Merge issues/56 into issues/4

cmd/cofidectl/cmd/down.go

@@ -42,7 +42,7 @@ func (d *DownCommand) DownCmd() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			return statusspinner.WatchProvisionStatus(cmd.Context(), statusCh)
+			return statusspinner.WatchProvisionStatus(cmd.Context(), statusCh, false)
 		},
 	}
 	return cmd

cmd/cofidectl/cmd/statusspinner/statusspinner.go

@@ -47,7 +47,7 @@ func (ss *statusSpinner) update(status *provisionpb.Status) {
 
 // WatchProvisionStatus reads Status objects from a channel and manages status spinners to consume the events.
 // The channel may receive status objects for multiple sequential operations, each of which should use its own spinner.
-func WatchProvisionStatus(ctx context.Context, statusCh <-chan *provisionpb.Status) error {
+func WatchProvisionStatus(ctx context.Context, statusCh <-chan *provisionpb.Status, quiet bool) error {
 	var spinner *statusSpinner
 	for {
 		select {
@@ -57,10 +57,14 @@ func WatchProvisionStatus(ctx context.Context, statusCh <-chan *provisionpb.Stat
 			if !ok {
 				return nil
 			}
+
 			if spinner == nil {
 				spinner = new()
-				spinner.start()
+				if !quiet {
+					spinner.start()
+				}
 			}
+
 			spinner.update(status)
 			if status.GetError() != "" {
 				return errors.New(status.GetError())

cmd/cofidectl/cmd/trustzone/trustzone.go

@@ -12,6 +12,7 @@ import (
 	"strconv"
 
 	"github.com/cofide/cofidectl/cmd/cofidectl/cmd/trustzone/helm"
+	trustprovider "github.com/cofide/cofidectl/internal/pkg/trustprovider"
 	cmdcontext "github.com/cofide/cofidectl/pkg/cmd/context"
 	"github.com/manifoldco/promptui"
 
@@ -140,13 +141,19 @@ func (c *TrustZoneCommand) GetAddCommand() *cobra.Command {
 				return err
 			}
 
+			trustProviderKind, err := trustprovider.GetTrustProviderKindFromProfile(opts.profile)
+			if err != nil {
+				return err
+			}
+
 			bundleEndpointProfile := trust_zone_proto.BundleEndpointProfile_BUNDLE_ENDPOINT_PROFILE_HTTPS_SPIFFE
 			newTrustZone := &trust_zone_proto.TrustZone{
 				Name:                  opts.name,
 				TrustDomain:           opts.trustDomain,
 				KubernetesCluster:     &opts.kubernetesCluster,
 				KubernetesContext:     &opts.context,
-				TrustProvider:         &trust_provider_proto.TrustProvider{Kind: &opts.profile},
+				TrustProvider:         &trust_provider_proto.TrustProvider{Kind: &trustProviderKind},
+				Profile:               &opts.profile,
 				JwtIssuer:             &opts.jwtIssuer,
 				BundleEndpointProfile: &bundleEndpointProfile,
 			}

cmd/cofidectl/cmd/up.go

@@ -23,7 +23,12 @@ var upCmdDesc = `
 This command installs a Cofide configuration
 `
 
+type UpOpts struct {
+	quiet bool
+}
+
 func (u *UpCommand) UpCmd() *cobra.Command {
+	opts := UpOpts{}
 	cmd := &cobra.Command{
 		Use:   "up [ARGS]",
 		Short: "Installs a Cofide configuration",
@@ -43,8 +48,17 @@ func (u *UpCommand) UpCmd() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			return statusspinner.WatchProvisionStatus(cmd.Context(), statusCh)
+
+			return statusspinner.WatchProvisionStatus(
+				cmd.Context(),
+				statusCh,
+				opts.quiet,
+			)
 		},
 	}
+
+	f := cmd.Flags()
+	f.BoolVar(&opts.quiet, "quiet", false, "Minimise logging from installation")
+
 	return cmd
 }

