Add name-based source flags to remove-route-policy

rkoster · rkoster · commit 0ab3e029a878 · 2026-06-17T09:57:32.000+02:00
Extract source resolution flags (--source-app, --source-space, --source-org,
--source-any, --source) into a shared RoutePolicySourceFlags struct embedded
in both add-route-policy and remove-route-policy commands.

Previously remove-route-policy only accepted --source with a raw GUID-format
value (cf:app:&lt;guid&gt;, etc.), while add-route-policy supported name-based
resolution. The two commands now have matching flag sets.
diff --git a/command/v7/add_route_policy_command.go b/command/v7/add_route_policy_command.go
@@ -3,10 +3,7 @@ package v7
 import (
 	"fmt"
 
-	"code.cloudfoundry.org/cli/v9/actor/actionerror"
-	"code.cloudfoundry.org/cli/v9/actor/v7action"
 	"code.cloudfoundry.org/cli/v9/command/flag"
-	"code.cloudfoundry.org/cli/v9/command/translatableerror"
 )
 
 type AddRoutePolicyCommand struct {
@@ -15,23 +12,14 @@ type AddRoutePolicyCommand struct {
 	RequiredArgs flag.AddRoutePolicyArgs `positional-args:"yes"`
 	Hostname     string                  `long:"hostname" required:"true" description:"Hostname for the route"`
 	Path         string                  `long:"path" description:"Path for the route"`
-
-	// Source resolution flags (mutually exclusive as primary source)
-	SourceApp   string `long:"source-app" description:"Allow access from this app (by name)"`
-	SourceSpace string `long:"source-space" description:"Allow access from all apps in this space (by name) or specify the space for --source-app"`
-	SourceOrg   string `long:"source-org" description:"Allow access from all apps in this org (by name) or specify the org for --source-space/--source-app"`
-	SourceAny   bool   `long:"source-any" description:"Allow access from any authenticated app"`
-
-	// Advanced: raw source flag
-	Source string `long:"source" description:"Raw source (cf:app:<guid>, cf:space:<guid>, cf:org:<guid>, or cf:any)"`
+	RoutePolicySourceFlags
 
 	usage           interface{} `usage:"CF_NAME add-route-policy DOMAIN --hostname HOSTNAME [--source-app APP_NAME [--source-space SPACE_NAME] [--source-org ORG_NAME] | --source-space SPACE_NAME [--source-org ORG_NAME] | --source-org ORG_NAME | --source-any | --source SOURCE] [--path PATH]\n\nALLOW ACCESS TO A ROUTE:\n   Create a route policy that allows specific apps, spaces, or orgs to access a route using mTLS authentication.\n\nEXAMPLES:\n   # Allow the \"frontend-app\" (in current space) to access the backend route\n   cf add-route-policy apps.identity --source-app frontend-app --hostname backend\n\n   # Allow an app in a different space to access the route\n   cf add-route-policy apps.identity --source-app api-client --source-space other-space --hostname backend\n\n   # Allow an app in a different org to access the route\n   cf add-route-policy apps.identity --source-app external-client --source-space external-space --source-org external-org --hostname backend\n\n   # Allow all apps in the \"monitoring\" space to access the API metrics endpoint\n   cf add-route-policy apps.identity --source-space monitoring --hostname api --path /metrics\n\n   # Allow all apps in a space in a different org\n   cf add-route-policy apps.identity --source-space prod-space --source-org prod-org --hostname api\n\n   # Allow all apps in the \"platform\" org to access the route\n   cf add-route-policy apps.identity --source-org platform --hostname shared-api\n\n   # Allow any authenticated app to access the public API\n   cf add-route-policy apps.identity --source-any --hostname public-api\n\n   # Use raw source (advanced)\n   cf add-route-policy apps.identity --source cf:app:d76446a1-f429-4444-8797-be2f78b75b08 --hostname backend"`
 	relatedCommands interface{} `related_commands:"route-policies, remove-route-policy, create-shared-domain"`
 }
 
 func (cmd AddRoutePolicyCommand) Execute(args []string) error {
-	// Validate source flags
-	if err := cmd.validateSourceFlags(); err != nil {
+	if err := cmd.RoutePolicySourceFlags.validateSourceFlags(); err != nil {
 		return err
 	}
 
@@ -45,14 +33,12 @@ func (cmd AddRoutePolicyCommand) Execute(args []string) error {
 		return err
 	}
 
