From ca5b5f3a7e05609bdc949ca52c048ee175b980e4 Mon Sep 17 00:00:00 2001
From: Simone Gotti <simone.gotti@gmail.com>
Date: Fri, 3 May 2019 23:35:25 +0200
Subject: [PATCH] configstore: rename command(handler) to action(handler)

Since we're going to migrate all actions (also queries that now are implemented
in the api handlers) there
---
 .../{command/command.go => action/action.go}  |   8 +-
 .../configstore/{command => action}/org.go    |  24 ++---
 .../{command => action}/project.go            |  30 +++---
 .../{command => action}/projectgroup.go       |  16 +--
 .../{command => action}/remotesource.go       |  22 ++--
 .../configstore/{command => action}/secret.go |  26 ++---
 .../configstore/{command => action}/user.go   | 102 +++++++++---------
 .../{command => action}/variable.go           |  26 ++---
 internal/services/configstore/api/org.go      |  18 ++--
 internal/services/configstore/api/project.go  |  18 ++--
 .../services/configstore/api/projectgroup.go  |  10 +-
 .../services/configstore/api/remotesource.go  |  18 ++--
 internal/services/configstore/api/secret.go   |  18 ++--
 internal/services/configstore/api/user.go     |  86 +++++++--------
 internal/services/configstore/api/variable.go |  18 ++--
 internal/services/configstore/configstore.go  |  48 ++++-----
 .../services/configstore/configstore_test.go  |  60 +++++------
 17 files changed, 274 insertions(+), 274 deletions(-)
 rename internal/services/configstore/{command/command.go => action/action.go} (82%)
 rename internal/services/configstore/{command => action}/org.go (86%)
 rename internal/services/configstore/{command => action}/project.go (86%)
 rename internal/services/configstore/{command => action}/projectgroup.go (85%)
 rename internal/services/configstore/{command => action}/remotesource.go (86%)
 rename internal/services/configstore/{command => action}/secret.go (82%)
 rename internal/services/configstore/{command => action}/user.go (83%)
 rename internal/services/configstore/{command => action}/variable.go (81%)

diff --git a/internal/services/configstore/command/command.go b/internal/services/configstore/action/action.go
similarity index 82%
rename from internal/services/configstore/command/command.go
rename to internal/services/configstore/action/action.go
index 9ebfaf6..834834b 100644
--- a/internal/services/configstore/command/command.go
+++ b/internal/services/configstore/action/action.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"github.com/sorintlab/agola/internal/datamanager"
@@ -21,14 +21,14 @@ import (
 	"go.uber.org/zap"
 )
 
-type CommandHandler struct {
+type ActionHandler struct {
 	log    *zap.SugaredLogger
 	readDB *readdb.ReadDB
 	dm     *datamanager.DataManager
 }
 
-func NewCommandHandler(logger *zap.Logger, readDB *readdb.ReadDB, dm *datamanager.DataManager) *CommandHandler {
-	return &CommandHandler{
+func NewActionHandler(logger *zap.Logger, readDB *readdb.ReadDB, dm *datamanager.DataManager) *ActionHandler {
+	return &ActionHandler{
 		log:    logger.Sugar(),
 		readDB: readDB,
 		dm:     dm,
diff --git a/internal/services/configstore/command/org.go b/internal/services/configstore/action/org.go
similarity index 86%
rename from internal/services/configstore/command/org.go
rename to internal/services/configstore/action/org.go
index c555661..f51528e 100644
--- a/internal/services/configstore/command/org.go
+++ b/internal/services/configstore/action/org.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"context"
@@ -28,7 +28,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 
-func (s *CommandHandler) CreateOrg(ctx context.Context, org *types.Organization) (*types.Organization, error) {
+func (h *ActionHandler) CreateOrg(ctx context.Context, org *types.Organization) (*types.Organization, error) {
 	if org.Name == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("organization name required"))
 	}
@@ -41,15 +41,15 @@ func (s *CommandHandler) CreateOrg(ctx context.Context, org *types.Organization)
 	cgNames := []string{util.EncodeSha256Hex("orgname-" + org.Name)}
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
 		// check duplicate org name
-		u, err := s.readDB.GetOrgByName(tx, org.Name)
+		u, err := h.readDB.GetOrgByName(tx, org.Name)
 		if err != nil {
 			return err
 		}
@@ -58,7 +58,7 @@ func (s *CommandHandler) CreateOrg(ctx context.Context, org *types.Organization)
 		}
 
 		if org.CreatorUserID != "" {
-			user, err := s.readDB.GetUser(tx, org.CreatorUserID)
+			user, err := h.readDB.GetUser(tx, org.CreatorUserID)
 			if err != nil {
 				return err
 			}
@@ -126,20 +126,20 @@ func (s *CommandHandler) CreateOrg(ctx context.Context, org *types.Organization)
 		Data:       pgj,
 	})
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return org, err
 }
 
-func (s *CommandHandler) DeleteOrg(ctx context.Context, orgRef string) error {
+func (h *ActionHandler) DeleteOrg(ctx context.Context, orgRef string) error {
 	var org *types.Organization
 	var projects []*types.Project
 
 	var cgt *datamanager.ChangeGroupsUpdateToken
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
 		// check org existance
-		org, err = s.readDB.GetOrgByName(tx, orgRef)
+		org, err = h.readDB.GetOrgByName(tx, orgRef)
 		if err != nil {
 			return err
 		}
@@ -149,7 +149,7 @@ func (s *CommandHandler) DeleteOrg(ctx context.Context, orgRef string) error {
 
 		// changegroup is the org id
 		cgNames := []string{util.EncodeSha256Hex("orgid-" + org.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -177,6 +177,6 @@ func (s *CommandHandler) DeleteOrg(ctx context.Context, orgRef string) error {
 		})
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
diff --git a/internal/services/configstore/command/project.go b/internal/services/configstore/action/project.go
similarity index 86%
rename from internal/services/configstore/command/project.go
rename to internal/services/configstore/action/project.go
index 628aabe..1efba56 100644
--- a/internal/services/configstore/command/project.go
+++ b/internal/services/configstore/action/project.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"context"
@@ -28,7 +28,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 
-func (s *CommandHandler) CreateProject(ctx context.Context, project *types.Project) (*types.Project, error) {
+func (h *ActionHandler) CreateProject(ctx context.Context, project *types.Project) (*types.Project, error) {
 	if project.Name == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("project name required"))
 	}
@@ -65,9 +65,9 @@ func (s *CommandHandler) CreateProject(ctx context.Context, project *types.Proje
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		group, err := s.readDB.GetProjectGroup(tx, project.Parent.ID)
+		group, err := h.readDB.GetProjectGroup(tx, project.Parent.ID)
 		if err != nil {
 			return err
 		}
@@ -76,7 +76,7 @@ func (s *CommandHandler) CreateProject(ctx context.Context, project *types.Proje
 		}
 		project.Parent.ID = group.ID
 
-		groupPath, err := s.readDB.GetProjectGroupPath(tx, group)
+		groupPath, err := h.readDB.GetProjectGroupPath(tx, group)
 		if err != nil {
 			return err
 		}
@@ -85,13 +85,13 @@ func (s *CommandHandler) CreateProject(ctx context.Context, project *types.Proje
 		// changegroup is the project path. Use "projectpath" prefix as it must
 		// cover both projects and projectgroups
 		cgNames := []string{util.EncodeSha256Hex("projectpath-" + pp)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
 		// check duplicate project name
-		p, err := s.readDB.GetProjectByName(tx, project.Parent.ID, project.Name)
+		p, err := h.readDB.GetProjectByName(tx, project.Parent.ID, project.Name)
 		if err != nil {
 			return err
 		}
@@ -99,7 +99,7 @@ func (s *CommandHandler) CreateProject(ctx context.Context, project *types.Proje
 			return util.NewErrBadRequest(errors.Errorf("project with name %q, path %q already exists", p.Name, pp))
 		}
 		// check duplicate project group name
-		pg, err := s.readDB.GetProjectGroupByName(tx, project.Parent.ID, project.Name)
+		pg, err := h.readDB.GetProjectGroupByName(tx, project.Parent.ID, project.Name)
 		if err != nil {
 			return err
 		}
@@ -109,7 +109,7 @@ func (s *CommandHandler) CreateProject(ctx context.Context, project *types.Proje
 
 		if project.RemoteRepositoryConfigType == types.RemoteRepositoryConfigTypeRemoteSource {
 			// check that the linked account matches the remote source
-			user, err := s.readDB.GetUserByLinkedAccount(tx, project.LinkedAccountID)
+			user, err := h.readDB.GetUserByLinkedAccount(tx, project.LinkedAccountID)
 			if err != nil {
 				return errors.Wrapf(err, "failed to get user with linked account id %q", project.LinkedAccountID)
 			}
@@ -147,21 +147,21 @@ func (s *CommandHandler) CreateProject(ctx context.Context, project *types.Proje
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return project, err
 }
 
