terraform provisioner - local exec bin/sh Directory nonexistent error

Question

Using terraform to create some self signed tlf certs for hashi vault, the main problematic terraform bits in my module is as follows, I have tried 2 ways to get this to work.

First way, which in theory, I think should work:

      provisioner "local-exec" {
    command = "echo '${self.cert_pem}' > ../tls/ca.pem && chmod 0600 ../tls/ca.pem"
  }
}

  provisioner "local-exec" {
    command = "echo '${self.cert_pem}' > ../tls/vault.pem && echo '${tls_self_signed_cert.vault-ca.cert_pem}' >> ../tls/vault.pem && chmod 0600 ../tls/vault.pem"
  }

Which throws this error:

│ ' > ../tls/ca.pem && chmod 0600 ../tls/ca.pem': exit status 2. Output:
│ /bin/sh: 1: cannot create ../tls/ca.pem: Directory nonexistent

And if I replace the .. with a hardcoded path i.e. this:

      provisioner "local-exec" {
    command = "echo '${self.cert_pem}' > /etc/vault/tls/ca.pem && chmod 0600 /etc/vault/tls/ca.pem"
  }
}

  provisioner "local-exec" {
    command = "echo '${self.cert_pem}' > /etc/vault/tls/vault.pem && echo '${tls_self_signed_cert.vault-ca.cert_pem}' >> /etc/vault/tls/vault.pem && chmod 0600 /etc/vault/tls/vault.pem"
  }

I get the same error but obviously showing the path instead:

> /etc/vault/tls/ca.pem && chmod 0600 /etc/vault/tls/ca.pem': exit status
│ 2. Output: /bin/sh: 1: cannot create /etc/vault/tls/ca.pem: Directory
│ nonexistent

If I go on and look at the container for myself, the path /etc/vault/tls is there....

Answer 1

You have to ensure that /etc/vault/tls/ exists before you can write a file into it:

 provisioner "local-exec" {
    command = "sudo mkdir -p /etc/vault/tls && sudo echo '${self.cert_pem}' > /etc/vault/tls/ca.pem && sudo chmod 0600 /etc/vault/tls/ca.pem"
  }