gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 13:51:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(V2.2): bulk revocation — filter-based fleet-wide certificate revocation

Browse Source 
Add POST /api/v1/certificates/bulk-revoke with filter criteria (profile_id,
owner_id, agent_id, issuer_id, team_id, certificate_ids), partial-failure
tolerance, and audit trail. Includes MCP tool, CLI command (certs bulk-revoke),
server-side bulk modal in GUI replacing client-side sequential loop, OpenAPI
spec, compliance mapping updates, and 21 new tests (12 service, 7 handler,
1 CLI, 1 frontend).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-04-16 00:06:34 -04:00
parent 84bc1245a1
commit 13cd4d98ba
25 changed files with 1264 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/domain/revocation.go
+32
View File
@@ -43,6 +43,38 @@ func CRLReasonCode(reason RevocationReason) int {
return 0 // unspecified
}
// BulkRevocationCriteria defines the filter criteria for bulk certificate revocation.
// At least one field must be set — empty criteria is rejected as a safety guard.
type BulkRevocationCriteria struct {
ProfileID string `json:"profile_id,omitempty"`
OwnerID string `json:"owner_id,omitempty"`
AgentID string `json:"agent_id,omitempty"`
IssuerID string `json:"issuer_id,omitempty"`
TeamID string `json:"team_id,omitempty"`
CertificateIDs []string `json:"certificate_ids,omitempty"`
}
// IsEmpty returns true if no filter criteria are set.
func (c BulkRevocationCriteria) IsEmpty() bool {
return c.ProfileID == "" && c.OwnerID == "" && c.AgentID == "" &&
c.IssuerID == "" && c.TeamID == "" && len(c.CertificateIDs) == 0
}
// BulkRevocationResult contains the outcome of a bulk revocation operation.
type BulkRevocationResult struct {
TotalMatched int `json:"total_matched"`
TotalRevoked int `json:"total_revoked"`
TotalSkipped int `json:"total_skipped"`
TotalFailed int `json:"total_failed"`
Errors []BulkRevocationError `json:"errors,omitempty"`
}
// BulkRevocationError records a per-certificate revocation failure.
type BulkRevocationError struct {
CertificateID string `json:"certificate_id"`
Error string `json:"error"`
}
// CertificateRevocation records the revocation of a specific certificate version.
// Used as the authoritative source for CRL generation.
type CertificateRevocation struct {