Remove access rule names per RFC updates

Per RFC commits 882b69a and 11752f2, access rules no longer have
user-provided names. They are identified by their selector only,
with labels/annotations used for metadata instead.

Changes:
- Removed RULE_NAME argument from add-access-rule command
- Removed Name field from AccessRule API resource
- Updated access-rules list to show 4 columns (route, selector, scope, source)
  - SourceName now represents resolved app/space/org name from selector
- Updated remove-access-rule to use --selector flag instead of rule name
- Renamed DeleteAccessRule() to DeleteAccessRuleBySelector()
- Updated all tests to remove Name field references

All tests passing.

Author: rkoster

actor/actionerror/access_rule_not_found_error.go

@@ -3,9 +3,9 @@ package actionerror
 import "fmt"
 
 type AccessRuleNotFoundError struct {
-	Name string
+	Selector string
 }
 
 func (e AccessRuleNotFoundError) Error() string {
-	return fmt.Sprintf("Access rule '%s' not found.", e.Name)
+	return fmt.Sprintf("Access rule with selector '%s' not found.", e.Selector)
 }

actor/v7action/access_rule.go

@@ -6,7 +6,7 @@ import (
 	"code.cloudfoundry.org/cli/v9/resources"
 )
 
-func (actor Actor) AddAccessRule(ruleName, domainName, selector, hostname, path string) (Warnings, error) {
+func (actor Actor) AddAccessRule(domainName, selector, hostname, path string) (Warnings, error) {
 	allWarnings := Warnings{}
 
 	// Get the domain to ensure it exists and supports access rules
@@ -35,7 +35,6 @@ func (actor Actor) AddAccessRule(ruleName, domainName, selector, hostname, path
 
 	// Create the access rule
 	accessRule := resources.AccessRule{
-		Name:      ruleName,
 		Selector:  selector,
 		RouteGUID: route.GUID,
 	}
@@ -87,7 +86,7 @@ func (actor Actor) GetAccessRulesByRoute(domainName, hostname, path string) ([]r
 	return rules, allWarnings, err
 }
 
-func (actor Actor) DeleteAccessRule(ruleName, domainName, hostname, path string) (Warnings, error) {
+func (actor Actor) DeleteAccessRuleBySelector(domainName, selector, hostname, path string) (Warnings, error) {
 	allWarnings := Warnings{}
 
 	// Get the domain
@@ -114,7 +113,7 @@ func (actor Actor) DeleteAccessRule(ruleName, domainName, hostname, path string)
 
 	route := routes[0]
 
-	// Get access rules for this route to find the one with matching name
+	// Get access rules for this route to find the one with matching selector
 	accessRules, _, apiWarnings, err := actor.CloudControllerClient.GetAccessRules(
 		ccv3.Query{Key: ccv3.RouteGUIDFilter, Values: []string{route.GUID}},
 	)
@@ -123,17 +122,17 @@ func (actor Actor) DeleteAccessRule(ruleName, domainName, hostname, path string)
 		return allWarnings, err
 	}
 
-	// Find the rule with matching name
+	// Find the rule with matching selector
 	var ruleGUID string
 	for _, rule := range accessRules {
-		if rule.Name == ruleName {
+		if rule.Selector == selector {
 			ruleGUID = rule.GUID
 			break
 		}
 	}
 
 	if ruleGUID == "" {
-		return allWarnings, actionerror.AccessRuleNotFoundError{Name: ruleName}
+		return allWarnings, actionerror.AccessRuleNotFoundError{Selector: selector}
 	}
 
 	// Delete the access rule
@@ -143,6 +142,7 @@ func (actor Actor) DeleteAccessRule(ruleName, domainName, hostname, path string)
 	return allWarnings, err
 }
 
+
 // GetRoutesByDomain gets routes for a domain with optional hostname and path filters
 func (actor Actor) GetRoutesByDomain(domainGUID, hostname, path string) ([]resources.Route, Warnings, error) {
 	queries := []ccv3.Query{

actor/v7action/access_rule_test.go

@@ -122,13 +122,12 @@ var _ = Describe("Access Rule Actions", func() {
 					"get-domain-warning-1",
 					"get-domain-warning-2",
 					"get-app-warning",
-				))
+			))
 
-				Expect(results).To(HaveLen(2))
+			Expect(results).To(HaveLen(2))
 
