staging

package
v0.7.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package staging provides staging functionality for AWS parameter and secret changes.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNotStaged is returned when a parameter/secret is not staged.
	ErrNotStaged = errors.New("not staged")
)

Functions

func CheckConflicts 

func CheckConflicts(ctx context.Context, strategy ApplyStrategy, entries map[string]Entry) map[string]struct{}

CheckConflicts checks if AWS resources were modified after staging. Returns a map of names that have conflicts.

For Create operations: conflicts if resource now exists (someone else created it). For Update/Delete operations with BaseModifiedAt: conflicts if AWS was modified after base.

Types

type ApplyStrategy 

type ApplyStrategy interface {
	ServiceStrategy

	// Apply applies a staged entry operation to AWS.
	// Handles OperationCreate, OperationUpdate, and OperationDelete based on entry.Operation.
	Apply(ctx context.Context, name string, entry Entry) error

	// ApplyTags applies staged tag changes to AWS.
	ApplyTags(ctx context.Context, name string, tagEntry TagEntry) error

	// FetchLastModified returns the last modified time of the resource in AWS.
	// Returns zero time if the resource doesn't exist (for create operations).
	FetchLastModified(ctx context.Context, name string) (time.Time, error)
}

ApplyStrategy defines service-specific apply operations.

type DeleteOptions 

type DeleteOptions struct {
	// Force enables immediate permanent deletion without recovery window.
	Force bool `json:"force,omitempty"`
	// RecoveryWindow is the number of days before permanent deletion (7-30).
	// Only used when Force is false. 0 means default (30 days).
	//nolint:tagliatelle // JSON uses snake_case for consistency with file storage format
	RecoveryWindow int `json:"recovery_window,omitempty"`
}

DeleteOptions holds options for Secrets Manager delete operations.

type DeleteStrategy added in v0.1.1 

type DeleteStrategy interface {
	ServiceStrategy

	// FetchLastModified returns the last modified time of the resource in AWS.
	// Used for conflict detection when applying delete operations.
	FetchLastModified(ctx context.Context, name string) (time.Time, error)
}

DeleteStrategy defines service-specific delete staging operations.

type DiffStrategy 

type DiffStrategy interface {
	ServiceStrategy

	// FetchCurrent fetches the current value from AWS for diffing.
	FetchCurrent(ctx context.Context, name string) (*FetchResult, error)

	// FetchCurrentTags fetches the current tags from AWS for showing in diff output.
	// Returns nil map if the resource doesn't exist or has no tags.
	FetchCurrentTags(ctx context.Context, name string) (map[string]string, error)
}

DiffStrategy defines service-specific diff/fetch operations.

type EditFetchResult 

type EditFetchResult struct {
	// Value is the current value in AWS.
	Value string
	// LastModified is the last modification time of the resource.
	// Used for conflict detection when applying staged changes.
	LastModified time.Time
}

EditFetchResult holds the result of fetching a value for editing.

type EditStrategy 

type EditStrategy interface {
	Parser

	// FetchCurrentValue fetches the current value from AWS for editing.
	// Returns the value and last modified time for conflict detection.
	FetchCurrentValue(ctx context.Context, name string) (*EditFetchResult, error)
}

EditStrategy defines service-specific edit operations.

type Entry 

type Entry struct {
	Operation   Operation `json:"operation"`
	Value       *string   `json:"value,omitempty"` // nil for delete, pointer to distinguish from empty string
	Description *string   `json:"description,omitempty"`
	//nolint:tagliatelle // JSON uses snake_case for consistency with file storage format
	StagedAt time.Time `json:"staged_at"`
	// BaseModifiedAt records the AWS LastModified time when the value was fetched.
	// Used for conflict detection: if AWS was modified after this time, it's a conflict.
	// Only set for update/delete operations (nil for create since there's no base).
	//nolint:tagliatelle // JSON uses snake_case for consistency with file storage format
	BaseModifiedAt *time.Time `json:"base_modified_at,omitempty"`
	// DeleteOptions holds Secrets Manager-specific delete options.
	// Only used when Operation is OperationDelete and service is Secrets Manager.
	//nolint:tagliatelle // JSON uses snake_case for consistency with file storage format
	DeleteOptions *DeleteOptions `json:"delete_options,omitempty"`
}

