Improve Policy syntax and behavior for required TypeInstance injection

[pkosiec]

Description

Changes proposed in this pull request:

• Update syntax for injecting required Type Instances

  • Fetch TypeInstance metadata in PolicyEnforcedClient based just on ID
  • Add optional description field for a given requiredTypeInstances field
  • rename inject.typeInstances to inject.requiredTypeInstances

  Elegant syntax comparison table (inspired by this PR):
  

  Before	After
  inject: requiredTypeInstances: - id: uuid typeRef: // wasn't validated anywhere path: "cap.type.sample" revision: "0.1.0" // optional	inject: requiredTypeInstances: - id: uuid description: "My UUID" // optional

• remove apiVersion from Policy (as Policy is strictly versioned with Engine component, as the Policy shape is defined in GraphQL API)

• Fix printing null for Policy management commands in CLI

To do (in a follow-up pull request):

• Ignore Implementations with requires.alias when TypeInstances are not injected

Testing

Engine

No additional testing needed as TypeInstance injection is covered by integration tests. See the test setup Global Policy for changes.

CLI

Run:

# create cluster
DISABLE_MONITORING_INSTALLATION=true make dev-cluster

# build cli
make build-tool-cli
mv ./bin/capact-darwin-amd64 /usr/local/bin/capact

# test cli
capact policy get
capact policy edit

Related issue(s)

#438

[mszostok]

We need to decided how we will merge that. I see quite a lot of places where we will have conflicts with #450 😄 We need to reserver some time for that.

BTW Nice test coverage 👍

[mszostok]

tbh I really don't like that those functions landed in types.go. IMO in types.go we should have types definition and max. simple functions associated with a given types, just helpers. As described in PR

Fetch TypeInstance metadata in PolicyEnforcedClient based just on ID

Personally, I think that it will be more readable in my opinion. I know that here it's tightly coupled with given Type which is a plus and it can be used as a part of API but for me it's a bit messy when Types, "business logic" and validation is in single file.

But of course this is just academic discussion and definitely I will not block that from being merged as you did a great job. Maybe later we can discuss our approach in dev team.

[pkosiec]

As discussed, I will convert the ValidateTypeInstanceMetadata method to a function in a separate package. I will keep validation methods as they are right now.

This change will be introduced in a follow-up pull request, which is #458.

[mszostok]

WDYT about resolving that TypeRef already here?

Currently after applying:

cat > /tmp/aws-policy.yaml << ENDOFFILE
rules:
  - interface:
      path: cap.interface.containerization.kubernetes.deploy
    oneOf:
      - implementationConstraints:
          path: cap.implementation.aws.containerization.rke2.deploy
        inject:
          requiredTypeInstances:
          - id: "e7f9f8ee-2217-4704-af34-2610727ec567"
            typeRef:
              path: "cap.type.aws.auth.credentials"
              revision: "0.1.0"

  - interface:
      path: cap.*
    oneOf:
      - implementationConstraints:
          requires:
            - path: "cap.core.type.platform.kubernetes"
      - implementationConstraints: {}
ENDOFFILE

capact policy apply -f /tmp/aws-policy.yaml

We get:

$ capact pol get
rules:
- interface:
    path: cap.interface.containerization.kubernetes.deploy
  oneOf:
  - implementationConstraints:
      path: cap.implementation.aws.containerization.rke2.deploy
    inject:
      requiredTypeInstances:
      - id: e7f9f8ee-2217-4704-af34-2610727ec567
- interface:
    path: cap.*
  oneOf:
  - implementationConstraints:
      requires:
      - path: cap.core.type.platform.kubernetes
  - implementationConstraints: {}

but IMO it will be nice to see the typeRef too, as we resolve it anyway