Use ID fields for internal referencing in local source

This makes cofidctl use UUIDs everywhere instead of names. It also includes the needed API changes and CLI changes to make this happen

Signed-off-by: Maartje Eyskens <maartje@eyskens.me>

Author: meyskens

cmd/cofidectl/cmd/apbinding/apbinding.go

@@ -4,14 +4,18 @@
 package apbinding
 
 import (
+	"errors"
 	"os"
 	"strings"
 
 	ap_binding_proto "github.com/cofide/cofide-api-sdk/gen/go/proto/ap_binding/v1alpha1"
-	datasourcepb "github.com/cofide/cofide-api-sdk/gen/go/proto/cofidectl_plugin/v1alpha1"
+	datasourcepb "github.com/cofide/cofide-api-sdk/gen/go/proto/cofidectl/datasource_plugin/v1alpha2"
+	trust_zone_proto "github.com/cofide/cofide-api-sdk/gen/go/proto/trust_zone/v1alpha1"
 	cmdcontext "github.com/cofide/cofidectl/pkg/cmd/context"
 	"github.com/cofide/cofidectl/pkg/plugin/datasource"
 
+	"slices"
+
 	"github.com/olekukonko/tablewriter"
 	"github.com/spf13/cobra"
 )
@@ -52,8 +56,8 @@ This command will list attestation policy bindings in the Cofide configuration s
 `
 
 type ListOpts struct {
-	trustZone         string
-	attestationPolicy string
+	trustZoneID         string
+	attestationPolicyID string
 }
 
 func (c *APBindingCommand) GetListCommand() *cobra.Command {
@@ -79,33 +83,39 @@ func (c *APBindingCommand) GetListCommand() *cobra.Command {
 	}
 
 	f := cmd.Flags()
-	f.StringVar(&opts.trustZone, "trust-zone", "", "list the attestation policies bound to a specific trust zone")
-	f.StringVar(&opts.attestationPolicy, "attestation-policy", "", "list the bindings for a specific attestation policy")
+	f.StringVar(&opts.trustZoneID, "trust-zone-id", "", "list the attestation policies bound to a specific trust zone")
+	f.StringVar(&opts.attestationPolicyID, "attestation-policy-id", "", "list the bindings for a specific attestation policy")
 
 	return cmd
 }
 
 func (c *APBindingCommand) list(source datasource.DataSource, opts ListOpts) ([]*ap_binding_proto.APBinding, error) {
 	filter := &datasourcepb.ListAPBindingsRequest_Filter{}
-	if opts.trustZone != "" {
-		filter.TrustZoneName = &opts.trustZone
+	if opts.trustZoneID != "" {
+		filter.TrustZoneId = &opts.trustZoneID
 	}
-	if opts.attestationPolicy != "" {
-		filter.PolicyName = &opts.attestationPolicy
+	if opts.attestationPolicyID != "" {
+		filter.PolicyId = &opts.attestationPolicyID
 	}
 	return source.ListAPBindings(filter)
 }
 
+func renderFederations(bindings []*ap_binding_proto.APBindingFederation) string {
+	federations := []string{}
+	for _, binding := range bindings {
+		federations = append(federations, binding.GetTrustZoneId())
+	}
+
+	return strings.Join(federations, ", ")
+}
+
 func renderList(bindings []*ap_binding_proto.APBinding) {
 	data := make([][]string, len(bindings))
 	for i, binding := range bindings {
 		data[i] = []string{
-			// nolint:staticcheck
-			binding.TrustZone,
-			// nolint:staticcheck
-			binding.Policy,
-			// nolint:staticcheck
-			strings.Join(binding.FederatesWith, ", "),
+			binding.GetTrustZoneId(),
+			binding.GetPolicyId(),
+			renderFederations(binding.GetFederations()),
 		}
 	}
 
@@ -120,9 +130,12 @@ var apBindingAddCmdDesc = `
 This command will bind an attestation policy to a trust zone.`
 
 type AddOpts struct {
-	trustZone         string
-	attestationPolicy string
-	federatesWith     []string
+	trustZonename       string
+	trustZoneID         string
+	attestationPolicy   string
+	attestationPolicyID string
+	federatesWith       []string
+	federatesWithIDs    []string
 }
 
 func (c *APBindingCommand) GetAddCommand() *cobra.Command {
@@ -138,32 +151,92 @@ func (c *APBindingCommand) GetAddCommand() *cobra.Command {
 				return err
 			}
 
