feat: store cas backend information in attestation

app/cli/pkg/action/action.go

@@ -24,6 +24,7 @@ import (
 
 	pb "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"
 	"github.com/chainloop-dev/chainloop/pkg/attestation/crafter"
+	clientAPI "github.com/chainloop-dev/chainloop/pkg/attestation/crafter/api/attestation/v1"
 	"github.com/chainloop-dev/chainloop/pkg/attestation/crafter/statemanager/filesystem"
 	"github.com/chainloop-dev/chainloop/pkg/attestation/crafter/statemanager/remote"
 	"github.com/chainloop-dev/chainloop/pkg/casclient"
@@ -100,26 +101,32 @@ func newCrafter(stateOpts *newCrafterStateOpts, conn *grpc.ClientConn, opts ...c
 }
 
 // getCASBackend tries to get CAS upload credentials and set up a CAS client
-func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, workflowRunID, casCAPath, casURI string, casConnectionInsecure bool, logger zerolog.Logger, casBackend *casclient.CASBackend) (func() error, error) {
+func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, workflowRunID, casCAPath, casURI string, casConnectionInsecure bool, logger zerolog.Logger, casBackend *casclient.CASBackend) (*clientAPI.Attestation_CASBackend, func() error, error) {
 	credsResp, err := client.GetUploadCreds(ctx, &pb.AttestationServiceGetUploadCredsRequest{
 		WorkflowRunId: workflowRunID,
 	})
 	if err != nil {
 		// Log warning but don't fail - will fall back to inline storage
 		logger.Warn().Err(err).Msg("failed to get CAS credentials for PR metadata, will store inline")
-		return nil, fmt.Errorf("getting upload creds: %w", err)
+		return nil, nil, fmt.Errorf("getting upload creds: %w", err)
 	}
 
 	if credsResp == nil || credsResp.GetResult() == nil {
 		logger.Debug().Msg("no upload creds result, will store inline")
-		return nil, fmt.Errorf("getting upload creds: %w", err)
+		return nil, nil, fmt.Errorf("getting upload creds: %w", err)
 	}
 
 	result := credsResp.GetResult()
 	backend := result.GetBackend()
 	if backend == nil {
 		logger.Debug().Msg("no backend info in upload creds, will store inline")
-		return nil, fmt.Errorf("no backend found in upload creds")
+		return nil, nil, fmt.Errorf("no backend found in upload creds")
+	}
+
+	casBackendInfo := &clientAPI.Attestation_CASBackend{
+		CasBackendId:   backend.Id,
+		CasBackendName: backend.Name,
+		Fallback:       backend.Fallback,
 	}
 
 	casBackend.Name = backend.Provider
@@ -129,7 +136,7 @@ func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, work
 
 	// Only attempt to create a CAS connection when not inline and token is present
 	if backend.IsInline || result.Token == "" {
-		return nil, nil
+		return casBackendInfo, nil, nil
 	}
 
 	opts := []grpcconn.Option{grpcconn.WithInsecure(casConnectionInsecure)}
@@ -140,9 +147,9 @@ func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, work
 	artifactCASConn, err := grpcconn.New(casURI, result.Token, opts...)
 	if err != nil {
 		logger.Warn().Err(err).Msg("failed to create CAS connection, will store inline")
-		return nil, fmt.Errorf("creating CAS connection: %w", err)
+		return nil, nil, fmt.Errorf("creating CAS connection: %w", err)
 	}
 
 	casBackend.Uploader = casclient.New(artifactCASConn, casclient.WithLogger(logger))
-	return artifactCASConn.Close, nil
+	return casBackendInfo, artifactCASConn.Close, nil
 }

app/cli/pkg/action/attestation_add.go

@@ -99,7 +99,7 @@ func (action *AttestationAdd) Run(ctx context.Context, attestationID, materialNa
 	if !crafter.CraftingState.GetDryRun() {
 		client := pb.NewAttestationServiceClient(action.CPConnection)
 		workflowRunID := crafter.CraftingState.GetAttestation().GetWorkflow().GetWorkflowRunId()
-		connectionCloserFn, getCASBackendErr := getCASBackend(ctx, client, workflowRunID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend)
+		_, connectionCloserFn, getCASBackendErr := getCASBackend(ctx, client, workflowRunID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend)
 		if getCASBackendErr != nil {
 			return nil, fmt.Errorf("failed to get CAS backend: %w", getCASBackendErr)
 		}

app/cli/pkg/action/attestation_init.go

@@ -231,8 +231,10 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun
 
 	// Get CAS credentials for PR metadata upload
 	var casBackend = &casclient.CASBackend{Name: "not-set"}
+	var casBackendInfo *clientAPI.Attestation_CASBackend
 	if !action.dryRun && attestationID != "" {
-		connectionCloserFn, err := getCASBackend(ctx, client, attestationID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend)
+		var connectionCloserFn func() error
+		casBackendInfo, connectionCloserFn, err = getCASBackend(ctx, client, attestationID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend)
 		if err != nil {
 			// We don't want to fail the attestation initialization if CAS setup fails, it's a best-effort feature for PR/MR metadata
 			action.Logger.Warn().Err(err).Msg("unexpected error getting CAS backend")
@@ -275,7 +277,8 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun
 			TimestampAuthorityURL: timestampAuthorityURL,
 			SigningCAName:         signingCAName,
 		},
-		Auth: authInfo,
+		Auth:       authInfo,
+		CASBackend: casBackendInfo,
 	}
 
 	if err := action.c.Init(ctx, initOpts); err != nil {

app/controlplane/api/controlplane/v1/response_messages.proto

@@ -312,6 +312,8 @@ message CASBackendItem {
   // Error message if validation failed
   optional string validation_error = 12;
   google.protobuf.Timestamp updated_at = 13;
+  // Wether it's the fallback backend in the organization
+  bool fallback = 14;
 
   message Limits {
     // Max number of bytes allowed to be stored in this backend