rancher
/
terraform-provider-file
mirror of https://github.com/rancher/terraform-provider-file.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
terraform-provider-file/docs/resources/local.md

3.4 KiB
Raw Blame History

page_title subcategory description
file_local Resource - file Local File resource

file_local (Resource)

Local File resource

Example Usage

resource "file_local" "basic_example" {
  name     = "example.txt"
  contents = "An example implementation writing a local file."
}

resource "file_local" "protected_example" {
  name     = "protected.txt"
  contents = <<-EOF
    This file can't be updated or deleted without the proper id.
    Calculating the proper id requires knowing the HMAC secret that was used to generate the previous state.
    You can securely pass the secret key using the TF_FILE_HMAC_SECRET_KEY environment variable.
    Before an update or delete operation can begin the provider calculates the id of the previous contents.
    If the previous contents can't be calculated using current key then the provider errors.
    The key used to calculate the id field in this resource is 'this-is-an-example-key'.
    I used the following command to make the calculation: $(openssl dgst -sha256 -hmac "this-is-an-example-key" "$FILE" | awk '{print $2}').

  EOF
  id       = "2b13b6d5e32a0a0bd19fe95c44044aed72b677efd9a9db3f9a37f9bb8b0a893e"
}

Schema

Required

  • contents (String, Sensitive) File contents, required.
  • name (String) File name, required.

Optional

  • directory (String) The directory where the file will be placed, defaults to the current working directory.
  • hmac_secret_key (String, Sensitive) A string used to generate the file identifier, you can pass this value in the environment variable TF_FILE_HMAC_SECRET_KEY. The provider will use a hard coded value as the secret key for unprotected files. As this is used to calculate the id of the file, it can't be updated, any change will force a recreate. Since this also protects delete operations, you will need to first remove the old resource from your configuration with the old key, then add a new resource with the new key.
  • id (String) Identifier derived from sha256+HMAC hash of file contents. When setting 'protected' to true this argument is required. However, when 'protected' is false then this should be left empty (computed by the provider).
  • permissions (String) The file permissions to assign to the file, defaults to '0600'.
  • protected (Boolean) Whether or not to fail update or create if the calculated id doesn't match the given id. When this is true, the 'id' field is required and must match what we calculate as the hash at both create and update times. If the 'id' configured doesn't match what we calculate then the provider will error rather than updating or creating the file. When setting this to true, you will need to either set the TF_FILE_HMAC_SECRET_KEY environment variable or set the hmac_secret_key argument.

Import

Import is supported using the following syntax:

The terraform import command can be used, for example:

# echo "Test data" > data.txt
# FILEPATH="./data.txt"
# TF_FILE_HMAC_SECRET_KEY="super-secret-key"
# IDENTIFIER="$(openssl dgst -sha256 -hmac "$TF_FILE_HMAC_SECRET_KEY" "$FILE" | awk '{print $2}')"

terraform import file_local.example "IDENTIFIER"

# after this is run you will need to refine the resource further by setting the directory and name.