https://infracost.io logo
#help
Title
# help
e

echoing-piano-29088

12/04/2023, 7:37 PM
hey posted a while ago and got some help/reponses, but had to drop this in favor of other work going on. looking again quickly, and wondering why my API key isn't working from my gitlab runner job logs?
Copy code
[{"code":0,"message":"Invalid API key\nPlease check your /root/.config/infracost/credentials.yml file or INFRACOST_API_KEY environment variable.\nIf you recently regenerated your API key, you can retrieve it from <https://dashboard.infracost.io>.\nSee <https://infracost.io/support> if you continue having issues.",
but it works just fine from my local? previous link: https://infracost-community.slack.com/archives/C046GMHQ6NM/p1698951649261799
l

little-author-61621

12/05/2023, 12:24 PM
@echoing-piano-29088 I’m not seeing anything obvious here. Do you have any variables set at the project level as well as the repo level?
e

echoing-piano-29088

12/05/2023, 1:22 PM
can you explain more? in gitlab I thought a repo = a project at first glance
l

little-author-61621

12/05/2023, 1:24 PM
Sorry I meant group-level variables vs project/repo settings.
e

echoing-piano-29088

12/05/2023, 1:24 PM
i'll double check, but we aren't really using group level stuff yet that Im aware of
yeah none, just confirmed
l

little-author-61621

12/05/2023, 1:25 PM
hmm ok, and any .env files checked into your repo that have an INFRACOST_API_KEY set?
e

echoing-piano-29088

12/05/2023, 1:26 PM
no sir
hold on may have found something
nevermind don't think it was it
in debug logs, I'm seeing lines like
Copy code
time="2023-12-04T22:05:41Z" level=debug sync_usage=false func=main.main file="/app/cmd/infracost/main.go:44" error="open aws/pre-prod-loc/global/plan.cache/.infracost/pricing.gob: not a directory" enable_cloud_org=false currency=USD msg="could not flush pricing API cache to filesystem"
l

little-author-61621

12/05/2023, 1:33 PM
that shouldn’t be related
i have the comment part working, it updates the comment on the MR, just doesn't actually show any changes or diffs
l

little-author-61621

12/05/2023, 1:35 PM
So the API key is working okay?
e

echoing-piano-29088

12/05/2023, 1:35 PM
image.png
yeah I think. but i have changes in the MR and it's not recognizing them
l

little-author-61621

12/05/2023, 1:35 PM
What are the changes?
e

echoing-piano-29088

12/05/2023, 1:35 PM
new ec2 instance, and secret
and the infracost cli works correctly on my local against same changes when I run it
l

little-author-61621

12/05/2023, 1:39 PM
The logs are still showing the API key error though?
You could try adding something like this into the pipeline to see if the env variable is coming through okay?
Copy code
curl -H "X-Api-Key: $INFRACOST_API_KEY" <https://pricing.api.infracost.io/graphql>
If that shows a
Invalid API key
error then something is not set up right in the GitLab pipeline to set that var
e

echoing-piano-29088

12/05/2023, 1:46 PM
okay will give that a try
found this
Copy code
"vcsSubPath":"aws/pre-prod-loc/global","errors":[{"code":0,"message":"Invalid API key\nPlease check your /root/.config/infracost/credentials.yml file or INFRACOST_API_KEY environment variable.
also in another run saw this
Copy code
[{"code":0,"message":"Terraform binary 'terraform' could not be found. You have two options:\n1. Set a custom Terraform binary using the environment variable INFRACOST_TERRAFORM_BINARY
l

little-author-61621

12/05/2023, 1:54 PM
That seems odd to me, Infracost shouldn’t be running terraform by default. Do you have the Infracost commands you are running?
e

echoing-piano-29088

12/05/2023, 1:55 PM
i think its because I'm trying to access a terraform plan from a previous job stage and doing it incorrectly
didn't paste the second part
Copy code
[{"code":0,"message":"Terraform binary 'terraform' could not be found. You have two options:\n1. Set a custom Terraform binary using the environment variable INFRACOST_TERRAFORM_BINARY.\n\n2. Set --path to a Terraform plan JSON file. See <https://infracost.io/troubleshoot> for how to generate this."
l

little-author-61621

12/05/2023, 1:56 PM
Ah okay, yeah if you convert it to a plan JSON first then that will solve that.
e

echoing-piano-29088

12/05/2023, 1:56 PM
convert?
l

little-author-61621

12/05/2023, 1:57 PM
terraform show -json planfile > plan.json
e

echoing-piano-29088

12/05/2023, 1:58 PM
i think I do have that
Copy code
'gitlab-terraform plan',
      'gitlab-terraform plan-json',
l

little-author-61621

12/05/2023, 2:02 PM
👍 ok not sure what this issue is then, the error suggests Infracost is detecting it as a plan binary instead of plan JSON
Did you try the API key curl?
e

echoing-piano-29088

12/05/2023, 2:07 PM
hmm its saying invalid
Copy code
$ curl -H "X-Api-Key: $INFRACOST_API_KEY" <https://pricing.api.infracost.io/graphql>
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    58  100    58    0     0    372      0 --:--:-- --:--:-- --:--:--   374
{"error":"Invalid API key","error_code":"invalid_api_key"}$ ls -la /tmp/base/
im confused
i get this locally
Copy code
infracost auth login
We're redirecting you to our log in page, please complete that,
and return here to continue using Infracost.