-func (s *CommandHandler) DeleteProject(ctx context.Context, projectRef string) error {
+func (h *ActionHandler) DeleteProject(ctx context.Context, projectRef string) error {
 	var project *types.Project
 
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
 
 		// check project existance
-		project, err = s.readDB.GetProject(tx, projectRef)
+		project, err = h.readDB.GetProject(tx, projectRef)
 		if err != nil {
 			return err
 		}
@@ -171,7 +171,7 @@ func (s *CommandHandler) DeleteProject(ctx context.Context, projectRef string) e
 
 		// changegroup is the project id.
 		cgNames := []string{util.EncodeSha256Hex(project.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -191,6 +191,6 @@ func (s *CommandHandler) DeleteProject(ctx context.Context, projectRef string) e
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
diff --git a/internal/services/configstore/command/projectgroup.go b/internal/services/configstore/action/projectgroup.go
similarity index 85%
rename from internal/services/configstore/command/projectgroup.go
rename to internal/services/configstore/action/projectgroup.go
index d3113bc..06be5bc 100644
--- a/internal/services/configstore/command/projectgroup.go
+++ b/internal/services/configstore/action/projectgroup.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"context"
@@ -28,7 +28,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 
-func (s *CommandHandler) CreateProjectGroup(ctx context.Context, projectGroup *types.ProjectGroup) (*types.ProjectGroup, error) {
+func (h *ActionHandler) CreateProjectGroup(ctx context.Context, projectGroup *types.ProjectGroup) (*types.ProjectGroup, error) {
 	if projectGroup.Name == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("project group name required"))
 	}
@@ -45,8 +45,8 @@ func (s *CommandHandler) CreateProjectGroup(ctx context.Context, projectGroup *t
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
-		parentProjectGroup, err := s.readDB.GetProjectGroup(tx, projectGroup.Parent.ID)
+	err := h.readDB.Do(func(tx *db.Tx) error {
+		parentProjectGroup, err := h.readDB.GetProjectGroup(tx, projectGroup.Parent.ID)
 		if err != nil {
 			return err
 		}
@@ -55,7 +55,7 @@ func (s *CommandHandler) CreateProjectGroup(ctx context.Context, projectGroup *t
 		}
 		projectGroup.Parent.ID = parentProjectGroup.ID
 
-		groupPath, err := s.readDB.GetProjectGroupPath(tx, parentProjectGroup)
+		groupPath, err := h.readDB.GetProjectGroupPath(tx, parentProjectGroup)
 		if err != nil {
 			return err
 		}
@@ -64,13 +64,13 @@ func (s *CommandHandler) CreateProjectGroup(ctx context.Context, projectGroup *t
 		// changegroup is the projectgroup path. Use "projectpath" prefix as it must
 		// cover both projects and projectgroups
 		cgNames := []string{util.EncodeSha256Hex("projectpath-" + pp)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
 		// check duplicate project group name
-		pg, err := s.readDB.GetProjectGroupByName(tx, projectGroup.Parent.ID, projectGroup.Name)
+		pg, err := h.readDB.GetProjectGroupByName(tx, projectGroup.Parent.ID, projectGroup.Name)
 		if err != nil {
 			return err
 		}
@@ -99,6 +99,6 @@ func (s *CommandHandler) CreateProjectGroup(ctx context.Context, projectGroup *t
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return projectGroup, err
 }
diff --git a/internal/services/configstore/command/remotesource.go b/internal/services/configstore/action/remotesource.go
similarity index 86%
rename from internal/services/configstore/command/remotesource.go
rename to internal/services/configstore/action/remotesource.go
index 8e4eda1..5490bdf 100644
--- a/internal/services/configstore/command/remotesource.go
+++ b/internal/services/configstore/action/remotesource.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"context"
@@ -27,7 +27,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 
-func (s *CommandHandler) CreateRemoteSource(ctx context.Context, remoteSource *types.RemoteSource) (*types.RemoteSource, error) {
+func (h *ActionHandler) CreateRemoteSource(ctx context.Context, remoteSource *types.RemoteSource) (*types.RemoteSource, error) {
 	if remoteSource.Name == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("remotesource name required"))
 	}
@@ -66,15 +66,15 @@ func (s *CommandHandler) CreateRemoteSource(ctx context.Context, remoteSource *t
 	cgNames := []string{util.EncodeSha256Hex("remotesourcename-" + remoteSource.Name)}
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
 		// check duplicate remoteSource name
-		u, err := s.readDB.GetRemoteSourceByName(tx, remoteSource.Name)
+		u, err := h.readDB.GetRemoteSourceByName(tx, remoteSource.Name)
 		if err != nil {
 			return err
 		}
@@ -102,11 +102,11 @@ func (s *CommandHandler) CreateRemoteSource(ctx context.Context, remoteSource *t
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return remoteSource, err
 }
 
-func (s *CommandHandler) DeleteRemoteSource(ctx context.Context, remoteSourceName string) error {
+func (h *ActionHandler) DeleteRemoteSource(ctx context.Context, remoteSourceName string) error {
 	var remoteSource *types.RemoteSource
 
 	var cgt *datamanager.ChangeGroupsUpdateToken
@@ -115,15 +115,15 @@ func (s *CommandHandler) DeleteRemoteSource(ctx context.Context, remoteSourceNam
 	cgNames := []string{util.EncodeSha256Hex("remotesourceid-" + remoteSource.ID)}
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
 		// check remoteSource existance
-		remoteSource, err = s.readDB.GetRemoteSourceByName(tx, remoteSourceName)
+		remoteSource, err = h.readDB.GetRemoteSourceByName(tx, remoteSourceName)
 		if err != nil {
 			return err
 		}
@@ -145,6 +145,6 @@ func (s *CommandHandler) DeleteRemoteSource(ctx context.Context, remoteSourceNam
 	}
 
 	// changegroup is all the remote sources
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
diff --git a/internal/services/configstore/command/secret.go b/internal/services/configstore/action/secret.go
similarity index 82%
rename from internal/services/configstore/command/secret.go
rename to internal/services/configstore/action/secret.go
index e3555bd..d23d60a 100644
--- a/internal/services/configstore/command/secret.go
+++ b/internal/services/configstore/action/secret.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"context"
@@ -27,7 +27,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 
-func (s *CommandHandler) CreateSecret(ctx context.Context, secret *types.Secret) (*types.Secret, error) {
+func (h *ActionHandler) CreateSecret(ctx context.Context, secret *types.Secret) (*types.Secret, error) {
 	if secret.Name == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("secret name required"))
 	}
@@ -58,21 +58,21 @@ func (s *CommandHandler) CreateSecret(ctx context.Context, secret *types.Secret)
 	cgNames := []string{util.EncodeSha256Hex("secretname-" + secret.Name)}
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
-		parentID, err := s.readDB.ResolveConfigID(tx, secret.Parent.Type, secret.Parent.ID)
+		parentID, err := h.readDB.ResolveConfigID(tx, secret.Parent.Type, secret.Parent.ID)
 		if err != nil {
 			return err
 		}
 		secret.Parent.ID = parentID
 
 		// check duplicate secret name
-		s, err := s.readDB.GetSecretByName(tx, secret.Parent.ID, secret.Name)
+		s, err := h.readDB.GetSecretByName(tx, secret.Parent.ID, secret.Name)
 		if err != nil {
 			return err
 		}
@@ -101,25 +101,25 @@ func (s *CommandHandler) CreateSecret(ctx context.Context, secret *types.Secret)
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return secret, err
 }
 
-func (s *CommandHandler) DeleteSecret(ctx context.Context, parentType types.ConfigType, parentRef, secretName string) error {
+func (h *ActionHandler) DeleteSecret(ctx context.Context, parentType types.ConfigType, parentRef, secretName string) error {
 	var secret *types.Secret
 
