fix: update key mgmt flags to consistent format #570
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hello @strantalis, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
Summary of Changes
As Gemini, your code-assist, I've reviewed this pull request which aims to standardize the command-line flags used for managing KAS keys within the otdfctl CLI tool. The primary goal is to provide a more consistent and intuitive user experience by consolidating multiple flags for identifying keys and KAS instances into single, versatile flags (--key and --kas) and adopting a hyphenated format for other key-related parameters. This involves updates to the CLI parsing logic, the introduction of a utility function to classify identifier types, and corresponding updates to documentation and end-to-end tests.
Highlights
- Flag Standardization: Replaced disparate flags like
--keyId,--kasId,--kasName, and--kasUriwith standardized--keyand--kasflags across relevant commands (create,get,list,base set). - Intelligent KAS Identification: The new
--kasflag now intelligently accepts a KAS identifier as either a UUID, a URI, or a Name, resolving it internally to the KAS ID needed for API calls. - Consistent Flag Naming: Renamed other key-related flags, such as
--wrappingKeyId,--providerConfigId,--pubPem, and--privatePem, to use a consistent hyphenated format (--wrapping-key-id,--provider-config-id,--public-key-pem,--private-key-pem). - Utility Function for Classification: Introduced a new utility function
utils.ClassifyStringto determine if an input string is a UUID, URI, or generic string, used for parsing the--kasflag. - Documentation and Test Updates: Updated the command documentation (man pages) and end-to-end tests to reflect the new flag names and usage patterns.
Changelog
Click here to see the changelog
- cmd/base-keys.go
- Updated
getKasKeyIdentifierto use--keyand--kasflags. - Implemented logic to classify the
--kasinput usingutils.ClassifyString.
- Updated
- cmd/kas-keys.go
- Updated
policyCreateKasKeyandpolicyListKasKeysto use the new flag format (--key,--kas,--wrapping-key-id,--provider-config-id,--public-key-pem,--private-key-pem,--algorithm). - Added
resolveKasIdentifierfunction to handle KAS identifier resolution from the--kasflag.
- Updated
- docs/man/policy/kas-registry/key/_index.md
- Updated description of the key command group.
- docs/man/policy/kas-registry/key/base/_index.md
- Updated title and description.
- Removed redundant alias.
- docs/man/policy/kas-registry/key/base/get.md
- Improved command description and added an example.
- docs/man/policy/kas-registry/key/base/set.md
- Replaced multiple KAS/key identification flags with
--keyand--kas. - Updated flag descriptions and examples.
- Replaced multiple KAS/key identification flags with
- docs/man/policy/kas-registry/key/create.md
- Renamed flags to hyphenated format (
--key-id,--algorithm,--wrapping-key-id,--wrapping-key,--private-key-pem,--provider-config-id,--public-key-pem). - Consolidated KAS identification flags into
--kas. - Updated flag descriptions and examples.
- Renamed flags to hyphenated format (
- docs/man/policy/kas-registry/key/get.md
- Replaced multiple KAS/key identification flags with
--keyand--kas. - Updated flag descriptions and examples.
- Replaced multiple KAS/key identification flags with
- docs/man/policy/kas-registry/key/list.md
- Replaced multiple KAS identification flags with
--kas. - Renamed
--algto--algorithm. - Updated flag descriptions and examples.
- Replaced multiple KAS identification flags with
- docs/man/policy/kas-registry/key/update.md
- Updated title and description.
- Improved flag descriptions and added an example.
- e2e/base-key.bats
- Updated test commands and setup calls to use the new flag names (
--key,--kas,--key-id,--algorithm,--wrapping-key-id). - Updated test names to reflect new flag usage.
- Fixed shell pipe syntax.
- Updated test commands and setup calls to use the new flag names (
- e2e/kas-keys.bats
- Updated test commands and setup calls to use the new flag names (
--kas,--key-id,--algorithm,--public-key-pem,--provider-config-id,--wrapping-key-id,--private-key-pem). - Updated test names to reflect new flag usage.
- Fixed shell pipe syntax.
- Updated assertions to match new flag names and logic.
- Updated test commands and setup calls to use the new flag names (
- pkg/utils/identifier.go
- Added new package
utilswithIdentifierStringTypeenum andClassifyStringfunction.
