fix: use entry uuid uniformly

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

update tree id

Signed-off-by: Asra Ali <asraa@google.com>

update

Signed-off-by: Asra Ali <asraa@google.com>

fix errors

Signed-off-by: Asra Ali <asraa@google.com>

cmd/rekor-cli/app/get.go

@@ -127,13 +127,30 @@ var getCmd = &cobra.Command{
 				return nil, err
 			}
 
-			u, err := sharding.GetUUIDFromIDString(params.EntryUUID)
+			paramsUUID, err := sharding.GetUUIDFromIDString(params.EntryUUID)
 			if err != nil {
 				return nil, err
 			}
+			paramsTreeID, err := sharding.GetTreeIDFromIDString(params.EntryUUID)
+			if err != nil && !errors.Is(err, sharding.ErrPlainUUID) {
+				return nil, err
+			}
 
 			for k, entry := range resp.Payload {
-				if k != u {
+				outputUUID, err := sharding.GetUUIDFromIDString(k)
+				if err != nil {
+					return nil, err
+				}
+				outTreeID, err := sharding.GetTreeIDFromIDString(k)
+				if err != nil && !errors.Is(err, sharding.ErrPlainUUID) {
+					return nil, err
+				}
+
+				// Compare against expected UUID and Tree ID (if present).
+				if outputUUID != paramsUUID {
+					continue
+				}
+				if paramsTreeID != "" && outTreeID != "" && paramsTreeID != outTreeID {
 					continue
 				}
 

cmd/rekor-cli/app/verify.go

@@ -164,8 +164,11 @@ var verifyCmd = &cobra.Command{
 			}
 		}
 
-		// Note: the returned entry UUID is the UUID (not include the Tree ID)
-		leafHash, _ := hex.DecodeString(o.EntryUUID)
+		outputUUID, err := sharding.GetUUIDFromIDString(o.EntryUUID)
+		if err != nil {
+			return nil, err
+		}
+		leafHash, _ := hex.DecodeString(outputUUID)
 		if !bytes.Equal(rfc6962.DefaultHasher.HashLeaf(entryBytes), leafHash) {
 			return nil, fmt.Errorf("computed leaf hash did not match entry UUID")
 		}

pkg/api/entries.go

@@ -96,6 +96,13 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, tc TrillianC
 	}
 
 	uuid := hex.EncodeToString(leaf.MerkleLeafHash)
+	treeID := fmt.Sprintf("%x", tid)
+	entryIDstruct, err := sharding.CreateEntryIDFromParts(treeID, uuid)
+	if err != nil {
+		return nil, fmt.Errorf("error creating EntryID from active treeID %v and uuid %v: %w", treeID, uuid, err)
+	}
+	entryID := entryIDstruct.ReturnEntryIDString()
+
 	if viper.GetBool("enable_attestation_storage") {
 		pe, err := models.UnmarshalProposedEntry(bytes.NewReader(leaf.LeafValue), runtime.JSONConsumer())
 		if err != nil {
@@ -119,11 +126,6 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, tc TrillianC
 			}
 			// if looking up by key failed or we weren't able to generate a key, try looking up by uuid
 			if attKey == "" || fetchErr != nil {
-				activeTree := fmt.Sprintf("%x", tc.logID)
-				entryIDstruct, err := sharding.CreateEntryIDFromParts(activeTree, uuid)
-				if err != nil {
-					return nil, fmt.Errorf("error creating EntryID from active treeID %v and uuid %v: %w", activeTree, uuid, err)
-				}
 				att, fetchErr = storageClient.FetchAttestation(ctx, entryIDstruct.UUID)
 				if fetchErr != nil {
 					log.ContextLogger(ctx).Errorf("error fetching attestation by uuid: %s %v", entryIDstruct.UUID, fetchErr)
@@ -143,7 +145,7 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, tc TrillianC
 	}
 
 	return models.LogEntry{
-		uuid: logEntryAnon}, nil
+		entryID: logEntryAnon}, nil
 }
 
 // GetLogEntryAndProofByIndexHandler returns the entry and inclusion proof for a specified log index
@@ -262,7 +264,7 @@ func createLogEntry(params entries.CreateLogEntryParams) (models.LogEntry, middl
 	}
 
 	logEntry := models.LogEntry{
-		uuid: logEntryAnon,
+		entryID: logEntryAnon,
 	}
 	return logEntry, nil
 }

tests/sharding-e2e-test.sh

@@ -243,20 +243,14 @@ fi
 echo
 echo "Testing /api/v1/log/entries/retrieve endpoint..."
 
-UUID1=$($REKOR_CLI get --log-index 1 --rekor_server http://localhost:3000 --format json | jq -r .UUID)
-UUID2=$($REKOR_CLI get --log-index 3 --rekor_server http://localhost:3000 --format json | jq -r .UUID)
+ENTRY_ID_1=$($REKOR_CLI get --log-index 1 --rekor_server http://localhost:3000 --format json | jq -r .UUID)
+ENTRY_ID_2=$($REKOR_CLI get --log-index 3 --rekor_server http://localhost:3000 --format json | jq -r .UUID)
 
 
 # Make sure retrieve by UUID in the inactive shard works
-NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$UUID1\"]}" | jq '. | length')
+NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$ENTRY_ID_1\"]}" | jq '. | length')
 stringsMatch $NUM_ELEMENTS "1"
 
-HEX_INITIAL_TREE_ID=$(printf "%x" $INITIAL_TREE_ID | awk '{ for(c = 0; c < 16 ; c++) s = s"0"; s = s$1; print substr(s, 1 + length(s) - 16);}')
-HEX_INITIAL_SHARD_ID=$(printf "%x" $SHARD_TREE_ID | awk '{ for(c = 0; c < 16 ; c++) s = s"0"; s = s$1; print substr(s, 1 + length(s) - 16);}')
-
-ENTRY_ID_1=$(echo -n "$HEX_INITIAL_TREE_ID$UUID1" | xargs echo -n)
-ENTRY_ID_2=$(echo -n "$HEX_INITIAL_SHARD_ID$UUID2" | xargs echo -n)
-
 # -f makes sure we exit on failure
 NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$ENTRY_ID_1\", \"$ENTRY_ID_2\"]}" | jq '. | length')
 stringsMatch $NUM_ELEMENTS "2"