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		parentID, err := s.readDB.ResolveConfigID(tx, parentType, parentRef)
+		parentID, err := h.readDB.ResolveConfigID(tx, parentType, parentRef)
 		if err != nil {
 			return err
 		}
 
 		// check secret existance
-		secret, err = s.readDB.GetSecretByName(tx, parentID, secretName)
+		secret, err = h.readDB.GetSecretByName(tx, parentID, secretName)
 		if err != nil {
 			return err
 		}
@@ -129,7 +129,7 @@ func (s *CommandHandler) DeleteSecret(ctx context.Context, parentType types.Conf
 
 		// changegroup is the secret id
 		cgNames := []string{util.EncodeSha256Hex("secretid-" + secret.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -148,6 +148,6 @@ func (s *CommandHandler) DeleteSecret(ctx context.Context, parentType types.Conf
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
diff --git a/internal/services/configstore/command/user.go b/internal/services/configstore/action/user.go
similarity index 83%
rename from internal/services/configstore/command/user.go
rename to internal/services/configstore/action/user.go
index e50d359..dc030cb 100644
--- a/internal/services/configstore/command/user.go
+++ b/internal/services/configstore/action/user.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"context"
@@ -35,7 +35,7 @@ type CreateUserRequest struct {
 	CreateUserLARequest *CreateUserLARequest
 }
 
-func (s *CommandHandler) CreateUser(ctx context.Context, req *CreateUserRequest) (*types.User, error) {
+func (h *ActionHandler) CreateUser(ctx context.Context, req *CreateUserRequest) (*types.User, error) {
 	if req.UserName == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("user name required"))
 	}
@@ -50,15 +50,15 @@ func (s *CommandHandler) CreateUser(ctx context.Context, req *CreateUserRequest)
 	var rs *types.RemoteSource
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
 		// check duplicate user name
-		u, err := s.readDB.GetUserByName(tx, req.UserName)
+		u, err := h.readDB.GetUserByName(tx, req.UserName)
 		if err != nil {
 			return err
 		}
@@ -67,14 +67,14 @@ func (s *CommandHandler) CreateUser(ctx context.Context, req *CreateUserRequest)
 		}
 
 		if req.CreateUserLARequest != nil {
-			rs, err = s.readDB.GetRemoteSourceByName(tx, req.CreateUserLARequest.RemoteSourceName)
+			rs, err = h.readDB.GetRemoteSourceByName(tx, req.CreateUserLARequest.RemoteSourceName)
 			if err != nil {
 				return err
 			}
 			if rs == nil {
 				return util.NewErrBadRequest(errors.Errorf("remote source %q doesn't exist", req.CreateUserLARequest.RemoteSourceName))
 			}
-			user, err := s.readDB.GetUserByLinkedAccountRemoteUserIDandSource(tx, req.CreateUserLARequest.RemoteUserID, rs.ID)
+			user, err := h.readDB.GetUserByLinkedAccountRemoteUserIDandSource(tx, req.CreateUserLARequest.RemoteUserID, rs.ID)
 			if err != nil {
 				return errors.Wrapf(err, "failed to get user for remote user id %q and remote source %q", req.CreateUserLARequest.RemoteUserID, rs.ID)
 			}
@@ -143,20 +143,20 @@ func (s *CommandHandler) CreateUser(ctx context.Context, req *CreateUserRequest)
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return user, err
 }
 
-func (s *CommandHandler) DeleteUser(ctx context.Context, userRef string) error {
+func (h *ActionHandler) DeleteUser(ctx context.Context, userRef string) error {
 	var user *types.User
 
 	var cgt *datamanager.ChangeGroupsUpdateToken
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
 
 		// check user existance
-		user, err = s.readDB.GetUser(tx, userRef)
+		user, err = h.readDB.GetUser(tx, userRef)
 		if err != nil {
 			return err
 		}
@@ -166,7 +166,7 @@ func (s *CommandHandler) DeleteUser(ctx context.Context, userRef string) error {
 
 		// changegroup is the userid
 		cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -185,7 +185,7 @@ func (s *CommandHandler) DeleteUser(ctx context.Context, userRef string) error {
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
 
@@ -195,16 +195,16 @@ type UpdateUserRequest struct {
 	UserName string
 }
 
-func (s *CommandHandler) UpdateUser(ctx context.Context, req *UpdateUserRequest) (*types.User, error) {
+func (h *ActionHandler) UpdateUser(ctx context.Context, req *UpdateUserRequest) (*types.User, error) {
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	cgNames := []string{}
 	var user *types.User
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		user, err = s.readDB.GetUser(tx, req.UserRef)
+		user, err = h.readDB.GetUser(tx, req.UserRef)
 		if err != nil {
 			return err
 		}
@@ -212,14 +212,14 @@ func (s *CommandHandler) UpdateUser(ctx context.Context, req *UpdateUserRequest)
 			return util.NewErrBadRequest(errors.Errorf("user %q doesn't exist", req.UserRef))
 		}
 
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
 		if req.UserName != "" {
 			// check duplicate user name
-			u, err := s.readDB.GetUserByName(tx, req.UserName)
+			u, err := h.readDB.GetUserByName(tx, req.UserName)
 			if err != nil {
 				return err
 			}
@@ -255,7 +255,7 @@ func (s *CommandHandler) UpdateUser(ctx context.Context, req *UpdateUserRequest)
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return user, err
 }
 
@@ -271,7 +271,7 @@ type CreateUserLARequest struct {
 	Oauth2AccessTokenExpiresAt time.Time
 }
 
-func (s *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequest) (*types.LinkedAccount, error) {
+func (h *ActionHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequest) (*types.LinkedAccount, error) {
 	if req.UserRef == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("user ref required"))
 	}
@@ -285,9 +285,9 @@ func (s *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		user, err = s.readDB.GetUser(tx, req.UserRef)
+		user, err = h.readDB.GetUser(tx, req.UserRef)
 		if err != nil {
 			return err
 		}
@@ -297,12 +297,12 @@ func (s *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
 
 		// changegroup is the userid
 		cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
-		rs, err = s.readDB.GetRemoteSourceByName(tx, req.RemoteSourceName)
+		rs, err = h.readDB.GetRemoteSourceByName(tx, req.RemoteSourceName)
 		if err != nil {
 			return err
 		}
@@ -310,7 +310,7 @@ func (s *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
 			return util.NewErrBadRequest(errors.Errorf("remote source %q doesn't exist", req.RemoteSourceName))
 		}
 
-		user, err := s.readDB.GetUserByLinkedAccountRemoteUserIDandSource(tx, req.RemoteUserID, rs.ID)
+		user, err := h.readDB.GetUserByLinkedAccountRemoteUserIDandSource(tx, req.RemoteUserID, rs.ID)
 		if err != nil {
 			return errors.Wrapf(err, "failed to get user for remote user id %q and remote source %q", req.RemoteUserID, rs.ID)
 		}
@@ -353,11 +353,11 @@ func (s *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return la, err
 }
 
-func (s *CommandHandler) DeleteUserLA(ctx context.Context, userRef, laID string) error {
+func (h *ActionHandler) DeleteUserLA(ctx context.Context, userRef, laID string) error {
 	if userRef == "" {
 		return util.NewErrBadRequest(errors.Errorf("user ref  required"))
 	}
@@ -370,9 +370,9 @@ func (s *CommandHandler) DeleteUserLA(ctx context.Context, userRef, laID string)
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		user, err = s.readDB.GetUser(tx, userRef)
+		user, err = h.readDB.GetUser(tx, userRef)
 		if err != nil {
 			return err
 		}
@@ -382,7 +382,7 @@ func (s *CommandHandler) DeleteUserLA(ctx context.Context, userRef, laID string)
 
 		// changegroup is the userid
 		cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -413,7 +413,7 @@ func (s *CommandHandler) DeleteUserLA(ctx context.Context, userRef, laID string)
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
 
@@ -429,7 +429,7 @@ type UpdateUserLARequest struct {
 	Oauth2AccessTokenExpiresAt time.Time
 }
 
-func (s *CommandHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequest) (*types.LinkedAccount, error) {
+func (h *ActionHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequest) (*types.LinkedAccount, error) {
 	if req.UserRef == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("user ref required"))
 	}
@@ -440,9 +440,9 @@ func (s *CommandHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequ
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		user, err = s.readDB.GetUser(tx, req.UserRef)
+		user, err = h.readDB.GetUser(tx, req.UserRef)
 		if err != nil {
 			return err
 		}
@@ -452,7 +452,7 @@ func (s *CommandHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequ
 
