feat: add unique name to API token entity (#664)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/cli/cmd/organization_apitoken_create.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -27,8 +27,8 @@ import (
 
 func newAPITokenCreateCmd() *cobra.Command {
 	var (
-		description string
-		expiresIn   time.Duration
+		description, name string
+		expiresIn         time.Duration
 	)
 
 	cmd := &cobra.Command{
@@ -40,7 +40,7 @@ func newAPITokenCreateCmd() *cobra.Command {
 				duration = &expiresIn
 			}
 
-			res, err := action.NewAPITokenCreate(actionOpts).Run(context.Background(), description, duration)
+			res, err := action.NewAPITokenCreate(actionOpts).Run(context.Background(), name, description, duration)
 			if err != nil {
 				return fmt.Errorf("creating API token: %w", err)
 			}
@@ -51,6 +51,9 @@ func newAPITokenCreateCmd() *cobra.Command {
 
 	cmd.Flags().StringVar(&description, "description", "", "API token description")
 	cmd.Flags().DurationVar(&expiresIn, "expiration", 0, "optional API token expiration, in hours i.e 1h, 24h, 178h (week), ...")
+	cmd.Flags().StringVar(&name, "name", "", "token name")
+	err := cmd.MarkFlagRequired("name")
+	cobra.CheckErr(err)
 
 	return cmd
 }
@@ -63,9 +66,9 @@ func apiTokenListTableOutput(tokens []*action.APITokenItem) error {
 
 	t := newTableWriter()
 
-	t.AppendHeader(table.Row{"ID", "Description", "Created At", "Expires At", "Revoked At"})
+	t.AppendHeader(table.Row{"ID", "Name", "Description", "Created At", "Expires At", "Revoked At"})
 	for _, p := range tokens {
-		r := table.Row{p.ID, p.Description, p.CreatedAt.Format(time.RFC822)}
+		r := table.Row{p.ID, p.Name, p.Description, p.CreatedAt.Format(time.RFC822)}
 		if p.ExpiresAt != nil {
 			r = append(r, p.ExpiresAt.Format(time.RFC822))
 		} else {

app/cli/internal/action/apitoken_create.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -33,10 +33,10 @@ func NewAPITokenCreate(cfg *ActionsOpts) *APITokenCreate {
 	return &APITokenCreate{cfg}
 }
 
-func (action *APITokenCreate) Run(ctx context.Context, description string, expiresIn *time.Duration) (*APITokenItem, error) {
+func (action *APITokenCreate) Run(ctx context.Context, name, description string, expiresIn *time.Duration) (*APITokenItem, error) {
 	client := pb.NewAPITokenServiceClient(action.cfg.CPConnection)
 
-	req := &pb.APITokenServiceCreateRequest{Description: &description}
+	req := &pb.APITokenServiceCreateRequest{Name: name, Description: &description}
 	if expiresIn != nil {
 		req.ExpiresIn = durationpb.New(*expiresIn)
 	}
@@ -59,6 +59,7 @@ func (action *APITokenCreate) Run(ctx context.Context, description string, expir
 
 type APITokenItem struct {
 	ID          string `json:"id"`
+	Name        string `json:"name"`
 	Description string `json:"description"`
 	// JWT is returned only during the creation
 	JWT       string     `json:"jwt,omitempty"`
@@ -74,6 +75,7 @@ func pbAPITokenItemToAPITokenItem(p *pb.APITokenItem) *APITokenItem {
 
 	item := &APITokenItem{
 		ID:          p.Id,
+		Name:        p.Name,
 		Description: p.Description,
 		CreatedAt:   toTimePtr(p.CreatedAt.AsTime()),
 	}

app/cli/internal/action/apitoken_list.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

app/controlplane/api/controlplane/v1/api_token.pb.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,19 +17,21 @@ syntax = "proto3";
 
 package controlplane.v1;
 