-	// Resolve source from source flags
-	source, scopeDisplay, warnings, err := cmd.resolveSource()
+	source, scopeDisplay, warnings, err := resolveSource(cmd.RoutePolicySourceFlags, cmd.Actor, cmd.Config)
 	cmd.UI.DisplayWarnings(warnings)
 	if err != nil {
 		return err
 	}
 
-	// Validate source format
 	if err := validateSource(source); err != nil {
 		return err
 	}
@@ -67,7 +53,6 @@ func (cmd AddRoutePolicyCommand) Execute(args []string) error {
 			"User":     user.Name,
 		})
 
-	// Display resolved source (for transparency)
 	cmd.UI.DisplayText("  {{.ScopeDisplay}}",
 		map[string]interface{}{
 			"ScopeDisplay": scopeDisplay,
@@ -88,169 +73,7 @@ func (cmd AddRoutePolicyCommand) Execute(args []string) error {
 	return nil
 }
 
-// validateSourceFlags ensures exactly one source target is specified and validates combinations
-func (cmd AddRoutePolicyCommand) validateSourceFlags() error {
-	sourceFlags := []string{}
-
-	if cmd.Source != "" {
-		sourceFlags = append(sourceFlags, "--source")
-	}
-	if cmd.SourceApp != "" {
-		sourceFlags = append(sourceFlags, "--source-app")
-	}
-	if cmd.SourceSpace != "" && cmd.SourceApp == "" {
-		// --source-space only counts as a primary source if --source-app is NOT provided
-		sourceFlags = append(sourceFlags, "--source-space")
-	}
-	if cmd.SourceOrg != "" && cmd.SourceSpace == "" && cmd.SourceApp == "" {
-		// --source-org only counts as a primary source if neither --source-space nor --source-app are provided
-		sourceFlags = append(sourceFlags, "--source-org")
-	}
-	if cmd.SourceAny {
-		sourceFlags = append(sourceFlags, "--source-any")
-	}
-
-	if len(sourceFlags) == 0 {
-		return translatableerror.RequiredArgumentError{
-			ArgumentName: "one of: --source-app, --source-space, --source-org, --source-any, or --source",
-		}
-	}
-
-	if len(sourceFlags) > 1 {
-		return translatableerror.ArgumentCombinationError{
-			Args: sourceFlags,
-		}
-	}
-
-	return nil
-}
-
-// resolveSource resolves source flags to a source string
-// Returns (source, scopeDisplay, warnings, error)
-// scopeDisplay is a human-readable description for output (e.g., "scope: app, source: frontend-app")
-func (cmd AddRoutePolicyCommand) resolveSource() (string, string, v7action.Warnings, error) {
-	var allWarnings v7action.Warnings
-
-	// Priority: --source flag (raw source, no resolution needed)
-	if cmd.Source != "" {
-		return cmd.Source, fmt.Sprintf("source: %s", cmd.Source), allWarnings, nil
-	}
-
-	// --source-any
-	if cmd.SourceAny {
-		return "cf:any", "scope: any, source: any authenticated app", allWarnings, nil
-	}
-
-	// --source-app (with optional --source-space and --source-org for cross-space/org lookup)
-	if cmd.SourceApp != "" {
-		// Determine space GUID for app lookup
-		spaceGUID := cmd.Config.TargetedSpace().GUID
-		spaceName := cmd.Config.TargetedSpace().Name
-		orgName := cmd.Config.TargetedOrganization().Name
-
-		if cmd.SourceSpace != "" {
-			// Determine org GUID for space lookup
-			orgGUID := cmd.Config.TargetedOrganization().GUID
-			if cmd.SourceOrg != "" {
-				org, warnings, err := cmd.Actor.GetOrganizationByName(cmd.SourceOrg)
-				allWarnings = append(allWarnings, warnings...)
-				if err != nil {
-					return "", "", allWarnings, err
-				}
-				orgGUID = org.GUID
-				orgName = cmd.SourceOrg
-			}
-
-			// Resolve space by name
-			space, warnings, err := cmd.Actor.GetSpaceByNameAndOrganization(cmd.SourceSpace, orgGUID)
-			allWarnings = append(allWarnings, warnings...)
-			if err != nil {
-				return "", "", allWarnings, err
-			}