 		// changegroup is the userid
 		cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -462,7 +462,7 @@ func (s *CommandHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequ
 			return util.NewErrBadRequest(errors.Errorf("linked account id %q for user %q doesn't exist", req.LinkedAccountID, user.Name))
 		}
 
-		rs, err = s.readDB.GetRemoteSource(tx, la.RemoteSourceID)
+		rs, err = h.readDB.GetRemoteSource(tx, la.RemoteSourceID)
 		if err != nil {
 			return err
 		}
@@ -497,11 +497,11 @@ func (s *CommandHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequ
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return la, err
 }
 
-func (s *CommandHandler) CreateUserToken(ctx context.Context, userRef, tokenName string) (string, error) {
+func (h *ActionHandler) CreateUserToken(ctx context.Context, userRef, tokenName string) (string, error) {
 	if userRef == "" {
 		return "", util.NewErrBadRequest(errors.Errorf("user ref required"))
 	}
@@ -514,9 +514,9 @@ func (s *CommandHandler) CreateUserToken(ctx context.Context, userRef, tokenName
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		user, err = s.readDB.GetUser(tx, userRef)
+		user, err = h.readDB.GetUser(tx, userRef)
 		if err != nil {
 			return err
 		}
@@ -526,7 +526,7 @@ func (s *CommandHandler) CreateUserToken(ctx context.Context, userRef, tokenName
 
 		// changegroup is the userid
 		cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -562,11 +562,11 @@ func (s *CommandHandler) CreateUserToken(ctx context.Context, userRef, tokenName
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return token, err
 }
 
-func (s *CommandHandler) DeleteUserToken(ctx context.Context, userRef, tokenName string) error {
+func (h *ActionHandler) DeleteUserToken(ctx context.Context, userRef, tokenName string) error {
 	if userRef == "" {
 		return util.NewErrBadRequest(errors.Errorf("user ref required"))
 	}
@@ -579,9 +579,9 @@ func (s *CommandHandler) DeleteUserToken(ctx context.Context, userRef, tokenName
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		user, err = s.readDB.GetUser(tx, userRef)
+		user, err = h.readDB.GetUser(tx, userRef)
 		if err != nil {
 			return err
 		}
@@ -591,7 +591,7 @@ func (s *CommandHandler) DeleteUserToken(ctx context.Context, userRef, tokenName
 
 		// changegroup is the userid
 		cgNames := []string{util.EncodeSha256Hex("userid-" + user.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -622,7 +622,7 @@ func (s *CommandHandler) DeleteUserToken(ctx context.Context, userRef, tokenName
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
 
@@ -638,11 +638,11 @@ func userOrgsResponse(userOrg *readdb.UserOrg) *UserOrgsResponse {
 	}
 }
 
-func (s *CommandHandler) GetUserOrgs(ctx context.Context, userRef string) ([]*UserOrgsResponse, error) {
+func (h *ActionHandler) GetUserOrgs(ctx context.Context, userRef string) ([]*UserOrgsResponse, error) {
 	var userOrgs []*readdb.UserOrg
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		user, err := s.readDB.GetUser(tx, userRef)
+		user, err := h.readDB.GetUser(tx, userRef)
 		if err != nil {
 			return err
 		}
@@ -650,7 +650,7 @@ func (s *CommandHandler) GetUserOrgs(ctx context.Context, userRef string) ([]*Us
 			return util.NewErrNotFound(errors.Errorf("user %q doesn't exist", userRef))
 		}
 
-		userOrgs, err = s.readDB.GetUserOrgs(tx, user.ID)
+		userOrgs, err = h.readDB.GetUserOrgs(tx, user.ID)
 		return err
 	})
 	if err != nil {
diff --git a/internal/services/configstore/command/variable.go b/internal/services/configstore/action/variable.go
similarity index 81%
rename from internal/services/configstore/command/variable.go
rename to internal/services/configstore/action/variable.go
index 1091669..18e6883 100644
--- a/internal/services/configstore/command/variable.go
+++ b/internal/services/configstore/action/variable.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package command
+package action
 
 import (
 	"context"
@@ -27,7 +27,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 
-func (s *CommandHandler) CreateVariable(ctx context.Context, variable *types.Variable) (*types.Variable, error) {
+func (h *ActionHandler) CreateVariable(ctx context.Context, variable *types.Variable) (*types.Variable, error) {
 	if variable.Name == "" {
 		return nil, util.NewErrBadRequest(errors.Errorf("variable name required"))
 	}
@@ -52,21 +52,21 @@ func (s *CommandHandler) CreateVariable(ctx context.Context, variable *types.Var
 	cgNames := []string{util.EncodeSha256Hex("variablename-" + variable.Name)}
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
 
-		parentID, err := s.readDB.ResolveConfigID(tx, variable.Parent.Type, variable.Parent.ID)
+		parentID, err := h.readDB.ResolveConfigID(tx, variable.Parent.Type, variable.Parent.ID)
 		if err != nil {
 			return err
 		}
 		variable.Parent.ID = parentID
 
 		// check duplicate variable name
-		s, err := s.readDB.GetVariableByName(tx, variable.Parent.ID, variable.Name)
+		s, err := h.readDB.GetVariableByName(tx, variable.Parent.ID, variable.Name)
 		if err != nil {
 			return err
 		}
@@ -95,25 +95,25 @@ func (s *CommandHandler) CreateVariable(ctx context.Context, variable *types.Var
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return variable, err
 }
 
-func (s *CommandHandler) DeleteVariable(ctx context.Context, parentType types.ConfigType, parentRef, variableName string) error {
+func (h *ActionHandler) DeleteVariable(ctx context.Context, parentType types.ConfigType, parentRef, variableName string) error {
 	var variable *types.Variable
 
 	var cgt *datamanager.ChangeGroupsUpdateToken
 
 	// must do all the checks in a single transaction to avoid concurrent changes
-	err := s.readDB.Do(func(tx *db.Tx) error {
+	err := h.readDB.Do(func(tx *db.Tx) error {
 		var err error
-		parentID, err := s.readDB.ResolveConfigID(tx, parentType, parentRef)
+		parentID, err := h.readDB.ResolveConfigID(tx, parentType, parentRef)
 		if err != nil {
 			return err
 		}
 
 		// check variable existance
-		variable, err = s.readDB.GetVariableByName(tx, parentID, variableName)
+		variable, err = h.readDB.GetVariableByName(tx, parentID, variableName)
 		if err != nil {
 			return err
 		}
@@ -123,7 +123,7 @@ func (s *CommandHandler) DeleteVariable(ctx context.Context, parentType types.Co
 
 		// changegroup is the variable id
 		cgNames := []string{util.EncodeSha256Hex("variableid-" + variable.ID)}
-		cgt, err = s.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
+		cgt, err = h.readDB.GetChangeGroupsUpdateTokens(tx, cgNames)
 		if err != nil {
 			return err
 		}
@@ -141,6 +141,6 @@ func (s *CommandHandler) DeleteVariable(ctx context.Context, parentType types.Co
 		},
 	}
 
-	_, err = s.dm.WriteWal(ctx, actions, cgt)
+	_, err = h.dm.WriteWal(ctx, actions, cgt)
 	return err
 }
diff --git a/internal/services/configstore/api/org.go b/internal/services/configstore/api/org.go
index 902b6e9..db113ff 100644
--- a/internal/services/configstore/api/org.go
+++ b/internal/services/configstore/api/org.go
@@ -21,7 +21,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sorintlab/agola/internal/db"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	"github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -67,11 +67,11 @@ func (h *OrgHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 type CreateOrgHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewCreateOrgHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateOrgHandler {
-	return &CreateOrgHandler{log: logger.Sugar(), ch: ch}
+func NewCreateOrgHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateOrgHandler {
+	return &CreateOrgHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *CreateOrgHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -84,7 +84,7 @@ func (h *CreateOrgHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	org, err := h.ch.CreateOrg(ctx, &req)
+	org, err := h.ah.CreateOrg(ctx, &req)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -97,11 +97,11 @@ func (h *CreateOrgHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 type DeleteOrgHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteOrgHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteOrgHandler {
-	return &DeleteOrgHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteOrgHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteOrgHandler {
+	return &DeleteOrgHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteOrgHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -111,7 +111,7 @@ func (h *DeleteOrgHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	orgRef := vars["orgref"]
 
