feat: default inline CAS backend fallback (#247)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/cli/cmd/casbackend.go

@@ -54,7 +54,7 @@ func newCASBackendUpdateCmd() *cobra.Command {
 	cmd.PersistentFlags().Bool("default", false, "set the backend as default in your organization")
 	cmd.PersistentFlags().String("description", "", "descriptive information for this registration")
 
-	cmd.AddCommand(newCASBackendUpdateOCICmd())
+	cmd.AddCommand(newCASBackendUpdateOCICmd(), newCASBackendUpdateInlineCmd())
 	return cmd
 }
 

app/cli/cmd/casbackend_list.go

@@ -19,8 +19,10 @@ import (
 	"fmt"
 	"time"
 
+	"code.cloudfoundry.org/bytefmt"
 	"github.com/chainloop-dev/chainloop/app/cli/internal/action"
 	"github.com/jedib0t/go-pretty/v6/table"
+	"github.com/muesli/reflow/wrap"
 	"github.com/spf13/cobra"
 )
 
@@ -50,14 +52,19 @@ func casBackendListTableOutput(backends []*action.CASBackendItem) error {
 	}
 
 	t := newTableWriter()
-	header := table.Row{"ID", "Location", "Provider", "Description", "Default"}
+	header := table.Row{"ID", "Location", "Provider", "Description", "Limits", "Default"}
 	if full {
 		header = append(header, "Validation Status", "Created At", "Validated At")
 	}
 
 	t.AppendHeader(header)
 	for _, b := range backends {
-		r := table.Row{b.ID, b.Location, b.Provider, b.Description, b.Default}
+		limits := "no limits"
+		if b.Limits != nil {
+			limits = fmt.Sprintf("MaxSize: %s", bytefmt.ByteSize(uint64(b.Limits.MaxBytes)))
+		}
+
+		r := table.Row{b.ID, wrap.String(b.Location, 35), b.Provider, wrap.String(b.Description, 35), limits, b.Default}
 		if full {
 			r = append(r, b.ValidationStatus,
 				b.CreatedAt.Format(time.RFC822),

app/cli/cmd/casbackend_update_inline.go

@@ -0,0 +1,75 @@
+//
+// Copyright 2023 The Chainloop Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cmd
+
+import (
+	"github.com/chainloop-dev/chainloop/app/cli/internal/action"
+	"github.com/go-kratos/kratos/v2/log"
+	"github.com/spf13/cobra"
+)
+
+func newCASBackendUpdateInlineCmd() *cobra.Command {
+	var backendID string
+	cmd := &cobra.Command{
+		Use:   "inline",
+		Short: "Update the Inline, fallback CAS Backend description or default status",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			isDefault, err := cmd.Flags().GetBool("default")
+			cobra.CheckErr(err)
+
+			description, err := cmd.Flags().GetString("description")
+			cobra.CheckErr(err)
+
+			// If we are overriding the default we ask for confirmation
+			if isDefault {
+				if confirmed, err := confirmDefaultCASBackendOverride(actionOpts, backendID); err != nil {
+					return err
+				} else if !confirmed {
+					log.Info("Aborting...")
+					return nil
+				}
+			} else {
+				// If we are removing the default we ask for confirmation too
+				if confirmed, err := confirmDefaultCASBackendUnset(backendID, "You are setting the default CAS backend to false", actionOpts); err != nil {
+					return err
+				} else if !confirmed {
+					log.Info("Aborting...")
+					return nil
+				}
+			}
+
+			opts := &action.NewCASBackendUpdateOpts{
+				ID:          backendID,
+				Description: description,
+				Default:     isDefault,
+			}
+
+			res, err := action.NewCASBackendUpdate(actionOpts).Run(opts)
+			if err != nil {
+				return err
+			} else if res == nil {
+				return nil
+			}
+
+			return encodeOutput([]*action.CASBackendItem{res}, casBackendListTableOutput)
+		},
+	}
+
+	cmd.Flags().StringVar(&backendID, "id", "", "CAS Backend ID")
+	err := cmd.MarkFlagRequired("id")
+	cobra.CheckErr(err)
+	return cmd
+}

app/cli/cmd/config_ocirepository_set.go

@@ -24,8 +24,9 @@ func newOCIRepositoryCreateCmd() *cobra.Command {
 	var repo, username, password string
 
 	cmd := &cobra.Command{
-		Use:   "set-oci-repo",
-		Short: "Set the OCI repository associated with your current org",
+		Use:        "set-oci-repo",
+		Deprecated: "use 'chainloop cas-backend' instead",
+		Short:      "Set the OCI repository associated with your current org",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts := &action.NewOCIRepositorySaveOpts{
 				Repo: repo, Username: username, Password: password,

app/cli/internal/action/attestation_add.go

@@ -18,6 +18,7 @@ package action
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	pb "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"
 	"github.com/chainloop-dev/chainloop/internal/attestation/crafter"
@@ -63,7 +64,7 @@ func (action *AttestationAdd) Run(k, v string) error {
 		return err
 	}
 
-	// Get upload creds for the current attestation and set up CAS client
+	// Get upload creds and CASbackend for the current attestation and set up CAS client
 	client := pb.NewAttestationServiceClient(action.CPConnection)
 	creds, err := client.GetUploadCreds(context.Background(),
 		&pb.AttestationServiceGetUploadCredsRequest{
@@ -73,31 +74,32 @@ func (action *AttestationAdd) Run(k, v string) error {
 	if err != nil {
 		return err
 	}
-	artifactCASConn, err := grpcconn.New(action.casURI, creds.Result.Token, action.connectionInsecure)
-	if err != nil {
-		return err
-	}
-	defer artifactCASConn.Close()
 
