From 9e4ae473d67d07965e1f9afe89cf43de9fcb65e9 Mon Sep 17 00:00:00 2001 From: Carlos Monastyrski Date: Sat, 14 Feb 2026 04:04:15 -0300 Subject: [PATCH 1/5] Add PKI agent e2e test --- e2e/README.md | 9 + e2e/agent/agent_helpers.go | 912 ++++++++++++++ e2e/agent/certificate_test.go | 1915 +++++++++++++++++++++++++++++ e2e/packages/client/reset_db.go | 5 + e2e/packages/infisical/compose.go | 101 +- e2e/util/helpers.go | 26 +- 6 files changed, 2956 insertions(+), 12 deletions(-) create mode 100644 e2e/agent/agent_helpers.go create mode 100644 e2e/agent/certificate_test.go diff --git a/e2e/README.md b/e2e/README.md index 909b38cb..00ed5837 100644 --- a/e2e/README.md +++ b/e2e/README.md @@ -151,11 +151,19 @@ cd e2e go test github.com/infisical/cli/e2e-tests/relay ``` +To run the cert-manager agent tests: + +```bash +cd e2e +go test github.com/infisical/cli/e2e-tests/agent +``` + If you're using a `.env` file (recommended), just make sure it's configured and run the tests: ```bash cd e2e go test github.com/infisical/cli/e2e-tests/relay +go test github.com/infisical/cli/e2e-tests/agent ``` Alternatively, you can export environment variables manually: @@ -165,6 +173,7 @@ export INFISICAL_CLI_EXECUTABLE=/path/to/infisical-merge export INFISICAL_BACKEND_DIR=/path/to/infisical/backend cd e2e go test github.com/infisical/cli/e2e-tests/relay +go test github.com/infisical/cli/e2e-tests/agent ``` **Tip:** Using a `.env` file is much more convenient than exporting variables manually. See the [Environment Variables Configuration](#environment-variables-configuration) section above for details. diff --git a/e2e/agent/agent_helpers.go b/e2e/agent/agent_helpers.go new file mode 100644 index 00000000..947735cb --- /dev/null +++ b/e2e/agent/agent_helpers.go @@ -0,0 +1,912 @@ +package agent + +import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/json" + "encoding/pem" + "fmt" + "io" + "net/http" + "os" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/require" +) + +type CertAgentTestHelper struct { + T *testing.T + ProjectID string + ProjectSlug string + ProfileSlug string + ProfileID string + PolicyID string + CaID string + IdentityToken string + AdminToken string + InfisicalURL string + TempDir string + ClientID string + ClientSecret string +} + +func (h *CertAgentTestHelper) CreateInternalCA() { + t := h.T + body := map[string]interface{}{ + "name": "test-root-ca", + "projectId": h.ProjectID, + "status": "active", + "configuration": map[string]interface{}{ + "type": "root", + "friendlyName": "Test Root CA", + "commonName": "Test Root CA", + "organization": "Test Org", + "ou": "", + "country": "US", + "province": "", + "locality": "", + "maxPathLength": -1, + "keyAlgorithm": "RSA_2048", + "notAfter": "2030-01-01T00:00:00Z", + }, + } + + respBody := h.doPost("/v1/cert-manager/ca/internal", body) + + var resp map[string]interface{} + err := json.Unmarshal(respBody, &resp) + require.NoError(t, err, "Failed to unmarshal create CA response: %s", string(respBody)) + + caID := "" + if id, ok := resp["id"].(string); ok { + caID = id + } else if ca, ok := resp["ca"].(map[string]interface{}); ok { + if id, ok := ca["id"].(string); ok { + caID = id + } + } + require.NotEmpty(t, caID, "CA ID should not be empty, response: %s", string(respBody)) + + h.CaID = caID +} + +type CertificatePolicyOption func(*certificatePolicyConfig) + +type certificatePolicyConfig struct { + allowAltNames bool + allowKeyAlgorithms []string + allowSignatureAlgorithms []string + allowKeyUsages []string + allowExtendedKeyUsages []string +} + +func WithAllowAltNames() CertificatePolicyOption { + return func(c *certificatePolicyConfig) { + c.allowAltNames = true + } +} + +func WithAllowKeyAlgorithms(algorithms ...string) CertificatePolicyOption { + return func(c *certificatePolicyConfig) { + c.allowKeyAlgorithms = algorithms + } +} + +func WithAllowSignatureAlgorithms(algorithms ...string) CertificatePolicyOption { + return func(c *certificatePolicyConfig) { + c.allowSignatureAlgorithms = algorithms + } +} + +func WithAllowKeyUsages(usages ...string) CertificatePolicyOption { + return func(c *certificatePolicyConfig) { + c.allowKeyUsages = usages + } +} + +func WithAllowExtendedKeyUsages(usages ...string) CertificatePolicyOption { + return func(c *certificatePolicyConfig) { + c.allowExtendedKeyUsages = usages + } +} + +func (h *CertAgentTestHelper) CreateCertificatePolicy(name string, opts ...CertificatePolicyOption) { + t := h.T + + cfg := &certificatePolicyConfig{} + for _, opt := range opts { + opt(cfg) + } + + subject := []map[string]interface{}{ + { + "type": "common_name", + "allowed": []string{"*"}, + }, + } + + body := map[string]interface{}{ + "projectId": h.ProjectID, + "name": name, + "subject": subject, + } + + if cfg.allowAltNames { + body["sans"] = []map[string]interface{}{ + { + "type": "dns_name", + "allowed": []string{"*"}, + }, + } + } + + if len(cfg.allowKeyAlgorithms) > 0 || len(cfg.allowSignatureAlgorithms) > 0 { + algorithms := map[string]interface{}{} + if len(cfg.allowKeyAlgorithms) > 0 { + algorithms["keyAlgorithm"] = cfg.allowKeyAlgorithms + } + if len(cfg.allowSignatureAlgorithms) > 0 { + algorithms["signature"] = cfg.allowSignatureAlgorithms + } + body["algorithms"] = algorithms + } + + if len(cfg.allowKeyUsages) > 0 { + body["keyUsages"] = map[string]interface{}{ + "allowed": cfg.allowKeyUsages, + } + } + + if len(cfg.allowExtendedKeyUsages) > 0 { + body["extendedKeyUsages"] = map[string]interface{}{ + "allowed": cfg.allowExtendedKeyUsages, + } + } + + respBody := h.doPost("/v1/cert-manager/certificate-policies", body) + + var resp map[string]interface{} + err := json.Unmarshal(respBody, &resp) + require.NoError(t, err, "Failed to unmarshal create policy response: %s", string(respBody)) + + policyID := "" + if policy, ok := resp["certificatePolicy"].(map[string]interface{}); ok { + if id, ok := policy["id"].(string); ok { + policyID = id + } + } + require.NotEmpty(t, policyID, "Policy ID should not be empty, response: %s", string(respBody)) + + h.PolicyID = policyID +} + +func (h *CertAgentTestHelper) CreateCertificateProfile(slug string) { + t := h.T + body := map[string]interface{}{ + "projectId": h.ProjectID, + "caId": h.CaID, + "certificatePolicyId": h.PolicyID, + "slug": slug, + "enrollmentType": "api", + "issuerType": "ca", + "apiConfig": map[string]interface{}{ + "autoRenew": false, + }, + } + + respBody := h.doPost("/v1/cert-manager/certificate-profiles", body) + + var resp map[string]interface{} + err := json.Unmarshal(respBody, &resp) + require.NoError(t, err, "Failed to unmarshal create profile response: %s", string(respBody)) + + profileID := "" + profileSlug := "" + if profile, ok := resp["certificateProfile"].(map[string]interface{}); ok { + if id, ok := profile["id"].(string); ok { + profileID = id + } + if s, ok := profile["slug"].(string); ok { + profileSlug = s + } + } + require.NotEmpty(t, profileID, "Profile ID should not be empty, response: %s", string(respBody)) + + h.ProfileID = profileID + h.ProfileSlug = profileSlug +} + +type addUniversalAuthRequest struct { + AccessTokenTTL int `json:"accessTokenTTL"` + AccessTokenMaxTTL int `json:"accessTokenMaxTTL"` + AccessTokenNumUsesLimit int `json:"accessTokenNumUsesLimit"` + AccessTokenTrustedIps []struct { + IpAddress string `json:"ipAddress"` + } `json:"accessTokenTrustedIps"` +} + +type createUniversalAuthClientSecretRequest struct{} + +func (h *CertAgentTestHelper) SetupUniversalAuth(identityID string) { + t := h.T + + body := addUniversalAuthRequest{ + AccessTokenTTL: 2592000, + AccessTokenMaxTTL: 2592000, + AccessTokenNumUsesLimit: 0, + AccessTokenTrustedIps: []struct { + IpAddress string `json:"ipAddress"` + }{ + {IpAddress: "0.0.0.0/0"}, + {IpAddress: "::/0"}, + }, + } + + respBody := h.doPostWithToken(fmt.Sprintf("/v1/auth/universal-auth/identities/%s", identityID), body, h.AdminToken) + + var rawResp map[string]interface{} + err := json.Unmarshal(respBody, &rawResp) + require.NoError(t, err, "Failed to unmarshal universal auth response: %s", string(respBody)) + + clientID := "" + if id, ok := rawResp["clientId"].(string); ok { + clientID = id + } else if nested, ok := rawResp["identityUniversalAuth"].(map[string]interface{}); ok { + if id, ok := nested["clientId"].(string); ok { + clientID = id + } + } + require.NotEmpty(t, clientID, "Client ID should not be empty, response: %s", string(respBody)) + + h.ClientID = clientID + + csRespBody := h.doPostWithToken(fmt.Sprintf("/v1/auth/universal-auth/identities/%s/client-secrets", identityID), createUniversalAuthClientSecretRequest{}, h.AdminToken) + + var csRawResp map[string]interface{} + err = json.Unmarshal(csRespBody, &csRawResp) + require.NoError(t, err, "Failed to unmarshal client secret response: %s", string(csRespBody)) + + clientSecret := "" + if s, ok := csRawResp["clientSecret"].(string); ok { + clientSecret = s + } else if nested, ok := csRawResp["clientSecretData"].(map[string]interface{}); ok { + if s, ok := nested["clientSecret"].(string); ok { + clientSecret = s + } + } + require.NotEmpty(t, clientSecret, "Client secret should not be empty, response: %s", string(csRespBody)) + + h.ClientSecret = clientSecret +} + +func (h *CertAgentTestHelper) doPost(path string, body interface{}) []byte { + return h.doPostWithToken(path, body, h.IdentityToken) +} + +func (h *CertAgentTestHelper) doPostWithToken(path string, body interface{}, token string) []byte { + t := h.T + + jsonBody, err := json.Marshal(body) + require.NoError(t, err) + + url := h.InfisicalURL + "/api" + path + req, err := http.NewRequest("POST", url, bytes.NewReader(jsonBody)) + require.NoError(t, err) + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+token) + + httpClient := &http.Client{Timeout: 30 * time.Second} + resp, err := httpClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + require.NoError(t, err) + + require.True(t, resp.StatusCode >= 200 && resp.StatusCode < 300, + "API request to %s failed with status %d: %s", path, resp.StatusCode, string(respBody)) + + return respBody +} + +func (h *CertAgentTestHelper) doPostRaw(path string, body interface{}) (int, []byte) { + t := h.T + + jsonBody, err := json.Marshal(body) + require.NoError(t, err) + + url := h.InfisicalURL + "/api" + path + req, err := http.NewRequest("POST", url, bytes.NewReader(jsonBody)) + require.NoError(t, err) + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+h.IdentityToken) + + httpClient := &http.Client{Timeout: 30 * time.Second} + resp, err := httpClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + require.NoError(t, err) + + return resp.StatusCode, respBody +} + +func (h *CertAgentTestHelper) doPatchWithToken(path string, body interface{}, token string) (int, []byte) { + t := h.T + + jsonBody, err := json.Marshal(body) + require.NoError(t, err) + + url := h.InfisicalURL + "/api" + path + req, err := http.NewRequest("PATCH", url, bytes.NewReader(jsonBody)) + require.NoError(t, err) + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+token) + + httpClient := &http.Client{Timeout: 30 * time.Second} + resp, err := httpClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + require.NoError(t, err) + + return resp.StatusCode, respBody +} + +func (h *CertAgentTestHelper) CreateAcmeCARaw(name, dnsConnectionID, directoryUrl, provider, hostedZoneId, accountEmail string) (int, []byte) { + body := map[string]interface{}{ + "name": name, + "projectId": h.ProjectID, + "status": "active", + "configuration": map[string]interface{}{ + "dnsAppConnectionId": dnsConnectionID, + "dnsProviderConfig": map[string]interface{}{ + "provider": provider, + "hostedZoneId": hostedZoneId, + }, + "directoryUrl": directoryUrl, + "accountEmail": accountEmail, + }, + } + return h.doPostRaw("/v1/cert-manager/ca/acme", body) +} + +func (h *CertAgentTestHelper) DisableAcmeCA(caID string) { + t := h.T + + body := map[string]interface{}{ + "status": "disabled", + } + + statusCode, respBody := h.doPatchWithToken(fmt.Sprintf("/v1/cert-manager/ca/acme/%s", caID), body, h.IdentityToken) + require.True(t, statusCode >= 200 && statusCode < 300, + "Failed to disable ACME CA, status %d: %s", statusCode, string(respBody)) +} + +func CertFilePaths(dir string) (certPath, keyPath, chainPath string) { + return filepath.Join(dir, "cert.pem"), + filepath.Join(dir, "key.pem"), + filepath.Join(dir, "chain.pem") +} + +func (h *CertAgentTestHelper) GenerateAgentConfig(opts AgentConfigOptions) string { + t := h.T + + certEntries := "" + for _, cert := range opts.Certificates { + certEntry := fmt.Sprintf(` - project-slug: "%s" + profile-name: "%s" +`, + cert.ProjectSlug, + cert.ProfileSlug, + ) + + if cert.CSR != "" { + certEntry += fmt.Sprintf(" csr: |\n") + for _, line := range strings.Split(strings.TrimRight(cert.CSR, "\n"), "\n") { + certEntry += fmt.Sprintf(" %s\n", line) + } + } + if cert.CSRPath != "" { + certEntry += fmt.Sprintf(" csr-path: \"%s\"\n", cert.CSRPath) + } + + certEntry += fmt.Sprintf(` attributes: + common-name: "%s" + ttl: "%s" +`, cert.CommonName, cert.TTL) + + if cert.KeyAlgorithm != "" { + certEntry += fmt.Sprintf(" key-algorithm: \"%s\"\n", cert.KeyAlgorithm) + } + if cert.SignatureAlgorithm != "" { + certEntry += fmt.Sprintf(" signature-algorithm: \"%s\"\n", cert.SignatureAlgorithm) + } + if len(cert.KeyUsages) > 0 { + certEntry += " key-usages:\n" + for _, u := range cert.KeyUsages { + certEntry += fmt.Sprintf(" - \"%s\"\n", u) + } + } + if len(cert.ExtendedKeyUsages) > 0 { + certEntry += " extended-key-usages:\n" + for _, u := range cert.ExtendedKeyUsages { + certEntry += fmt.Sprintf(" - \"%s\"\n", u) + } + } + + if len(cert.AltNames) > 0 { + certEntry += " alt-names:\n" + for _, name := range cert.AltNames { + certEntry += fmt.Sprintf(" - \"%s\"\n", name) + } + } + + certEntry += fmt.Sprintf(` lifecycle: + renew-before-expiry: "%s" + status-check-interval: "%s" +`, cert.RenewBeforeExpiry, cert.StatusCheckInterval) + + certEntry += fmt.Sprintf(" file-output:\n") + certEntry += fmt.Sprintf(" certificate:\n") + certEntry += fmt.Sprintf(" path: \"%s\"\n", cert.CertPath) + if cert.CertPermission != "" { + certEntry += fmt.Sprintf(" permission: \"%s\"\n", cert.CertPermission) + } + certEntry += fmt.Sprintf(" private-key:\n") + certEntry += fmt.Sprintf(" path: \"%s\"\n", cert.KeyPath) + if cert.KeyPermission != "" { + certEntry += fmt.Sprintf(" permission: \"%s\"\n", cert.KeyPermission) + } + certEntry += fmt.Sprintf(" chain:\n") + certEntry += fmt.Sprintf(" path: \"%s\"\n", cert.ChainPath) + if cert.ChainPermission != "" { + certEntry += fmt.Sprintf(" permission: \"%s\"\n", cert.ChainPermission) + } + + if cert.PostHookOnIssuance != "" || cert.PostHookOnRenewal != "" || cert.PostHookOnFailure != "" { + certEntry += " post-hooks:\n" + if cert.PostHookOnIssuance != "" { + certEntry += fmt.Sprintf(` on-issuance: + command: "%s" + timeout: 30 +`, cert.PostHookOnIssuance) + } + if cert.PostHookOnRenewal != "" { + certEntry += fmt.Sprintf(` on-renewal: + command: "%s" + timeout: 30 +`, cert.PostHookOnRenewal) + } + if cert.PostHookOnFailure != "" { + certEntry += fmt.Sprintf(` on-failure: + command: "%s" + timeout: 30 +`, cert.PostHookOnFailure) + } + } + + certEntries += certEntry + } + + config := fmt.Sprintf(`version: "v1" +infisical: + address: "%s" +auth: + type: "universal-auth" + config: + client-id: "%s" + client-secret: "%s" +certificates: +%s`, h.InfisicalURL, opts.ClientIDPath, opts.ClientSecretPath, certEntries) + + configPath := filepath.Join(h.TempDir, "agent-config.yaml") + err := os.WriteFile(configPath, []byte(config), 0644) + require.NoError(t, err) + + return configPath +} + +type AgentConfigOptions struct { + ClientIDPath string + ClientSecretPath string + Certificates []CertificateConfigEntry +} + +type CertificateConfigEntry struct { + ProjectSlug string + ProfileSlug string + CommonName string + TTL string + RenewBeforeExpiry string + StatusCheckInterval string + CertPath string + KeyPath string + ChainPath string + PostHookOnIssuance string + PostHookOnRenewal string + AltNames []string + CertPermission string + KeyPermission string + ChainPermission string + PostHookOnFailure string + CSR string + CSRPath string + KeyAlgorithm string + SignatureAlgorithm string + KeyUsages []string + ExtendedKeyUsages []string +} + +func (h *CertAgentTestHelper) WriteCredentialFiles() (clientIDPath, clientSecretPath string) { + t := h.T + + clientIDPath = filepath.Join(h.TempDir, "client-id") + err := os.WriteFile(clientIDPath, []byte(h.ClientID), 0600) + require.NoError(t, err) + + clientSecretPath = filepath.Join(h.TempDir, "client-secret") + err = os.WriteFile(clientSecretPath, []byte(h.ClientSecret), 0600) + require.NoError(t, err) + + return clientIDPath, clientSecretPath +} + +func VerifyCertificateFile(t *testing.T, path string) { + t.Helper() + + data, err := os.ReadFile(path) + require.NoError(t, err, "Failed to read certificate file at %s", path) + require.NotEmpty(t, data, "Certificate file at %s is empty", path) + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from %s", path) + require.Equal(t, "CERTIFICATE", block.Type, "Expected CERTIFICATE PEM block, got %s", block.Type) + + _, err = x509.ParseCertificate(block.Bytes) + require.NoError(t, err, "Failed to parse x509 certificate from %s", path) +} + +func VerifyPrivateKeyFile(t *testing.T, path string) { + t.Helper() + + data, err := os.ReadFile(path) + require.NoError(t, err, "Failed to read private key file at %s", path) + require.NotEmpty(t, data, "Private key file at %s is empty", path) + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from %s", path) + + _, err = x509.ParsePKCS8PrivateKey(block.Bytes) + if err != nil { + _, err = x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + _, err = x509.ParseECPrivateKey(block.Bytes) + require.NoError(t, err, "Failed to parse private key from %s (tried PKCS8, PKCS1, EC)", path) + } + } +} + +func VerifyChainFile(t *testing.T, path string) { + t.Helper() + + data, err := os.ReadFile(path) + require.NoError(t, err, "Failed to read chain file at %s", path) + if len(data) == 0 { + return + } + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from chain file %s", path) + require.Equal(t, "CERTIFICATE", block.Type, "Expected CERTIFICATE PEM block in chain, got %s", block.Type) +} + +func VerifyCertificateAltNames(t *testing.T, certPath string, expectedAltNames []string) { + t.Helper() + + data, err := os.ReadFile(certPath) + require.NoError(t, err, "Failed to read certificate file at %s", certPath) + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from %s", certPath) + + cert, err := x509.ParseCertificate(block.Bytes) + require.NoError(t, err, "Failed to parse x509 certificate from %s", certPath) + + for _, expected := range expectedAltNames { + require.Contains(t, cert.DNSNames, expected, "Certificate should contain SAN DNS name %s, got %v", expected, cert.DNSNames) + } +} + +func VerifyFilePermission(t *testing.T, filePath string, expectedPerm os.FileMode) { + t.Helper() + + info, err := os.Stat(filePath) + require.NoError(t, err, "Failed to stat file at %s", filePath) + + actualPerm := info.Mode().Perm() + require.Equal(t, expectedPerm, actualPerm, "File %s has permission %o, expected %o", filePath, actualPerm, expectedPerm) +} + +func VerifyCertificateCommonName(t *testing.T, certPath string, expectedCN string) { + t.Helper() + + data, err := os.ReadFile(certPath) + require.NoError(t, err, "Failed to read certificate file at %s", certPath) + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from %s", certPath) + + cert, err := x509.ParseCertificate(block.Bytes) + require.NoError(t, err, "Failed to parse x509 certificate from %s", certPath) + + require.Equal(t, expectedCN, cert.Subject.CommonName, + "Certificate CN mismatch: expected %s, got %s", expectedCN, cert.Subject.CommonName) +} + +func VerifyCertificateDNSName(t *testing.T, certPath string, expectedDNS string) { + t.Helper() + + data, err := os.ReadFile(certPath) + require.NoError(t, err, "Failed to read certificate file at %s", certPath) + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from %s", certPath) + + cert, err := x509.ParseCertificate(block.Bytes) + require.NoError(t, err, "Failed to parse x509 certificate from %s", certPath) + + require.Contains(t, cert.DNSNames, expectedDNS, + "Certificate should contain SAN DNS name %s, got %v", expectedDNS, cert.DNSNames) +} + +func VerifyCertificateKeyUsages(t *testing.T, certPath string, expectedUsages []string) { + t.Helper() + + data, err := os.ReadFile(certPath) + require.NoError(t, err, "Failed to read certificate file at %s", certPath) + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from %s", certPath) + + cert, err := x509.ParseCertificate(block.Bytes) + require.NoError(t, err, "Failed to parse x509 certificate from %s", certPath) + + keyUsageMap := map[string]x509.KeyUsage{ + "digital_signature": x509.KeyUsageDigitalSignature, + "key_encipherment": x509.KeyUsageKeyEncipherment, + "data_encipherment": x509.KeyUsageDataEncipherment, + "cert_sign": x509.KeyUsageCertSign, + "crl_sign": x509.KeyUsageCRLSign, + "content_commitment": x509.KeyUsageContentCommitment, + } + + for _, usage := range expectedUsages { + if ku, ok := keyUsageMap[usage]; ok { + require.True(t, cert.KeyUsage&ku != 0, + "Certificate should have key usage %s, but it does not (key usage bits: %b)", usage, cert.KeyUsage) + } + } +} + +func VerifyCertificateExtendedKeyUsages(t *testing.T, certPath string, expectedUsages []string) { + t.Helper() + + data, err := os.ReadFile(certPath) + require.NoError(t, err, "Failed to read certificate file at %s", certPath) + + block, _ := pem.Decode(data) + require.NotNil(t, block, "Failed to decode PEM block from %s", certPath) + + cert, err := x509.ParseCertificate(block.Bytes) + require.NoError(t, err, "Failed to parse x509 certificate from %s", certPath) + + extKeyUsageMap := map[string]x509.ExtKeyUsage{ + "server_auth": x509.ExtKeyUsageServerAuth, + "client_auth": x509.ExtKeyUsageClientAuth, + "code_signing": x509.ExtKeyUsageCodeSigning, + } + + for _, usage := range expectedUsages { + if eku, ok := extKeyUsageMap[usage]; ok { + found := false + for _, certEku := range cert.ExtKeyUsage { + if certEku == eku { + found = true + break + } + } + require.True(t, found, + "Certificate should have extended key usage %s, but it does not", usage) + } + } +} + +func (h *CertAgentTestHelper) IsBddNockAvailable() bool { + url := h.InfisicalURL + "/api/__bdd_nock__/define" + req, err := http.NewRequest("POST", url, bytes.NewReader([]byte("{}"))) + if err != nil { + return false + } + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+h.AdminToken) + + resp, err := (&http.Client{Timeout: 10 * time.Second}).Do(req) + if err != nil { + return false + } + defer resp.Body.Close() + + return resp.StatusCode != http.StatusNotFound && resp.StatusCode != http.StatusMethodNotAllowed +} + +func (h *CertAgentTestHelper) SetupBddNockMocks(certCount int) { + t := h.T + + if certCount < 1 { + certCount = 1 + } + + fakeAccountID := "fake-account-id" + fakeZoneID := "fake-zone-id" + + definitions := []map[string]interface{}{ + { + "scope": "https://api.cloudflare.com", + "method": "GET", + "path": fmt.Sprintf("/client/v4/accounts/%s", fakeAccountID), + "status": 200, + "response": map[string]interface{}{ + "success": true, + "result": map[string]interface{}{"id": fakeAccountID}, + }, + }, + } + + for i := 0; i < certCount; i++ { + definitions = append(definitions, + map[string]interface{}{ + "scope": "https://api.cloudflare.com", + "method": "POST", + "path": fmt.Sprintf("/client/v4/zones/%s/dns_records", fakeZoneID), + "status": 200, + "response": map[string]interface{}{ + "success": true, + "result": map[string]interface{}{"id": "fake-dns-record-id"}, + }, + }, + map[string]interface{}{ + "scope": "https://api.cloudflare.com", + "method": "GET", + "path": map[string]string{ + "regex": fmt.Sprintf("/client/v4/zones/%s/dns_records.*", fakeZoneID), + }, + "status": 200, + "response": map[string]interface{}{ + "success": true, + "result": []interface{}{}, + }, + }, + ) + } + + body := map[string]interface{}{ + "definitions": definitions, + } + + h.doPostWithToken("/__bdd_nock__/define", body, h.AdminToken) + t.Log("BDD nock mocks configured for Cloudflare API") +} + +func (h *CertAgentTestHelper) CreateCloudflareAppConnection() string { + t := h.T + + body := map[string]interface{}{ + "name": "test-cloudflare-conn", + "method": "api-token", + "credentials": map[string]interface{}{ + "accountId": "fake-account-id", + "apiToken": "fake-api-token", + }, + } + + respBody := h.doPostWithToken("/v1/app-connections/cloudflare", body, h.AdminToken) + + var resp map[string]interface{} + err := json.Unmarshal(respBody, &resp) + require.NoError(t, err, "Failed to unmarshal create Cloudflare connection response: %s", string(respBody)) + + connectionID := "" + if ac, ok := resp["appConnection"].(map[string]interface{}); ok { + if id, ok := ac["id"].(string); ok { + connectionID = id + } + } + if connectionID == "" { + if id, ok := resp["id"].(string); ok { + connectionID = id + } + } + require.NotEmpty(t, connectionID, "Cloudflare connection ID should not be empty, response: %s", string(respBody)) + + return connectionID +} + +func (h *CertAgentTestHelper) CreateAcmeCA(dnsConnectionID, directoryUrl string) { + t := h.T + + body := map[string]interface{}{ + "name": "test-acme-ca", + "projectId": h.ProjectID, + "status": "active", + "configuration": map[string]interface{}{ + "dnsAppConnectionId": dnsConnectionID, + "dnsProviderConfig": map[string]interface{}{ + "provider": "cloudflare", + "hostedZoneId": "fake-zone-id", + }, + "directoryUrl": directoryUrl, + "accountEmail": "test@example.com", + }, + } + + respBody := h.doPost("/v1/cert-manager/ca/acme", body) + + var resp map[string]interface{} + err := json.Unmarshal(respBody, &resp) + require.NoError(t, err, "Failed to unmarshal create ACME CA response: %s", string(respBody)) + + caID := "" + if id, ok := resp["id"].(string); ok { + caID = id + } else if ca, ok := resp["ca"].(map[string]interface{}); ok { + if id, ok := ca["id"].(string); ok { + caID = id + } + } + require.NotEmpty(t, caID, "ACME CA ID should not be empty, response: %s", string(respBody)) + + h.CaID = caID +} + +func GenerateCSR(t *testing.T, commonName string) (csrPEM string, keyPEM string) { + t.Helper() + + key, err := rsa.GenerateKey(rand.Reader, 2048) + require.NoError(t, err, "Failed to generate RSA key") + + template := &x509.CertificateRequest{ + Subject: pkix.Name{ + CommonName: commonName, + }, + DNSNames: []string{commonName}, + } + + csrDER, err := x509.CreateCertificateRequest(rand.Reader, template, key) + require.NoError(t, err, "Failed to create CSR") + + csrBlock := &pem.Block{ + Type: "CERTIFICATE REQUEST", + Bytes: csrDER, + } + csrBuf := pem.EncodeToMemory(csrBlock) + + keyBlock := &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(key), + } + keyBuf := pem.EncodeToMemory(keyBlock) + + return string(csrBuf), string(keyBuf) +} diff --git a/e2e/agent/certificate_test.go b/e2e/agent/certificate_test.go new file mode 100644 index 00000000..08142be2 --- /dev/null +++ b/e2e/agent/certificate_test.go @@ -0,0 +1,1915 @@ +package agent_test + +import ( + "context" + "fmt" + "log/slog" + "net/http" + "os" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/joho/godotenv" + + agentHelpers "github.com/infisical/cli/e2e-tests/agent" + "github.com/infisical/cli/e2e-tests/packages/client" + helpers "github.com/infisical/cli/e2e-tests/util" + "github.com/oapi-codegen/oapi-codegen/v2/pkg/securityprovider" + "github.com/stretchr/testify/require" +) + +func TestMain(m *testing.M) { + _ = godotenv.Load("../.env") + os.Exit(m.Run()) +} + +func setupCertAgentTest(t *testing.T, ctx context.Context, policyOpts ...agentHelpers.CertificatePolicyOption) *agentHelpers.CertAgentTestHelper { + infisical := helpers.NewInfisicalService().Up(t, ctx) + + identity := infisical.CreateMachineIdentity(t, ctx, helpers.WithTokenAuth()) + require.NotNil(t, identity.TokenAuthToken) + identityToken := *identity.TokenAuthToken + + helper := &agentHelpers.CertAgentTestHelper{ + T: t, + IdentityToken: identityToken, + AdminToken: infisical.ProvisionResult().Token, + InfisicalURL: infisical.ApiUrl(t), + TempDir: t.TempDir(), + } + + helper.SetupUniversalAuth(identity.Id) + slog.Info("Universal auth configured", "clientID", helper.ClientID) + + bearerAuth, err := securityprovider.NewSecurityProviderBearerToken(identityToken) + require.NoError(t, err) + + identityClient, err := client.NewClientWithResponses( + infisical.ApiUrl(t), + client.WithHTTPClient(&http.Client{}), + client.WithRequestEditorFn(bearerAuth.Intercept), + ) + require.NoError(t, err) + + projectType := client.CertManager + projectResp, err := identityClient.CreateProjectWithResponse(ctx, client.CreateProjectJSONRequestBody{ + ProjectName: "cert-test-" + helpers.RandomSlug(2), + Type: &projectType, + }) + require.NoError(t, err) + require.Equal(t, http.StatusOK, projectResp.StatusCode(), "Failed to create project: %s", string(projectResp.Body)) + + helper.ProjectID = projectResp.JSON200.Project.Id + helper.ProjectSlug = projectResp.JSON200.Project.Slug + slog.Info("Created cert-manager project", "id", helper.ProjectID, "slug", helper.ProjectSlug) + + helper.CreateInternalCA() + slog.Info("Created internal CA", "id", helper.CaID) + + helper.CreateCertificatePolicy("test-policy-"+helpers.RandomSlug(2), policyOpts...) + slog.Info("Created certificate policy", "id", helper.PolicyID) + + helper.CreateCertificateProfile("test-profile-" + helpers.RandomSlug(2)) + slog.Info("Created certificate profile", "id", helper.ProfileID, "name", helper.ProfileSlug) + + return helper +} + +func certAgent_BasicCertificateIssuance(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "test.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + result := helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "certificate management engine starting", + Timeout: 60 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Agent failed to start cert management engine") + + result = helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "certificate issued successfully", + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Certificate was not issued successfully") + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyPrivateKeyFile(t, keyPath) + agentHelpers.VerifyChainFile(t, chainPath) + agentHelpers.VerifyCertificateCommonName(t, certPath, "test.example.com") +} + +func certAgent_CertificateRenewal(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx, + agentHelpers.WithAllowKeyAlgorithms("RSA_2048"), + agentHelpers.WithAllowSignatureAlgorithms("SHA256-RSA"), + ) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + // Use short TTL (2m) and renew-before-expiry (1m30s) so renewal triggers at ~30s after issuance. + // Explicitly set algorithms so the backend stores them correctly in the DB for renewal validation. + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "renew.example.com", + TTL: "2m", + RenewBeforeExpiry: "1m30s", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + KeyAlgorithm: "RSA_2048", + SignatureAlgorithm: "RSA-SHA256", + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + result := helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "certificate issued successfully", + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Initial certificate was not issued") + + initialCert, err := os.ReadFile(certPath) + require.NoError(t, err) + require.NotEmpty(t, initialCert) + + // Wait for the agent to complete renewal. With TTL=2m and renew-before-expiry=1m30s, + // renewal should trigger ~30s after issuance. + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 90 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate renewed successfully") || + strings.Contains(stderr, "successfully renewed certificate") { + return helpers.ConditionSuccess + } + return helpers.ConditionWait + }, + }) + require.Equal(t, helpers.WaitSuccess, waitResult, "Certificate renewal should complete. stderr:\n%s", cmd.Stderr()) + + renewedCert, err := os.ReadFile(certPath) + require.NoError(t, err) + require.NotEqual(t, string(initialCert), string(renewedCert), "Certificate content should have changed after renewal") + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyPrivateKeyFile(t, keyPath) +} + +func certAgent_PostHookExecution(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + markerFile := filepath.Join(helper.TempDir, "hook-executed") + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "hook.