205 stars 67 forks source link

`terraform refresh` for local_file does not detect changes to file permissions #87

Open ScottFred opened 2 years ago

ScottFred commented 2 years ago

Many authors that write blog posts, books, tutorials, and training courses about Terraform use the "local_provider" as a fast simple way of helping students start to experiment with Terraform, configuration files, etc. (Based on the Hashicorp documentation some warning is provided that suggests that local files are difficult to work with because of so many variations across operating systems, etc. )

$ terraform version Terraform v1.0.7 on linux_amd64

Expected Behavior

terraform refresh should detect that the file permissions drifted from desired state

Actual Behavior

terraform refresh has no affect; specifically, it does not update the terraform.tfstate file to indicate the actual/real file permissions of the local file. Therefore, using terraform plan | apply (when drift has occurred) has no effect.

Terraform Configuration Files

resource "local_file" "pet" {
  filename = "pets.txt"
  content = "I love pets!"
  file_permission = "0600"
}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example: $ terraform init $ terraform apply

---- Showing terraform created pets.txt with correct filename, permissions, etc

$ ls -l total 24 -rw-r--r-- 1 Scott staff 143B Sep 18 10:07 local.tf -rw------- 1 Scott staff 12B Sep 18 11:47 pets.txt -rw-r--r-- 1 Scott staff 828B Sep 18 11:47 terraform.tfstate

--- Introducing Drift from desired state documented in local.tf

$ chmod 666 pets.txt

--- Showing drift introduced

$ ls -l total 24 -rw-r--r-- 1 Scott staff 143B Sep 18 10:07 local.tf -rw-rw-rw- 1 Scott staff 12B Sep 18 11:47 pets.txt -rw-r--r-- 1 Scott staff 828B Sep 18 11:47 terraform.tfstate

--- Executing terraform refresh to update the terraform.tfstate

$ terraform refresh local_file.pet: Refreshing state... [id=7e4db4fbfdbb108bdd04692602bae3e9bd1e1b68]

--- Showing that the terraform.tfstate was not updated

$ cat terraform.tfstate

{
  "version": 4,
  "terraform_version": "1.0.7",
  "serial": 1,
  "lineage": "455112ef-4c3f-c33e-9855-cb32af5f5737",
  "outputs": {},
  "resources": [
    {
      "mode": "managed",
      "type": "local_file",
      "name": "pet",
      "provider": "provider[\"registry.terraform.io/hashicorp/local\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "content": "I love pets!",
            "content_base64": null,
            "directory_permission": "0777",
            "file_permission": "0600",    <---- Expected this to be updated
            "filename": "pets.txt",
            "id": "7e4db4fbfdbb108bdd04692602bae3e9bd1e1b68",
            "sensitive_content": null,
            "source": null
          },
          "sensitive_attributes": [],
          "private": "bnVsbA=="
        }
      ]
    }
  ]
}

--- Showing terraform apply has no effect

$ terraform apply
local_file.pet: Refreshing state... [id=7e4db4fbfdbb108bdd04692602bae3e9bd1e1b68]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Affected Resource(s)

local file

Important Factoids

No special factoids

References

None

junktext commented 7 months ago

Yup, I can confirm this quirk is still occurring with the following versions of Terraform and the local provider:

Terraform v1.6.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/local v2.4.1