+			trustZoneID := opts.trustZoneID
+			if trustZoneID == "" {
+				tz, err := ds.GetTrustZoneByName(opts.trustZonename)
+				if err != nil {
+					return err
+				}
+				if tz == nil {
+					return errors.New("trust zone not found")
+				}
+				trustZoneID = tz.GetId()
+
+			}
+			if trustZoneID == "" {
+				return errors.New("trust zone not found")
+			}
+
+			policyID := opts.attestationPolicyID
+			if policyID == "" {
+				policies, err := ds.ListAttestationPolicies()
+				if err != nil {
+					return err
+				}
+				for _, policy := range policies {
+					if policy.Name == opts.attestationPolicy {
+						policyID = policy.GetId()
+						break
+					}
+				}
+			}
+			if policyID == "" {
+				return errors.New("attestation policy not found")
+			}
+
+			federatesWith := opts.federatesWithIDs
+			if len(opts.federatesWith) > 0 {
+				federatesWith = []string{}
+				tzs, err := ds.ListTrustZones()
+				if err != nil {
+					return err
+				}
+				for _, tz := range tzs {
+					if slices.Contains(opts.federatesWith, tz.Name) {
+						federatesWith = append(federatesWith, tz.GetId())
+					}
+				}
+			}
+			federations := []*ap_binding_proto.APBindingFederation{}
+			for _, federate := range federatesWith {
+				federations = append(federations, &ap_binding_proto.APBindingFederation{
+					TrustZoneId: &federate,
+				})
+			}
+
 			binding := &ap_binding_proto.APBinding{
-				TrustZone:     opts.trustZone,
-				Policy:        opts.attestationPolicy,
-				FederatesWith: opts.federatesWith,
+				TrustZoneId: &trustZoneID,
+				PolicyId:    &policyID,
+				Federations: federations,
 			}
 			_, err = ds.AddAPBinding(binding)
 			return err
 		},
 	}
 
 	f := cmd.Flags()
-	f.StringVar(&opts.trustZone, "trust-zone", "", "Trust zone name")
+	f.StringVar(&opts.trustZonename, "trust-zone-name", "", "Trust zone name")
+	f.StringVar(&opts.trustZoneID, "trust-zone-id", "", "Trust zone ID")
 	f.StringVar(&opts.attestationPolicy, "attestation-policy", "", "Attestation policy name")
+	f.StringVar(&opts.attestationPolicy, "attestation-policy-id", "", "Attestation policy ID")
 	f.StringSliceVar(&opts.federatesWith, "federates-with", nil, "Defines a trust zone to federate identity with. May be specified multiple times")
+	f.StringSliceVar(&opts.federatesWithIDs, "federates-with-id", nil, "Defines a trust zone to federate identity with. May be specified multiple times")
 
-	cobra.CheckErr(cmd.MarkFlagRequired("trust-zone"))
-	cobra.CheckErr(cmd.MarkFlagRequired("attestation-policy"))
-
+	cmd.MarkFlagsOneRequired("trust-zone-name", "trust-zone-id")
+	cmd.MarkFlagsOneRequired("attestation-policy", "attestation-policy-id")
+	cmd.MarkFlagsMutuallyExclusive("trust-zone-name", "trust-zone-id")
+	cmd.MarkFlagsMutuallyExclusive("attestation-policy", "attestation-policy-id")
+	cmd.MarkFlagsMutuallyExclusive("federates-with", "federates-with-id")
 	return cmd
 }
 
 var apBindingDelCmdDesc = `
 This command will unbind an attestation policy from a trust zone.`
 
 type DelOpts struct {
-	trustZone         string
+	id                string
+	trustZoneName     string
+	trustZoneID       string
 	attestationPolicy string
 }
 
@@ -180,20 +253,57 @@ func (c *APBindingCommand) GetDelCommand() *cobra.Command {
 				return err
 			}
 