- Added new package
- pkg/utils/identifier_test.go
- Added unit tests for the
ClassifyStringfunction.
- Added unit tests for the
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Flags aligned just right,
Key and kas, clear and bright,
Docs now make sense.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request makes good progress towards standardizing key management flags, which will improve CLI consistency. The new identifier.go utility is a positive step.
However, there are several critical and high-severity issues related to how flags are defined, registered in init() functions, and then used within the command logic. These inconsistencies are also reflected in the e2e tests and their expected outcomes. Resolving these is crucial for the CLI to function correctly and predictably.
The documentation updates are generally good and align with the intended new flag structure. Once the code-level inconsistencies are fixed, these documentation changes will be accurate.
Summary of Findings
- Critical Flag Inconsistencies: There are critical inconsistencies between how flags are registered in
init()functions (often using old flag names and rules) and how they are consumed in the command logic (which expects new, consolidated flags like--kasand--key). This affectscmd/kas-keys.go(create, get, list) andcmd/base-keys.go(set) and is a primary source of issues seen in e2e tests. - Incorrect Flag Name for Provider Config: In
cmd/kas-keys.go,provider-config-pemis read forKEY_MODE_REMOTE, butprovider-config-idis likely intended as per documentation and variable naming. - Algorithm Flag Naming Standardization: The algorithm flag is inconsistently named (
algvs.algorithm) across commands, theirinitfunctions, and documentation. This should be standardized. - E2E Test Typos and Misalignments: E2E tests contain typos (e.g.,
algorithmorithm) and expect behaviors based on the inconsistent flag setups, which need correction after the core Go code issues are resolved. - Unreachable Code: A
return "", nilstatement inresolveKasIdentifierincmd/kas-keys.goappears to be unreachable.
Merge Readiness
This pull request has the right goal of standardizing CLI flags for key management. The new identifier.go utility is a positive step.
However, due to the critical and high severity issues identified concerning inconsistent flag definitions, registration, and usage across different commands and their init blocks, I recommend that these issues be addressed before merging. These inconsistencies can lead to incorrect CLI behavior, confusing error messages for users, and make maintenance harder.
Once these core flag handling issues are resolved, the e2e tests should also be updated to reflect the correct and consistent flag usage. After these changes, the PR will be in a much better state for merging.
As an AI, I am not authorized to approve pull requests. Please ensure these changes are reviewed and approved by the appropriate maintainers.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
🤖 I have created a release *beep* *boop* --- ## [0.21.0](v0.20.0...v0.21.0) (2025-05-29) ### Features * Add initial Dependency Review configuration ([#551](#551)) ([b622666](b622666)) * **core:** Add base key cmds ([#563](#563)) ([edfd6c0](edfd6c0)) * **core:** DSPX-18 clean up Go context usage to follow best practices ([#558](#558)) ([a2c9f8b](a2c9f8b)) * **core:** DSPX-608 - Deprecate public_client_id ([#555](#555)) ([8d396bd](8d396bd)) * **core:** DSPX-608 - require clientID for login ([#553](#553)) ([580172e](580172e)) * **core:** DSPX-896 add registered resources CRUD ([#559](#559)) ([8e7475e](8e7475e)) * **core:** KAS allowlist options ([#539](#539)) ([af7978f](af7978f)) * **core:** key management operations ([#533](#533)) ([d4f6aaa](d4f6aaa)) * **main:** add actions CRUD and e2e tests ([#523](#523)) ([2fb9ec7](2fb9ec7)) * **main:** refactor actions within existing CLI policy object CRUD ([#543](#543)) ([9ab1a58](9ab1a58)) * **core:** Resource mapping groups ([#567](#567)) ([03fa307](03fa307)) * **core:** Update key mgmt flags to consistent format ([#570](#570)) ([#846f96c](846f96c)) * **core:** Rotate Key ([#572](#572)) ([afd0043](afd0043)) ### Bug Fixes * **ci:** ci job should run on changes to GHA ([#530](#530)) ([1d296ca](1d296ca)) * **main:** Pass the full url when building the sdk object ([#544](#544)) ([8b836f0](8b836f0)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Elizabeth Healy <[email protected]> Co-authored-by: Chris Reed <[email protected]> Co-authored-by: Jake Van Vorhis <[email protected]>
3 participants
No description provided.