From 9ad1e9ddc942a1cb7b6048a1e75d6f10984ee2d5 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@cofide.io>
Date: Thu, 7 Nov 2024 15:24:04 +0000
Subject: [PATCH] Fix formatting of workload IDs in workload list command

Previously they were displayed as:

  trust_domain:"td1" path:"/ns/ns3/sa/default"

Now they are displayed as a URL:

  spiffe://td1/ns/ns3/sa/default
---
 internal/pkg/spire/spire.go       | 22 ++++++++++++++++++++--
 internal/pkg/workload/workload.go |  2 +-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/internal/pkg/spire/spire.go b/internal/pkg/spire/spire.go
index 4684c9f..4077e07 100644
--- a/internal/pkg/spire/spire.go
+++ b/internal/pkg/spire/spire.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	kubeutil "github.com/cofide/cofidectl/internal/pkg/kube"
+	"github.com/spiffe/go-spiffe/v2/spiffeid"
 	types "github.com/spiffe/spire-api-sdk/proto/spire/api/types"
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
@@ -218,7 +219,7 @@ func getPodsforDaemonSet(ctx context.Context, client *kubeutil.Client, daemonset
 
 // RegisteredEntry contains details of a workload registered with SPIRE
 type RegisteredEntry struct {
-	Id *types.SPIFFEID
+	Id string
 }
 
 func GetRegistrationEntries(ctx context.Context, client *kubeutil.Client) (map[string]*RegisteredEntry, error) {
@@ -257,8 +258,25 @@ func GetRegistrationEntries(ctx context.Context, client *kubeutil.Client) (map[s
 			continue
 		}
 
-		registrationEntriesMap[podUID] = &RegisteredEntry{registrationEntry.Id}
+		id, err := formatIdUrl(registrationEntry.Id)
+		if err != nil {
+			return nil, err
+		}
+		registrationEntriesMap[podUID] = &RegisteredEntry{Id: id}
 	}
 
 	return registrationEntriesMap, nil
 }
+
+// formatIdUrl formats a SPIFFE ID as a URL string.
+func formatIdUrl(id *types.SPIFFEID) (string, error) {
+	trustDomain, err := spiffeid.TrustDomainFromString(id.TrustDomain)
+	if err != nil {
+		return "", err
+	}
+	if id, err := spiffeid.FromPath(trustDomain, id.Path); err != nil {
+		return "", err
+	} else {
+		return id.String(), nil
+	}
+}
diff --git a/internal/pkg/workload/workload.go b/internal/pkg/workload/workload.go
index 314caa3..72af4a5 100644
--- a/internal/pkg/workload/workload.go
+++ b/internal/pkg/workload/workload.go
@@ -54,7 +54,7 @@ func GetRegisteredWorkloads(ctx context.Context, kubeConfig string, kubeContext
 			registeredWorkload := &Workload{
 				Name:      pod.Name,
 				Namespace: pod.Namespace,
-				SPIFFEID:  registeredEntry.Id.String(),
+				SPIFFEID:  registeredEntry.Id,
 				Status:    string(pod.Status.Phase),
 				Type:      "Pod",
 			}