nats-io/nsc

`nsc generate nkey` outputs good response to stderr rather than stdout

kimjarvis opened this issue · 4 comments

nsc generate nkey outputs a good response to stderr, rather than stdout, which is unexpected.

root@instance:/# nsc generate nkey -a --store 2> e
root@instance:/# nsc generate nkey -a --store
AALS5NG2EJCJGCBTCRRH4PJO2R2UFHVAAIPLZEI5OPHHGW5T67DFNJRY
account key stored /root/.local/share/nats/nsc/keys/keys/A/AL/AALS5NG2EJCJGCBTCRRH4PJO2R2UFHVAAIPLZEI5OPHHGW5T67DFNJRY.nk

In particular, I would expect the following ansible to work. But, to make it work i had to change stdout to stderr.

    - name: Generate account signing key
      ansible.builtin.shell: >-
        nsc generate nkey -a --store
        {{ client_config }}
      register: result

    - name: Get the client account signing key 
      ansible.builtin.set_fact: client_account_signing_key="{{result.stdout_lines[0]}}"

Verified, the generated key should be sent to stdout. Now wondering if generate key and list keys should output JSON - I would consider the informational message (account key stored...) to be stderr.

Maybe, generate key could have an option for json output like this:

nsc generate nkey -a --store --json
{
	"type": "account",
	"key": "ACWGQFI6UZMVZREABW4GZVXQA6XTJBGGKZJLJHBPEDQLWMOJQLM3IVRB",
	"path": "/root/.local/share/nats/nsc/keys/keys/A/CW/ACWGQFI6UZMVZREABW4GZVXQA6XTJBGGKZJLJHBPEDQLWMOJQLM3IVRB.nk"
}

It would be really helpful, for automation, for there to be an option to output json on every nsc command. But, that is not the subject of this ticket.

All nsc commands, that I looked at today, output good responses to stderr, rather than stdout, which is unexpected. All of the following commands output to stderr with nothing at all going to stdout. In my script, all of them complete successfully and return rc 0.

nsc edit operator --sk OAKKUPVDAEOXMRWTG7MKOAFJNX2I2LHJQMLCXKHDLNQB4OZHGMRX7XWU
nsc describe operator --raw --output-file $HOME/OT.jwt      --all-dirs $HOME/O
nsc add operator -u $HOME/OT.jwt --force      --all-dirs $HOME/V
nsc add account -n T         --all-dirs $HOME/O
nsc edit account -n T --sk ABZRCHNMDORQW5H4WU6HQLQSJZQVVG72L77DRT64RB4V3JWNESS7LCIK
nsc describe account -n T --raw --output-file $HOME/AT.jwt      --all-dirs $HOME/O 
nsc import account --file $HOME/AT.jwt --overwrite      --all-dirs $HOME/V
nsc add user  --account T  --name easy   --all-dirs $HOME/V --private-key  ABZRCHNMDORQW5H4WU6HQLQSJZQVVG72L77DRT64RB4V3JWNESS7LCIK
nsc generate creds -a T -n easy -o $HOME/Ueasy.creds      --all-dirs $HOME/V 

I would have expected that all of these successful commands would have written all of their output to stdout instead. In general, modern commands that are targeted towards automation, such as kubectl, write almost everything to stdout, to make automation simpler.

All the above commands (with the exception of nsc generate nkey) return a report - the report was always directed to stderr (cobra is doing this). I have changed it to output to stdout - but it is possible that the report will have some error line [ERR] and at the moment it is impossible to separate those. If the report has an actual error that will be rendered to stderr (along with the report to stdout)

Do note that for the describe commands do support --json, so you can always do:
export C1_PK=$(nsc describe account C1 --json | jq -r .sub) to read public ids etc.

The main issue here is that the change of the PR would indeed break havoc on current scripts - so this may be a no-go until we have a nondisruptive way of changing this as an opt-in/out option or a major version bump for nsc.