db

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2025 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

package db provides the data access layer for Keymaster. It abstracts the underlying database (e.g., SQLite, PostgreSQL) behind a consistent interface, allowing the rest of the application to interact with the database in a uniform way.

Package db contains shared database errors and helpers.

package db provides the data access layer for Keymaster. This file contains the MySQL implementation of the database store. Note: This implementation is considered experimental.

package db provides the data access layer for Keymaster. This file contains the PostgreSQL implementation of the database store. Note: This implementation is considered experimental.

package db provides the data access layer for Keymaster. This file contains the SQLite implementation of the database store.

Index

Constants

This section is empty.

Variables

View Source 
var ErrDuplicate = errors.New("duplicate record")

ErrDuplicate is returned when attempting to insert a record that already exists.

Functions

func AddAccount 

func AddAccount(username, hostname, label, tags string) (int, error)

AddAccount adds a new account to the database.

func AddAccountBun added in v1.5.0 

func AddAccountBun(bdb *bun.DB, username, hostname, label, tags string) (int, error)

AddAccountBun inserts a new account and returns its ID.

func AddKnownHostKey 

func AddKnownHostKey(hostname, key string) error

AddKnownHostKey adds a new trusted host key to the database.

func AddKnownHostKeyBun added in v1.5.0 

func AddKnownHostKeyBun(bdb *bun.DB, hostname, key string) error

func AddPublicKey 

func AddPublicKey(algorithm, keyData, comment string, isGlobal bool) error

AddPublicKey adds a new public key to the database.

func AddPublicKeyAndGetModel 

func AddPublicKeyAndGetModel(algorithm, keyData, comment string, isGlobal bool) (*model.PublicKey, error)

AddPublicKeyAndGetModel adds a public key to the database if it doesn't already exist (based on the comment) and returns the full key model. If a key with the same comment already exists, it returns (nil, nil) to indicate a duplicate without an error.

func AddPublicKeyAndGetModelBun added in v1.5.0 

func AddPublicKeyAndGetModelBun(bdb *bun.DB, algorithm, keyData, comment string, isGlobal bool) (*model.PublicKey, error)

AddPublicKeyAndGetModelBun inserts a public key if not exists and returns the model. Returns (nil, nil) when duplicate.

func AddPublicKeyBun added in v1.5.0 

func AddPublicKeyBun(bdb *bun.DB, algorithm, keyData, comment string, isGlobal bool) error

AddPublicKeyBun inserts a public key.

func AssignKeyToAccount 

func AssignKeyToAccount(keyID, accountID int) error

AssignKeyToAccount creates an association between a key and an account.

func AssignKeyToAccountBun added in v1.5.0 

func AssignKeyToAccountBun(bdb *bun.DB, keyID, accountID int) error

AssignKeyToAccountBun creates an association in account_keys.

func CreateSystemKey 

func CreateSystemKey(publicKey, privateKey string) (int, error)

CreateSystemKey adds a new system key to the database. It determines the correct serial automatically.

func CreateSystemKeyBun added in v1.5.0 

func CreateSystemKeyBun(bdb *bun.DB, publicKey, privateKey string) (int, error)

func DeleteAccount 

func DeleteAccount(id int) error

DeleteAccount removes an account from the database by its ID.

func DeleteAccountBun added in v1.5.0 

func DeleteAccountBun(bdb *bun.DB, id int) error

DeleteAccountBun removes an account by id.

func DeleteBootstrapSession added in v1.4.0 

func DeleteBootstrapSession(id string) error

DeleteBootstrapSession removes a bootstrap session from the database.

func DeleteBootstrapSessionBun added in v1.5.0 

func DeleteBootstrapSessionBun(bdb *bun.DB, id string) error

func DeletePublicKey 

func DeletePublicKey(id int) error

DeletePublicKey removes a public key and all its associations. The ON DELETE CASCADE constraint handles the associations in account_keys.

func DeletePublicKeyBun added in v1.5.0 

func DeletePublicKeyBun(bdb *bun.DB, id int) error

DeletePublicKeyBun deletes a public key by id.

func ExportDataForBackup added in v1.4.0 

func ExportDataForBackup() (*model.BackupData, error)

ExportDataForBackup retrieves all data from the database for a backup.

func ExportDataForBackupBun added in v1.5.0 

func ExportDataForBackupBun(bdb *bun.DB) (*model.BackupData, error)

ExportDataForBackupBun exports all tables' data into a model.BackupData using a Bun transaction.

func GetAccountByIDBun added in v1.5.0 

func GetAccountByIDBun(bdb *bun.DB, id int) (*model.Account, error)

--- Account update helpers ---

func GetAccountsForKey 

func GetAccountsForKey(keyID int) ([]model.Account, error)

GetAccountsForKey retrieves all accounts that have a specific public key assigned.

func GetAccountsForKeyBun added in v1.5.0 

func GetAccountsForKeyBun(bdb *bun.DB, keyID int) ([]model.Account, error)

GetAccountsForKeyBun returns accounts that have a given key assigned.

func GetActiveSystemKey 

func GetActiveSystemKey() (*model.SystemKey, error)

GetActiveSystemKey retrieves the currently active system key for deployments.

func GetActiveSystemKeyBun added in v1.5.0 

func GetActiveSystemKeyBun(bdb *bun.DB) (*model.SystemKey, error)

GetActiveSystemKeyBun returns the active system key using Bun for SQLite. This is a small, focused adapter used incrementally by the sqlite store.

func GetAllAccounts 

func GetAllAccounts() ([]model.Account, error)

