https://infracost.io logo
Join Slack
Powered by
hey posted a while ago and got some help/reponses,...
# help
e
hey posted a while ago and got some help/reponses, but had to drop this in favor of other work going on. looking again quickly, and wondering why my API key isn't working from my gitlab runner job logs?
Copy code
[{"code":0,"message":"Invalid API key\nPlease check your /root/.config/infracost/credentials.yml file or INFRACOST_API_KEY environment variable.\nIf you recently regenerated your API key, you can retrieve it from <https://dashboard.infracost.io>.\nSee <https://infracost.io/support> if you continue having issues.",
but it works just fine from my local? previous link: https://infracost-community.slack.com/archives/C046GMHQ6NM/p1698951649261799
l
@echoing-piano-29088 I’m not seeing anything obvious here. Do you have any variables set at the project level as well as the repo level?
e
can you explain more? in gitlab I thought a repo = a project at first glance
l
Sorry I meant group-level variables vs project/repo settings.
e
i'll double check, but we aren't really using group level stuff yet that Im aware of
yeah none, just confirmed
l
hmm ok, and any .env files checked into your repo that have an INFRACOST_API_KEY set?
e
no sir
hold on may have found something
nevermind don't think it was it
in debug logs, I'm seeing lines like
Copy code
time="2023-12-04T22:05:41Z" level=debug sync_usage=false func=main.main file="/app/cmd/infracost/main.go:44" error="open aws/pre-prod-loc/global/plan.cache/.infracost/pricing.gob: not a directory" enable_cloud_org=false currency=USD msg="could not flush pricing API cache to filesystem"
l
that shouldn’t be related
e
i have the comment part working, it updates the comment on the MR, just doesn't actually show any changes or diffs
l
So the API key is working okay?
e
image.png
yeah I think. but i have changes in the MR and it's not recognizing them
l
What are the changes?
e
new ec2 instance, and secret
and the infracost cli works correctly on my local against same changes when I run it
l
The logs are still showing the API key error though?
You could try adding something like this into the pipeline to see if the env variable is coming through okay?
Copy code
curl -H "X-Api-Key: $INFRACOST_API_KEY" <https://pricing.api.infracost.io/graphql>
If that shows a 
Invalid API key
error then something is not set up right in the GitLab pipeline to set that var
e
okay will give that a try
found this
Copy code
"vcsSubPath":"aws/pre-prod-loc/global","errors":[{"code":0,"message":"Invalid API key\nPlease check your /root/.config/infracost/credentials.yml file or INFRACOST_API_KEY environment variable.
also in another run saw this
Copy code
[{"code":0,"message":"Terraform binary 'terraform' could not be found. You have two options:\n1. Set a custom Terraform binary using the environment variable INFRACOST_TERRAFORM_BINARY
l
That seems odd to me, Infracost shouldn’t be running terraform by default. Do you have the Infracost commands you are running?
e
i think its because I'm trying to access a terraform plan from a previous job stage and doing it incorrectly
didn't paste the second part
Copy code
[{"code":0,"message":"Terraform binary 'terraform' could not be found. You have two options:\n1. Set a custom Terraform binary using the environment variable INFRACOST_TERRAFORM_BINARY.\n\n2. Set --path to a Terraform plan JSON file. See <https://infracost.io/troubleshoot> for how to generate this."
l
Ah okay, yeah if you convert it to a plan JSON first then that will solve that.
e
convert?
l
terraform show -json planfile > plan.json
e
i think I do have that
Copy code
'gitlab-terraform plan',
      'gitlab-terraform plan-json',
l
👍 ok not sure what this issue is then, the error suggests Infracost is detecting it as a plan binary instead of plan JSON
Did you try the API key curl?
e
hmm its saying invalid
Copy code
$ curl -H "X-Api-Key: $INFRACOST_API_KEY" <https://pricing.api.infracost.io/graphql>
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    58  100    58    0     0    372      0 --:--:-- --:--:-- --:--:--   374
{"error":"Invalid API key","error_code":"invalid_api_key"}$ ls -la /tmp/base/
im confused
i get this locally
Copy code
infracost auth login
We're redirecting you to our log in page, please complete that,
and return here to continue using Infracost.

