17240f4efd
## Changes
### port.Deployer interface
- Add PatchProjectSecrets(ctx, projectName, patch) to merge key-value pairs
into all K8s secrets labeled project={projectName}
- Add RestartAll(ctx, projectName) to trigger rolling restart of all deployments
for a project, picking up fresh secrets without waiting for CI
### deployer adapter
- Implement PatchProjectSecrets: lists secrets by label, merges patch into Data,
writes each secret back
- Implement RestartAll: lists deployments by label, sets restartedAt annotation
### domain/credential.go
- Add CredentialCategoryCache = "cache" constant
- Use constant in component_infra.go (was raw string "cache")
### handlers/cache.go (new)
- POST /projects/{projectID}/cache/reprovision
- Calls CreateProjectCache (which handles delete+recreate with new password)
- Updates credential store (REDIS_URL, REDIS_URL_STAGING, REDIS_PREFIX)
- Patches all K8s secrets for the project immediately
- Triggers RestartAll so pods pick up new credentials without waiting for deploy
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
85 lines
2.5 KiB
Go
85 lines
2.5 KiB
Go
// Package domain contains core business entities.
|
|
package domain
|
|
|
|
import "time"
|
|
|
|
// Credential represents a stored secret/credential for infrastructure adapters.
|
|
// Credentials are encrypted at rest and accessed by key name.
|
|
type Credential struct {
|
|
// Key is the unique identifier (e.g., "GITEA_TOKEN", "CLOUDFLARE_API_TOKEN")
|
|
Key string
|
|
|
|
// Value is the credential value (stored encrypted in database)
|
|
Value string
|
|
|
|
// Description explains what this credential is for
|
|
Description string
|
|
|
|
// Category groups related credentials (e.g., "gitea", "cloudflare", "woodpecker")
|
|
Category string
|
|
|
|
// CreatedAt is when the credential was first stored
|
|
CreatedAt time.Time
|
|
|
|
// UpdatedAt is when the credential was last modified
|
|
UpdatedAt time.Time
|
|
|
|
// UpdatedBy tracks who last modified the credential
|
|
UpdatedBy string
|
|
}
|
|
|
|
// CredentialCategories for grouping.
|
|
const (
|
|
CredentialCategoryGitea = "gitea"
|
|
CredentialCategoryCloudflare = "cloudflare"
|
|
CredentialCategoryWoodpecker = "woodpecker"
|
|
CredentialCategoryDatabase = "database"
|
|
CredentialCategoryRegistry = "registry"
|
|
CredentialCategoryWorker = "worker"
|
|
CredentialCategoryStorage = "storage"
|
|
CredentialCategoryAI = "ai"
|
|
CredentialCategoryNotify = "notify"
|
|
CredentialCategoryCache = "cache"
|
|
)
|
|
|
|
// Known credential keys.
|
|
const (
|
|
// Gitea
|
|
CredKeyGiteaToken = "GITEA_TOKEN"
|
|
CredKeyGiteaURL = "GITEA_URL"
|
|
|
|
// Cloudflare
|
|
CredKeyCloudflareAPIToken = "CLOUDFLARE_API_TOKEN"
|
|
CredKeyCloudflareZoneID = "CLOUDFLARE_ZONE_ID"
|
|
|
|
// Woodpecker
|
|
CredKeyWoodpeckerURL = "WOODPECKER_URL"
|
|
CredKeyWoodpeckerAPIToken = "WOODPECKER_API_TOKEN"
|
|
CredKeyWoodpeckerWebhookSecret = "WOODPECKER_WEBHOOK_SECRET"
|
|
|
|
// Registry
|
|
CredKeyRegistryURL = "REGISTRY_URL"
|
|
|
|
// GCS
|
|
CredKeyGCSBucket = "GCS_BUCKET"
|
|
CredKeyGCSServiceAccountJSON = "GCS_SERVICE_ACCOUNT_JSON"
|
|
|
|
// AI Providers
|
|
CredKeyLaozhangAPIKey = "LAOZHANG_API_KEY"
|
|
CredKeyGeminiAPIKey = "GEMINI_API_KEY"
|
|
|
|
// Notify service (email delivery)
|
|
CredKeyNotifyURL = "NOTIFY_URL"
|
|
CredKeyNotifyAdminKey = "NOTIFY_ADMIN_KEY"
|
|
CredKeyNotifyAPIKey = "NOTIFY_API_KEY"
|
|
CredKeyNotifyHost = "NOTIFY_HOST"
|
|
CredKeyNotifyFrom = "NOTIFY_FROM"
|
|
CredKeyNotifyResendDomainID = "NOTIFY_RESEND_DOMAIN_ID"
|
|
|
|
// Resend (email provider for per-project domain provisioning)
|
|
CredKeyResendAPIKey = "RESEND_API_KEY"
|
|
|
|
// Project-scoped auth secret (unique per project, auto-generated on first code component)
|
|
CredKeyJWTSecret = "JWT_SECRET"
|
|
)
|