feat(ctl): edgeguard-ctl migrate + initdb wired into postinst

migrate up|down|check|dump (1:1 nmg-ctl-Pattern, ruft internal/database Migrate/MigrateDown/ValidateMigrations/CopyEmbeddedMigrationsTo). initdb prüft pg_roles/pg_database und legt Role + DB idempotent via sudo -u postgres psql an, mit Identifier-Whitelist gegen Injection. postinst wirt die drei Schritte vor systemd-enable: migrate check (Pre-Flight ohne DB), initdb, migrate up (als edgeguard-User via Socket-Peer-Auth). cluster-join/promote/dump-config bleiben explizit Phase-3-Stubs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 08:18:55 +02:00
parent b307a7b1f7
commit 106ef95f6d
4 changed files with 268 additions and 13 deletions
--- a/cmd/edgeguard-ctl/migrate.go
+++ b/cmd/edgeguard-ctl/migrate.go
@@ -0,0 +1,63 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"time"
+
+	"git.netcell-it.de/projekte/edgeguard-native/internal/database"
+)
+
+// cmdMigrate fans out to the subcommand handlers. `check` is offline
+// (filename validation against the embedded FS) and is the safe
+// pre-flight call from postinst — it catches duplicate version
+// prefixes before the DB ever gets touched.
+func cmdMigrate(args []string) int {
+	if len(args) == 0 {
+		fmt.Fprintln(os.Stderr, "Usage: edgeguard-ctl migrate up|down|check|dump [dir]")
+		return 2
+	}
+	if args[0] == "check" {
+		if err := database.ValidateMigrations(); err != nil {
+			fmt.Fprintln(os.Stderr, "migrate check:", err)
+			return 1
+		}
+		fmt.Println("embedded migrations OK")
+		return 0
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	switch args[0] {
+	case "up":
+		if err := database.Migrate(ctx, ""); err != nil {
+			fmt.Fprintln(os.Stderr, "migrate up:", err)
+			return 1
+		}
+		fmt.Println("migrations applied")
+		return 0
+	case "down":
+		if err := database.MigrateDown(ctx, ""); err != nil {
+			fmt.Fprintln(os.Stderr, "migrate down:", err)
+			return 1
+		}
+		fmt.Println("one migration rolled back")
+		return 0
+	case "dump":
+		dst := "./migrations"
+		if len(args) >= 2 {
+			dst = args[1]
+		}
+		if err := database.CopyEmbeddedMigrationsTo(dst); err != nil {
+			fmt.Fprintln(os.Stderr, "migrate dump:", err)
+			return 1
+		}
+		fmt.Println("embedded migrations written to", dst)
+		return 0
+	default:
+		fmt.Fprintln(os.Stderr, "Usage: edgeguard-ctl migrate up|down|check|dump [dir]")
+		return 2
+	}
+}