Entry represents a single staged entity change (create/update/delete). Tags are managed separately in TagEntry.

type EntryPrinter 

type EntryPrinter struct {
	Writer io.Writer
}

EntryPrinter prints staged entries to the given writer.

func (*EntryPrinter) PrintEntry 

func (p *EntryPrinter) PrintEntry(name string, entry Entry, verbose, showDeleteOptions bool)

PrintEntry prints a single staged entry. If verbose is true, shows detailed information including timestamp and value. If showDeleteOptions is true, shows delete options (Force/RecoveryWindow) for delete operations.

type FetchResult 

type FetchResult struct {
	// Value is the current value in AWS.
	Value string
	// Identifier is a display string for the version (e.g., "#3" for SSM Parameter Store, "#abc123" for Secrets Manager).
	Identifier string
}

FetchResult holds the result of fetching a value from AWS.

type FullStrategy 

type FullStrategy interface {
	ApplyStrategy
	DiffStrategy
	EditStrategy
	ResetStrategy
}

FullStrategy combines all service-specific strategy interfaces. This enables unified stage commands that work with either SSM Parameter Store or Secrets Manager.

func ParamFactory 

func ParamFactory(ctx context.Context) (FullStrategy, error)

ParamFactory creates a FullStrategy with an initialized AWS client.

func SecretFactory 

func SecretFactory(ctx context.Context) (FullStrategy, error)

SecretFactory creates a FullStrategy with an initialized AWS client.

type Operation 

type Operation string

Operation represents the type of staged change. 

const (
	// OperationCreate represents a create operation (new item).
	OperationCreate Operation = "create"
	// OperationUpdate represents an update operation (existing item).
	OperationUpdate Operation = "update"
	// OperationDelete represents a delete operation.
	OperationDelete Operation = "delete"
)

type ParamClient 

type ParamClient interface {
	paramapi.GetParameterAPI
	paramapi.GetParameterHistoryAPI
	paramapi.PutParameterAPI
	paramapi.DeleteParameterAPI
	paramapi.AddTagsToResourceAPI
	paramapi.RemoveTagsFromResourceAPI
	paramapi.ListTagsForResourceAPI
}

ParamClient is the combined interface for SSM Parameter Store stage operations.

type ParamStrategy 

type ParamStrategy struct {
	Client ParamClient
}

ParamStrategy implements ServiceStrategy for SSM Parameter Store.

func NewParamStrategy 

func NewParamStrategy(client ParamClient) *ParamStrategy

NewParamStrategy creates a new SSM Parameter Store strategy.

func (*ParamStrategy) Apply 

func (s *ParamStrategy) Apply(ctx context.Context, name string, entry Entry) error

Apply applies a staged operation to AWS SSM Parameter Store.

func (*ParamStrategy) ApplyTags added in v0.3.0 

func (s *ParamStrategy) ApplyTags(ctx context.Context, name string, tagEntry TagEntry) error

ApplyTags applies staged tag changes to AWS SSM Parameter Store.

func (*ParamStrategy) FetchCurrent 

func (s *ParamStrategy) FetchCurrent(ctx context.Context, name string) (*FetchResult, error)

FetchCurrent fetches the current value from AWS SSM Parameter Store for diffing.

func (*ParamStrategy) FetchCurrentTags added in v0.7.3 

func (s *ParamStrategy) FetchCurrentTags(ctx context.Context, name string) (map[string]string, error)

FetchCurrentTags fetches the current tags from AWS SSM Parameter Store.

func (*ParamStrategy) FetchCurrentValue 

func (s *ParamStrategy) FetchCurrentValue(ctx context.Context, name string) (*EditFetchResult, error)

