search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.44k stars 1.74k forks source link

tctl get --format=json is invalid for tctl create commands #8332

Open pschisa opened 3 years ago

pschisa commented 3 years ago

Description

What happened: When using tctl get <resource> --format=json > resource-file.txt to produce json formated file, the resulting json output is formatted incorrectly to use with the tctl create command, at least for oidc and saml single resources. Example below:

# tctl get oidc --format=json
[
    {
        "kind": "oidc",
        "version": "v2",
        "metadata": {
            "name": "Keycloak"
        },
        "spec": {
            "issuer_url": "https://keycloak.schisa.cf/auth/realms/teleport-login",
            "client_id": "teleport-keycloak",
            "client_secret": "",
            "redirect_url": "https://test-cluster1.schisa.cf/v1/webapi/oidc/callback",
            "scope": [
                "groups",
                "profile"
            ],
            "claims_to_roles": [
                {
                    "claim": "groups",
                    "value": "teleport-admins",
                    "roles": [
                        "admin"
                    ]
                }
            ]
        }
    }
]
# tctl get oidc --format=json > test-oidc.json
#tctl create -f test-oidc.json
ERROR: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal array into Go value of type types.ResourceHeader

It is worth noting that it seems to be an issue with the output presenting and array {} within a list []. Removing the outermost [] gets around the issue and allows the json resource to work with the tctl create command

What you expected to happen: The output of tctl get <resource> --format=json will work with the tctl create command without requiring any editing (like it does with the yaml format)

Reproduction Steps

As minimally and precisely as possible, describe step-by-step how to reproduce the problem.

  1. Deploy a single oidc connector
  2. Run tctl get oidc --format=json > oidc.json on the auth server
  3. Run tctl create -f oidc.json on the auth server

Server Details

Workaround

Remove the first "[" and the last "]" after running tctl get, save the file, then run tctl create

pschisa commented 3 years ago

Tested using an explicit resource name and the results are the same output ([] in JSON for a list even though its only one item):

# tctl get oidc/Keycloak --format=json
[
    {
        "kind": "oidc",
        "version": "v2",
        "metadata": {
            "name": "Keycloak"
        },
        "spec": {
            "issuer_url": "https://keycloak.schisa.cf/auth/realms/teleport-login",
            "client_id": "teleport-keycloak",
            "client_secret": "",
            "redirect_url": "https://test-cluster1.schisa.cf/v1/webapi/oidc/callback",
            "scope": [
                "groups",
                "profile"
            ],
            "claims_to_roles": [
                {
                    "claim": "groups",
                    "value": "teleport-admins",
                    "roles": [
                        "admin"
                    ]
                }
            ]
        }
    }
]