Merge pull request #1631 from simonbaird/plain-text-output

Human readable output

Author: simonbaird

cmd/validate/image.go

@@ -69,6 +69,8 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 		spec                        *app.SnapshotSpec
 		strict                      bool
 		images                      string
+		noColor                     bool
+		forceColor                  bool
 	}{
 		strict: true,
 	}
@@ -402,6 +404,7 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 				return err
 			}
 			p := format.NewTargetParser(applicationsnapshot.JSON, cmd.OutOrStdout(), utils.FS(cmd.Context()))
+			utils.SetColorEnabled(data.noColor, data.forceColor)
 			if err := report.WriteAll(data.output, p); err != nil {
 				return err
 			}
@@ -487,6 +490,12 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 		violations, include the title and the description of the failed policy
 		rule.`))
 
+	cmd.Flags().BoolVar(&data.noColor, "no-color", data.info, hd.Doc(`
+		Disable color when using text output even when the current terminal supports it`))
+
+	cmd.Flags().BoolVar(&data.forceColor, "color", data.info, hd.Doc(`
+		Enable color when using text output even when the current terminal does not support it`))
+
 	if len(data.input) > 0 || len(data.filePath) > 0 || len(data.images) > 0 {
 		if err := cmd.MarkFlagRequired("image"); err != nil {
 			panic(err)

docs/modules/ROOT/pages/ec_validate_image.adoc

@@ -115,6 +115,7 @@ Use a regular expression to match certificate attributes.
 --certificate-identity-regexp:: Regular expression for the URL of the certificate identity for keyless verification
 --certificate-oidc-issuer:: URL of the certificate OIDC issuer for keyless verification
 --certificate-oidc-issuer-regexp:: Regular expresssion for the URL of the certificate OIDC issuer for keyless verification
+--color:: Enable color when using text output even when the current terminal does not support it (Default: false)
 --effective-time:: Run policy checks with the provided time. Useful for testing rules with
 effective dates in the future. The value can be "now" (default) - for
 current time, "attestation" - for time from the youngest attestation, or
@@ -131,9 +132,10 @@ a RFC3339 formatted value, e.g. 2022-11-18T00:00:00Z.
 violations, include the title and the description of the failed policy
 rule. (Default: false)
 -j, --json-input:: DEPRECATED - use --images: JSON representation of an ApplicationSnapshot Spec
+--no-color:: Disable color when using text output even when the current terminal supports it (Default: false)
 --output:: write output to a file in a specific format. Use empty string path for stdout.
 May be used multiple times. Possible formats are:
-json, yaml, appstudio, summary, summary-markdown, junit, data, attestation, policy-input, vsa.
+json, yaml, text, appstudio, summary, summary-markdown, junit, data, attestation, policy-input, vsa.
  (Default: [])
 -o, --output-file:: [DEPRECATED] write output to a file. Use empty string for stdout, default behavior
 -p, --policy:: Policy configuration as:

features/__snapshots__/validate_image.snap

@@ -1721,7 +1721,54 @@ Error: success criteria not met
 Error: success criteria not met
 
 ---
+[detailed failures output:${TMPDIR}/output.txt - 1]
+Name:       Unnamed
+ImageRef:   ${REGISTRY}/acceptance/image@sha256:${REGISTRY_acceptance/image:latest_DIGEST}
+Summary:    Violations: 3, Warnings: 0, Successes: 4
+Violations:
+✕ main.reject_with_term
+  Fails always (term1)
+  Reject with term rule
+  Description: This rule will always fail. To exclude this rule add
+  "main.reject_with_term:term1" to the `exclude` section of the policy
+  configuration.
+  Solution: None
+
+✕ main.reject_with_term
+  Fails always (term2)
+  Reject with term rule
+  Description: This rule will always fail. To exclude this rule add
+  "main.reject_with_term:term2" to the `exclude` section of the policy
+  configuration.
+  Solution: None
+
+✕ main.rejector
+  Fails always
+  Reject rule
+  Description: This rule will always fail. To exclude this rule add
+  "main.rejector" to the `exclude` section of the policy configuration.
+  Solution: None
+
+Successes:
+✓ builtin.attestation.signature_check
+  Attestation signature check passed
+  Description: The attestation signature matches available signing materials.
+
+✓ builtin.attestation.syntax_check
+  Attestation syntax check passed
+  Description: The attestation has correct syntax.
+
+✓ builtin.image.signature_check
+  Image signature check passed
+  Description: The image signature matches available signing materials.
+
+✓ main.acceptor
+  Allow rule
+  Description: This rule will never fail
 
+
+
+---
 [future failure is a deny when using effective-date flag:stdout - 1]
 {
   "success": false,

features/validate_image.feature

@@ -377,9 +377,11 @@ Feature: evaluate enterprise contract
       ]
     }
     """
-    When ec command is run with "validate image --image ${REGISTRY}/acceptance/image --policy acceptance/ec-policy --rekor-url ${REKOR} --public-key ${known_PUBLIC_KEY} --info  --show-successes"
+    When ec command is run with "validate image --image ${REGISTRY}/acceptance/image --policy acceptance/ec-policy --rekor-url ${REKOR} --public-key ${known_PUBLIC_KEY} --info --show-successes --output text=${TMPDIR}/output.txt --color --output json"
     Then the exit status should be 1
     Then the output should match the snapshot
+    # Throw in some test coverage for `--output text` here
+    And the "${TMPDIR}/output.txt" file should match the snapshot
 