-				// First rule
+			// First rule
 			Expect(results[0].GUID).To(Equal("rule-guid-1"))
-			Expect(results[0].Name).To(Equal("rule-1"))
 			Expect(results[0].Selector).To(Equal("cf:app:app-guid-1"))
 			Expect(results[0].Route.GUID).To(Equal("route-guid-1"))
 			Expect(results[0].Route.Host).To(Equal("app1"))
@@ -139,7 +138,6 @@ var _ = Describe("Access Rule Actions", func() {
 
 			// Second rule
 			Expect(results[1].GUID).To(Equal("rule-guid-2"))
-			Expect(results[1].Name).To(Equal("rule-2"))
 			Expect(results[1].Selector).To(Equal("cf:any"))
 			Expect(results[1].Route.GUID).To(Equal("route-guid-2"))
 			Expect(results[1].Route.Host).To(Equal("app2"))
@@ -498,8 +496,8 @@ var _ = Describe("Access Rule Actions", func() {
 			It("returns the access rules", func() {
 				Expect(executeErr).ToNot(HaveOccurred())
 				Expect(rules).To(HaveLen(2))
-				Expect(rules[0].Name).To(Equal("rule-1"))
-				Expect(rules[1].Name).To(Equal("rule-2"))
+				Expect(rules[0].Selector).To(Equal("cf:app:app-guid-1"))
+				Expect(rules[1].Selector).To(Equal("cf:app:app-guid-2"))
 				Expect(warnings).To(ConsistOf(
 					"get-domains-warning",
 					"get-routes-warning",
@@ -538,7 +536,6 @@ var _ = Describe("Access Rule Actions", func() {
 
 	Describe("AddAccessRule", func() {
 		var (
-			ruleName   string
 			domainName string
 			selector   string
 			hostname   string
@@ -549,15 +546,14 @@ var _ = Describe("Access Rule Actions", func() {
 		)
 
 		BeforeEach(func() {
-			ruleName = "my-rule"
 			domainName = "example.com"
 			selector = "cf:app:app-guid-1"
 			hostname = "myapp"
 			path = ""
 		})
 
 		JustBeforeEach(func() {
-			warnings, executeErr = actor.AddAccessRule(ruleName, domainName, selector, hostname, path)
+			warnings, executeErr = actor.AddAccessRule(domainName, selector, hostname, path)
 		})
 
 		When("creating the access rule succeeds", func() {
@@ -594,16 +590,15 @@ var _ = Describe("Access Rule Actions", func() {
 				Expect(executeErr).ToNot(HaveOccurred())
 				Expect(warnings).To(ConsistOf(
 					"get-domains-warning",
-					"get-routes-warning",
-					"create-rule-warning",
-				))
-
-				Expect(fakeCloudControllerClient.CreateAccessRuleCallCount()).To(Equal(1))
-				rule := fakeCloudControllerClient.CreateAccessRuleArgsForCall(0)
-				Expect(rule.Name).To(Equal("my-rule"))
-				Expect(rule.Selector).To(Equal("cf:app:app-guid-1"))
-				Expect(rule.RouteGUID).To(Equal("route-guid-1"))
-			})
+				"get-routes-warning",
+				"create-rule-warning",
+			))
+
+			Expect(fakeCloudControllerClient.CreateAccessRuleCallCount()).To(Equal(1))
+			rule := fakeCloudControllerClient.CreateAccessRuleArgsForCall(0)
+			Expect(rule.Selector).To(Equal("cf:app:app-guid-1"))
+			Expect(rule.RouteGUID).To(Equal("route-guid-1"))
+		})
 		})
 
 		When("the route does not exist", func() {
@@ -633,9 +628,9 @@ var _ = Describe("Access Rule Actions", func() {
 		})
 	})
 
-	Describe("DeleteAccessRule", func() {
+	Describe("DeleteAccessRuleBySelector", func() {
 		var (
-			ruleName   string
+			selector   string
 			domainName string
 			hostname   string
 			path       string
@@ -645,14 +640,14 @@ var _ = Describe("Access Rule Actions", func() {
 		)
 
 		BeforeEach(func() {
-			ruleName = "my-rule"
+			selector = "cf:any"
 			domainName = "example.com"
 			hostname = "myapp"
 			path = ""
 		})
 
 		JustBeforeEach(func() {
-			warnings, executeErr = actor.DeleteAccessRule(ruleName, domainName, hostname, path)
+			warnings, executeErr = actor.DeleteAccessRuleBySelector(domainName, selector, hostname, path)
 		})
 
