-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cli: new flag for Azure JSON output of constellation verify
#2391
Conversation
✅ Deploy Preview for constellation-docs canceled.
|
2af8031
to
96905b7
Compare
96905b7
to
669e53d
Compare
This is not the implementation I suggested.
I said that we should implement a custom mashaller and unmarsaller. As we already do in e.g. https://github.com/edgelesssys/constellation/blob/cli/verify/json-output/internal/attestation/idkeydigest/idkeydigest.go#L180 Did you encounter any issue with this approach, or why did you prefer your implementation? |
This seems like bad UX. If a command offers me the option to receive JSON output, I would expected all output to be JSON, not just some of it. $ constellation verify
{
"attestationDocument": {
// ...
},
"verification": "ok",
} |
A common way tools solve this is printing the JSON output to stdout and everything else to stderr. |
I think if we wan
I print to stderr now. Do we need the verification ok in the json output too? Since we don't foresee consuming this json in any other way besides the upload tool at the moment, I would not include it. An error of |
I think it's better to use a proper type, because to unmarshal and read the struct we would need this anyways (as required by the upload tool) |
d8a1823
to
195acc2
Compare
Recap of our conversation on the phone:
Apart from that: LGTM 👍 |
920b2f2
to
65a1337
Compare
65a1337
to
ca829c3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGMT, I'd suggest to get a second approval for this though.
This does not work for AWS (nitro attestation).
Also doesn't work on GCP. Either we gracefully handle this as an error with a message that this is currently not supported or we implement this. |
good catch, thanks! Since we also only support this for Azure on the default printer, I return an unsupported message:
|
61bed29
to
c4bc669
Compare
c4bc669
to
02ae569
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
constellation verify
constellation verify
Context
Motivated by #2357, this PR provides a JSON output format as communication interface between the CLI and the attestationconfigapi upload tool through a new flag
constellation verify --output json
.Proposed change(s)
verify
to provide the types for JSON serialization.--output
flag to support 'json' for Azure--raw
to--output raw
Related issue
Additional info
To only obtain the JSON output needed for the upload tool, some lines need to be omitted:
./constellation verify --force --json | tail -n +3 | head -n -1
Checklist