Skip to content

Output for both ockam project ticket and ockam project enroll is improved, with support for --output json #7473

New issue
New issue
Open
Open
Output for both ockam project ticket and ockam project enroll is improved, with support for --output json#7473
Labels
Component: CommandImplementation: RustType: User Experiencehelp wanted
@nazmulidris

Description

@nazmulidris
nazmulidris
opened on Jan 27, 2024

Current behavior

Both ockam project ticket and ockam project enroll currently do not support the --output json option.

Currently:

  • ockam project ticket produces a HEX string (base64 encoded JSON blob) that is output to stdout or redirected to a file or saved to an env var. The benefit of use this HEX string is that it can easily be saved to an env var, and used by the ockam project enroll command, w/out having to worry about CR/LF for a multiline JSON string.
    • It is easy to manipulate the single string (which is base64 encoded JSON blob), by copying it to the clipboard, redirecting it to a file, or saving it to an env var.
    • The downside is that this output is opaque and does not really show what information the ticket holds (the JSON blob). Applying base64 encoding to the readable JSON blob renders it unreadable (for humans).
  • ockam project enroll can accept this HEX string (base64 encoded JSON blob) as a string, or a file path.

Here are examples:

# Using file path
ockam enroll
ockam project ticket > ticket.txt
OCKAM_HOME=/tmp/ock_1 project enroll ticket.txt
# Using an env var
ockam enroll
TICKET=$(ockam project ticket)
OCKAM_HOME=/tmp/ock_1 project enroll $TICKET

This is a related issue that affects the output of this command (not --output json): #7478

1) Desired behavior for ockam project ticket --output json

If --output json is used in ockam project ticket, then this JSON output should be usable by ockam project enroll. So there are 2 possibilities for ockam project ticket:

  1. ockam project ticket -> outputs a HEX string (base64 encoded JSON blob) to stdout, and JSON blob to stderr (using opts.terminal.write_line() as described above).
  2. ockam project ticket --output json -> produces a JSON blob that is displayed to stdout (can be redirected to a file). This does not generate the HEX base64 encoded string.

On the flip side, ockam project enroll should be able to work with either HEX string or JSON blob. Additionally, the positional argument that it takes can be a string or a filepath. This means that the command should apply the following strategy to parse this positional argument:

  1. Check if it is a file path. If so, then load the contents of the file into a string, and process it below (this is the current behavior).
  2. If it isn't a file path, then try and process the string below.

To process the string:

  1. Check to see if it can be parsed as JSON (valid JSON)? If so, then try to use it to enroll.
  2. If it can't be parsed as JSON, then assume it is the base64 encoded version and use it to enroll (this is the current behavior).

2) Desired behavior for ockam project enroll --output json

Currently the CredentialAndPurposeKeyDisplay is used to display the credential that is generated to stdout. If --output json is passed, then generate JSON output by creating a new function in output.rs to generate the JSON String output manually. If you look at the implementation of Output for CredentialAndPurposeKeyDisplay you have to repeat similar steps to create the JSON formatted string.

Another approach you might take to create JSON output is add the Serialize attribute to the derive macro for CredentialAndPurposeKeyDisplay and all the structs that it depends on. In this case you might also need to add the following

#[derive(.. Serialize ..)]
pub struct ECDSASHA256CurveP256Signature(
    #[serde(with = "hex_encoding")]
    pub [u8; > ECDSA_SHA256_CURVEP256_SIGNATURE_LENGTH],
);

#[derive(.. Serialize ..)]
pub struct EdDSACurve25519Signature(
    #[serde(with = "hex_encoding")]
    pub [u8; EDDSA_CURVE25519_SIGNATURE_LENGTH],
);

Finally, to actually output this to stdout, you can use

opts.terminal
        .stdout()
        .plain(...)
        .json(serde_json::to_string_pretty(...))
        ...

Note that the implementation of write_line() has some side effects when the terminal is uninteractive. This is the case in bats tests and in CI/CD environments (where bats tests are also run). When both json and plain outputs are available, and the terminal is non-interactive, then the JSON output is used by default, unless the --output plain option is explicitly passed in to the command. Here's the code for this.

This is something to keep in mind when providing both JSON and plain output here. This may have an effect in the bats tests (below) that may need to be updated to pass the --output plain option.

Here's a code example of this: https://github.com/build-trust/ockam/blob/develop/implementations/rust/ockam/ockam_command/src/node/show.rs#L206

3) Update bats tests

Additionally bats tests might need to be updated to exercise all these new command paths.
https://github.com/build-trust/ockam/blob/develop/implementations/rust/ockam/ockam_command/tests/bats/

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Component: CommandImplementation: RustType: User Experiencehelp wanted

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions