gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 15:01:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a10989f5eb93430cd4f1d09affd8a60e9be897a7
certctl/POSTGRES_IMPLEMENTATION.md
T
shankar0123 3a9fe8ba37 Complete V1 scaffold
2026-03-14 20:01:53 -04:00

6.7 KiB
Raw Blame History

PostgreSQL Repository Implementation

Overview

Complete PostgreSQL implementation for the certctl certificate control plane using database/sql and lib/pq driver. All 71 interface methods across 11 repositories have been implemented.

File Structure

internal/repository/postgres/
├── db.go               # Database connection and migration setup
├── certificate.go      # CertificateRepository (8 methods)
├── issuer.go          # IssuerRepository (5 methods)
├── target.go          # TargetRepository (6 methods)
├── agent.go           # AgentRepository (7 methods)
├── job.go             # JobRepository (9 methods)
├── policy.go          # PolicyRepository (7 methods)
├── audit.go           # AuditRepository (2 methods)
├── notification.go    # NotificationRepository (3 methods)
├── team.go            # TeamRepository (5 methods)
└── owner.go           # OwnerRepository (5 methods)

Key Implementation Details

Database Connection (db.go)

  • NewDB(connStr string) - Opens PostgreSQL connection with connection pooling

    • Max open connections: 25
    • Max idle connections: 5
    • Verifies connection with Ping()

  • RunMigrations(db, migrationsPath) - Executes SQL migration files

    • Reads all .sql files from migrations directory
    • Executes files in alphabetical order
    • Simple approach without external migration library

Data Patterns Used

  1. UUID Generation: Using github.com/google/uuid for ID generation
  2. Parameterized Queries: All queries use $1, $2, etc. parameter placeholders
  3. Context Propagation: All database operations use *Context variants
  4. Nullable Types:
    • sql.NullTime for optional timestamps
    • sql.NullString for optional strings
  5. JSON Handling:
    • json.Marshal/Unmarshal for JSONB columns
    • Config fields stored as json.RawMessage
  6. Array Handling:
    • pq.Array() for storing Go slices in PostgreSQL arrays
    • pq.StringArray for scanning string arrays
  7. RETURNING Clauses: Used in CREATE operations to retrieve generated IDs

Error Handling

  • All errors wrapped with fmt.Errorf for context
  • Specific error messages for not found cases
  • Row count verification for UPDATE/DELETE operations

Repository Implementations

CertificateRepository (8 methods)

  • Manages certificate lifecycle with filtering by status, environment, owner, team, issuer
  • Pagination support (default 50, max 500 per page)
  • Certificate versioning with history tracking
  • Expiration tracking and notifications
  • Tags stored as JSON

IssuerRepository (5 methods)

  • Manages certificate authorities (ACME, GenericCA)
  • Configuration stored as JSON for flexibility
  • Enable/disable issuers

TargetRepository (6 methods)

  • Manages deployment targets (NGINX, F5, IIS)
  • Lists targets associated with certificates via join table
  • Configuration stored as JSON

AgentRepository (7 methods)

  • Manages control plane agents with status tracking
  • Heartbeat update functionality
  • API key hash lookup for authentication
  • Last heartbeat timestamp tracking

JobRepository (9 methods)

  • Manages renewal, deployment, issuance, and validation jobs
  • Status tracking with error messages
  • Attempt counters for retry logic
  • Pending job retrieval by type
  • Filtering by status and certificate

PolicyRepository (7 methods)

  • Policy rules with multiple enforcement types
  • Policy violation recording and querying
  • Configurable rules stored as JSON
  • Severity levels for violations (Warning, Error, Critical)

AuditRepository (2 methods)

  • Records all control plane actions
  • Filtering by actor, resource type, time range
  • Pagination support
  • Details stored as JSON

NotificationRepository (3 methods)

  • Notification event tracking
  • Multiple channels (Email, Webhook, Slack)
  • Delivery status tracking
  • Certificate-specific notification filtering

TeamRepository (5 methods)

  • Organizational unit management
  • Basic CRUD operations
  • Team descriptions for organization

OwnerRepository (5 methods)

  • Certificate owner management
  • Email field for notifications
  • Team affiliation tracking
  • Basic CRUD operations

Database Assumptions

The implementation expects the following table structures:

certificates

  • id, name, common_name, sans (array), environment, owner_id, team_id, issuer_id
  • status, expires_at, tags (json), last_renewal_at, last_deployment_at
  • created_at, updated_at

certificate_versions

  • id, certificate_id, serial_number, not_before, not_after
  • fingerprint_sha256, pem_chain, csr_pem, created_at

certificate_target_mappings (join table)

  • certificate_id, target_id

issuers

  • id, name, type, config (json), enabled, created_at, updated_at

deployment_targets

  • id, name, type, agent_id, config (json), enabled, created_at, updated_at

agents

  • id, name, hostname, status, last_heartbeat_at, registered_at, api_key_hash

jobs

  • id, type, certificate_id, target_id, status, attempts, max_attempts
  • last_error, scheduled_at, started_at, completed_at, created_at

policy_rules

  • id, name, type, config (json), enabled, created_at, updated_at

policy_violations

  • id, certificate_id, rule_id, message, severity, created_at

audit_events

  • id, actor, actor_type, action, resource_type, resource_id, details (json), timestamp

notifications

  • id, type, certificate_id, channel, recipient, message, sent_at, status, error, created_at

teams

  • id, name, description, created_at, updated_at

owners

  • id, name, email, team_id, created_at, updated_at

Integration Points

Constructor functions for each repository:

NewCertificateRepository(db *sql.DB) *CertificateRepository
NewIssuerRepository(db *sql.DB) *IssuerRepository
NewTargetRepository(db *sql.DB) *TargetRepository
NewAgentRepository(db *sql.DB) *AgentRepository
NewJobRepository(db *sql.DB) *JobRepository
NewPolicyRepository(db *sql.DB) *PolicyRepository
NewAuditRepository(db *sql.DB) *AuditRepository
NewNotificationRepository(db *sql.DB) *NotificationRepository
NewTeamRepository(db *sql.DB) *TeamRepository
NewOwnerRepository(db *sql.DB) *OwnerRepository

Dependencies

  • database/sql (stdlib)
  • github.com/lib/pq v1.10.9
  • github.com/google/uuid v1.6.0

Notes

  1. All list operations support pagination with configurable page size (default 50, max 500)
  2. Filtering is dynamic - only conditions with non-empty values are added to WHERE clause
  3. Timestamps use time.Time for CreatedAt/UpdatedAt with automatic Now() on updates
  4. Array fields use pq.Array() for proper PostgreSQL array handling
  5. Nullable fields use sql.Null* types for proper NULL handling
  6. All operations are context-aware and respect cancellation signals
  7. Error messages are descriptive and wrapped for debugging
Reference in New Issue View Git Blame Copy Permalink