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + PostHookOnIssuance: fmt.Sprintf("touch %s", markerFile), + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{ + "PATH": os.Getenv("PATH"), + }, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + result := helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "post-hook execution successful", + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Post-hook was not executed successfully") + + _, err := os.Stat(markerFile) + require.NoError(t, err, "Post-hook marker file should exist at %s", markerFile) + +} + +func certAgent_MultipleCertificates(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + firstProfileName := helper.ProfileSlug + + helper.CreateCertificateProfile("second-profile-" + helpers.RandomSlug(2)) + secondProfileName := helper.ProfileSlug + slog.Info("Created second certificate profile", "name", secondProfileName) + + certDir1 := filepath.Join(helper.TempDir, "cert1") + certDir2 := filepath.Join(helper.TempDir, "cert2") + require.NoError(t, os.MkdirAll(certDir1, 0755)) + require.NoError(t, os.MkdirAll(certDir2, 0755)) + + certPath1, keyPath1, chainPath1 := agentHelpers.CertFilePaths(certDir1) + certPath2, keyPath2, chainPath2 := agentHelpers.CertFilePaths(certDir2) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: firstProfileName, + CommonName: "multi1.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath1, + KeyPath: keyPath1, + ChainPath: chainPath1, + }, + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: secondProfileName, + CommonName: "multi2.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath2, + KeyPath: keyPath2, + ChainPath: chainPath2, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + result := helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "certificate management engine starting", + Timeout: 60 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Agent failed to start cert management engine") + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 120 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + if strings.Count(cmd.Stderr(), "certificate issued successfully") >= 2 { + return helpers.ConditionSuccess + } + return helpers.ConditionWait + }, + }) + require.Equal(t, helpers.WaitSuccess, waitResult, "Both certificates should have been issued") + + agentHelpers.VerifyCertificateFile(t, certPath1) + agentHelpers.VerifyPrivateKeyFile(t, keyPath1) + agentHelpers.VerifyChainFile(t, chainPath1) + + agentHelpers.VerifyCertificateFile(t, certPath2) + agentHelpers.VerifyPrivateKeyFile(t, keyPath2) + agentHelpers.VerifyChainFile(t, chainPath2) + +} + +func certAgent_FilePermissions(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "perms.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + CertPermission: "0644", + KeyPermission: "0640", + ChainPermission: "0644", + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + result := helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "certificate issued successfully", + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Certificate was not issued successfully") + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyPrivateKeyFile(t, keyPath) + agentHelpers.VerifyChainFile(t, chainPath) + + agentHelpers.VerifyFilePermission(t, certPath, 0644) + agentHelpers.VerifyFilePermission(t, keyPath, 0640) + agentHelpers.VerifyFilePermission(t, chainPath, 0644) + +} + +func certAgent_AltNames(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx, agentHelpers.WithAllowAltNames()) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + expectedAltNames := []string{"sub1.example.com", "sub2.example.com"} + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "altnames.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + AltNames: expectedAltNames, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + result := helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "certificate issued successfully", + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Certificate was not issued successfully") + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyPrivateKeyFile(t, keyPath) + agentHelpers.VerifyChainFile(t, chainPath) + + agentHelpers.VerifyCertificateAltNames(t, certPath, expectedAltNames) + +} + +func certAgent_CSRBasedIssuance(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx, + agentHelpers.WithAllowKeyAlgorithms("RSA_2048"), + agentHelpers.WithAllowSignatureAlgorithms("SHA256-RSA"), + agentHelpers.WithAllowAltNames(), + ) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, _, chainPath := agentHelpers.CertFilePaths(certDir) + keyPath := filepath.Join(certDir, "key.pem") + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + csrPEM, _ := agentHelpers.GenerateCSR(t, "csr-test.example.com") + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "csr-test.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + CSR: csrPEM, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate issued successfully") { + return helpers.ConditionSuccess + } + if strings.Contains(stderr, "failed to issue certificate") { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "CSR-based issuance should succeed. stderr:\n%s", cmd.Stderr()) + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyChainFile(t, chainPath) +} + +func certAgent_CSRPathBasedIssuance(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx, + agentHelpers.WithAllowKeyAlgorithms("RSA_2048"), + agentHelpers.WithAllowSignatureAlgorithms("SHA256-RSA"), + agentHelpers.WithAllowAltNames(), + ) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, _, chainPath := agentHelpers.CertFilePaths(certDir) + keyPath := filepath.Join(certDir, "key.pem") + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + csrPEM, _ := agentHelpers.GenerateCSR(t, "csrpath-test.example.com") + csrFilePath := filepath.Join(helper.TempDir, "test.csr") + err := os.WriteFile(csrFilePath, []byte(csrPEM), 0600) + require.NoError(t, err) + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "csrpath-test.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + CSRPath: csrFilePath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate issued successfully") { + return helpers.ConditionSuccess + } + if strings.Contains(stderr, "failed to issue certificate") { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "CSR-path based issuance should succeed. stderr:\n%s", cmd.Stderr()) + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyChainFile(t, chainPath) +} + +func certAgent_AcmeCA_CertificateIssuance(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, _ := setupAcmeCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "acme-test.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 180 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate issued successfully") { + return helpers.ConditionSuccess + } + if strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "initial certificate issuance failed") || + strings.Contains(stderr, "certificate request failed") { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "ACME certificate issuance should succeed. stderr:\n%s", cmd.Stderr()) + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyPrivateKeyFile(t, keyPath) + if _, err := os.Stat(chainPath); err == nil { + agentHelpers.VerifyChainFile(t, chainPath) + } +} + +func setupAcmeCertAgentTest(t *testing.T, ctx context.Context, certCount ...int) (*agentHelpers.CertAgentTestHelper, string) { //nolint:unparam + return setupAcmeCertAgentTestWithOpts(t, ctx, nil, certCount...) +} + +func setupAcmeCertAgentTestWithOpts(t *testing.T, ctx context.Context, policyOpts []agentHelpers.CertificatePolicyOption, certCount ...int) (*agentHelpers.CertAgentTestHelper, string) { + infisical := helpers.NewInfisicalServiceWithAcme().Up(t, ctx) + + identity := infisical.CreateMachineIdentity(t, ctx, helpers.WithTokenAuth()) + require.NotNil(t, identity.TokenAuthToken) + identityToken := *identity.TokenAuthToken + + helper := &agentHelpers.CertAgentTestHelper{ + T: t, + IdentityToken: identityToken, + AdminToken: infisical.ProvisionResult().Token, + InfisicalURL: infisical.ApiUrl(t), + TempDir: t.TempDir(), + } + + helper.SetupUniversalAuth(identity.Id) + + bearerAuth, err := securityprovider.NewSecurityProviderBearerToken(identityToken) + require.NoError(t, err) + + identityClient, err := client.NewClientWithResponses( + infisical.ApiUrl(t), + client.WithHTTPClient(&http.Client{}), + client.WithRequestEditorFn(bearerAuth.Intercept), + ) + require.NoError(t, err) + + projectType := client.CertManager + projectResp, err := identityClient.CreateProjectWithResponse(ctx, client.CreateProjectJSONRequestBody{ + ProjectName: "cert-acme-" + helpers.RandomSlug(2), + Type: &projectType, + }) + require.NoError(t, err) + require.Equal(t, http.StatusOK, projectResp.StatusCode(), "Failed to create project: %s", string(projectResp.Body)) + + helper.ProjectID = projectResp.JSON200.Project.Id + helper.ProjectSlug = projectResp.JSON200.Project.Slug + + if !helper.IsBddNockAvailable() { + t.Skip("BDD nock API not available — backend was not built with Dockerfile.dev") + } + + nockCertCount := 1 + if len(certCount) > 0 && certCount[0] > 1 { + nockCertCount = certCount[0] + } + helper.SetupBddNockMocks(nockCertCount) + + connectionID := helper.CreateCloudflareAppConnection() + + helper.CreateAcmeCA(connectionID, helpers.PebbleInternalUrl()) + + helper.CreateCertificatePolicy("acme-policy-"+helpers.RandomSlug(2), policyOpts...) + helper.CreateCertificateProfile("acme-profile-" + helpers.RandomSlug(2)) + + return helper, connectionID +} + +func certAgent_AcmeCA_Validation_DuplicateCAName(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, connectionID := setupAcmeCertAgentTest(t, ctx) + + statusCode, respBody := helper.CreateAcmeCARaw( + "test-acme-ca", + connectionID, + helpers.PebbleInternalUrl(), + "cloudflare", + "fake-zone-id", + "test@example.com", + ) + + require.True(t, statusCode >= 400, "Duplicate CA name should be rejected, got status %d: %s", statusCode, string(respBody)) +} + +func certAgent_AcmeCA_Validation_InvalidDirectoryUrl(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, connectionID := setupAcmeCertAgentTest(t, ctx) + + statusCode, respBody := helper.CreateAcmeCARaw( + "invalid-url-ca", + connectionID, + "not-a-valid-url", + "cloudflare", + "fake-zone-id", + "test@example.com", + ) + + require.True(t, statusCode >= 400, "Invalid directory URL should be rejected, got status %d: %s", statusCode, string(respBody)) +} + +func certAgent_AcmeCA_Validation_MissingRequiredFields(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, connectionID := setupAcmeCertAgentTest(t, ctx) + + statusCode, respBody := helper.CreateAcmeCARaw( + "missing-email-ca", + connectionID, + helpers.PebbleInternalUrl(), + "cloudflare", + "fake-zone-id", + "", + ) + + require.True(t, statusCode >= 400, "Missing accountEmail should be rejected, got status %d: %s", statusCode, string(respBody)) + + statusCode, respBody = helper.CreateAcmeCARaw( + "missing-zone-ca", + connectionID, + helpers.PebbleInternalUrl(), + "cloudflare", + "", + "test@example.com", + ) + + require.True(t, statusCode >= 400, "Missing hostedZoneId should be rejected, got status %d: %s", statusCode, string(respBody)) + +} + +func certAgent_AcmeCA_Validation_InvalidDnsProvider(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, connectionID := setupAcmeCertAgentTest(t, ctx) + + statusCode, respBody := helper.CreateAcmeCARaw( + "invalid-provider-ca", + connectionID, + helpers.PebbleInternalUrl(), + "invalid-provider", + "fake-zone-id", + "test@example.com", + ) + + require.True(t, statusCode >= 400, "Invalid DNS provider should be rejected, got status %d: %s", statusCode, string(respBody)) +} + +func certAgent_AcmeCA_Validation_NonexistentAppConnection(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, _ := setupAcmeCertAgentTest(t, ctx) + + statusCode, respBody := helper.CreateAcmeCARaw( + "bad-conn-ca", + "00000000-0000-0000-0000-000000000000", + helpers.PebbleInternalUrl(), + "cloudflare", + "fake-zone-id", + "test@example.com", + ) + + require.True(t, statusCode >= 400, "Nonexistent app connection should be rejected, got status %d: %s", statusCode, string(respBody)) +} + +func certAgent_AcmeCA_DisabledCA(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, _ := setupAcmeCertAgentTest(t, ctx) + + helper.DisableAcmeCA(helper.CaID) + slog.Info("Disabled ACME CA", "id", helper.CaID) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "disabled-ca.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 120 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "initial certificate issuance failed") || + strings.Contains(stderr, "disabled") { + return helpers.ConditionSuccess + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "Agent should report failure when CA is disabled") + + _, err := os.Stat(certPath) + require.True(t, os.IsNotExist(err), "Certificate file should not exist when CA is disabled") + +} + +func certAgent_AcmeCA_MultipleCertificates(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, _ := setupAcmeCertAgentTest(t, ctx, 2) + + firstProfileSlug := helper.ProfileSlug + + helper.CreateCertificateProfile("acme-profile2-" + helpers.RandomSlug(2)) + secondProfileSlug := helper.ProfileSlug + + certDir1 := filepath.Join(helper.TempDir, "cert1") + certDir2 := filepath.Join(helper.TempDir, "cert2") + require.NoError(t, os.MkdirAll(certDir1, 0755)) + require.NoError(t, os.MkdirAll(certDir2, 0755)) + + certPath1, keyPath1, chainPath1 := agentHelpers.CertFilePaths(certDir1) + certPath2, keyPath2, chainPath2 := agentHelpers.CertFilePaths(certDir2) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: firstProfileSlug, + CommonName: "acme-multi1.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath1, + KeyPath: keyPath1, + ChainPath: chainPath1, + }, + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: secondProfileSlug, + CommonName: "acme-multi2.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath2, + KeyPath: keyPath2, + ChainPath: chainPath2, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 180 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + _, err1 := os.Stat(certPath1) + _, err2 := os.Stat(certPath2) + if err1 == nil && err2 == nil { + return helpers.ConditionSuccess + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "Both ACME certificates should be issued. stderr:\n%s", cmd.Stderr()) + + agentHelpers.VerifyCertificateFile(t, certPath1) + agentHelpers.VerifyPrivateKeyFile(t, keyPath1) + if _, err := os.Stat(chainPath1); err == nil { + agentHelpers.VerifyChainFile(t, chainPath1) + } + + agentHelpers.VerifyCertificateFile(t, certPath2) + agentHelpers.VerifyPrivateKeyFile(t, keyPath2) + if _, err := os.Stat(chainPath2); err == nil { + agentHelpers.VerifyChainFile(t, chainPath2) + } +} + +func certAgent_AcmeCA_PostHookExecution(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, _ := setupAcmeCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + markerFile := filepath.Join(helper.TempDir, "acme-hook-executed") + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "acme-hook.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + PostHookOnIssuance: fmt.Sprintf("touch %s", markerFile), + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{ + "PATH": os.Getenv("PATH"), + }, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 180 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "post-hook execution successful") { + return helpers.ConditionSuccess + } + if strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "initial certificate issuance failed") { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "ACME post-hook should execute successfully. stderr:\n%s", cmd.Stderr()) + + _, err := os.Stat(markerFile) + require.NoError(t, err, "Post-hook marker file should exist at %s", markerFile) + agentHelpers.VerifyCertificateFile(t, certPath) +} + +func certAgent_AcmeCA_CSRBasedIssuance(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper, _ := setupAcmeCertAgentTestWithOpts(t, ctx, []agentHelpers.CertificatePolicyOption{ + agentHelpers.WithAllowKeyAlgorithms("RSA_2048"), + agentHelpers.WithAllowSignatureAlgorithms("SHA256-RSA"), + agentHelpers.WithAllowAltNames(), + }) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, _, chainPath := agentHelpers.CertFilePaths(certDir) + keyPath := filepath.Join(certDir, "key.pem") + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + csrPEM, _ := agentHelpers.GenerateCSR(t, "acme-csr.example.com") + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "acme-csr.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + CSR: csrPEM, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 180 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate issued successfully") { + return helpers.ConditionSuccess + } + if strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "initial certificate issuance failed") || + strings.Contains(stderr, "certificate request failed") { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "ACME CSR-based issuance should succeed. stderr:\n%s", cmd.Stderr()) + + agentHelpers.VerifyCertificateFile(t, certPath) + if _, err := os.Stat(chainPath); err == nil { + agentHelpers.VerifyChainFile(t, chainPath) + } + agentHelpers.VerifyCertificateDNSName(t, certPath, "acme-csr.example.com") +} + +func certAgent_IssuanceFailureReporting(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: "nonexistent-profile-" + helpers.RandomSlug(2), + CommonName: "failure.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "failed to resolve") || + strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "certificate request failed") || + strings.Contains(stderr, "initial certificate issuance failed") { + return helpers.ConditionSuccess + } + if !cmd.IsRunning() { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.True(t, waitResult == helpers.WaitSuccess || waitResult == helpers.WaitBreakEarly, + "Agent should report a failure for nonexistent profile") + + stderr := cmd.Stderr() + require.True(t, + strings.Contains(stderr, "failed to resolve") || + strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "initial certificate issuance failed"), + "Agent should log the failure reason in stderr") + + _, err := os.Stat(certPath) + require.True(t, os.IsNotExist(err), "Certificate file should not exist when issuance fails") +} + +func certAgent_CertificateWithFullAttributes(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx, + agentHelpers.WithAllowKeyAlgorithms("RSA_2048"), + agentHelpers.WithAllowKeyUsages("digital_signature", "key_encipherment"), + agentHelpers.WithAllowExtendedKeyUsages("server_auth"), + ) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "fullattrs.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + KeyAlgorithm: "RSA_2048", + KeyUsages: []string{"digital_signature", "key_encipherment"}, + ExtendedKeyUsages: []string{"server_auth"}, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate issued successfully") { + return helpers.ConditionSuccess + } + if strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "initial certificate issuance failed") { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.Equal(t, helpers.WaitSuccess, waitResult, "Certificate with full attributes should be issued. stderr:\n%s", cmd.Stderr()) + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyPrivateKeyFile(t, keyPath) + agentHelpers.VerifyChainFile(t, chainPath) + + agentHelpers.VerifyCertificateCommonName(t, certPath, "fullattrs.example.com") + agentHelpers.VerifyCertificateKeyUsages(t, certPath, []string{"digital_signature", "key_encipherment"}) + agentHelpers.VerifyCertificateExtendedKeyUsages(t, certPath, []string{"server_auth"}) +} + +func certAgent_Validation_RenewBeforeExpiryExceedsTTL(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + // renew-before-expiry (2h) exceeds TTL (1h) + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "invalid-renew.example.com", + TTL: "1h", + RenewBeforeExpiry: "2h", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + Timeout: 30 * time.Second, + Interval: 1 * time.Second, + Condition: func() helpers.ConditionResult { + if !cmd.IsRunning() { + return helpers.ConditionSuccess + } + stderr := cmd.Stderr() + if strings.Contains(stderr, "renew-before-expiry") && strings.Contains(stderr, "must be less than TTL") { + return helpers.ConditionSuccess + } + return helpers.ConditionWait + }, + }) + require.Equal(t, helpers.WaitSuccess, waitResult, "Agent should fail validation for renew-before-expiry > TTL") + + stderr := cmd.Stderr() + require.Contains(t, stderr, "renew-before-expiry", "Stderr should mention renew-before-expiry") + require.Contains(t, stderr, "must be less than TTL", "Stderr should mention TTL constraint") + +} + +func certAgent_Validation_BothCSRAndCSRPath(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + csrPEM, _ := agentHelpers.GenerateCSR(t, "both-csr.example.com") + csrFilePath := filepath.Join(helper.TempDir, "test.csr") + err := os.WriteFile(csrFilePath, []byte(csrPEM), 0600) + require.NoError(t, err) + + // Set both CSR and CSRPath — this should be rejected + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "both-csr.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + CSR: csrPEM, + CSRPath: csrFilePath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + Timeout: 30 * time.Second, + Interval: 1 * time.Second, + Condition: func() helpers.ConditionResult { + if !cmd.IsRunning() { + return helpers.ConditionSuccess + } + stderr := cmd.Stderr() + if strings.Contains(stderr, "cannot specify both") { + return helpers.ConditionSuccess + } + return helpers.ConditionWait + }, + }) + require.Equal(t, helpers.WaitSuccess, waitResult, "Agent should fail validation for both CSR and CSR-path") + + stderr := cmd.Stderr() + require.Contains(t, stderr, "cannot specify both", "Stderr should mention that both CSR and CSR-path cannot be specified") + +} + +func certAgent_Validation_InvalidAuthCredentials(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + fakeClientIDPath := filepath.Join(helper.TempDir, "fake-client-id") + err := os.WriteFile(fakeClientIDPath, []byte("fake-client-id-00000"), 0600) + require.NoError(t, err) + + fakeClientSecretPath := filepath.Join(helper.TempDir, "fake-client-secret") + err = os.WriteFile(fakeClientSecretPath, []byte("fake-client-secret-00000"), 0600) + require.NoError(t, err) + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: fakeClientIDPath, + ClientSecretPath: fakeClientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "badauth.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + Timeout: 60 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "unable to authenticate") || + strings.Contains(stderr, "UniversalAuthLogin failed") || + strings.Contains(stderr, "failed to create authenticated client") || + strings.Contains(stderr, "failed to resolve certificate name references") { + return helpers.ConditionSuccess + } + if !cmd.IsRunning() { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.True(t, waitResult == helpers.WaitSuccess || waitResult == helpers.WaitBreakEarly, + "Agent should fail with invalid credentials") + +} + +func certAgent_Validation_MissingCertificatePath(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "nopath.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: "", + KeyPath: "", + ChainPath: "", + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate.path is required") || + strings.Contains(stderr, "failed to write certificate") { + return helpers.ConditionSuccess + } + if !cmd.IsRunning() { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.True(t, waitResult == helpers.WaitSuccess || waitResult == helpers.WaitBreakEarly, + "Agent should fail when certificate file paths are empty") + + stderr := cmd.Stderr() + require.True(t, + strings.Contains(stderr, "certificate.path is required") || + strings.Contains(stderr, "failed to write certificate"), + "Stderr should report a path-related validation error, got:\n%s", stderr) +} + +func certAgent_Validation_NonexistentProjectSlug(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: "nonexistent-project-slug", + ProfileSlug: helper.ProfileSlug, + CommonName: "bad-project.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + Timeout: 60 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "failed to resolve") { + return helpers.ConditionSuccess + } + if !cmd.IsRunning() { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + + require.True(t, waitResult == helpers.WaitSuccess || waitResult == helpers.WaitBreakEarly, + "Agent should fail with nonexistent project slug") + + stderr := cmd.Stderr() + require.Contains(t, stderr, "failed to resolve", + "Agent should report resolution failure for nonexistent project slug") + +} + + +func certAgent_OnRenewalPostHook(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + // Renewal re-validates the original cert's algorithms against the policy. + helper := setupCertAgentTest(t, ctx, + agentHelpers.WithAllowKeyAlgorithms("RSA_2048"), + agentHelpers.WithAllowSignatureAlgorithms("SHA256-RSA"), + ) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + renewalMarker := filepath.Join(helper.TempDir, "on-renewal-hook-executed") + + // Short TTL (2m) and renew-before-expiry (1m30s) so renewal triggers ~30s after issuance + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "renewal-hook.example.com", + TTL: "2m", + KeyAlgorithm: "RSA_2048", + SignatureAlgorithm: "RSA-SHA256", + RenewBeforeExpiry: "1m30s", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + PostHookOnRenewal: fmt.Sprintf("touch %s", renewalMarker), + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{ + "PATH": os.Getenv("PATH"), + }, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + // Wait for initial issuance + result := helpers.WaitForStderr(t, helpers.WaitForStderrOptions{ + EnsureCmdRunning: &cmd, + ExpectedString: "certificate issued successfully", + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + }) + require.Equal(t, helpers.WaitSuccess, result, "Initial certificate should be issued") + + // Wait for renewal to complete and on-renewal hook to fire + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 90 * time.Second, + Interval: 3 * time.Second, + Condition: func() helpers.ConditionResult { + if _, err := os.Stat(renewalMarker); err == nil { + return helpers.ConditionSuccess + } + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate renewed successfully") || + strings.Contains(stderr, "successfully renewed certificate") { + return helpers.ConditionSuccess + } + return helpers.ConditionWait + }, + }) + require.Equal(t, helpers.WaitSuccess, waitResult, "On-renewal hook should fire after renewal. stderr:\n%s", cmd.Stderr()) + + _, err := os.Stat(renewalMarker) + require.NoError(t, err, "On-renewal post-hook marker file should exist at %s", renewalMarker) +} + +func certAgent_SignatureAlgorithm(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + helper := setupCertAgentTest(t, ctx, + agentHelpers.WithAllowKeyAlgorithms("RSA_2048"), + agentHelpers.WithAllowSignatureAlgorithms("SHA256-RSA"), + ) + + certDir := filepath.Join(helper.TempDir, "certs") + require.NoError(t, os.MkdirAll(certDir, 0755)) + certPath, keyPath, chainPath := agentHelpers.CertFilePaths(certDir) + + clientIDPath, clientSecretPath := helper.WriteCredentialFiles() + + configPath := helper.GenerateAgentConfig(agentHelpers.AgentConfigOptions{ + ClientIDPath: clientIDPath, + ClientSecretPath: clientSecretPath, + Certificates: []agentHelpers.CertificateConfigEntry{ + { + ProjectSlug: helper.ProjectSlug, + ProfileSlug: helper.ProfileSlug, + CommonName: "sigalg.example.com", + TTL: "1h", + RenewBeforeExpiry: "10m", + StatusCheckInterval: "5s", + CertPath: certPath, + KeyPath: keyPath, + ChainPath: chainPath, + KeyAlgorithm: "RSA_2048", + SignatureAlgorithm: "RSA-SHA256", + }, + }, + }) + + cmd := helpers.Command{ + Test: t, + Args: []string{"cert-manager", "agent", "--config", configPath, "--verbose"}, + Env: map[string]string{}, + } + cmd.Start(ctx) + t.Cleanup(func() { + if t.Failed() { + t.Logf("Agent stderr:\n%s", cmd.Stderr()) + t.Logf("Agent stdout:\n%s", cmd.Stdout()) + } + cmd.Stop() + }) + + waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ + EnsureCmdRunning: &cmd, + Timeout: 120 * time.Second, + Interval: 2 * time.Second, + Condition: func() helpers.ConditionResult { + stderr := cmd.Stderr() + if strings.Contains(stderr, "certificate issued successfully") { + return helpers.ConditionSuccess + } + if strings.Contains(stderr, "failed to issue certificate") || + strings.Contains(stderr, "initial certificate issuance failed") { + return helpers.ConditionBreakEarly + } + return helpers.ConditionWait + }, + }) + require.Equal(t, helpers.WaitSuccess, waitResult, "Certificate with signature algorithm should be issued. stderr:\n%s", cmd.Stderr()) + + agentHelpers.VerifyCertificateFile(t, certPath) + agentHelpers.VerifyPrivateKeyFile(t, keyPath) + agentHelpers.VerifyChainFile(t, chainPath) + agentHelpers.VerifyCertificateCommonName(t, certPath, "sigalg.example.com") +} + +func TestCertAgent_InternalCA(t *testing.T) { + t.Run("BasicCertificateIssuance", certAgent_BasicCertificateIssuance) + t.Run("CertificateRenewal", certAgent_CertificateRenewal) + t.Run("PostHookExecution", certAgent_PostHookExecution) + t.Run("MultipleCertificates", certAgent_MultipleCertificates) + t.Run("FilePermissions", certAgent_FilePermissions) + t.Run("AltNames", certAgent_AltNames) + t.Run("CSRBasedIssuance", certAgent_CSRBasedIssuance) + t.Run("CSRPathBasedIssuance", certAgent_CSRPathBasedIssuance) + t.Run("IssuanceFailureReporting", certAgent_IssuanceFailureReporting) + t.Run("CertificateWithFullAttributes", certAgent_CertificateWithFullAttributes) + t.Run("Validation_RenewBeforeExpiryExceedsTTL", certAgent_Validation_RenewBeforeExpiryExceedsTTL) + t.Run("Validation_BothCSRAndCSRPath", certAgent_Validation_BothCSRAndCSRPath) + t.Run("Validation_InvalidAuthCredentials", certAgent_Validation_InvalidAuthCredentials) + t.Run("Validation_MissingCertificatePath", certAgent_Validation_MissingCertificatePath) + t.Run("Validation_NonexistentProjectSlug", certAgent_Validation_NonexistentProjectSlug) + t.Run("OnRenewalPostHook", certAgent_OnRenewalPostHook) + t.Run("SignatureAlgorithm", certAgent_SignatureAlgorithm) +} + +func TestCertAgent_AcmeCA(t *testing.T) { + t.Run("CertificateIssuance", certAgent_AcmeCA_CertificateIssuance) + t.Run("Validation_DuplicateCAName", certAgent_AcmeCA_Validation_DuplicateCAName) + t.Run("Validation_InvalidDirectoryUrl", certAgent_AcmeCA_Validation_InvalidDirectoryUrl) + t.Run("Validation_MissingRequiredFields", certAgent_AcmeCA_Validation_MissingRequiredFields) + t.Run("Validation_InvalidDnsProvider", certAgent_AcmeCA_Validation_InvalidDnsProvider) + t.Run("Validation_NonexistentAppConnection", certAgent_AcmeCA_Validation_NonexistentAppConnection) + t.Run("DisabledCA", certAgent_AcmeCA_DisabledCA) + t.Run("MultipleCertificates", certAgent_AcmeCA_MultipleCertificates) + t.Run("PostHookExecution", certAgent_AcmeCA_PostHookExecution) + t.Run("CSRBasedIssuance", certAgent_AcmeCA_CSRBasedIssuance) +} diff --git a/e2e/packages/client/reset_db.go b/e2e/packages/client/reset_db.go index 09626942..182f7b52 100644 --- a/e2e/packages/client/reset_db.go +++ b/e2e/packages/client/reset_db.go @@ -118,6 +118,11 @@ func resetPostgresDB(ctx context.Context, opts ResetDBOptions) error { return err } + if len(tables) == 0 { + slog.Info("No tables found in database, skipping reset (DB not yet migrated)") + return nil + } + // Build truncate statement