mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 13:41:30 +00:00
shankar0123
5d5bd02f3e
Continuing Phase 9 ARCH-M2 closure. Sprint 1 (commit 45ddcb75)
extracted NotifierConfig as the smallest-possible pattern
demonstration. This sprint extracts a larger, equally clean family:
the three ACME-related config types.
What moved
==========
internal/config/acme.go (new, 262 lines including BSL header +
Phase 9 doc-comment + `import "time"` +
the three structs verbatim)
- ACMEConfig (68 lines, the consumer/issuer side:
we talk UP to Let's Encrypt / pebble)
- ACMEServerConfig (119 lines, the server side: we ARE
the ACME server, RFC 8555 + RFC 9773)
- ACMEServerDirectoryMeta (20 lines, the directory `meta` block)
These types form a single logical concern (everything ACME) and
were already adjacent in config.go (lines 587-812 pre-split). The
internal cross-reference is local: ACMEServerConfig.DirectoryMeta is
typed as ACMEServerDirectoryMeta. Both still live in package
`config`, so the field type continues to resolve without an import.
Why this sprint specifically
============================
- Clean boundary: zero helper-function dependencies on Load(). Each
field is read directly in Load() via getEnv*() helpers; those
helpers stay in config.go. The struct definitions are pure
data-shape and move cleanly.
- High-LOC win: 227 lines deleted from config.go in one cut. After
Sprint 1 (-68) + Sprint 2 (-227 from this commit) the file dropped
from 3403 to 3108 LOC — already ~9% smaller than its pre-Phase-9
size with two clean PRs.
- Mirrors the Phase 4 + Phase 6 prior art: ACME-related code already
has its own subpackages (internal/api/handler/acme.go,
internal/connector/issuer/acme/, internal/api/acme/) so a config
sibling keeps the convention consistent.
What stayed in config.go
=========================
- `ErrACMEInsecureWithoutAck` sentinel (lines 35-46) — still needed by
Load()'s validation pass, lives in the config.go top-of-file
sentinel block alongside `ErrAgentBootstrapTokenRequired` and
`ErrDemoModeAckExpired`. These three sentinels are tied to
Validate()'s behavior, not to the ACME config struct itself.
- All the `getEnv*()` helpers that ACME fields use to load — they're
shared across every config struct.
- The Config{}.ACME and Config{}.ACMEServer field declarations on
the master Config type — those are part of the Config struct
surface and stay until the Config split (Sprint 6 or later).
Public-surface invariant
========================
Every type, field, and doc-comment is byte-identical to pre-split.
Package stays `config`. Every caller's `config.ACMEConfig` /
`config.ACMEServerConfig` / `config.ACMEServerDirectoryMeta` import
path is preserved without modification.
Verification:
gofmt -l internal/config/ → clean
go build ./internal/config/... → clean
go test ./internal/config/... -count=1 → ok (0.68s)
staticcheck ./internal/config/... → clean
git diff --stat HEAD → -227 lines from config.go
grep -nE '^type ACME[A-Za-z]+ struct' internal/config/config.go
→ empty (none in config.go anymore)
grep -nE '^type ACME[A-Za-z]+ struct' internal/config/acme.go
→ 3 (ACMEConfig, ACMEServerConfig, ACMEServerDirectoryMeta)
LOC delta:
config.go: 3335 → 3108 (-227 lines)
acme.go: new, 262 lines (incl. 32-line Phase 9 doc-comment +
BSL header + package decl + import)
Phase 9 progress: 2 of 12 sub-splits shipped.
Next queued (Sprint 3): SCEP family from config.go →
internal/config/scep.go (~330 LOC including helpers — SCEP has
several scattered helpers like loadSCEPProfilesFromEnv,
mergeSCEPLegacyIntoProfiles, validSCEPPathID that need to come
along; this is meaningfully more complex than the pure-data ACME
cut).
Pre-commit verification gate respected:
gofmt -l → clean
go vet (implicit via go test) → clean
go test ./internal/config/... → ok
staticcheck ./internal/config/... → clean
Closes: cowork/certctl-architecture-diligence-audit.html#fix-ARCH-M2
(partial — 2 of 12 — full ARCH-M2 closure is the aggregate)