If the redirect doesn't work, either:
- Use this URL:
    <https://dashboard.infracost.io/login?cli_port=57483&cli_state=ce52de4e-0ba8-4278-98bf-0e8172adcc67&cli_version=v0.10.30&os=darwin&utm_source=cli>

- Or log in/sign up at <https://dashboard.infracost.io>, copy your API key
    from Org Settings and run `infracost configure set api_key MY_KEY`

Waiting...

The API key was saved to /Users/phazeight/.config/infracost/credentials.yml

Your account has been authenticated. Run Infracost on your Terraform project by running:

  infracost breakdown --path=.
l
If you add a distinct user agent I can check some logs on our end to see if it’s coming through with the right API key format:
Copy code
curl -H "X-Api-Key: $INFRACOST_API_KEY" -H "User-Agent: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe" <https://pricing.api.infracost.io/graphql>
e
added and kicked off pipeline, user agent of 
phazeight
anything?
l
Not seeing anything in our logs with that user agent
e
hrmmm, getting pretty stuck
l
I’m wondering if it’s hitting a proxy somewhere which is returning a 403?
e
its in a child pipeline job if that affects anything
l
Do you have any https_proxy or http_proxy vars set?
e
no not using anything like that
l
Yeah, not sure why I’m not seeing the curl request come through on our end. Can you paste the exact curl command you used? I wonder if somehow the pipeline isn’t hitting it.
e
just did what you sent me, testing locally first, and doesn't seem to be working one sec
Copy code
curl -H "X-Api-Key: $INFRACOST_API_KEY" -H "phazeight: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe" <https://pricing.api.infracost.io/graphql>
GET query missing.%
l
That local one works (we’d expect 
GET query missing
for this curl)
e
gotcha
l
-H "phazeight: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe"
needs to be 
-H "User-Agent: phazeight"
or 
-H "User-Agent: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe"
e
ah silly me
let me try again
hmmmm still no dice
Copy code
$ curl -H "X-Api-Key: $INFRACOST_API_KEY" -H "User-Agent: phazeight" <https://pricing.api.infracost.io/graphql>
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    58  100    58    0     0    401      0 --:--:-- --:--:-- --:--:--   402
{"error":"Invalid API key","error_code":"invalid_api_key"}
that looks right?
l
Okay, so the logs are giving some clue:
Copy code
"x-api-key": "$IN***************"
So I’m guessing it’s coming through as the string 
$INFRACOST_API_KEY
somewhere.
Can you paste the part of the pipeline where you are setting the env variable value?
e
okay just saw it go through now
hold on might be on to something
got it working!
l
Awesome!
e
thanks for all your help
l
np, sorry it took so long to work out 😅
e
no worries it is a product of my setup being complex
@little-author-61621 actually I have one more quick question. can the infracost comment command include the terraform plan itself in the comment?
or parts of it?
l
That’s not something it supports currently
e
ok thank you
sorry @little-author-61621 one final question. If my jobs are all individual child pipline jobs, the infracost comment is only updateing for one of those jobs. what whould be a good way to get the infracost separate comment calls from the separate jobs to update the same comment?
i tried the 
show-all-projects
flag, but it didn't get me what I wanted it did this
l
@echoing-piano-29088 are you using the matrix example? This should only run the comment step once after all the projects have been evaluated.
e
I thought so, but what seemed to be happening was it was getting overwritten so could only see the report from the last job
yeah the update would be ideal, but since each environment is a separate pipeline job, these infracost comment commands are all running against the same parent merge request in sequence, so it is only showing the information of the last job to run in the pipeline. and the show all projects command is only showing the environment in the local job
l
@echoing-piano-29088 Ok, I think where I’m confused is why there’s multiple 
infracost_comment
stages running per pipeline.
Okay, 
infracost comment
doesn’t support appending to a comment, just replacing it. So the two options I can see are: 1. trigger a single job at the end of all pipelines that gathers all the infracost JSON files and leaves a single comment for them 2. have each pipeline leave a separate comment (using the 
--tag
flag)
e
That sounds like it would work. I like that idea. Thanks. I'll try it tomorrow
3 Views
Open in Slack
PreviousNext
Powered by