gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-10 01:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement M3: expiration threshold alerting with dedup and status transitions

Browse Source 
- Add alert_thresholds_days JSONB column to renewal_policies (default [30,14,7,0])
- Add RenewalPolicy.AlertThresholdsDays field + EffectiveAlertThresholds() helper
- Add RenewalPolicyRepository interface + postgres implementation
- Rewrite CheckExpiringCertificates with per-policy threshold alerting
- Add SendThresholdAlert + HasThresholdNotification for deduplication via [threshold:N] tags
- Add Type and MessageLike filters to NotificationFilter + postgres query support
- Auto-transition certs to Expiring (>0 days) or Expired (<=0 days) status
- Record expiration_alert_sent audit events per threshold crossing
- Fix .gitignore: allow SQL migration files, scope server/agent build artifact rules
- Track previously untracked cmd/ and migrations/ directories
- Update docs (README, architecture, demo-advanced) for threshold alerting

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-03-15 00:03:43 -04:00
parent ae67b10708
commit 1d1b89c9b5
17 changed files with 1485 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
migrations/seed.sql
+53
View File
@@ -0,0 +1,53 @@
-- Seed data for certificate control plane
-- Default renewal policy
INSERT INTO renewal_policies (id, name, renewal_window_days, auto_renew, max_retries, retry_interval_minutes, alert_thresholds_days)
VALUES (
'rp-default',
'default',
30,
true,
3,
60,
'[30, 14, 7, 0]'::jsonb
) ON CONFLICT (id) DO NOTHING;
-- Policy rules: Require owner assignment
INSERT INTO policy_rules (id, name, type, config, enabled)
VALUES (
'pr-require-owner',
'require-owner',
'ownership',
'{"requirement": "owner_id must be set"}'::jsonb,
true
) ON CONFLICT (id) DO NOTHING;
-- Policy rules: Allowed environments
INSERT INTO policy_rules (id, name, type, config, enabled)
VALUES (
'pr-allowed-environments',
'allowed-environments',
'environment',
'{"allowed": ["production", "staging", "development"]}'::jsonb,
true
) ON CONFLICT (id) DO NOTHING;
-- Policy rules: Maximum certificate lifetime
INSERT INTO policy_rules (id, name, type, config, enabled)
VALUES (
'pr-max-certificate-lifetime',
'max-certificate-lifetime',
'lifetime',
'{"max_days": 90}'::jsonb,
true
) ON CONFLICT (id) DO NOTHING;
-- Policy rules: Minimum renewal window
INSERT INTO policy_rules (id, name, type, config, enabled)
VALUES (
'pr-min-renewal-window',
'min-renewal-window',
'renewal_window',
'{"min_days": 14}'::jsonb,
true
) ON CONFLICT (id) DO NOTHING;