Terraform's public interface has included helper/loggingNewTransport() since v0.9.5. This helper is an implementation of the Golang standard library http.RoundTripper that lets you add logging at the DEBUG level to your provider's HTTP transactions.
We do not recommend using this original helper because it is designed to log the entirety of each request and response. This includes any sensitive content that may be present in the message header or body, presenting security concerns.
Instead, we recommend using the terraform-plugin-log library to produce logs for your provider. This library does not present the same security concerns and provides log filtering functionality. This page explains how to set up the new RoundTripper() helper to log HTTP Transactions with terraform-plugin-log.
The recommended logging helper for SDK is built on top of terraform-plugin-log. This lets you leverage the features from our structured logging framework without having to write an entire implementation of http.RoundTripper.
There are two functions inside helper/logging that target a specific logging setup for your provider. Refer to “Writing Log Output” for details.
After you create the transport , you must use it to set up the http.Client for the provider. The following example sets up the client in schema.ProviderConfigureContextFunc. The client is identical to the default Golang http.Client, except it uses the new logging transport.
funcNew()(*schema.Provider,error){return&schema.Provider{// omitting the rest of the schema definition
ConfigureContextFunc:func(ctx context.Context, rsc *schema.ResourceData)(any, diag.Diagnostics){// omitting provider-specific configuration logic
transport := logging.NewLoggingHTTPTransport(http.DefaultTransport)
client := http.Client{
Transport: transport,}return client, diag.Diagnostics{}}}}
funcNew()(*schema.Provider,error){return&schema.Provider{// omitting the rest of the schema definition ConfigureContextFunc:func(ctx context.Context, rsc *schema.ResourceData)(any, diag.Diagnostics){// omitting provider-specific configuration logic transport := logging.NewLoggingHTTPTransport(http.DefaultTransport) client := http.Client{ Transport: transport,}return client, diag.Diagnostics{}}}}
All calls to the tflog package must contain an SDK provided context.Context that stores the logging implementation. Providers written with terraform-plugin-sdk must use context-aware functionality, such as the helper/schema.Resource type ReadContext field.
The following example uses http.NewRequestWithContext() function to create an HTTP request that includes the logging configuration from the context.Context.
// inside a context-aware Resource function
req, err := http.NewRequestWithContext(ctx,"GET","https://www.terraform.io",nil)if err !=nil{return fmt.Errorf("Failed to create a new request: %w", err)}
res, err := client.Do(req)if err !=nil{return fmt.Errorf("Request failed: %w", err)}defer res.Body.Close()
// inside a context-aware Resource functionreq, err := http.NewRequestWithContext(ctx,"GET","https://www.terraform.io",nil)if err !=nil{return fmt.Errorf("Failed to create a new request: %w", err)}res, err := client.Do(req)if err !=nil{return fmt.Errorf("Request failed: %w", err)}defer res.Body.Close()
Use the (http.Request).WithContext() method to set the context for the http.Request if the request is generated separately from where the context.Context is available.
Canonical textual description of the corresponding tf_http_res_status_code
Response
tf_http_res_version
Response HTTP version
Ex. "HTTP/2.0"
Response
(Other fields)
Request / Response headers. One field per header. If the header contains a single value, the log field value is set to that value. Otherwise, the field value is a slice of strings.