-	err := h.ch.DeleteOrg(ctx, orgRef)
+	err := h.ah.DeleteOrg(ctx, orgRef)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 	}
diff --git a/internal/services/configstore/api/project.go b/internal/services/configstore/api/project.go
index 31b6749..1089a7f 100644
--- a/internal/services/configstore/api/project.go
+++ b/internal/services/configstore/api/project.go
@@ -22,7 +22,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sorintlab/agola/internal/db"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	"github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -159,12 +159,12 @@ func (h *ProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 type CreateProjectHandler struct {
 	log    *zap.SugaredLogger
-	ch     *command.CommandHandler
+	ah     *action.ActionHandler
 	readDB *readdb.ReadDB
 }
 
-func NewCreateProjectHandler(logger *zap.Logger, ch *command.CommandHandler, readDB *readdb.ReadDB) *CreateProjectHandler {
-	return &CreateProjectHandler{log: logger.Sugar(), ch: ch, readDB: readDB}
+func NewCreateProjectHandler(logger *zap.Logger, ah *action.ActionHandler, readDB *readdb.ReadDB) *CreateProjectHandler {
+	return &CreateProjectHandler{log: logger.Sugar(), ah: ah, readDB: readDB}
 }
 
 func (h *CreateProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -177,7 +177,7 @@ func (h *CreateProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	project, err := h.ch.CreateProject(ctx, &req)
+	project, err := h.ah.CreateProject(ctx, &req)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -196,11 +196,11 @@ func (h *CreateProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 
 type DeleteProjectHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteProjectHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteProjectHandler {
-	return &DeleteProjectHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteProjectHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteProjectHandler {
+	return &DeleteProjectHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -213,7 +213,7 @@ func (h *DeleteProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	err = h.ch.DeleteProject(ctx, projectRef)
+	err = h.ah.DeleteProject(ctx, projectRef)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 	}
diff --git a/internal/services/configstore/api/projectgroup.go b/internal/services/configstore/api/projectgroup.go
index 4bfdb63..b5f84f1 100644
--- a/internal/services/configstore/api/projectgroup.go
+++ b/internal/services/configstore/api/projectgroup.go
@@ -22,7 +22,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sorintlab/agola/internal/db"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	"github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -249,12 +249,12 @@ func (h *ProjectGroupSubgroupsHandler) ServeHTTP(w http.ResponseWriter, r *http.
 
 type CreateProjectGroupHandler struct {
 	log    *zap.SugaredLogger
-	ch     *command.CommandHandler
+	ah     *action.ActionHandler
 	readDB *readdb.ReadDB
 }
 
-func NewCreateProjectGroupHandler(logger *zap.Logger, ch *command.CommandHandler, readDB *readdb.ReadDB) *CreateProjectGroupHandler {
-	return &CreateProjectGroupHandler{log: logger.Sugar(), ch: ch, readDB: readDB}
+func NewCreateProjectGroupHandler(logger *zap.Logger, ah *action.ActionHandler, readDB *readdb.ReadDB) *CreateProjectGroupHandler {
+	return &CreateProjectGroupHandler{log: logger.Sugar(), ah: ah, readDB: readDB}
 }
 
 func (h *CreateProjectGroupHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -267,7 +267,7 @@ func (h *CreateProjectGroupHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
 		return
 	}
 
-	projectGroup, err := h.ch.CreateProjectGroup(ctx, &req)
+	projectGroup, err := h.ah.CreateProjectGroup(ctx, &req)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
diff --git a/internal/services/configstore/api/remotesource.go b/internal/services/configstore/api/remotesource.go
index 21e34f2..dd1fd46 100644
--- a/internal/services/configstore/api/remotesource.go
+++ b/internal/services/configstore/api/remotesource.go
@@ -21,7 +21,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sorintlab/agola/internal/db"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	"github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -67,12 +67,12 @@ func (h *RemoteSourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 
 type CreateRemoteSourceHandler struct {
 	log    *zap.SugaredLogger
-	ch     *command.CommandHandler
+	ah     *action.ActionHandler
 	readDB *readdb.ReadDB
 }
 
-func NewCreateRemoteSourceHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateRemoteSourceHandler {
-	return &CreateRemoteSourceHandler{log: logger.Sugar(), ch: ch}
+func NewCreateRemoteSourceHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateRemoteSourceHandler {
+	return &CreateRemoteSourceHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *CreateRemoteSourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -85,7 +85,7 @@ func (h *CreateRemoteSourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
 		return
 	}
 
-	remoteSource, err := h.ch.CreateRemoteSource(ctx, &req)
+	remoteSource, err := h.ah.CreateRemoteSource(ctx, &req)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -98,11 +98,11 @@ func (h *CreateRemoteSourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
 
 type DeleteRemoteSourceHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteRemoteSourceHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteRemoteSourceHandler {
-	return &DeleteRemoteSourceHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteRemoteSourceHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteRemoteSourceHandler {
+	return &DeleteRemoteSourceHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteRemoteSourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -111,7 +111,7 @@ func (h *DeleteRemoteSourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Req
 	vars := mux.Vars(r)
 	rsRef := vars["remotesourceref"]
 
-	err := h.ch.DeleteRemoteSource(ctx, rsRef)
+	err := h.ah.DeleteRemoteSource(ctx, rsRef)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 	}
diff --git a/internal/services/configstore/api/secret.go b/internal/services/configstore/api/secret.go
index c55d6d7..466c96e 100644
--- a/internal/services/configstore/api/secret.go
+++ b/internal/services/configstore/api/secret.go
@@ -20,7 +20,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sorintlab/agola/internal/db"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	"github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -140,12 +140,12 @@ func (h *SecretsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 type CreateSecretHandler struct {
 	log    *zap.SugaredLogger
-	ch     *command.CommandHandler
+	ah     *action.ActionHandler
 	readDB *readdb.ReadDB
 }
 
-func NewCreateSecretHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateSecretHandler {
-	return &CreateSecretHandler{log: logger.Sugar(), ch: ch}
+func NewCreateSecretHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateSecretHandler {
+	return &CreateSecretHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -166,7 +166,7 @@ func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 	secret.Parent.Type = parentType
 	secret.Parent.ID = parentRef
 
-	secret, err = h.ch.CreateSecret(ctx, secret)
+	secret, err = h.ah.CreateSecret(ctx, secret)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -179,11 +179,11 @@ func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 
 type DeleteSecretHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteSecretHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteSecretHandler {
-	return &DeleteSecretHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteSecretHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteSecretHandler {
+	return &DeleteSecretHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -197,7 +197,7 @@ func (h *DeleteSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	err = h.ch.DeleteSecret(ctx, parentType, parentRef, secretName)
+	err = h.ah.DeleteSecret(ctx, parentType, parentRef, secretName)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 	}
diff --git a/internal/services/configstore/api/user.go b/internal/services/configstore/api/user.go
index e61eafb..a8c1007 100644
--- a/internal/services/configstore/api/user.go
+++ b/internal/services/configstore/api/user.go
@@ -22,7 +22,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sorintlab/agola/internal/db"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	action "github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -74,11 +74,11 @@ type CreateUserRequest struct {
 
 type CreateUserHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewCreateUserHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateUserHandler {
-	return &CreateUserHandler{log: logger.Sugar(), ch: ch}
+func NewCreateUserHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateUserHandler {
+	return &CreateUserHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *CreateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -91,11 +91,11 @@ func (h *CreateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	creq := &command.CreateUserRequest{
+	creq := &action.CreateUserRequest{
 		UserName: req.UserName,
 	}
 	if req.CreateUserLARequest != nil {
-		creq.CreateUserLARequest = &command.CreateUserLARequest{
+		creq.CreateUserLARequest = &action.CreateUserLARequest{
 			RemoteSourceName:           req.CreateUserLARequest.RemoteSourceName,
 			RemoteUserID:               req.CreateUserLARequest.RemoteUserID,
 			RemoteUserName:             req.CreateUserLARequest.RemoteUserName,
@@ -106,7 +106,7 @@ func (h *CreateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	user, err := h.ch.CreateUser(ctx, creq)
+	user, err := h.ah.CreateUser(ctx, creq)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -123,11 +123,11 @@ type UpdateUserRequest struct {
 
 type UpdateUserHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewUpdateUserHandler(logger *zap.Logger, ch *command.CommandHandler) *UpdateUserHandler {
-	return &UpdateUserHandler{log: logger.Sugar(), ch: ch}
+func NewUpdateUserHandler(logger *zap.Logger, ah *action.ActionHandler) *UpdateUserHandler {
+	return &UpdateUserHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *UpdateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -143,12 +143,12 @@ func (h *UpdateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	creq := &command.UpdateUserRequest{
+	creq := &action.UpdateUserRequest{
 		UserRef:  userRef,
 		UserName: req.UserName,
 	}
 
