Log error messages to stderr

[aconic-sb]

Summary

Conjur CLI seems to be logging errors to stdout instead of stderr.

Steps to Reproduce

Steps to reproduce the behavior:

1. Create invalid Conjur YAML file
2. Apply it
3. See expected error message
4. Apply it again redirecting stdout to /dev/null
5. No error message is shown

[myuser@myserver ~]$ cat bad-policy.yml
---
- !group
  iid: admin
[myuser@myserver ~]$ conjur policy load -b root -f bad-policy.yml
Failed to execute command. Reason: 422 Client Error: Unprocessable Entity for url: https://conjur-server.mycompany.com/policies/slsp/policy/root. The policy was empty or its contents were not in valid YAML.
Run the command again in debug mode for more information.
[myuser@myserver ~]$ echo $?
1
[myuser@myserver ~]$ conjur policy load -b root -f bad-policy.yml > /dev/null
[myuser@myserver ~]$ echo $?
1
[myuser@myserver ~]$

Expected Results

Write error messages to stderr

Actual Results (including error logs, if applicable)

Error messages are written to stdout

Reproducible

• Always
• Sometimes
• Non-Reproducible

Version/Tag number

Latest version of the Python implementation of Conjur CLI (v7.0.1)

Additional Information

When applying a policy sensitive information might get printed to stdout (e.g. API keys for hosts and users). I would like to redirect stdout to /dev/null but still be able to see any error messages (not just the exit code).