FetchCurrentValue fetches the current value from AWS SSM Parameter Store for editing. Returns *ResourceNotFoundError if the parameter doesn't exist.

func (*ParamStrategy) FetchLastModified 

func (s *ParamStrategy) FetchLastModified(ctx context.Context, name string) (time.Time, error)

FetchLastModified returns the last modified time of the parameter in AWS. Returns zero time if the parameter doesn't exist.

func (*ParamStrategy) FetchVersion 

func (s *ParamStrategy) FetchVersion(ctx context.Context, input string) (value string, versionLabel string, err error)

FetchVersion fetches the value for a specific version.

func (*ParamStrategy) HasDeleteOptions 

func (s *ParamStrategy) HasDeleteOptions() bool

HasDeleteOptions returns false as SSM Parameter Store doesn't have delete options.

func (*ParamStrategy) ItemName 

func (s *ParamStrategy) ItemName() string

ItemName returns the item name for messages.

func (*ParamStrategy) ParseName 

func (s *ParamStrategy) ParseName(input string) (string, error)

ParseName parses and validates a name for editing.

func (*ParamStrategy) ParseSpec 

func (s *ParamStrategy) ParseSpec(input string) (name string, hasVersion bool, err error)

ParseSpec parses a version spec string for reset.

func (*ParamStrategy) Service 

func (s *ParamStrategy) Service() Service

Service returns the service type.

func (*ParamStrategy) ServiceName 

func (s *ParamStrategy) ServiceName() string

ServiceName returns the user-friendly service name.

type Parser 

type Parser interface {
	ServiceStrategy

	// ParseName parses and validates a name, returning only the base name without version specifiers.
	// Returns an error if version specifiers are present.
	ParseName(input string) (string, error)

	// ParseSpec parses a version spec string.
	// Returns the base name and whether a version/shift was specified.
	ParseSpec(input string) (name string, hasVersion bool, err error)
}

Parser provides name/spec parsing without AWS access. Use this interface when only parsing is needed (e.g., status, add commands).

func ParamParserFactory 

func ParamParserFactory() Parser

ParamParserFactory creates a Parser without an AWS client. Use this for operations that don't need AWS access (e.g., status, parsing).

func SecretParserFactory 

func SecretParserFactory() Parser

SecretParserFactory creates a Parser without an AWS client. Use this for operations that don't need AWS access (e.g., status, parsing).

type ParserFactory 

type ParserFactory func() Parser

ParserFactory creates a Parser without AWS client.

type ResetStrategy 

type ResetStrategy interface {
	Parser

	// FetchVersion fetches the value for a specific version.
	// Returns the value and a version label for display.
	FetchVersion(ctx context.Context, input string) (value string, versionLabel string, err error)

	// FetchCurrentValue fetches the current value from AWS for auto-skip detection.
	// Uses same signature as EditStrategy for implementation reuse.
	FetchCurrentValue(ctx context.Context, name string) (*EditFetchResult, error)
}

ResetStrategy defines service-specific reset operations.

type ResourceNotFoundError added in v0.4.8 

type ResourceNotFoundError struct {
	Err error
}

ResourceNotFoundError indicates a resource was not found in AWS.

func (*ResourceNotFoundError) Error added in v0.4.8 

func (e *ResourceNotFoundError) Error() string

func (*ResourceNotFoundError) Unwrap added in v0.4.8 

func (e *ResourceNotFoundError) Unwrap() error

type SecretClient 

type SecretClient interface {
	secretapi.GetSecretValueAPI
	secretapi.ListSecretVersionIDsAPI
	secretapi.CreateSecretAPI
	secretapi.PutSecretValueAPI
	secretapi.DeleteSecretAPI
	secretapi.UpdateSecretAPI
	secretapi.TagResourceAPI
	secretapi.UntagResourceAPI
	secretapi.DescribeSecretAPI
}

SecretClient is the combined interface for Secrets Manager stage operations.

type SecretStrategy 

type SecretStrategy struct {
	Client SecretClient
}

SecretStrategy implements ServiceStrategy for Secrets Manager.