GetAllAccounts retrieves all accounts from the database.

func GetAllAccountsBun added in v1.5.0 

func GetAllAccountsBun(bdb *bun.DB) ([]model.Account, error)

GetAllAccountsBun returns all accounts ordered by label, hostname, username.

func GetAllActiveAccounts 

func GetAllActiveAccounts() ([]model.Account, error)

GetAllActiveAccounts retrieves all active accounts from the database.

func GetAllActiveAccountsBun added in v1.5.0 

func GetAllActiveAccountsBun(bdb *bun.DB) ([]model.Account, error)

GetAllActiveAccountsBun returns all active accounts.

func GetAllAuditLogEntries 

func GetAllAuditLogEntries() ([]model.AuditLogEntry, error)

GetAllAuditLogEntries retrieves all entries from the audit log, most recent first.

func GetAllAuditLogEntriesBun added in v1.5.0 

func GetAllAuditLogEntriesBun(bdb *bun.DB) ([]model.AuditLogEntry, error)

GetAllAuditLogEntriesBun retrieves audit log entries ordered by timestamp desc.

func GetAllPublicKeys 

func GetAllPublicKeys() ([]model.PublicKey, error)

GetAllPublicKeys retrieves all public keys from the database.

func GetAllPublicKeysBun added in v1.5.0 

func GetAllPublicKeysBun(bdb *bun.DB) ([]model.PublicKey, error)

--- Public key helpers --- GetAllPublicKeysBun retrieves all public keys ordered by comment.

func GetBootstrapSession added in v1.4.0 

func GetBootstrapSession(id string) (*model.BootstrapSession, error)

GetBootstrapSession retrieves a bootstrap session by ID.

func GetBootstrapSessionBun added in v1.5.0 

func GetBootstrapSessionBun(bdb *bun.DB, id string) (*model.BootstrapSession, error)

func GetExpiredBootstrapSessions added in v1.4.0 

func GetExpiredBootstrapSessions() ([]*model.BootstrapSession, error)

GetExpiredBootstrapSessions returns all expired bootstrap sessions.

func GetExpiredBootstrapSessionsBun added in v1.5.0 

func GetExpiredBootstrapSessionsBun(bdb *bun.DB) ([]*model.BootstrapSession, error)

func GetGlobalPublicKeys 

func GetGlobalPublicKeys() ([]model.PublicKey, error)

GetGlobalPublicKeys retrieves all keys marked as global.

func GetGlobalPublicKeysBun added in v1.5.0 

func GetGlobalPublicKeysBun(bdb *bun.DB) ([]model.PublicKey, error)

GetGlobalPublicKeysBun returns public keys where is_global = 1.

func GetKeysForAccount 

func GetKeysForAccount(accountID int) ([]model.PublicKey, error)

GetKeysForAccount retrieves all public keys assigned to a specific account.

func GetKeysForAccountBun added in v1.5.0 

func GetKeysForAccountBun(bdb *bun.DB, accountID int) ([]model.PublicKey, error)

GetKeysForAccountBun returns public keys for a given account.

func GetKnownHostKey 

func GetKnownHostKey(hostname string) (string, error)

GetKnownHostKey retrieves the trusted public key for a given hostname.

func GetKnownHostKeyBun added in v1.5.0 

func GetKnownHostKeyBun(bdb *bun.DB, hostname string) (string, error)

--- Known hosts helpers ---

func GetOrphanedBootstrapSessions added in v1.4.0 

func GetOrphanedBootstrapSessions() ([]*model.BootstrapSession, error)

GetOrphanedBootstrapSessions returns all orphaned bootstrap sessions.

func GetOrphanedBootstrapSessionsBun added in v1.5.0 

func GetOrphanedBootstrapSessionsBun(bdb *bun.DB) ([]*model.BootstrapSession, error)

func GetPublicKeyByComment 

func GetPublicKeyByComment(comment string) (*model.PublicKey, error)

GetPublicKeyByComment retrieves a single public key by its unique comment.

func GetPublicKeyByCommentBun added in v1.5.0 

func GetPublicKeyByCommentBun(bdb *bun.DB, comment string) (*model.PublicKey, error)

GetPublicKeyByCommentBun retrieves a public key by comment.

func GetPublicKeyByIDBun added in v1.5.0 

func GetPublicKeyByIDBun(bdb *bun.DB, id int) (*model.PublicKey, error)

GetPublicKeyByIDBun retrieves a public key by its numeric ID.

func GetSystemKeyBySerial 

func GetSystemKeyBySerial(serial int) (*model.SystemKey, error)

GetSystemKeyBySerial retrieves a system key by its serial number.

func GetSystemKeyBySerialBun added in v1.5.0 

func GetSystemKeyBySerialBun(bdb *bun.DB, serial int) (*model.SystemKey, error)

--- System key helpers ---

func HasSystemKeys 

func HasSystemKeys() (bool, error)

HasSystemKeys checks if any system keys exist in the database.

func HasSystemKeysBun added in v1.5.0 

func HasSystemKeysBun(bdb *bun.DB) (bool, error)

func ImportDataFromBackup added in v1.4.0 

func ImportDataFromBackup(backup *model.BackupData) error

ImportDataFromBackup restores the database from a backup data structure.

func ImportDataFromBackupBun added in v1.5.0 

func ImportDataFromBackupBun(bdb *bun.DB, backup *model.BackupData) error

ImportDataFromBackupBun performs a full wipe-and-replace using a Bun transaction.

func InitDB 

func InitDB(dbType, dsn string) error

InitDB initializes the database connection based on the provided type and DSN. It sets the global `store` variable to the appropriate database implementation and runs any pending database migrations.

func IntegrateDataFromBackup added in v1.4.0 

func IntegrateDataFromBackup(backup *model.BackupData) error

IntegrateDataFromBackup restores the database from a backup data structure in a non-destructive way.

func IntegrateDataFromBackupBun added in v1.5.0 

func IntegrateDataFromBackupBun(bdb *bun.DB, backup *model.BackupData) error

IntegrateDataFromBackupBun performs a non-destructive restore using INSERT OR IGNORE semantics.

func IsInitialized added in v1.5.1 

func IsInitialized() bool

IsInitialized reports whether the package-level store has been set.

func LogAction 

func LogAction(action string, details string) error

LogAction records an audit trail event.

func LogActionBun added in v1.5.0 

func LogActionBun(bdb *bun.DB, action string, details string) error

LogActionBun inserts an audit log entry with the current OS user.

func MapDBError added in v1.5.1 

func MapDBError(err error) error

MapDBError inspects low-level driver errors and maps common constraint violations to package-level sentinel errors (like ErrDuplicate). This is a conservative, string-based mapping to avoid importing SQL driver packages into this package file.

func RotateSystemKey 

func RotateSystemKey(publicKey, privateKey string) (int, error)

RotateSystemKey deactivates all current system keys and adds a new one as active. This should be performed within a transaction to ensure atomicity.

func RotateSystemKeyBun added in v1.5.0 

func RotateSystemKeyBun(bdb *bun.DB, publicKey, privateKey string) (int, error)

RotateSystemKeyBun deactivates existing keys and inserts a new active key within a single transaction using Bun on SQLite.

func RunDBMaintenance added in v1.5.1 

func RunDBMaintenance(dbType, dsn string) error

RunDBMaintenance performs engine-specific maintenance tasks for the given database DSN. It is safe to call for SQLite/Postgres/MySQL. For SQLite this will run PRAGMA optimize, VACUUM and WAL checkpoint. For Postgres it runs VACUUM ANALYZE. For MySQL it runs OPTIMIZE TABLE for all tables.

func RunMigrations added in v1.4.0 

func RunMigrations(db *sql.DB, dbType string) error

RunMigrations applies the necessary database migrations for a given database connection.

func SaveBootstrapSession added in v1.4.0 

func SaveBootstrapSession(id, username, hostname, label, tags, tempPublicKey string, expiresAt time.Time, status string) error

SaveBootstrapSession saves a bootstrap session to the database.

func SaveBootstrapSessionBun added in v1.5.0 

func SaveBootstrapSessionBun(bdb *bun.DB, id, username, hostname, label, tags, tempPublicKey string, expiresAt time.Time, status string) error

--- Bootstrap session helpers ---

func ToggleAccountStatus 

func ToggleAccountStatus(id int) error

ToggleAccountStatus flips the active status of an account.

func ToggleAccountStatusBun added in v1.5.0 

func ToggleAccountStatusBun(bdb *bun.DB, id int) (bool, error)

func TogglePublicKeyGlobal 

func TogglePublicKeyGlobal(id int) error

TogglePublicKeyGlobal flips the 'is_global' status of a public key.

func TogglePublicKeyGlobalBun added in v1.5.0 

func TogglePublicKeyGlobalBun(bdb *bun.DB, id int) error

TogglePublicKeyGlobalBun flips is_global for a key by id.

func UnassignKeyFromAccount 

func UnassignKeyFromAccount(keyID, accountID int) error

UnassignKeyFromAccount removes an association between a key and an account.

func UnassignKeyFromAccountBun added in v1.5.0 

func UnassignKeyFromAccountBun(bdb *bun.DB, keyID, accountID int) error

UnassignKeyFromAccountBun removes an association from account_keys.

func UpdateAccountHostname added in v1.4.0 

func UpdateAccountHostname(id int, hostname string) error

UpdateAccountHostname updates the hostname for a given account.

func UpdateAccountHostnameBun added in v1.5.0 

func UpdateAccountHostnameBun(bdb *bun.DB, id int, hostname string) error

func UpdateAccountLabel 

func UpdateAccountLabel(id int, label string) error

UpdateAccountLabel updates the label for a given account.

func UpdateAccountLabelBun added in v1.5.0 

func UpdateAccountLabelBun(bdb *bun.DB, id int, label string) error

func UpdateAccountSerial 

func UpdateAccountSerial(id, serial int) error

UpdateAccountSerial sets the system key serial for a given account ID. This is typically called after a successful deployment.

func UpdateAccountSerialBun added in v1.5.0 

func UpdateAccountSerialBun(bdb *bun.DB, id, serial int) error

func UpdateAccountTags 

func UpdateAccountTags(id int, tags string) error

UpdateAccountTags updates the tags for a given account.

func UpdateAccountTagsBun added in v1.5.0 

func UpdateAccountTagsBun(bdb *bun.DB, id int, tags string) error

func UpdateBootstrapSessionStatus added in v1.4.0 

func UpdateBootstrapSessionStatus(id string, status string) error

UpdateBootstrapSessionStatus updates the status of a bootstrap session.

func UpdateBootstrapSessionStatusBun added in v1.5.0 

func UpdateBootstrapSessionStatusBun(bdb *bun.DB, id string, status string) error

Types

type AccountModel added in v1.5.0 

type AccountModel struct {
	bun.BaseModel `bun:"table:accounts"`
	ID            int            `bun:"id,pk,autoincrement"`
	Username      string         `bun:"username"`
	Hostname      string         `bun:"hostname"`
	Label         sql.NullString `bun:"label"`
	Tags          sql.NullString `bun:"tags"`
	Serial        int            `bun:"serial"`
	IsActive      bool           `bun:"is_active"`
}

AccountModel maps the `accounts` table for Bun queries.

type AuditLogModel added in v1.5.0 

type AuditLogModel struct {
	bun.BaseModel `bun:"table:audit_log"`
	ID            int    `bun:"id,pk,autoincrement"`
	Timestamp     string `bun:"timestamp"`
	Username      string `bun:"username"`
	Action        string `bun:"action"`
	Details       string `bun:"details"`
}

AuditLogModel maps the audit_log table.

type BootstrapSessionModel added in v1.5.0 

type BootstrapSessionModel struct {
	bun.BaseModel `bun:"table:bootstrap_sessions"`
	ID            string         `bun:"id,pk"`
	Username      string         `bun:"username"`
	Hostname      string         `bun:"hostname"`
	Label         sql.NullString `bun:"label"`
	Tags          sql.NullString `bun:"tags"`
	TempPublicKey string         `bun:"temp_public_key"`
	CreatedAt     time.Time      `bun:"created_at"`
	ExpiresAt     time.Time      `bun:"expires_at"`
	Status        string         `bun:"status"`
}

BootstrapSessionModel maps bootstrap_sessions for export/import.

type KnownHostModel added in v1.5.0 

type KnownHostModel struct {
	bun.BaseModel `bun:"table:known_hosts"`
	Hostname      string `bun:"hostname,pk"`
	Key           string `bun:"key"`
}

KnownHostModel maps known_hosts.

type MySQLStore 

type MySQLStore struct {
	// contains filtered or unexported fields
}

MySQLStore is the MySQL implementation of the Store interface.

func NewMySQLStore 

func NewMySQLStore(dataSourceName string) (*MySQLStore, error)

NewMySQLStore initializes the database connection and creates tables if they don't exist.

func (*MySQLStore) AddAccount 

func (s *MySQLStore) AddAccount(username, hostname, label, tags string) (int, error)

func (*MySQLStore) AddKnownHostKey 

func (s *MySQLStore) AddKnownHostKey(hostname, key string) error

func (*MySQLStore) AddPublicKey 

func (s *MySQLStore) AddPublicKey(algorithm, keyData, comment string, isGlobal bool) error

func (*MySQLStore) AddPublicKeyAndGetModel 

func (s *MySQLStore) AddPublicKeyAndGetModel(algorithm, keyData, comment string, isGlobal bool) (*model.PublicKey, error)

func (*MySQLStore) AssignKeyToAccount 

func (s *MySQLStore) AssignKeyToAccount(keyID, accountID int) error

func (*MySQLStore) CreateSystemKey 

func (s *MySQLStore) CreateSystemKey(publicKey, privateKey string) (int, error)

func (*MySQLStore) DeleteAccount 

func (s *MySQLStore) DeleteAccount(id int) error

func (*MySQLStore) DeleteBootstrapSession added in v1.4.0 

func (s *MySQLStore) DeleteBootstrapSession(id string) error

DeleteBootstrapSession removes a bootstrap session from the database.

func (*MySQLStore) DeletePublicKey 

func (s *MySQLStore) DeletePublicKey(id int) error

func (*MySQLStore) ExportDataForBackup added in v1.4.0 

func (s *MySQLStore) ExportDataForBackup() (*model.BackupData, error)

ExportDataForBackup retrieves all data from the database for a backup. It uses a transaction to ensure a consistent snapshot of the data.

func (*MySQLStore) GetAccountsForKey 

func (s *MySQLStore) GetAccountsForKey(keyID int) ([]model.Account, error)

func (*MySQLStore) GetActiveSystemKey 

func (s *MySQLStore) GetActiveSystemKey() (*model.SystemKey, error)

func (*MySQLStore) GetAllAccounts 

func (s *MySQLStore) GetAllAccounts() ([]model.Account, error)

func (*MySQLStore) GetAllActiveAccounts 

func (s *MySQLStore) GetAllActiveAccounts() ([]model.Account, error)

func (*MySQLStore) GetAllAuditLogEntries 

func (s *MySQLStore) GetAllAuditLogEntries() ([]model.AuditLogEntry, error)

func (*MySQLStore) GetAllPublicKeys 

func (s *MySQLStore) GetAllPublicKeys() ([]model.PublicKey, error)

func (*MySQLStore) GetBootstrapSession added in v1.4.0 

func (s *MySQLStore) GetBootstrapSession(id string) (*model.BootstrapSession, error)

GetBootstrapSession retrieves a bootstrap session by ID.

func (*MySQLStore) GetExpiredBootstrapSessions added in v1.4.0 

func (s *MySQLStore) GetExpiredBootstrapSessions() ([]*model.BootstrapSession, error)

GetExpiredBootstrapSessions returns all expired bootstrap sessions.

func (*MySQLStore) GetGlobalPublicKeys 

func (s *MySQLStore) GetGlobalPublicKeys() ([]model.PublicKey, error)

func (*MySQLStore) GetKeysForAccount 

func (s *MySQLStore) GetKeysForAccount(accountID int) ([]model.PublicKey, error)

func (*MySQLStore) GetKnownHostKey 

func (s *MySQLStore) GetKnownHostKey(hostname string) (string, error)

func (*MySQLStore) GetOrphanedBootstrapSessions added in v1.4.0 

func (s *MySQLStore) GetOrphanedBootstrapSessions() ([]*model.BootstrapSession, error)

