Merge pull request #208 from cofide/me/add-resource-uuid

Add UUIDs to local resources

Author: markgoddard

internal/pkg/config/schema.cue

@@ -1,6 +1,7 @@
 #DataSource: string
 
 #TrustZone: {
+	id?: string
 	name!: string
 	trust_domain!: string
 	bundle_endpoint_url?: string
@@ -32,6 +33,7 @@
 }
 
 #Cluster: {
+	id?: string
 	name!: string
 	trust_zone!: string
 	kubernetes_context!: string
@@ -47,12 +49,14 @@
 }
 
 #APBinding: {
+	id?: string
 	trust_zone!: string
 	policy!: string
 	federates_with: [...string]
 }
 
 #AttestationPolicy: {
+	id?: string
 	name!: string
 	#APKubernetes | #APStatic
 }
@@ -89,6 +93,7 @@
 }
 
 #Federation: {
+	id?: string
 	from!: string
 	to!: string
 }

internal/pkg/config/validator_test.go

@@ -94,7 +94,7 @@ func TestValidator_ValidateInvalid(t *testing.T) {
 		{
 			name:    "missing attestation policy field",
 			data:    string(readTestConfig(t, "missing_attestation_policy_field.yaml")),
-			wantErr: "attestation_policies.0: incomplete value {name:\"ap1\",kubernetes?:{namespace_selector?:{match_labels?:{},match_expressions?:[]},pod_selector?:{match_labels?:{},match_expressions?:[]}}} | {name:\"ap1\",static?:{spiffe_id!:string,selectors!:[]}}",
+			wantErr: "attestation_policies.0: incomplete value {name:\"ap1\",id?:string,kubernetes?:{namespace_selector?:{match_labels?:{},match_expressions?:[]},pod_selector?:{match_labels?:{},match_expressions?:[]}}} | {name:\"ap1\",id?:string,static?:{spiffe_id!:string,selectors!:[]}}",
 		},
 		{
 			name:    "plugins not a map",

pkg/plugin/local/local.go

@@ -18,8 +18,19 @@ import (
 	"github.com/cofide/cofidectl/internal/pkg/config"
 	"github.com/cofide/cofidectl/internal/pkg/proto"
 	"github.com/cofide/cofidectl/pkg/plugin/datasource"
+
+	"github.com/google/uuid"
 )
 
+func generateId() (*string, error) {
+	uid, err := uuid.NewUUID()
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate UUID: %w", err)
+	}
+	id := uid.String()
+	return &id, nil
+}
+
 var _ datasource.DataSource = (*LocalDataSource)(nil)
 
 type LocalDataSource struct {
@@ -70,10 +81,20 @@ func (lds *LocalDataSource) updateDataFile() error {
 }
 
 func (lds *LocalDataSource) AddTrustZone(trustZone *trust_zone_proto.TrustZone) (*trust_zone_proto.TrustZone, error) {
+	if trustZone.GetId() != "" {
+		return nil, fmt.Errorf("trust zone %s should not have an ID set, this will be auto generated", trustZone.GetId())
+	}
+
+	id, err := generateId()
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate UUID for trust zone: %w", err)
+	}
+	trustZone.Id = id
+
 	if _, ok := lds.config.GetTrustZoneByName(trustZone.Name); ok {
 		return nil, fmt.Errorf("trust zone %s already exists in local config", trustZone.Name)
 	}
-	trustZone, err := proto.CloneTrustZone(trustZone)
+	trustZone, err = proto.CloneTrustZone(trustZone)
 	if err != nil {
 		return nil, err
 	}
@@ -187,6 +208,15 @@ func (lds *LocalDataSource) AddCluster(cluster *clusterpb.Cluster) (*clusterpb.C
 	name := cluster.GetName()
 	trustZone := cluster.GetTrustZone()
 
+	if cluster.GetId() != "" {
+		return nil, fmt.Errorf("cluster %s should not have an ID set, this will be auto generated", cluster.GetId())
+	}
+	id, err := generateId()
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate UUID for cluster: %w", err)
+	}
+	cluster.Id = id
+
 	if _, ok := lds.config.GetClusterByName(name, trustZone); ok {
 		return nil, fmt.Errorf("cluster %s already exists in trust zone %s in local config", name, trustZone)
 	}
@@ -195,7 +225,7 @@ func (lds *LocalDataSource) AddCluster(cluster *clusterpb.Cluster) (*clusterpb.C
 		return nil, fmt.Errorf("trust zone %s already has a cluster", trustZone)
 	}
 