func NewSecretStrategy 

func NewSecretStrategy(client SecretClient) *SecretStrategy

NewSecretStrategy creates a new Secrets Manager strategy.

func (*SecretStrategy) Apply 

func (s *SecretStrategy) Apply(ctx context.Context, name string, entry Entry) error

Apply applies a staged operation to AWS Secrets Manager.

func (*SecretStrategy) ApplyTags added in v0.3.0 

func (s *SecretStrategy) ApplyTags(ctx context.Context, name string, tagEntry TagEntry) error

ApplyTags applies staged tag changes to AWS Secrets Manager.

func (*SecretStrategy) FetchCurrent 

func (s *SecretStrategy) FetchCurrent(ctx context.Context, name string) (*FetchResult, error)

FetchCurrent fetches the current value from AWS Secrets Manager for diffing.

func (*SecretStrategy) FetchCurrentTags added in v0.7.3 

func (s *SecretStrategy) FetchCurrentTags(ctx context.Context, name string) (map[string]string, error)

FetchCurrentTags fetches the current tags from AWS Secrets Manager.

func (*SecretStrategy) FetchCurrentValue 

func (s *SecretStrategy) FetchCurrentValue(ctx context.Context, name string) (*EditFetchResult, error)

FetchCurrentValue fetches the current value from AWS Secrets Manager for editing. Returns *ResourceNotFoundError if the secret doesn't exist.

func (*SecretStrategy) FetchLastModified 

func (s *SecretStrategy) FetchLastModified(ctx context.Context, name string) (time.Time, error)

FetchLastModified returns the last modified time of the secret in AWS. Returns zero time if the secret doesn't exist.

func (*SecretStrategy) FetchVersion 

func (s *SecretStrategy) FetchVersion(ctx context.Context, input string) (value string, versionLabel string, err error)

FetchVersion fetches the value for a specific version.

func (*SecretStrategy) HasDeleteOptions 

func (s *SecretStrategy) HasDeleteOptions() bool

HasDeleteOptions returns true as Secrets Manager has delete options.

func (*SecretStrategy) ItemName 

func (s *SecretStrategy) ItemName() string

ItemName returns the item name for messages.

func (*SecretStrategy) ParseName 

func (s *SecretStrategy) ParseName(input string) (string, error)

ParseName parses and validates a name for editing.

func (*SecretStrategy) ParseSpec 

func (s *SecretStrategy) ParseSpec(input string) (name string, hasVersion bool, err error)

ParseSpec parses a version spec string for reset.

func (*SecretStrategy) Service 

func (s *SecretStrategy) Service() Service

Service returns the service type.

func (*SecretStrategy) ServiceName 

func (s *SecretStrategy) ServiceName() string

ServiceName returns the user-friendly service name.

type Service 

type Service string

Service represents which AWS service the staged change belongs to. 

const (
	// ServiceParam represents AWS Systems Manager Parameter Store.
	ServiceParam Service = "param"
	// ServiceSecret represents AWS Secrets Manager.
	ServiceSecret Service = "secret"
)

type ServiceStrategy 

type ServiceStrategy interface {
	// Service returns the service type (ServiceParam or ServiceSecret).
	Service() Service

	// ServiceName returns the user-friendly service name (e.g., "SSM Parameter Store", "Secrets Manager").
	ServiceName() string

	// ItemName returns the item name for messages (e.g., "parameter", "secret").
	ItemName() string

	// HasDeleteOptions returns true if delete options should be displayed.
	HasDeleteOptions() bool
}

ServiceStrategy defines the common interface for service-specific operations. This enables Strategy Pattern to consolidate duplicate code across SSM Parameter Store and Secrets Manager commands.

type State 

type State struct {
	Version int                             `json:"version"`
	Entries map[Service]map[string]Entry    `json:"entries,omitempty"`
	Tags    map[Service]map[string]TagEntry `json:"tags,omitempty"`
}

State represents the entire staging state (v2). Entries and Tags are managed separately for cleaner separation of concerns.