GetOrphanedBootstrapSessions returns all orphaned bootstrap sessions.

func (*MySQLStore) GetPublicKeyByComment 

func (s *MySQLStore) GetPublicKeyByComment(comment string) (*model.PublicKey, error)

func (*MySQLStore) GetSystemKeyBySerial 

func (s *MySQLStore) GetSystemKeyBySerial(serial int) (*model.SystemKey, error)

func (*MySQLStore) HasSystemKeys 

func (s *MySQLStore) HasSystemKeys() (bool, error)

func (*MySQLStore) ImportDataFromBackup added in v1.4.0 

func (s *MySQLStore) ImportDataFromBackup(backup *model.BackupData) error

ImportDataFromBackup restores the database from a backup data structure. It performs a full wipe-and-replace within a single transaction to ensure atomicity.

func (*MySQLStore) IntegrateDataFromBackup added in v1.4.0 

func (s *MySQLStore) IntegrateDataFromBackup(backup *model.BackupData) error

IntegrateDataFromBackup restores data from a backup in a non-destructive way, skipping entries that already exist.

func (*MySQLStore) LogAction 

func (s *MySQLStore) LogAction(action string, details string) error

func (*MySQLStore) RotateSystemKey 

func (s *MySQLStore) RotateSystemKey(publicKey, privateKey string) (int, error)

func (*MySQLStore) SaveBootstrapSession added in v1.4.0 

func (s *MySQLStore) SaveBootstrapSession(id, username, hostname, label, tags, tempPublicKey string, expiresAt time.Time, status string) error

SaveBootstrapSession saves a bootstrap session to the database.

func (*MySQLStore) ToggleAccountStatus 

func (s *MySQLStore) ToggleAccountStatus(id int) error

func (*MySQLStore) TogglePublicKeyGlobal 

func (s *MySQLStore) TogglePublicKeyGlobal(id int) error

func (*MySQLStore) UnassignKeyFromAccount 

func (s *MySQLStore) UnassignKeyFromAccount(keyID, accountID int) error

func (*MySQLStore) UpdateAccountHostname added in v1.4.0 

func (s *MySQLStore) UpdateAccountHostname(id int, hostname string) error

func (*MySQLStore) UpdateAccountLabel 

func (s *MySQLStore) UpdateAccountLabel(id int, label string) error

func (*MySQLStore) UpdateAccountSerial 

func (s *MySQLStore) UpdateAccountSerial(id, serial int) error

func (*MySQLStore) UpdateAccountTags 

func (s *MySQLStore) UpdateAccountTags(id int, tags string) error

func (*MySQLStore) UpdateBootstrapSessionStatus added in v1.4.0 

func (s *MySQLStore) UpdateBootstrapSessionStatus(id string, status string) error

UpdateBootstrapSessionStatus updates the status of a bootstrap session.

type PostgresStore 

type PostgresStore struct {
	// contains filtered or unexported fields
}

PostgresStore is the PostgreSQL implementation of the Store interface.

func NewPostgresStore 

func NewPostgresStore(dataSourceName string) (*PostgresStore, error)

NewPostgresStore initializes the database connection and creates tables if they don't exist.

func (*PostgresStore) AddAccount 

func (s *PostgresStore) AddAccount(username, hostname, label, tags string) (int, error)

func (*PostgresStore) AddKnownHostKey 

func (s *PostgresStore) AddKnownHostKey(hostname, key string) error

func (*PostgresStore) AddPublicKey 

func (s *PostgresStore) AddPublicKey(algorithm, keyData, comment string, isGlobal bool) error

func (*PostgresStore) AddPublicKeyAndGetModel 

func (s *PostgresStore) AddPublicKeyAndGetModel(algorithm, keyData, comment string, isGlobal bool) (*model.PublicKey, error)

func (*PostgresStore) AssignKeyToAccount 

func (s *PostgresStore) AssignKeyToAccount(keyID, accountID int) error

func (*PostgresStore) CreateSystemKey 

func (s *PostgresStore) CreateSystemKey(publicKey, privateKey string) (int, error)

func (*PostgresStore) DeleteAccount 

func (s *PostgresStore) DeleteAccount(id int) error

func (*PostgresStore) DeleteBootstrapSession added in v1.4.0 

func (s *PostgresStore) DeleteBootstrapSession(id string) error

DeleteBootstrapSession removes a bootstrap session from the database.

func (*PostgresStore) DeletePublicKey 

func (s *PostgresStore) DeletePublicKey(id int) error

func (*PostgresStore) ExportDataForBackup added in v1.4.0 

func (s *PostgresStore) ExportDataForBackup() (*model.BackupData, error)

ExportDataForBackup retrieves all data from the database for a backup. It uses a transaction to ensure a consistent snapshot of the data.

func (*PostgresStore) GetAccountsForKey 

func (s *PostgresStore) GetAccountsForKey(keyID int) ([]model.Account, error)

func (*PostgresStore) GetActiveSystemKey 

func (s *PostgresStore) GetActiveSystemKey() (*model.SystemKey, error)

func (*PostgresStore) GetAllAccounts 

func (s *PostgresStore) GetAllAccounts() ([]model.Account, error)

func (*PostgresStore) GetAllActiveAccounts 

func (s *PostgresStore) GetAllActiveAccounts() ([]model.Account, error)

func (*PostgresStore) GetAllAuditLogEntries 

func (s *PostgresStore) GetAllAuditLogEntries() ([]model.AuditLogEntry, error)

func (*PostgresStore) GetAllPublicKeys 

func (s *PostgresStore) GetAllPublicKeys() ([]model.PublicKey, error)

func (*PostgresStore) GetBootstrapSession added in v1.4.0 

func (s *PostgresStore) GetBootstrapSession(id string) (*model.BootstrapSession, error)

