JSON output from `karmor logs --json` is not beautified

[navin772]

Currently karmor logs --json gives a cluttered output in a single line:

{"Timestamp":1717591294,"UpdatedTime":"2024-06-05T12:41:34.673689Z","ClusterName":"default","HostName":"navin","NamespaceName":"wordpress-mysql","Owner":{"Ref":"Deployment","Name":"wordpress","Namespace":"wordpress-mysql"},"PodName":"wordpress-78bc585459-626nf","Labels":"app=wordpress","ContainerID":"26f3f479957b89e219806d62df04234a8f1660029346d11239fa9fd86f7a3cc9","ContainerName":"wordpress","ContainerImage":"wordpress:4.8-apache@sha256:6216f64ab88fc51d311e38c7f69ca3f9aaba621492b4f1fa93ddf63093768845","HostPPID":39028,"HostPID":39354,"PPID":193,"PID":199,"UID":0,"ProcessName":"/usr/bin/curl","PolicyName":"DefaultPosture","Type":"MatchedPolicy","Source":"/usr/bin/curl goo.gl","Operation":"Network","Resource":"protocol=UDP,type=SOCK_DGRAM","Data":"lsm=SOCKET_CREATE protocol=UDP,type=SOCK_DGRAM","Enforcer":"BPFLSM","Action":"Block","Result":"Permission denied","Cwd":"/"}

By using MarshalIndent instead of Marshal we can get beautified output like this:

{
  "Timestamp": 1717591662,
  "UpdatedTime": "2024-06-05T12:47:42.500041Z",
  "ClusterName": "default",
  "HostName": "navin",
  "NamespaceName": "wordpress-mysql",
  "Owner": {
    "Ref": "Deployment",
    "Name": "wordpress",
    "Namespace": "wordpress-mysql"
  },
  "PodName": "wordpress-78bc585459-626nf",
  "Labels": "app=wordpress",
  "ContainerID": "26f3f479957b89e219806d62df04234a8f1660029346d11239fa9fd86f7a3cc9",
  "ContainerName": "wordpress",
  "ContainerImage": "wordpress:4.8-apache@sha256:6216f64ab88fc51d311e38c7f69ca3f9aaba621492b4f1fa93ddf63093768845",
  "HostPPID": 39028,
  "HostPID": 43125,
  "PPID": 193,
  "PID": 201,
  "UID": 0,
  "ProcessName": "/usr/bin/curl",
  "PolicyName": "DefaultPosture",
  "Type": "MatchedPolicy",
  "Source": "/usr/bin/curl goo.gl",
  "Operation": "Network",
  "Resource": "protocol=UDP,type=SOCK_DGRAM",
  "Data": "lsm=SOCKET_CREATE protocol=UDP,type=SOCK_DGRAM",
  "Enforcer": "BPFLSM",
  "Action": "Block",
  "Result": "Permission denied",
  "Cwd": "/"
}

Let me know if this is required, I will create a PR for the same.

[DelusionalOptimist]

This sounds good to me. Though users can use external tools like jq for beautifying but having the ability to do so in karmor itself might come in handy if user doesn't have the tools present. IMO We can keep the default output as non-beautified and have a --beautify flag which will pretty-print the JSON. cc @daemon1024 @kranurag7

[kranurag7]

Agree with Rudraksh here, We also ingest these logs to some logging solutions which will prefer the default that we have now.

For flag I think we can go for something like --format and --output with value of jsonindent or similar something. With this, we can support multiple values in future if required like yaml, table etc. that we have with other CLIs.

[navin772]

So, the final command will look something like karmor logs --output jsonindent replacing the --json flag completely?

This will require a docs update as --json flag is used widely. Thoughts?

[kranurag7]

Don't remove --json that would be a breaking change and we should avoid that. Adding another value to the flag would be ideal I think.

Edit: We can discuss more on if jsonindent is the name we prefer because it doesn't sound intuitive in my head.

[DelusionalOptimist]

Yes... let's keep the current output and also the --json flag. We can add an --output/-o flag: --output json - plain json --output pretty-json - beautified json --output text - usual text output

[navin772]

This looks good, so the final commands will look something like: karmor logs --output json karmor logs --output pretty-json karmor logs --output text

The --json flag will still be present: karmor logs --json

And the normal log output: karmor logs

Right?

[EraKin575]

Hi, @navin772 ! Can I work on this enhancement?