mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 12:41:30 +00:00
shankar0123
1d1b89c9b5
- Add alert_thresholds_days JSONB column to renewal_policies (default [30,14,7,0]) - Add RenewalPolicy.AlertThresholdsDays field + EffectiveAlertThresholds() helper - Add RenewalPolicyRepository interface + postgres implementation - Rewrite CheckExpiringCertificates with per-policy threshold alerting - Add SendThresholdAlert + HasThresholdNotification for deduplication via [threshold:N] tags - Add Type and MessageLike filters to NotificationFilter + postgres query support - Auto-transition certs to Expiring (>0 days) or Expired (<=0 days) status - Record expiration_alert_sent audit events per threshold crossing - Fix .gitignore: allow SQL migration files, scope server/agent build artifact rules - Track previously untracked cmd/ and migrations/ directories - Update docs (README, architecture, demo-advanced) for threshold alerting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
80 lines
3.2 KiB
Go
80 lines
3.2 KiB
Go
package domain
|
|
|
|
import (
|
|
"time"
|
|
)
|
|
|
|
// ManagedCertificate represents a certificate managed by the control plane.
|
|
type ManagedCertificate struct {
|
|
ID string `json:"id"`
|
|
Name string `json:"name"`
|
|
CommonName string `json:"common_name"`
|
|
SANs []string `json:"sans"`
|
|
Environment string `json:"environment"`
|
|
OwnerID string `json:"owner_id"`
|
|
TeamID string `json:"team_id"`
|
|
IssuerID string `json:"issuer_id"`
|
|
TargetIDs []string `json:"target_ids"`
|
|
RenewalPolicyID string `json:"renewal_policy_id"`
|
|
Status CertificateStatus `json:"status"`
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
Tags map[string]string `json:"tags"`
|
|
LastRenewalAt *time.Time `json:"last_renewal_at,omitempty"`
|
|
LastDeploymentAt *time.Time `json:"last_deployment_at,omitempty"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
// CertificateVersion represents a specific version of a certificate.
|
|
type CertificateVersion struct {
|
|
ID string `json:"id"`
|
|
CertificateID string `json:"certificate_id"`
|
|
SerialNumber string `json:"serial_number"`
|
|
NotBefore time.Time `json:"not_before"`
|
|
NotAfter time.Time `json:"not_after"`
|
|
FingerprintSHA256 string `json:"fingerprint_sha256"`
|
|
PEMChain string `json:"pem_chain"`
|
|
CSRPEM string `json:"csr_pem"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
}
|
|
|
|
// CertificateStatus represents the lifecycle status of a managed certificate.
|
|
type CertificateStatus string
|
|
|
|
const (
|
|
CertificateStatusPending CertificateStatus = "Pending"
|
|
CertificateStatusActive CertificateStatus = "Active"
|
|
CertificateStatusExpiring CertificateStatus = "Expiring"
|
|
CertificateStatusExpired CertificateStatus = "Expired"
|
|
CertificateStatusRenewalInProgress CertificateStatus = "RenewalInProgress"
|
|
CertificateStatusFailed CertificateStatus = "Failed"
|
|
CertificateStatusRevoked CertificateStatus = "Revoked"
|
|
CertificateStatusArchived CertificateStatus = "Archived"
|
|
)
|
|
|
|
// RenewalPolicy defines renewal parameters for a managed certificate.
|
|
type RenewalPolicy struct {
|
|
ID string `json:"id"`
|
|
Name string `json:"name"`
|
|
RenewalWindowDays int `json:"renewal_window_days"`
|
|
AutoRenew bool `json:"auto_renew"`
|
|
MaxRetries int `json:"max_retries"`
|
|
RetryInterval int `json:"retry_interval_seconds"`
|
|
AlertThresholdsDays []int `json:"alert_thresholds_days"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
// DefaultAlertThresholds returns the standard alert thresholds when none are configured.
|
|
func DefaultAlertThresholds() []int {
|
|
return []int{30, 14, 7, 0}
|
|
}
|
|
|
|
// EffectiveAlertThresholds returns the configured thresholds or defaults if empty.
|
|
func (p *RenewalPolicy) EffectiveAlertThresholds() []int {
|
|
if len(p.AlertThresholdsDays) > 0 {
|
|
return p.AlertThresholdsDays
|
|
}
|
|
return DefaultAlertThresholds()
|
|
}
|