mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 22:21:30 +00:00
Shankar
17a3e4a4b1
- Add alert_thresholds_days JSONB column to renewal_policies (default [30,14,7,0]) - Add RenewalPolicy.AlertThresholdsDays field + EffectiveAlertThresholds() helper - Add RenewalPolicyRepository interface + postgres implementation - Rewrite CheckExpiringCertificates with per-policy threshold alerting - Add SendThresholdAlert + HasThresholdNotification for deduplication via [threshold:N] tags - Add Type and MessageLike filters to NotificationFilter + postgres query support - Auto-transition certs to Expiring (>0 days) or Expired (<=0 days) status - Record expiration_alert_sent audit events per threshold crossing - Fix .gitignore: allow SQL migration files, scope server/agent build artifact rules - Track previously untracked cmd/ and migrations/ directories - Update docs (README, architecture, demo-advanced) for threshold alerting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
54 lines
1.3 KiB
SQL
54 lines
1.3 KiB
SQL
-- Seed data for certificate control plane
|
|
|
|
-- Default renewal policy
|
|
INSERT INTO renewal_policies (id, name, renewal_window_days, auto_renew, max_retries, retry_interval_minutes, alert_thresholds_days)
|
|
VALUES (
|
|
'rp-default',
|
|
'default',
|
|
30,
|
|
true,
|
|
3,
|
|
60,
|
|
'[30, 14, 7, 0]'::jsonb
|
|
) ON CONFLICT (id) DO NOTHING;
|
|
|
|
-- Policy rules: Require owner assignment
|
|
INSERT INTO policy_rules (id, name, type, config, enabled)
|
|
VALUES (
|
|
'pr-require-owner',
|
|
'require-owner',
|
|
'ownership',
|
|
'{"requirement": "owner_id must be set"}'::jsonb,
|
|
true
|
|
) ON CONFLICT (id) DO NOTHING;
|
|
|
|
-- Policy rules: Allowed environments
|
|
INSERT INTO policy_rules (id, name, type, config, enabled)
|
|
VALUES (
|
|
'pr-allowed-environments',
|
|
'allowed-environments',
|
|
'environment',
|
|
'{"allowed": ["production", "staging", "development"]}'::jsonb,
|
|
true
|
|
) ON CONFLICT (id) DO NOTHING;
|
|
|
|
-- Policy rules: Maximum certificate lifetime
|
|
INSERT INTO policy_rules (id, name, type, config, enabled)
|
|
VALUES (
|
|
'pr-max-certificate-lifetime',
|
|
'max-certificate-lifetime',
|
|
'lifetime',
|
|
'{"max_days": 90}'::jsonb,
|
|
true
|
|
) ON CONFLICT (id) DO NOTHING;
|
|
|
|
-- Policy rules: Minimum renewal window
|
|
INSERT INTO policy_rules (id, name, type, config, enabled)
|
|
VALUES (
|
|
'pr-min-renewal-window',
|
|
'min-renewal-window',
|
|
'renewal_window',
|
|
'{"min_days": 14}'::jsonb,
|
|
true
|
|
) ON CONFLICT (id) DO NOTHING;
|