commands

package
v0.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2026 License: MIT Imports: 28 Imported by: 0

Documentation

Overview

Package commands contains CLI command implementations for the application.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CloseContainer added in v0.23.0 

func CloseContainer(container *app.Container, logger *slog.Logger)

CloseContainer closes all resources in the container and logs any errors.

func CloseMigrate added in v0.23.0 

func CloseMigrate(migrate *migrate.Migrate, logger *slog.Logger)

CloseMigrate closes the migration instance and logs any errors.

func ExecuteWithContainer added in v0.23.0 

func ExecuteWithContainer(
	ctx context.Context,
	fn func(ctx context.Context, container *app.Container) error,
) error

ExecuteWithContainer encapsulates the standard CLI command execution pattern: loading configuration, initializing the DI container, and ensuring graceful shutdown.

func ParseAlgorithm added in v0.23.0 

func ParseAlgorithm(algorithmStr string) (cryptoDomain.Algorithm, error)

ParseAlgorithm converts algorithm string to cryptoDomain.Algorithm type.

func ParseFormatType added in v0.23.0 

func ParseFormatType(formatType string) (tokenizationDomain.FormatType, error)

ParseFormatType converts format type string to tokenizationDomain.FormatType.

func RunCleanAuditLogs added in v0.2.0 

func RunCleanAuditLogs(
	ctx context.Context,
	auditLogUseCase authUseCase.AuditLogUseCase,
	logger *slog.Logger,
	writer io.Writer,
	days int,
	dryRun bool,
	format string,
) error

RunCleanAuditLogs deletes audit logs older than the specified number of days. Supports dry-run mode and multiple output formats.

func RunCleanExpiredTokens added in v0.4.0 

func RunCleanExpiredTokens(
	ctx context.Context,
	tokenizationUseCase tokenizationUseCase.TokenizationUseCase,
	logger *slog.Logger,
	writer io.Writer,
	days int,
	dryRun bool,
	format string,
) error

RunCleanExpiredTokens deletes expired tokens older than the specified number of days. Supports dry-run mode and multiple output formats.

func RunCreateClient 

func RunCreateClient(
	ctx context.Context,
	clientUseCase authUseCase.ClientUseCase,
	logger *slog.Logger,
	name string,
	isActive bool,
	policiesJSON string,
	format string,
	io IOTuple,
) error

RunCreateClient creates a new authentication client with policies. Supports both interactive mode (when policiesJSON is empty) and non-interactive mode (when policiesJSON is provided).

func RunCreateKek 

func RunCreateKek(
	ctx context.Context,
	kekUseCase cryptoUseCase.KekUseCase,
	masterKeyChain *cryptoDomain.MasterKeyChain,
	logger *slog.Logger,
	algorithmStr string,
) error

RunCreateKek creates a new Key Encryption Key (KEK) and encrypts it with the master key. The new KEK will be stored in the database and marked as active for its algorithm.

func RunCreateMasterKey 

func RunCreateMasterKey(
	ctx context.Context,
	kmsService cryptoDomain.KMSService,
	logger *slog.Logger,
	writer io.Writer,
	keyID string,
	kmsProvider string,
	kmsKeyURI string,
) error

RunCreateMasterKey generates a cryptographically secure 32-byte master key for envelope encryption. Creates the root key used to encrypt all KEKs. Key material is zeroed from memory after encoding. If keyID is empty, generates a default ID in format "master-key-YYYY-MM-DD".

KMS parameters (kmsProvider and kmsKeyURI) are required. The master key is encrypted with KMS before output. For local development, use kmsProvider="localsecrets" with kmsKeyURI="base64key://...".

