certstore

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2026 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package certstore provides certificate storage contracts and in-memory projections for Vale TLS assets.

Index

Constants

View Source 
const (
	RaftCommandCertificateStore  = "certificate_store"
	RaftCommandCertificateDelete = "certificate_delete"
	RaftCommandLockAcquire       = "certificate_lock_acquire"
	RaftCommandLockRelease       = "certificate_lock_release"
	DefaultRaftGroup             = "certificates"
)

Variables

View Source 
var ErrNotExist = fs.ErrNotExist

ErrNotExist is returned when a key is absent.

Functions

This section is empty.

Types

type KeyInfo 

type KeyInfo struct {
	Key        string
	Modified   time.Time
	Size       int64
	IsTerminal bool
}

KeyInfo describes a terminal file or an implicit directory key.

type LocalLocker 

type LocalLocker struct {
	// contains filtered or unexported fields
}

LocalLocker is a process-local named lock table. It is useful for standalone mode and tests; clustered storage should replace it with a distributed lock.

func NewLocalLocker 

func NewLocalLocker() *LocalLocker

func (*LocalLocker) Lock 

func (l *LocalLocker) Lock(ctx context.Context, name string) error

func (*LocalLocker) Unlock 

func (l *LocalLocker) Unlock(_ context.Context, name string) error

type Locker 

type Locker interface {
	Lock(ctx context.Context, name string) error
	Unlock(ctx context.Context, name string) error
}

Locker coordinates ACME work such as certificate issuance and renewal. A Raft-backed implementation should make this a cluster-wide lock.

type Mutation 

type Mutation struct {
	Kind     MutationKind
	Key      string
	Value    []byte
	Modified time.Time
}

Mutation is the Raft-friendly write model for Projection.

type MutationKind 

type MutationKind string

MutationKind describes a committed certificate storage mutation. 

const (
	MutationStore  MutationKind = "store"
	MutationDelete MutationKind = "delete"
)

type Object 

type Object struct {
	Key      string
	Value    []byte
	Modified time.Time
}

Object is a terminal certificate storage key.

type Projection 

type Projection struct {
	// contains filtered or unexported fields
}

Projection is a thread-safe in-memory certificate KV model. It is suitable as the hot read path for file-backed and future Raft-backed storage implementations.

func NewProjection 

func NewProjection(objects ...Object) *Projection

func (*Projection) Apply 

func (p *Projection) Apply(ctx context.Context, mutation Mutation) error

func (*Projection) Delete 

func (p *Projection) Delete(ctx context.Context, key string) error

func (*Projection) Exists 

func (p *Projection) Exists(ctx context.Context, key string) bool

func (*Projection) List 

func (p *Projection) List(ctx context.Context, prefix string, recursive bool) (*collectionlist.List[string], error)

func (*Projection) Load 

func (p *Projection) Load(ctx context.Context, key string) ([]byte, error)

func (*Projection) Lock 

func (p *Projection) Lock(ctx context.Context, name string) error

func (*Projection) Snapshot 

func (p *Projection) Snapshot(ctx context.Context) (*Snapshot, error)

func (*Projection) Stat 

func (p *Projection) Stat(ctx context.Context, key string) (KeyInfo, error)

func (*Projection) Store 

func (p *Projection) Store(ctx context.Context, key string, value []byte) error

func (*Projection) Unlock 

func (p *Projection) Unlock(ctx context.Context, name string) error

type RaftClient 

type RaftClient interface {
	ProposeGroup(group string, data []byte, timeout time.Duration) ([]byte, error)
	AppliedGroupStateJSON(group string, timeout time.Duration) ([]byte, error)
}

type RaftStorage 

type RaftStorage struct {
	// contains filtered or unexported fields
}

func NewRaftStorage 

func NewRaftStorage(config RaftStorageConfig) *RaftStorage

func (*RaftStorage) Delete 

func (s *RaftStorage) Delete(ctx context.Context, key string) error

func (*RaftStorage) Exists 

func (s *RaftStorage) Exists(ctx context.Context, key string) bool

func (*RaftStorage) List 

func (s *RaftStorage) List(ctx context.Context, prefix string, recursive bool) (*collectionlist.List[string], error)

func (*RaftStorage) Load 

func (s *RaftStorage) Load(ctx context.Context, key string) ([]byte, error)

func (*RaftStorage) Lock 

func (s *RaftStorage) Lock(ctx context.Context, name string) error

func (*RaftStorage) Stat 

func (s *RaftStorage) Stat(ctx context.Context, key string) (KeyInfo, error)

func (*RaftStorage) Status 

func (s *RaftStorage) Status() *mapping.Map[string, any]

func (*RaftStorage) Store 

func (s *RaftStorage) Store(ctx context.Context, key string, value []byte) error

func (*RaftStorage) Unlock 

func (s *RaftStorage) Unlock(ctx context.Context, name string) error

type RaftStorageConfig 

type RaftStorageConfig struct {
	Client     RaftClient
	Group      string
	Timeout    time.Duration
	LockTTL    time.Duration
	Owner      string
	Projection *Projection
}

type Snapshot 

type Snapshot struct {
	Objects *collectionmapping.Map[string, Object]
	Keys    *collectionlist.List[string]
}

Snapshot is a defensive copy of a Projection.

type Storage 

type Storage interface {
	Locker

	Store(ctx context.Context, key string, value []byte) error
	Load(ctx context.Context, key string) ([]byte, error)
	Delete(ctx context.Context, key string) error
	Exists(ctx context.Context, key string) bool
	List(ctx context.Context, prefix string, recursive bool) (*collectionlist.List[string], error)
	Stat(ctx context.Context, key string) (KeyInfo, error)
}

Storage is Vale's certificate key-value storage boundary.

Keys use slash-separated path semantics. Files are terminal keys with bytes, while directories are implicit prefixes. Implementations must be safe for concurrent use.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.