CLI Code Structure

Purpose: For contributors, provides CLI package layout, key interfaces, and module responsibilities.

Package layout

openCenter-cli/
├── cmd/                    # Cobra command definitions
│   ├── root.go             # Root command, global flags
│   ├── cluster.go          # `opencenter cluster` parent command
│   ├── cluster_init.go     # `opencenter cluster init`
│   ├── cluster_edit.go     # `opencenter cluster edit`
│   ├── cluster_validate.go # `opencenter cluster validate`
│   ├── cluster_bootstrap.go# `opencenter cluster bootstrap`
│   ├── cluster_render.go   # `opencenter cluster render`
│   ├── secrets.go          # `opencenter secrets` parent command
│   ├── secrets_sops.go     # SOPS encryption commands
│   ├── secrets_sync.go     # Secret synchronization
│   ├── version.go          # `opencenter version`
│   ├── plugins.go          # Plugin management
│   └── ...                 # Additional subcommands
├── internal/               # Private packages (not importable externally)
│   ├── ansible/            # Kubespray inventory generation
│   ├── barbican/           # OpenStack Barbican integration
│   ├── cloud/              # Cloud provider API clients
│   ├── cluster/            # Cluster lifecycle operations
│   ├── config/             # Configuration structs, loading, validation
│   ├── core/               # Shared domain types
│   ├── credentials/        # Cloud credential management
│   ├── di/                 # Dependency injection container
│   ├── gitops/             # FluxCD manifest generation
│   ├── observability/      # Metrics and logging instrumentation
│   ├── operations/         # Drift detection, backup management
│   ├── plugins/            # Plugin system
│   ├── provision/          # Infrastructure provisioning per provider
│   ├── resilience/         # Retry, circuit breaker, lock manager
│   ├── secrets/            # SOPS key management, encryption
│   ├── security/           # Input validation, credential masking, audit
│   ├── services/           # Platform service catalog and configuration
│   ├── sops/               # SOPS Age key lifecycle
│   ├── template/           # Go template rendering engine
│   ├── testing/            # Test helpers and fixtures
│   ├── testutil/           # Additional test utilities
│   ├── tofu/               # OpenTofu/Terraform generation
│   ├── ui/                 # Charmbracelet TUI components
│   └── util/               # Shared utility functions
├── schema/                 # Generated JSON schemas
├── tests/features/         # BDD feature files (Gherkin)
├── bin/                    # Build output
├── go.mod                  # Go module (go 1.25.2)
└── .mise.toml              # Task runner configuration

Key packages

`cmd/` — Command layer

Each file in cmd/ defines one Cobra command. Commands are thin: they parse flags, call into internal/ packages, and format output. Business logic does not live here.

The naming convention is cluster_<action>.go for cluster subcommands and secrets_<action>.go for secrets subcommands.

`internal/config/` — Configuration

Defines the ClusterConfig struct and all nested types. Uses yaml struct tags for serialization and validate struct tags (go-playground/validator) for validation. Handles config loading, merging, and migration between schema versions.

`internal/di/` — Dependency injection

Wires together all internal packages. Commands resolve dependencies from the DI container rather than constructing them directly. This makes testing easier — tests can swap real implementations for fakes.

`internal/template/` — Template engine

Renders Go templates with Sprig functions. Templates in provider packages produce Terraform files, Kubespray inventories, and FluxCD manifests. The template engine includes a sandbox that restricts dangerous operations.

`internal/provision/` — Provider implementations

Each subdirectory implements infrastructure provisioning for a specific cloud provider (OpenStack, VMware, AWS, Kind). Providers generate Terraform configurations and Kubespray inventories from the cluster config.

`internal/ui/` — Terminal UI

Uses Charmbracelet libraries (bubbletea, bubbles, lipgloss) for interactive prompts, selection lists, and progress indicators. The cluster edit command uses this for the interactive configuration editor.

`internal/security/` — Security components

Input validation, command sanitization, credential masking, and audit logging. These run at boundaries (CLI input, shell execution, log output) to prevent injection and credential leakage.

Key dependencies

Package	Purpose
`spf13/cobra`	CLI framework
`go-playground/validator/v10`	Struct validation
`Masterminds/sprig/v3`	Template functions
`charmbracelet/bubbletea`	Terminal UI framework
`gophercloud/gophercloud`	OpenStack API client
`filippo.io/age`	Age encryption for SOPS
`invopop/jsonschema`	JSON Schema generation from Go structs
`cucumber/godog`	BDD test framework
`leanovate/gopter`	Property-based testing
`sirupsen/logrus`	Structured logging

Package layout​

Key packages​

cmd/ — Command layer​

internal/config/ — Configuration​

internal/di/ — Dependency injection​

internal/template/ — Template engine​

internal/provision/ — Provider implementations​

internal/ui/ — Terminal UI​

internal/security/ — Security components​

Key dependencies​