-	user, err := h.ch.UpdateUser(ctx, creq)
+	user, err := h.ah.UpdateUser(ctx, creq)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -161,11 +161,11 @@ func (h *UpdateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 type DeleteUserHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteUserHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteUserHandler {
-	return &DeleteUserHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteUserHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteUserHandler {
+	return &DeleteUserHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -174,7 +174,7 @@ func (h *DeleteUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	userRef := vars["userref"]
 
-	err := h.ch.DeleteUser(ctx, userRef)
+	err := h.ah.DeleteUser(ctx, userRef)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 	}
@@ -319,11 +319,11 @@ type CreateUserLARequest struct {
 
 type CreateUserLAHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewCreateUserLAHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateUserLAHandler {
-	return &CreateUserLAHandler{log: logger.Sugar(), ch: ch}
+func NewCreateUserLAHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateUserLAHandler {
+	return &CreateUserLAHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *CreateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -338,7 +338,7 @@ func (h *CreateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	creq := &command.CreateUserLARequest{
+	creq := &action.CreateUserLARequest{
 		UserRef:                    userRef,
 		RemoteSourceName:           req.RemoteSourceName,
 		RemoteUserID:               req.RemoteUserID,
@@ -348,7 +348,7 @@ func (h *CreateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 		Oauth2RefreshToken:         req.Oauth2RefreshToken,
 		Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt,
 	}
-	user, err := h.ch.CreateUserLA(ctx, creq)
+	user, err := h.ah.CreateUserLA(ctx, creq)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -361,11 +361,11 @@ func (h *CreateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 
 type DeleteUserLAHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteUserLAHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteUserLAHandler {
-	return &DeleteUserLAHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteUserLAHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteUserLAHandler {
+	return &DeleteUserLAHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -374,7 +374,7 @@ func (h *DeleteUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 	userRef := vars["userref"]
 	laID := vars["laid"]
 
-	err := h.ch.DeleteUserLA(ctx, userRef, laID)
+	err := h.ah.DeleteUserLA(ctx, userRef, laID)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 	}
@@ -394,11 +394,11 @@ type UpdateUserLARequest struct {
 
 type UpdateUserLAHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewUpdateUserLAHandler(logger *zap.Logger, ch *command.CommandHandler) *UpdateUserLAHandler {
-	return &UpdateUserLAHandler{log: logger.Sugar(), ch: ch}
+func NewUpdateUserLAHandler(logger *zap.Logger, ah *action.ActionHandler) *UpdateUserLAHandler {
+	return &UpdateUserLAHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *UpdateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -414,7 +414,7 @@ func (h *UpdateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	creq := &command.UpdateUserLARequest{
+	creq := &action.UpdateUserLARequest{
 		UserRef:                    userRef,
 		LinkedAccountID:            linkedAccountID,
 		RemoteUserID:               req.RemoteUserID,
@@ -424,7 +424,7 @@ func (h *UpdateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 		Oauth2RefreshToken:         req.Oauth2RefreshToken,
 		Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt,
 	}
-	user, err := h.ch.UpdateUserLA(ctx, creq)
+	user, err := h.ah.UpdateUserLA(ctx, creq)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -445,11 +445,11 @@ type CreateUserTokenResponse struct {
 
 type CreateUserTokenHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewCreateUserTokenHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateUserTokenHandler {
-	return &CreateUserTokenHandler{log: logger.Sugar(), ch: ch}
+func NewCreateUserTokenHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateUserTokenHandler {
+	return &CreateUserTokenHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *CreateUserTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -464,7 +464,7 @@ func (h *CreateUserTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	token, err := h.ch.CreateUserToken(ctx, userRef, req.TokenName)
+	token, err := h.ah.CreateUserToken(ctx, userRef, req.TokenName)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -480,11 +480,11 @@ func (h *CreateUserTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Reques
 
 type DeleteUserTokenHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteUserTokenHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteUserTokenHandler {
-	return &DeleteUserTokenHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteUserTokenHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteUserTokenHandler {
+	return &DeleteUserTokenHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteUserTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -493,7 +493,7 @@ func (h *DeleteUserTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Reques
 	userRef := vars["userref"]
 	tokenName := vars["tokenname"]
 
-	err := h.ch.DeleteUserToken(ctx, userRef, tokenName)
+	err := h.ah.DeleteUserToken(ctx, userRef, tokenName)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -508,7 +508,7 @@ type UserOrgsResponse struct {
 	Role         types.MemberRole
 }
 
-func userOrgsResponse(userOrg *command.UserOrgsResponse) *UserOrgsResponse {
+func userOrgsResponse(userOrg *action.UserOrgsResponse) *UserOrgsResponse {
 	return &UserOrgsResponse{
 		Organization: userOrg.Organization,
 		Role:         userOrg.Role,
@@ -517,11 +517,11 @@ func userOrgsResponse(userOrg *command.UserOrgsResponse) *UserOrgsResponse {
 
 type UserOrgsHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewUserOrgsHandler(logger *zap.Logger, ch *command.CommandHandler) *UserOrgsHandler {
-	return &UserOrgsHandler{log: logger.Sugar(), ch: ch}
+func NewUserOrgsHandler(logger *zap.Logger, ah *action.ActionHandler) *UserOrgsHandler {
+	return &UserOrgsHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *UserOrgsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -529,7 +529,7 @@ func (h *UserOrgsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	userRef := vars["userref"]
 
-	userOrgs, err := h.ch.GetUserOrgs(ctx, userRef)
+	userOrgs, err := h.ah.GetUserOrgs(ctx, userRef)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
diff --git a/internal/services/configstore/api/variable.go b/internal/services/configstore/api/variable.go
index 2bb2352..c47c092 100644
--- a/internal/services/configstore/api/variable.go
+++ b/internal/services/configstore/api/variable.go
@@ -19,7 +19,7 @@ import (
 	"net/http"
 
 	"github.com/sorintlab/agola/internal/db"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	"github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -103,12 +103,12 @@ func (h *VariablesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 type CreateVariableHandler struct {
 	log    *zap.SugaredLogger
-	ch     *command.CommandHandler
+	ah     *action.ActionHandler
 	readDB *readdb.ReadDB
 }
 
-func NewCreateVariableHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateVariableHandler {
-	return &CreateVariableHandler{log: logger.Sugar(), ch: ch}
+func NewCreateVariableHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateVariableHandler {
+	return &CreateVariableHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *CreateVariableHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -129,7 +129,7 @@ func (h *CreateVariableHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 	variable.Parent.Type = parentType
 	variable.Parent.ID = parentRef
 
-	variable, err = h.ch.CreateVariable(ctx, variable)
+	variable, err = h.ah.CreateVariable(ctx, variable)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 		return
@@ -142,11 +142,11 @@ func (h *CreateVariableHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 
 type DeleteVariableHandler struct {
 	log *zap.SugaredLogger
-	ch  *command.CommandHandler
+	ah  *action.ActionHandler
 }
 
-func NewDeleteVariableHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteVariableHandler {
-	return &DeleteVariableHandler{log: logger.Sugar(), ch: ch}
+func NewDeleteVariableHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteVariableHandler {
+	return &DeleteVariableHandler{log: logger.Sugar(), ah: ah}
 }
 
 func (h *DeleteVariableHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -160,7 +160,7 @@ func (h *DeleteVariableHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	err = h.ch.DeleteVariable(ctx, parentType, parentRef, variableName)
+	err = h.ah.DeleteVariable(ctx, parentType, parentRef, variableName)
 	if httpError(w, err) {
 		h.log.Errorf("err: %+v", err)
 	}
diff --git a/internal/services/configstore/configstore.go b/internal/services/configstore/configstore.go
index 6291cf1..240f05c 100644
--- a/internal/services/configstore/configstore.go
+++ b/internal/services/configstore/configstore.go
@@ -27,7 +27,7 @@ import (
 	"github.com/sorintlab/agola/internal/objectstorage"
 	"github.com/sorintlab/agola/internal/services/config"
 	"github.com/sorintlab/agola/internal/services/configstore/api"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	action "github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/configstore/readdb"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/util"
@@ -48,7 +48,7 @@ type ConfigStore struct {
 	dm            *datamanager.DataManager
 	readDB        *readdb.ReadDB
 	ost           *objectstorage.ObjStorage
-	ch            *command.CommandHandler
+	ah            *action.ActionHandler
 	listenAddress string
 }
 