 		When("the access rule exists", func() {
@@ -680,7 +675,7 @@ var _ = Describe("Access Rule Actions", func() {
 
 				fakeCloudControllerClient.GetAccessRulesReturns(
 					[]resources.AccessRule{
-						{GUID: "rule-guid-1", Name: "my-rule", Selector: "cf:any"},
+						{GUID: "rule-guid-1", Selector: "cf:any"},
 					},
 					ccv3.IncludedResources{},
 					ccv3.Warnings{"get-access-rules-warning"},
@@ -732,24 +727,24 @@ var _ = Describe("Access Rule Actions", func() {
 					nil,
 				)
 
-				fakeCloudControllerClient.GetAccessRulesReturns(
-					[]resources.AccessRule{
-						{GUID: "rule-guid-other", Name: "other-rule", Selector: "cf:any"},
-					},
-					ccv3.IncludedResources{},
-					ccv3.Warnings{"get-access-rules-warning"},
-					nil,
-				)
-			})
+			fakeCloudControllerClient.GetAccessRulesReturns(
+				[]resources.AccessRule{
+					{GUID: "rule-guid-other", Selector: "cf:app:other-guid"},
+				},
+				ccv3.IncludedResources{},
+				ccv3.Warnings{"get-access-rules-warning"},
+				nil,
+			)
+		})
 
-			It("returns an AccessRuleNotFoundError", func() {
-				Expect(executeErr).To(MatchError(actionerror.AccessRuleNotFoundError{Name: "my-rule"}))
-				Expect(warnings).To(ConsistOf(
-					"get-domains-warning",
-					"get-routes-warning",
-					"get-access-rules-warning",
-				))
-			})
+		It("returns an AccessRuleNotFoundError", func() {
+			Expect(executeErr).To(MatchError(actionerror.AccessRuleNotFoundError{Selector: "cf:any"}))
+			Expect(warnings).To(ConsistOf(
+				"get-domains-warning",
+				"get-routes-warning",
+				"get-access-rules-warning",
+			))
 		})
 	})
 })
+})

command/flag/arguments.go

@@ -415,11 +415,9 @@ type TaskArgs struct {
 }
 
 type AddAccessRuleArgs struct {
-	RuleName string `positional-arg-name:"RULE_NAME" required:"true" description:"The access rule name"`
-	Domain   string `positional-arg-name:"DOMAIN" required:"true" description:"The domain name"`
+	Domain string `positional-arg-name:"DOMAIN" required:"true" description:"The domain name"`
 }
 
 type RemoveAccessRuleArgs struct {
-	RuleName string `positional-arg-name:"RULE_NAME" required:"true" description:"The access rule name"`
-	Domain   string `positional-arg-name:"DOMAIN" required:"true" description:"The domain name"`
+	Domain string `positional-arg-name:"DOMAIN" required:"true" description:"The domain name"`
 }

command/v7/access_rules_command.go

@@ -64,7 +64,6 @@ func (cmd AccessRulesCommand) Execute(args []string) error {
 	// Build table data
 	table := [][]string{
 		{
-			cmd.UI.TranslateText("name"),
 			cmd.UI.TranslateText("route"),
 			cmd.UI.TranslateText("selector"),
 			cmd.UI.TranslateText("scope"),
@@ -74,7 +73,6 @@ func (cmd AccessRulesCommand) Execute(args []string) error {
 
 	for _, ruleWithRoute := range rulesWithRoutes {
 		table = append(table, []string{
-			ruleWithRoute.Name,
 			formatRoute(ruleWithRoute.Route, ruleWithRoute.DomainName),
 			ruleWithRoute.Selector,
 			ruleWithRoute.ScopeType,

command/v7/access_rules_command_test.go

@@ -114,7 +114,6 @@ var _ = Describe("access-rules Command", func() {
 				{
 					AccessRule: resources.AccessRule{
 						GUID:     "rule-guid-1",
-						Name:     "rule-1",
 						Selector: "cf:app:app-guid-1",
 					},
 					Route: resources.Route{
@@ -129,7 +128,6 @@ var _ = Describe("access-rules Command", func() {
 				{
 					AccessRule: resources.AccessRule{
 						GUID:     "rule-guid-2",
-						Name:     "rule-2",
 						Selector: "cf:any",
 					},
 					Route: resources.Route{
@@ -139,7 +137,7 @@ var _ = Describe("access-rules Command", func() {
 					},
 					DomainName: "test.com",
 					ScopeType:  "any",
-					SourceName: "(any app)",
+					SourceName: "",
 				},
 			}, v7action.Warnings{"warning-1"}, nil)
 		})
@@ -148,9 +146,9 @@ var _ = Describe("access-rules Command", func() {
 			Expect(executeErr).ToNot(HaveOccurred())
 