with all tables tablesToTruncate := make([]string, 0) for _, table := range tables { diff --git a/e2e/packages/infisical/compose.go b/e2e/packages/infisical/compose.go index ef610a53..899b1800 100644 --- a/e2e/packages/infisical/compose.go +++ b/e2e/packages/infisical/compose.go @@ -17,6 +17,7 @@ import ( "github.com/docker/compose/v2/pkg/api" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/image" "github.com/docker/docker/api/types/network" "github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go/modules/compose" @@ -108,19 +109,45 @@ func (s *Stack) Up(ctx context.Context) error { hashHex := hex.EncodeToString(hashBytes[:]) uniqueName := fmt.Sprintf("infisical-cli-bdd-%s", hashHex) - // Skip cache lookup if CLI_E2E_DISABLE_COMPOSE_CACHE is set - if os.Getenv("CLI_E2E_DISABLE_COMPOSE_CACHE") == "1" { - slog.Info("Disable compose cache", "name", uniqueName) - } else { + disableCache := os.Getenv("CLI_E2E_DISABLE_COMPOSE_CACHE") == "1" + + // If containers were already created in this test run, just reset the DB. + if s.dockerCompose != nil { + slog.Info("Reusing containers from current test run", "name", uniqueName) + return s.dockerCompose.Up(ctx) + } + + // Try to reuse containers from a previous run (unless cache is disabled). + if !disableCache { reused, err := s.tryReuseExistingContainers(ctx, uniqueName) if err != nil { - return err - } - if reused { + slog.Warn("Failed to reuse existing containers, tearing down and recreating", + "name", uniqueName, "error", err) + if s.dockerCompose != nil { + if err := s.DownWithForce(ctx, true); err != nil { + slog.Warn("Failed to tear down stale containers", "error", err) + } + } + } else if reused { return nil } + } else { + slog.Info("Compose cache disabled, building fresh containers", "name", uniqueName) + } + + if err := s.buildAndUp(ctx, data, uniqueName); err != nil { + slog.Warn("First compose up failed, removing stale images and retrying", + "name", uniqueName, "error", err) + s.DownWithForce(ctx, true) //nolint:errcheck + if err := removeStaleImages(ctx, uniqueName); err != nil { + slog.Warn("Failed to remove stale images", "error", err) + } + return s.buildAndUp(ctx, data, uniqueName) } + return nil +} +func (s *Stack) buildAndUp(ctx context.Context, data []byte, uniqueName string) error { dockerCompose, err := compose.NewDockerComposeWith( compose.WithStackReaders(bytes.NewReader(data)), compose.StackIdentifier(uniqueName), @@ -135,10 +162,7 @@ func (s *Stack) Up(ctx context.Context) error { WithStartupTimeout(5*time.Minute), ) s.dockerCompose = waited - if err := s.dockerCompose.Up(ctx); err != nil { - return err - } - return nil + return s.dockerCompose.Up(ctx) } func (s *Stack) Down(ctx context.Context) error { @@ -236,6 +260,23 @@ func WithRedisService() StackOption { } } +func WithPebbleService() StackOption { + return func(s *Stack) { + if s.Project.Services == nil { + s.Project.Services = types.Services{} + } + s.Project.Services["pebble"] = types.ServiceConfig{ + Image: "ghcr.io/letsencrypt/pebble:latest", + Ports: []types.ServicePortConfig{{Published: "", Target: 14000}}, + Environment: types.NewMappingWithEquals([]string{ + "PEBBLE_VA_ALWAYS_VALID=1", + "PEBBLE_VA_NOSLEEP=1", + }), + Command: types.ShellCommand{"-config", "test/config/pebble-config.json", "-strict"}, + } + } +} + func WithBackendService(options BackendOptions) StackOption { return func(s *Stack) { if s.Project.Services == nil { @@ -331,6 +372,13 @@ func (c *RunningCompose) DownWithForce(ctx context.Context, removeVolumes bool) return fmt.Errorf("container list: %w", err) } + imageIDs := make(map[string]struct{}) + for _, ctr := range containers { + if ctr.ImageID != "" { + imageIDs[ctr.ImageID] = struct{}{} + } + } + // Stop and remove all containers for _, ctr := range containers { slog.Info("Stopping and removing container", "id", ctr.ID[:12], "name", ctr.Names) @@ -343,6 +391,13 @@ func (c *RunningCompose) DownWithForce(ctx context.Context, removeVolumes bool) } } + for imgID := range imageIDs { + slog.Info("Removing stale image", "id", imgID[:12]) + if _, err := c.client.ImageRemove(ctx, imgID, image.RemoveOptions{Force: true}); err != nil { + slog.Warn("Failed to remove image (may be shared)", "id", imgID[:12], "error", err) + } + } + // Remove the network networks, err := c.client.NetworkList(ctx, network.ListOptions{ Filters: filters.NewArgs( @@ -369,6 +424,30 @@ func (c *RunningCompose) DownWithForce(ctx context.Context, removeVolumes bool) return nil } +func removeStaleImages(ctx context.Context, projectName string) error { + dockerClient, err := testcontainers.NewDockerClientWithOpts(ctx) + if err != nil { + return err + } + + images, err := dockerClient.ImageList(ctx, image.ListOptions{ + Filters: filters.NewArgs( + filters.Arg("reference", fmt.Sprintf("%s-*", projectName)), + ), + }) + if err != nil { + return fmt.Errorf("image list: %w", err) + } + + for _, img := range images { + slog.Info("Removing stale compose image", "id", img.ID[:19], "tags", img.RepoTags) + if _, err := dockerClient.ImageRemove(ctx, img.ID, image.RemoveOptions{Force: true}); err != nil { + slog.Warn("Failed to remove image", "id", img.ID[:19], "error", err) + } + } + return nil +} + func (c *RunningCompose) Services() []string { return c.services } diff --git a/e2e/util/helpers.go b/e2e/util/helpers.go index e4677164..0597fa8b 100644 --- a/e2e/util/helpers.go +++ b/e2e/util/helpers.go @@ -40,10 +40,34 @@ func NewInfisicalService() *InfisicalService { return &InfisicalService{Stack: infisical.NewStack(infisical.WithDefaultStackFromEnv())} } +func NewInfisicalServiceWithAcme() *InfisicalService { + backendOpts := infisical.BackendOptionsFromEnv() + backendOpts.Dockerfile = "Dockerfile.dev" + svc := &InfisicalService{ + Stack: infisical.NewStack( + infisical.WithDbService(), + infisical.WithRedisService(), + infisical.WithPebbleService(), + infisical.WithBackendService(backendOpts), + ), + } + svc.WithBackendEnvironment(types.NewMappingWithEquals([]string{ + "ACME_DEVELOPMENT_MODE=true", + "ACME_SKIP_UPSTREAM_VALIDATION=true", + "BDD_NOCK_API_ENABLED=true", + "NODE_TLS_REJECT_UNAUTHORIZED=0", + })) + return svc +} + +func PebbleInternalUrl() string { + return "https://pebble:14000/dir" +} + func (s *InfisicalService) WithBackendEnvironment(environment types.MappingWithEquals) *InfisicalService { backend := s.Stack.Project.Services["backend"] backend.Environment = backend.Environment.OverrideBy(environment) - fmt.Print(s.Stack.Project.Services["backend"].Environment) + s.Stack.Project.Services["backend"] = backend return s } From df8840ed033a4d6963704b5a4a7ee8b254f86c6e Mon Sep 17 00:00:00 2001 From: Carlos Monastyrski Date: Wed, 4 Mar 2026 18:39:39 -0300 Subject: [PATCH 2/5] Improve missingServices block and separate e2e test due to timing limitations --- .github/workflows/run-cli-e2e-tests.yml | 33 ++++++++++++++++++++++--- e2e/packages/infisical/compose.go | 25 ++++++++++++++++++- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run-cli-e2e-tests.yml b/.github/workflows/run-cli-e2e-tests.yml index cdc336e5..3755cb82 100644 --- a/.github/workflows/run-cli-e2e-tests.yml +++ b/.github/workflows/run-cli-e2e-tests.yml @@ -5,11 +5,11 @@ on: types: [opened, synchronize] workflow_dispatch: workflow_call: - jobs: test: runs-on: ubuntu-latest + name: General E2E Tests steps: - uses: actions/checkout@v6 @@ -27,9 +27,36 @@ jobs: repository: infisical/infisical path: infisical - name: Test with the Go CLI - run: go test -v -timeout 30m -count=1 github.com/infisical/cli/e2e-tests/... + run: go test -v -timeout 30m -count=1 github.com/infisical/cli/e2e-tests/proxy github.com/infisical/cli/e2e-tests/relay working-directory: ./e2e env: INFISICAL_BACKEND_DIR: ${{ github.workspace }}/infisical/backend INFISICAL_CLI_EXECUTABLE: ${{ github.workspace }}/infisical-cli - CLI_E2E_DEFAULT_RUN_METHOD: subprocess \ No newline at end of file + CLI_E2E_DEFAULT_RUN_METHOD: subprocess + + agent-test: + runs-on: ubuntu-latest + name: Agent E2E Tests + + steps: + - uses: actions/checkout@v6 + - name: Setup Go + uses: actions/setup-go@v6 + with: + go-version: "1.25.2" + - name: Install dependencies + run: go get . + - name: Build the CLI + run: go build -o infisical-cli + - name: Checkout infisical repo + uses: actions/checkout@v6 + with: + repository: infisical/infisical + path: infisical + - name: Test Certificate Agent + run: go test -v -timeout 30m -count=1 github.com/infisical/cli/e2e-tests/agent + working-directory: ./e2e + env: + INFISICAL_BACKEND_DIR: ${{ github.workspace }}/infisical/backend + INFISICAL_CLI_EXECUTABLE: ${{ github.workspace }}/infisical-cli + CLI_E2E_DEFAULT_RUN_METHOD: subprocess diff --git a/e2e/packages/infisical/compose.go b/e2e/packages/infisical/compose.go index 899b1800..8b0287fd 100644 --- a/e2e/packages/infisical/compose.go +++ b/e2e/packages/infisical/compose.go @@ -80,7 +80,30 @@ func (s *Stack) tryReuseExistingContainers(ctx context.Context, uniqueName strin } } if len(missingServices) > 0 { - slog.Info("Missing containers found, skip reusing containers", "count", len(missingServices), "name", uniqueName) + slog.Info("Missing containers found, removing stale containers before fresh creation", "count", len(missingServices), "name", uniqueName) + // Remove all stale containers to avoid name conflicts when creating fresh ones + for _, ctr := range containers { + slog.Info("Removing stale container", "id", ctr.ID[:12], "names", ctr.Names, "state", ctr.State) + timeout := 10 + if err := dockerClient.ContainerStop(ctx, ctr.ID, container.StopOptions{Timeout: &timeout}); err != nil { + slog.Warn("Failed to stop stale container", "id", ctr.ID[:12], "error", err) + } + if err := dockerClient.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{Force: true, RemoveVolumes: true}); err != nil { + slog.Warn("Failed to remove stale container", "id", ctr.ID[:12], "error", err) + } + } + // Also remove the network to avoid conflicts + networks, err := dockerClient.NetworkList(ctx, network.ListOptions{ + Filters: filters.NewArgs( + filters.Arg("label", fmt.Sprintf("%s=%s", api.ProjectLabel, uniqueName)), + ), + }) + if err == nil { + for _, n := range networks { + slog.Info("Removing stale network", "name", n.Name) + _ = dockerClient.NetworkRemove(ctx, n.ID) + } + } return false, nil } From da6937be471c3edfc6f513f9fe6c9609259d474a Mon Sep 17 00:00:00 2001 From: Carlos Monastyrski Date: Thu, 5 Mar 2026 14:30:42 -0300 Subject: [PATCH 3/5] Address PR comments --- e2e/README.md | 7 ++ e2e/agent/agent_helpers.go | 208 +++++++++++++++++++--------------- e2e/agent/certificate_test.go | 18 +-- e2e/openapi-cfg.yaml | 9 +- e2e/util/helpers.go | 31 ++++- packages/cmd/agent.go | 11 +- 6 files changed, 174 insertions(+), 110 deletions(-) diff --git a/e2e/README.md b/e2e/README.md index 00ed5837..b5e9fbad 100644 --- a/e2e/README.md +++ b/e2e/README.md @@ -158,6 +158,13 @@ cd e2e go test github.com/infisical/cli/e2e-tests/agent ``` +Some tests (e.g. certificate renewal) may take longer to complete. If you experience timeouts, you can increase the Go test timeout using the `-timeout` flag: + +```bash +cd e2e +go test github.com/infisical/cli/e2e-tests/agent -timeout 30m +``` + If you're using a `.env` file (recommended), just make sure it's configured and run the tests: ```bash diff --git a/e2e/agent/agent_helpers.go b/e2e/agent/agent_helpers.go index 947735cb..9a88f1e8 100644 --- a/e2e/agent/agent_helpers.go +++ b/e2e/agent/agent_helpers.go @@ -13,11 +13,11 @@ import ( "net/http" "os" "path/filepath" - "strings" "testing" "time" "github.com/stretchr/testify/require" + "gopkg.in/yaml.v3" ) type CertAgentTestHelper struct { @@ -53,7 +53,7 @@ func (h *CertAgentTestHelper) CreateInternalCA() { "locality": "", "maxPathLength": -1, "keyAlgorithm": "RSA_2048", - "notAfter": "2030-01-01T00:00:00Z", + "notAfter": time.Now().AddDate(10, 0, 0).UTC().Format(time.RFC3339), }, } @@ -400,119 +400,141 @@ func CertFilePaths(dir string) (certPath, keyPath, chainPath string) { filepath.Join(dir, "chain.pem") } -func (h *CertAgentTestHelper) GenerateAgentConfig(opts AgentConfigOptions) string { - t := h.T +type agentConfig struct { + Version string `yaml:"version"` + Infisical agentInfisicalConfig `yaml:"infisical"` + Auth agentAuthConfig `yaml:"auth"` + Certificates []agentCertificateConfig `yaml:"certificates,omitempty"` +} - certEntries := "" - for _, cert := range opts.Certificates { - certEntry := fmt.Sprintf(` - project-slug: "%s" - profile-name: "%s" -`, - cert.ProjectSlug, - cert.ProfileSlug, - ) +type agentInfisicalConfig struct { + Address string `yaml:"address"` +} - if cert.CSR != "" { - certEntry += fmt.Sprintf(" csr: |\n") - for _, line := range strings.Split(strings.TrimRight(cert.CSR, "\n"), "\n") { - certEntry += fmt.Sprintf(" %s\n", line) - } - } - if cert.CSRPath != "" { - certEntry += fmt.Sprintf(" csr-path: \"%s\"\n", cert.CSRPath) - } +type agentAuthConfig struct { + Type string `yaml:"type"` + Config agentUniversalAuthConfig `yaml:"config"` +} - certEntry += fmt.Sprintf(` attributes: - common-name: "%s" - ttl: "%s" -`, cert.CommonName, cert.TTL) +type agentUniversalAuthConfig struct { + ClientID string `yaml:"client-id"` + ClientSecret string `yaml:"client-secret"` +} - if cert.KeyAlgorithm != "" { - certEntry += fmt.Sprintf(" key-algorithm: \"%s\"\n", cert.KeyAlgorithm) - } - if cert.SignatureAlgorithm != "" { - certEntry += fmt.Sprintf(" signature-algorithm: \"%s\"\n", cert.SignatureAlgorithm) - } - if len(cert.KeyUsages) > 0 { - certEntry += " key-usages:\n" - for _, u := range cert.KeyUsages { - certEntry += fmt.Sprintf(" - \"%s\"\n", u) - } - } - if len(cert.ExtendedKeyUsages) > 0 { - certEntry += " extended-key-usages:\n" - for _, u := range cert.ExtendedKeyUsages { - certEntry += fmt.Sprintf(" - \"%s\"\n", u) - } - } +type agentCertificateConfig struct { + ProjectSlug string `yaml:"project-slug"` + ProfileName string `yaml:"profile-name"` + CSR string `yaml:"csr,omitempty"` + CSRPath string `yaml:"csr-path,omitempty"` + Attributes *agentCertificateAttributes `yaml:"attributes,omitempty"` + Lifecycle agentCertificateLifecycle `yaml:"lifecycle"` + FileOutput agentCertificateFileOutput `yaml:"file-output"` + PostHooks *agentCertificatePostHooks `yaml:"post-hooks,omitempty"` +} - if len(cert.AltNames) > 0 { - certEntry += " alt-names:\n" - for _, name := range cert.AltNames { - certEntry += fmt.Sprintf(" - \"%s\"\n", name) - } - } +type agentCertificateAttributes struct { + CommonName string `yaml:"common-name,omitempty"` + TTL string `yaml:"ttl,omitempty"` + KeyAlgorithm string `yaml:"key-algorithm,omitempty"` + SignatureAlgorithm string `yaml:"signature-algorithm,omitempty"` + KeyUsages []string `yaml:"key-usages,omitempty"` + ExtendedKeyUsages []string `yaml:"extended-key-usages,omitempty"` + AltNames []string `yaml:"alt-names,omitempty"` +} - certEntry += fmt.Sprintf(` lifecycle: - renew-before-expiry: "%s" - status-check-interval: "%s" -`, cert.RenewBeforeExpiry, cert.StatusCheckInterval) +type agentCertificateLifecycle struct { + RenewBeforeExpiry string `yaml:"renew-before-expiry"` + StatusCheckInterval string `yaml:"status-check-interval"` +} - certEntry += fmt.Sprintf(" file-output:\n") - certEntry += fmt.Sprintf(" certificate:\n") - certEntry += fmt.Sprintf(" path: \"%s\"\n", cert.CertPath) - if cert.CertPermission != "" { - certEntry += fmt.Sprintf(" permission: \"%s\"\n", cert.CertPermission) - } - certEntry += fmt.Sprintf(" private-key:\n") - certEntry += fmt.Sprintf(" path: \"%s\"\n", cert.KeyPath) - if cert.KeyPermission != "" { - certEntry += fmt.Sprintf(" permission: \"%s\"\n", cert.KeyPermission) - } - certEntry += fmt.Sprintf(" chain:\n") - certEntry += fmt.Sprintf(" path: \"%s\"\n", cert.ChainPath) - if cert.ChainPermission != "" { - certEntry += fmt.Sprintf(" permission: \"%s\"\n", cert.ChainPermission) +type agentCertificateFileOutput struct { + Certificate agentFileOutputEntry `yaml:"certificate"` + PrivateKey agentFileOutputEntry `yaml:"private-key"` + Chain agentFileOutputEntry `yaml:"chain"` +} + +type agentFileOutputEntry struct { + Path string `yaml:"path"` + Permission string `yaml:"permission,omitempty"` +} + +type agentCertificatePostHooks struct { + OnIssuance *agentPostHookEntry `yaml:"on-issuance,omitempty"` + OnRenewal *agentPostHookEntry `yaml:"on-renewal,omitempty"` + OnFailure *agentPostHookEntry `yaml:"on-failure,omitempty"` +} + +type agentPostHookEntry struct { + Command string `yaml:"command"` + Timeout int `yaml:"timeout"` +} + +func (h *CertAgentTestHelper) GenerateAgentConfig(opts AgentConfigOptions) string { + t := h.T + + var certs []agentCertificateConfig + for _, cert := range opts.Certificates { + c := agentCertificateConfig{ + ProjectSlug: cert.ProjectSlug, + ProfileName: cert.ProfileSlug, + CSR: cert.CSR, + CSRPath: cert.CSRPath, + Attributes: &agentCertificateAttributes{ + CommonName: cert.CommonName, + TTL: cert.TTL, + KeyAlgorithm: cert.KeyAlgorithm, + SignatureAlgorithm: cert.SignatureAlgorithm, + KeyUsages: cert.KeyUsages, + ExtendedKeyUsages: cert.ExtendedKeyUsages, + AltNames: cert.AltNames, + }, + Lifecycle: agentCertificateLifecycle{ + RenewBeforeExpiry: cert.RenewBeforeExpiry, + StatusCheckInterval: cert.StatusCheckInterval, + }, + FileOutput: agentCertificateFileOutput{ + Certificate: agentFileOutputEntry{Path: cert.CertPath, Permission: cert.CertPermission}, + PrivateKey: agentFileOutputEntry{Path: cert.KeyPath, Permission: cert.KeyPermission}, + Chain: agentFileOutputEntry{Path: cert.ChainPath, Permission: cert.ChainPermission}, + }, } if cert.PostHookOnIssuance != "" || cert.PostHookOnRenewal != "" || cert.PostHookOnFailure != "" { - certEntry += " post-hooks:\n" + c.PostHooks = &agentCertificatePostHooks{} if cert.PostHookOnIssuance != "" { - certEntry += fmt.Sprintf(` on-issuance: - command: "%s" - timeout: 30 -`, cert.PostHookOnIssuance) + c.PostHooks.OnIssuance = &agentPostHookEntry{Command: cert.PostHookOnIssuance, Timeout: 30} } if cert.PostHookOnRenewal != "" { - certEntry += fmt.Sprintf(` on-renewal: - command: "%s" - timeout: 30 -`, cert.PostHookOnRenewal) + c.PostHooks.OnRenewal = &agentPostHookEntry{Command: cert.PostHookOnRenewal, Timeout: 30} } if cert.PostHookOnFailure != "" { - certEntry += fmt.Sprintf(` on-failure: - command: "%s" - timeout: 30 -`, cert.PostHookOnFailure) + c.PostHooks.OnFailure = &agentPostHookEntry{Command: cert.PostHookOnFailure, Timeout: 30} } } - certEntries += certEntry + certs = append(certs, c) } - config := fmt.Sprintf(`version: "v1" -infisical: - address: "%s" -auth: - type: "universal-auth" - config: - client-id: "%s" - client-secret: "%s" -certificates: -%s`, h.InfisicalURL, opts.ClientIDPath, opts.ClientSecretPath, certEntries) + cfg := agentConfig{ + Version: "v1", + Infisical: agentInfisicalConfig{ + Address: h.InfisicalURL, + }, + Auth: agentAuthConfig{ + Type: "universal-auth", + Config: agentUniversalAuthConfig{ + ClientID: opts.ClientIDPath, + ClientSecret: opts.ClientSecretPath, + }, + }, + Certificates: certs, + } + + data, err := yaml.Marshal(cfg) + require.NoError(t, err) configPath := filepath.Join(h.TempDir, "agent-config.yaml") - err := os.WriteFile(configPath, []byte(config), 0644) + err = os.WriteFile(configPath, data, 0644) require.NoError(t, err) return configPath diff --git a/e2e/agent/certificate_test.go b/e2e/agent/certificate_test.go index 08142be2..12db20dc 100644 --- a/e2e/agent/certificate_test.go +++ b/e2e/agent/certificate_test.go @@ -744,7 +744,7 @@ func setupAcmeCertAgentTest(t *testing.T, ctx context.Context, certCount ...int) } func setupAcmeCertAgentTestWithOpts(t *testing.T, ctx context.Context, policyOpts []agentHelpers.CertificatePolicyOption, certCount ...int) (*agentHelpers.CertAgentTestHelper, string) { - infisical := helpers.NewInfisicalServiceWithAcme().Up(t, ctx) + infisical := helpers.NewInfisicalService(helpers.WithAcme()).Up(t, ctx) identity := infisical.CreateMachineIdentity(t, ctx, helpers.WithTokenAuth()) require.NotNil(t, identity.TokenAuthToken) @@ -816,7 +816,7 @@ func certAgent_AcmeCA_Validation_DuplicateCAName(t *testing.T) { "test@example.com", ) - require.True(t, statusCode >= 400, "Duplicate CA name should be rejected, got status %d: %s", statusCode, string(respBody)) + require.Equal(t, http.StatusBadRequest, statusCode, "Duplicate CA name should return 400 Bad Request, got status %d: %s", statusCode, string(respBody)) } func certAgent_AcmeCA_Validation_InvalidDirectoryUrl(t *testing.T) { @@ -834,7 +834,7 @@ func certAgent_AcmeCA_Validation_InvalidDirectoryUrl(t *testing.T) { "test@example.com", ) - require.True(t, statusCode >= 400, "Invalid directory URL should be rejected, got status %d: %s", statusCode, string(respBody)) + require.Equal(t, http.StatusUnprocessableEntity, statusCode, "Invalid directory URL should return 422 Unprocessable Entity, got status %d: %s", statusCode, string(respBody)) } func certAgent_AcmeCA_Validation_MissingRequiredFields(t *testing.T) { @@ -852,7 +852,7 @@ func certAgent_AcmeCA_Validation_MissingRequiredFields(t *testing.T) { "", ) - require.True(t, statusCode >= 400, "Missing accountEmail should be rejected, got status %d: %s", statusCode, string(respBody)) + require.Equal(t, http.StatusUnprocessableEntity, statusCode, "Missing accountEmail should return 422 Unprocessable Entity, got status %d: %s", statusCode, string(respBody)) statusCode, respBody = helper.CreateAcmeCARaw( "missing-zone-ca", @@ -863,7 +863,7 @@ func certAgent_AcmeCA_Validation_MissingRequiredFields(t *testing.T) { "test@example.com", ) - require.True(t, statusCode >= 400, "Missing hostedZoneId should be rejected, got status %d: %s", statusCode, string(respBody)) + require.Equal(t, http.StatusUnprocessableEntity, statusCode, "Missing hostedZoneId should return 422 Unprocessable Entity, got status %d: %s", statusCode, string(respBody)) } @@ -882,7 +882,7 @@ func certAgent_AcmeCA_Validation_InvalidDnsProvider(t *testing.T) { "test@example.com", ) - require.True(t, statusCode >= 400, "Invalid DNS provider should be rejected, got status %d: %s", statusCode, string(respBody)) + require.Equal(t, http.StatusUnprocessableEntity, statusCode, "Invalid DNS provider should return 422 Unprocessable Entity, got status %d: %s", statusCode, string(respBody)) } func certAgent_AcmeCA_Validation_NonexistentAppConnection(t *testing.T) { @@ -900,7 +900,7 @@ func certAgent_AcmeCA_Validation_NonexistentAppConnection(t *testing.T) { "test@example.com", ) - require.True(t, statusCode >= 400, "Nonexistent app connection should be rejected, got status %d: %s", statusCode, string(respBody)) + require.Equal(t, http.StatusNotFound, statusCode, "Nonexistent app connection should return 404 Not Found, got status %d: %s", statusCode, string(respBody)) } func certAgent_AcmeCA_DisabledCA(t *testing.T) { @@ -958,7 +958,7 @@ func certAgent_AcmeCA_DisabledCA(t *testing.T) { stderr := cmd.Stderr() if strings.Contains(stderr, "failed to issue certificate") || strings.Contains(stderr, "initial certificate issuance failed") || - strings.Contains(stderr, "disabled") { + strings.Contains(stderr, "CA is disabled") { return helpers.ConditionSuccess } return helpers.ConditionWait @@ -1038,7 +1038,7 @@ func certAgent_AcmeCA_MultipleCertificates(t *testing.T) { waitResult := helpers.WaitFor(t, helpers.WaitForOptions{ EnsureCmdRunning: &cmd, - Timeout: 180 * time.Second, + Timeout: 600 * time.Second, Interval: 3 * time.Second, Condition: func() helpers.ConditionResult { _, err1 := os.Stat(certPath1) diff --git a/e2e/openapi-cfg.yaml b/e2e/openapi-cfg.yaml index 75b161cb..8cc70714 100644 --- a/e2e/openapi-cfg.yaml +++ b/e2e/openapi-cfg.yaml @@ -24,4 +24,11 @@ output-options: - createSecretV4 - getSecretByNameV4 - listSecretsV4 - + - createInternalCertificateAuthorityV1 + - createAcmeCertificateAuthorityV1 + - updateAcmeCertificateAuthorityV1 + - createCertificatePolicy + - createCertificateProfile + - attachUniversalAuth + - createUniversalAuthClientSecret + - createCloudflareAppConnection diff --git a/e2e/util/helpers.go b/e2e/util/helpers.go index 0597fa8b..271705d9 100644 --- a/e2e/util/helpers.go +++ b/e2e/util/helpers.go @@ -36,11 +36,28 @@ type InfisicalService struct { provisionResult *client.ProvisionResult } -func NewInfisicalService() *InfisicalService { - return &InfisicalService{Stack: infisical.NewStack(infisical.WithDefaultStackFromEnv())} +type InfisicalServiceOption func(*infisicalServiceConfig) + +type infisicalServiceConfig struct { + withAcme bool +} + +func WithAcme() InfisicalServiceOption { + return func(c *infisicalServiceConfig) { + c.withAcme = true + } } -func NewInfisicalServiceWithAcme() *InfisicalService { +func NewInfisicalService(opts ...InfisicalServiceOption) *InfisicalService { + cfg := &infisicalServiceConfig{} + for _, opt := range opts { + opt(cfg) + } + + if !cfg.withAcme { + return &InfisicalService{Stack: infisical.NewStack(infisical.WithDefaultStackFromEnv())} + } + backendOpts := infisical.BackendOptionsFromEnv() backendOpts.Dockerfile = "Dockerfile.dev" svc := &InfisicalService{ @@ -419,6 +436,14 @@ func (c *Command) Stop() { if c.functionCallCancel != nil { c.functionCallCancel() } + + if c.functionCallDone != nil { + select { + case <-c.functionCallDone: + case <-time.After(10 * time.Second): + } + } + // Reset logger to use os.Stderr before closing the file log.Logger = log.Output(cmd.GetLoggerConfig(os.Stderr)) // Reset RootCmd outputs to default diff --git a/packages/cmd/agent.go b/packages/cmd/agent.go index 7e9081e1..b787f9d3 100644 --- a/packages/cmd/agent.go +++ b/packages/cmd/agent.go @@ -2367,9 +2367,6 @@ func (tm *AgentManager) checkCertificateRequestStatus(certificateId int, certifi } func (tm *AgentManager) handleFailedCertificateRequest(certificateId int, errorMsg string) { - tm.mutex.Lock() - defer tm.mutex.Unlock() - state := tm.certificateStates[certificateId] state.Status = "failed" state.LastError = errorMsg @@ -3325,7 +3322,7 @@ var certManagerAgentCmd = &cobra.Command{ util.PrintErrorMessageAndExit(fmt.Sprintf("The auth method '%s' is not supported.", agentConfig.Auth.Type)) } - ctx, cancel := context.WithCancel(context.Background()) + ctx, cancel := context.WithCancel(cmd.Context()) tokenRefreshNotifier := make(chan bool) sigChan := make(chan os.Signal, 1) @@ -3403,6 +3400,12 @@ var certManagerAgentCmd = &cobra.Command{ select { case <-tokenRefreshNotifier: go tm.WriteTokenToFiles() + case <-ctx.Done(): + tm.isShuttingDown = true + tm.cancelContext() + log.Info().Msg("certificate management agent context cancelled, shutting down...") + cancel() + return case <-sigChan: tm.isShuttingDown = true tm.cancelContext() From e8b244411ecdc6c2e58edfc62778acd0b7248ada Mon Sep 17 00:00:00 2001 From: Carlos Monastyrski Date: Thu, 5 Mar 2026 14:37:25 -0300 Subject: [PATCH 4/5] Force run of checks From b9eeacfacd18bc48b04622d366b4fa8aa26a62ce Mon Sep 17 00:00:00 2001 From: Carlos Monastyrski Date: Thu, 5 Mar 2026 22:06:48 -0300 Subject: [PATCH 5/5] Minor improvements on API calls --- e2e/agent/agent_helpers.go | 560 ++- e2e/agent/certificate_test.go | 64 +- e2e/packages/client/client.gen.go | 6290 ++++++++++++++++++++++------- 3 files changed, 5078 insertions(+), 1836 deletions(-) diff --git a/e2e/agent/agent_helpers.go b/e2e/agent/agent_helpers.go index 9a88f1e8..f5d4a1a6 100644 --- a/e2e/agent/agent_helpers.go +++ b/e2e/agent/agent_helpers.go @@ -2,6 +2,7 @@ package agent import ( "bytes" + "context" "crypto/rand" "crypto/rsa" "crypto/x509" @@ -16,64 +17,84 @@ import ( "testing" "time" + "github.com/google/uuid" + client "github.com/infisical/cli/e2e-tests/packages/client" + openapi_types "github.com/oapi-codegen/runtime/types" "github.com/stretchr/testify/require" "gopkg.in/yaml.v3" ) type CertAgentTestHelper struct { - T *testing.T - ProjectID string - ProjectSlug string - ProfileSlug string - ProfileID string - PolicyID string - CaID string - IdentityToken string - AdminToken string - InfisicalURL string - TempDir string - ClientID string - ClientSecret string + T *testing.T + ProjectID string + ProjectSlug string + ProfileSlug string + ProfileID string + PolicyID string + CaID string + AdminToken string + InfisicalURL string + TempDir string + ClientID string + ClientSecret string + IdentityClient *client.ClientWithResponses + AdminClient *client.ClientWithResponses } func (h *CertAgentTestHelper) CreateInternalCA() { t := h.T - body := map[string]interface{}{ - "name": "test-root-ca", - "projectId": h.ProjectID, - "status": "active", - "configuration": map[string]interface{}{ - "type": "root", - "friendlyName": "Test Root CA", - "commonName": "Test Root CA", - "organization": "Test Org", - "ou": "", - "country": "US", - "province": "", - "locality": "", - "maxPathLength": -1, - "keyAlgorithm": "RSA_2048", - "notAfter": time.Now().AddDate(10, 0, 0).UTC().Format(time.RFC3339), + ctx := context.Background() + + friendlyName := "Test Root CA" + commonName := "Test Root CA" + organization := "Test Org" + ou := "" + country := "US" + province := "" + locality := "" + maxPathLength := float32(-1) + notAfter := time.Now().AddDate(10, 0, 0).UTC().Format(time.RFC3339) + + resp, err := h.IdentityClient.CreateInternalCertificateAuthorityV1WithResponse(ctx, client.CreateInternalCertificateAuthorityV1JSONRequestBody{ + Name: "test-root-ca", + ProjectId: uuid.MustParse(h.ProjectID), + Status: client.Active, + Configuration: struct { + ActiveCaCertId *openapi_types.UUID `json:"activeCaCertId"` + CommonName *string `json:"commonName,omitempty"` + Country *string `json:"country,omitempty"` + Dn *string `json:"dn"` + FriendlyName *string `json:"friendlyName,omitempty"` + KeyAlgorithm client.CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm `json:"keyAlgorithm"` + Locality *string `json:"locality,omitempty"` + MaxPathLength *float32 `json:"maxPathLength"` + NotAfter *string `json:"notAfter,omitempty"` + NotBefore *string `json:"notBefore,omitempty"` + Organization *string `json:"organization,omitempty"` + Ou *string `json:"ou,omitempty"` + ParentCaId *openapi_types.UUID `json:"parentCaId"` + Province *string `json:"province,omitempty"` + SerialNumber *string `json:"serialNumber"` + Type client.CreateInternalCertificateAuthorityV1JSONBodyConfigurationType `json:"type"` + }{ + Type: client.Root, + FriendlyName: &friendlyName, + CommonName: &commonName, + Organization: &organization, + Ou: &ou, + Country: &country, + Province: &province, + Locality: &locality, + MaxPathLength: &maxPathLength, + KeyAlgorithm: client.CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithmRSA2048, + NotAfter: ¬After, }, - } - - respBody := h.doPost("/v1/cert-manager/ca/internal", body) - - var resp map[string]interface{} - err := json.Unmarshal(respBody, &resp) - require.NoError(t, err, "Failed to unmarshal create CA response: %s", string(respBody)) - - caID := "" - if id, ok := resp["id"].(string); ok { - caID = id - } else if ca, ok := resp["ca"].(map[string]interface{}); ok { - if id, ok := ca["id"].