jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-19 17:59:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

main: Log the effective set of OCI credential search locations

Browse Source 
Previously we generated some logs during the discovery process indicating
which locations OpenTofu was probing for ambient credentials, but we didn't
explicitly report the overall result of the discovery process.

These new log lines will now report the final effective set of credential
configuration locations just before we try to use them in either the
provider installation or module installation codepaths. The strings
returned by CredentialsConfigLocationForUI are intended for just this sort
of feedback: the exact format varies for each kind of location, but it's
always a concise string identifying a location that OpenTofu will consider
when attempting to decide credentials.

Logging this here does unfortunately mean that the log output will be
repeated for each separate OCI registry request. There not being a great
single location to generate these logs was the main reason we didn't
include something like this in the first implementation, but the set of
config locations is small on any reasonable system and we've already had
a few folks struggle to understand why OpenTofu is making a certain
decision about credential sources so this is a pragmatic small step to give
us some extra diagnostic information in bug reports without affecting the
normal UI output for now.

Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
This commit is contained in:
Martin Atkins
2025-07-01 11:45:01 -07:00
committed by Christian Mesh
parent 57408eb898
commit e02159ee83
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/tofu/oci_distribution.go
View File

@@ -84,6 +84,17 @@ func getOCIRepositoryStore(ctx context.Context, registryDomain, repositoryName s
)
defer span.End()
// Since there are lots of different ways to provide OCI credentials to
// OpenTofu, and several are implicit based on files and/or environment
// variables we found on the system, we'll generate some debug logs
// listing the locations where we're searching so we'll have some good
// context for a bug report about OpenTofu selecting different credentials
// than the operator expected. There should not typically be more than a
// few of these on a reasonably-configured system.
for _, cfg := range credsPolicy.AllConfigs() {
log.Printf("[DEBUG] OCI registry client will consider credentials from %s", cfg.CredentialsConfigLocationForUI())
}
client, err := getOCIRepositoryORASClient(ctx, registryDomain, repositoryName, credsPolicy)
if err != nil {
tracing.SetSpanError(span, err)