@@ -98,8 +98,8 @@ func NewConfigStore(ctx context.Context, c *config.ConfigStore) (*ConfigStore, e
 	cs.dm = dm
 	cs.readDB = readDB
 
-	ch := command.NewCommandHandler(logger, readDB, dm)
-	cs.ch = ch
+	ah := action.NewActionHandler(logger, readDB, dm)
+	cs.ah = ah
 
 	return cs, nil
 }
@@ -128,44 +128,44 @@ func (s *ConfigStore) Run(ctx context.Context) error {
 	projectGroupHandler := api.NewProjectGroupHandler(logger, s.readDB)
 	projectGroupSubgroupsHandler := api.NewProjectGroupSubgroupsHandler(logger, s.readDB)
 	projectGroupProjectsHandler := api.NewProjectGroupProjectsHandler(logger, s.readDB)
-	createProjectGroupHandler := api.NewCreateProjectGroupHandler(logger, s.ch, s.readDB)
+	createProjectGroupHandler := api.NewCreateProjectGroupHandler(logger, s.ah, s.readDB)
 
 	projectHandler := api.NewProjectHandler(logger, s.readDB)
-	createProjectHandler := api.NewCreateProjectHandler(logger, s.ch, s.readDB)
-	deleteProjectHandler := api.NewDeleteProjectHandler(logger, s.ch)
+	createProjectHandler := api.NewCreateProjectHandler(logger, s.ah, s.readDB)
+	deleteProjectHandler := api.NewDeleteProjectHandler(logger, s.ah)
 
 	secretsHandler := api.NewSecretsHandler(logger, s.readDB)
-	createSecretHandler := api.NewCreateSecretHandler(logger, s.ch)
-	deleteSecretHandler := api.NewDeleteSecretHandler(logger, s.ch)
+	createSecretHandler := api.NewCreateSecretHandler(logger, s.ah)
+	deleteSecretHandler := api.NewDeleteSecretHandler(logger, s.ah)
 
 	variablesHandler := api.NewVariablesHandler(logger, s.readDB)
-	createVariableHandler := api.NewCreateVariableHandler(logger, s.ch)
-	deleteVariableHandler := api.NewDeleteVariableHandler(logger, s.ch)
+	createVariableHandler := api.NewCreateVariableHandler(logger, s.ah)
+	deleteVariableHandler := api.NewDeleteVariableHandler(logger, s.ah)
 
 	userHandler := api.NewUserHandler(logger, s.readDB)
 	usersHandler := api.NewUsersHandler(logger, s.readDB)
-	createUserHandler := api.NewCreateUserHandler(logger, s.ch)
-	updateUserHandler := api.NewUpdateUserHandler(logger, s.ch)
-	deleteUserHandler := api.NewDeleteUserHandler(logger, s.ch)
+	createUserHandler := api.NewCreateUserHandler(logger, s.ah)
+	updateUserHandler := api.NewUpdateUserHandler(logger, s.ah)
+	deleteUserHandler := api.NewDeleteUserHandler(logger, s.ah)
 
-	createUserLAHandler := api.NewCreateUserLAHandler(logger, s.ch)
-	deleteUserLAHandler := api.NewDeleteUserLAHandler(logger, s.ch)
-	updateUserLAHandler := api.NewUpdateUserLAHandler(logger, s.ch)
+	createUserLAHandler := api.NewCreateUserLAHandler(logger, s.ah)
+	deleteUserLAHandler := api.NewDeleteUserLAHandler(logger, s.ah)
+	updateUserLAHandler := api.NewUpdateUserLAHandler(logger, s.ah)
 
-	createUserTokenHandler := api.NewCreateUserTokenHandler(logger, s.ch)
-	deleteUserTokenHandler := api.NewDeleteUserTokenHandler(logger, s.ch)
+	createUserTokenHandler := api.NewCreateUserTokenHandler(logger, s.ah)
+	deleteUserTokenHandler := api.NewDeleteUserTokenHandler(logger, s.ah)
 
-	userOrgsHandler := api.NewUserOrgsHandler(logger, s.ch)
+	userOrgsHandler := api.NewUserOrgsHandler(logger, s.ah)
 
 	orgHandler := api.NewOrgHandler(logger, s.readDB)
 	orgsHandler := api.NewOrgsHandler(logger, s.readDB)
-	createOrgHandler := api.NewCreateOrgHandler(logger, s.ch)
-	deleteOrgHandler := api.NewDeleteOrgHandler(logger, s.ch)
+	createOrgHandler := api.NewCreateOrgHandler(logger, s.ah)
+	deleteOrgHandler := api.NewDeleteOrgHandler(logger, s.ah)
 
 	remoteSourceHandler := api.NewRemoteSourceHandler(logger, s.readDB)
 	remoteSourcesHandler := api.NewRemoteSourcesHandler(logger, s.readDB)
-	createRemoteSourceHandler := api.NewCreateRemoteSourceHandler(logger, s.ch)
-	deleteRemoteSourceHandler := api.NewDeleteRemoteSourceHandler(logger, s.ch)
+	createRemoteSourceHandler := api.NewCreateRemoteSourceHandler(logger, s.ah)
+	deleteRemoteSourceHandler := api.NewDeleteRemoteSourceHandler(logger, s.ah)
 
 	router := mux.NewRouter()
 	apirouter := router.PathPrefix("/api/v1alpha").Subrouter().UseEncodedPath()
diff --git a/internal/services/configstore/configstore_test.go b/internal/services/configstore/configstore_test.go
index 4c4d41e..cb71db1 100644
--- a/internal/services/configstore/configstore_test.go
+++ b/internal/services/configstore/configstore_test.go
@@ -29,7 +29,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/sorintlab/agola/internal/db"
 	"github.com/sorintlab/agola/internal/services/config"
-	"github.com/sorintlab/agola/internal/services/configstore/command"
+	action "github.com/sorintlab/agola/internal/services/configstore/action"
 	"github.com/sorintlab/agola/internal/services/types"
 	"github.com/sorintlab/agola/internal/testutil"
 	"github.com/sorintlab/agola/internal/util"
@@ -186,7 +186,7 @@ func TestResync(t *testing.T) {
 	time.Sleep(1 * time.Second)
 
 	for i := 0; i < 10; i++ {
-		if _, err := cs1.ch.CreateUser(ctx, &command.CreateUserRequest{UserName: fmt.Sprintf("user%d", i)}); err != nil {
+		if _, err := cs1.ah.CreateUser(ctx, &action.CreateUserRequest{UserName: fmt.Sprintf("user%d", i)}); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 		time.Sleep(200 * time.Millisecond)
@@ -200,7 +200,7 @@ func TestResync(t *testing.T) {
 
 	// Do some more changes
 	for i := 11; i < 20; i++ {
-		if _, err := cs1.ch.CreateUser(ctx, &command.CreateUserRequest{UserName: fmt.Sprintf("user%d", i)}); err != nil {
+		if _, err := cs1.ah.CreateUser(ctx, &action.CreateUserRequest{UserName: fmt.Sprintf("user%d", i)}); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 		time.Sleep(200 * time.Millisecond)
@@ -314,7 +314,7 @@ func TestUser(t *testing.T) {
 	time.Sleep(2 * time.Second)
 
 	t.Run("create user", func(t *testing.T) {
-		_, err := cs.ch.CreateUser(ctx, &command.CreateUserRequest{UserName: "user01"})
+		_, err := cs.ah.CreateUser(ctx, &action.CreateUserRequest{UserName: "user01"})
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
@@ -325,7 +325,7 @@ func TestUser(t *testing.T) {
 
 	t.Run("create duplicated user", func(t *testing.T) {
 		expectedErr := fmt.Sprintf("user with name %q already exists", "user01")
-		_, err := cs.ch.CreateUser(ctx, &command.CreateUserRequest{UserName: "user01"})
+		_, err := cs.ah.CreateUser(ctx, &action.CreateUserRequest{UserName: "user01"})
 		if err == nil {
 			t.Fatalf("expected error %v, got nil err", expectedErr)
 		}
@@ -342,7 +342,7 @@ func TestUser(t *testing.T) {
 		wg := sync.WaitGroup{}
 		for i := 0; i < 10; i++ {
 			wg.Add(1)
-			go cs.ch.CreateUser(ctx, &command.CreateUserRequest{UserName: "user02"})
+			go cs.ah.CreateUser(ctx, &action.CreateUserRequest{UserName: "user02"})
 			wg.Done()
 		}
 		wg.Wait()
@@ -382,11 +382,11 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 	// TODO(sgotti) change the sleep with a real check that all is ready
 	time.Sleep(2 * time.Second)
 
