search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.42k stars 1.74k forks source link

Improve the JSON/YAML output of `tctl nodes add` #22462

Open tukusejssirs opened 1 year ago

tukusejssirs commented 1 year ago

What would you like Teleport to do?

I think the JSON and YAML format (which is currently actually the same, string-wise) should be revised, as it currently outputs only the token itself. IMHO it should contain at least also the CA pin, possibly the roles and auth server too.

# tctl nodes add --ttl=15m --roles=node,app --format json
# tctl nodes add --ttl=15m --roles=node,app --format yaml

# Current output
["$token"]

# Suggested JSON output
# Note: It could be compacted.
{
  "authServer": "$auth_server",
  "caPin": "$ca_pin",
  "roles": ["app", "node"],
  "token": "$token"
}

# Suggested YAML output
authServer: $auth_server
caPin: $ca_pin
roles:
  - app
  - node
token: $token

What problem does this solve?

We need more data to add a node after we create the token, and that data could be used to generate either the Teleport config file or configure teleport start command. Currently, we need to parse the default text format, which is not a perfect solution (although it is working).

If a workaround exists, please include it.

Parsing the text format.

tctl_output="$(tctl nodes add --ttl=15m --roles=node,app)"
token="$(grep -Po '^\s*--token=\K[^\s]+' <<< "$tctl_output")"
ca_pin="$(grep -Po '^\s*--ca-pin=\K[^\s]+' <<< "$tctl_output")"

# Or if we want a JSON string
echo "{ \
  \"authServer\": \"$(grep -Po '^\s*--auth-server=\K[^\s]+' <<< "$tctl_output")\", \
  \"caPin\": \"$(grep -Po '^\s*--ca-pin=\K[^\s]+' <<< "$tctl_output")\", \
  \"roles\": [$(grep -Po '^\s*--roles=\K[^\s]+' <<< "$tctl_output" | sed -z 's/\(^\|\n\)/"/g;s/,/","/g')], \
  \"token\": \"$(grep -Po '^\s*--token=\K[^\s]+' <<< "$tctl_output")\" \
}" | jq -S

# Of if we want a YAML string
echo "{ \
  \"authServer\": \"$(grep -Po '^\s*--auth-server=\K[^\s]+' <<< "$tctl_output")\", \
  \"caPin\": \"$(grep -Po '^\s*--ca-pin=\K[^\s]+' <<< "$tctl_output")\", \
  \"roles\": [$(grep -Po '^\s*--roles=\K[^\s]+' <<< "$tctl_output" | sed -z 's/\(^\|\n\)/"/g;s/,/","/g')], \
  \"token\": \"$(grep -Po '^\s*--token=\K[^\s]+' <<< "$tctl_output")\" \
}" | yq -Poy e '.roles |= sort'
RaviiiiYadav commented 1 year ago

Hey, would like to contribute to this can you explain me in detail ...