Add local_file ephemeral resource

[yesdevnull]

Related Issue

Fixes #373

Description

I've created a new ephemeral resource for local_file along with tests to test the different options for data seeding (lifted and shifted from the resource local_file tests with some minor alterations).

The only issue I have with this solution is that there's no way to override the pseudo-sensitive nature of ephemeral resources in output, thus making provisioner logs useless if you use an ephemeral value. This is the case even if you're not using 'sensitive' arguments/attributes on the resource, they all obscure output logs.

If this PR is approved I am happy to raise an issue in the main Terraform repository to try and get movement on being able to mark certain arguments safe for output. Case in point: the filename argument on this ephemeral resource should be allowed to be displayed in output logs, be that either with a setting in the schema declaration and/or using the nonsensitive function to mark it as safe.

To Be Discussed

I'm undecided if the default permission model should match local_sensitive_file given ephemeral resource values are treated as sensitive in the output context.

Note: I'll clean up git commits at a later date.

Rollback Plan

• If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

No. I have duplicated the file and directory permissions logic from the local_file resource.

[hashicorp-cla-app]

All committers have signed the CLA.

[hashicorp-cla-app]

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

_{Have you signed the CLA already but the status is still pending? Recheck it.}

[Copilot]

Pull Request Overview

This PR adds a new ephemeral resource local_file to the local provider, allowing users to create temporary files that are automatically cleaned up when the ephemeral resource lifecycle ends.

Key changes:

• Implements ephemeral resource with content seeding options (content, content_base64, source)
• Adds comprehensive test coverage for different content input methods
• Includes documentation and examples for the new resource

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
internal/provider/ephemeral_local_file.go	Core implementation of the ephemeral local_file resource with Open/Close lifecycle methods
internal/provider/ephemeral_local_file_test.go	Comprehensive test suite covering content, base64, and source file scenarios
internal/provider/provider.go	Provider registration for ephemeral resources
internal/provider/provider_test.go	Test infrastructure updates for ephemeral resource testing
docs/ephemeral-resources/file.md	User documentation for the new ephemeral resource
templates/ephemeral-resources/file.md.tmpl	Documentation template
examples/ephemeral-resources/ephemeral-resource-file.tf	Usage example
go.mod	Dependency update for terraform-plugin-log

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Remove the commented-out code and the todo-style comment. If default values aren't supported for ephemeral resources, the comment explaining the '0777' default in the description is sufficient.

Suggested change

	// Can't set a default value for ephemeral resources, this is here as a fingers-crossed placeholder.
	// Default: stringdefault.StaticString("0777"),

[Copilot]

Remove the commented-out code and the todo-style comment. If default values aren't supported for ephemeral resources, the comment explaining the '0777' default in the description is sufficient.

Suggested change

	// Can't set a default value for ephemeral resources, this is here as a fingers-crossed placeholder.
	// Default: stringdefault.StaticString("0777"),

[LeCrew163]

Would be very useful for my use case. :)

Nice job, hopefully gets merged soon.

[benkelly123]

Been watching this for a while, would be great to see this merged soon. Feels like it would go perfectly with the new tf actions for ansible! ansible/terraform-provider-ansible#146