Simplify maintaining pre 0.67.0 output format

[grimm26]

Describe the enhancement

As it stands, I have found that I need to combine https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-log-disable and https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-disable-command-validation to maintain pre 0.67.0 output format.

Today, I noticed that this results in AWS auth errors since my statefile is stored in an S3 bucket and the error comes from terragrunt.

I suppose yet another CLI flag can be added to get around this next corner case, but it would have seemed to make much more sense to have a single flag to enable the new formatting that you made default in 0.67.x. The formatting seems mainly a convenience for those using run-all commands, so maybe make the new output format default when using run-all?

In the meantime, in order to see that my session creds have expired, I need to enable the new and verbose log format that pushes everything over to the right with timestamps and log levels that I don't care about.

Additional context

❯ tg -version
terragrunt version v0.67.10
❯ tg plan
10:23:42.304 ERROR  Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): ExpiredToken: The security token included in the request is expired
	status code: 403, request id: 178b0942-e097-4391-a072-a2df575f3f7f
10:23:42.304 ERROR  Unable to determine underlying exit code, so Terragrunt will exit with error code 1
❯ tg plan  --terragrunt-log-disable
❯ tenv tg use 0.66.9 --working-dir
Terragrunt 0.66.9 already installed
Written 0.66.9 in .terragrunt-version
❯ tg -version
terragrunt version v0.66.9
❯ tg plan
ERRO[0001] Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): ExpiredToken: The security token included in the request is expired
	status code: 403, request id: 74e8ed39-0d93-420b-a8f5-25c16c3133b7 
ERRO[0001] Unable to determine underlying exit code, so Terragrunt will exit with error code 1 

[yhakbar]

Hey @grimm26 ,

If you want OpenTofu/Terraform terminal output that aligns with how Terragrunt worked pre-0.67.0, you should be using the --terragrunt-forward-tf-stdout flag, which will give you the behavior you're looking for:

$ terragrunt plan --terragrunt-forward-tf-stdout
15:34:51.034 INFO   Retrieved output from tofu

Initializing the backend...

Initializing provider plugins...

OpenTofu has been successfully initialized!

You may now begin working with OpenTofu. Try running "tofu plan" to see
any changes that are required for your infrastructure. All OpenTofu commands
should now work.

If you ever set or change modules or backend configuration for OpenTofu,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
15:34:51.055 INFO   Retrieved output from tofu

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

When encountering an error thrown by Terragrunt, something like the following will appear:

$ terragrunt plan --terragrunt-forward-tf-stdout
15:35:27.135 ERROR  Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
15:35:27.135 ERROR  Unable to determine underlying exit code, so Terragrunt will exit with error code 1
15:35:27.135 ERROR  Suggested fixes:
Missing AWS credentials. Provide credentials to proceed.

We're actively working on more enhancements on how logging is handled, which will hopefully get you what you are looking for. We're going to try to get more feedback before making changes to logging, so we're iterating on the design for additional logging controls internally, then will cut a pre-release to collect feedback before releasing any more changes. We will notify you on this issue so that you can confirm it solves the problem that you're facing.

The solution that we're going to introduce looks something like this:

• --terragrunt-log-format as a new flag that will accept a number of presets:
  • pretty (default): Current default logging with the timestamp and log level, etc.
  • json: Logging that can be acquired via the --terragrunt-log-json flag today.
  • key-value: Logging that can be acquired via --terragrunt-disable-log-formatting flag today.
  • naked: Logging that can be acquired today via the --terragrunt-forward-tf-stdout flag today.
• --terragrunt-pretty-log-format a new flag that will accept a custom format string to let you decide exactly how logging is formatted.

This should give users the ability to explicitly decide that they won't have the timestamps emitted, log levels etc. while making sure that there's a more holistic set of controls for logging so that there aren't a bunch of flags that have to be toggled to get the experience folks want out of Terragrunt.

Again, you'll have the chance to try this out, and give your feedback before we commit to anything.

To give some context, the reason these logging updates were not done only for run-all commands is that it's not clear that's what's best for users.

How can logs for before and after hook terminal output be disambiguated from OpenTofu/Terraform terminal output? How does output from run_cmd get disambiguated? What about the init that gets run automatically prior to running something like plan? What about a run-all used in the directory of a single Unit? Should that be emitted differently to logs? Should users expect logging to look differently for OpenTofu/Terraform terminal output depending on the command they run?

The conclusion that the team came to is that it's important that users are always able to disambiguate between what Terragrunt is forwarding from another tool (like OpenTofu/Terraform), and what it emits directly (like errors relating to setting up backend resources and protection against forwarding invalid arguments to OpenTofu/Terraform) by default. We also want users to have a consistent experience reading logs regardless of whether they are running something like terragrunt plan or terragrunt run-all plan by default.

I appreciate that it can feel like a lot of extra noise at small scale, but we don't want users to have to adapt to dramatically different logs when scaling up their Terragrunt usage or have to opt in to a bunch of extra flags in order to understand what's going on when scaling up and adopting more features.