-			binding := &ap_binding_proto.APBinding{
-				TrustZone: opts.trustZone,
-				Policy:    opts.attestationPolicy,
+			if opts.id != "" {
+				return ds.DestroyAPBinding(opts.id)
+			}
+
+			var trustZone *trust_zone_proto.TrustZone
+			if opts.trustZoneName != "" {
+				trustZone, err = ds.GetTrustZoneByName(opts.trustZoneName)
+				if err != nil {
+					return err
+				}
+			}
+			if opts.trustZoneID != "" {
+				trustZone, err = ds.GetTrustZone(opts.trustZoneID)
+				if err != nil {
+					return err
+				}
+			}
+			policy, err := ds.GetAttestationPolicyByName(opts.attestationPolicy)
+			if err != nil {
+				return err
+			}
+
+			bindings, err := ds.ListAPBindings(&datasourcepb.ListAPBindingsRequest_Filter{
+				TrustZoneId: trustZone.Id,
+				PolicyId:    policy.Id,
+			})
+			if err != nil {
+				return err
+			}
+			if len(bindings) == 0 {
+				return errors.New("no binding found")
+			}
+			if len(bindings) > 1 {
+				return errors.New("multiple bindings found")
 			}
-			return ds.DestroyAPBinding(binding)
+			binding := bindings[0]
+			return ds.DestroyAPBinding(binding.GetId())
 		},
 	}
 
 	f := cmd.Flags()
-	f.StringVar(&opts.trustZone, "trust-zone", "", "Trust zone name")
+	f.StringVar(&opts.trustZoneName, "trust-zone-name", "", "Trust zone name")
+	f.StringVar(&opts.trustZoneID, "trust-zone-id", "", "Trust zone ID")
 	f.StringVar(&opts.attestationPolicy, "attestation-policy", "", "Attestation policy name")
+	f.StringVar(&opts.id, "id", "", "Binding ID")
 
-	cobra.CheckErr(cmd.MarkFlagRequired("trust-zone"))
-	cobra.CheckErr(cmd.MarkFlagRequired("attestation-policy"))
+	cmd.MarkFlagsOneRequired("trust-zone-id", "trust-zone-name", "id")
+	cmd.MarkFlagsOneRequired("attestation-policy", "id")
+	cmd.MarkFlagsMutuallyExclusive("trust-zone-name", "id")
+	cmd.MarkFlagsMutuallyExclusive("trust-zone-id", "id")
+	cmd.MarkFlagsMutuallyExclusive("attestation-policy", "id")
 
 	return cmd
 }

cmd/cofidectl/cmd/attestationpolicy/attestationpolicy.go

@@ -385,28 +385,53 @@ func parseSelectors(selectorStrings []string) ([]*types.Selector, error) {
 	return selectors, nil
 }
 
+type DelStaticOpts struct {
+	name string
+	id   string
+}
+
 var attestationPolicyDelCmdDesc = `
 This command will delete an attestation policy from the Cofide configuration state.
 `
 
 func (c *AttestationPolicyCommand) getDelCommand() *cobra.Command {
+	opts := DelStaticOpts{}
+
 	cmd := &cobra.Command{
-		Use:   "del [NAME]",
+		Use:   "del",
 		Short: "Delete an attestation policy",
 		Long:  attestationPolicyDelCmdDesc,
-		Args:  cobra.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return c.deletePolicy(cmd.Context(), args[0])
+			return c.deletePolicy(cmd.Context(), opts)
 		},
 	}
+
+	f := cmd.Flags()
+	f.StringVar(&opts.name, "name", "", "Name of the attestation policy")
+	f.StringVar(&opts.id, "id", "", "ID of the attestation policy")
+
+	cmd.MarkFlagsOneRequired("name", "id")
+
 	return cmd
 }
 
-func (c *AttestationPolicyCommand) deletePolicy(ctx context.Context, name string) error {
+func (c *AttestationPolicyCommand) deletePolicy(ctx context.Context, opts DelStaticOpts) error {
 	ds, err := c.cmdCtx.PluginManager.GetDataSource(ctx)
 	if err != nil {
 		return err
 	}
 
-	return ds.DestroyAttestationPolicy(name)
+	id := opts.id
+	if opts.name != "" {
+		ap, err := ds.GetAttestationPolicyByName(opts.name)
+		if err != nil {
+			return err
+		}
+		if ap == nil {
+			return fmt.Errorf("attestation policy %q not found", opts.name)
+		}
+		id = ap.GetId()
+	}
+
+	return ds.DestroyAttestationPolicy(id)
 }