GetBootstrapSession retrieves a bootstrap session by ID.

func (*PostgresStore) GetExpiredBootstrapSessions added in v1.4.0 

func (s *PostgresStore) GetExpiredBootstrapSessions() ([]*model.BootstrapSession, error)

GetExpiredBootstrapSessions returns all expired bootstrap sessions.

func (*PostgresStore) GetGlobalPublicKeys 

func (s *PostgresStore) GetGlobalPublicKeys() ([]model.PublicKey, error)

func (*PostgresStore) GetKeysForAccount 

func (s *PostgresStore) GetKeysForAccount(accountID int) ([]model.PublicKey, error)

func (*PostgresStore) GetKnownHostKey 

func (s *PostgresStore) GetKnownHostKey(hostname string) (string, error)

func (*PostgresStore) GetOrphanedBootstrapSessions added in v1.4.0 

func (s *PostgresStore) GetOrphanedBootstrapSessions() ([]*model.BootstrapSession, error)

GetOrphanedBootstrapSessions returns all orphaned bootstrap sessions.

func (*PostgresStore) GetPublicKeyByComment 

func (s *PostgresStore) GetPublicKeyByComment(comment string) (*model.PublicKey, error)

func (*PostgresStore) GetSystemKeyBySerial 

func (s *PostgresStore) GetSystemKeyBySerial(serial int) (*model.SystemKey, error)

func (*PostgresStore) HasSystemKeys 

func (s *PostgresStore) HasSystemKeys() (bool, error)

func (*PostgresStore) ImportDataFromBackup added in v1.4.0 

func (s *PostgresStore) ImportDataFromBackup(backup *model.BackupData) error

ImportDataFromBackup restores the database from a backup data structure. It performs a full wipe-and-replace within a single transaction to ensure atomicity.

func (*PostgresStore) IntegrateDataFromBackup added in v1.4.0 

func (s *PostgresStore) IntegrateDataFromBackup(backup *model.BackupData) error

IntegrateDataFromBackup restores data from a backup in a non-destructive way, skipping entries that already exist.

func (*PostgresStore) LogAction 

func (s *PostgresStore) LogAction(action string, details string) error

func (*PostgresStore) RotateSystemKey 

func (s *PostgresStore) RotateSystemKey(publicKey, privateKey string) (int, error)

func (*PostgresStore) SaveBootstrapSession added in v1.4.0 

func (s *PostgresStore) SaveBootstrapSession(id, username, hostname, label, tags, tempPublicKey string, expiresAt time.Time, status string) error

SaveBootstrapSession saves a bootstrap session to the database.

func (*PostgresStore) ToggleAccountStatus 

func (s *PostgresStore) ToggleAccountStatus(id int) error

func (*PostgresStore) TogglePublicKeyGlobal 

func (s *PostgresStore) TogglePublicKeyGlobal(id int) error

func (*PostgresStore) UnassignKeyFromAccount 

func (s *PostgresStore) UnassignKeyFromAccount(keyID, accountID int) error

func (*PostgresStore) UpdateAccountHostname added in v1.4.0 

func (s *PostgresStore) UpdateAccountHostname(id int, hostname string) error

func (*PostgresStore) UpdateAccountLabel 

func (s *PostgresStore) UpdateAccountLabel(id int, label string) error

func (*PostgresStore) UpdateAccountSerial 

func (s *PostgresStore) UpdateAccountSerial(id, serial int) error

func (*PostgresStore) UpdateAccountTags 

func (s *PostgresStore) UpdateAccountTags(id int, tags string) error

func (*PostgresStore) UpdateBootstrapSessionStatus added in v1.4.0 

func (s *PostgresStore) UpdateBootstrapSessionStatus(id string, status string) error

UpdateBootstrapSessionStatus updates the status of a bootstrap session.

type PublicKeyModel added in v1.5.0 

type PublicKeyModel struct {
	bun.BaseModel `bun:"table:public_keys"`
	ID            int    `bun:"id,pk,autoincrement"`
	Algorithm     string `bun:"algorithm"`
	KeyData       string `bun:"key_data"`
	Comment       string `bun:"comment"`
}

PublicKeyModel maps the subset of public_keys used in joins.

type SqliteStore 

type SqliteStore struct {
	// contains filtered or unexported fields
}

SqliteStore is the SQLite implementation of the Store interface.

func NewSqliteStore 

func NewSqliteStore(dataSourceName string) (*SqliteStore, error)

NewSqliteStore initializes the database connection and creates tables if they don't exist.

func (*SqliteStore) AddAccount 

func (s *SqliteStore) AddAccount(username, hostname, label, tags string) (int, error)

AddAccount adds a new account to the database.

func (*SqliteStore) AddKnownHostKey 

func (s *SqliteStore) AddKnownHostKey(hostname, key string) error

AddKnownHostKey adds a new trusted host key to the database.

func (*SqliteStore) AddPublicKey 

func (s *SqliteStore) AddPublicKey(algorithm, keyData, comment string, isGlobal bool) error

AddPublicKey adds a new public key to the database.

func (*SqliteStore) AddPublicKeyAndGetModel 

func (s *SqliteStore) AddPublicKeyAndGetModel(algorithm, keyData, comment string, isGlobal bool) (*model.PublicKey, error)

