auth-wrapper: add AUTH_WRAPPER_QUIET env support

cmd/authwrapper/main.go

@@ -58,16 +58,21 @@ func main() {
 	if err != nil {
 		log.Fatalf("Failed to list sshAgent keys: %v", err)
 	}
-	fmt.Fprintf(os.Stderr, "Loaded keys:\n")
-	for _, key := range keyList {
-		fmt.Fprintf(os.Stderr, "%s %s\n", strings.TrimSuffix(string(ssh.MarshalAuthorizedKey(key)), "\n"), key.Comment)
+
+	if config.AuthWrapperQuiet == "" {
+		fmt.Fprintf(os.Stderr, "Loaded keys:\n")
+
+		for _, key := range keyList {
+			fmt.Fprintf(os.Stderr, "%s %s\n", strings.TrimSuffix(string(ssh.MarshalAuthorizedKey(key)), "\n"), key.Comment)
+		}
 	}
 
 	exitCode, err := runCommandWithSSHAgent(agent, config.Command, config.Args)
 	if err != nil {
 		log.Fatalf("runCommandWithSSHAgent: %v", err)
 	}
 
-	fmt.Fprintf(os.Stderr, "exit code: %v\n", exitCode)
-	os.Exit(exitCode)
+	if config.AuthWrapperQuiet == "" {
+		fmt.Fprintf(os.Stderr, "exit code: %v\n", exitCode)
+	}
 }

cmd/authwrapper/setup.go

@@ -30,6 +30,7 @@ type Config struct {
 	SSHCaAuthorizedKeysPath string
 	SSHSigningServerAddress string
 	SSHAgentSocket          string
+	AuthWrapperQuiet        string
 }
 
 var principalsFlag = flag.String("principals", "", "requested principals")
@@ -51,6 +52,7 @@ func parseEnvironment() (*Config, error) {
 		SSHCaAuthorizedKeysPath: os.Getenv("SSH_CA_AUTHORIZED_KEYS_PATH"),
 		SSHSigningServerAddress: os.Getenv("SSH_SIGNING_SERVER_LISTEN_ADDRESS"),
 		SSHAgentSocket:          os.Getenv("SSH_AUTH_SOCK"),
+		AuthWrapperQuiet:        os.Getenv("AUTH_WRAPPER_QUIET"),
 	}
 	os.Unsetenv("WRAP_COMMAND")
 	os.Unsetenv("SSH_KEY_PATH")
@@ -60,6 +62,7 @@ func parseEnvironment() (*Config, error) {
 	os.Unsetenv("SSH_CA_KEY_PASSWORD")
 	os.Unsetenv("SSH_SIGNING_SERVER_LISTEN_ADDRESS")
 	os.Unsetenv("SSH_AUTH_SOCK")
+	os.Unsetenv("AUTH_WRAPPER_QUIET")
 
 	if *principalsFlag != "" {
 		config.RequestedPrincipals = strings.Split(*principalsFlag, ",")