-			spaceGUID = space.GUID
-			spaceName = cmd.SourceSpace
-		}
-
-		// Resolve app by name in the determined space
-		app, warnings, err := cmd.Actor.GetApplicationByNameAndSpace(cmd.SourceApp, spaceGUID)
-		allWarnings = append(allWarnings, warnings...)
-		if err != nil {
-			// Enhanced error message for app not found
-			if _, ok := err.(actionerror.ApplicationNotFoundError); ok {
-				if cmd.SourceSpace == "" {
-					// App not found in current space
-					return "", "", allWarnings, fmt.Errorf(
-						"App '%s' not found in space '%s' / org '%s'.\nTIP: If the app is in a different space or org, use --source-space and/or --source-org flags.",
-						cmd.SourceApp,
-						cmd.Config.TargetedSpace().Name,
-						cmd.Config.TargetedOrganization().Name,
-					)
-				}
-			}
-			return "", "", allWarnings, err
-		}
-
-		scopeDisplay := fmt.Sprintf("scope: app, source: %s", cmd.SourceApp)
-		if cmd.SourceSpace != "" {
-			scopeDisplay += fmt.Sprintf(" (space: %s", spaceName)
-			if cmd.SourceOrg != "" {
-				scopeDisplay += fmt.Sprintf(", org: %s", orgName)
-			}
-			scopeDisplay += ")"
-		}
-
-		return fmt.Sprintf("cf:app:%s", app.GUID), scopeDisplay, allWarnings, nil
-	}
-
-	// --source-space (without --source-app, so create space-level policy)
-	if cmd.SourceSpace != "" {
-		// Determine org GUID for space lookup
-		orgGUID := cmd.Config.TargetedOrganization().GUID
-		orgName := cmd.Config.TargetedOrganization().Name
-		if cmd.SourceOrg != "" {
-			org, warnings, err := cmd.Actor.GetOrganizationByName(cmd.SourceOrg)
-			allWarnings = append(allWarnings, warnings...)
-			if err != nil {
-				return "", "", allWarnings, err
-			}
-			orgGUID = org.GUID
-			orgName = cmd.SourceOrg
-		}
-
-		// Resolve space by name
-		space, warnings, err := cmd.Actor.GetSpaceByNameAndOrganization(cmd.SourceSpace, orgGUID)
-		allWarnings = append(allWarnings, warnings...)
-		if err != nil {
-			return "", "", allWarnings, err
-		}
-
-		scopeDisplay := fmt.Sprintf("scope: space, source: %s", cmd.SourceSpace)
-		if cmd.SourceOrg != "" {
-			scopeDisplay += fmt.Sprintf(" (org: %s)", orgName)
-		}
-
-		return fmt.Sprintf("cf:space:%s", space.GUID), scopeDisplay, allWarnings, nil
-	}
-
-	// --source-org (without --source-space or --source-app, so create org-level policy)
-	if cmd.SourceOrg != "" {
-		org, warnings, err := cmd.Actor.GetOrganizationByName(cmd.SourceOrg)
-		allWarnings = append(allWarnings, warnings...)
-		if err != nil {
-			return "", "", allWarnings, err
-		}
-
-		scopeDisplay := fmt.Sprintf("scope: org, source: %s", cmd.SourceOrg)
-
-		return fmt.Sprintf("cf:org:%s", org.GUID), scopeDisplay, allWarnings, nil
-	}
-
-	// Should never reach here due to validation
-	return "", "", allWarnings, fmt.Errorf("no source specified")
-}
-
 func validateSource(source string) error {
-	// Basic validation - check for cf:app:, cf:space:, cf:org:, or cf:any prefix
 	validPrefixes := []string{"cf:app:", "cf:space:", "cf:org:", "cf:any"}
 	for _, prefix := range validPrefixes {
 		if len(source) >= len(prefix) && source[:len(prefix)] == prefix {
@@ -260,7 +83,6 @@ func validateSource(source string) error {
 				}
 				return nil
 			}
-			// For other sources, ensure there's a GUID after the prefix
 			if len(source) <= len(prefix) {
 				return fmt.Errorf("source '%s' must include a GUID (e.g., %s<guid>)", source, prefix)
 			}
diff --git a/command/v7/remove_route_policy_command.go b/command/v7/remove_route_policy_command.go
@@ -7,16 +7,21 @@ import (
 type RemoveRoutePolicyCommand struct {
 	BaseCommand
 
