mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-14 05:09:02 +00:00
Initial scaffold: certificate control plane v0.1.0
This commit is contained in:
shankar0123
@@ -0,0 +1,27 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"time"
|
||||
)
|
||||
|
||||
// AuditEvent records an action taken in the control plane.
|
||||
type AuditEvent struct {
|
||||
ID string `json:"id"`
|
||||
Actor string `json:"actor"`
|
||||
ActorType ActorType `json:"actor_type"`
|
||||
Action string `json:"action"`
|
||||
ResourceType string `json:"resource_type"`
|
||||
ResourceID string `json:"resource_id"`
|
||||
Details json.RawMessage `json:"details"`
|
||||
Timestamp time.Time `json:"timestamp"`
|
||||
}
|
||||
|
||||
// ActorType represents the entity performing an action.
|
||||
type ActorType string
|
||||
|
||||
const (
|
||||
ActorTypeUser ActorType = "User"
|
||||
ActorTypeSystem ActorType = "System"
|
||||
ActorTypeAgent ActorType = "Agent"
|
||||
)
|
||||
@@ -0,0 +1,65 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// ManagedCertificate represents a certificate managed by the control plane.
|
||||
type ManagedCertificate struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
CommonName string `json:"common_name"`
|
||||
SANs []string `json:"sans"`
|
||||
Environment string `json:"environment"`
|
||||
OwnerID string `json:"owner_id"`
|
||||
TeamID string `json:"team_id"`
|
||||
IssuerID string `json:"issuer_id"`
|
||||
TargetIDs []string `json:"target_ids"`
|
||||
RenewalPolicyID string `json:"renewal_policy_id"`
|
||||
Status CertificateStatus `json:"status"`
|
||||
ExpiresAt time.Time `json:"expires_at"`
|
||||
Tags map[string]string `json:"tags"`
|
||||
LastRenewalAt *time.Time `json:"last_renewal_at,omitempty"`
|
||||
LastDeploymentAt *time.Time `json:"last_deployment_at,omitempty"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
}
|
||||
|
||||
// CertificateVersion represents a specific version of a certificate.
|
||||
type CertificateVersion struct {
|
||||
ID string `json:"id"`
|
||||
CertificateID string `json:"certificate_id"`
|
||||
SerialNumber string `json:"serial_number"`
|
||||
NotBefore time.Time `json:"not_before"`
|
||||
NotAfter time.Time `json:"not_after"`
|
||||
FingerprintSHA256 string `json:"fingerprint_sha256"`
|
||||
PEMChain string `json:"pem_chain"`
|
||||
CSRPEM string `json:"csr_pem"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
}
|
||||
|
||||
// CertificateStatus represents the lifecycle status of a managed certificate.
|
||||
type CertificateStatus string
|
||||
|
||||
const (
|
||||
CertificateStatusPending CertificateStatus = "Pending"
|
||||
CertificateStatusActive CertificateStatus = "Active"
|
||||
CertificateStatusExpiring CertificateStatus = "Expiring"
|
||||
CertificateStatusExpired CertificateStatus = "Expired"
|
||||
CertificateStatusRenewalInProgress CertificateStatus = "RenewalInProgress"
|
||||
CertificateStatusFailed CertificateStatus = "Failed"
|
||||
CertificateStatusRevoked CertificateStatus = "Revoked"
|
||||
CertificateStatusArchived CertificateStatus = "Archived"
|
||||
)
|
||||
|
||||
// RenewalPolicy defines renewal parameters for a managed certificate.
|
||||
type RenewalPolicy struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
RenewalWindowDays int `json:"renewal_window_days"`
|
||||
AutoRenew bool `json:"auto_renew"`
|
||||
MaxRetries int `json:"max_retries"`
|
||||
RetryInterval int `json:"retry_interval_seconds"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Issuer represents a certificate authority or ACME provider.
|
||||
type Issuer struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Type IssuerType `json:"type"`
|
||||
Config json.RawMessage `json:"config"`
|
||||
Enabled bool `json:"enabled"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
}
|
||||
|
||||
// DeploymentTarget represents a target system where certificates are deployed.
|
||||
type DeploymentTarget struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Type TargetType `json:"type"`
|
||||
AgentID string `json:"agent_id"`
|
||||
Config json.RawMessage `json:"config"`
|
||||
Enabled bool `json:"enabled"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
}
|
||||
|
||||
// Agent represents an agent running on a target system.
|
||||
type Agent struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Hostname string `json:"hostname"`
|
||||
Status AgentStatus `json:"status"`
|
||||
LastHeartbeatAt *time.Time `json:"last_heartbeat_at,omitempty"`
|
||||
RegisteredAt time.Time `json:"registered_at"`
|
||||
APIKeyHash string `json:"api_key_hash"`
|
||||
}
|
||||
|
||||
// AgentStatus represents the operational status of an agent.
|
||||
type AgentStatus string
|
||||
|
||||
const (
|
||||
AgentStatusOnline AgentStatus = "Online"
|
||||
AgentStatusOffline AgentStatus = "Offline"
|
||||
AgentStatusDegraded AgentStatus = "Degraded"
|
||||
)
|
||||
|
||||
// IssuerType represents the type of certificate authority.
|
||||
type IssuerType string
|
||||
|
||||
const (
|
||||
IssuerTypeACME IssuerType = "ACME"
|
||||
IssuerTypeGenericCA IssuerType = "GenericCA"
|
||||
)
|
||||
|
||||
// TargetType represents the type of deployment target.
|
||||
type TargetType string
|
||||
|
||||
const (
|
||||
TargetTypeNGINX TargetType = "NGINX"
|
||||
TargetTypeF5 TargetType = "F5"
|
||||
TargetTypeIIS TargetType = "IIS"
|
||||
)
|
||||
@@ -0,0 +1,50 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Job represents a unit of work in the certificate control plane.
