Documentation
¶
Overview ¶
Package app holds the dependency-injection container shared by all commands. It is intentionally thin: holders of long-lived collaborators (config, output, credentials, plane clients), no business logic.
Index ¶
- func GlobalKV[T any](a *App, namespace string) (*storage.KV[T], error)
- func ProfileKV[T any](a *App, namespace string) (*storage.KV[T], error)
- type App
- func (a *App) APIKeyResolver() (cloud.CredentialResolver, error)
- func (a *App) Close()
- func (a *App) ControlPlane() (*cloud.Client, error)
- func (a *App) CredentialStore() (cloud.CredentialStore, error)
- func (a *App) DataPlane() (*cloud.Client, error)
- func (a *App) KeychainOptions() []cloud.KeychainOption
- func (a *App) Profile() string
- func (a *App) SetInsecureKeychainFallback(enabled bool)
- func (a *App) SetProfile(flagValue string)
- func (a *App) Storage() (storage.Storage, error)
- func (a *App) TokenResolver() (cloud.CredentialResolver, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ProfileKV ¶
ProfileKV returns a typed KV store scoped to the active profile. Free function because Go does not allow type parameters on methods.
The active profile is captured at call time via a.Profile(). Cobra's PersistentPreRunE resolves the profile before any RunE fires and commands run single-threaded, so the captured value is stable for the duration of the call. Callers that hold the returned KV across a profile change must re-construct after.
Types ¶
type App ¶
type App struct {
Config *config.Config
Output *tui.Printer
// contains filtered or unexported fields
}
App is constructed once in main(). Output and profile are populated by the root command's PersistentPreRunE before any leaf RunE fires.
func (*App) APIKeyResolver ¶
func (a *App) APIKeyResolver() (cloud.CredentialResolver, error)
APIKeyResolver returns the API-key credential resolver for the active profile. Initialised lazily. Env vars (SAFEDEP_API_KEY + SAFEDEP_TENANT_ID) win over the keychain, matching the convention shared with vet/pmg: CI/headless environments stay self-contained without needing an explicit `auth login`.
A keychain construction failure (e.g. headless Linux with no DBus) is non-fatal here: we log it and fall back to an env-only chain so the documented headless/CI flow keeps working when the env vars are set. If neither env vars nor a keychain are usable, the error surfaces at Resolve time on the first DataPlane() call.
func (*App) Close ¶
func (a *App) Close()
Close releases resources held by lazily-initialised collaborators.
func (*App) ControlPlane ¶
ControlPlane returns the control plane client for the active profile. If the stored access token is expired it attempts a silent refresh via the refresh token before building the client. On refresh failure the user is directed to re-authenticate.
func (*App) CredentialStore ¶
func (a *App) CredentialStore() (cloud.CredentialStore, error)
CredentialStore returns the keychain-backed credential store, scoped to the active profile. Initialised lazily.
func (*App) DataPlane ¶
DataPlane returns the data plane client for the active profile, initialising it on first call. Returns a user-facing error when no credentials are available so commands can propagate it directly.
func (*App) KeychainOptions ¶
func (a *App) KeychainOptions() []cloud.KeychainOption
KeychainOptions returns the dry/cloud options the auth flows must use when constructing stores or resolvers themselves. The profile is scoped and the insecure file fallback is enabled when the user opted in via --insecure-keychain-fallback. The keychain app name is left at dry/cloud's DefaultAppName ("safedep") so credentials saved here are visible to vet, pmg, and any other SafeDep tool that shares the same default.
func (*App) SetInsecureKeychainFallback ¶
SetInsecureKeychainFallback toggles the plaintext-file fallback for the keychain. Called by the root PersistentPreRunE with the value of --insecure-keychain-fallback. Must be set before the first credential store or resolver is constructed; flipping it later has no effect on already-cached collaborators.
func (*App) SetProfile ¶
SetProfile records the active credential profile. Called by the root PersistentPreRunE with the value of --profile (which may be empty). Resolution order: flag, then env, then built-in default.
func (*App) Storage ¶
Storage returns the lazy-initialised CLI storage layer. Open uses a process-scoped context for migration work; per-call operations should pass the cobra command's context to the primitive methods.
func (*App) TokenResolver ¶
func (a *App) TokenResolver() (cloud.CredentialResolver, error)
TokenResolver returns the OAuth-token credential resolver for the active profile. Initialised lazily.