fix(attestation): do not load cas-backend on dry-mode (#927)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/cli/internal/action/attestation_add.go

@@ -78,41 +78,45 @@ func (action *AttestationAdd) Run(ctx context.Context, attestationID, materialNa
 		return err
 	}
 
-	// Get upload creds and CASbackend for the current attestation and set up CAS client
-	client := pb.NewAttestationServiceClient(action.CPConnection)
-	creds, err := client.GetUploadCreds(ctx,
-		&pb.AttestationServiceGetUploadCredsRequest{
-			WorkflowRunId: action.c.CraftingState.GetAttestation().GetWorkflow().GetWorkflowRunId(),
-		},
-	)
-	if err != nil {
-		return err
-	}
-
-	b := creds.GetResult().GetBackend()
-	if b == nil {
-		return fmt.Errorf("no backend found in upload creds")
-	}
-
-	// Define CASbackend information based on the API response
+	// Default to inline CASBackend and override if we are not in dry-run mode
 	casBackend := &casclient.CASBackend{
-		Name:    b.Provider,
-		MaxSize: b.GetLimits().MaxBytes,
+		Name: "not-set",
 	}
 
-	// Some CASBackends will actually upload information to the CAS server
-	// in such case we need to set up a connection
-	if !b.IsInline && creds.Result.Token != "" {
-		artifactCASConn, err := grpcconn.New(action.casURI, creds.Result.Token, action.connectionInsecure)
+	// Define CASbackend information based on the API response
+	if !action.c.CraftingState.GetDryRun() {
+		// Get upload creds and CASbackend for the current attestation and set up CAS client
+		client := pb.NewAttestationServiceClient(action.CPConnection)
+		creds, err := client.GetUploadCreds(ctx,
+			&pb.AttestationServiceGetUploadCredsRequest{
+				WorkflowRunId: action.c.CraftingState.GetAttestation().GetWorkflow().GetWorkflowRunId(),
+			},
+		)
 		if err != nil {
 			return err
 		}
-		defer artifactCASConn.Close()
-
-		casBackend.Uploader = casclient.New(artifactCASConn, casclient.WithLogger(action.Logger))
+		b := creds.GetResult().GetBackend()
+		if b == nil {
+			return fmt.Errorf("no backend found in upload creds")
+		}
+		casBackend.Name = b.Provider
+		casBackend.MaxSize = b.GetLimits().MaxBytes
+		// Some CASBackends will actually upload information to the CAS server
+		// in such case we need to set up a connection
+		if !b.IsInline && creds.Result.Token != "" {
+			artifactCASConn, err := grpcconn.New(action.casURI, creds.Result.Token, action.connectionInsecure)
+			if err != nil {
+				return err
+			}
+			defer artifactCASConn.Close()
+
+			casBackend.Uploader = casclient.New(artifactCASConn, casclient.WithLogger(action.Logger))
+		}
 	}
+
 	// Add material to the attestation crafting state based on if the material is contract free or not.
 	// By default, try to detect the material kind automatically
+	var err error
 	switch {
 	case materialName == "" && materialType == "":
 		var kind schemaapi.CraftingSchema_Material_MaterialType

app/controlplane/internal/service/attestation.go

@@ -318,36 +318,21 @@ func (s *AttestationService) GetUploadCreds(ctx context.Context, req *cpAPI.Atte
 
 	// Find the CAS backend associated with this workflowRun, that's the one that will be used to upload the materials
 	// NOTE: currently we only support one backend per workflowRun but this will change in the future
+	// This is the new mode, where the CAS backend ref is stored in the workflow run since initialization
+	wRun, err := s.wrUseCase.GetByIDInOrgOrPublic(ctx, robotAccount.OrgID, req.WorkflowRunId)
+	if err != nil {
+		return nil, handleUseCaseErr(err, s.log)
+	} else if wRun == nil {
+		return nil, errors.NotFound("not found", "workflow run not found")
+	}
 
-	// DEPRECATED: if no workflow run is provided, we use the default repository
-	// Maintained for compatibility reasons with older versions of the CLI
-	var backend *biz.CASBackend
-	if req.WorkflowRunId == "" {
-		s.log.Warn("DEPRECATED: using main repository to get upload creds")
-		backend, err := s.casUC.FindDefaultBackend(ctx, robotAccount.OrgID)
-		if err != nil && !biz.IsNotFound(err) {
-			return nil, handleUseCaseErr(err, s.log)
-		} else if backend == nil {
-			return nil, errors.NotFound("not found", "main repository not found")
-		}
-	} else {
-		// This is the new mode, where the CAS backend ref is stored in the workflow run since initialization
-		wRun, err := s.wrUseCase.GetByIDInOrgOrPublic(ctx, robotAccount.OrgID, req.WorkflowRunId)
-		if err != nil {
-			return nil, handleUseCaseErr(err, s.log)
-		} else if wRun == nil {
-			return nil, errors.NotFound("not found", "workflow run not found")
-		}
-
-		if len(wRun.CASBackends) == 0 {
-			return nil, errors.NotFound("not found", "workflow run has no CAS backend")
-		}
-
-		s.log.Infow("msg", "generating upload credentials for CAS backend", "ID", wRun.CASBackends[0].ID, "name", wRun.CASBackends[0].Location, "workflowRun", req.WorkflowRunId)
-
-		backend = wRun.CASBackends[0]
+	if len(wRun.CASBackends) == 0 {
+		return nil, errors.NotFound("not found", "workflow run has no CAS backend")
 	}
 
+	backend := wRun.CASBackends[0]
+	s.log.Infow("msg", "generating upload credentials for CAS backend", "ID", wRun.CASBackends[0].ID, "name", wRun.CASBackends[0].Location, "workflowRun", req.WorkflowRunId)
+
 	// Return the backend information and associated credentials (if applicable)
 	resp := &cpAPI.AttestationServiceGetUploadCredsResponse_Result{Backend: bizCASBackendToPb(backend)}
 	if backend.SecretName != "" {