(string); ok { - caID = id - } - } - require.NotEmpty(t, caID, "CA ID should not be empty, response: %s", string(respBody)) + }) + require.NoError(t, err) + require.Equal(t, http.StatusOK, resp.StatusCode(), "Failed to create internal CA: %s", string(resp.Body)) + require.NotNil(t, resp.JSON200) - h.CaID = caID + h.CaID = resp.JSON200.Id.String() } type CertificatePolicyOption func(*certificatePolicyConfig) @@ -118,175 +139,206 @@ func WithAllowExtendedKeyUsages(usages ...string) CertificatePolicyOption { func (h *CertAgentTestHelper) CreateCertificatePolicy(name string, opts ...CertificatePolicyOption) { t := h.T + ctx := context.Background() cfg := &certificatePolicyConfig{} for _, opt := range opts { opt(cfg) } - subject := []map[string]interface{}{ - { - "type": "common_name", - "allowed": []string{"*"}, + allAllowed := []string{"*"} + reqBody := client.CreateCertificatePolicyJSONRequestBody{ + ProjectId: h.ProjectID, + Name: name, + Subject: &[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type client.CreateCertificatePolicyJSONBodySubjectType `json:"type"` + }{ + { + Type: client.CreateCertificatePolicyJSONBodySubjectType("common_name"), + Allowed: &allAllowed, + }, }, } - body := map[string]interface{}{ - "projectId": h.ProjectID, - "name": name, - "subject": subject, - } - if cfg.allowAltNames { - body["sans"] = []map[string]interface{}{ + reqBody.Sans = &[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type client.CreateCertificatePolicyJSONBodySansType `json:"type"` + }{ { - "type": "dns_name", - "allowed": []string{"*"}, + Type: client.CreateCertificatePolicyJSONBodySansType("dns_name"), + Allowed: &allAllowed, }, } } if len(cfg.allowKeyAlgorithms) > 0 || len(cfg.allowSignatureAlgorithms) > 0 { - algorithms := map[string]interface{}{} + algos := &struct { + KeyAlgorithm *[]string `json:"keyAlgorithm,omitempty"` + Signature *[]string `json:"signature,omitempty"` + }{} if len(cfg.allowKeyAlgorithms) > 0 { - algorithms["keyAlgorithm"] = cfg.allowKeyAlgorithms + algos.KeyAlgorithm = &cfg.allowKeyAlgorithms } if len(cfg.allowSignatureAlgorithms) > 0 { - algorithms["signature"] = cfg.allowSignatureAlgorithms + algos.Signature = &cfg.allowSignatureAlgorithms } - body["algorithms"] = algorithms + reqBody.Algorithms = algos } if len(cfg.allowKeyUsages) > 0 { - body["keyUsages"] = map[string]interface{}{ - "allowed": cfg.allowKeyUsages, + allowed := make([]client.CreateCertificatePolicyJSONBodyKeyUsagesAllowed, len(cfg.allowKeyUsages)) + for i, u := range cfg.allowKeyUsages { + allowed[i] = client.CreateCertificatePolicyJSONBodyKeyUsagesAllowed(u) + } + reqBody.KeyUsages = &struct { + Allowed *[]client.CreateCertificatePolicyJSONBodyKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]client.CreateCertificatePolicyJSONBodyKeyUsagesDenied `json:"denied,omitempty"` + Required *[]client.CreateCertificatePolicyJSONBodyKeyUsagesRequired `json:"required,omitempty"` + }{ + Allowed: &allowed, } } if len(cfg.allowExtendedKeyUsages) > 0 { - body["extendedKeyUsages"] = map[string]interface{}{ - "allowed": cfg.allowExtendedKeyUsages, + allowed := make([]client.CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed, len(cfg.allowExtendedKeyUsages)) + for i, u := range cfg.allowExtendedKeyUsages { + allowed[i] = client.CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed(u) } - } - - respBody := h.doPost("/v1/cert-manager/certificate-policies", body) - - var resp map[string]interface{} - err := json.Unmarshal(respBody, &resp) - require.NoError(t, err, "Failed to unmarshal create policy response: %s", string(respBody)) - - policyID := "" - if policy, ok := resp["certificatePolicy"].(map[string]interface{}); ok { - if id, ok := policy["id"].(string); ok { - policyID = id + reqBody.ExtendedKeyUsages = &struct { + Allowed *[]client.CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]client.CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied `json:"denied,omitempty"` + Required *[]client.CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired `json:"required,omitempty"` + }{ + Allowed: &allowed, } } - require.NotEmpty(t, policyID, "Policy ID should not be empty, response: %s", string(respBody)) - h.PolicyID = policyID + resp, err := h.IdentityClient.CreateCertificatePolicyWithResponse(ctx, reqBody) + require.NoError(t, err) + require.Equal(t, http.StatusOK, resp.StatusCode(), "Failed to create certificate policy: %s", string(resp.Body)) + require.NotNil(t, resp.JSON200) + + h.PolicyID = resp.JSON200.CertificatePolicy.Id.String() } func (h *CertAgentTestHelper) CreateCertificateProfile(slug string) { t := h.T - body := map[string]interface{}{ - "projectId": h.ProjectID, - "caId": h.CaID, - "certificatePolicyId": h.PolicyID, - "slug": slug, - "enrollmentType": "api", - "issuerType": "ca", - "apiConfig": map[string]interface{}{ - "autoRenew": false, + ctx := context.Background() + + caID := uuid.MustParse(h.CaID) + autoRenew := false + issuerType := client.CreateCertificateProfileJSONBodyIssuerType("ca") + + resp, err := h.IdentityClient.CreateCertificateProfileWithResponse(ctx, client.CreateCertificateProfileJSONRequestBody{ + ProjectId: h.ProjectID, + CaId: &caID, + CertificatePolicyId: uuid.MustParse(h.PolicyID), + Slug: slug, + EnrollmentType: client.CreateCertificateProfileJSONBodyEnrollmentType("api"), + IssuerType: &issuerType, + ApiConfig: &struct { + AutoRenew *bool `json:"autoRenew,omitempty"` + RenewBeforeDays *float32 `json:"renewBeforeDays,omitempty"` + }{ + AutoRenew: &autoRenew, }, - } - - respBody := h.doPost("/v1/cert-manager/certificate-profiles", body) - - var resp map[string]interface{} - err := json.Unmarshal(respBody, &resp) - require.NoError(t, err, "Failed to unmarshal create profile response: %s", string(respBody)) - - profileID := "" - profileSlug := "" - if profile, ok := resp["certificateProfile"].(map[string]interface{}); ok { - if id, ok := profile["id"].(string); ok { - profileID = id - } - if s, ok := profile["slug"].(string); ok { - profileSlug = s - } - } - require.NotEmpty(t, profileID, "Profile ID should not be empty, response: %s", string(respBody)) - - h.ProfileID = profileID - h.ProfileSlug = profileSlug -} + }) + require.NoError(t, err) + require.Equal(t, http.StatusOK, resp.StatusCode(), "Failed to create certificate profile: %s", string(resp.Body)) + require.NotNil(t, resp.JSON200) -type addUniversalAuthRequest struct { - AccessTokenTTL int `json:"accessTokenTTL"` - AccessTokenMaxTTL int `json:"accessTokenMaxTTL"` - AccessTokenNumUsesLimit int `json:"accessTokenNumUsesLimit"` - AccessTokenTrustedIps []struct { - IpAddress string `json:"ipAddress"` - } `json:"accessTokenTrustedIps"` + h.ProfileID = resp.JSON200.CertificateProfile.Id.String() + h.ProfileSlug = resp.JSON200.CertificateProfile.Slug } -type createUniversalAuthClientSecretRequest struct{} - func (h *CertAgentTestHelper) SetupUniversalAuth(identityID string) { t := h.T + ctx := context.Background() + + ttl := 2592000 + maxTTL := 2592000 + numUses := 0 - body := addUniversalAuthRequest{ - AccessTokenTTL: 2592000, - AccessTokenMaxTTL: 2592000, - AccessTokenNumUsesLimit: 0, - AccessTokenTrustedIps: []struct { + attachResp, err := h.AdminClient.AttachUniversalAuthWithResponse(ctx, identityID, client.AttachUniversalAuthJSONRequestBody{ + AccessTokenTTL: &ttl, + AccessTokenMaxTTL: &maxTTL, + AccessTokenNumUsesLimit: &numUses, + AccessTokenTrustedIps: &[]struct { IpAddress string `json:"ipAddress"` }{ {IpAddress: "0.0.0.0/0"}, {IpAddress: "::/0"}, }, - } - - respBody := h.doPostWithToken(fmt.Sprintf("/v1/auth/universal-auth/identities/%s", identityID), body, h.AdminToken) - - var rawResp map[string]interface{} - err := json.Unmarshal(respBody, &rawResp) - require.NoError(t, err, "Failed to unmarshal universal auth response: %s", string(respBody)) - - clientID := "" - if id, ok := rawResp["clientId"].(string); ok { - clientID = id - } else if nested, ok := rawResp["identityUniversalAuth"].(map[string]interface{}); ok { - if id, ok := nested["clientId"].(string); ok { - clientID = id - } - } - require.NotEmpty(t, clientID, "Client ID should not be empty, response: %s", string(respBody)) + }) + require.NoError(t, err) + require.Equal(t, http.StatusOK, attachResp.StatusCode(), "Failed to attach universal auth: %s", string(attachResp.Body)) + require.NotNil(t, attachResp.JSON200) - h.ClientID = clientID + h.ClientID = attachResp.JSON200.IdentityUniversalAuth.ClientId - csRespBody := h.doPostWithToken(fmt.Sprintf("/v1/auth/universal-auth/identities/%s/client-secrets", identityID), createUniversalAuthClientSecretRequest{}, h.AdminToken) + csResp, err := h.AdminClient.CreateUniversalAuthClientSecretWithResponse(ctx, identityID, client.CreateUniversalAuthClientSecretJSONRequestBody{}) + require.NoError(t, err) + require.Equal(t, http.StatusOK, csResp.StatusCode(), "Failed to create universal auth client secret: %s", string(csResp.Body)) + require.NotNil(t, csResp.JSON200) - var csRawResp map[string]interface{} - err = json.Unmarshal(csRespBody, &csRawResp) - require.NoError(t, err, "Failed to unmarshal client secret response: %s", string(csRespBody)) + h.ClientSecret = csResp.JSON200.ClientSecret +} - clientSecret := "" - if s, ok := csRawResp["clientSecret"].(string); ok { - clientSecret = s - } else if nested, ok := csRawResp["clientSecretData"].(map[string]interface{}); ok { - if s, ok := nested["clientSecret"].(string); ok { - clientSecret = s - } - } - require.NotEmpty(t, clientSecret, "Client secret should not be empty, response: %s", string(csRespBody)) +func (h *CertAgentTestHelper) CreateAcmeCA(dnsConnectionID, directoryUrl string) { + t := h.T + ctx := context.Background() + + resp, err := h.IdentityClient.CreateAcmeCertificateAuthorityV1WithResponse(ctx, client.CreateAcmeCertificateAuthorityV1JSONRequestBody{ + Name: "test-acme-ca", + ProjectId: uuid.MustParse(h.ProjectID), + Status: client.CreateAcmeCertificateAuthorityV1JSONBodyStatusActive, + Configuration: struct { + AccountEmail string `json:"accountEmail"` + DirectoryUrl string `json:"directoryUrl"` + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + HostedZoneId string `json:"hostedZoneId"` + Provider client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + EabHmacKey *string `json:"eabHmacKey,omitempty"` + EabKid *string `json:"eabKid,omitempty"` + }{ + DnsAppConnectionId: uuid.MustParse(dnsConnectionID), + DnsProviderConfig: struct { + HostedZoneId string `json:"hostedZoneId"` + Provider client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"` + }{ + Provider: client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderCloudflare, + HostedZoneId: "fake-zone-id", + }, + DirectoryUrl: directoryUrl, + AccountEmail: "test@example.com", + }, + }) + require.NoError(t, err) + require.Equal(t, http.StatusOK, resp.StatusCode(), "Failed to create ACME CA: %s", string(resp.Body)) + require.NotNil(t, resp.JSON200) - h.ClientSecret = clientSecret + h.CaID = resp.JSON200.Id.String() } -func (h *CertAgentTestHelper) doPost(path string, body interface{}) []byte { - return h.doPostWithToken(path, body, h.IdentityToken) +func (h *CertAgentTestHelper) DisableAcmeCA(caID string) { + t := h.T + ctx := context.Background() + + status := client.UpdateAcmeCertificateAuthorityV1JSONBodyStatus("disabled") + resp, err := h.IdentityClient.UpdateAcmeCertificateAuthorityV1WithResponse(ctx, caID, client.UpdateAcmeCertificateAuthorityV1JSONRequestBody{ + Status: &status, + }) + require.NoError(t, err) + require.True(t, resp.StatusCode() >= 200 && resp.StatusCode() < 300, + "Failed to disable ACME CA, status %d: %s", resp.StatusCode(), string(resp.Body)) } func (h *CertAgentTestHelper) doPostWithToken(path string, body interface{}, token string) []byte { @@ -316,82 +368,73 @@ func (h *CertAgentTestHelper) doPostWithToken(path string, body interface{}, tok return respBody } -func (h *CertAgentTestHelper) doPostRaw(path string, body interface{}) (int, []byte) { +func (h *CertAgentTestHelper) CreateAcmeCARaw(name, dnsConnectionID, directoryUrl, provider, hostedZoneId, accountEmail string) (int, []byte) { t := h.T - - jsonBody, err := json.Marshal(body) - require.NoError(t, err) - - url := h.InfisicalURL + "/api" + path - req, err := http.NewRequest("POST", url, bytes.NewReader(jsonBody)) - require.NoError(t, err) - - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+h.IdentityToken) - - httpClient := &http.Client{Timeout: 30 * time.Second} - resp, err := httpClient.Do(req) - require.NoError(t, err) - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) + ctx := context.Background() + + resp, err := h.IdentityClient.CreateAcmeCertificateAuthorityV1WithResponse(ctx, client.CreateAcmeCertificateAuthorityV1JSONRequestBody{ + Name: name, + ProjectId: uuid.MustParse(h.ProjectID), + Status: client.CreateAcmeCertificateAuthorityV1JSONBodyStatusActive, + Configuration: struct { + AccountEmail string `json:"accountEmail"` + DirectoryUrl string `json:"directoryUrl"` + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + HostedZoneId string `json:"hostedZoneId"` + Provider client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + EabHmacKey *string `json:"eabHmacKey,omitempty"` + EabKid *string `json:"eabKid,omitempty"` + }{ + DnsAppConnectionId: uuid.MustParse(dnsConnectionID), + DnsProviderConfig: struct { + HostedZoneId string `json:"hostedZoneId"` + Provider client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"` + }{ + Provider: client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider(provider), + HostedZoneId: hostedZoneId, + }, + DirectoryUrl: directoryUrl, + AccountEmail: accountEmail, + }, + }) require.NoError(t, err) - return resp.StatusCode, respBody + return resp.StatusCode(), resp.Body } -func (h *CertAgentTestHelper) doPatchWithToken(path string, body interface{}, token string) (int, []byte) { +func (h *CertAgentTestHelper) CreateCloudflareAppConnection() string { t := h.T + ctx := context.Background() - jsonBody, err := json.Marshal(body) - require.NoError(t, err) - - url := h.InfisicalURL + "/api" + path - req, err := http.NewRequest("PATCH", url, bytes.NewReader(jsonBody)) + body, err := json.Marshal(map[string]interface{}{ + "name": "test-cloudflare-conn", + "method": "api-token", + "credentials": map[string]interface{}{ + "accountId": "fake-account-id", + "apiToken": "fake-api-token", + }, + }) require.NoError(t, err) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+token) - - httpClient := &http.Client{Timeout: 30 * time.Second} - resp, err := httpClient.Do(req) + resp, err := h.AdminClient.CreateCloudflareAppConnectionWithBodyWithResponse(ctx, "application/json", bytes.NewReader(body)) require.NoError(t, err) - defer resp.Body.Close() + require.Equal(t, http.StatusOK, resp.StatusCode(), "Failed to create Cloudflare connection: %s", string(resp.Body)) - respBody, err := io.ReadAll(resp.Body) + var parsed map[string]interface{} + err = json.Unmarshal(resp.Body, &parsed) require.NoError(t, err) - return resp.StatusCode, respBody -} - -func (h *CertAgentTestHelper) CreateAcmeCARaw(name, dnsConnectionID, directoryUrl, provider, hostedZoneId, accountEmail string) (int, []byte) { - body := map[string]interface{}{ - "name": name, - "projectId": h.ProjectID, - "status": "active", - "configuration": map[string]interface{}{ - "dnsAppConnectionId": dnsConnectionID, - "dnsProviderConfig": map[string]interface{}{ - "provider": provider, - "hostedZoneId": hostedZoneId, - }, - "directoryUrl": directoryUrl, - "accountEmail": accountEmail, - }, - } - return h.doPostRaw("/v1/cert-manager/ca/acme", body) -} - -func (h *CertAgentTestHelper) DisableAcmeCA(caID string) { - t := h.T - - body := map[string]interface{}{ - "status": "disabled", + connectionID := "" + if ac, ok := parsed["appConnection"].(map[string]interface{}); ok { + if id, ok := ac["id"].(string); ok { + connectionID = id + } } + require.NotEmpty(t, connectionID, "Cloudflare connection ID should not be empty, response: %s", string(resp.Body)) - statusCode, respBody := h.doPatchWithToken(fmt.Sprintf("/v1/cert-manager/ca/acme/%s", caID), body, h.IdentityToken) - require.True(t, statusCode >= 200 && statusCode < 300, - "Failed to disable ACME CA, status %d: %s", statusCode, string(respBody)) + return connectionID } func CertFilePaths(dir string) (certPath, keyPath, chainPath string) { @@ -831,77 +874,6 @@ func (h *CertAgentTestHelper) SetupBddNockMocks(certCount int) { t.Log("BDD nock mocks configured for Cloudflare API") } -func (h *CertAgentTestHelper) CreateCloudflareAppConnection() string { - t := h.T - - body := map[string]interface{}{ - "name": "test-cloudflare-conn", - "method": "api-token", - "credentials": map[string]interface{}{ - "accountId": "fake-account-id", - "apiToken": "fake-api-token", - }, - } - - respBody := h.doPostWithToken("/v1/app-connections/cloudflare", body, h.AdminToken) - - var resp map[string]interface{} - err := json.Unmarshal(respBody, &resp) - require.NoError(t, err, "Failed to unmarshal create Cloudflare connection response: %s", string(respBody)) - - connectionID := "" - if ac, ok := resp["appConnection"].(map[string]interface{}); ok { - if id, ok := ac["id"].(string); ok { - connectionID = id - } - } - if connectionID == "" { - if id, ok := resp["id"].(string); ok { - connectionID = id - } - } - require.NotEmpty(t, connectionID, "Cloudflare connection ID should not be empty, response: %s", string(respBody)) - - return connectionID -} - -func (h *CertAgentTestHelper) CreateAcmeCA(dnsConnectionID, directoryUrl string) { - t := h.T - - body := map[string]interface{}{ - "name": "test-acme-ca", - "projectId": h.ProjectID, - "status": "active", - "configuration": map[string]interface{}{ - "dnsAppConnectionId": dnsConnectionID, - "dnsProviderConfig": map[string]interface{}{ - "provider": "cloudflare", - "hostedZoneId": "fake-zone-id", - }, - "directoryUrl": directoryUrl, - "accountEmail": "test@example.com", - }, - } - - respBody := h.doPost("/v1/cert-manager/ca/acme", body) - - var resp map[string]interface{} - err := json.Unmarshal(respBody, &resp) - require.NoError(t, err, "Failed to unmarshal create ACME CA response: %s", string(respBody)) - - caID := "" - if id, ok := resp["id"].(string); ok { - caID = id - } else if ca, ok := resp["ca"].(map[string]interface{}); ok { - if id, ok := ca["id"].(string); ok { - caID = id - } - } - require.NotEmpty(t, caID, "ACME CA ID should not be empty, response: %s", string(respBody)) - - h.CaID = caID -} - func GenerateCSR(t *testing.T, commonName string) (csrPEM string, keyPEM string) { t.Helper() diff --git a/e2e/agent/certificate_test.go b/e2e/agent/certificate_test.go index 12db20dc..7c990417 100644 --- a/e2e/agent/certificate_test.go +++ b/e2e/agent/certificate_test.go @@ -32,17 +32,6 @@ func setupCertAgentTest(t *testing.T, ctx context.Context, policyOpts ...agentHe require.NotNil(t, identity.TokenAuthToken) identityToken := *identity.TokenAuthToken - helper := &agentHelpers.CertAgentTestHelper{ - T: t, - IdentityToken: identityToken, - AdminToken: infisical.ProvisionResult().Token, - InfisicalURL: infisical.ApiUrl(t), - TempDir: t.TempDir(), - } - - helper.SetupUniversalAuth(identity.Id) - slog.Info("Universal auth configured", "clientID", helper.ClientID) - bearerAuth, err := securityprovider.NewSecurityProviderBearerToken(identityToken) require.NoError(t, err) @@ -53,6 +42,28 @@ func setupCertAgentTest(t *testing.T, ctx context.Context, policyOpts ...agentHe ) require.NoError(t, err) + adminBearerAuth, err := securityprovider.NewSecurityProviderBearerToken(infisical.ProvisionResult().Token) + require.NoError(t, err) + + adminClient, err := client.NewClientWithResponses( + infisical.ApiUrl(t), + client.WithHTTPClient(&http.Client{}), + client.WithRequestEditorFn(adminBearerAuth.Intercept), + ) + require.NoError(t, err) + + helper := &agentHelpers.CertAgentTestHelper{ + T: t, + AdminToken: infisical.ProvisionResult().Token, + InfisicalURL: infisical.ApiUrl(t), + TempDir: t.TempDir(), + IdentityClient: identityClient, + AdminClient: adminClient, + } + + helper.SetupUniversalAuth(identity.Id) + slog.Info("Universal auth configured", "clientID", helper.ClientID) + projectType := client.CertManager projectResp, err := identityClient.CreateProjectWithResponse(ctx, client.CreateProjectJSONRequestBody{ ProjectName: "cert-test-" + helpers.RandomSlug(2), @@ -750,16 +761,6 @@ func setupAcmeCertAgentTestWithOpts(t *testing.T, ctx context.Context, policyOpt require.NotNil(t, identity.TokenAuthToken) identityToken := *identity.TokenAuthToken - helper := &agentHelpers.CertAgentTestHelper{ - T: t, - IdentityToken: identityToken, - AdminToken: infisical.ProvisionResult().Token, - InfisicalURL: infisical.ApiUrl(t), - TempDir: t.TempDir(), - } - - helper.SetupUniversalAuth(identity.Id) - bearerAuth, err := securityprovider.NewSecurityProviderBearerToken(identityToken) require.NoError(t, err) @@ -770,6 +771,27 @@ func setupAcmeCertAgentTestWithOpts(t *testing.T, ctx context.Context, policyOpt ) require.NoError(t, err) + adminBearerAuth, err := securityprovider.NewSecurityProviderBearerToken(infisical.ProvisionResult().Token) + require.NoError(t, err) + + adminClient, err := client.NewClientWithResponses( + infisical.ApiUrl(t), + client.WithHTTPClient(&http.Client{}), + client.WithRequestEditorFn(adminBearerAuth.Intercept), + ) + require.NoError(t, err) + + helper := &agentHelpers.CertAgentTestHelper{ + T: t, + AdminToken: infisical.ProvisionResult().Token, + InfisicalURL: infisical.ApiUrl(t), + TempDir: t.TempDir(), + IdentityClient: identityClient, + AdminClient: adminClient, + } + + helper.SetupUniversalAuth(identity.Id) + projectType := client.CertManager projectResp, err := identityClient.CreateProjectWithResponse(ctx, client.CreateProjectJSONRequestBody{ ProjectName: "cert-acme-" + helpers.RandomSlug(2), diff --git a/e2e/packages/client/client.gen.go b/e2e/packages/client/client.gen.go index 08650394..f2e23aa6 100644 --- a/e2e/packages/client/client.gen.go +++ b/e2e/packages/client/client.gen.go @@ -22,6 +22,213 @@ const ( BearerAuthScopes = "bearerAuth.Scopes" ) +// Defines values for CreateCloudflareAppConnectionJSONBodyIsPlatformManagedCredentials. +const ( + CreateCloudflareAppConnectionJSONBodyIsPlatformManagedCredentialsFalse CreateCloudflareAppConnectionJSONBodyIsPlatformManagedCredentials = false +) + +// Defines values for CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider. +const ( + CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderAzureDns CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "azure-dns" + CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderCloudflare CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "cloudflare" + CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderDnsMadeEasy CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "dns-made-easy" + CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderRoute53 CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "route53" +) + +// Defines values for CreateAcmeCertificateAuthorityV1JSONBodyStatus. +const ( + CreateAcmeCertificateAuthorityV1JSONBodyStatusActive CreateAcmeCertificateAuthorityV1JSONBodyStatus = "active" + CreateAcmeCertificateAuthorityV1JSONBodyStatusDisabled CreateAcmeCertificateAuthorityV1JSONBodyStatus = "disabled" + CreateAcmeCertificateAuthorityV1JSONBodyStatusPendingCertificate CreateAcmeCertificateAuthorityV1JSONBodyStatus = "pending-certificate" +) + +// Defines values for UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider. +const ( + UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderAzureDns UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "azure-dns" + UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderCloudflare UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "cloudflare" + UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderDnsMadeEasy UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "dns-made-easy" + UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProviderRoute53 UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider = "route53" +) + +// Defines values for UpdateAcmeCertificateAuthorityV1JSONBodyStatus. +const ( + UpdateAcmeCertificateAuthorityV1JSONBodyStatusActive UpdateAcmeCertificateAuthorityV1JSONBodyStatus = "active" + UpdateAcmeCertificateAuthorityV1JSONBodyStatusDisabled UpdateAcmeCertificateAuthorityV1JSONBodyStatus = "disabled" + UpdateAcmeCertificateAuthorityV1JSONBodyStatusPendingCertificate UpdateAcmeCertificateAuthorityV1JSONBodyStatus = "pending-certificate" +) + +// Defines values for CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm. +const ( + CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithmECPrime256v1 CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm = "EC_prime256v1" + CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithmECSecp384r1 CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm = "EC_secp384r1" + CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithmECSecp521r1 CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm = "EC_secp521r1" + CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithmRSA2048 CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm = "RSA_2048" + CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithmRSA3072 CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm = "RSA_3072" + CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithmRSA4096 CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm = "RSA_4096" +) + +// Defines values for CreateInternalCertificateAuthorityV1JSONBodyConfigurationType. +const ( + Intermediate CreateInternalCertificateAuthorityV1JSONBodyConfigurationType = "intermediate" + Root CreateInternalCertificateAuthorityV1JSONBodyConfigurationType = "root" +) + +// Defines values for CreateInternalCertificateAuthorityV1JSONBodyStatus. +const ( + Active CreateInternalCertificateAuthorityV1JSONBodyStatus = "active" + Disabled CreateInternalCertificateAuthorityV1JSONBodyStatus = "disabled" + PendingCertificate CreateInternalCertificateAuthorityV1JSONBodyStatus = "pending-certificate" +) + +// Defines values for CreateCertificatePolicyJSONBodyBasicConstraintsIsCA. +const ( + Allowed CreateCertificatePolicyJSONBodyBasicConstraintsIsCA = "allowed" + Denied CreateCertificatePolicyJSONBodyBasicConstraintsIsCA = "denied" + Required CreateCertificatePolicyJSONBodyBasicConstraintsIsCA = "required" +) + +// Defines values for CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed. +const ( + CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowedClientAuth CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed = "client_auth" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowedCodeSigning CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed = "code_signing" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowedEmailProtection CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed = "email_protection" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowedOcspSigning CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed = "ocsp_signing" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowedServerAuth CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed = "server_auth" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowedTimeStamping CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed = "time_stamping" +) + +// Defines values for CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied. +const ( + CreateCertificatePolicyJSONBodyExtendedKeyUsagesDeniedClientAuth CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied = "client_auth" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesDeniedCodeSigning CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied = "code_signing" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesDeniedEmailProtection CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied = "email_protection" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesDeniedOcspSigning CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied = "ocsp_signing" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesDeniedServerAuth CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied = "server_auth" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesDeniedTimeStamping CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied = "time_stamping" +) + +// Defines values for CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired. +const ( + CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequiredClientAuth CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired = "client_auth" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequiredCodeSigning CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired = "code_signing" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequiredEmailProtection CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired = "email_protection" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequiredOcspSigning CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired = "ocsp_signing" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequiredServerAuth CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired = "server_auth" + CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequiredTimeStamping CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired = "time_stamping" +) + +// Defines values for CreateCertificatePolicyJSONBodyKeyUsagesAllowed. +const ( + CreateCertificatePolicyJSONBodyKeyUsagesAllowedCrlSign CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "crl_sign" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedDataEncipherment CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "data_encipherment" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedDecipherOnly CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "decipher_only" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedDigitalSignature CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "digital_signature" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedEncipherOnly CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "encipher_only" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedKeyAgreement CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "key_agreement" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedKeyCertSign CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "key_cert_sign" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedKeyEncipherment CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "key_encipherment" + CreateCertificatePolicyJSONBodyKeyUsagesAllowedNonRepudiation CreateCertificatePolicyJSONBodyKeyUsagesAllowed = "non_repudiation" +) + +// Defines values for CreateCertificatePolicyJSONBodyKeyUsagesDenied. +const ( + CreateCertificatePolicyJSONBodyKeyUsagesDeniedCrlSign CreateCertificatePolicyJSONBodyKeyUsagesDenied = "crl_sign" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedDataEncipherment CreateCertificatePolicyJSONBodyKeyUsagesDenied = "data_encipherment" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedDecipherOnly CreateCertificatePolicyJSONBodyKeyUsagesDenied = "decipher_only" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedDigitalSignature CreateCertificatePolicyJSONBodyKeyUsagesDenied = "digital_signature" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedEncipherOnly CreateCertificatePolicyJSONBodyKeyUsagesDenied = "encipher_only" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedKeyAgreement CreateCertificatePolicyJSONBodyKeyUsagesDenied = "key_agreement" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedKeyCertSign CreateCertificatePolicyJSONBodyKeyUsagesDenied = "key_cert_sign" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedKeyEncipherment CreateCertificatePolicyJSONBodyKeyUsagesDenied = "key_encipherment" + CreateCertificatePolicyJSONBodyKeyUsagesDeniedNonRepudiation CreateCertificatePolicyJSONBodyKeyUsagesDenied = "non_repudiation" +) + +// Defines values for CreateCertificatePolicyJSONBodyKeyUsagesRequired. +const ( + CreateCertificatePolicyJSONBodyKeyUsagesRequiredCrlSign CreateCertificatePolicyJSONBodyKeyUsagesRequired = "crl_sign" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredDataEncipherment CreateCertificatePolicyJSONBodyKeyUsagesRequired = "data_encipherment" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredDecipherOnly CreateCertificatePolicyJSONBodyKeyUsagesRequired = "decipher_only" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredDigitalSignature CreateCertificatePolicyJSONBodyKeyUsagesRequired = "digital_signature" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredEncipherOnly CreateCertificatePolicyJSONBodyKeyUsagesRequired = "encipher_only" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredKeyAgreement CreateCertificatePolicyJSONBodyKeyUsagesRequired = "key_agreement" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredKeyCertSign CreateCertificatePolicyJSONBodyKeyUsagesRequired = "key_cert_sign" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredKeyEncipherment CreateCertificatePolicyJSONBodyKeyUsagesRequired = "key_encipherment" + CreateCertificatePolicyJSONBodyKeyUsagesRequiredNonRepudiation CreateCertificatePolicyJSONBodyKeyUsagesRequired = "non_repudiation" +) + +// Defines values for CreateCertificatePolicyJSONBodySansType. +const ( + DnsName CreateCertificatePolicyJSONBodySansType = "dns_name" + Email CreateCertificatePolicyJSONBodySansType = "email" + IpAddress CreateCertificatePolicyJSONBodySansType = "ip_address" + Uri CreateCertificatePolicyJSONBodySansType = "uri" +) + +// Defines values for CreateCertificatePolicyJSONBodySubjectType. +const ( + CommonName CreateCertificatePolicyJSONBodySubjectType = "common_name" + Country CreateCertificatePolicyJSONBodySubjectType = "country" + Locality CreateCertificatePolicyJSONBodySubjectType = "locality" + Organization CreateCertificatePolicyJSONBodySubjectType = "organization" + OrganizationalUnit CreateCertificatePolicyJSONBodySubjectType = "organizational_unit" + State CreateCertificatePolicyJSONBodySubjectType = "state" +) + +// Defines values for CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages. +const ( + CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsagesClientAuth CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages = "client_auth" + CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsagesCodeSigning CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages = "code_signing" + CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsagesEmailProtection CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages = "email_protection" + CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsagesOcspSigning CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages = "ocsp_signing" + CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsagesServerAuth CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages = "server_auth" + CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsagesTimeStamping CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages = "time_stamping" +) + +// Defines values for CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm. +const ( + CreateCertificateProfileJSONBodyDefaultsKeyAlgorithmECPrime256v1 CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm = "EC_prime256v1" + CreateCertificateProfileJSONBodyDefaultsKeyAlgorithmECSecp384r1 CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm = "EC_secp384r1" + CreateCertificateProfileJSONBodyDefaultsKeyAlgorithmRSA2048 CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm = "RSA_2048" + CreateCertificateProfileJSONBodyDefaultsKeyAlgorithmRSA3072 CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm = "RSA_3072" + CreateCertificateProfileJSONBodyDefaultsKeyAlgorithmRSA4096 CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm = "RSA_4096" +) + +// Defines values for CreateCertificateProfileJSONBodyDefaultsKeyUsages. +const ( + CreateCertificateProfileJSONBodyDefaultsKeyUsagesCrlSign CreateCertificateProfileJSONBodyDefaultsKeyUsages = "crl_sign" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesDataEncipherment CreateCertificateProfileJSONBodyDefaultsKeyUsages = "data_encipherment" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesDecipherOnly CreateCertificateProfileJSONBodyDefaultsKeyUsages = "decipher_only" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesDigitalSignature CreateCertificateProfileJSONBodyDefaultsKeyUsages = "digital_signature" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesEncipherOnly CreateCertificateProfileJSONBodyDefaultsKeyUsages = "encipher_only" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesKeyAgreement CreateCertificateProfileJSONBodyDefaultsKeyUsages = "key_agreement" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesKeyCertSign CreateCertificateProfileJSONBodyDefaultsKeyUsages = "key_cert_sign" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesKeyEncipherment CreateCertificateProfileJSONBodyDefaultsKeyUsages = "key_encipherment" + CreateCertificateProfileJSONBodyDefaultsKeyUsagesNonRepudiation CreateCertificateProfileJSONBodyDefaultsKeyUsages = "non_repudiation" +) + +// Defines values for CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm. +const ( + ECDSASHA256 CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm = "ECDSA-SHA256" + ECDSASHA384 CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm = "ECDSA-SHA384" + ECDSASHA512 CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm = "ECDSA-SHA512" + RSASHA256 CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm = "RSA-SHA256" + RSASHA384 CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm = "RSA-SHA384" + RSASHA512 CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm = "RSA-SHA512" +) + +// Defines values for CreateCertificateProfileJSONBodyEnrollmentType. +const ( + Acme CreateCertificateProfileJSONBodyEnrollmentType = "acme" + Api CreateCertificateProfileJSONBodyEnrollmentType = "api" + Est CreateCertificateProfileJSONBodyEnrollmentType = "est" +) + +// Defines values for CreateCertificateProfileJSONBodyIssuerType. +const ( + Ca CreateCertificateProfileJSONBodyIssuerType = "ca" + SelfSigned CreateCertificateProfileJSONBodyIssuerType = "self-signed" +) + // Defines values for CreateKubernetesPamResourceJSONBodyRotationAccountCredentials0AuthMethod. const ( ServiceAccountToken CreateKubernetesPamResourceJSONBodyRotationAccountCredentials0AuthMethod = "service-account-token" @@ -61,6 +268,12 @@ const ( ListSecretsV4ParamsRecursiveTrue ListSecretsV4ParamsRecursive = "true" ) +// Defines values for ListSecretsV4ParamsIncludePersonalOverrides. +const ( + ListSecretsV4ParamsIncludePersonalOverridesFalse ListSecretsV4ParamsIncludePersonalOverrides = "false" + ListSecretsV4ParamsIncludePersonalOverridesTrue ListSecretsV4ParamsIncludePersonalOverrides = "true" +) + // Defines values for ListSecretsV4ParamsIncludeImports. const ( ListSecretsV4ParamsIncludeImportsFalse ListSecretsV4ParamsIncludeImports = "false" @@ -117,6 +330,38 @@ type AdminSignUpJSONBody struct { Password string `json:"password"` } +// CreateCloudflareAppConnectionJSONBody defines parameters for CreateCloudflareAppConnection. +type CreateCloudflareAppConnectionJSONBody struct { + // Description An optional description for the Cloudflare Connection. + Description *string `json:"description"` + + // GatewayId Not supported for Cloudflare Connections. + GatewayId *CreateCloudflareAppConnectionJSONBody_GatewayId `json:"gatewayId,omitempty"` + + // IsPlatformManagedCredentials Not supported for Cloudflare Connections. + IsPlatformManagedCredentials *CreateCloudflareAppConnectionJSONBodyIsPlatformManagedCredentials `json:"isPlatformManagedCredentials,omitempty"` + + // Name The name of the Cloudflare Connection to create. Must be slug-friendly. + Name string `json:"name"` + + // ProjectId The ID of the project to create the Cloudflare Connection in. + ProjectId *string `json:"projectId,omitempty"` +} + +// CreateCloudflareAppConnectionJSONBodyGatewayId0 defines parameters for CreateCloudflareAppConnection. +type CreateCloudflareAppConnectionJSONBodyGatewayId0 = interface{} + +// CreateCloudflareAppConnectionJSONBodyGatewayId1 defines parameters for CreateCloudflareAppConnection. +type CreateCloudflareAppConnectionJSONBodyGatewayId1 = interface{} + +// CreateCloudflareAppConnectionJSONBody_GatewayId defines parameters for CreateCloudflareAppConnection. +type CreateCloudflareAppConnectionJSONBody_GatewayId struct { + union json.RawMessage +} + +// CreateCloudflareAppConnectionJSONBodyIsPlatformManagedCredentials defines parameters for CreateCloudflareAppConnection. +type CreateCloudflareAppConnectionJSONBodyIsPlatformManagedCredentials bool + // AttachTokenAuthJSONBody defines parameters for AttachTokenAuth. type AttachTokenAuthJSONBody struct { // AccessTokenMaxTTL The maximum lifetime for an access token in seconds. @@ -139,10 +384,348 @@ type CreateTokenAuthTokenJSONBody struct { // Name The name of the token to create. Name *string `json:"name,omitempty"` - // SubOrganizationName The sub organization name to scope the token to. - SubOrganizationName *string `json:"subOrganizationName,omitempty"` + // OrganizationSlug The sub organization name to scope the token to. + OrganizationSlug *string `json:"organizationSlug,omitempty"` +} + +// AttachUniversalAuthJSONBody defines parameters for AttachUniversalAuth. +type AttachUniversalAuthJSONBody struct { + // AccessTokenMaxTTL The maximum lifetime for an access token in seconds. This value will be referenced at renewal time. + AccessTokenMaxTTL *int `json:"accessTokenMaxTTL,omitempty"` + + // AccessTokenNumUsesLimit The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses. + AccessTokenNumUsesLimit *int `json:"accessTokenNumUsesLimit,omitempty"` + + // AccessTokenPeriod The period for an access token in seconds. This value will be referenced at renewal time. Default value is 0. + AccessTokenPeriod *int `json:"accessTokenPeriod,omitempty"` + + // AccessTokenTTL The lifetime for an access token in seconds. This value will be referenced at renewal time. + AccessTokenTTL *int `json:"accessTokenTTL,omitempty"` + + // AccessTokenTrustedIps A list of IPs or CIDR ranges that access tokens can be used from. You can use 0.0.0.0/0, to allow usage from any network address. + AccessTokenTrustedIps *[]struct { + IpAddress string `json:"ipAddress"` + } `json:"accessTokenTrustedIps,omitempty"` + + // ClientSecretTrustedIps A list of IPs or CIDR ranges that the Client Secret can be used from together with the Client ID to get back an access token. You can use 0.0.0.0/0, to allow usage from any network address. + ClientSecretTrustedIps *[]struct { + IpAddress string `json:"ipAddress"` + } `json:"clientSecretTrustedIps,omitempty"` + + // LockoutCounterResetSeconds How long to wait from the most recent failed login until resetting the lockout counter. + LockoutCounterResetSeconds *float32 `json:"lockoutCounterResetSeconds,omitempty"` + + // LockoutDurationSeconds How long an identity auth method lockout lasts. + LockoutDurationSeconds *float32 `json:"lockoutDurationSeconds,omitempty"` + + // LockoutEnabled Whether the lockout feature is enabled. + LockoutEnabled *bool `json:"lockoutEnabled,omitempty"` + + // LockoutThreshold The amount of times login must fail before locking the identity auth method. + LockoutThreshold *float32 `json:"lockoutThreshold,omitempty"` +} + +// CreateUniversalAuthClientSecretJSONBody defines parameters for CreateUniversalAuthClientSecret. +type CreateUniversalAuthClientSecretJSONBody struct { + // Description The description of the client secret. + Description *string `json:"description,omitempty"` + + // NumUsesLimit The maximum number of times that the client secret can be used; a value of 0 implies infinite number of uses. + NumUsesLimit *float32 `json:"numUsesLimit,omitempty"` + + // Ttl The lifetime for the client secret in seconds. + Ttl *float32 `json:"ttl,omitempty"` +} + +// CreateAcmeCertificateAuthorityV1JSONBody defines parameters for CreateAcmeCertificateAuthorityV1. +type CreateAcmeCertificateAuthorityV1JSONBody struct { + Configuration struct { + // AccountEmail The email address for the ACME Certificate Authority. + AccountEmail string `json:"accountEmail"` + + // DirectoryUrl The directory URL for the ACME Certificate Authority. + DirectoryUrl string `json:"directoryUrl"` + + // DnsAppConnectionId The ID of the App Connection to use for creating and managing DNS TXT records required for ACME domain validation. This connection must have permissions to create and delete TXT records in your DNS provider (e.g., Route53) for the ACME challenge process. + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + // HostedZoneId The hosted zone ID for the ACME Certificate Authority. + HostedZoneId string `json:"hostedZoneId"` + + // Provider The DNS provider for the ACME Certificate Authority. + Provider CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + + // EabHmacKey The External Account Binding (EAB) HMAC key for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabHmacKey *string `json:"eabHmacKey,omitempty"` + + // EabKid The External Account Binding (EAB) Key ID for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabKid *string `json:"eabKid,omitempty"` + } `json:"configuration"` + + // Name The name of the ACME-compatible CA Certificate Authority to create. Must be slug-friendly. + Name string `json:"name"` + + // ProjectId The ID of the project to create the Certificate Authority in. + ProjectId openapi_types.UUID `json:"projectId"` + + // Status The status of the ACME-compatible CA Certificate Authority. + Status CreateAcmeCertificateAuthorityV1JSONBodyStatus `json:"status"` +} + +// CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider defines parameters for CreateAcmeCertificateAuthorityV1. +type CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider string + +// CreateAcmeCertificateAuthorityV1JSONBodyStatus defines parameters for CreateAcmeCertificateAuthorityV1. +type CreateAcmeCertificateAuthorityV1JSONBodyStatus string + +// UpdateAcmeCertificateAuthorityV1JSONBody defines parameters for UpdateAcmeCertificateAuthorityV1. +type UpdateAcmeCertificateAuthorityV1JSONBody struct { + Configuration *struct { + // AccountEmail The email address for the ACME Certificate Authority. + AccountEmail string `json:"accountEmail"` + + // DirectoryUrl The directory URL for the ACME Certificate Authority. + DirectoryUrl string `json:"directoryUrl"` + + // DnsAppConnectionId The ID of the App Connection to use for creating and managing DNS TXT records required for ACME domain validation. This connection must have permissions to create and delete TXT records in your DNS provider (e.g., Route53) for the ACME challenge process. + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + // HostedZoneId The hosted zone ID for the ACME Certificate Authority. + HostedZoneId string `json:"hostedZoneId"` + + // Provider The DNS provider for the ACME Certificate Authority. + Provider UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + + // EabHmacKey The External Account Binding (EAB) HMAC key for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabHmacKey *string `json:"eabHmacKey,omitempty"` + + // EabKid The External Account Binding (EAB) Key ID for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabKid *string `json:"eabKid,omitempty"` + } `json:"configuration,omitempty"` + + // Status The updated status of the ACME-compatible CA Certificate Authority. + Status *UpdateAcmeCertificateAuthorityV1JSONBodyStatus `json:"status,omitempty"` } +// UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider defines parameters for UpdateAcmeCertificateAuthorityV1. +type UpdateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider string + +// UpdateAcmeCertificateAuthorityV1JSONBodyStatus defines parameters for UpdateAcmeCertificateAuthorityV1. +type UpdateAcmeCertificateAuthorityV1JSONBodyStatus string + +// CreateInternalCertificateAuthorityV1JSONBody defines parameters for CreateInternalCertificateAuthorityV1. +type CreateInternalCertificateAuthorityV1JSONBody struct { + Configuration struct { + ActiveCaCertId *openapi_types.UUID `json:"activeCaCertId"` + + // CommonName The common name (CN) for the CA. + CommonName *string `json:"commonName,omitempty"` + + // Country The country name (C) for the CA. + Country *string `json:"country,omitempty"` + Dn *string `json:"dn"` + + // FriendlyName A friendly name for the CA. + FriendlyName *string `json:"friendlyName,omitempty"` + + // KeyAlgorithm The type of public key algorithm and size, in bits, of the key pair for the CA; when you create an intermediate CA, you must use a key algorithm supported by the parent CA. + KeyAlgorithm CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm `json:"keyAlgorithm"` + + // Locality The locality name for the CA. + Locality *string `json:"locality,omitempty"` + + // MaxPathLength The maximum number of intermediate CAs that may follow this CA in the certificate / CA chain. A maxPathLength of -1 implies no path limit on the chain. + MaxPathLength *float32 `json:"maxPathLength"` + + // NotAfter The date and time when the CA expires in YYYY-MM-DDTHH:mm:ss.sssZ format. + NotAfter *string `json:"notAfter,omitempty"` + + // NotBefore The date and time when the CA becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format. + NotBefore *string `json:"notBefore,omitempty"` + + // Organization The organization (O) for the CA. + Organization *string `json:"organization,omitempty"` + + // Ou The organization unit (OU) for the CA. + Ou *string `json:"ou,omitempty"` + ParentCaId *openapi_types.UUID `json:"parentCaId"` + + // Province The state of province name for the CA. + Province *string `json:"province,omitempty"` + SerialNumber *string `json:"serialNumber"` + + // Type The type of CA to create. + Type CreateInternalCertificateAuthorityV1JSONBodyConfigurationType `json:"type"` + } `json:"configuration"` + + // Name The name of the Internal Certificate Authority to create. Must be slug-friendly. + Name string `json:"name"` + + // ProjectId The ID of the project to create the Certificate Authority in. + ProjectId openapi_types.UUID `json:"projectId"` + + // Status The status of the Internal Certificate Authority. + Status CreateInternalCertificateAuthorityV1JSONBodyStatus `json:"status"` +} + +// CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm defines parameters for CreateInternalCertificateAuthorityV1. +type CreateInternalCertificateAuthorityV1JSONBodyConfigurationKeyAlgorithm string + +// CreateInternalCertificateAuthorityV1JSONBodyConfigurationType defines parameters for CreateInternalCertificateAuthorityV1. +type CreateInternalCertificateAuthorityV1JSONBodyConfigurationType string + +// CreateInternalCertificateAuthorityV1JSONBodyStatus defines parameters for CreateInternalCertificateAuthorityV1. +type CreateInternalCertificateAuthorityV1JSONBodyStatus string + +// CreateCertificatePolicyJSONBody defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBody struct { + Algorithms *struct { + KeyAlgorithm *[]string `json:"keyAlgorithm,omitempty"` + Signature *[]string `json:"signature,omitempty"` + } `json:"algorithms,omitempty"` + BasicConstraints *struct { + IsCA *CreateCertificatePolicyJSONBodyBasicConstraintsIsCA `json:"isCA,omitempty"` + MaxPathLength *int `json:"maxPathLength,omitempty"` + } `json:"basicConstraints"` + Description *string `json:"description,omitempty"` + ExtendedKeyUsages *struct { + Allowed *[]CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied `json:"denied,omitempty"` + Required *[]CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired `json:"required,omitempty"` + } `json:"extendedKeyUsages,omitempty"` + KeyUsages *struct { + Allowed *[]CreateCertificatePolicyJSONBodyKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]CreateCertificatePolicyJSONBodyKeyUsagesDenied `json:"denied,omitempty"` + Required *[]CreateCertificatePolicyJSONBodyKeyUsagesRequired `json:"required,omitempty"` + } `json:"keyUsages,omitempty"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + Sans *[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type CreateCertificatePolicyJSONBodySansType `json:"type"` + } `json:"sans,omitempty"` + Subject *[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type CreateCertificatePolicyJSONBodySubjectType `json:"type"` + } `json:"subject,omitempty"` + Validity *struct { + Max *string `json:"max,omitempty"` + } `json:"validity,omitempty"` +} + +// CreateCertificatePolicyJSONBodyBasicConstraintsIsCA defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodyBasicConstraintsIsCA string + +// CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodyExtendedKeyUsagesAllowed string + +// CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodyExtendedKeyUsagesDenied string + +// CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodyExtendedKeyUsagesRequired string + +// CreateCertificatePolicyJSONBodyKeyUsagesAllowed defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodyKeyUsagesAllowed string + +// CreateCertificatePolicyJSONBodyKeyUsagesDenied defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodyKeyUsagesDenied string + +// CreateCertificatePolicyJSONBodyKeyUsagesRequired defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodyKeyUsagesRequired string + +// CreateCertificatePolicyJSONBodySansType defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodySansType string + +// CreateCertificatePolicyJSONBodySubjectType defines parameters for CreateCertificatePolicy. +type CreateCertificatePolicyJSONBodySubjectType string + +// CreateCertificateProfileJSONBody defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBody struct { + AcmeConfig *struct { + SkipDnsOwnershipVerification *bool `json:"skipDnsOwnershipVerification,omitempty"` + SkipEabBinding *bool `json:"skipEabBinding,omitempty"` + } `json:"acmeConfig,omitempty"` + ApiConfig *struct { + AutoRenew *bool `json:"autoRenew,omitempty"` + RenewBeforeDays *float32 `json:"renewBeforeDays,omitempty"` + } `json:"apiConfig,omitempty"` + CaId *openapi_types.UUID `json:"caId,omitempty"` + CertificatePolicyId openapi_types.UUID `json:"certificatePolicyId"` + Defaults *struct { + BasicConstraints *struct { + IsCA bool `json:"isCA"` + PathLength *int `json:"pathLength,omitempty"` + } `json:"basicConstraints,omitempty"` + CommonName *string `json:"commonName,omitempty"` + Country *string `json:"country,omitempty"` + ExtendedKeyUsages *[]CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages `json:"extendedKeyUsages,omitempty"` + KeyAlgorithm *CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm `json:"keyAlgorithm,omitempty"` + KeyUsages *[]CreateCertificateProfileJSONBodyDefaultsKeyUsages `json:"keyUsages,omitempty"` + Locality *string `json:"locality,omitempty"` + Organization *string `json:"organization,omitempty"` + OrganizationalUnit *string `json:"organizationalUnit,omitempty"` + SignatureAlgorithm *CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm `json:"signatureAlgorithm,omitempty"` + State *string `json:"state,omitempty"` + TtlDays *int `json:"ttlDays,omitempty"` + } `json:"defaults"` + Description *string `json:"description,omitempty"` + EnrollmentType CreateCertificateProfileJSONBodyEnrollmentType `json:"enrollmentType"` + EstConfig *struct { + CaChain *string `json:"caChain,omitempty"` + DisableBootstrapCaValidation *bool `json:"disableBootstrapCaValidation,omitempty"` + Passphrase string `json:"passphrase"` + } `json:"estConfig,omitempty"` + ExternalConfigs *CreateCertificateProfileJSONBody_ExternalConfigs `json:"externalConfigs"` + IssuerType *CreateCertificateProfileJSONBodyIssuerType `json:"issuerType,omitempty"` + ProjectId string `json:"projectId"` + Slug string `json:"slug"` +} + +// CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyDefaultsExtendedKeyUsages string + +// CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyDefaultsKeyAlgorithm string + +// CreateCertificateProfileJSONBodyDefaultsKeyUsages defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyDefaultsKeyUsages string + +// CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyDefaultsSignatureAlgorithm string + +// CreateCertificateProfileJSONBodyEnrollmentType defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyEnrollmentType string + +// CreateCertificateProfileJSONBodyExternalConfigs0 defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyExternalConfigs0 struct { + // Template Certificate template name for Azure AD CS + Template string `json:"template"` +} + +// CreateCertificateProfileJSONBodyExternalConfigs1 defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyExternalConfigs1 = map[string]interface{} + +// CreateCertificateProfileJSONBodyExternalConfigs2 defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyExternalConfigs2 = map[string]interface{} + +// CreateCertificateProfileJSONBodyExternalConfigs3 defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyExternalConfigs3 = map[string]interface{} + +// CreateCertificateProfileJSONBody_ExternalConfigs defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBody_ExternalConfigs struct { + union json.RawMessage +} + +// CreateCertificateProfileJSONBodyIssuerType defines parameters for CreateCertificateProfile. +type CreateCertificateProfileJSONBodyIssuerType string + // CreateMachineIdentityJSONBody defines parameters for CreateMachineIdentity. type CreateMachineIdentityJSONBody struct { // HasDeleteProtection Prevents deletion of the identity when enabled. @@ -169,7 +752,11 @@ type CreateKubernetesPamResourceJSONBody struct { SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` Url string `json:"url"` } `json:"connectionDetails"` - GatewayId openapi_types.UUID `json:"gatewayId"` + GatewayId openapi_types.UUID `json:"gatewayId"` + Metadata *[]struct { + Key string `json:"key"` + Value *string `json:"value,omitempty"` + } `json:"metadata,omitempty"` Name string `json:"name"` ProjectId openapi_types.UUID `json:"projectId"` RotationAccountCredentials *CreateKubernetesPamResourceJSONBody_RotationAccountCredentials `json:"rotationAccountCredentials"` @@ -198,7 +785,11 @@ type CreateRedisPamResourceJSONBody struct { SslEnabled bool `json:"sslEnabled"` SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` } `json:"connectionDetails"` - GatewayId openapi_types.UUID `json:"gatewayId"` + GatewayId openapi_types.UUID `json:"gatewayId"` + Metadata *[]struct { + Key string `json:"key"` + Value *string `json:"value,omitempty"` + } `json:"metadata,omitempty"` Name string `json:"name"` ProjectId openapi_types.UUID `json:"projectId"` RotationAccountCredentials *struct { @@ -241,7 +832,7 @@ type SelectOrganizationV3JSONBodyUserAgent string // ListSecretsV4Params defines parameters for ListSecretsV4. type ListSecretsV4Params struct { - // MetadataFilter The secret metadata key-value pairs to filter secrets by. When querying for multiple metadata pairs, the query is treated as an AND operation. Secret metadata format is key=value1,value=value2|key=value3,value=value4. + // MetadataFilter Unencrypted secret metadata key-value pairs used to filter secrets. Only metadata with unencrypted values is supported. When querying for multiple metadata pairs, the query is treated as an AND operation. Secret metadata format is key=value1,value=value2|key=value3,value=value4. MetadataFilter *string `form:"metadataFilter,omitempty" json:"metadataFilter,omitempty"` // ProjectId The ID of the project to list secrets from. @@ -262,8 +853,11 @@ type ListSecretsV4Params struct { // Recursive Whether or not to fetch all secrets from the specified base path, and all of its subdirectories. Note, the max depth is 20 deep. Recursive *ListSecretsV4ParamsRecursive `form:"recursive,omitempty" json:"recursive,omitempty"` + // IncludePersonalOverrides Whether or not to include personal secrets in the response. When enabled, personal secrets will be included in the response. Shared secrets will still be included, but personal secrets will take priority, and the corresponding shared secrets will be replaced with the personal secrets. + IncludePersonalOverrides *ListSecretsV4ParamsIncludePersonalOverrides `form:"includePersonalOverrides,omitempty" json:"includePersonalOverrides,omitempty"` + // IncludeImports Weather to include imported secrets or not. - IncludeImports *ListSecretsV4ParamsIncludeImports `form:"include_imports,omitempty" json:"include_imports,omitempty"` + IncludeImports *ListSecretsV4ParamsIncludeImports `form:"includeImports,omitempty" json:"includeImports,omitempty"` // TagSlugs The comma separated tag slugs to filter secrets. TagSlugs *string `form:"tagSlugs,omitempty" json:"tagSlugs,omitempty"` @@ -278,6 +872,9 @@ type ListSecretsV4ParamsExpandSecretReferences string // ListSecretsV4ParamsRecursive defines parameters for ListSecretsV4. type ListSecretsV4ParamsRecursive string +// ListSecretsV4ParamsIncludePersonalOverrides defines parameters for ListSecretsV4. +type ListSecretsV4ParamsIncludePersonalOverrides string + // ListSecretsV4ParamsIncludeImports defines parameters for ListSecretsV4. type ListSecretsV4ParamsIncludeImports string @@ -323,7 +920,7 @@ type GetSecretByNameV4Params struct { ExpandSecretReferences *GetSecretByNameV4ParamsExpandSecretReferences `form:"expandSecretReferences,omitempty" json:"expandSecretReferences,omitempty"` // IncludeImports Weather to include imported secrets or not. - IncludeImports *GetSecretByNameV4ParamsIncludeImports `form:"include_imports,omitempty" json:"include_imports,omitempty"` + IncludeImports *GetSecretByNameV4ParamsIncludeImports `form:"includeImports,omitempty" json:"includeImports,omitempty"` } // GetSecretByNameV4ParamsType defines parameters for GetSecretByNameV4. @@ -353,8 +950,9 @@ type UpdateSecretV4JSONBody struct { // SecretComment Update comment to the secret. SecretComment *string `json:"secretComment,omitempty"` SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` } `json:"secretMetadata,omitempty"` // SecretPath The default path for secrets to update or upsert, if not provided in the secret details. @@ -396,8 +994,9 @@ type CreateSecretV4JSONBody struct { // SecretComment Attach a comment to the secret. SecretComment *string `json:"secretComment,omitempty"` SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` } `json:"secretMetadata,omitempty"` // SecretPath The path to create the secret in. @@ -413,7 +1012,7 @@ type CreateSecretV4JSONBody struct { SecretValue string `json:"secretValue"` // SkipMultilineEncoding Skip multiline encoding for the secret value. - SkipMultilineEncoding *bool `json:"skipMultilineEncoding,omitempty"` + SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` // TagIds The ID of the tags to be attached to the created secret. TagIds *[]string `json:"tagIds,omitempty"` @@ -428,12 +1027,36 @@ type CreateSecretV4JSONBodyType string // AdminSignUpJSONRequestBody defines body for AdminSignUp for application/json ContentType. type AdminSignUpJSONRequestBody AdminSignUpJSONBody +// CreateCloudflareAppConnectionJSONRequestBody defines body for CreateCloudflareAppConnection for application/json ContentType. +type CreateCloudflareAppConnectionJSONRequestBody CreateCloudflareAppConnectionJSONBody + // AttachTokenAuthJSONRequestBody defines body for AttachTokenAuth for application/json ContentType. type AttachTokenAuthJSONRequestBody AttachTokenAuthJSONBody // CreateTokenAuthTokenJSONRequestBody defines body for CreateTokenAuthToken for application/json ContentType. type CreateTokenAuthTokenJSONRequestBody CreateTokenAuthTokenJSONBody +// AttachUniversalAuthJSONRequestBody defines body for AttachUniversalAuth for application/json ContentType. +type AttachUniversalAuthJSONRequestBody AttachUniversalAuthJSONBody + +// CreateUniversalAuthClientSecretJSONRequestBody defines body for CreateUniversalAuthClientSecret for application/json ContentType. +type CreateUniversalAuthClientSecretJSONRequestBody CreateUniversalAuthClientSecretJSONBody + +// CreateAcmeCertificateAuthorityV1JSONRequestBody defines body for CreateAcmeCertificateAuthorityV1 for application/json ContentType. +type CreateAcmeCertificateAuthorityV1JSONRequestBody CreateAcmeCertificateAuthorityV1JSONBody + +// UpdateAcmeCertificateAuthorityV1JSONRequestBody defines body for UpdateAcmeCertificateAuthorityV1 for application/json ContentType. +type UpdateAcmeCertificateAuthorityV1JSONRequestBody UpdateAcmeCertificateAuthorityV1JSONBody + +// CreateInternalCertificateAuthorityV1JSONRequestBody defines body for CreateInternalCertificateAuthorityV1 for application/json ContentType. +type CreateInternalCertificateAuthorityV1JSONRequestBody CreateInternalCertificateAuthorityV1JSONBody + +// CreateCertificatePolicyJSONRequestBody defines body for CreateCertificatePolicy for application/json ContentType. +type CreateCertificatePolicyJSONRequestBody CreateCertificatePolicyJSONBody + +// CreateCertificateProfileJSONRequestBody defines body for CreateCertificateProfile for application/json ContentType. +type CreateCertificateProfileJSONRequestBody CreateCertificateProfileJSONBody + // CreateMachineIdentityJSONRequestBody defines body for CreateMachineIdentity for application/json ContentType. type CreateMachineIdentityJSONRequestBody CreateMachineIdentityJSONBody @@ -536,6 +1159,11 @@ type ClientInterface