AddPublicKeyAndGetModel adds a public key to the database if it doesn't already exist (based on the comment) and returns the full key model. It returns (nil, nil) if the key is a duplicate.

func (*SqliteStore) AssignKeyToAccount 

func (s *SqliteStore) AssignKeyToAccount(keyID, accountID int) error

AssignKeyToAccount creates an association between a key and an account.

func (*SqliteStore) CreateSystemKey 

func (s *SqliteStore) CreateSystemKey(publicKey, privateKey string) (int, error)

CreateSystemKey adds a new system key to the database. It determines the correct serial automatically.

func (*SqliteStore) DeleteAccount 

func (s *SqliteStore) DeleteAccount(id int) error

DeleteAccount removes an account from the database by its ID.

func (*SqliteStore) DeleteBootstrapSession added in v1.4.0 

func (s *SqliteStore) DeleteBootstrapSession(id string) error

DeleteBootstrapSession removes a bootstrap session from the database.

func (*SqliteStore) DeletePublicKey 

func (s *SqliteStore) DeletePublicKey(id int) error

DeletePublicKey removes a public key and all its associations. The ON DELETE CASCADE constraint handles the associations in account_keys.

func (*SqliteStore) ExportDataForBackup added in v1.4.0 

func (s *SqliteStore) ExportDataForBackup() (*model.BackupData, error)

ExportDataForBackup retrieves all data from the database for a backup. It uses a transaction to ensure a consistent snapshot of the data.

func (*SqliteStore) GetAccountsForKey 

func (s *SqliteStore) GetAccountsForKey(keyID int) ([]model.Account, error)

GetAccountsForKey retrieves all accounts that have a specific public key assigned.

func (*SqliteStore) GetActiveSystemKey 

func (s *SqliteStore) GetActiveSystemKey() (*model.SystemKey, error)

GetActiveSystemKey retrieves the currently active system key for deployments.

func (*SqliteStore) GetAllAccounts 

func (s *SqliteStore) GetAllAccounts() ([]model.Account, error)

GetAllAccounts retrieves all accounts from the database.

func (*SqliteStore) GetAllActiveAccounts 

func (s *SqliteStore) GetAllActiveAccounts() ([]model.Account, error)

GetAllActiveAccounts retrieves all active accounts from the database.

func (*SqliteStore) GetAllAuditLogEntries 

func (s *SqliteStore) GetAllAuditLogEntries() ([]model.AuditLogEntry, error)

GetAllAuditLogEntries retrieves all entries from the audit log, most recent first.

func (*SqliteStore) GetAllPublicKeys 

func (s *SqliteStore) GetAllPublicKeys() ([]model.PublicKey, error)

GetAllPublicKeys retrieves all public keys from the database.

func (*SqliteStore) GetBootstrapSession added in v1.4.0 

func (s *SqliteStore) GetBootstrapSession(id string) (*model.BootstrapSession, error)

GetBootstrapSession retrieves a bootstrap session by ID.

func (*SqliteStore) GetExpiredBootstrapSessions added in v1.4.0 

func (s *SqliteStore) GetExpiredBootstrapSessions() ([]*model.BootstrapSession, error)

GetExpiredBootstrapSessions returns all expired bootstrap sessions.

func (*SqliteStore) GetGlobalPublicKeys 

func (s *SqliteStore) GetGlobalPublicKeys() ([]model.PublicKey, error)

GetGlobalPublicKeys retrieves all keys marked as global.

func (*SqliteStore) GetKeysForAccount 

func (s *SqliteStore) GetKeysForAccount(accountID int) ([]model.PublicKey, error)

GetKeysForAccount retrieves all public keys assigned to a specific account.

func (*SqliteStore) GetKnownHostKey 

func (s *SqliteStore) GetKnownHostKey(hostname string) (string, error)

GetKnownHostKey retrieves the trusted public key for a given hostname.

func (*SqliteStore) GetOrphanedBootstrapSessions added in v1.4.0 

func (s *SqliteStore) GetOrphanedBootstrapSessions() ([]*model.BootstrapSession, error)

GetOrphanedBootstrapSessions returns all orphaned bootstrap sessions.

func (*SqliteStore) GetPublicKeyByComment 

func (s *SqliteStore) GetPublicKeyByComment(comment string) (*model.PublicKey, error)

GetPublicKeyByComment retrieves a single public key by its unique comment.

func (*SqliteStore) GetSystemKeyBySerial 

func (s *SqliteStore) GetSystemKeyBySerial(serial int) (*model.SystemKey, error)

GetSystemKeyBySerial retrieves a system key by its serial number.

func (*SqliteStore) HasSystemKeys 

func (s *SqliteStore) HasSystemKeys() (bool, error)

HasSystemKeys checks if any system keys exist in the database.

func (*SqliteStore) ImportDataFromBackup added in v1.4.0 

func (s *SqliteStore) ImportDataFromBackup(backup *model.BackupData) error

ImportDataFromBackup restores the database from a backup data structure. It performs a full wipe-and-replace within a single transaction to ensure atomicity.

func (*SqliteStore) IntegrateDataFromBackup added in v1.4.0 

func (s *SqliteStore) IntegrateDataFromBackup(backup *model.BackupData) error

IntegrateDataFromBackup restores data from a backup in a non-destructive way, skipping entries that already exist.

func (*SqliteStore) LogAction 

func (s *SqliteStore) LogAction(action string, details string) error

LogAction records an audit trail event.

func (*SqliteStore) RotateSystemKey 

func (s *SqliteStore) RotateSystemKey(publicKey, privateKey string) (int, error)