Output format:

  • MASTER_KEYS="<keyID>:<base64-encoded-kms-ciphertext>"
  • KMS_PROVIDER="<provider>"
  • KMS_KEY_URI="<uri>"

Security: Never use localsecrets provider in production. Use cloud KMS providers (gcpkms, awskms, azurekeyvault).

func RunCreateTokenizationKey added in v0.4.0 

func RunCreateTokenizationKey(
	ctx context.Context,
	tokenizationKeyUseCase tokenizationUseCase.TokenizationKeyUseCase,
	logger *slog.Logger,
	name string,
	formatTypeStr string,
	isDeterministic bool,
	algorithmStr string,
) error

RunCreateTokenizationKey creates a new tokenization key with the specified parameters. Should be run during initial setup or when adding new tokenization formats.

func RunMigrations 

func RunMigrations(logger *slog.Logger, dbDriver, dbConnectionString string) error

RunMigrations executes database migrations based on the configured driver. Determines migration path from DBDriver (postgresql or mysql) and applies all pending migrations. Returns nil if no migrations to apply. Logs migration progress and success.

func RunRewrapDeks added in v0.12.0 

func RunRewrapDeks(
	ctx context.Context,
	masterKeyChain *cryptoDomain.MasterKeyChain,
	kekUseCase cryptoUseCase.KekUseCase,
	dekUseCase cryptoUseCase.DekUseCase,
	logger *slog.Logger,
	kekIDStr string,
	batchSize int,
) error

RunRewrapDeks finds all DEKs that are not encrypted with the specified KEK ID and re-encrypts them with the specified KEK in batches.

func RunRotateKek 

func RunRotateKek(
	ctx context.Context,
	kekUseCase cryptoUseCase.KekUseCase,
	masterKeyChain *cryptoDomain.MasterKeyChain,
	logger *slog.Logger,
	algorithmStr string,
) error

RunRotateKek rotates the Key Encryption Key (KEK) for a specific algorithm. Generates a new KEK version and marks it as active. Existing secrets encrypted with old KEKs remain valid until rewrapped.

func RunRotateMasterKey added in v0.6.0 

func RunRotateMasterKey(
	ctx context.Context,
	kmsService cryptoDomain.KMSService,
	logger *slog.Logger,
	writer io.Writer,
	keyID, kmsProvider, kmsKeyURI, existingMasterKeys, existingActiveKeyID string,
) error

func RunRotateTokenizationKey added in v0.4.0 

func RunRotateTokenizationKey(
	ctx context.Context,
	tokenizationKeyUseCase tokenizationUseCase.TokenizationKeyUseCase,
	logger *slog.Logger,
	name string,
	formatTypeStr string,
	isDeterministic bool,
	algorithmStr string,
) error

RunRotateTokenizationKey rotates an existing tokenization key to a new version. Updates format and deterministic settings. Existing tokens remain valid until rotated.

func RunServer 

func RunServer(ctx context.Context, version string) error

RunServer starts the HTTP server with graceful shutdown support. Loads configuration, initializes the DI container, and starts the Gin HTTP server. Blocks until receiving SIGINT/SIGTERM or encountering a fatal error. On shutdown signal, gracefully stops the server within DBConnMaxLifetime timeout.

func RunUpdateClient 

func RunUpdateClient(
	ctx context.Context,
	clientUseCase authUseCase.ClientUseCase,
	logger *slog.Logger,
	io IOTuple,
	clientIDStr string,
	name string,
	isActive bool,
	policiesJSON string,
	format string,
) error

RunUpdateClient updates an existing authentication client's configuration. Supports both interactive mode (when policiesJSON is empty) and non-interactive mode (when policiesJSON is provided).

func RunVerifyAuditLogs added in v0.9.0 

func RunVerifyAuditLogs(
	ctx context.Context,
	auditLogUseCase authUseCase.AuditLogUseCase,
	logger *slog.Logger,
	writer io.Writer,
	startDateStr, endDateStr string,
	format string,
) error

RunVerifyAuditLogs verifies cryptographic integrity of audit logs within a time range.

func WriteOutput added in v0.23.0 

func WriteOutput(writer io.Writer, format string, data Formatter)

WriteOutput writes the formatted data to the provided writer based on the specified format.