interface { AdminSignUp(ctx context.Context, body AdminSignUpJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // CreateCloudflareAppConnectionWithBody request with any body + CreateCloudflareAppConnectionWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + CreateCloudflareAppConnection(ctx context.Context, body CreateCloudflareAppConnectionJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // RefreshAuthToken request RefreshAuthToken(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -549,6 +1177,41 @@ type ClientInterface interface { CreateTokenAuthToken(ctx context.Context, identityId string, body CreateTokenAuthTokenJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // AttachUniversalAuthWithBody request with any body + AttachUniversalAuthWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + AttachUniversalAuth(ctx context.Context, identityId string, body AttachUniversalAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + + // CreateUniversalAuthClientSecretWithBody request with any body + CreateUniversalAuthClientSecretWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + CreateUniversalAuthClientSecret(ctx context.Context, identityId string, body CreateUniversalAuthClientSecretJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + + // CreateAcmeCertificateAuthorityV1WithBody request with any body + CreateAcmeCertificateAuthorityV1WithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + CreateAcmeCertificateAuthorityV1(ctx context.Context, body CreateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + + // UpdateAcmeCertificateAuthorityV1WithBody request with any body + UpdateAcmeCertificateAuthorityV1WithBody(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + UpdateAcmeCertificateAuthorityV1(ctx context.Context, id string, body UpdateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + + // CreateInternalCertificateAuthorityV1WithBody request with any body + CreateInternalCertificateAuthorityV1WithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + CreateInternalCertificateAuthorityV1(ctx context.Context, body CreateInternalCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + + // CreateCertificatePolicyWithBody request with any body + CreateCertificatePolicyWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + CreateCertificatePolicy(ctx context.Context, body CreateCertificatePolicyJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + + // CreateCertificateProfileWithBody request with any body + CreateCertificateProfileWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + CreateCertificateProfile(ctx context.Context, body CreateCertificateProfileJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // CreateMachineIdentityWithBody request with any body CreateMachineIdentityWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -626,8 +1289,8 @@ func (c *Client) AdminSignUp(ctx context.Context, body AdminSignUpJSONRequestBod return c.Client.Do(req) } -func (c *Client) RefreshAuthToken(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewRefreshAuthTokenRequest(c.Server) +func (c *Client) CreateCloudflareAppConnectionWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateCloudflareAppConnectionRequestWithBody(c.Server, contentType, body) if err != nil { return nil, err } @@ -638,8 +1301,8 @@ func (c *Client) RefreshAuthToken(ctx context.Context, reqEditors ...RequestEdit return c.Client.Do(req) } -func (c *Client) AttachTokenAuthWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewAttachTokenAuthRequestWithBody(c.Server, identityId, contentType, body) +func (c *Client) CreateCloudflareAppConnection(ctx context.Context, body CreateCloudflareAppConnectionJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateCloudflareAppConnectionRequest(c.Server, body) if err != nil { return nil, err } @@ -650,8 +1313,8 @@ func (c *Client) AttachTokenAuthWithBody(ctx context.Context, identityId string, return c.Client.Do(req) } -func (c *Client) AttachTokenAuth(ctx context.Context, identityId string, body AttachTokenAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewAttachTokenAuthRequest(c.Server, identityId, body) +func (c *Client) RefreshAuthToken(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewRefreshAuthTokenRequest(c.Server) if err != nil { return nil, err } @@ -662,8 +1325,8 @@ func (c *Client) AttachTokenAuth(ctx context.Context, identityId string, body At return c.Client.Do(req) } -func (c *Client) CreateTokenAuthTokenWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateTokenAuthTokenRequestWithBody(c.Server, identityId, contentType, body) +func (c *Client) AttachTokenAuthWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewAttachTokenAuthRequestWithBody(c.Server, identityId, contentType, body) if err != nil { return nil, err } @@ -674,8 +1337,8 @@ func (c *Client) CreateTokenAuthTokenWithBody(ctx context.Context, identityId st return c.Client.Do(req) } -func (c *Client) CreateTokenAuthToken(ctx context.Context, identityId string, body CreateTokenAuthTokenJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateTokenAuthTokenRequest(c.Server, identityId, body) +func (c *Client) AttachTokenAuth(ctx context.Context, identityId string, body AttachTokenAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewAttachTokenAuthRequest(c.Server, identityId, body) if err != nil { return nil, err } @@ -686,8 +1349,8 @@ func (c *Client) CreateTokenAuthToken(ctx context.Context, identityId string, bo return c.Client.Do(req) } -func (c *Client) CreateMachineIdentityWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateMachineIdentityRequestWithBody(c.Server, contentType, body) +func (c *Client) CreateTokenAuthTokenWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateTokenAuthTokenRequestWithBody(c.Server, identityId, contentType, body) if err != nil { return nil, err } @@ -698,8 +1361,8 @@ func (c *Client) CreateMachineIdentityWithBody(ctx context.Context, contentType return c.Client.Do(req) } -func (c *Client) CreateMachineIdentity(ctx context.Context, body CreateMachineIdentityJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateMachineIdentityRequest(c.Server, body) +func (c *Client) CreateTokenAuthToken(ctx context.Context, identityId string, body CreateTokenAuthTokenJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateTokenAuthTokenRequest(c.Server, identityId, body) if err != nil { return nil, err } @@ -710,8 +1373,8 @@ func (c *Client) CreateMachineIdentity(ctx context.Context, body CreateMachineId return c.Client.Do(req) } -func (c *Client) CreateKubernetesPamResourceWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateKubernetesPamResourceRequestWithBody(c.Server, contentType, body) +func (c *Client) AttachUniversalAuthWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewAttachUniversalAuthRequestWithBody(c.Server, identityId, contentType, body) if err != nil { return nil, err } @@ -722,8 +1385,8 @@ func (c *Client) CreateKubernetesPamResourceWithBody(ctx context.Context, conten return c.Client.Do(req) } -func (c *Client) CreateKubernetesPamResource(ctx context.Context, body CreateKubernetesPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateKubernetesPamResourceRequest(c.Server, body) +func (c *Client) AttachUniversalAuth(ctx context.Context, identityId string, body AttachUniversalAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewAttachUniversalAuthRequest(c.Server, identityId, body) if err != nil { return nil, err } @@ -734,8 +1397,8 @@ func (c *Client) CreateKubernetesPamResource(ctx context.Context, body CreateKub return c.Client.Do(req) } -func (c *Client) CreateRedisPamResourceWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateRedisPamResourceRequestWithBody(c.Server, contentType, body) +func (c *Client) CreateUniversalAuthClientSecretWithBody(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateUniversalAuthClientSecretRequestWithBody(c.Server, identityId, contentType, body) if err != nil { return nil, err } @@ -746,8 +1409,8 @@ func (c *Client) CreateRedisPamResourceWithBody(ctx context.Context, contentType return c.Client.Do(req) } -func (c *Client) CreateRedisPamResource(ctx context.Context, body CreateRedisPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateRedisPamResourceRequest(c.Server, body) +func (c *Client) CreateUniversalAuthClientSecret(ctx context.Context, identityId string, body CreateUniversalAuthClientSecretJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateUniversalAuthClientSecretRequest(c.Server, identityId, body) if err != nil { return nil, err } @@ -758,8 +1421,8 @@ func (c *Client) CreateRedisPamResource(ctx context.Context, body CreateRedisPam return c.Client.Do(req) } -func (c *Client) CreateProjectWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateProjectRequestWithBody(c.Server, contentType, body) +func (c *Client) CreateAcmeCertificateAuthorityV1WithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateAcmeCertificateAuthorityV1RequestWithBody(c.Server, contentType, body) if err != nil { return nil, err } @@ -770,8 +1433,8 @@ func (c *Client) CreateProjectWithBody(ctx context.Context, contentType string, return c.Client.Do(req) } -func (c *Client) CreateProject(ctx context.Context, body CreateProjectJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateProjectRequest(c.Server, body) +func (c *Client) CreateAcmeCertificateAuthorityV1(ctx context.Context, body CreateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateAcmeCertificateAuthorityV1Request(c.Server, body) if err != nil { return nil, err } @@ -782,8 +1445,8 @@ func (c *Client) CreateProject(ctx context.Context, body CreateProjectJSONReques return c.Client.Do(req) } -func (c *Client) GetRelays(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewGetRelaysRequest(c.Server) +func (c *Client) UpdateAcmeCertificateAuthorityV1WithBody(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewUpdateAcmeCertificateAuthorityV1RequestWithBody(c.Server, id, contentType, body) if err != nil { return nil, err } @@ -794,8 +1457,8 @@ func (c *Client) GetRelays(ctx context.Context, reqEditors ...RequestEditorFn) ( return c.Client.Do(req) } -func (c *Client) ListGateways(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewListGatewaysRequest(c.Server) +func (c *Client) UpdateAcmeCertificateAuthorityV1(ctx context.Context, id string, body UpdateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewUpdateAcmeCertificateAuthorityV1Request(c.Server, id, body) if err != nil { return nil, err } @@ -806,8 +1469,8 @@ func (c *Client) ListGateways(ctx context.Context, reqEditors ...RequestEditorFn return c.Client.Do(req) } -func (c *Client) SelectOrganizationV3WithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewSelectOrganizationV3RequestWithBody(c.Server, contentType, body) +func (c *Client) CreateInternalCertificateAuthorityV1WithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateInternalCertificateAuthorityV1RequestWithBody(c.Server, contentType, body) if err != nil { return nil, err } @@ -818,8 +1481,8 @@ func (c *Client) SelectOrganizationV3WithBody(ctx context.Context, contentType s return c.Client.Do(req) } -func (c *Client) SelectOrganizationV3(ctx context.Context, body SelectOrganizationV3JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewSelectOrganizationV3Request(c.Server, body) +func (c *Client) CreateInternalCertificateAuthorityV1(ctx context.Context, body CreateInternalCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateInternalCertificateAuthorityV1Request(c.Server, body) if err != nil { return nil, err } @@ -830,8 +1493,8 @@ func (c *Client) SelectOrganizationV3(ctx context.Context, body SelectOrganizati return c.Client.Do(req) } -func (c *Client) ListSecretsV4(ctx context.Context, params *ListSecretsV4Params, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewListSecretsV4Request(c.Server, params) +func (c *Client) CreateCertificatePolicyWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateCertificatePolicyRequestWithBody(c.Server, contentType, body) if err != nil { return nil, err } @@ -842,8 +1505,8 @@ func (c *Client) ListSecretsV4(ctx context.Context, params *ListSecretsV4Params, return c.Client.Do(req) } -func (c *Client) DeleteSecretV4WithBody(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewDeleteSecretV4RequestWithBody(c.Server, secretName, contentType, body) +func (c *Client) CreateCertificatePolicy(ctx context.Context, body CreateCertificatePolicyJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateCertificatePolicyRequest(c.Server, body) if err != nil { return nil, err } @@ -854,8 +1517,8 @@ func (c *Client) DeleteSecretV4WithBody(ctx context.Context, secretName string, return c.Client.Do(req) } -func (c *Client) DeleteSecretV4(ctx context.Context, secretName string, body DeleteSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewDeleteSecretV4Request(c.Server, secretName, body) +func (c *Client) CreateCertificateProfileWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateCertificateProfileRequestWithBody(c.Server, contentType, body) if err != nil { return nil, err } @@ -866,8 +1529,8 @@ func (c *Client) DeleteSecretV4(ctx context.Context, secretName string, body Del return c.Client.Do(req) } -func (c *Client) GetSecretByNameV4(ctx context.Context, secretName string, params *GetSecretByNameV4Params, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewGetSecretByNameV4Request(c.Server, secretName, params) +func (c *Client) CreateCertificateProfile(ctx context.Context, body CreateCertificateProfileJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateCertificateProfileRequest(c.Server, body) if err != nil { return nil, err } @@ -878,8 +1541,8 @@ func (c *Client) GetSecretByNameV4(ctx context.Context, secretName string, param return c.Client.Do(req) } -func (c *Client) UpdateSecretV4WithBody(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewUpdateSecretV4RequestWithBody(c.Server, secretName, contentType, body) +func (c *Client) CreateMachineIdentityWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateMachineIdentityRequestWithBody(c.Server, contentType, body) if err != nil { return nil, err } @@ -890,8 +1553,8 @@ func (c *Client) UpdateSecretV4WithBody(ctx context.Context, secretName string, return c.Client.Do(req) } -func (c *Client) UpdateSecretV4(ctx context.Context, secretName string, body UpdateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewUpdateSecretV4Request(c.Server, secretName, body) +func (c *Client) CreateMachineIdentity(ctx context.Context, body CreateMachineIdentityJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateMachineIdentityRequest(c.Server, body) if err != nil { return nil, err } @@ -902,8 +1565,8 @@ func (c *Client) UpdateSecretV4(ctx context.Context, secretName string, body Upd return c.Client.Do(req) } -func (c *Client) CreateSecretV4WithBody(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateSecretV4RequestWithBody(c.Server, secretName, contentType, body) +func (c *Client) CreateKubernetesPamResourceWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateKubernetesPamResourceRequestWithBody(c.Server, contentType, body) if err != nil { return nil, err } @@ -914,8 +1577,8 @@ func (c *Client) CreateSecretV4WithBody(ctx context.Context, secretName string, return c.Client.Do(req) } -func (c *Client) CreateSecretV4(ctx context.Context, secretName string, body CreateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { - req, err := NewCreateSecretV4Request(c.Server, secretName, body) +func (c *Client) CreateKubernetesPamResource(ctx context.Context, body CreateKubernetesPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateKubernetesPamResourceRequest(c.Server, body) if err != nil { return nil, err } @@ -926,7 +1589,199 @@ func (c *Client) CreateSecretV4(ctx context.Context, secretName string, body Cre return c.Client.Do(req) } -// NewAdminSignUpRequest calls the generic AdminSignUp builder with application/json body +func (c *Client) CreateRedisPamResourceWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateRedisPamResourceRequestWithBody(c.Server, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) CreateRedisPamResource(ctx context.Context, body CreateRedisPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateRedisPamResourceRequest(c.Server, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) CreateProjectWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateProjectRequestWithBody(c.Server, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) CreateProject(ctx context.Context, body CreateProjectJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateProjectRequest(c.Server, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) GetRelays(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewGetRelaysRequest(c.Server) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) ListGateways(ctx context.Context, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewListGatewaysRequest(c.Server) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) SelectOrganizationV3WithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewSelectOrganizationV3RequestWithBody(c.Server, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) SelectOrganizationV3(ctx context.Context, body SelectOrganizationV3JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewSelectOrganizationV3Request(c.Server, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) ListSecretsV4(ctx context.Context, params *ListSecretsV4Params, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewListSecretsV4Request(c.Server, params) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) DeleteSecretV4WithBody(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewDeleteSecretV4RequestWithBody(c.Server, secretName, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) DeleteSecretV4(ctx context.Context, secretName string, body DeleteSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewDeleteSecretV4Request(c.Server, secretName, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) GetSecretByNameV4(ctx context.Context, secretName string, params *GetSecretByNameV4Params, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewGetSecretByNameV4Request(c.Server, secretName, params) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) UpdateSecretV4WithBody(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewUpdateSecretV4RequestWithBody(c.Server, secretName, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) UpdateSecretV4(ctx context.Context, secretName string, body UpdateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewUpdateSecretV4Request(c.Server, secretName, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) CreateSecretV4WithBody(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateSecretV4RequestWithBody(c.Server, secretName, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) CreateSecretV4(ctx context.Context, secretName string, body CreateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewCreateSecretV4Request(c.Server, secretName, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +// NewAdminSignUpRequest calls the generic AdminSignUp builder with application/json body func NewAdminSignUpRequest(server string, body AdminSignUpJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) @@ -966,6 +1821,46 @@ func NewAdminSignUpRequestWithBody(server string, contentType string, body io.Re return req, nil } +// NewCreateCloudflareAppConnectionRequest calls the generic CreateCloudflareAppConnection builder with application/json body +func NewCreateCloudflareAppConnectionRequest(server string, body CreateCloudflareAppConnectionJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewCreateCloudflareAppConnectionRequestWithBody(server, "application/json", bodyReader) +} + +// NewCreateCloudflareAppConnectionRequestWithBody generates requests for CreateCloudflareAppConnection with any type of body +func NewCreateCloudflareAppConnectionRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v1/app-connections/cloudflare") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("POST", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + // NewRefreshAuthTokenRequest generates requests for RefreshAuthToken func NewRefreshAuthTokenRequest(server string) (*http.Request, error) { var err error @@ -1087,27 +1982,34 @@ func NewCreateTokenAuthTokenRequestWithBody(server string, identityId string, co return req, nil } -// NewCreateMachineIdentityRequest calls the generic CreateMachineIdentity builder with application/json body -func NewCreateMachineIdentityRequest(server string, body CreateMachineIdentityJSONRequestBody) (*http.Request, error) { +// NewAttachUniversalAuthRequest calls the generic AttachUniversalAuth builder with application/json body +func NewAttachUniversalAuthRequest(server string, identityId string, body AttachUniversalAuthJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) - return NewCreateMachineIdentityRequestWithBody(server, "application/json", bodyReader) + return NewAttachUniversalAuthRequestWithBody(server, identityId, "application/json", bodyReader) } -// NewCreateMachineIdentityRequestWithBody generates requests for CreateMachineIdentity with any type of body -func NewCreateMachineIdentityRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { +// NewAttachUniversalAuthRequestWithBody generates requests for AttachUniversalAuth with any type of body +func NewAttachUniversalAuthRequestWithBody(server string, identityId string, contentType string, body io.Reader) (*http.Request, error) { var err error + var pathParam0 string + + pathParam0, err = runtime.StyleParamWithLocation("simple", false, "identityId", runtime.ParamLocationPath, identityId) + if err != nil { + return nil, err + } + serverURL, err := url.Parse(server) if err != nil { return nil, err } - operationPath := fmt.Sprintf("/api/v1/identities") + operationPath := fmt.Sprintf("/api/v1/auth/universal-auth/identities/%s", pathParam0) if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1127,27 +2029,34 @@ func NewCreateMachineIdentityRequestWithBody(server string, contentType string, return req, nil } -// NewCreateKubernetesPamResourceRequest calls the generic CreateKubernetesPamResource builder with application/json body -func NewCreateKubernetesPamResourceRequest(server string, body CreateKubernetesPamResourceJSONRequestBody) (*http.Request, error) { +// NewCreateUniversalAuthClientSecretRequest calls the generic CreateUniversalAuthClientSecret builder with application/json body +func NewCreateUniversalAuthClientSecretRequest(server string, identityId string, body CreateUniversalAuthClientSecretJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) - return NewCreateKubernetesPamResourceRequestWithBody(server, "application/json", bodyReader) + return NewCreateUniversalAuthClientSecretRequestWithBody(server, identityId, "application/json", bodyReader) } -// NewCreateKubernetesPamResourceRequestWithBody generates requests for CreateKubernetesPamResource with any type of body -func NewCreateKubernetesPamResourceRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { +// NewCreateUniversalAuthClientSecretRequestWithBody generates requests for CreateUniversalAuthClientSecret with any type of body +func NewCreateUniversalAuthClientSecretRequestWithBody(server string, identityId string, contentType string, body io.Reader) (*http.Request, error) { var err error + var pathParam0 string + + pathParam0, err = runtime.StyleParamWithLocation("simple", false, "identityId", runtime.ParamLocationPath, identityId) + if err != nil { + return nil, err + } + serverURL, err := url.Parse(server) if err != nil { return nil, err } - operationPath := fmt.Sprintf("/api/v1/pam/resources/kubernetes") + operationPath := fmt.Sprintf("/api/v1/auth/universal-auth/identities/%s/client-secrets", pathParam0) if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1167,19 +2076,19 @@ func NewCreateKubernetesPamResourceRequestWithBody(server string, contentType st return req, nil } -// NewCreateRedisPamResourceRequest calls the generic CreateRedisPamResource builder with application/json body -func NewCreateRedisPamResourceRequest(server string, body CreateRedisPamResourceJSONRequestBody) (*http.Request, error) { +// NewCreateAcmeCertificateAuthorityV1Request calls the generic CreateAcmeCertificateAuthorityV1 builder with application/json body +func NewCreateAcmeCertificateAuthorityV1Request(server string, body CreateAcmeCertificateAuthorityV1JSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) - return NewCreateRedisPamResourceRequestWithBody(server, "application/json", bodyReader) + return NewCreateAcmeCertificateAuthorityV1RequestWithBody(server, "application/json", bodyReader) } -// NewCreateRedisPamResourceRequestWithBody generates requests for CreateRedisPamResource with any type of body -func NewCreateRedisPamResourceRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { +// NewCreateAcmeCertificateAuthorityV1RequestWithBody generates requests for CreateAcmeCertificateAuthorityV1 with any type of body +func NewCreateAcmeCertificateAuthorityV1RequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { var err error serverURL, err := url.Parse(server) @@ -1187,7 +2096,7 @@ func NewCreateRedisPamResourceRequestWithBody(server string, contentType string, return nil, err } - operationPath := fmt.Sprintf("/api/v1/pam/resources/redis") + operationPath := fmt.Sprintf("/api/v1/cert-manager/ca/acme") if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1207,27 +2116,34 @@ func NewCreateRedisPamResourceRequestWithBody(server string, contentType string, return req, nil } -// NewCreateProjectRequest calls the generic CreateProject builder with application/json body -func NewCreateProjectRequest(server string, body CreateProjectJSONRequestBody) (*http.Request, error) { +// NewUpdateAcmeCertificateAuthorityV1Request calls the generic UpdateAcmeCertificateAuthorityV1 builder with application/json body +func NewUpdateAcmeCertificateAuthorityV1Request(server string, id string, body UpdateAcmeCertificateAuthorityV1JSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) - return NewCreateProjectRequestWithBody(server, "application/json", bodyReader) + return NewUpdateAcmeCertificateAuthorityV1RequestWithBody(server, id, "application/json", bodyReader) } -// NewCreateProjectRequestWithBody generates requests for CreateProject with any type of body -func NewCreateProjectRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { +// NewUpdateAcmeCertificateAuthorityV1RequestWithBody generates requests for UpdateAcmeCertificateAuthorityV1 with any type of body +func NewUpdateAcmeCertificateAuthorityV1RequestWithBody(server string, id string, contentType string, body io.Reader) (*http.Request, error) { var err error + var pathParam0 string + + pathParam0, err = runtime.StyleParamWithLocation("simple", false, "id", runtime.ParamLocationPath, id) + if err != nil { + return nil, err + } + serverURL, err := url.Parse(server) if err != nil { return nil, err } - operationPath := fmt.Sprintf("/api/v1/projects") + operationPath := fmt.Sprintf("/api/v1/cert-manager/ca/acme/%s", pathParam0) if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1237,7 +2153,7 @@ func NewCreateProjectRequestWithBody(server string, contentType string, body io. return nil, err } - req, err := http.NewRequest("POST", queryURL.String(), body) + req, err := http.NewRequest("PATCH", queryURL.String(), body) if err != nil { return nil, err } @@ -1247,8 +2163,19 @@ func NewCreateProjectRequestWithBody(server string, contentType string, body io. return req, nil } -// NewGetRelaysRequest generates requests for GetRelays -func NewGetRelaysRequest(server string) (*http.Request, error) { +// NewCreateInternalCertificateAuthorityV1Request calls the generic CreateInternalCertificateAuthorityV1 builder with application/json body +func NewCreateInternalCertificateAuthorityV1Request(server string, body CreateInternalCertificateAuthorityV1JSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewCreateInternalCertificateAuthorityV1RequestWithBody(server, "application/json", bodyReader) +} + +// NewCreateInternalCertificateAuthorityV1RequestWithBody generates requests for CreateInternalCertificateAuthorityV1 with any type of body +func NewCreateInternalCertificateAuthorityV1RequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { var err error serverURL, err := url.Parse(server) @@ -1256,7 +2183,7 @@ func NewGetRelaysRequest(server string) (*http.Request, error) { return nil, err } - operationPath := fmt.Sprintf("/api/v1/relays") + operationPath := fmt.Sprintf("/api/v1/cert-manager/ca/internal") if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1266,16 +2193,29 @@ func NewGetRelaysRequest(server string) (*http.Request, error) { return nil, err } - req, err := http.NewRequest("GET", queryURL.String(), nil) + req, err := http.NewRequest("POST", queryURL.String(), body) if err != nil { return nil, err } + req.Header.Add("Content-Type", contentType) + return req, nil } -// NewListGatewaysRequest generates requests for ListGateways -func NewListGatewaysRequest(server string) (*http.Request, error) { +// NewCreateCertificatePolicyRequest calls the generic CreateCertificatePolicy builder with application/json body +func NewCreateCertificatePolicyRequest(server string, body CreateCertificatePolicyJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewCreateCertificatePolicyRequestWithBody(server, "application/json", bodyReader) +} + +// NewCreateCertificatePolicyRequestWithBody generates requests for CreateCertificatePolicy with any type of body +func NewCreateCertificatePolicyRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { var err error serverURL, err := url.Parse(server) @@ -1283,7 +2223,7 @@ func NewListGatewaysRequest(server string) (*http.Request, error) { return nil, err } - operationPath := fmt.Sprintf("/api/v2/gateways") + operationPath := fmt.Sprintf("/api/v1/cert-manager/certificate-policies") if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1293,27 +2233,29 @@ func NewListGatewaysRequest(server string) (*http.Request, error) { return nil, err } - req, err := http.NewRequest("GET", queryURL.String(), nil) + req, err := http.NewRequest("POST", queryURL.String(), body) if err != nil { return nil, err } + req.Header.Add("Content-Type", contentType) + return req, nil } -// NewSelectOrganizationV3Request calls the generic SelectOrganizationV3 builder with application/json body -func NewSelectOrganizationV3Request(server string, body SelectOrganizationV3JSONRequestBody) (*http.Request, error) { +// NewCreateCertificateProfileRequest calls the generic CreateCertificateProfile builder with application/json body +func NewCreateCertificateProfileRequest(server string, body CreateCertificateProfileJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) - return NewSelectOrganizationV3RequestWithBody(server, "application/json", bodyReader) + return NewCreateCertificateProfileRequestWithBody(server, "application/json", bodyReader) } -// NewSelectOrganizationV3RequestWithBody generates requests for SelectOrganizationV3 with any type of body -func NewSelectOrganizationV3RequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { +// NewCreateCertificateProfileRequestWithBody generates requests for CreateCertificateProfile with any type of body +func NewCreateCertificateProfileRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { var err error serverURL, err := url.Parse(server) @@ -1321,7 +2263,7 @@ func NewSelectOrganizationV3RequestWithBody(server string, contentType string, b return nil, err } - operationPath := fmt.Sprintf("/api/v3/auth/select-organization") + operationPath := fmt.Sprintf("/api/v1/cert-manager/certificate-profiles") if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1341,8 +2283,19 @@ func NewSelectOrganizationV3RequestWithBody(server string, contentType string, b return req, nil } -// NewListSecretsV4Request generates requests for ListSecretsV4 -func NewListSecretsV4Request(server string, params *ListSecretsV4Params) (*http.Request, error) { +// NewCreateMachineIdentityRequest calls the generic CreateMachineIdentity builder with application/json body +func NewCreateMachineIdentityRequest(server string, body CreateMachineIdentityJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewCreateMachineIdentityRequestWithBody(server, "application/json", bodyReader) +} + +// NewCreateMachineIdentityRequestWithBody generates requests for CreateMachineIdentity with any type of body +func NewCreateMachineIdentityRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { var err error serverURL, err := url.Parse(server) @@ -1350,7 +2303,7 @@ func NewListSecretsV4Request(server string, params *ListSecretsV4Params) (*http. return nil, err } - operationPath := fmt.Sprintf("/api/v4/secrets") + operationPath := fmt.Sprintf("/api/v1/identities") if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1360,192 +2313,37 @@ func NewListSecretsV4Request(server string, params *ListSecretsV4Params) (*http. return nil, err } - if params != nil { - queryValues := queryURL.Query() - - if params.MetadataFilter != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "metadataFilter", runtime.ParamLocationQuery, *params.MetadataFilter); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.ProjectId != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "projectId", runtime.ParamLocationQuery, *params.ProjectId); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.Environment != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "environment", runtime.ParamLocationQuery, *params.Environment); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.SecretPath != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "secretPath", runtime.ParamLocationQuery, *params.SecretPath); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.ViewSecretValue != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "viewSecretValue", runtime.ParamLocationQuery, *params.ViewSecretValue); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.ExpandSecretReferences != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "expandSecretReferences", runtime.ParamLocationQuery, *params.ExpandSecretReferences); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.Recursive != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "recursive", runtime.ParamLocationQuery, *params.Recursive); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.IncludeImports != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "include_imports", runtime.ParamLocationQuery, *params.IncludeImports); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - if params.TagSlugs != nil { - - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "tagSlugs", runtime.ParamLocationQuery, *params.TagSlugs); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) - } - } - } - - } - - queryURL.RawQuery = queryValues.Encode() - } - - req, err := http.NewRequest("GET", queryURL.String(), nil) + req, err := http.NewRequest("POST", queryURL.String(), body) if err != nil { return nil, err } + req.Header.Add("Content-Type", contentType) + return req, nil } -// NewDeleteSecretV4Request calls the generic DeleteSecretV4 builder with application/json body -func NewDeleteSecretV4Request(server string, secretName string, body DeleteSecretV4JSONRequestBody) (*http.Request, error) { +// NewCreateKubernetesPamResourceRequest calls the generic CreateKubernetesPamResource builder with application/json body +func NewCreateKubernetesPamResourceRequest(server string, body CreateKubernetesPamResourceJSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) - return NewDeleteSecretV4RequestWithBody(server, secretName, "application/json", bodyReader) + return NewCreateKubernetesPamResourceRequestWithBody(server, "application/json", bodyReader) } -// NewDeleteSecretV4RequestWithBody generates requests for DeleteSecretV4 with any type of body -func NewDeleteSecretV4RequestWithBody(server string, secretName string, contentType string, body io.Reader) (*http.Request, error) { +// NewCreateKubernetesPamResourceRequestWithBody generates requests for CreateKubernetesPamResource with any type of body +func NewCreateKubernetesPamResourceRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { var err error - var pathParam0 string - - pathParam0, err = runtime.StyleParamWithLocation("simple", false, "secretName", runtime.ParamLocationPath, secretName) - if err != nil { - return nil, err - } - serverURL, err := url.Parse(server) if err != nil { return nil, err } - operationPath := fmt.Sprintf("/api/v4/secrets/%s", pathParam0) + operationPath := fmt.Sprintf("/api/v1/pam/resources/kubernetes") if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1555,7 +2353,7 @@ func NewDeleteSecretV4RequestWithBody(server string, secretName string, contentT return nil, err } - req, err := http.NewRequest("DELETE", queryURL.String(), body) + req, err := http.NewRequest("POST", queryURL.String(), body) if err != nil { return nil, err } @@ -1565,23 +2363,190 @@ func NewDeleteSecretV4RequestWithBody(server string, secretName string, contentT return req, nil } -// NewGetSecretByNameV4Request generates requests for GetSecretByNameV4 -func NewGetSecretByNameV4Request(server string, secretName string, params *GetSecretByNameV4Params) (*http.Request, error) { - var err error - - var pathParam0 string - - pathParam0, err = runtime.StyleParamWithLocation("simple", false, "secretName", runtime.ParamLocationPath, secretName) +// NewCreateRedisPamResourceRequest calls the generic CreateRedisPamResource builder with application/json body +func NewCreateRedisPamResourceRequest(server string, body CreateRedisPamResourceJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) if err != nil { return nil, err } - + bodyReader = bytes.NewReader(buf) + return NewCreateRedisPamResourceRequestWithBody(server, "application/json", bodyReader) +} + +// NewCreateRedisPamResourceRequestWithBody generates requests for CreateRedisPamResource with any type of body +func NewCreateRedisPamResourceRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { + var err error + serverURL, err := url.Parse(server) if err != nil { return nil, err } - operationPath := fmt.Sprintf("/api/v4/secrets/%s", pathParam0) + operationPath := fmt.Sprintf("/api/v1/pam/resources/redis") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("POST", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + +// NewCreateProjectRequest calls the generic CreateProject builder with application/json body +func NewCreateProjectRequest(server string, body CreateProjectJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewCreateProjectRequestWithBody(server, "application/json", bodyReader) +} + +// NewCreateProjectRequestWithBody generates requests for CreateProject with any type of body +func NewCreateProjectRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v1/projects") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("POST", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + +// NewGetRelaysRequest generates requests for GetRelays +func NewGetRelaysRequest(server string) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v1/relays") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("GET", queryURL.String(), nil) + if err != nil { + return nil, err + } + + return req, nil +} + +// NewListGatewaysRequest generates requests for ListGateways +func NewListGatewaysRequest(server string) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v2/gateways") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("GET", queryURL.String(), nil) + if err != nil { + return nil, err + } + + return req, nil +} + +// NewSelectOrganizationV3Request calls the generic SelectOrganizationV3 builder with application/json body +func NewSelectOrganizationV3Request(server string, body SelectOrganizationV3JSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewSelectOrganizationV3RequestWithBody(server, "application/json", bodyReader) +} + +// NewSelectOrganizationV3RequestWithBody generates requests for SelectOrganizationV3 with any type of body +func NewSelectOrganizationV3RequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v3/auth/select-organization") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("POST", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + +// NewListSecretsV4Request generates requests for ListSecretsV4 +func NewListSecretsV4Request(server string, params *ListSecretsV4Params) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v4/secrets") if operationPath[0] == '/' { operationPath = "." + operationPath } @@ -1594,16 +2559,36 @@ func NewGetSecretByNameV4Request(server string, secretName string, params *GetSe if params != nil { queryValues := queryURL.Query() - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "projectId", runtime.ParamLocationQuery, params.ProjectId); err != nil { - return nil, err - } else if parsed, err := url.ParseQuery(queryFrag); err != nil { - return nil, err - } else { - for k, v := range parsed { - for _, v2 := range v { - queryValues.Add(k, v2) + if params.MetadataFilter != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "metadataFilter", runtime.ParamLocationQuery, *params.MetadataFilter); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } } } + + } + + if params.ProjectId != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "projectId", runtime.ParamLocationQuery, *params.ProjectId); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + } if params.Environment != nil { @@ -1638,9 +2623,9 @@ func NewGetSecretByNameV4Request(server string, secretName string, params *GetSe } - if params.Version != nil { + if params.ViewSecretValue != nil { - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "version", runtime.ParamLocationQuery, *params.Version); err != nil { + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "viewSecretValue", runtime.ParamLocationQuery, *params.ViewSecretValue); err != nil { return nil, err } else if parsed, err := url.ParseQuery(queryFrag); err != nil { return nil, err @@ -1654,9 +2639,9 @@ func NewGetSecretByNameV4Request(server string, secretName string, params *GetSe } - if params.Type != nil { + if params.ExpandSecretReferences != nil { - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "type", runtime.ParamLocationQuery, *params.Type); err != nil { + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "expandSecretReferences", runtime.ParamLocationQuery, *params.ExpandSecretReferences); err != nil { return nil, err } else if parsed, err := url.ParseQuery(queryFrag); err != nil { return nil, err @@ -1670,9 +2655,9 @@ func NewGetSecretByNameV4Request(server string, secretName string, params *GetSe } - if params.ViewSecretValue != nil { + if params.Recursive != nil { - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "viewSecretValue", runtime.ParamLocationQuery, *params.ViewSecretValue); err != nil { + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "recursive", runtime.ParamLocationQuery, *params.Recursive); err != nil { return nil, err } else if parsed, err := url.ParseQuery(queryFrag); err != nil { return nil, err @@ -1686,9 +2671,9 @@ func NewGetSecretByNameV4Request(server string, secretName string, params *GetSe } - if params.ExpandSecretReferences != nil { + if params.IncludePersonalOverrides != nil { - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "expandSecretReferences", runtime.ParamLocationQuery, *params.ExpandSecretReferences); err != nil { + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "includePersonalOverrides", runtime.ParamLocationQuery, *params.IncludePersonalOverrides); err != nil { return nil, err } else if parsed, err := url.ParseQuery(queryFrag); err != nil { return nil, err @@ -1704,7 +2689,23 @@ func NewGetSecretByNameV4Request(server string, secretName string, params *GetSe if params.IncludeImports != nil { - if queryFrag, err := runtime.StyleParamWithLocation("form", true, "include_imports", runtime.ParamLocationQuery, *params.IncludeImports); err != nil { + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "includeImports", runtime.ParamLocationQuery, *params.IncludeImports); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + if params.TagSlugs != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "tagSlugs", runtime.ParamLocationQuery, *params.TagSlugs); err != nil { return nil, err } else if parsed, err := url.ParseQuery(queryFrag); err != nil { return nil, err @@ -1729,19 +2730,19 @@ func NewGetSecretByNameV4Request(server string, secretName string, params *GetSe return req, nil } -// NewUpdateSecretV4Request calls the generic UpdateSecretV4 builder with application/json body -func NewUpdateSecretV4Request(server string, secretName string, body UpdateSecretV4JSONRequestBody) (*http.Request, error) { +// NewDeleteSecretV4Request calls the generic DeleteSecretV4 builder with application/json body +func NewDeleteSecretV4Request(server string, secretName string, body DeleteSecretV4JSONRequestBody) (*http.Request, error) { var bodyReader io.Reader buf, err := json.Marshal(body) if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) - return NewUpdateSecretV4RequestWithBody(server, secretName, "application/json", bodyReader) + return NewDeleteSecretV4RequestWithBody(server, secretName, "application/json", bodyReader) } -// NewUpdateSecretV4RequestWithBody generates requests for UpdateSecretV4 with any type of body -func NewUpdateSecretV4RequestWithBody(server string, secretName string, contentType string, body io.Reader) (*http.Request, error) { +// NewDeleteSecretV4RequestWithBody generates requests for DeleteSecretV4 with any type of body +func NewDeleteSecretV4RequestWithBody(server string, secretName string, contentType string, body io.Reader) (*http.Request, error) { var err error var pathParam0 string @@ -1766,7 +2767,7 @@ func NewUpdateSecretV4RequestWithBody(server string, secretName string, contentT return nil, err } - req, err := http.NewRequest("PATCH", queryURL.String(), body) + req, err := http.NewRequest("DELETE", queryURL.String(), body) if err != nil { return nil, err } @@ -1776,11 +2777,222 @@ func NewUpdateSecretV4RequestWithBody(server string, secretName string, contentT return req, nil } -// NewCreateSecretV4Request calls the generic CreateSecretV4 builder with application/json body -func NewCreateSecretV4Request(server string, secretName string, body CreateSecretV4JSONRequestBody) (*http.Request, error) { - var bodyReader io.Reader - buf, err := json.Marshal(body) - if err != nil { +// NewGetSecretByNameV4Request generates requests for GetSecretByNameV4 +func NewGetSecretByNameV4Request(server string, secretName string, params *GetSecretByNameV4Params) (*http.Request, error) { + var err error + + var pathParam0 string + + pathParam0, err = runtime.StyleParamWithLocation("simple", false, "secretName", runtime.ParamLocationPath, secretName) + if err != nil { + return nil, err + } + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v4/secrets/%s", pathParam0) + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + if params != nil { + queryValues := queryURL.Query() + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "projectId", runtime.ParamLocationQuery, params.ProjectId); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + if params.Environment != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "environment", runtime.ParamLocationQuery, *params.Environment); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + if params.SecretPath != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "secretPath", runtime.ParamLocationQuery, *params.SecretPath); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + if params.Version != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "version", runtime.ParamLocationQuery, *params.Version); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + if params.Type != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "type", runtime.ParamLocationQuery, *params.Type); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + if params.ViewSecretValue != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "viewSecretValue", runtime.ParamLocationQuery, *params.ViewSecretValue); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + if params.ExpandSecretReferences != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "expandSecretReferences", runtime.ParamLocationQuery, *params.ExpandSecretReferences); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + if params.IncludeImports != nil { + + if queryFrag, err := runtime.StyleParamWithLocation("form", true, "includeImports", runtime.ParamLocationQuery, *params.IncludeImports); err != nil { + return nil, err + } else if parsed, err := url.ParseQuery(queryFrag); err != nil { + return nil, err + } else { + for k, v := range parsed { + for _, v2 := range v { + queryValues.Add(k, v2) + } + } + } + + } + + queryURL.RawQuery = queryValues.Encode() + } + + req, err := http.NewRequest("GET", queryURL.String(), nil) + if err != nil { + return nil, err + } + + return req, nil +} + +// NewUpdateSecretV4Request calls the generic UpdateSecretV4 builder with application/json body +func NewUpdateSecretV4Request(server string, secretName string, body UpdateSecretV4JSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewUpdateSecretV4RequestWithBody(server, secretName, "application/json", bodyReader) +} + +// NewUpdateSecretV4RequestWithBody generates requests for UpdateSecretV4 with any type of body +func NewUpdateSecretV4RequestWithBody(server string, secretName string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + var pathParam0 string + + pathParam0, err = runtime.StyleParamWithLocation("simple", false, "secretName", runtime.ParamLocationPath, secretName) + if err != nil { + return nil, err + } + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/api/v4/secrets/%s", pathParam0) + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("PATCH", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + +// NewCreateSecretV4Request calls the generic CreateSecretV4 builder with application/json body +func NewCreateSecretV4Request(server string, secretName string, body CreateSecretV4JSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { return nil, err } bodyReader = bytes.NewReader(buf) @@ -1871,6 +3083,11 @@ type ClientWithResponsesInterface interface { AdminSignUpWithResponse(ctx context.Context, body AdminSignUpJSONRequestBody, reqEditors ...RequestEditorFn) (*AdminSignUpResponse, error) + // CreateCloudflareAppConnectionWithBodyWithResponse request with any body + CreateCloudflareAppConnectionWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateCloudflareAppConnectionResponse, error) + + CreateCloudflareAppConnectionWithResponse(ctx context.Context, body CreateCloudflareAppConnectionJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateCloudflareAppConnectionResponse, error) + // RefreshAuthTokenWithResponse request RefreshAuthTokenWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*RefreshAuthTokenResponse, error) @@ -1884,6 +3101,41 @@ type ClientWithResponsesInterface interface { CreateTokenAuthTokenWithResponse(ctx context.Context, identityId string, body CreateTokenAuthTokenJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateTokenAuthTokenResponse, error) + // AttachUniversalAuthWithBodyWithResponse request with any body + AttachUniversalAuthWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AttachUniversalAuthResponse, error) + + AttachUniversalAuthWithResponse(ctx context.Context, identityId string, body AttachUniversalAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*AttachUniversalAuthResponse, error) + + // CreateUniversalAuthClientSecretWithBodyWithResponse request with any body + CreateUniversalAuthClientSecretWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateUniversalAuthClientSecretResponse, error) + + CreateUniversalAuthClientSecretWithResponse(ctx context.Context, identityId string, body CreateUniversalAuthClientSecretJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateUniversalAuthClientSecretResponse, error) + + // CreateAcmeCertificateAuthorityV1WithBodyWithResponse request with any body + CreateAcmeCertificateAuthorityV1WithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateAcmeCertificateAuthorityV1Response, error) + + CreateAcmeCertificateAuthorityV1WithResponse(ctx context.Context, body CreateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*CreateAcmeCertificateAuthorityV1Response, error) + + // UpdateAcmeCertificateAuthorityV1WithBodyWithResponse request with any body + UpdateAcmeCertificateAuthorityV1WithBodyWithResponse(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateAcmeCertificateAuthorityV1Response, error) + + UpdateAcmeCertificateAuthorityV1WithResponse(ctx context.Context, id string, body UpdateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateAcmeCertificateAuthorityV1Response, error) + + // CreateInternalCertificateAuthorityV1WithBodyWithResponse request with any body + CreateInternalCertificateAuthorityV1WithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateInternalCertificateAuthorityV1Response, error) + + CreateInternalCertificateAuthorityV1WithResponse(ctx context.Context, body CreateInternalCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*CreateInternalCertificateAuthorityV1Response, error) + + // CreateCertificatePolicyWithBodyWithResponse request with any body + CreateCertificatePolicyWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateCertificatePolicyResponse, error) + + CreateCertificatePolicyWithResponse(ctx context.Context, body CreateCertificatePolicyJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateCertificatePolicyResponse, error) + + // CreateCertificateProfileWithBodyWithResponse request with any body + CreateCertificateProfileWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateCertificateProfileResponse, error) + + CreateCertificateProfileWithResponse(ctx context.Context, body CreateCertificateProfileJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateCertificateProfileResponse, error) + // CreateMachineIdentityWithBodyWithResponse request with any body CreateMachineIdentityWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateMachineIdentityResponse, error) @@ -2064,44 +3316,141 @@ func (r AdminSignUpResponse) StatusCode() int { return 0 } -type RefreshAuthTokenResponse struct { +type CreateCloudflareAppConnectionResponse struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - OrganizationId *string `json:"organizationId,omitempty"` - SubOrganizationId *string `json:"subOrganizationId,omitempty"` - Token string `json:"token"` + AppConnection CreateCloudflareAppConnection_200_AppConnection `json:"appConnection"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection500StatusCode `json:"statusCode"` + } +} +type CreateCloudflareAppConnection200AppConnection0 struct { + App CreateCloudflareAppConnection200AppConnection0App `json:"app"` + CreatedAt time.Time `json:"createdAt"` + Credentials struct { + AccountId string `json:"accountId"` + } `json:"credentials"` + CredentialsHash *string `json:"credentialsHash,omitempty"` + Description *string `json:"description"` + GatewayId *openapi_types.UUID `json:"gatewayId"` + Id openapi_types.UUID `json:"id"` + IsPlatformManagedCredentials *bool `json:"isPlatformManagedCredentials"` + Method CreateCloudflareAppConnection200AppConnection0Method `json:"method"` + Name string `json:"name"` + OrgId openapi_types.UUID `json:"orgId"` + Project *struct { + Id string `json:"id"` + Name string `json:"name"` + Slug string `json:"slug"` + Type string `json:"type"` + } `json:"project"` + ProjectId *string `json:"projectId"` + UpdatedAt time.Time `json:"updatedAt"` + Version *float32 `json:"version,omitempty"` +} +type CreateCloudflareAppConnection200AppConnection0App string +type CreateCloudflareAppConnection200AppConnection0Method string +type CreateCloudflareAppConnection_200_AppConnection struct { + union json.RawMessage +} +type CreateCloudflareAppConnection400StatusCode float32 +type CreateCloudflareAppConnection401StatusCode float32 +type CreateCloudflareAppConnection403StatusCode float32 +type CreateCloudflareAppConnection404StatusCode float32 +type CreateCloudflareAppConnection422StatusCode float32 +type CreateCloudflareAppConnection500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r CreateCloudflareAppConnectionResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r CreateCloudflareAppConnectionResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type RefreshAuthTokenResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + OrganizationId *string `json:"organizationId,omitempty"` + SubOrganizationId *string `json:"subOrganizationId,omitempty"` + Token string `json:"token"` + } + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken400StatusCode `json:"statusCode"` + } + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken401StatusCode `json:"statusCode"` + } + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` StatusCode RefreshAuthToken422StatusCode `json:"statusCode"` } JSON500 *struct { @@ -2302,75 +3651,76 @@ func (r CreateTokenAuthTokenResponse) StatusCode() int { return 0 } -type CreateMachineIdentityResponse struct { +type AttachUniversalAuthResponse struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - Identity struct { - AuthMethod *string `json:"authMethod"` - AuthMethods []string `json:"authMethods"` - CreatedAt time.Time `json:"createdAt"` - HasDeleteProtection *bool `json:"hasDeleteProtection,omitempty"` - Id openapi_types.UUID `json:"id"` - Metadata []struct { - Id string `json:"id"` - Key string `json:"key"` - Value string `json:"value"` - } `json:"metadata"` - Name string `json:"name"` - OrgId openapi_types.UUID `json:"orgId"` - ProjectId *string `json:"projectId"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"identity"` + IdentityUniversalAuth struct { + AccessTokenMaxTTL *float32 `json:"accessTokenMaxTTL,omitempty"` + AccessTokenNumUsesLimit *float32 `json:"accessTokenNumUsesLimit,omitempty"` + AccessTokenPeriod *float32 `json:"accessTokenPeriod,omitempty"` + AccessTokenTTL *float32 `json:"accessTokenTTL,omitempty"` + AccessTokenTrustedIps interface{} `json:"accessTokenTrustedIps,omitempty"` + ClientId string `json:"clientId"` + ClientSecretTrustedIps interface{} `json:"clientSecretTrustedIps,omitempty"` + CreatedAt time.Time `json:"createdAt"` + Id openapi_types.UUID `json:"id"` + IdentityId openapi_types.UUID `json:"identityId"` + LockoutCounterResetSeconds *float32 `json:"lockoutCounterResetSeconds,omitempty"` + LockoutDurationSeconds *float32 `json:"lockoutDurationSeconds,omitempty"` + LockoutEnabled *bool `json:"lockoutEnabled,omitempty"` + LockoutThreshold *float32 `json:"lockoutThreshold,omitempty"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"identityUniversalAuth"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateMachineIdentity400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateMachineIdentity401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateMachineIdentity403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateMachineIdentity404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode CreateMachineIdentity422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateMachineIdentity500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth500StatusCode `json:"statusCode"` } } -type CreateMachineIdentity400StatusCode float32 -type CreateMachineIdentity401StatusCode float32 -type CreateMachineIdentity403StatusCode float32 -type CreateMachineIdentity404StatusCode float32 -type CreateMachineIdentity422StatusCode float32 -type CreateMachineIdentity500StatusCode float32 +type AttachUniversalAuth400StatusCode float32 +type AttachUniversalAuth401StatusCode float32 +type AttachUniversalAuth403StatusCode float32 +type AttachUniversalAuth404StatusCode float32 +type AttachUniversalAuth422StatusCode float32 +type AttachUniversalAuth500StatusCode float32 // Status returns HTTPResponse.Status -func (r CreateMachineIdentityResponse) Status() string { +func (r AttachUniversalAuthResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -2378,90 +3728,79 @@ func (r CreateMachineIdentityResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r CreateMachineIdentityResponse) StatusCode() int { +func (r AttachUniversalAuthResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type CreateKubernetesPamResourceResponse struct { +type CreateUniversalAuthClientSecretResponse struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - Resource struct { - ConnectionDetails struct { - SslCertificate *string `json:"sslCertificate,omitempty"` - SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` - Url string `json:"url"` - } `json:"connectionDetails"` - CreatedAt time.Time `json:"createdAt"` - EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` - GatewayId *openapi_types.UUID `json:"gatewayId"` - Id openapi_types.UUID `json:"id"` - Name string `json:"name"` - ProjectId string `json:"projectId"` - ResourceType CreateKubernetesPamResource200ResourceResourceType `json:"resourceType"` - RotationAccountCredentials *CreateKubernetesPamResource_200_Resource_RotationAccountCredentials `json:"rotationAccountCredentials"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"resource"` + ClientSecret string `json:"clientSecret"` + ClientSecretData struct { + ClientSecretNumUses *float32 `json:"clientSecretNumUses,omitempty"` + ClientSecretNumUsesLimit *float32 `json:"clientSecretNumUsesLimit,omitempty"` + ClientSecretPrefix string `json:"clientSecretPrefix"` + ClientSecretTTL *float32 `json:"clientSecretTTL,omitempty"` + CreatedAt time.Time `json:"createdAt"` + Description string `json:"description"` + Id string `json:"id"` + IdentityUAId openapi_types.UUID `json:"identityUAId"` + IsClientSecretRevoked *bool `json:"isClientSecretRevoked,omitempty"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"clientSecretData"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateKubernetesPamResource400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateKubernetesPamResource401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateKubernetesPamResource403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateKubernetesPamResource404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode CreateKubernetesPamResource422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateKubernetesPamResource500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret500StatusCode `json:"statusCode"` } } -type CreateKubernetesPamResource200ResourceResourceType string -type CreateKubernetesPamResource200ResourceRotationAccountCredentials0 struct { - AuthMethod CreateKubernetesPamResource200ResourceRotationAccountCredentials0AuthMethod `json:"authMethod"` -} -type CreateKubernetesPamResource200ResourceRotationAccountCredentials0AuthMethod string -type CreateKubernetesPamResource_200_Resource_RotationAccountCredentials struct { - union json.RawMessage -} -type CreateKubernetesPamResource400StatusCode float32 -type CreateKubernetesPamResource401StatusCode float32 -type CreateKubernetesPamResource403StatusCode float32 -type CreateKubernetesPamResource404StatusCode float32 -type CreateKubernetesPamResource422StatusCode float32 -type CreateKubernetesPamResource500StatusCode float32 +type CreateUniversalAuthClientSecret400StatusCode float32 +type CreateUniversalAuthClientSecret401StatusCode float32 +type CreateUniversalAuthClientSecret403StatusCode float32 +type CreateUniversalAuthClientSecret404StatusCode float32 +type CreateUniversalAuthClientSecret422StatusCode float32 +type CreateUniversalAuthClientSecret500StatusCode float32 // Status returns HTTPResponse.Status -func (r CreateKubernetesPamResourceResponse) Status() string { +func (r CreateUniversalAuthClientSecretResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -2469,87 +3808,98 @@ func (r CreateKubernetesPamResourceResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r CreateKubernetesPamResourceResponse) StatusCode() int { +func (r CreateUniversalAuthClientSecretResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type CreateRedisPamResourceResponse