go.mod

@@ -5,7 +5,7 @@ go 1.22.7
 require (
 	buf.build/go/protoyaml v0.2.0
 	cuelang.org/go v0.10.1
-	github.com/cofide/cofide-api-sdk v0.3.1-0.20241211174622-3ef03dc9b6dc
+	github.com/cofide/cofide-api-sdk v0.4.1-0.20241212134830-527e2164f012
 	github.com/fatih/color v1.18.0
 	github.com/gofrs/flock v0.12.1
 	github.com/google/go-cmp v0.6.0
@@ -147,15 +147,15 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.27.0 // indirect
 	go.opentelemetry.io/otel/trace v1.28.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
-	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect
 	golang.org/x/mod v0.20.0 // indirect
 	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/term v0.25.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect

go.sum

@@ -84,8 +84,8 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg=
 github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc=
-github.com/cofide/cofide-api-sdk v0.3.1-0.20241211174622-3ef03dc9b6dc h1:iioGLZKrECKzCN9SQ3DNpG1acO+StWU1ZUyOz6+P8Eg=
-github.com/cofide/cofide-api-sdk v0.3.1-0.20241211174622-3ef03dc9b6dc/go.mod h1:u2iATR4IbZm9ruIBN734UjVuO3XQKPAFViIY3Xr6kTA=
+github.com/cofide/cofide-api-sdk v0.4.1-0.20241212134830-527e2164f012 h1:XJe+gZeK8YFYULInSQ10+BApaO872hPxZSp7ofJjyoU=
+github.com/cofide/cofide-api-sdk v0.4.1-0.20241212134830-527e2164f012/go.mod h1:u2iATR4IbZm9ruIBN734UjVuO3XQKPAFViIY3Xr6kTA=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ=
@@ -513,8 +513,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=
 golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
@@ -549,8 +549,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -572,15 +572,15 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
-golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

internal/pkg/config/schema.cue

@@ -6,6 +6,7 @@
 	kubernetes_cluster!: string
 	kubernetes_context!: string
 	trust_provider!: #TrustProvider
+	profile!: string
 	bundle_endpoint_url?: string
 	bundle?: string
 	federations: [...#Federation]

internal/pkg/config/testdata/config/full.yaml

@@ -23,6 +23,7 @@ trust_zones:
         spire-server:
             logLevel: INFO
       bundle_endpoint_profile: BUNDLE_ENDPOINT_PROFILE_HTTPS_SPIFFE
+      profile: kubernetes
     - name: tz2
       trust_domain: td2
       kubernetes_cluster: local2
@@ -40,6 +41,7 @@ trust_zones:
             - tz1
       jwt_issuer: https://tz2.example.com
       bundle_endpoint_profile: BUNDLE_ENDPOINT_PROFILE_HTTPS_WEB
+      profile: kubernetes
 attestation_policies:
     - name: ap1
       kubernetes:

internal/pkg/test/fixtures/fixtures.go

@@ -26,6 +26,7 @@ var trustZoneFixtures map[string]*trust_zone_proto.TrustZone = map[string]*trust
 		TrustProvider: &trust_provider_proto.TrustProvider{
 			Kind: StringPtr("kubernetes"),
 		},
+		Profile:           StringPtr("kubernetes"),
 		BundleEndpointUrl: StringPtr("127.0.0.1"),
 		Federations: []*federation_proto.Federation{
 			{
@@ -70,6 +71,7 @@ var trustZoneFixtures map[string]*trust_zone_proto.TrustZone = map[string]*trust
 		TrustProvider: &trust_provider_proto.TrustProvider{
 			Kind: StringPtr("kubernetes"),
 		},
+		Profile:           StringPtr("kubernetes"),
 		BundleEndpointUrl: StringPtr("127.0.0.2"),
 		Federations: []*federation_proto.Federation{
 			{
@@ -96,11 +98,26 @@ var trustZoneFixtures map[string]*trust_zone_proto.TrustZone = map[string]*trust
 		TrustProvider: &trust_provider_proto.TrustProvider{
 			Kind: StringPtr("kubernetes"),
 		},
+		Profile:               StringPtr("kubernetes"),
 		BundleEndpointUrl:     StringPtr("127.0.0.3"),
 		Federations:           []*federation_proto.Federation{},
 		AttestationPolicies:   []*ap_binding_proto.APBinding{},
 		BundleEndpointProfile: trust_zone_proto.BundleEndpointProfile_BUNDLE_ENDPOINT_PROFILE_HTTPS_SPIFFE.Enum(),
 	},
+	// tz4 has no federations or bound attestation policies and uses the istio profile.
+	"tz4": {
+		Name:              "tz4",
+		TrustDomain:       "td4",
+		KubernetesCluster: StringPtr("local4"),
+		KubernetesContext: StringPtr("kind-local4"),
+		TrustProvider: &trust_provider_proto.TrustProvider{
+			Kind: StringPtr("kubernetes"),
+		},
+		Profile:             StringPtr("istio"),
+		BundleEndpointUrl:   StringPtr("127.0.0.4"),
+		Federations:         []*federation_proto.Federation{},
+		AttestationPolicies: []*ap_binding_proto.APBinding{},
+	},
 }
 