Types

type CleanAuditLogsResult added in v0.23.0 

type CleanAuditLogsResult struct {
	Count  int64 `json:"count"`
	Days   int   `json:"days"`
	DryRun bool  `json:"dry_run"`
}

CleanAuditLogsResult holds the result of the audit log cleanup operation.

func (*CleanAuditLogsResult) ToJSON added in v0.23.0 

func (r *CleanAuditLogsResult) ToJSON() string

ToJSON returns a JSON representation of the cleanup result.

func (*CleanAuditLogsResult) ToText added in v0.23.0 

func (r *CleanAuditLogsResult) ToText() string

ToText returns a human-readable representation of the cleanup result.

type CleanExpiredTokensResult added in v0.23.0 

type CleanExpiredTokensResult struct {
	Count  int64 `json:"count"`
	Days   int   `json:"days"`
	DryRun bool  `json:"dry_run"`
}

CleanExpiredTokensResult holds the result of the expired token cleanup operation.

func (*CleanExpiredTokensResult) ToJSON added in v0.23.0 

func (r *CleanExpiredTokensResult) ToJSON() string

ToJSON returns a JSON representation of the cleanup result.

func (*CleanExpiredTokensResult) ToText added in v0.23.0 

func (r *CleanExpiredTokensResult) ToText() string

ToText returns a human-readable representation of the cleanup result.

type CreateClientResult added in v0.23.0 

type CreateClientResult struct {
	ID string `json:"client_id"`
	// #nosec G117
	PlainSecret string `json:"secret"`
}

CreateClientResult holds the result of the client creation operation.

func (*CreateClientResult) ToJSON added in v0.23.0 

func (r *CreateClientResult) ToJSON() string

ToJSON returns a JSON representation of the creation result.

func (*CreateClientResult) ToText added in v0.23.0 

func (r *CreateClientResult) ToText() string

ToText returns a human-readable representation of the creation result.

type Formatter added in v0.23.0 

type Formatter interface {
	ToText() string
	ToJSON() string
}

Formatter defines the interface for data that can be output in multiple formats.

type IOTuple added in v0.21.0 

type IOTuple struct {
	Reader io.Reader
	Writer io.Writer
}

IOTuple holds reader and writer for commands, allowing for testing.

func DefaultIO added in v0.21.0 

func DefaultIO() IOTuple

DefaultIO returns an IOTuple with os.Stdin and os.Stdout.

type UpdateClientResult added in v0.23.0 

type UpdateClientResult struct {
	ID       string `json:"client_id"`
	Name     string `json:"name"`
	IsActive bool   `json:"is_active"`
}

UpdateClientResult holds the result of the client update operation.

func (*UpdateClientResult) ToJSON added in v0.23.0 

func (r *UpdateClientResult) ToJSON() string

ToJSON returns a JSON representation of the update result.

func (*UpdateClientResult) ToText added in v0.23.0 

func (r *UpdateClientResult) ToText() string

ToText returns a human-readable representation of the update result.

type VerifyAuditLogsResult added in v0.23.0 

type VerifyAuditLogsResult struct {
	TotalChecked  int64     `json:"total_checked"`
	SignedCount   int64     `json:"signed_count"`
	UnsignedCount int64     `json:"unsigned_count"`
	ValidCount    int64     `json:"valid_count"`
	InvalidCount  int64     `json:"invalid_count"`
	InvalidLogs   []string  `json:"invalid_logs"`
	Passed        bool      `json:"passed"`
	StartDate     time.Time `json:"start_date"`
	EndDate       time.Time `json:"end_date"`
}

VerifyAuditLogsResult holds the result of the audit log verification operation.

func (*VerifyAuditLogsResult) ToJSON added in v0.23.0 

func (r *VerifyAuditLogsResult) ToJSON() string

ToJSON returns a JSON representation of the verification result.

func (*VerifyAuditLogsResult) ToText added in v0.23.0 

func (r *VerifyAuditLogsResult) ToText() string

ToText returns a human-readable representation of the verification result.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.