-	RequiredArgs    flag.RemoveRoutePolicyArgs `positional-args:"yes"`
-	Source          string                     `long:"source" required:"true" description:"Source to identify the route policy (cf:app:<guid>, cf:space:<guid>, cf:org:<guid>, or cf:any)"`
-	Hostname        string                     `long:"hostname" required:"true" description:"Hostname for the route"`
-	Path            string                     `long:"path" description:"Path for the route"`
-	Force           bool                       `short:"f" description:"Force deletion without confirmation"`
-	usage           interface{}                `usage:"CF_NAME remove-route-policy DOMAIN --source SOURCE --hostname HOSTNAME [--path PATH] [-f]\n\nEXAMPLES:\n   cf remove-route-policy apps.identity --source cf:app:d76446a1-f429-4444-8797-be2f78b75b08 --hostname backend\n   cf remove-route-policy apps.identity --source cf:space:2b26e210-1b48-4e60-8432-f24bc5927789 --hostname api --path /metrics -f\n   cf remove-route-policy apps.identity --source cf:any --hostname public-api -f"`
-	relatedCommands interface{}                `related_commands:"route-policies, add-route-policy"`
+	RequiredArgs flag.RemoveRoutePolicyArgs `positional-args:"yes"`
+	RoutePolicySourceFlags
+	Hostname string `long:"hostname" required:"true" description:"Hostname for the route"`
+	Path     string `long:"path" description:"Path for the route"`
+	Force    bool   `short:"f" description:"Force deletion without confirmation"`
+
+	usage           interface{} `usage:"CF_NAME remove-route-policy DOMAIN --hostname HOSTNAME [--source-app APP_NAME [--source-space SPACE_NAME] [--source-org ORG_NAME] | --source-space SPACE_NAME [--source-org ORG_NAME] | --source-org ORG_NAME | --source-any | --source SOURCE] [--path PATH] [-f]\n\nEXAMPLES:\n   # Remove by app name (mirrors add-route-policy)\n   cf remove-route-policy apps.identity --source-app frontend-app --hostname backend\n\n   # Remove by app in a different space\n   cf remove-route-policy apps.identity --source-app api-client --source-space other-space --hostname backend\n\n   # Remove a space-level policy\n   cf remove-route-policy apps.identity --source-space monitoring --hostname api --path /metrics -f\n\n   # Remove an org-level policy\n   cf remove-route-policy apps.identity --source-org platform --hostname shared-api -f\n\n   # Remove using raw source (advanced)\n   cf remove-route-policy apps.identity --source cf:app:d76446a1-f429-4444-8797-be2f78b75b08 --hostname backend\n   cf remove-route-policy apps.identity --source cf:any --hostname public-api -f"`
+	relatedCommands interface{} `related_commands:"route-policies, add-route-policy"`
 }
 
 func (cmd RemoveRoutePolicyCommand) Execute(args []string) error {
+	if err := cmd.RoutePolicySourceFlags.validateSourceFlags(); err != nil {
+		return err
+	}
+
 	err := cmd.SharedActor.CheckTarget(true, true)
 	if err != nil {
 		return err
@@ -27,8 +32,13 @@ func (cmd RemoveRoutePolicyCommand) Execute(args []string) error {
 		return err
 	}
 
-	// Validate source format
-	if err := validateSource(cmd.Source); err != nil {
+	source, _, warnings, err := resolveSource(cmd.RoutePolicySourceFlags, cmd.Actor, cmd.Config)
+	cmd.UI.DisplayWarnings(warnings)
+	if err != nil {
+		return err
+	}
+
+	if err := validateSource(source); err != nil {
 		return err
 	}
 
@@ -37,7 +47,7 @@ func (cmd RemoveRoutePolicyCommand) Execute(args []string) error {
 	if !cmd.Force {
 		prompt := "Really remove route policy with source {{.Source}} for route {{.Hostname}}.{{.Domain}}{{.Path}}?"
 		response, promptErr := cmd.UI.DisplayBoolPrompt(false, prompt, map[string]interface{}{
-			"Source":   cmd.Source,
+			"Source":   source,
 			"Hostname": cmd.Hostname,
 			"Domain":   domainName,
 			"Path":     formatPath(cmd.Path),
@@ -61,7 +71,7 @@ func (cmd RemoveRoutePolicyCommand) Execute(args []string) error {
 			"User":     user.Name,
 		})
 
-	warnings, err := cmd.Actor.DeleteRoutePolicyBySource(domainName, cmd.Source, cmd.Hostname, cmd.Path)
+	warnings, err = cmd.Actor.DeleteRoutePolicyBySource(domainName, source, cmd.Hostname, cmd.Path)
 	cmd.UI.DisplayWarnings(warnings)
 	if err != nil {
 		return err
diff --git a/command/v7/route_policy_source_flags.go b/command/v7/route_policy_source_flags.go
