Rename missing from CLI (#1776)

Author: connorwstein

keystore/cli/cli.go

@@ -66,6 +66,7 @@ CREATE TABLE IF NOT EXISTS encrypted_keystore (
 	exportCmd := NewExportCmd()
 	importCmd := NewImportCmd()
 	setMetadataCmd := NewSetMetadataCmd()
+	renameCmd := NewRenameCmd()
 	// Note these could potentially be supported with KMS, but not yet implemented.
 	encryptCmd := NewEncryptCmd()
 	decryptCmd := NewDecryptCmd()
@@ -77,11 +78,12 @@ CREATE TABLE IF NOT EXISTS encrypted_keystore (
 		exportCmd.Hidden = true
 		importCmd.Hidden = true
 		setMetadataCmd.Hidden = true
+		renameCmd.Hidden = true
 		encryptCmd.Hidden = true
 		decryptCmd.Hidden = true
 	}
 
-	cmd.AddCommand(listCmd, getCmd, createCmd, deleteCmd, exportCmd, importCmd, setMetadataCmd, signCmd, verifyCmd, encryptCmd, decryptCmd)
+	cmd.AddCommand(listCmd, getCmd, createCmd, deleteCmd, exportCmd, importCmd, setMetadataCmd, renameCmd, signCmd, verifyCmd, encryptCmd, decryptCmd)
 	return cmd
 }
 
@@ -232,6 +234,20 @@ func NewSetMetadataCmd() *cobra.Command {
 	return &cmd
 }
 
+func NewRenameCmd() *cobra.Command {
+	cmd := cobra.Command{
+		Use: "rename", Short: "Rename a key",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runKeystoreCommand[ks.Keystore, ks.RenameKeyRequest, ks.RenameKeyResponse](cmd, args, loadKeystore, func(ctx context.Context, k ks.Keystore, req ks.RenameKeyRequest) (ks.RenameKeyResponse, error) {
+				return k.RenameKey(ctx, req)
+			})
+		},
+	}
+	cmd.Flags().StringP("file", "f", "", "input file path (use \"-\" for stdin)")
+	cmd.Flags().StringP("data", "d", "", "inline JSON request, e.g. '{\"OldName\": \"key1\", \"NewName\": \"key2\"}'")
+	return &cmd
+}
+
 // runKeystoreCommandGeneric is a generic helper that runs a keystore command with a custom loader function.
 func runKeystoreCommand[K any, Req any, Resp any](
 	cmd *cobra.Command,

keystore/cli/cli_test.go

@@ -109,6 +109,32 @@ func TestAdminCLI(t *testing.T) {
 	require.Equal(t, "testkey", resp.Keys[0].KeyInfo.Name)
 	// Metadata is []byte, Go's JSON unmarshaler automatically decodes base64 strings
 	require.Equal(t, "my-custom-metadata", string(resp.Keys[0].KeyInfo.Metadata))
+	originalPublicKey := resp.Keys[0].KeyInfo.PublicKey
+
+	// Rename testkey to renamedkey.
+	_, err = runCommand(t, nil, "rename", "-d", `{"OldName": "testkey", "NewName": "renamedkey"}`)
+	require.NoError(t, err)
+
+	// Verify the old name doesn't exist.
+	out, err = runCommand(t, nil, "get", "-d", `{"KeyNames": ["testkey"]}`)
+	require.Error(t, err)
+
+	// Verify the new name exists with the same key material.
+	out, err = runCommand(t, nil, "get", "-d", `{"KeyNames": ["renamedkey"]}`)
+	require.NoError(t, err)
+	resp = ks.GetKeysResponse{}
+	err = json.Unmarshal(out.Bytes(), &resp)
+	require.NoError(t, err)
+	require.Len(t, resp.Keys, 1)
+	require.Equal(t, "renamedkey", resp.Keys[0].KeyInfo.Name)
+	require.Equal(t, ks.X25519, resp.Keys[0].KeyInfo.KeyType)
+	require.Equal(t, originalPublicKey, resp.Keys[0].KeyInfo.PublicKey)
+	// Metadata should be preserved
+	require.Equal(t, "my-custom-metadata", string(resp.Keys[0].KeyInfo.Metadata))
+
+	// Rename it back to testkey for cleanup.
+	_, err = runCommand(t, nil, "rename", "-d", `{"OldName": "renamedkey", "NewName": "testkey"}`)
+	require.NoError(t, err)
 
 	// Delete the keys with confirmation.
 	out, err = runCommand(t, bytes.NewBufferString("yes\n"), "delete", "-d", `{"KeyNames": ["testkey", "testkey2"]}`)