feat(core): fix subject-mappings in the CLI and add consistent metadata create/update behavior throughout

cmd/dev.go

@@ -3,6 +3,7 @@ package cmd
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	"github.com/charmbracelet/lipgloss/table"
 	"github.com/opentdf/platform/protocol/go/common"
@@ -77,6 +78,29 @@ func unMarshalMetadata(m string) *common.MetadataMutable {
 	return nil
 }
 
+func getMetadata(labels []string) *common.MetadataMutable {
+	var metadata *common.MetadataMutable
+	if len(labels) > 0 {
+		metadata.Labels = map[string]string{}
+		for _, label := range labels {
+			kv := strings.Split(label, "=")
+			if len(kv) != 2 {
+				cli.ExitWithError("Invalid label format", nil)
+			}
+			metadata.Labels[kv[0]] = kv[1]
+		}
+		return metadata
+	}
+	return nil
+}
+
+func getMetadataUpdateBehavior() common.MetadataUpdateEnum {
+	if forceReplaceMetadataLabels {
+		return common.MetadataUpdateEnum_METADATA_UPDATE_ENUM_REPLACE
+	}
+	return common.MetadataUpdateEnum_METADATA_UPDATE_ENUM_EXTEND
+}
+
 // HandleSuccess prints a success message according to the configured format (styled table or JSON)
 func HandleSuccess(command *cobra.Command, id string, t *table.Table, policyObject interface{}) {
 	if TructlCfg.Output.Format == config.OutputJSON || configFlagOverrides.OutputFormatJSON {

cmd/policy-attributes.go

@@ -9,8 +9,12 @@ import (
 	"github.com/spf13/cobra"
 )
 
+// TODO: add metadata to outputs once [https://github.com/opentdf/tructl/issues/73] is addressed
+
 var (
-	attrValues []string
+	attrValues                 []string
+	metadataLabels             []string
+	forceReplaceMetadataLabels bool
 
 	policy_attributeCommands = []string{
 		policy_attributesCreateCmd.Use,
@@ -44,8 +48,9 @@ used to define the access controls based on subject encodings and entity entitle
 			rule := flagHelper.GetRequiredString("rule")
 			values := flagHelper.GetStringSlice("values", attrValues, cli.FlagHelperStringSliceOptions{})
 			namespace := flagHelper.GetRequiredString("namespace")
+			metadataLabels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0})
 
-			attr, err := h.CreateAttribute(name, rule, namespace)
+			attr, err := h.CreateAttribute(name, rule, namespace, getMetadata(metadataLabels))
 			if err != nil {
 				cli.ExitWithError("Could not create attribute", err)
 			}
@@ -194,8 +199,9 @@ used to define the access controls based on subject encodings and entity entitle
 
 			flagHelper := cli.NewFlagHelper(cmd)
 			id := flagHelper.GetRequiredString("id")
+			labels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0})
 
-			if a, err := h.UpdateAttribute(id); err != nil {
+			if a, err := h.UpdateAttribute(id, getMetadata(labels), getMetadataUpdateBehavior()); err != nil {
 				cli.ExitWithError("Could not update attribute", err)
 			} else {
 				HandleSuccess(cmd, id, nil, a)
@@ -214,6 +220,7 @@ func init() {
 	policy_attributesCreateCmd.Flags().StringSliceVarP(&attrValues, "values", "v", []string{}, "Values of the attribute")
 	policy_attributesCreateCmd.Flags().StringP("namespace", "s", "", "Namespace of the attribute")
 	policy_attributesCreateCmd.Flags().StringP("description", "d", "", "Description of the attribute")
+	policy_attributesCreateCmd.Flags().StringSliceVarP(&metadataLabels, "label", "l", []string{}, "Labels for the attribute")
 
 	// Get an attribute
 	policy_attributesCmd.AddCommand(policy_attributeGetCmd)
@@ -225,6 +232,8 @@ func init() {
 	// Update an attribute
 	policy_attributesCmd.AddCommand(policy_attributeUpdateCmd)
 	policy_attributeUpdateCmd.Flags().StringP("id", "i", "", "Id of the attribute")
+	policy_attributeUpdateCmd.Flags().StringSliceVarP(&metadataLabels, "label", "l", []string{}, "Optional new metadata 'labels' in the format: key=value")
+	policy_attributeUpdateCmd.Flags().BoolVar(&forceReplaceMetadataLabels, "force-replace-labels", false, "Destructively replace entire set of existing metadata 'labels' with any provided to this command.")
 
 	// Delete an attribute
 	policy_attributesCmd.AddCommand(policy_attributesDeleteCmd)

cmd/policy-namespaces.go

@@ -8,6 +8,8 @@ import (
 	"github.com/spf13/cobra"
 )
 
+// TODO: add metadata to outputs once [https://github.com/opentdf/tructl/issues/73] is addressed
+
 var (
 	policy_namespacesCommands = []string{
 		policy_namespacesCreateCmd.Use,
@@ -88,8 +90,9 @@ or different attributes tied to each.
 
 			flagHelper := cli.NewFlagHelper(cmd)
 			name := flagHelper.GetRequiredString("name")
+			metadataLabels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0})
 
-			created, err := h.CreateNamespace(name)
+			created, err := h.CreateNamespace(name, getMetadata(metadataLabels))
 			if err != nil {
 				cli.ExitWithError("Could not create namespace", err)
 			}
@@ -145,17 +148,18 @@ or different attributes tied to each.
 			defer h.Close()
 
 			flagHelper := cli.NewFlagHelper(cmd)
-
 			id := flagHelper.GetRequiredString("id")
-			name := flagHelper.GetRequiredString("name")
+			labels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0})
 
 			ns, err := h.UpdateNamespace(
 				id,
-				name,
+				getMetadata(labels),
+				getMetadataUpdateBehavior(),
 			)
 			if err != nil {
 				cli.ExitWithError("Could not update namespace", err)
 			}
+
 			t := cli.NewTabular().Rows([][]string{
 				{"Id", ns.Id},
 				{"Name", ns.Name},
@@ -175,10 +179,12 @@ func init() {
 
 	policy_namespacesCmd.AddCommand(policy_namespacesCreateCmd)
 	policy_namespacesCreateCmd.Flags().StringP("name", "n", "", "Name value of the namespace")
+	policy_namespacesCreateCmd.Flags().StringSliceVarP(&metadataLabels, "label", "l", []string{}, "Optional metadata 'labels' in the format: key=value")
 
 	policy_namespacesCmd.AddCommand(policy_namespaceUpdateCmd)
 	policy_namespaceUpdateCmd.Flags().StringP("id", "i", "", "Id of the namespace")
-	policy_namespaceUpdateCmd.Flags().StringP("name", "n", "", "Name value of the namespace")
+	policy_namespaceUpdateCmd.Flags().StringSliceVarP(&metadataLabels, "label", "l", []string{}, "Optional new metadata 'labels' in the format: key=value")
+	policy_namespaceUpdateCmd.Flags().BoolVar(&forceReplaceMetadataLabels, "force-replace-labels", false, "Destructively replace entire set of existing metadata 'labels' with any provided to this command.")
 
 	policy_namespacesCmd.AddCommand(policy_namespaceDeleteCmd)
 	policy_namespaceDeleteCmd.Flags().StringP("id", "i", "", "Id of the namespace")