-	cc := casclient.New(artifactCASConn, casclient.WithLogger(action.Logger))
+	b := creds.GetResult().GetBackend()
+	if b == nil {
+		return fmt.Errorf("no backend found in upload creds")
+	}
 
-	// // TODO: retrieve this information from backend
-	backend := &casclient.CASBackend{
-		Uploader: cc,
-		Name:     "OCI",
-		// 100MB max size
-		MaxSize: 100 * 1024 * 1024,
+	// Define CASbackend information based on the API response
+	casBackend := &casclient.CASBackend{
+		Name:    b.Provider,
+		MaxSize: b.GetLimits().MaxBytes,
 	}
 
-	// backend := &casclient.CASBackend{
-	// 	Name: "INLINE",
-	// 	// 500KB max size
-	// 	MaxSize: 500 * 1024,
-	// }
+	// Some CASBackends will actually upload information to the CAS server
+	// in such case we need to set up a connection
+	if !b.IsInline && creds.Result.Token != "" {
+		artifactCASConn, err := grpcconn.New(action.casURI, creds.Result.Token, action.connectionInsecure)
+		if err != nil {
+			return err
+		}
+		defer artifactCASConn.Close()
 
-	if err := action.c.AddMaterial(k, v, backend); err != nil {
-		action.Logger.Err(err).Msg("adding material")
-		return err
+		casBackend.Uploader = casclient.New(artifactCASConn, casclient.WithLogger(action.Logger))
+	}
+
+	if err := action.c.AddMaterial(k, v, casBackend); err != nil {
+		return fmt.Errorf("adding material: %w", err)
 	}
 
 	return nil

app/cli/internal/action/casbackend_list.go

@@ -27,17 +27,24 @@ type CASBackendList struct {
 }
 
 type CASBackendItem struct {
-	ID               string           `json:"id"`
-	Location         string           `json:"location"`
-	Description      string           `json:"description"`
-	Provider         string           `json:"provider"`
-	Default          bool             `json:"default"`
-	ValidationStatus ValidationStatus `json:"validationStatus"`
+	ID               string            `json:"id"`
+	Location         string            `json:"location"`
+	Description      string            `json:"description"`
+	Provider         string            `json:"provider"`
+	Default          bool              `json:"default"`
+	Inline           bool              `json:"inline"`
+	Limits           *CASBackendLimits `json:"limits"`
+	ValidationStatus ValidationStatus  `json:"validationStatus"`
 
 	CreatedAt   *time.Time `json:"createdAt"`
 	ValidatedAt *time.Time `json:"validatedAt"`
 }
 
+type CASBackendLimits struct {
+	// Max number of bytes allowed to be stored in this backend
+	MaxBytes int64
+}
+
 type ValidationStatus string
 
 const (
@@ -77,6 +84,13 @@ func pbCASBackendItemToAction(in *pb.CASBackendItem) *CASBackendItem {
 		Default:     in.Default,
 		CreatedAt:   toTimePtr(in.CreatedAt.AsTime()),
 		ValidatedAt: toTimePtr(in.ValidatedAt.AsTime()),
+		Inline:      in.IsInline,
+	}
+
+	if in.Limits != nil {
+		b.Limits = &CASBackendLimits{
+			MaxBytes: in.Limits.MaxBytes,
+		}
 	}
 
 	switch in.GetValidationStatus() {

app/cli/main.go

@@ -55,9 +55,9 @@ func errorInfo(err error, logger zerolog.Logger) (string, int) {
 	// Make overrides
 	switch {
 	case v1.IsOciRepositoryErrorReasonRequired(err):
-		msg = "you need to set up an OCI repository first. Refer to https://docs.chainloop.dev/getting-started/setup#add-oci-repository for more information."
+		msg = "you need to enable a CAS backend first. Refer to `chainloop cas-backend` command or contact your administrator."
 	case v1.IsOciRepositoryErrorReasonInvalid(err):
-		msg = "the OCI repository you provided is invalid. Refer to https://docs.chainloop.dev/getting-started/setup#add-oci-repository for more information."
+		msg = "the CAS backend you provided is invalid. Refer to `chainloop cas-backend update` command or contact your administrator."
 	case v1.IsAllowListErrorNotInList(err):
 		msg = "your user is not part of the private beta yet. You can request access at https://docs.chainloop.dev/getting-started/private-beta"
 	case isWrappedErr(st, jwtMiddleware.ErrTokenExpired):

app/controlplane/Makefile

@@ -34,7 +34,7 @@ migration_apply: check-atlas-tool migration_hash
 
 .PHONY: migration_new
 # generate new migration if needed from the current ent schema
-migration_new: check-atlas-tool
+migration_new: check-atlas-tool migration_hash
 	atlas migrate diff --dir ${local_migrations_dir} --to "ent://internal/data/ent/schema" --dev-url "docker://postgres/15/test?search_path=public"
 
 .PHONY: migration_hash
@@ -60,7 +60,7 @@ lint: check-golangci-lint-tool check-buf-tool
 
 .PHONY: generate
 # generate proto bindings, wire injectors, and ent models
-generate: check-wire-tool api config
+generate: check-wire-tool api config migration_new
 	go generate ./...
 
 .PHONY: all