|
||||
type Job struct {
|
||||
ID string `json:"id"`
|
||||
Type JobType `json:"type"`
|
||||
CertificateID string `json:"certificate_id"`
|
||||
TargetID *string `json:"target_id,omitempty"`
|
||||
Status JobStatus `json:"status"`
|
||||
Attempts int `json:"attempts"`
|
||||
MaxAttempts int `json:"max_attempts"`
|
||||
LastError *string `json:"last_error,omitempty"`
|
||||
ScheduledAt time.Time `json:"scheduled_at"`
|
||||
StartedAt *time.Time `json:"started_at,omitempty"`
|
||||
CompletedAt *time.Time `json:"completed_at,omitempty"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
}
|
||||
|
||||
// JobType represents the classification of work to be performed.
|
||||
type JobType string
|
||||
|
||||
const (
|
||||
JobTypeIssuance JobType = "Issuance"
|
||||
JobTypeRenewal JobType = "Renewal"
|
||||
JobTypeDeployment JobType = "Deployment"
|
||||
JobTypeValidation JobType = "Validation"
|
||||
)
|
||||
|
||||
// JobStatus represents the execution state of a job.
|
||||
type JobStatus string
|
||||
|
||||
const (
|
||||
JobStatusPending JobStatus = "Pending"
|
||||
JobStatusRunning JobStatus = "Running"
|
||||
JobStatusCompleted JobStatus = "Completed"
|
||||
JobStatusFailed JobStatus = "Failed"
|
||||
JobStatusCancelled JobStatus = "Cancelled"
|
||||
)
|
||||
|
||||
// DeploymentJob represents a job that deploys a certificate to a target via an agent.
|
||||
type DeploymentJob struct {
|
||||
Job `json:"job"`
|
||||
AgentID string `json:"agent_id"`
|
||||
DeploymentResult json.RawMessage `json:"deployment_result,omitempty"`
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// NotificationEvent records a notification sent to users about certificate events.
|
||||
type NotificationEvent struct {
|
||||
ID string `json:"id"`
|
||||
Type NotificationType `json:"type"`
|
||||
CertificateID *string `json:"certificate_id,omitempty"`
|
||||
Channel NotificationChannel `json:"channel"`
|
||||
Recipient string `json:"recipient"`
|
||||
Message string `json:"message"`
|
||||
SentAt *time.Time `json:"sent_at,omitempty"`
|
||||
Status string `json:"status"`
|
||||
Error *string `json:"error,omitempty"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
}
|
||||
|
||||
// NotificationType represents the event that triggered a notification.
|
||||
type NotificationType string
|
||||
|
||||
const (
|
||||
NotificationTypeExpirationWarning NotificationType = "ExpirationWarning"
|
||||
NotificationTypeRenewalSuccess NotificationType = "RenewalSuccess"
|
||||
NotificationTypeRenewalFailure NotificationType = "RenewalFailure"
|
||||
NotificationTypeDeploymentSuccess NotificationType = "DeploymentSuccess"
|
||||
NotificationTypeDeploymentFailure NotificationType = "DeploymentFailure"
|
||||
NotificationTypePolicyViolation NotificationType = "PolicyViolation"
|
||||
)
|
||||
|
||||
// NotificationChannel represents the communication medium for a notification.
|
||||
type NotificationChannel string
|
||||
|
||||
const (
|
||||
NotificationChannelEmail NotificationChannel = "Email"
|
||||
NotificationChannelWebhook NotificationChannel = "Webhook"
|
||||
NotificationChannelSlack NotificationChannel = "Slack"
|
||||
)
|
||||
@@ -0,0 +1,47 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"time"
|
||||
)
|
||||
|
||||
// PolicyRule defines enforcement rules for certificate management.
|
||||
type PolicyRule struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Type PolicyType `json:"type"`
|
||||
Config json.RawMessage `json:"config"`
|
||||
Enabled bool `json:"enabled"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
}
|
||||
|
||||
// PolicyType represents the category of policy enforcement.
|
||||
type PolicyType string
|
||||
|
||||
const (
|
||||
PolicyTypeAllowedIssuers PolicyType = "AllowedIssuers"
|
||||
PolicyTypeAllowedDomains PolicyType = "AllowedDomains"
|
||||
PolicyTypeRequiredMetadata PolicyType = "RequiredMetadata"
|
||||
PolicyTypeAllowedEnvironments PolicyType = "AllowedEnvironments"
|
||||
PolicyTypeRenewalLeadTime PolicyType = "RenewalLeadTime"
|
||||
)
|
||||
|
||||
// PolicyViolation records an instance of a certificate violating a policy rule.
|
||||
type PolicyViolation struct {
|
||||
ID string `json:"id"`
|
||||
CertificateID string `json:"certificate_id"`
|
||||
RuleID string `json:"rule_id"`
|
||||
Message string `json:"message"`
|
||||
Severity PolicySeverity `json:"severity"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
}
|
||||
|
||||
// PolicySeverity indicates the impact level of a policy violation.
|
||||
type PolicySeverity string
|
||||
|
||||
const (
|
||||
PolicySeverityWarning PolicySeverity = "Warning"
|
||||
PolicySeverityError PolicySeverity = "Error"
|
||||
PolicySeverityCritical PolicySeverity = "Critical"
|
||||
)
|
||||
@@ -0,0 +1,24 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// Team represents an organizational unit managing certificates.
|
||||
type Team struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
}
|
||||
|
||||
// Owner represents a user who owns certificates within a team.
|
||||
type Owner struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
TeamID string `json:"team_id"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
}
|
||||
Reference in New Issue
Block a user