RotateSystemKey deactivates all current system keys and adds a new one as active. This should be performed within a transaction to ensure atomicity.

func (*SqliteStore) SaveBootstrapSession added in v1.4.0 

func (s *SqliteStore) SaveBootstrapSession(id, username, hostname, label, tags, tempPublicKey string, expiresAt time.Time, status string) error

SaveBootstrapSession saves a bootstrap session to the database.

func (*SqliteStore) ToggleAccountStatus 

func (s *SqliteStore) ToggleAccountStatus(id int) error

ToggleAccountStatus flips the active status of an account.

func (*SqliteStore) TogglePublicKeyGlobal 

func (s *SqliteStore) TogglePublicKeyGlobal(id int) error

TogglePublicKeyGlobal flips the 'is_global' status of a public key.

func (*SqliteStore) UnassignKeyFromAccount 

func (s *SqliteStore) UnassignKeyFromAccount(keyID, accountID int) error

UnassignKeyFromAccount removes an association between a key and an account.

func (*SqliteStore) UpdateAccountHostname added in v1.4.0 

func (s *SqliteStore) UpdateAccountHostname(id int, hostname string) error

UpdateAccountHostname updates the hostname for a given account. This is primarily used for testing to point an account to a mock server.

func (*SqliteStore) UpdateAccountLabel 

func (s *SqliteStore) UpdateAccountLabel(id int, label string) error

UpdateAccountLabel updates the label for a given account.

func (*SqliteStore) UpdateAccountSerial 

func (s *SqliteStore) UpdateAccountSerial(id, serial int) error

UpdateAccountSerial sets the serial for a given account ID to a specific value.

func (*SqliteStore) UpdateAccountTags 

func (s *SqliteStore) UpdateAccountTags(id int, tags string) error

UpdateAccountTags updates the tags for a given account.

func (*SqliteStore) UpdateBootstrapSessionStatus added in v1.4.0 

func (s *SqliteStore) UpdateBootstrapSessionStatus(id string, status string) error

UpdateBootstrapSessionStatus updates the status of a bootstrap session.

type Store 

type Store interface {
	// Account methods
	GetAllAccounts() ([]model.Account, error)
	AddAccount(username, hostname, label, tags string) (int, error)
	DeleteAccount(id int) error
	UpdateAccountSerial(id, serial int) error
	ToggleAccountStatus(id int) error
	UpdateAccountLabel(id int, label string) error
	UpdateAccountHostname(id int, hostname string) error
	UpdateAccountTags(id int, tags string) error
	GetAllActiveAccounts() ([]model.Account, error)

	// Public Key methods
	AddPublicKey(algorithm, keyData, comment string, isGlobal bool) error
	GetAllPublicKeys() ([]model.PublicKey, error)
	GetPublicKeyByComment(comment string) (*model.PublicKey, error)
	AddPublicKeyAndGetModel(algorithm, keyData, comment string, isGlobal bool) (*model.PublicKey, error)
	TogglePublicKeyGlobal(id int) error
	GetGlobalPublicKeys() ([]model.PublicKey, error)
	DeletePublicKey(id int) error

	// Host Key methods
	GetKnownHostKey(hostname string) (string, error)
	AddKnownHostKey(hostname, key string) error

	// System Key methods
	CreateSystemKey(publicKey, privateKey string) (int, error)
	RotateSystemKey(publicKey, privateKey string) (int, error)
	GetActiveSystemKey() (*model.SystemKey, error)
	GetSystemKeyBySerial(serial int) (*model.SystemKey, error)
	HasSystemKeys() (bool, error)

	// Assignment methods
	AssignKeyToAccount(keyID, accountID int) error
	UnassignKeyFromAccount(keyID, accountID int) error
	GetKeysForAccount(accountID int) ([]model.PublicKey, error)
	GetAccountsForKey(keyID int) ([]model.Account, error)

	// Audit Log methods
	GetAllAuditLogEntries() ([]model.AuditLogEntry, error)
	LogAction(action string, details string) error

	// Bootstrap Session methods
	SaveBootstrapSession(id, username, hostname, label, tags, tempPublicKey string, expiresAt time.Time, status string) error
	GetBootstrapSession(id string) (*model.BootstrapSession, error)
	DeleteBootstrapSession(id string) error
	UpdateBootstrapSessionStatus(id string, status string) error
	GetExpiredBootstrapSessions() ([]*model.BootstrapSession, error)
	GetOrphanedBootstrapSessions() ([]*model.BootstrapSession, error)

	// Backup/Restore methods
	ExportDataForBackup() (*model.BackupData, error)
	ImportDataFromBackup(*model.BackupData) error
	IntegrateDataFromBackup(*model.BackupData) error
}

Store defines the interface for all database operations in Keymaster. This allows for multiple database backends to be implemented.

func NewStoreFromDSN added in v1.5.1 

func NewStoreFromDSN(dbType, dsn string) (Store, error)

NewStoreFromDSN opens a sql.DB for the given DSN, runs migrations, and returns a Store backed by a long-lived *bun.DB. This hides *sql.DB usage from higher-level callers.

type SystemKeyModel added in v1.5.0 

type SystemKeyModel struct {
	bun.BaseModel `bun:"table:system_keys"`
	ID            int    `bun:"id,pk,autoincrement"`
	Serial        int    `bun:"serial"`
	PublicKey     string `bun:"public_key"`
	PrivateKey    string `bun:"private_key"`
	IsActive      bool   `bun:"is_active"`
}

SystemKeyModel is a local mapping used by Bun for queries.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.