Hash function for computing checksum of a directory

[jackson-theisen]

Terraform Version

Terraform v1.11.4
on darwin_arm64

Use Cases

In automated deployments, it's common to package and deploy entire directories (e.g. Lambda functions, Helm charts, etc.). A directory hash can act as a checksum to conditionally run a build for a given package.

Additionally, a directory hash could serve as a fingerprint for a directory to ensure no unexpected changes have occurred and the deployed version matches the intended version.

Attempted Solutions

I was able to solve for this by combining existing functions intended for individual files:

output "sha256" {
  description = "sha256 hash of the directory (sha256 of sha256 of each file in the directory recursively)"
  
  value = sha256(join("", [
    for file in fileset(var.directory, "**") :
    filesha256("${var.directory}/${file}")
  ]))
}

While the above solution works, it feels messy and isn't friendly from a human-readable perspective.

Proposal

The solution could look similar to the existing file hashing functions and would accept an argument for the path as well as an optional list of glob patterns to include/exclude from the calculation e.g. dirsha256(path, [patterns])

Example:

output "directory_hash" {
  value = dirsha256("lambda/my-function", ["!features/.*", "!tests/.*"])
}

References

None that I'm aware of

[crw]

Thanks for this feature request! If you are viewing this issue and would like to indicate your interest, please use the 👍 reaction on the issue description to upvote this issue. We also welcome additional use case descriptions.

As an FYI, terraform now supports provider-defined functions. Please see the provider-defined functions documentation to learn how to implement functions in your providers. It is possible that this has been or could be implemented in a provider specific to the task at hand, as an alternative solution to being a built-in function in Terraform.

In any case, thanks again for this request!