tofu-controller icon indicating copy to clipboard operation
tofu-controller copied to clipboard

Published 20 hours ago verified publisher icon flux-iac

support terraform debug logging

Open k0da opened this issue 2 years ago • 9 comments

Currently there is no way to set TF_LOG and logging done on terraform-exec level

k0da avatar Oct 07 '22 10:10 k0da

Have you tried?

spec:
  runnerPodTemplate:
    spec:
      env:
      - name: TF_LOG
        value: "true"

Let me know if it's still not working for you.

chanwit avatar Oct 07 '22 10:10 chanwit

Yes, I did.

https://github.com/hashicorp/terraform-exec/blob/c3eeeea58419c22fda4600718d2a5245884af5ad/tfexec/terraform.go#L38

This is denied by terraform-exec go package

k0da avatar Oct 07 '22 10:10 k0da

I see. Then we cannot support that too.

But we have another flag for you to try.

https://github.com/weaveworks/tf-controller/blob/main/runner/server.go#L202

Hope it's useful a bit.

chanwit avatar Oct 07 '22 10:10 chanwit

We could look at exposing the Terraform.SetLog (here) and related functions in some way.

Nalum avatar Oct 07 '22 11:10 Nalum

i came here to post this issue -- HELM_DEUBG="1" doesn't seem possible either. not that its rejected, its just ineffective.

would love to be able to do this.

daveoy avatar Oct 07 '22 18:10 daveoy

We could look at exposing the Terraform.SetLog (here) and related functions in some way.

i can understand a TF_VAR_xxx env variable being prohibited but i would have though TF_LOG wouldn't be? especially when combined with the sensitive logs env var mentioned earlier.

if you can point me at where to run those SetLog and SetLogPath commands i'm happy to build the project and test their usage.

this is a big blocker for me right now as im seeing helm_release resources in terraform just run for hours and hours under the tf-controller and not make anything in GKE.

daveoy avatar Oct 07 '22 19:10 daveoy

@daveoy it's not that we are blocking them, I understand it that the tf-exec package blocks them so that they can be set by that package exclusively. In order to support those functions we will need to update tf-controller/tf-runner to allow them to be set.

@chanwit would it be best to make these part of the Terraform CRD? Something like spec.setLog or maybe group them all in spec.tfExec?

Nalum avatar Oct 10 '22 09:10 Nalum

spec.logging: info # debug would be possible, but I could see some security concerns.

https://github.com/weaveworks/tf-controller/blob/b7c13da914c0240eb4aec1a905a080385b9fc37f/runner/server.go#L198-L205

chanwit avatar Oct 10 '22 10:10 chanwit

We shall add this as the "observabilities" item to the roadmap.

chanwit avatar Oct 11 '22 05:10 chanwit

Closing to take this off the radar for now. We do still care about having visibility into the terraform logs, so it may be dealt with elsewhere.

squaremo avatar Nov 02 '23 16:11 squaremo