service

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateFingerprint 

func GenerateFingerprint(req RotationRequest) string

GenerateFingerprint creates a unique identifier for a rotation request

Types

type CredentialInfo 

type CredentialInfo struct {
	ID        string
	Version   string
	Status    string // "active", "deprecated", "revoked"
	CreatedAt time.Time
	ExpiresAt *time.Time
	LastUsed  *time.Time
	Metadata  map[string]string
}

CredentialInfo describes a credential without exposing its value

type CredentialNotFoundError 

type CredentialNotFoundError struct {
	ServiceRef ServiceRef
}

func (CredentialNotFoundError) Error 

func (e CredentialNotFoundError) Error() string

type ExecutedStep 

type ExecutedStep struct {
	Step        RotationStep
	Status      string // "success", "failed", "skipped"
	StartedAt   time.Time
	CompletedAt time.Time
	Output      string
	Error       string
}

ExecutedStep tracks the execution of a single rotation step

type RotationNotSupportedError 

type RotationNotSupportedError struct {
	ServiceRef ServiceRef
	Strategy   string
	Reason     string
}

func (RotationNotSupportedError) Error 

func (e RotationNotSupportedError) Error() string

type RotationPlan 

type RotationPlan struct {
	ServiceRef    ServiceRef
	Strategy      string
	Steps         []RotationStep
	EstimatedTime time.Duration
	Fingerprint   string // Unique identifier for this plan
	CreatedAt     time.Time
	Metadata      map[string]string
}

RotationPlan describes what will happen during rotation

type RotationRequest 

type RotationRequest struct {
	ServiceRef ServiceRef
	Strategy   string            // Rotation strategy (e.g., "two-key", "immediate")
	Policy     string            // Rotation policy name
	NewValue   []byte            // New credential value (if provided)
	Metadata   map[string]string // Additional metadata
	DryRun     bool              // Plan only, don't execute
}

RotationRequest contains all information needed to plan a rotation

type RotationResult 

type RotationResult struct {
	ServiceRef    ServiceRef
	Plan          RotationPlan
	Status        string // "success", "failed", "partial"
	OldCredential CredentialInfo
	NewCredential CredentialInfo
	ExecutedSteps []ExecutedStep
	StartedAt     time.Time
	CompletedAt   time.Time
	Error         string
	Metadata      map[string]string
}

RotationResult contains the outcome of a rotation execution

type RotationStatus 

type RotationStatus struct {
	ServiceRef        ServiceRef
	CurrentCredential CredentialInfo
	LastRotation      *RotationResult
	NextRotation      *time.Time
	Status            string // "current", "needs_rotation", "rotation_in_progress"
	Warnings          []string
}

RotationStatus provides information about current rotation state

type RotationStep 

type RotationStep struct {
	Name        string
	Description string
	Action      string // "create", "verify", "promote", "deprecate", "delete"
	Target      string // What is being acted upon
	Options     map[string]string
}

RotationStep represents a single action in the rotation process

type Service 

type Service interface {
	// Name returns the service's name
	Name() string

	// Plan creates a rotation plan for the specified credential
	Plan(ctx context.Context, req RotationRequest) (RotationPlan, error)

	// Execute performs the rotation according to the plan (idempotent by fingerprint)
	Execute(ctx context.Context, plan RotationPlan) (RotationResult, error)

	// Verify checks that the rotation was successful and the new credential works
	Verify(ctx context.Context, result RotationResult) error

	// Rollback attempts to undo a rotation if something went wrong
	Rollback(ctx context.Context, result RotationResult) error

	// GetStatus returns the current rotation status for a credential
	GetStatus(ctx context.Context, ref ServiceRef) (RotationStatus, error)

	// Capabilities returns the service's rotation capabilities
	Capabilities() ServiceCapabilities

	// Validate checks if the service is properly configured and reachable
	Validate(ctx context.Context) error
}

Service defines the interface for external systems that have credentials to be rotated This represents the rotation target functionality split from the original Provider interface

type ServiceCapabilities 

type ServiceCapabilities struct {
	SupportedStrategies  []string          // Strategies this service can use
	MaxActiveKeys        int               // Maximum concurrent credentials (0 = unlimited)
	SupportsExpiration   bool              // Can set expiration dates
	SupportsVersioning   bool              // Maintains credential versions
	SupportsRevocation   bool              // Can revoke old credentials
	SupportsVerification bool              // Can verify credential functionality
	MinRotationInterval  time.Duration     // Minimum time between rotations
	Constraints          map[string]string // Format, length, character constraints
}

ServiceCapabilities describes what rotation operations a service supports

type ServiceNotFoundError 

type ServiceNotFoundError struct {
	ServiceRef ServiceRef
}

Error types for service operations

func (ServiceNotFoundError) Error 

func (e ServiceNotFoundError) Error() string

type ServiceRef 

type ServiceRef struct {
	Type      string            // Service type (e.g., "github", "postgres", "stripe")
	Instance  string            // Service instance ID (e.g., "acme-org", "prod-db")
	Kind      string            // Credential kind (e.g., "pat", "password", "api-key")
	Principal string            // Identity the credential belongs to (e.g., "ci-bot")
	Options   map[string]string // Additional options for the service
}

ServiceRef identifies a credential within a service using the new reference format

func ParseServiceRef 

func ParseServiceRef(uri string) (ServiceRef, error)

ParseServiceRef parses a svc:// URI into a ServiceRef Format: svc://type/instance?kind=credential&principal=identity&option=value

func (ServiceRef) IsValid 

func (ref ServiceRef) IsValid() bool

IsValid checks if a ServiceRef has required fields

func (ServiceRef) String 

func (ref ServiceRef) String() string

String converts a ServiceRef to URI format

type VerificationError 

type VerificationError struct {
	ServiceRef ServiceRef
	Message    string
}

func (VerificationError) Error 

func (e VerificationError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.