If the redirect doesn't work, either:
- Use this URL:
    <https://dashboard.infracost.io/login?cli_port=57483&cli_state=ce52de4e-0ba8-4278-98bf-0e8172adcc67&cli_version=v0.10.30&os=darwin&utm_source=cli>

- Or log in/sign up at <https://dashboard.infracost.io>, copy your API key
    from Org Settings and run `infracost configure set api_key MY_KEY`

Waiting...

The API key was saved to /Users/phazeight/.config/infracost/credentials.yml

Your account has been authenticated. Run Infracost on your Terraform project by running:

  infracost breakdown --path=.
l

little-author-61621

12/05/2023, 2:14 PM
If you add a distinct user agent I can check some logs on our end to see if it’s coming through with the right API key format:
Copy code
curl -H "X-Api-Key: $INFRACOST_API_KEY" -H "User-Agent: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe" <https://pricing.api.infracost.io/graphql>
e

echoing-piano-29088

12/05/2023, 2:16 PM
added and kicked off pipeline, user agent of
phazeight
anything?
l

little-author-61621

12/05/2023, 2:44 PM
Not seeing anything in our logs with that user agent
e

echoing-piano-29088

12/05/2023, 2:51 PM
hrmmm, getting pretty stuck
l

little-author-61621

12/05/2023, 2:51 PM
I’m wondering if it’s hitting a proxy somewhere which is returning a 403?
e

echoing-piano-29088

12/05/2023, 3:05 PM
its in a child pipeline job if that affects anything
l

little-author-61621

12/05/2023, 3:07 PM
Do you have any https_proxy or http_proxy vars set?
e

echoing-piano-29088

12/05/2023, 3:07 PM
no not using anything like that
l

little-author-61621

12/05/2023, 3:14 PM
Yeah, not sure why I’m not seeing the curl request come through on our end. Can you paste the exact curl command you used? I wonder if somehow the pipeline isn’t hitting it.
e

echoing-piano-29088

12/05/2023, 3:17 PM
just did what you sent me, testing locally first, and doesn't seem to be working one sec
Copy code
curl -H "X-Api-Key: $INFRACOST_API_KEY" -H "phazeight: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe" <https://pricing.api.infracost.io/graphql>
GET query missing.%
l

little-author-61621

12/05/2023, 3:22 PM
That local one works (we’d expect
GET query missing
for this curl)
e

echoing-piano-29088

12/05/2023, 3:22 PM
gotcha
l

little-author-61621

12/05/2023, 3:23 PM
-H "phazeight: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe"
needs to be
-H "User-Agent: phazeight"
or
-H "User-Agent: infracost-debug-19348509-6b3c-4d3e-9a4c-ef55bec70bfe"
e

echoing-piano-29088

12/05/2023, 3:23 PM
ah silly me
let me try again
hmmmm still no dice
Copy code
$ curl -H "X-Api-Key: $INFRACOST_API_KEY" -H "User-Agent: phazeight" <https://pricing.api.infracost.io/graphql>
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    58  100    58    0     0    401      0 --:--:-- --:--:-- --:--:--   402
{"error":"Invalid API key","error_code":"invalid_api_key"}
that looks right?
l

little-author-61621

12/05/2023, 3:32 PM
Okay, so the logs are giving some clue:
Copy code
"x-api-key": "$IN***************"
So I’m guessing it’s coming through as the string
$INFRACOST_API_KEY
somewhere.
Can you paste the part of the pipeline where you are setting the env variable value?
e

echoing-piano-29088

12/05/2023, 3:34 PM
okay just saw it go through now
hold on might be on to something
got it working!
l

little-author-61621

12/05/2023, 3:39 PM
Awesome!
e

echoing-piano-29088

12/05/2023, 3:39 PM
thanks for all your help
l

little-author-61621

12/05/2023, 3:39 PM
np, sorry it took so long to work out 😅
e

echoing-piano-29088

12/05/2023, 3:40 PM
no worries it is a product of my setup being complex
@little-author-61621 actually I have one more quick question. can the infracost comment command include the terraform plan itself in the comment?
or parts of it?
l

little-author-61621

12/05/2023, 4:42 PM
That’s not something it supports currently
e

echoing-piano-29088

12/05/2023, 4:44 PM
ok thank you
sorry @little-author-61621 one final question. If my jobs are all individual child pipline jobs, the infracost comment is only updateing for one of those jobs. what whould be a good way to get the infracost separate comment calls from the separate jobs to update the same comment?
i tried the
show-all-projects
flag, but it didn't get me what I wanted it did this
l

little-author-61621

12/06/2023, 9:32 AM
@echoing-piano-29088 are you using the matrix example? This should only run the comment step once after all the projects have been evaluated.
e

echoing-piano-29088

12/07/2023, 1:25 PM
I thought so, but what seemed to be happening was it was getting overwritten so could only see the report from the last job
yeah the update would be ideal, but since each environment is a separate pipeline job, these infracost comment commands are all running against the same parent merge request in sequence, so it is only showing the information of the last job to run in the pipeline. and the show all projects command is only showing the environment in the local job
l

little-author-61621

12/07/2023, 3:23 PM
@echoing-piano-29088 Ok, I think where I’m confused is why there’s multiple
infracost_comment
stages running per pipeline.
Okay,
infracost comment
doesn’t support appending to a comment, just replacing it. So the two options I can see are: 1. trigger a single job at the end of all pipelines that gathers all the infracost JSON files and leaves a single comment for them 2. have each pipeline leave a separate comment (using the
--tag
flag)
e

echoing-piano-29088

12/07/2023, 6:58 PM
That sounds like it would work. I like that idea. Thanks. I'll try it tomorrow
3 Views