-	cluster, err := proto.CloneCluster(cluster)
+	cluster, err = proto.CloneCluster(cluster)
 	if err != nil {
 		return nil, err
 	}
@@ -306,10 +336,20 @@ func validateTrustProviderUpdate(cluster, tzName string, current, new *trust_pro
 }
 
 func (lds *LocalDataSource) AddAttestationPolicy(policy *attestation_policy_proto.AttestationPolicy) (*attestation_policy_proto.AttestationPolicy, error) {
+	if policy.GetId() != "" {
+		return nil, fmt.Errorf("attestation policy %s should not have an ID set, this will be auto generated", *policy.Id)
+	}
+
+	id, err := generateId()
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate UUID for attestation policy: %w", err)
+	}
+	policy.Id = id
+
 	if _, ok := lds.config.GetAttestationPolicyByName(policy.Name); ok {
 		return nil, fmt.Errorf("attestation policy %s already exists in local config", policy.Name)
 	}
-	policy, err := proto.CloneAttestationPolicy(policy)
+	policy, err = proto.CloneAttestationPolicy(policy)
 	if err != nil {
 		return nil, err
 	}
@@ -364,6 +404,16 @@ func (lds *LocalDataSource) ListAttestationPolicies() ([]*attestation_policy_pro
 }
 
 func (lds *LocalDataSource) AddAPBinding(binding *ap_binding_proto.APBinding) (*ap_binding_proto.APBinding, error) {
+	if binding.GetId() != "" {
+		return nil, fmt.Errorf("attestation policy binding %s should not have an ID set, this will be auto generated", *binding.Id)
+	}
+
+	id, err := generateId()
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate UUID for attestation policy binding: %w", err)
+	}
+	binding.Id = id
+
 	// nolint:staticcheck
 	localTrustZone, ok := lds.config.GetTrustZoneByName(binding.TrustZone)
 	if !ok {
@@ -410,7 +460,7 @@ func (lds *LocalDataSource) AddAPBinding(binding *ap_binding_proto.APBinding) (*
 		}
 	}
 
-	binding, err := proto.CloneAPBinding(binding)
+	binding, err = proto.CloneAPBinding(binding)
 	if err != nil {
 		return nil, err
 	}
@@ -477,6 +527,13 @@ func (lds *LocalDataSource) ListAPBindings(filter *datasourcepb.ListAPBindingsRe
 }
 
 func (lds *LocalDataSource) AddFederation(federationProto *federation_proto.Federation) (*federation_proto.Federation, error) {
+	if federationProto.Id == nil || *federationProto.Id == "" {
+		id, err := generateId()
+		if err != nil {
+			return nil, fmt.Errorf("failed to generate UUID for federation: %w", err)
+		}
+		federationProto.Id = id
+	}
 	// nolint:staticcheck
 	fromTrustZone, ok := lds.config.GetTrustZoneByName(federationProto.From)
 	if !ok {

pkg/plugin/local/local_test.go

@@ -132,6 +132,7 @@ func TestLocalDataSource_AddTrustZone(t *testing.T) {
 				gotTrustZone, ok := gotConfig.GetTrustZoneByName(tt.trustZone.Name)
 				assert.True(t, ok)
 				assert.EqualExportedValues(t, tt.trustZone, gotTrustZone)
+				assert.NotNil(t, gotTrustZone.Id)
 			}
 		})
 	}
@@ -447,6 +448,7 @@ func TestLocalDataSource_AddCluster(t *testing.T) {
 				gotCluster, ok := gotConfig.GetClusterByName(tt.cluster.GetName(), tt.cluster.GetTrustZone())
 				assert.True(t, ok)
 				assert.EqualExportedValues(t, tt.cluster, gotCluster)
+				assert.NotNil(t, gotCluster.Id)
 			}
 		})
 	}
@@ -775,6 +777,7 @@ func TestLocalDataSource_AddAttestationPolicy(t *testing.T) {
 				gotPolicy, ok := gotConfig.GetAttestationPolicyByName(tt.policy.Name)
 				assert.True(t, ok)
 				assert.EqualExportedValues(t, tt.policy, gotPolicy)
+				assert.NotNil(t, gotPolicy.Id)
 			}
 		})
 	}
@@ -1025,6 +1028,7 @@ func TestLocalDataSource_AddAPBinding(t *testing.T) {
 				// nolint:staticcheck
 				gotBinding := gotConfig.TrustZones[0].AttestationPolicies[1]
 				assert.EqualExportedValues(t, tt.binding, gotBinding)
+				assert.NotNil(t, gotBinding.Id)
 			}
 		})
 	}
@@ -1268,6 +1272,7 @@ func TestLocalDataSource_AddFederation(t *testing.T) {
 				// nolint:staticcheck
 				gotFederation := gotConfig.TrustZones[0].Federations[1]
 				assert.EqualExportedValues(t, tt.federation, gotFederation)
+				assert.NotNil(t, gotFederation.Id)
 			}
 		})
 	}