-	user, err := cs.ch.CreateUser(ctx, &command.CreateUserRequest{UserName: "user01"})
+	user, err := cs.ah.CreateUser(ctx, &action.CreateUserRequest{UserName: "user01"})
 	if err != nil {
 		t.Fatalf("unexpected err: %v", err)
 	}
-	org, err := cs.ch.CreateOrg(ctx, &types.Organization{Name: "org01"})
+	org, err := cs.ah.CreateOrg(ctx, &types.Organization{Name: "org01"})
 	if err != nil {
 		t.Fatalf("unexpected err: %v", err)
 	}
@@ -395,37 +395,37 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 	time.Sleep(2 * time.Second)
 
 	t.Run("create a project in user root project group", func(t *testing.T) {
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
 	})
 	t.Run("create a project in org root project group", func(t *testing.T) {
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
 	})
 	t.Run("create a projectgroup in user root project group", func(t *testing.T) {
-		_, err := cs.ch.CreateProjectGroup(ctx, &types.ProjectGroup{Name: "projectgroup01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic})
+		_, err := cs.ah.CreateProjectGroup(ctx, &types.ProjectGroup{Name: "projectgroup01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic})
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
 	})
 	t.Run("create a projectgroup in org root project group", func(t *testing.T) {
-		_, err := cs.ch.CreateProjectGroup(ctx, &types.ProjectGroup{Name: "projectgroup01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name)}, Visibility: types.VisibilityPublic})
+		_, err := cs.ah.CreateProjectGroup(ctx, &types.ProjectGroup{Name: "projectgroup01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name)}, Visibility: types.VisibilityPublic})
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
 	})
 	t.Run("create a project in user non root project group with same name as a root project", func(t *testing.T) {
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
 	})
 	t.Run("create a project in org non root project group with same name as a root project", func(t *testing.T) {
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
@@ -434,7 +434,7 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 	t.Run("create duplicated project in user root project group", func(t *testing.T) {
 		projectName := "project01"
 		expectedErr := fmt.Sprintf("project with name %q, path %q already exists", projectName, path.Join("user", user.Name, projectName))
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err.Error() != expectedErr {
 			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
 		}
@@ -442,7 +442,7 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 	t.Run("create duplicated project in org root project group", func(t *testing.T) {
 		projectName := "project01"
 		expectedErr := fmt.Sprintf("project with name %q, path %q already exists", projectName, path.Join("org", org.Name, projectName))
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err.Error() != expectedErr {
 			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
 		}
@@ -451,7 +451,7 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 	t.Run("create duplicated project in user non root project group", func(t *testing.T) {
 		projectName := "project01"
 		expectedErr := fmt.Sprintf("project with name %q, path %q already exists", projectName, path.Join("user", user.Name, "projectgroup01", projectName))
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err.Error() != expectedErr {
 			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
 		}
@@ -459,7 +459,7 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 	t.Run("create duplicated project in org non root project group", func(t *testing.T) {
 		projectName := "project01"
 		expectedErr := fmt.Sprintf("project with name %q, path %q already exists", projectName, path.Join("org", org.Name, "projectgroup01", projectName))
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: projectName, Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("org", org.Name, "projectgroup01")}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err.Error() != expectedErr {
 			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
 		}
@@ -467,14 +467,14 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 
 	t.Run("create project in unexistent project group", func(t *testing.T) {
 		expectedErr := `project group with id "unexistentid" doesn't exist`
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: "unexistentid"}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: "project01", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: "unexistentid"}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err.Error() != expectedErr {
 			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
 		}
 	})
 	t.Run("create project without parent id specified", func(t *testing.T) {
 		expectedErr := "project parent id required"
-		_, err := cs.ch.CreateProject(ctx, &types.Project{Name: "project01", Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+		_, err := cs.ah.CreateProject(ctx, &types.Project{Name: "project01", Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 		if err.Error() != expectedErr {
 			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
 		}
@@ -489,7 +489,7 @@ func TestProjectGroupsAndProjects(t *testing.T) {
 		wg := sync.WaitGroup{}
 		for i := 0; i < 10; i++ {
 			wg.Add(1)
-			go cs.ch.CreateProject(ctx, &types.Project{Name: "project02", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
+			go cs.ah.CreateProject(ctx, &types.Project{Name: "project02", Parent: types.Parent{Type: types.ConfigTypeProjectGroup, ID: path.Join("user", user.Name)}, Visibility: types.VisibilityPublic, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeManual})
 			wg.Done()
 		}
 		wg.Wait()
@@ -529,11 +529,11 @@ func TestOrgMembers(t *testing.T) {
 	// TODO(sgotti) change the sleep with a real check that all is ready
 	time.Sleep(2 * time.Second)
 
-	user, err := cs.ch.CreateUser(ctx, &command.CreateUserRequest{UserName: "user01"})
+	user, err := cs.ah.CreateUser(ctx, &action.CreateUserRequest{UserName: "user01"})
 	if err != nil {
 		t.Fatalf("unexpected err: %v", err)
 	}
-	org, err := cs.ch.CreateOrg(ctx, &types.Organization{Name: "org01", CreatorUserID: user.ID})
+	org, err := cs.ah.CreateOrg(ctx, &types.Organization{Name: "org01", CreatorUserID: user.ID})
 	if err != nil {
 		t.Fatalf("unexpected err: %v", err)
 	}
@@ -542,13 +542,13 @@ func TestOrgMembers(t *testing.T) {
 	time.Sleep(2 * time.Second)
 
 	t.Run("test user org creator is org member with owner role", func(t *testing.T) {
-		expectedResponse := []*command.UserOrgsResponse{
+		expectedResponse := []*action.UserOrgsResponse{
 			{
 				Organization: org,
 				Role:         types.MemberRoleOwner,
 			},
 		}
-		res, err := cs.ch.GetUserOrgs(ctx, user.ID)
+		res, err := cs.ah.GetUserOrgs(ctx, user.ID)
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}
@@ -559,7 +559,7 @@ func TestOrgMembers(t *testing.T) {
 
 	orgs := []*types.Organization{}
 	for i := 0; i < 10; i++ {
-		org, err := cs.ch.CreateOrg(ctx, &types.Organization{Name: fmt.Sprintf("org%d", i), CreatorUserID: user.ID})
+		org, err := cs.ah.CreateOrg(ctx, &types.Organization{Name: fmt.Sprintf("org%d", i), CreatorUserID: user.ID})
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}
@@ -568,26 +568,26 @@ func TestOrgMembers(t *testing.T) {
 	}
 
 	for i := 0; i < 5; i++ {
-		if err := cs.ch.DeleteOrg(ctx, fmt.Sprintf("org%d", i)); err != nil {
+		if err := cs.ah.DeleteOrg(ctx, fmt.Sprintf("org%d", i)); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}
 
 	// delete some org and check that if also orgmembers aren't yet cleaned only the existing orgs are reported
 	t.Run("test only existing orgs are reported", func(t *testing.T) {
-		expectedResponse := []*command.UserOrgsResponse{
+		expectedResponse := []*action.UserOrgsResponse{
 			{
 				Organization: org,
 				Role:         types.MemberRoleOwner,
 			},
 		}
 		for i := 5; i < 10; i++ {
-			expectedResponse = append(expectedResponse, &command.UserOrgsResponse{
+			expectedResponse = append(expectedResponse, &action.UserOrgsResponse{
 				Organization: orgs[i],
 				Role:         types.MemberRoleOwner,
 			})
 		}
-		res, err := cs.ch.GetUserOrgs(ctx, user.ID)
+		res, err := cs.ah.GetUserOrgs(ctx, user.ID)
 		if err != nil {
 			t.Fatalf("unexpected err: %v", err)
 		}