 var attestationPolicyFixtures map[string]*attestation_policy_proto.AttestationPolicy = map[string]*attestation_policy_proto.AttestationPolicy{

internal/pkg/trustprovider/trustprovider.go

@@ -60,7 +60,7 @@ func (tp *TrustProvider) GetValues() error {
 			},
 		}
 	default:
-		return fmt.Errorf("an unknown trust provider profile was specified: %s", tp.Kind)
+		return fmt.Errorf("an unknown trust provider kind was specified: %s", tp.Kind)
 	}
 	return nil
 }
@@ -78,3 +78,14 @@ type TrustProviderServerConfig struct {
 	NodeAttestorEnabled bool           `yaml:"nodeAttestorEnabled"`
 	NodeAttestorConfig  map[string]any `yaml:"nodeAttestorConfig"`
 }
+
+// GetTrustProviderKindFromProfile returns the valid kind of trust provider for the
+// corresponding profile.
+func GetTrustProviderKindFromProfile(profile string) (string, error) {
+	switch profile {
+	case "istio", "kubernetes":
+		return "kubernetes", nil
+	default:
+		return "", fmt.Errorf("failed to get trust provider kind, an invalid profile was specified: %s", profile)
+	}
+}

internal/pkg/trustprovider/trustprovider_test.go

@@ -0,0 +1,63 @@
+// Copyright 2024 Cofide Limited.
+// SPDX-License-Identifier: Apache-2.0
+
+package trustprovider
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetTrustProviderKindFromProfile(t *testing.T) {
+	tests := []struct {
+		name      string
+		profile   string
+		want      string
+		wantErr   bool
+		errString string
+	}{
+		{
+			name:    "valid kubernetes profile",
+			profile: "kubernetes",
+			want:    "kubernetes",
+			wantErr: false,
+		},
+		{
+			name:    "valid istio profile",
+			profile: "istio",
+			want:    "kubernetes",
+			wantErr: false,
+		},
+		{
+			name:      "invalid profile specified",
+			profile:   "invalid",
+			wantErr:   true,
+			errString: "failed to get trust provider kind, an invalid profile was specified: invalid",
+		},
+		{
+			name:      "invalid profile specified, Kubernetes",
+			profile:   "Kubernetes",
+			wantErr:   true,
+			errString: "failed to get trust provider kind, an invalid profile was specified: Kubernetes",
+		},
+		{
+			name:      "invalid profile specified, ISTIO",
+			profile:   "ISTIO",
+			wantErr:   true,
+			errString: "failed to get trust provider kind, an invalid profile was specified: ISTIO",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resp, err := GetTrustProviderKindFromProfile(tt.profile)
+			if tt.wantErr {
+				assert.Equal(t, tt.errString, err.Error())
+				return
+			}
+
+			assert.Nil(t, err)
+			assert.Equal(t, tt.want, resp)
+		})
+	}
+}