 			Expect(testUI.Out).To(Say(`Getting access rules in org some-org / space some-space as steve\.\.\.`))
-			Expect(testUI.Out).To(Say(`name\s+route\s+selector\s+scope\s+source`))
-			Expect(testUI.Out).To(Say(`rule-1\s+myapp\.example\.com/api\s+cf:app:app-guid-1\s+my-app`))
-			Expect(testUI.Out).To(Say(`rule-2\s+webapp\.test\.com\s+cf:any\s+\(any app\)`))
+			Expect(testUI.Out).To(Say(`route\s+selector\s+scope\s+source`))
+			Expect(testUI.Out).To(Say(`myapp\.example\.com/api\s+cf:app:app-guid-1\s+app\s+my-app`))
+			Expect(testUI.Out).To(Say(`webapp\.test\.com\s+cf:any\s+any`))
 
 			Expect(testUI.Err).To(Say("warning-1"))
 
@@ -185,7 +183,6 @@ var _ = Describe("access-rules Command", func() {
 				{
 					AccessRule: resources.AccessRule{
 						GUID:     "rule-guid-1",
-						Name:     "rule-1",
 						Selector: "cf:any",
 					},
 					Route: resources.Route{
@@ -194,7 +191,7 @@ var _ = Describe("access-rules Command", func() {
 					},
 					DomainName: "example.com",
 					ScopeType:  "any",
-					SourceName: "(any app)",
+					SourceName: "",
 				},
 			}, v7action.Warnings{}, nil)
 		})
@@ -271,7 +268,6 @@ var _ = Describe("access-rules Command", func() {
 				{
 					AccessRule: resources.AccessRule{
 						GUID:     "rule-guid-1",
-						Name:     "filtered-rule",
 						Selector: "cf:app:app-guid-1",
 					},
 					Route: resources.Route{
@@ -302,8 +298,8 @@ var _ = Describe("access-rules Command", func() {
 			Expect(executeErr).ToNot(HaveOccurred())
 
 			Expect(testUI.Out).To(Say(`Getting access rules in org some-org / space some-space as steve\.\.\.`))
-			Expect(testUI.Out).To(Say(`name\s+route\s+selector\s+scope\s+source`))
-			Expect(testUI.Out).To(Say(`filtered-rule\s+myapp\.example\.com/api\s+cf:app:app-guid-1\s+my-app`))
+			Expect(testUI.Out).To(Say(`route\s+selector\s+scope\s+source`))
+			Expect(testUI.Out).To(Say(`myapp\.example\.com/api\s+cf:app:app-guid-1\s+app\s+my-app`))
 		})
 	})
 
@@ -313,7 +309,6 @@ var _ = Describe("access-rules Command", func() {
 				{
 					AccessRule: resources.AccessRule{
 						GUID:     "rule-guid-1",
-						Name:     "no-host-rule",
 						Selector: "cf:any",
 					},
 					Route: resources.Route{
@@ -323,12 +318,11 @@ var _ = Describe("access-rules Command", func() {
 					},
 					DomainName: "example.com",
 					ScopeType:  "any",
-					SourceName: "(any app)",
+					SourceName: "",
 				},
 				{
 					AccessRule: resources.AccessRule{
 						GUID:     "rule-guid-2",
-						Name:     "no-path-rule",
 						Selector: "cf:any",
 					},
 					Route: resources.Route{
@@ -338,7 +332,7 @@ var _ = Describe("access-rules Command", func() {
 					},
 					DomainName: "test.com",
 					ScopeType:  "any",
-					SourceName: "(any app)",
+					SourceName: "",
 				},
 			}, v7action.Warnings{}, nil)
 		})
@@ -347,10 +341,10 @@ var _ = Describe("access-rules Command", func() {
 			Expect(executeErr).ToNot(HaveOccurred())
 
 			// No host, with path: "example.com/api"
-			Expect(testUI.Out).To(Say(`no-host-rule\s+example\.com/api`))
+			Expect(testUI.Out).To(Say(`example\.com/api`))
 
 			// With host, no path: "myapp.test.com"
-			Expect(testUI.Out).To(Say(`no-path-rule\s+myapp\.test\.com`))
+			Expect(testUI.Out).To(Say(`myapp\.test\.com`))
 		})
 	})
 })