Skip to content

refactor(credentials): extract pure credential-mutation planning (477.4)#504

Merged
rianjs merged 1 commit into
mainfrom
refactor/477-credential-planning
Jul 11, 2026
Merged

refactor(credentials): extract pure credential-mutation planning (477.4)#504
rianjs merged 1 commit into
mainfrom
refactor/477-credential-planning

Conversation

@rianjs

@rianjs rianjs commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Refs #477 — step 4 of 5 of the approved Candidate 1 from the design record.

Extracts the pure credential-mutation planning out of initcmd (where the whole transition model lived) into internal/credentials, which already owns store resolution and key validation.

Moved (old → new)

  • initCredentialPlanStatecredentials.PlanState; initCredentialPlanEntrycredentials.PlanEntry
  • planInitCredentials*credentials.Plan / PlanWithConfig
  • Validation/classification → ValidatePlannedWriteKeys, MissingRequiredPlannedKeys, ClassifyPlanEntry
  • Write grouping → WriteGroup / GroupWritesByStore
  • Cleanup grouping + the all-profiles active-ref scan that protects shared refs → ReviewerCredentialCleanupGroup / GroupStaleReviewerCredentialCleanupsByStore
  • Stale-key calculation → StaleReviewerCredentialKeys
  • The "id|source|backend" string map key is gone: credentials.StoreIdentity{ID, Source, Backend} is the comparable key, from ResolvedSecretsStore.Identity().

Migration discipline (per the design record)

Planner and multi-store/shared-ref tests were relocated first and proven against the moved logic, then callers switched. Zero tests deleted — 427 → 432 (new coverage for same-name/different-store grouping, multiple cleanup stores, and identity collisions); the original multi-store I/O tests remain in initcmd.

Stayed in initcmd

Both application paths, store opening, no-overwrite preflight, bundle writes, config-save sequencing, key deletion, error mapping, rendering, hints — preserving the write → save → cleanup ordering. credentialcmd untouched. Stale-key policy, overwrite semantics, and error wording unchanged.

Verification

Seven config-show goldens byte-identical and unmodified. go build, go vet, full go test ./... green unsandboxed (60 packages), repo-wide golangci-lint 0 issues, architecture harness pass. +768/−584 (net +25 production, +159 tests).

Remaining for #477: step 5 (init apply-tail dedup).

… initcmd (477.4)

Move plan states/entries, transition classification, staged-key
validation, per-store write grouping, the all-profiles active-ref scan,
and stale-key calculation into internal/credentials (planning.go). The
'id|source|backend' string map key is replaced by the comparable
credentials.StoreIdentity struct via ResolvedSecretsStore.Identity().
Planner and multi-store/shared-ref tests relocated first and pass against
the moved logic; initcmd keeps both application paths, preflight, bundle
writes, config-save sequencing, key deletion, and rendering. Zero tests
deleted (427 -> 432); stale-key policy, overwrite semantics, and error
wording unchanged.
@rianjs rianjs merged commit 0dee071 into main Jul 11, 2026
10 checks passed
@rianjs rianjs deleted the refactor/477-credential-planning branch July 11, 2026 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant