Get log proofs by Tree ID (#733)

We will need this so we can get proofs for inactive shards. This will be used by `loginfo`.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

cmd/rekor-cli/app/log_proof.go

@@ -79,10 +79,12 @@ var logProofCmd = &cobra.Command{
 
 		firstSize := int64(viper.GetUint64("first-size"))
 		lastSize := int64(viper.GetUint64("last-size"))
+		treeID := viper.GetString("tree-id")
 
 		params := tlog.NewGetLogProofParams()
 		params.FirstSize = &firstSize
 		params.LastSize = lastSize
+		params.TreeID = &treeID
 		params.SetTimeout(viper.GetDuration("timeout"))
 
 		result, err := rekorClient.Tlog.GetLogProof(params)
@@ -102,6 +104,8 @@ func init() {
 	initializePFlagMap()
 	logProofCmd.Flags().Uint64("first-size", 1, "the size of the log where the proof should begin")
 	logProofCmd.Flags().Uint64("last-size", 0, "the size of the log where the proof should end")
+	logProofCmd.Flags().String("tree-id", "", "the tree id of the log (defaults to active tree)")
+
 	if err := logProofCmd.MarkFlagRequired("last-size"); err != nil {
 		fmt.Println(err)
 		os.Exit(1)

openapi.yaml

@@ -125,6 +125,11 @@ paths:
           required: true
           minimum: 1
           description: The size of the tree that you wish to prove consistency to
+        - in: query
+          name: treeID
+          type: string
+          pattern: '^[0-9]+$'
+          description: The tree ID of the tree that you wish to prove consistency for
       responses:
         200:
           description: All hashes required to compute the consistency proof

pkg/api/tlog.go

@@ -19,15 +19,18 @@ import (
 	"encoding/hex"
 	"fmt"
 	"net/http"
+	"strconv"
 	"time"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/swag"
 	"github.com/google/trillian/types"
 	"github.com/spf13/viper"
 	"google.golang.org/grpc/codes"
 
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/tlog"
+	"github.com/sigstore/rekor/pkg/log"
 	"github.com/sigstore/rekor/pkg/util"
 	"github.com/sigstore/sigstore/pkg/signature/options"
 )
@@ -92,6 +95,14 @@ func GetLogProofHandler(params tlog.GetLogProofParams) middleware.Responder {
 		return handleRekorAPIError(params, http.StatusBadRequest, nil, fmt.Sprintf(firstSizeLessThanLastSize, *params.FirstSize, params.LastSize))
 	}
 	tc := NewTrillianClient(params.HTTPRequest.Context())
+	if treeID := swag.StringValue(params.TreeID); treeID != "" {
+		id, err := strconv.Atoi(treeID)
+		if err != nil {
+			log.Logger.Infof("Unable to convert %s to string, skipping initializing client with Tree ID: %v", treeID, err)
+		} else {
+			tc = NewTrillianClientFromTreeID(params.HTTPRequest.Context(), int64(id))
+		}
+	}
 
 	resp := tc.getConsistencyProof(*params.FirstSize, params.LastSize)
 	if resp.status != codes.OK {

pkg/generated/client/tlog/get_log_proof_parameters.go

@@ -91,6 +91,12 @@ type GetLogProofParams struct {
 	*/
 	LastSize int64
 
+	/* TreeID.
+
+	   The tree ID of the tree that you wish to prove consistency for
+	*/
+	TreeID *string
+
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
@@ -177,6 +183,17 @@ func (o *GetLogProofParams) SetLastSize(lastSize int64) {
 	o.LastSize = lastSize
 }
 
+// WithTreeID adds the treeID to the get log proof params
+func (o *GetLogProofParams) WithTreeID(treeID *string) *GetLogProofParams {
+	o.SetTreeID(treeID)
+	return o
+}
+
+// SetTreeID adds the treeId to the get log proof params
+func (o *GetLogProofParams) SetTreeID(treeID *string) {
+	o.TreeID = treeID
+}
+
 // WriteToRequest writes these params to a swagger request
 func (o *GetLogProofParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 
@@ -212,6 +229,23 @@ func (o *GetLogProofParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.R
 		}
 	}
 
+	if o.TreeID != nil {
+
+		// query param treeID
+		var qrTreeID string
+
+		if o.TreeID != nil {
+			qrTreeID = *o.TreeID
+		}
+		qTreeID := qrTreeID
+		if qTreeID != "" {
+
+			if err := r.SetQueryParam("treeID", qTreeID); err != nil {
+				return err
+			}
+		}
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}

pkg/generated/restapi/operations/tlog/get_log_proof_parameters.go

@@ -69,6 +69,11 @@ type GetLogProofParams struct {
 	  In: query
 	*/
 	LastSize int64
+	/*The tree ID of the tree that you wish to prove consistency for
+	  Pattern: ^[0-9]+$
+	  In: query
+	*/
+	TreeID *string
 }
 