func NewEmptyState added in v0.7.0 

func NewEmptyState() *State

NewEmptyState creates a new empty state with initialized maps.

func (*State) EntryCount added in v0.7.0 

func (s *State) EntryCount() int

EntryCount returns the total number of entries in the state.

func (*State) ExtractService added in v0.7.0 

func (s *State) ExtractService(service Service) *State

ExtractService returns a new state containing only entries for the specified service. If service is empty, returns a clone of the entire state.

func (*State) IsEmpty added in v0.7.0 

func (s *State) IsEmpty() bool

IsEmpty checks if a state has no entries and no tags.

func (*State) Merge added in v0.7.0 

func (s *State) Merge(other *State)

Merge merges another state into this state. The other state takes precedence for conflicting entries.

func (*State) RemoveService added in v0.7.0 

func (s *State) RemoveService(service Service)

RemoveService removes all entries for the specified service from this state. If service is empty, clears all entries.

func (*State) TagCount added in v0.7.0 

func (s *State) TagCount() int

TagCount returns the total number of tag entries in the state.

func (*State) TotalCount added in v0.7.0 

func (s *State) TotalCount() int

TotalCount returns the total number of entries and tags in the state.

type StrategyFactory 

type StrategyFactory func(ctx context.Context) (FullStrategy, error)

StrategyFactory creates a FullStrategy for a given context. Used to defer AWS client initialization until command execution.

type TagEntry added in v0.3.0 

type TagEntry struct {
	Add    map[string]string   `json:"add,omitempty"`    // Tags to add or update
	Remove maputil.Set[string] `json:"remove,omitempty"` // Tag keys to remove
	// StagedAt records when the tag change was staged.
	//nolint:tagliatelle // JSON uses snake_case for consistency with file storage format
	StagedAt time.Time `json:"staged_at"`
	// BaseModifiedAt records the AWS LastModified time when tags were fetched.
	// Used for conflict detection.
	//nolint:tagliatelle // JSON uses snake_case for consistency with file storage format
	BaseModifiedAt *time.Time `json:"base_modified_at,omitempty"`
}

TagEntry represents staged tag changes for an entity. Managed separately from Entry for cleaner separation of concerns.

Source Files

View all Source files

Directories

Path Synopsis
Package cli provides shared runners and command builders for stage commands.
 Package cli provides shared runners and command builders for stage commands.
Package store provides storage interfaces and implementations for staging.
 Package store provides storage interfaces and implementations for staging.
agent
Package agent provides shared types and configuration for the staging agent client and server packages.
 Package agent provides shared types and configuration for the staging agent client and server packages.
agent/daemon
Package daemon provides daemon lifecycle management for the staging agent.
 Package daemon provides daemon lifecycle management for the staging agent.
agent/daemon/internal/ipc
Package ipc provides low-level IPC communication for the staging agent.
 Package ipc provides low-level IPC communication for the staging agent.
agent/daemon/lifecycle
Package lifecycle provides declarative agent lifecycle management for staging commands.
 Package lifecycle provides declarative agent lifecycle management for staging commands.
agent/internal/client
Package client provides the domain-level client for the staging agent.
 Package client provides the domain-level client for the staging agent.
agent/internal/protocol
Package protocol defines the IPC protocol between the agent client and server.
 Package protocol defines the IPC protocol between the agent client and server.
agent/internal/server
Package server provides request handling for the staging agent.
 Package server provides request handling for the staging agent.
agent/internal/server/security
Package security provides security-related functionality for the agent server.
 Package security provides security-related functionality for the agent server.
file
Package file provides file-based staging storage.
 Package file provides file-based staging storage.
file/internal/crypt
Package crypt provides passphrase-based encryption for staging files.
 Package crypt provides passphrase-based encryption for staging files.
testutil
Package testutil provides test utilities for staging package.
 Package testutil provides test utilities for staging package.
Package transition implements state machine logic for staging operations.
 Package transition implements state machine logic for staging operations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.