   Scenario: policy rule filtering
     Given a key pair named "known"

go.mod

@@ -221,6 +221,7 @@ require (
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/maruel/natural v1.1.1 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect

go.sum

@@ -944,6 +944,8 @@ github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=

internal/applicationsnapshot/report.go

@@ -18,6 +18,8 @@ package applicationsnapshot
 
 import (
 	"bytes"
+	"embed"
+	_ "embed"
 	"encoding/json"
 	"encoding/xml"
 	"fmt"
@@ -33,6 +35,7 @@ import (
 	"github.com/enterprise-contract/ec-cli/internal/format"
 	"github.com/enterprise-contract/ec-cli/internal/policy"
 	"github.com/enterprise-contract/ec-cli/internal/signature"
+	"github.com/enterprise-contract/ec-cli/internal/utils"
 	"github.com/enterprise-contract/ec-cli/internal/version"
 )
 
@@ -96,6 +99,7 @@ type TestReport struct {
 const (
 	JSON            = "json"
 	YAML            = "yaml"
+	Text            = "text"
 	AppStudio       = "appstudio"
 	Summary         = "summary"
 	SummaryMarkdown = "summary-markdown"
@@ -111,6 +115,7 @@ const (
 var OutputFormats = []string{
 	JSON,
 	YAML,
+	Text,
 	AppStudio,
 	Summary,
 	SummaryMarkdown,
@@ -188,6 +193,8 @@ func (r *Report) toFormat(format string) (data []byte, err error) {
 		data, err = json.Marshal(r)
 	case YAML:
 		data, err = yaml.Marshal(r)
+	case Text:
+		data, err = generateTextReport(r)
 	case AppStudio, HACBS:
 		data, err = json.Marshal(r.toAppstudioReport())
 	case Summary:
@@ -299,6 +306,13 @@ func generateMarkdownSummary(r *Report) ([]byte, error) {
 	return markdownBuffer.Bytes(), nil
 }
 
+//go:embed templates/*.tmpl
+var efs embed.FS
+
+func generateTextReport(r *Report) ([]byte, error) {
+	return utils.RenderFromTemplatesWithMain(r, "text_report.tmpl", efs)
+}
+
 func writeMarkdownField(buffer *bytes.Buffer, name string, value any, icon string) {
 	valueStr := fmt.Sprintf("%v", value)
 	buffer.WriteString(fmt.Sprintf("| %s | %s | %s |\n", name, valueStr, icon))

internal/applicationsnapshot/templates/_results.tmpl

@@ -0,0 +1,18 @@
+{{- $color := .Color -}}
+{{- $indent := 2 -}}
+{{- $wrap := 78 -}}
+{{- range .Results -}}
+{{- colorIndicator $color }} {{ colorText $color .Metadata.code }}
+{{ if and (ne .Message "Pass") .Message -}}
+  {{- indentWrap $indent $wrap .Message }}
+{{ end -}}
+{{ if .Metadata.title -}}
+  {{- indentWrap $indent $wrap .Metadata.title }}
+{{ end -}}
+{{ if .Metadata.description -}}
+  {{- indentWrap $indent $wrap (printf "Description: %s" .Metadata.description) }}
+{{ end -}}
+{{ if and (ne .Message "Pass") .Metadata.solution -}}
+  {{- indentWrap $indent $wrap (printf "Solution: %s" .Metadata.solution) }}
+{{ end }}
+{{ end -}}

internal/applicationsnapshot/templates/text_report.tmpl

@@ -0,0 +1,17 @@
+{{ range .Components -}}
+Name:       {{ .Name }}
+ImageRef:   {{ .ContainerImage }}
+Summary:    Violations: {{ len .Violations }}, Warnings: {{ len .Warnings }}, Successes: {{ .SuccessCount }}
+{{ if gt (len .Violations) 0 -}}
+Violations:
+{{ template "_results.tmpl" (toMap "Results" .Violations "Color" "red") }}
+{{- end -}}
+{{ if gt (len .Warnings) 0 -}}
+Warnings:
+{{ template "_results.tmpl" (toMap "Results" .Warnings "Color" "yellow") }}
+{{- end -}}
+{{ if and (gt .SuccessCount 0) (.Successes) -}}
+Successes:
+{{ template "_results.tmpl" (toMap "Results" .Successes "Color" "green") }}
+{{- end -}}
+{{- end }}

internal/utils/helpers.go

@@ -26,6 +26,7 @@ import (
 	"strings"
 	"unicode"
 
+	isatty "github.com/mattn/go-isatty"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/afero"
 	"sigs.k8s.io/yaml"
@@ -155,3 +156,31 @@ func HasSuffix(str string, extensions []string) bool {
 func HasJsonOrYamlExt(str string) bool {
 	return HasSuffix(str, []string{".json", ".yaml", ".yml"})
 }
+
+var ColorEnabled bool
+
+func SetColorEnabled(flagNoColor, flagForceColor bool) {
+	ColorEnabled = setColorEnabled(flagNoColor, flagForceColor)
+}
+
+func setColorEnabled(flagNoColor, flagForceColor bool) bool {
+	if flagNoColor || anyEnvSet([]string{"EC_NO_COLOR", "EC_NO_COLOUR", "NO_COLOR", "NO_COLOUR"}) {
+		// Force no color
+		return false
+	}
+	if flagForceColor || anyEnvSet([]string{"EC_FORCE_COLOR", "EC_FORCE_COLOUR", "FORCE_COLOR", "FORCE_COLOUR"}) {
+		// Force color
+		return true
+	}
+	// Use color if we're in a terminal that can presumably display it
+	return isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd())
+}
+
+func anyEnvSet(varNames []string) bool {
+	for _, varName := range varNames {
+		if os.Getenv(varName) != "" {
+			return true
+		}
+	}
+	return false
+}