app

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 28, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package app holds the dependency-injection container shared by all commands. It is intentionally thin: holders of long-lived collaborators (config, output, credentials, plane clients), no business logic.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GlobalKV

func GlobalKV[T any](a *App, namespace string) (*storage.KV[T], error)

GlobalKV returns a typed KV store in the global (profile-independent) scope.

func ProfileKV

func ProfileKV[T any](a *App, namespace string) (*storage.KV[T], error)

ProfileKV returns a typed KV store scoped to the active profile. Free function because Go does not allow type parameters on methods.

The active profile is captured at call time via a.Profile(). Cobra's PersistentPreRunE resolves the profile before any RunE fires and commands run single-threaded, so the captured value is stable for the duration of the call. Callers that hold the returned KV across a profile change must re-construct after.

Types

type App

type App struct {
	Config *config.Config
	Output *tui.Printer
	// contains filtered or unexported fields
}

App is constructed once in main(). Output and profile are populated by the root command's PersistentPreRunE before any leaf RunE fires.

func New

func New(cfg *config.Config) *App

func (*App) APIKeyResolver

func (a *App) APIKeyResolver() (cloud.CredentialResolver, error)

APIKeyResolver returns the API-key credential resolver for the active profile. Initialised lazily. Env vars (SAFEDEP_API_KEY + SAFEDEP_TENANT_ID) win over the keychain, matching the convention shared with vet/pmg: CI/headless environments stay self-contained without needing an explicit `auth login`.

A keychain construction failure (e.g. headless Linux with no DBus) is non-fatal here: we log it and fall back to an env-only chain so the documented headless/CI flow keeps working when the env vars are set. If neither env vars nor a keychain are usable, the error surfaces at Resolve time on the first DataPlane() call.

func (*App) Close

func (a *App) Close()

Close releases resources held by lazily-initialised collaborators.

func (*App) ControlPlane

func (a *App) ControlPlane() (*cloud.Client, error)

ControlPlane returns the control plane client for the active profile. If the stored access token is expired it attempts a silent refresh via the refresh token before building the client. On refresh failure the user is directed to re-authenticate.

func (*App) CredentialStore

func (a *App) CredentialStore() (cloud.CredentialStore, error)

CredentialStore returns the keychain-backed credential store, scoped to the active profile. Initialised lazily.

func (*App) DataPlane

func (a *App) DataPlane() (*cloud.Client, error)

DataPlane returns the data plane client for the active profile, initialising it on first call. Returns a user-facing error when no credentials are available so commands can propagate it directly.

func (*App) KeychainOptions

func (a *App) KeychainOptions() []cloud.KeychainOption

KeychainOptions returns the dry/cloud options the auth flows must use when constructing stores or resolvers themselves. The profile is scoped and the insecure file fallback is enabled when the user opted in via --insecure-keychain-fallback. The keychain app name is left at dry/cloud's DefaultAppName ("safedep") so credentials saved here are visible to vet, pmg, and any other SafeDep tool that shares the same default.

func (*App) Profile

func (a *App) Profile() string

Profile returns the active credential profile name.

func (*App) SetInsecureKeychainFallback

func (a *App) SetInsecureKeychainFallback(enabled bool)

SetInsecureKeychainFallback toggles the plaintext-file fallback for the keychain. Called by the root PersistentPreRunE with the value of --insecure-keychain-fallback. Must be set before the first credential store or resolver is constructed; flipping it later has no effect on already-cached collaborators.

func (*App) SetProfile

func (a *App) SetProfile(flagValue string)

SetProfile records the active credential profile. Called by the root PersistentPreRunE with the value of --profile (which may be empty). Resolution order: flag, then env, then built-in default.

func (*App) Storage

func (a *App) Storage() (storage.Storage, error)

Storage returns the lazy-initialised CLI storage layer. Open uses a process-scoped context for migration work; per-call operations should pass the cobra command's context to the primitive methods.

func (*App) TokenResolver

func (a *App) TokenResolver() (cloud.CredentialResolver, error)

TokenResolver returns the OAuth-token credential resolver for the active profile. Initialised lazily.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL