Merge branch 'ToeiRei:main' into main

Author: Jannes-Dailidow

cmd/keymaster/adapters_cli.go

@@ -58,6 +58,9 @@ func (c *cliStoreAdapter) AssignKeyToAccount(keyID, accountID int) error {
 	}
 	return km.AssignKeyToAccount(keyID, accountID)
 }
+func (c *cliStoreAdapter) UpdateAccountIsDirty(id int, dirty bool) error {
+	return db.UpdateAccountIsDirty(id, dirty)
+}
 func (c *cliStoreAdapter) CreateSystemKey(publicKey, privateKey string) (int, error) {
 	return db.CreateSystemKey(publicKey, privateKey)
 }
@@ -193,8 +196,17 @@ func (w *dbStoreWrapper) GetAccount(id int) (*model.Account, error) {
 func (w *dbStoreWrapper) AddAccount(username, hostname, label, tags string) (int, error) {
 	return w.inner.AddAccount(username, hostname, label, tags)
 }
-func (w *dbStoreWrapper) DeleteAccount(accountID int) error             { return w.inner.DeleteAccount(accountID) }
-func (w *dbStoreWrapper) AssignKeyToAccount(keyID, accountID int) error { return nil }
+func (w *dbStoreWrapper) DeleteAccount(accountID int) error { return w.inner.DeleteAccount(accountID) }
+func (w *dbStoreWrapper) AssignKeyToAccount(keyID, accountID int) error {
+	km := db.DefaultKeyManager()
+	if km == nil {
+		return fmt.Errorf("no key manager available")
+	}
+	return km.AssignKeyToAccount(keyID, accountID)
+}
+func (w *dbStoreWrapper) UpdateAccountIsDirty(id int, dirty bool) error {
+	return w.inner.UpdateAccountIsDirty(id, dirty)
+}
 func (w *dbStoreWrapper) CreateSystemKey(publicKey, privateKey string) (int, error) {
 	return w.inner.CreateSystemKey(publicKey, privateKey)
 }

coverage.svg

@@ -0,0 +1,79 @@
+// Copyright (c) 2025 ToeiRei
+// Keymaster - SSH key management system
+// This source code is licensed under the MIT license found in the LICENSE file.
+
+package core
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/toeirei/keymaster/internal/model"
+)
+
+func TestFilterAccounts_LocalAndSearcher(t *testing.T) {
+	accounts := []model.Account{
+		{ID: 1, Username: "alice", Hostname: "host1", Label: "dev", Tags: "team-a"},
+		{ID: 2, Username: "bob", Hostname: "host2", Label: "ops", Tags: "team-b"},
+		{ID: 3, Username: "carol", Hostname: "host3", Label: "qa", Tags: "team-a"},
+	}
+
+	// Empty query returns all
+	res := FilterAccounts(accounts, "", nil)
+	if len(res) != 3 {
+		t.Fatalf("expected 3 accounts for empty query, got %d", len(res))
+	}
+
+	// Local match: by username
+	res = FilterAccounts(accounts, "bob", nil)
+	if len(res) != 1 || res[0].Username != "bob" {
+		t.Fatalf("expected bob in local results, got %+v", res)
+	}
+
+	// Searcher provided and returns results -> should prefer searcher
+	searcher := func(q string) ([]model.Account, error) {
+		return []model.Account{{ID: 99, Username: "x"}}, nil
+	}
+	res = FilterAccounts(accounts, "nonexistent", searcher)
+	if len(res) != 1 || res[0].ID != 99 {
+		t.Fatalf("expected searcher result to be returned, got %+v", res)
+	}
+
+	// Searcher error -> fallback to local
+	searcherErr := func(q string) ([]model.Account, error) { return nil, errors.New("boom") }
+	res = FilterAccounts(accounts, "carol", searcherErr)
+	if len(res) != 1 || res[0].Username != "carol" {
+		t.Fatalf("expected local fallback on searcher error, got %+v", res)
+	}
+
+	// Searcher returns empty -> fallback to local
+	searcherEmpty := func(q string) ([]model.Account, error) { return []model.Account{}, nil }
+	res = FilterAccounts(accounts, "team-a", searcherEmpty)
+	if len(res) != 2 {
+		t.Fatalf("expected local fallback when searcher empty, got %d", len(res))
+	}
+}
+
+// Note: ContainsIgnoreCase and FilterKeys already have dedicated tests
+// in other files; keep this file focused on searcher/selection behaviors.
+
+func TestEnsureCursorInView(t *testing.T) {
+	// viewport height 5
+	h := 5
+
+	// cursor above top
+	if got := EnsureCursorInView(0, 2, h); got != 0 {
+		t.Fatalf("expected top when cursor above, got %d", got)
+	}
+
+	// cursor below bottom
+	// top=0 bottom=4, cursor=7 => expect 7-5+1 = 3
+	if got := EnsureCursorInView(7, 0, h); got != 3 {
+		t.Fatalf("expected 3 when cursor below, got %d", got)
+	}
+
+	// cursor within view -> unchanged
+	if got := EnsureCursorInView(3, 0, h); got != 0 {
+		t.Fatalf("expected unchanged yOffset 0, got %d", got)
+	}
+}

internal/core/core_test.go

@@ -0,0 +1,33 @@
+// Copyright (c) 2025 ToeiRei
+// Keymaster - SSH key management system
+// This source code is licensed under the MIT license found in the LICENSE file.
+
+package core
+
+import "github.com/toeirei/keymaster/internal/model"
+
+// DirtyAccounts returns the subset of accounts whose `IsDirty` flag is true.
+// This is a pure helper and performs no side-effects.
+func DirtyAccounts(accts []model.Account) []model.Account {
+	var out []model.Account
+	for _, a := range accts {
+		if a.IsDirty {
+			out = append(out, a)
+		}
+	}
+	return out
+}
+
+// DeployList deploys the provided accounts using the given DeployerManager.
+// It returns a slice of `DeployResult` (the core-level type) preserving the
+// order of the input accounts. Core intentionally does not clear `IsDirty` or
+// update the database; callers are responsible for persisting any desired
+// post-deploy side-effects.
+func DeployList(dm DeployerManager, accounts []model.Account) []DeployResult {
+	results := make([]DeployResult, 0, len(accounts))
+	for _, a := range accounts {
+		err := dm.DeployForAccount(a, false)
+		results = append(results, DeployResult{Account: a, Error: err})
+	}
+	return results
+}

internal/core/deploy_dirty.go

@@ -0,0 +1,34 @@
+// Copyright (c) 2025 ToeiRei
+// Keymaster - SSH key management system
+// This source code is licensed under the MIT license found in the LICENSE file.
+
+package core
+
+import (
+	"context"
+	"fmt"
+)
+
+// DeployDirtyAccounts fetches all active accounts from the store, selects
+// accounts marked `IsDirty`, deploys to each using the provided DeployerManager,
+// and clears the `is_dirty` flag for accounts that deployed successfully.
+// It returns the per-account DeployResult slice and an error if fetching
+// accounts failed.
+func DeployDirtyAccounts(ctx context.Context, st Store, dm DeployerManager, rep Reporter) ([]DeployResult, error) {
+	accounts, err := st.GetAllActiveAccounts()
+	if err != nil {
+		return nil, fmt.Errorf("get accounts: %w", err)
+	}
+
+	dirty := DirtyAccounts(accounts)
+	results := make([]DeployResult, 0, len(dirty))
+	for _, acc := range dirty {
+		err := dm.DeployForAccount(acc, false)
+		results = append(results, DeployResult{Account: acc, Error: err})
+		if err == nil {
+			// Best-effort: clear is_dirty; log/store error ignored for now
+			_ = st.UpdateAccountIsDirty(acc.ID, false)
+		}
+	}
+	return results, nil
+}

internal/core/deploy_dirty_facade.go

@@ -0,0 +1,84 @@
+// Copyright (c) 2025 ToeiRei
+// Keymaster - SSH key management system
+// This source code is licensed under the MIT license found in the LICENSE file.
+
+package core
+
+import (
+	"context"
+	"testing"
+
+	"github.com/toeirei/keymaster/internal/model"
+)
+
+type fakeStoreForDirty struct {
+	accounts []model.Account
+	cleared  []int
+}
+
+func (f *fakeStoreForDirty) GetAllActiveAccounts() ([]model.Account, error) { return f.accounts, nil }
+func (f *fakeStoreForDirty) UpdateAccountIsDirty(id int, dirty bool) error {
+	if !dirty {
+		f.cleared = append(f.cleared, id)
+	}
+	return nil
+}
+
+// implement remaining Store methods as no-ops to satisfy interface
+func (f *fakeStoreForDirty) GetAccounts() ([]model.Account, error)     { return nil, nil }
+func (f *fakeStoreForDirty) GetAllAccounts() ([]model.Account, error)  { return nil, nil }
+func (f *fakeStoreForDirty) GetAccount(id int) (*model.Account, error) { return nil, nil }
+func (f *fakeStoreForDirty) AddAccount(username, hostname, label, tags string) (int, error) {
+	return 0, nil
+}
+func (f *fakeStoreForDirty) DeleteAccount(accountID int) error                         { return nil }
+func (f *fakeStoreForDirty) AssignKeyToAccount(keyID, accountID int) error             { return nil }
+func (f *fakeStoreForDirty) CreateSystemKey(publicKey, privateKey string) (int, error) { return 0, nil }
+func (f *fakeStoreForDirty) RotateSystemKey(publicKey, privateKey string) (int, error) { return 0, nil }
+func (f *fakeStoreForDirty) GetActiveSystemKey() (*model.SystemKey, error)             { return nil, nil }
+func (f *fakeStoreForDirty) AddKnownHostKey(hostname, key string) error                { return nil }
+func (f *fakeStoreForDirty) ExportDataForBackup() (*model.BackupData, error)           { return nil, nil }
+func (f *fakeStoreForDirty) ImportDataFromBackup(*model.BackupData) error              { return nil }
+func (f *fakeStoreForDirty) IntegrateDataFromBackup(*model.BackupData) error           { return nil }
+
+type fakeDMForDirty struct{ called []int }
+
+func (f *fakeDMForDirty) DeployForAccount(account model.Account, keepFile bool) error {
+	f.called = append(f.called, account.ID)
+	return nil
+}
+func (f *fakeDMForDirty) AuditSerial(account model.Account) error { return nil }
+func (f *fakeDMForDirty) AuditStrict(account model.Account) error { return nil }
+func (f *fakeDMForDirty) DecommissionAccount(account model.Account, systemPrivateKey string, options interface{}) (DecommissionResult, error) {
+	return DecommissionResult{}, nil
+}
+func (f *fakeDMForDirty) BulkDecommissionAccounts(accounts []model.Account, systemPrivateKey string, options interface{}) ([]DecommissionResult, error) {
+	return nil, nil
+}
+func (f *fakeDMForDirty) CanonicalizeHostPort(host string) string                   { return host }
+func (f *fakeDMForDirty) ParseHostPort(host string) (string, string, error)         { return host, "22", nil }
+func (f *fakeDMForDirty) GetRemoteHostKey(host string) (string, error)              { return "", nil }
+func (f *fakeDMForDirty) FetchAuthorizedKeys(account model.Account) ([]byte, error) { return nil, nil }
+func (f *fakeDMForDirty) ImportRemoteKeys(account model.Account) ([]model.PublicKey, int, string, error) {
+	return nil, 0, "", nil
+}
+func (f *fakeDMForDirty) IsPassphraseRequired(err error) bool { return false }
+
+func TestDeployDirtyAccounts_ClearsOnSuccess(t *testing.T) {
+	st := &fakeStoreForDirty{accounts: []model.Account{{ID: 1, IsDirty: false}, {ID: 2, IsDirty: true}, {ID: 3, IsDirty: true}}}
+	dm := &fakeDMForDirty{}
+
+	res, err := DeployDirtyAccounts(context.Background(), st, dm, nil)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if len(res) != 2 {
+		t.Fatalf("expected 2 results, got %d", len(res))
+	}
+	if len(dm.called) != 2 || dm.called[0] != 2 || dm.called[1] != 3 {
+		t.Fatalf("unexpected deploy calls: %v", dm.called)
+	}
+	if len(st.cleared) != 2 {
+		t.Fatalf("expected 2 cleared flags, got %d", len(st.cleared))
+	}
+}

internal/core/deploy_dirty_facade_test.go

@@ -0,0 +1,58 @@
+// Copyright (c) 2025 ToeiRei
+// Keymaster - SSH key management system
+// This source code is licensed under the MIT license found in the LICENSE file.
+
+package core
+
+import (
+	"testing"
+
+	"github.com/toeirei/keymaster/internal/model"
+)
+
+type fakeDM struct {
+	called []int
+}
+
+func (f *fakeDM) DeployForAccount(account model.Account, keepFile bool) error {
+	f.called = append(f.called, account.ID)
+	return nil
+}
+func (f *fakeDM) AuditSerial(account model.Account) error { return nil }
+func (f *fakeDM) AuditStrict(account model.Account) error { return nil }
+func (f *fakeDM) DecommissionAccount(account model.Account, systemPrivateKey string, options interface{}) (DecommissionResult, error) {
+	return DecommissionResult{}, nil
+}
+func (f *fakeDM) BulkDecommissionAccounts(accounts []model.Account, systemPrivateKey string, options interface{}) ([]DecommissionResult, error) {
+	return nil, nil
+}
+func (f *fakeDM) CanonicalizeHostPort(host string) string                   { return host }
+func (f *fakeDM) ParseHostPort(host string) (string, string, error)         { return host, "22", nil }
+func (f *fakeDM) GetRemoteHostKey(host string) (string, error)              { return "", nil }
+func (f *fakeDM) FetchAuthorizedKeys(account model.Account) ([]byte, error) { return nil, nil }
+func (f *fakeDM) ImportRemoteKeys(account model.Account) ([]model.PublicKey, int, string, error) {
+	return nil, 0, "", nil
+}
+func (f *fakeDM) IsPassphraseRequired(err error) bool { return false }
+
+func TestDirtyAccountsAndDeployList(t *testing.T) {
+	accounts := []model.Account{
+		{ID: 1, Username: "a", Hostname: "h1", IsDirty: false},
+		{ID: 2, Username: "b", Hostname: "h2", IsDirty: true},
+		{ID: 3, Username: "c", Hostname: "h3", IsDirty: true},
+	}
+
+	dirty := DirtyAccounts(accounts)
+	if len(dirty) != 2 || dirty[0].ID != 2 || dirty[1].ID != 3 {
+		t.Fatalf("unexpected dirty accounts: %+v", dirty)
+	}
+
+	f := &fakeDM{}
+	results := DeployList(f, dirty)
+	if len(results) != 2 {
+		t.Fatalf("expected 2 results, got %d", len(results))
+	}
+	if len(f.called) != 2 || f.called[0] != 2 || f.called[1] != 3 {
+		t.Fatalf("deploy called for unexpected ids: %v", f.called)
+	}
+}

internal/core/deploy_dirty_test.go

@@ -0,0 +1,66 @@
+// Copyright (c) 2025 ToeiRei
+// Keymaster - SSH key management system
+// This source code is licensed under the MIT license found in the LICENSE file.
+
+package core
+
+import (
+	"testing"
+
+	"github.com/toeirei/keymaster/internal/db"
+	"github.com/toeirei/keymaster/internal/model"
+)
+
+type fakeGetterDeployer struct {
+	content []byte
+}
+
+func (f *fakeGetterDeployer) DeployAuthorizedKeys(content string) error { return nil }
+func (f *fakeGetterDeployer) GetAuthorizedKeys() ([]byte, error)        { return f.content, nil }
+func (f *fakeGetterDeployer) Close()                                    {}
+
+func TestBuiltinDeployerManager_FetchAuthorizedKeys(t *testing.T) {
+	if err := db.InitDB("sqlite", ":memory:"); err != nil {
+		t.Fatalf("InitDB failed: %v", err)
+	}
+	// create active system key
+	if _, err := db.CreateSystemKey("pubdata", "privdata"); err != nil {
+		t.Fatalf("CreateSystemKey failed: %v", err)
+	}
+
+	// override NewDeployerFactory to return a fake deployer
+	orig := NewDeployerFactory
+	NewDeployerFactory = func(host, user, privateKey string, passphrase []byte) (RemoteDeployer, error) {
+		return &fakeGetterDeployer{content: []byte("authorized-keys-content")}, nil
+	}
+	defer func() { NewDeployerFactory = orig }()
+
+	acct := model.Account{ID: 1, Username: "u", Hostname: "h", Serial: 0}
+	dm := builtinDeployerManager{}
+	out, err := dm.FetchAuthorizedKeys(acct)
+	if err != nil {
+		t.Fatalf("FetchAuthorizedKeys failed: %v", err)
+	}
+	if string(out) != "authorized-keys-content" {
+		t.Fatalf("unexpected content: %q", string(out))
+	}
+}
+
+func TestPerformDecommissionWithKeys_Delegates(t *testing.T) {
+	acc := model.Account{ID: 1, Username: "u"}
+	called := false
+	decomm := func(a model.Account, keep map[int]bool) (DecommissionResult, error) {
+		called = true
+		return DecommissionResult{Account: a, AccountID: a.ID, Skipped: false}, nil
+	}
+	res, err := PerformDecommissionWithKeys(acc, map[int]bool{1: true}, decomm)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !called {
+		t.Fatalf("expected decommander to be called")
+	}
+	if res.AccountID != acc.ID {
+		t.Fatalf("unexpected result account id: %d", res.AccountID)
+	}
+}