terraform-provider-docker icon indicating copy to clipboard operation
terraform-provider-docker copied to clipboard

Published 20 hours ago verified publisher icon kreuzwerker

`docker_container` `container_logs` attribute includes Docker log entry headers

Open zanecodes opened this issue 2 years ago • 0 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and docker Provider) Version

Terraform v1.3.7
on linux_amd64
+ provider registry.terraform.io/kreuzwerker/docker v3.0.2

Affected Resource(s)

  • docker_container

Terraform Configuration Files

terraform {
  required_providers {
    docker = {
      source = "kreuzwerker/docker"
      version = "3.0.2"
    }
  }
}

resource "docker_container" "container" {
  name = "repro"
  image = "alpine:latest"
  must_run = false
  logs = true
  attach = true
  entrypoint = ["/bin/sh", "-c", "echo ''"]
}

output "logs" {
  value = docker_container.container.container_logs
}

Debug Output

https://gist.github.com/zanecodes/a3959cdc746cbea6330d91cf9aa9bfef#file-debug-log-L218

Expected Behaviour

terraform output -raw logs should output exactly what the container entrypoint echo '' outputs: a single newline character, just like docker logs repro outputs.

Actual Behaviour

terraform output -raw logs outputs the stdout prefixed with the Docker log header: 01 00 00 00 00 00 00 01 0a, which can be more easily observed by running terraform output -raw logs | xxd.

While Terraform seems to handle this fine by Unicode escaping these bytes as "\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0001\n" in the terraform.tfstate JSON, this causes GitLab's Terraform HTTP state backend to return a 400 Bad Request response when attempting to push the new state, which seems like a separate bug in GitLab that also needs to be addressed.

This can be partially worked around by using the docker_logs data source with discard_headers = true, but this should either be fixed in the docker_container resource, or the container_logs attribute should be deprecated and removed from the docker_container resource in favor of only using the docker_logs data source.

More importantly, strings in Terraform must be valid Unicode, while the stdout/stderr of a container may be an arbitrary sequence of bytes, so logs should really be base64 encoded before being returned.

Additionally, the docker_logs data source offers no way to demultiplex the stdout/stderr from the container logs. This should be done using StdCopy() as shown in the documentation comment for the client.ContainerLogs() function, and the stdout and stderr should probably be exposed as two separate attributes, e.g. stdout_base64 and stderr_base64.

Steps to Reproduce

  1. terraform apply
  2. Observe output from terraform output -raw logs | xxd
  3. Compare with docker logs repro | xxd

Important Factoids

Running docker in rootful podman on macos, but the issue is also reproducible in docker on WSL2 on Windows 10

zanecodes avatar Apr 26 '23 18:04 zanecodes