search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io
Other
42.76k stars 9.56k forks source link

Ability to take hash of binary data given as base64 #22996

Open invidian opened 5 years ago

invidian commented 5 years ago

Terraform Version

$ /usr/bin/terraform version
Terraform v0.12.9

Terraform Configuration Files

output "foo" {
  value = "${sha1("${base64decode("tt8wbrUF4grdEoZP1kd3Ocqi7ncgtgq375sncoCm3ms=")}")}"
}

Expected Behavior

Terraform should output foo = f620de7923eeec8c3f29e6579f386c5d104febec.

Actual Behavior

base64decode function call fails.

Steps to Reproduce

  1. terraform init
  2. terraform apply

Additional Context

1 ✗ (293ms) 00:08:23 invidian@dellxps15mateusz ~/data/workspaces/terraform-sha256-base64decode-regression $ terraform version && terraform apply -auto-approve
Terraform v0.11.14

Your version of Terraform is out of date! The latest version
is 0.12.9. You can update by downloading from www.terraform.io/downloads.html

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

foo = f620de7923eeec8c3f29e6579f386c5d104febec
0 ✓ (1.042s) 00:08:35 invidian@dellxps15mateusz ~/data/workspaces/terraform-sha256-base64decode-regression $ /usr/bin/terraform version && /usr/bin/terraform apply -auto-approve
Terraform v0.12.9

Error: Error in function call

  on main.tf line 2, in output "foo":
   2:   value = "${sha1("${base64decode("tt8wbrUF4grdEoZP1kd3Ocqi7ncgtgq375sncoCm3ms=")}")}"

Call to function "base64decode" failed: the result of decoding the the
provided string is not valid UTF-8.

In Terraform 0.11.X, it was possible to chain base64decode() with sha1() and other checksum functions. This gave the ability to hash binary data, like SSH public keys to calculate values for SSHFP records, which seems like a perfectly valid use case. With version 0.12.X this is no longer possible.

I am aware of #21669, but maybe it would be possible to restore this functionality somehow, for instance with function like sha1base64, which would take base64-encoded data as an input, decode it inside Go and return SHA1 to the user.

References

elvis-cai commented 5 years ago 


Call to function "base64decode" failed: the result of decoding the the provided string is not valid UTF-8.``` same issue here.
crw commented 8 months ago

Thank you for your continued interest in this issue.

Terraform version 1.8 launches with support of provider-defined functions. It is now possible to implement your own functions! We would love to see this implemented as a provider-defined function.

Please see the provider-defined functions documentation to learn how to implement functions in your providers. If you are new to provider development, learn how to create a new provider with the Terraform Plugin Framework. If you have any questions, please visit the Terraform Plugin Development category in our official forum.

We hope this feature unblocks future function development and provides more flexibility for the Terraform community. Thank you for your continued support of Terraform!