Simplify policy identification: use name as primary identifier; remove ID from policies #250
Description
SPIKE policies currently have both an ID (UUID) and a name field, which adds unnecessary complexity.
In comparison, HashiCorp Vault policies use only a name as the unique identifier. Following the same approach will provide simplicity and better UX.
Current Behavior
SPIKE policies have two identifiers:
- ID: Auto-generated UUID (e.g., 550e8400-e29b-41d4-a716-446655440000)
- name: User-provided name (e.g., database-policy)
This creates ambiguity:
- Which identifier should users use for spike policy get?
- Which identifier appears in logs and audit trails?
- Users must track both values or look up one from the other
Expectation:
Use name as the sole unique identifier for policies.
Remove the ID field from db schema.
# Create policy with unique name
spike policy create database-policy --spiffeid-pattern "..." --path-pattern "..."
# Reference by name only
spike policy get database-policy
spike policy delete database-policy
Rationale
- Simplicity: One identifier is easier to remember and use than two
- Vault compatibility: Users familiar with Vault will expect this pattern
- Human-readable: Names are meaningful; UUIDs are not
- Fewer moving parts: No need to generate, store, or index UUIDs
- Better UX: spike policy get database-policy is clearer than spike policy get 550e8400-e29b-41d4-a716-446655440000