-option go_package = "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1;v1";
-
-import "validate/validate.proto";
-import "google/protobuf/timestamp.proto";
 import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+import "validate/validate.proto";
+
+option go_package = "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1;v1";
 
 service APITokenService {
-	rpc Create (APITokenServiceCreateRequest) returns (APITokenServiceCreateResponse);
-	rpc List (APITokenServiceListRequest) returns (APITokenServiceListResponse);
-	rpc Revoke (APITokenServiceRevokeRequest) returns (APITokenServiceRevokeResponse);
+  rpc Create(APITokenServiceCreateRequest) returns (APITokenServiceCreateResponse);
+  rpc List(APITokenServiceListRequest) returns (APITokenServiceListResponse);
+  rpc Revoke(APITokenServiceRevokeRequest) returns (APITokenServiceRevokeResponse);
 }
 
 message APITokenServiceCreateRequest {
+  string name = 3 [(validate.rules).string.min_len = 1];
+
   optional string description = 1;
   optional google.protobuf.Duration expires_in = 2;
 }
@@ -38,8 +40,8 @@ message APITokenServiceCreateResponse {
   APITokenFull result = 1;
 
   message APITokenFull {
-      APITokenItem item = 1;
-      string jwt = 2;
+    APITokenItem item = 1;
+    string jwt = 2;
   }
 }
 
@@ -59,9 +61,10 @@ message APITokenServiceListResponse {
 
 message APITokenItem {
   string id = 1;
+  string name = 7;
   string description = 2;
   string organization_id = 3;
   google.protobuf.Timestamp created_at = 4;
   google.protobuf.Timestamp revoked_at = 5;
   google.protobuf.Timestamp expires_at = 6;
-}
+}

app/controlplane/api/controlplane/v1/api_token.pb.validate.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@ package biz
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"
 
@@ -32,6 +33,7 @@ import (
 // API Token is used for unattended access to the control plane API.
 type APIToken struct {
 	ID          uuid.UUID
+	Name        string
 	Description string
 	// This is the JWT value returned only during creation
 	JWT string
@@ -45,7 +47,7 @@ type APIToken struct {
 }
 
 type APITokenRepo interface {
-	Create(ctx context.Context, description *string, expiresAt *time.Time, organizationID uuid.UUID) (*APIToken, error)
+	Create(ctx context.Context, name string, description *string, expiresAt *time.Time, organizationID uuid.UUID) (*APIToken, error)
 	// List all the tokens optionally filtering it by organization and including revoked tokens
 	List(ctx context.Context, orgID *uuid.UUID, includeRevoked bool) ([]*APIToken, error)
 	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
@@ -93,12 +95,21 @@ func NewAPITokenUseCase(apiTokenRepo APITokenRepo, conf *conf.Auth, authzE *auth
 }
 
 // expires in is a string that can be parsed by time.ParseDuration
-func (uc *APITokenUseCase) Create(ctx context.Context, description *string, expiresIn *time.Duration, orgID string) (*APIToken, error) {
+func (uc *APITokenUseCase) Create(ctx context.Context, name string, description *string, expiresIn *time.Duration, orgID string) (*APIToken, error) {
 	orgUUID, err := uuid.Parse(orgID)
 	if err != nil {
 		return nil, NewErrInvalidUUID(err)
 	}
 
+	if name == "" {
+		return nil, NewErrValidationStr("name is required")
+	}
+
+	// validate format of the name and the project
+	if err := ValidateIsDNS1123(name); err != nil {
+		return nil, NewErrValidation(err)
+	}
+
 	// If expiration is provided we store it
 	// we also validate that it's at least 24 hours and valid string format
 	var expiresAt *time.Time
@@ -109,8 +120,11 @@ func (uc *APITokenUseCase) Create(ctx context.Context, description *string, expi
 
 	// NOTE: the expiration time is stored just for reference, it's also encoded in the JWT
 	// We store it since Chainloop will not have access to the JWT to check the expiration once created
-	token, err := uc.apiTokenRepo.Create(ctx, description, expiresAt, orgUUID)
+	token, err := uc.apiTokenRepo.Create(ctx, name, description, expiresAt, orgUUID)
 	if err != nil {
+		if errors.Is(err, ErrAlreadyExists) {
+			return nil, NewErrValidationStr("name already taken")
+		}
 		return nil, fmt.Errorf("storing token: %w", err)
 	}