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
@@ -91,6 +96,11 @@ func (o *GetLogProofParams) BindRequest(r *http.Request, route *middleware.Match
 	if err := o.bindLastSize(qLastSize, qhkLastSize, route.Formats); err != nil {
 		res = append(res, err)
 	}
+
+	qTreeID, qhkTreeID, _ := qs.GetOK("treeID")
+	if err := o.bindTreeID(qTreeID, qhkTreeID, route.Formats); err != nil {
+		res = append(res, err)
+	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -174,3 +184,35 @@ func (o *GetLogProofParams) validateLastSize(formats strfmt.Registry) error {
 
 	return nil
 }
+
+// bindTreeID binds and validates parameter TreeID from query.
+func (o *GetLogProofParams) bindTreeID(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: false
+	// AllowEmptyValue: false
+
+	if raw == "" { // empty values pass all other validations
+		return nil
+	}
+	o.TreeID = &raw
+
+	if err := o.validateTreeID(formats); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// validateTreeID carries on validations for parameter TreeID
+func (o *GetLogProofParams) validateTreeID(formats strfmt.Registry) error {
+
+	if err := validate.Pattern("treeID", "query", *o.TreeID, `^[0-9]+$`); err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/generated/restapi/operations/tlog/get_log_proof_urlbuilder.go

@@ -33,6 +33,7 @@ import (
 type GetLogProofURL struct {
 	FirstSize *int64
 	LastSize  int64
+	TreeID    *string
 
 	_basePath string
 	// avoid unkeyed usage
@@ -78,6 +79,14 @@ func (o *GetLogProofURL) Build() (*url.URL, error) {
 		qs.Set("lastSize", lastSizeQ)
 	}
 
+	var treeIDQ string
+	if o.TreeID != nil {
+		treeIDQ = *o.TreeID
+	}
+	if treeIDQ != "" {
+		qs.Set("treeID", treeIDQ)
+	}
+
 	_result.RawQuery = qs.Encode()
 
 	return &_result, nil

tests/sharding-e2e-test.sh

@@ -67,8 +67,8 @@ echo
 
 # rekor-cli loginfo should work
 $REKOR_CLI loginfo --rekor_server http://localhost:3000 --store_tree_state=false
-CURRENT_TREE_ID=$($REKOR_CLI loginfo --rekor_server http://localhost:3000  --format json --store_tree_state=false | jq -r .TreeID)
-echo "current Tree ID is $CURRENT_TREE_ID"
+INITIAL_TREE_ID=$($REKOR_CLI loginfo --rekor_server http://localhost:3000  --format json --store_tree_state=false | jq -r .TreeID)
+echo "Initial Tree ID is $INITIAL_TREE_ID"
 
 
 # Add some things to the tlog :)
@@ -81,6 +81,7 @@ cd ../..
 
 # Make sure we have three entries in the log
 check_log_index 2
+$REKOR_CLI logproof --rekor_server http://localhost:3000 --last-size 2
 
 # Now, we want to shard the log.
 # Create a new tree
@@ -120,7 +121,7 @@ services:
       "--enable_attestation_storage",
       "--attestation_storage_bucket=file:///var/run/attestations",
       "--trillian_log_server.tlog_id=$SHARD_TREE_ID",
-      "--trillian_log_server.log_id_ranges=$CURRENT_TREE_ID=3,$SHARD_TREE_ID"
+      "--trillian_log_server.log_id_ranges=$INITIAL_TREE_ID=3,$SHARD_TREE_ID"
       # Uncomment this for production logging
       # "--log_type=prod",
       ]
@@ -166,6 +167,11 @@ popd
 # Pass in the universal log_index & make sure it resolves 
 check_log_index 3
 
+# Make sure we can still get logproof for the now-inactive shard
+$REKOR_CLI logproof --last-size 2 --tree-id $INITIAL_TREE_ID --rekor_server http://localhost:3000
+# And the logproof for the now active shard
+$REKOR_CLI logproof --last-size 1 --rekor_server http://localhost:3000
+
 # TODO: Try to get the entry via Entry ID (Tree ID in hex + UUID)
 UUID=$($REKOR_CLI get --log-index 2 --rekor_server http://localhost:3000 --format json | jq -r .UUID)