struct { +type CreateAcmeCertificateAuthorityV1Response struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - Resource struct { - ConnectionDetails struct { - Host string `json:"host"` - Port float32 `json:"port"` - SslCertificate *string `json:"sslCertificate,omitempty"` - SslEnabled bool `json:"sslEnabled"` - SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` - } `json:"connectionDetails"` - CreatedAt time.Time `json:"createdAt"` - EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` - GatewayId *openapi_types.UUID `json:"gatewayId"` - Id openapi_types.UUID `json:"id"` - Name string `json:"name"` - ProjectId string `json:"projectId"` - ResourceType CreateRedisPamResource200ResourceResourceType `json:"resourceType"` - RotationAccountCredentials *struct { - Username *string `json:"username,omitempty"` - } `json:"rotationAccountCredentials"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"resource"` + Configuration struct { + // AccountEmail The email address for the ACME Certificate Authority. + AccountEmail string `json:"accountEmail"` + + // DirectoryUrl The directory URL for the ACME Certificate Authority. + DirectoryUrl string `json:"directoryUrl"` + + // DnsAppConnectionId The ID of the App Connection to use for creating and managing DNS TXT records required for ACME domain validation. This connection must have permissions to create and delete TXT records in your DNS provider (e.g., Route53) for the ACME challenge process. + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + // HostedZoneId The hosted zone ID for the ACME Certificate Authority. + HostedZoneId string `json:"hostedZoneId"` + + // Provider The DNS provider for the ACME Certificate Authority. + Provider CreateAcmeCertificateAuthorityV1200ConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + + // EabHmacKey The External Account Binding (EAB) HMAC key for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabHmacKey *string `json:"eabHmacKey,omitempty"` + + // EabKid The External Account Binding (EAB) Key ID for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabKid *string `json:"eabKid,omitempty"` + } `json:"configuration"` + EnableDirectIssuance *bool `json:"enableDirectIssuance,omitempty"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + Status CreateAcmeCertificateAuthorityV1200Status `json:"status"` + Type CreateAcmeCertificateAuthorityV1200Type `json:"type"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateRedisPamResource400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateRedisPamResource401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateRedisPamResource403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateRedisPamResource404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode CreateRedisPamResource422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateRedisPamResource500StatusCode `json:"statusCode"` - } -} -type CreateRedisPamResource200ResourceResourceType string -type CreateRedisPamResource400StatusCode float32 -type CreateRedisPamResource401StatusCode float32 -type CreateRedisPamResource403StatusCode float32 -type CreateRedisPamResource404StatusCode float32 -type CreateRedisPamResource422StatusCode float32 -type CreateRedisPamResource500StatusCode float32 + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1500StatusCode `json:"statusCode"` + } +} +type CreateAcmeCertificateAuthorityV1200ConfigurationDnsProviderConfigProvider string +type CreateAcmeCertificateAuthorityV1200Status string +type CreateAcmeCertificateAuthorityV1200Type string +type CreateAcmeCertificateAuthorityV1400StatusCode float32 +type CreateAcmeCertificateAuthorityV1401StatusCode float32 +type CreateAcmeCertificateAuthorityV1403StatusCode float32 +type CreateAcmeCertificateAuthorityV1404StatusCode float32 +type CreateAcmeCertificateAuthorityV1422StatusCode float32 +type CreateAcmeCertificateAuthorityV1500StatusCode float32 // Status returns HTTPResponse.Status -func (r CreateRedisPamResourceResponse) Status() string { +func (r CreateAcmeCertificateAuthorityV1Response) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -2557,93 +3907,98 @@ func (r CreateRedisPamResourceResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r CreateRedisPamResourceResponse) StatusCode() int { +func (r CreateAcmeCertificateAuthorityV1Response) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type CreateProjectResponse struct { +type UpdateAcmeCertificateAuthorityV1Response struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - Project struct { - UnderscoreId string `json:"_id"` - AuditLogsRetentionDays *float32 `json:"auditLogsRetentionDays"` - AutoCapitalization *bool `json:"autoCapitalization"` - CreatedAt time.Time `json:"createdAt"` - DefaultProduct *string `json:"defaultProduct"` - Description *string `json:"description"` - Environments []struct { - Id string `json:"id"` - Name string `json:"name"` - Slug string `json:"slug"` - } `json:"environments"` - HasDeleteProtection *bool `json:"hasDeleteProtection"` - Id string `json:"id"` - KmsCertificateKeyId *openapi_types.UUID `json:"kmsCertificateKeyId"` - Name string `json:"name"` - OrgId openapi_types.UUID `json:"orgId"` - PitVersionLimit *float32 `json:"pitVersionLimit,omitempty"` - SecretDetectionIgnoreValues *[]string `json:"secretDetectionIgnoreValues"` - SecretSharing *bool `json:"secretSharing,omitempty"` - ShowSnapshotsLegacy *bool `json:"showSnapshotsLegacy,omitempty"` - Slug string `json:"slug"` - Type string `json:"type"` - UpdatedAt time.Time `json:"updatedAt"` - UpgradeStatus *string `json:"upgradeStatus"` - Version *float32 `json:"version,omitempty"` - } `json:"project"` + Configuration struct { + // AccountEmail The email address for the ACME Certificate Authority. + AccountEmail string `json:"accountEmail"` + + // DirectoryUrl The directory URL for the ACME Certificate Authority. + DirectoryUrl string `json:"directoryUrl"` + + // DnsAppConnectionId The ID of the App Connection to use for creating and managing DNS TXT records required for ACME domain validation. This connection must have permissions to create and delete TXT records in your DNS provider (e.g., Route53) for the ACME challenge process. + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + // HostedZoneId The hosted zone ID for the ACME Certificate Authority. + HostedZoneId string `json:"hostedZoneId"` + + // Provider The DNS provider for the ACME Certificate Authority. + Provider UpdateAcmeCertificateAuthorityV1200ConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + + // EabHmacKey The External Account Binding (EAB) HMAC key for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabHmacKey *string `json:"eabHmacKey,omitempty"` + + // EabKid The External Account Binding (EAB) Key ID for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabKid *string `json:"eabKid,omitempty"` + } `json:"configuration"` + EnableDirectIssuance *bool `json:"enableDirectIssuance,omitempty"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + Status UpdateAcmeCertificateAuthorityV1200Status `json:"status"` + Type UpdateAcmeCertificateAuthorityV1200Type `json:"type"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateProject400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateProject401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateProject403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateProject404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode CreateProject422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateProject500StatusCode `json:"statusCode"` - } -} -type CreateProject400StatusCode float32 -type CreateProject401StatusCode float32 -type CreateProject403StatusCode float32 -type CreateProject404StatusCode float32 -type CreateProject422StatusCode float32 -type CreateProject500StatusCode float32 + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1500StatusCode `json:"statusCode"` + } +} +type UpdateAcmeCertificateAuthorityV1200ConfigurationDnsProviderConfigProvider string +type UpdateAcmeCertificateAuthorityV1200Status string +type UpdateAcmeCertificateAuthorityV1200Type string +type UpdateAcmeCertificateAuthorityV1400StatusCode float32 +type UpdateAcmeCertificateAuthorityV1401StatusCode float32 +type UpdateAcmeCertificateAuthorityV1403StatusCode float32 +type UpdateAcmeCertificateAuthorityV1404StatusCode float32 +type UpdateAcmeCertificateAuthorityV1422StatusCode float32 +type UpdateAcmeCertificateAuthorityV1500StatusCode float32 // Status returns HTTPResponse.Status -func (r CreateProjectResponse) Status() string { +func (r UpdateAcmeCertificateAuthorityV1Response) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -2651,75 +4006,235 @@ func (r CreateProjectResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r CreateProjectResponse) StatusCode() int { +func (r UpdateAcmeCertificateAuthorityV1Response) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type GetRelaysResponse struct { +type CreateInternalCertificateAuthorityV1Response struct { Body []byte HTTPResponse *http.Response - JSON200 *[]struct { - CreatedAt time.Time `json:"createdAt"` - HealthAlertedAt *time.Time `json:"healthAlertedAt"` - Heartbeat *time.Time `json:"heartbeat"` - Host string `json:"host"` - Id openapi_types.UUID `json:"id"` - IdentityId *openapi_types.UUID `json:"identityId"` - Name string `json:"name"` - OrgId *openapi_types.UUID `json:"orgId"` - UpdatedAt time.Time `json:"updatedAt"` + JSON200 *struct { + Configuration struct { + ActiveCaCertId *openapi_types.UUID `json:"activeCaCertId"` + + // CommonName The common name (CN) for the CA. + CommonName *string `json:"commonName,omitempty"` + + // Country The country name (C) for the CA. + Country *string `json:"country,omitempty"` + Dn *string `json:"dn"` + + // FriendlyName A friendly name for the CA. + FriendlyName *string `json:"friendlyName,omitempty"` + + // KeyAlgorithm The type of public key algorithm and size, in bits, of the key pair for the CA; when you create an intermediate CA, you must use a key algorithm supported by the parent CA. + KeyAlgorithm CreateInternalCertificateAuthorityV1200ConfigurationKeyAlgorithm `json:"keyAlgorithm"` + + // Locality The locality name for the CA. + Locality *string `json:"locality,omitempty"` + + // MaxPathLength The maximum number of intermediate CAs that may follow this CA in the certificate / CA chain. A maxPathLength of -1 implies no path limit on the chain. + MaxPathLength *float32 `json:"maxPathLength"` + + // NotAfter The date and time when the CA expires in YYYY-MM-DDTHH:mm:ss.sssZ format. + NotAfter *string `json:"notAfter,omitempty"` + + // NotBefore The date and time when the CA becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format. + NotBefore *string `json:"notBefore,omitempty"` + + // Organization The organization (O) for the CA. + Organization *string `json:"organization,omitempty"` + + // Ou The organization unit (OU) for the CA. + Ou *string `json:"ou,omitempty"` + ParentCaId *openapi_types.UUID `json:"parentCaId"` + + // Province The state of province name for the CA. + Province *string `json:"province,omitempty"` + SerialNumber *string `json:"serialNumber"` + + // Type The type of CA to create. + Type CreateInternalCertificateAuthorityV1200ConfigurationType `json:"type"` + } `json:"configuration"` + EnableDirectIssuance *bool `json:"enableDirectIssuance,omitempty"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + Status CreateInternalCertificateAuthorityV1200Status `json:"status"` + Type CreateInternalCertificateAuthorityV1200Type `json:"type"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetRelays400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetRelays401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetRelays403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetRelays404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode GetRelays422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetRelays500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1500StatusCode `json:"statusCode"` + } +} +type CreateInternalCertificateAuthorityV1200ConfigurationKeyAlgorithm string +type CreateInternalCertificateAuthorityV1200ConfigurationType string +type CreateInternalCertificateAuthorityV1200Status string +type CreateInternalCertificateAuthorityV1200Type string +type CreateInternalCertificateAuthorityV1400StatusCode float32 +type CreateInternalCertificateAuthorityV1401StatusCode float32 +type CreateInternalCertificateAuthorityV1403StatusCode float32 +type CreateInternalCertificateAuthorityV1404StatusCode float32 +type CreateInternalCertificateAuthorityV1422StatusCode float32 +type CreateInternalCertificateAuthorityV1500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r CreateInternalCertificateAuthorityV1Response) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status } + return http.StatusText(0) } -type GetRelays400StatusCode float32 -type GetRelays401StatusCode float32 -type GetRelays403StatusCode float32 -type GetRelays404StatusCode float32 -type GetRelays422StatusCode float32 -type GetRelays500StatusCode float32 + +// StatusCode returns HTTPResponse.StatusCode +func (r CreateInternalCertificateAuthorityV1Response) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type CreateCertificatePolicyResponse struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + CertificatePolicy struct { + Algorithms *struct { + KeyAlgorithm *[]string `json:"keyAlgorithm,omitempty"` + Signature *[]string `json:"signature,omitempty"` + } `json:"algorithms,omitempty"` + BasicConstraints *struct { + IsCA *CreateCertificatePolicy200CertificatePolicyBasicConstraintsIsCA `json:"isCA,omitempty"` + MaxPathLength *int `json:"maxPathLength,omitempty"` + } `json:"basicConstraints"` + CreatedAt time.Time `json:"createdAt"` + Description *string `json:"description"` + ExtendedKeyUsages *struct { + Allowed *[]CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesDenied `json:"denied,omitempty"` + Required *[]CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesRequired `json:"required,omitempty"` + } `json:"extendedKeyUsages,omitempty"` + Id openapi_types.UUID `json:"id"` + KeyUsages *struct { + Allowed *[]CreateCertificatePolicy200CertificatePolicyKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]CreateCertificatePolicy200CertificatePolicyKeyUsagesDenied `json:"denied,omitempty"` + Required *[]CreateCertificatePolicy200CertificatePolicyKeyUsagesRequired `json:"required,omitempty"` + } `json:"keyUsages,omitempty"` + Name string `json:"name"` + ProjectId openapi_types.UUID `json:"projectId"` + Sans *[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type CreateCertificatePolicy200CertificatePolicySansType `json:"type"` + } `json:"sans,omitempty"` + Subject *[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type CreateCertificatePolicy200CertificatePolicySubjectType `json:"type"` + } `json:"subject,omitempty"` + UpdatedAt time.Time `json:"updatedAt"` + Validity *struct { + Max *string `json:"max,omitempty"` + } `json:"validity,omitempty"` + } `json:"certificatePolicy"` + } + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy400StatusCode `json:"statusCode"` + } + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy401StatusCode `json:"statusCode"` + } + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy500StatusCode `json:"statusCode"` + } +} +type CreateCertificatePolicy200CertificatePolicyBasicConstraintsIsCA string +type CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesAllowed string +type CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesDenied string +type CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesRequired string +type CreateCertificatePolicy200CertificatePolicyKeyUsagesAllowed string +type CreateCertificatePolicy200CertificatePolicyKeyUsagesDenied string +type CreateCertificatePolicy200CertificatePolicyKeyUsagesRequired string +type CreateCertificatePolicy200CertificatePolicySansType string +type CreateCertificatePolicy200CertificatePolicySubjectType string +type CreateCertificatePolicy400StatusCode float32 +type CreateCertificatePolicy401StatusCode float32 +type CreateCertificatePolicy403StatusCode float32 +type CreateCertificatePolicy404StatusCode float32 +type CreateCertificatePolicy422StatusCode float32 +type CreateCertificatePolicy500StatusCode float32 // Status returns HTTPResponse.Status -func (r GetRelaysResponse) Status() string { +func (r CreateCertificatePolicyResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -2727,76 +4242,113 @@ func (r GetRelaysResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r GetRelaysResponse) StatusCode() int { +func (r CreateCertificatePolicyResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type ListGatewaysResponse struct { +type CreateCertificateProfileResponse struct { Body []byte HTTPResponse *http.Response - JSON200 *[]struct { - CreatedAt time.Time `json:"createdAt"` - Heartbeat *time.Time `json:"heartbeat"` - Id openapi_types.UUID `json:"id"` - Identity struct { - Id string `json:"id"` - Name string `json:"name"` - } `json:"identity"` - IdentityId openapi_types.UUID `json:"identityId"` - Name string `json:"name"` - UpdatedAt time.Time `json:"updatedAt"` + JSON200 *struct { + CertificateProfile struct { + AcmeConfigId *openapi_types.UUID `json:"acmeConfigId"` + ApiConfigId *openapi_types.UUID `json:"apiConfigId"` + CaId *openapi_types.UUID `json:"caId"` + CertificatePolicyId openapi_types.UUID `json:"certificatePolicyId"` + CreatedAt time.Time `json:"createdAt"` + Defaults *struct { + BasicConstraints *struct { + IsCA bool `json:"isCA"` + PathLength *float32 `json:"pathLength,omitempty"` + } `json:"basicConstraints,omitempty"` + CommonName *string `json:"commonName,omitempty"` + Country *string `json:"country,omitempty"` + ExtendedKeyUsages *[]CreateCertificateProfile200CertificateProfileDefaultsExtendedKeyUsages `json:"extendedKeyUsages,omitempty"` + KeyAlgorithm *CreateCertificateProfile200CertificateProfileDefaultsKeyAlgorithm `json:"keyAlgorithm,omitempty"` + KeyUsages *[]CreateCertificateProfile200CertificateProfileDefaultsKeyUsages `json:"keyUsages,omitempty"` + Locality *string `json:"locality,omitempty"` + Organization *string `json:"organization,omitempty"` + OrganizationalUnit *string `json:"organizationalUnit,omitempty"` + SignatureAlgorithm *CreateCertificateProfile200CertificateProfileDefaultsSignatureAlgorithm `json:"signatureAlgorithm,omitempty"` + State *string `json:"state,omitempty"` + TtlDays *float32 `json:"ttlDays,omitempty"` + } `json:"defaults"` + Description *string `json:"description"` + EnrollmentType string `json:"enrollmentType"` + EstConfigId *openapi_types.UUID `json:"estConfigId"` + ExternalConfigs *CreateCertificateProfile_200_CertificateProfile_ExternalConfigs `json:"externalConfigs"` + Id openapi_types.UUID `json:"id"` + IssuerType *string `json:"issuerType,omitempty"` + ProjectId string `json:"projectId"` + Slug string `json:"slug"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"certificateProfile"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListGateways400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListGateways401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListGateways403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListGateways404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode ListGateways422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListGateways500StatusCode `json:"statusCode"` - } + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile500StatusCode `json:"statusCode"` + } +} +type CreateCertificateProfile200CertificateProfileDefaultsExtendedKeyUsages string +type CreateCertificateProfile200CertificateProfileDefaultsKeyAlgorithm string +type CreateCertificateProfile200CertificateProfileDefaultsKeyUsages string +type CreateCertificateProfile200CertificateProfileDefaultsSignatureAlgorithm string +type CreateCertificateProfile200CertificateProfileExternalConfigs0 struct { + // Template Certificate template name for Azure AD CS + Template string `json:"template"` +} +type CreateCertificateProfile200CertificateProfileExternalConfigs1 = map[string]interface{} +type CreateCertificateProfile200CertificateProfileExternalConfigs2 = map[string]interface{} +type CreateCertificateProfile200CertificateProfileExternalConfigs3 = map[string]interface{} +type CreateCertificateProfile_200_CertificateProfile_ExternalConfigs struct { + union json.RawMessage } -type ListGateways400StatusCode float32 -type ListGateways401StatusCode float32 -type ListGateways403StatusCode float32 -type ListGateways404StatusCode float32 -type ListGateways422StatusCode float32 -type ListGateways500StatusCode float32 +type CreateCertificateProfile400StatusCode float32 +type CreateCertificateProfile401StatusCode float32 +type CreateCertificateProfile403StatusCode float32 +type CreateCertificateProfile404StatusCode float32 +type CreateCertificateProfile422StatusCode float32 +type CreateCertificateProfile500StatusCode float32 // Status returns HTTPResponse.Status -func (r ListGatewaysResponse) Status() string { +func (r CreateCertificateProfileResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -2804,69 +4356,82 @@ func (r ListGatewaysResponse) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r ListGatewaysResponse) StatusCode() int { +func (r CreateCertificateProfileResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type SelectOrganizationV3Response struct { +type CreateMachineIdentityResponse struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - IsMfaEnabled bool `json:"isMfaEnabled"` - MfaMethod *string `json:"mfaMethod,omitempty"` - Token string `json:"token"` + Identity struct { + AuthMethod *string `json:"authMethod"` + AuthMethods []string `json:"authMethods"` + CreatedAt time.Time `json:"createdAt"` + HasDeleteProtection *bool `json:"hasDeleteProtection,omitempty"` + Id openapi_types.UUID `json:"id"` + Metadata []struct { + Id string `json:"id"` + Key string `json:"key"` + Value string `json:"value"` + } `json:"metadata"` + Name string `json:"name"` + OrgId openapi_types.UUID `json:"orgId"` + ProjectId *string `json:"projectId"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"identity"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode SelectOrganizationV3400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateMachineIdentity400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode SelectOrganizationV3401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateMachineIdentity401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode SelectOrganizationV3403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateMachineIdentity403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode SelectOrganizationV3404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateMachineIdentity404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode SelectOrganizationV3422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateMachineIdentity422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode SelectOrganizationV3500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateMachineIdentity500StatusCode `json:"statusCode"` } } -type SelectOrganizationV3400StatusCode float32 -type SelectOrganizationV3401StatusCode float32 -type SelectOrganizationV3403StatusCode float32 -type SelectOrganizationV3404StatusCode float32 -type SelectOrganizationV3422StatusCode float32 -type SelectOrganizationV3500StatusCode float32 +type CreateMachineIdentity400StatusCode float32 +type CreateMachineIdentity401StatusCode float32 +type CreateMachineIdentity403StatusCode float32 +type CreateMachineIdentity404StatusCode float32 +type CreateMachineIdentity422StatusCode float32 +type CreateMachineIdentity500StatusCode float32 // Status returns HTTPResponse.Status -func (r SelectOrganizationV3Response) Status() string { +func (r CreateMachineIdentityResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -2874,136 +4439,96 @@ func (r SelectOrganizationV3Response) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r SelectOrganizationV3Response) StatusCode() int { +func (r CreateMachineIdentityResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type ListSecretsV4Response struct { +type CreateKubernetesPamResourceResponse struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - Imports *[]struct { - Environment string `json:"environment"` - FolderId *string `json:"folderId,omitempty"` - SecretPath string `json:"secretPath"` - Secrets []struct { - UnderscoreId string `json:"_id"` - Actor *struct { - ActorId *string `json:"actorId"` - ActorType *string `json:"actorType"` - GroupId *string `json:"groupId"` - MembershipId *string `json:"membershipId"` - Name *string `json:"name"` - } `json:"actor"` - Environment string `json:"environment"` - Id string `json:"id"` - IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` - RotationId *openapi_types.UUID `json:"rotationId"` - SecretComment string `json:"secretComment"` - SecretKey string `json:"secretKey"` - SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` - } `json:"secretMetadata,omitempty"` - SecretReminderNote *string `json:"secretReminderNote"` - SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` - SecretValue string `json:"secretValue"` - SecretValueHidden bool `json:"secretValueHidden"` - SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` - Type string `json:"type"` - Version float32 `json:"version"` - Workspace string `json:"workspace"` - } `json:"secrets"` - } `json:"imports,omitempty"` - Secrets []struct { - UnderscoreId string `json:"_id"` - Actor *struct { - ActorId *string `json:"actorId"` - ActorType *string `json:"actorType"` - GroupId *string `json:"groupId"` - MembershipId *string `json:"membershipId"` - Name *string `json:"name"` - } `json:"actor"` - CreatedAt time.Time `json:"createdAt"` - Environment string `json:"environment"` - Id string `json:"id"` - IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` - RotationId *openapi_types.UUID `json:"rotationId"` - SecretComment string `json:"secretComment"` - SecretKey string `json:"secretKey"` - SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` - } `json:"secretMetadata,omitempty"` - SecretPath *string `json:"secretPath,omitempty"` - SecretReminderNote *string `json:"secretReminderNote"` - SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` - SecretValue string `json:"secretValue"` - SecretValueHidden bool `json:"secretValueHidden"` - SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` - Tags *[]struct { - Color *string `json:"color"` + Resource struct { + AdServerResourceId *openapi_types.UUID `json:"adServerResourceId"` + ConnectionDetails struct { + SslCertificate *string `json:"sslCertificate,omitempty"` + SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` + Url string `json:"url"` + } `json:"connectionDetails"` + CreatedAt time.Time `json:"createdAt"` + EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` + GatewayId *openapi_types.UUID `json:"gatewayId"` + Id openapi_types.UUID `json:"id"` + Metadata *[]struct { Id openapi_types.UUID `json:"id"` - Name string `json:"name"` - Slug string `json:"slug"` - } `json:"tags,omitempty"` - Type string `json:"type"` - UpdatedAt time.Time `json:"updatedAt"` - Version float32 `json:"version"` - Workspace string `json:"workspace"` - } `json:"secrets"` + Key string `json:"key"` + Value *string `json:"value"` + } `json:"metadata,omitempty"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + ResourceType CreateKubernetesPamResource200ResourceResourceType `json:"resourceType"` + RotationAccountCredentials *CreateKubernetesPamResource_200_Resource_RotationAccountCredentials `json:"rotationAccountCredentials"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"resource"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListSecretsV4400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateKubernetesPamResource400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListSecretsV4401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateKubernetesPamResource401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListSecretsV4403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateKubernetesPamResource403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListSecretsV4404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateKubernetesPamResource404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode ListSecretsV4422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateKubernetesPamResource422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode ListSecretsV4500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateKubernetesPamResource500StatusCode `json:"statusCode"` } } -type ListSecretsV4400StatusCode float32 -type ListSecretsV4401StatusCode float32 -type ListSecretsV4403StatusCode float32 -type ListSecretsV4404StatusCode float32 -type ListSecretsV4422StatusCode float32 -type ListSecretsV4500StatusCode float32 +type CreateKubernetesPamResource200ResourceResourceType string +type CreateKubernetesPamResource200ResourceRotationAccountCredentials0 struct { + AuthMethod CreateKubernetesPamResource200ResourceRotationAccountCredentials0AuthMethod `json:"authMethod"` +} +type CreateKubernetesPamResource200ResourceRotationAccountCredentials0AuthMethod string +type CreateKubernetesPamResource_200_Resource_RotationAccountCredentials struct { + union json.RawMessage +} +type CreateKubernetesPamResource400StatusCode float32 +type CreateKubernetesPamResource401StatusCode float32 +type CreateKubernetesPamResource403StatusCode float32 +type CreateKubernetesPamResource404StatusCode float32 +type CreateKubernetesPamResource422StatusCode float32 +type CreateKubernetesPamResource500StatusCode float32 // Status returns HTTPResponse.Status -func (r ListSecretsV4Response) Status() string { +func (r CreateKubernetesPamResourceResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -3011,216 +4536,188 @@ func (r ListSecretsV4Response) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r ListSecretsV4Response) StatusCode() int { +func (r CreateKubernetesPamResourceResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type DeleteSecretV4Response struct { +type CreateRedisPamResourceResponse struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - union json.RawMessage + Resource struct { + AdServerResourceId *openapi_types.UUID `json:"adServerResourceId"` + ConnectionDetails struct { + Host string `json:"host"` + Port float32 `json:"port"` + SslCertificate *string `json:"sslCertificate,omitempty"` + SslEnabled bool `json:"sslEnabled"` + SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` + } `json:"connectionDetails"` + CreatedAt time.Time `json:"createdAt"` + EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` + GatewayId *openapi_types.UUID `json:"gatewayId"` + Id openapi_types.UUID `json:"id"` + Metadata *[]struct { + Id openapi_types.UUID `json:"id"` + Key string `json:"key"` + Value *string `json:"value"` + } `json:"metadata,omitempty"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + ResourceType CreateRedisPamResource200ResourceResourceType `json:"resourceType"` + RotationAccountCredentials *struct { + Username *string `json:"username,omitempty"` + } `json:"rotationAccountCredentials"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"resource"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode DeleteSecretV4400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateRedisPamResource400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode DeleteSecretV4401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateRedisPamResource401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode DeleteSecretV4403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateRedisPamResource403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode DeleteSecretV4404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateRedisPamResource404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode DeleteSecretV4422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateRedisPamResource422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode DeleteSecretV4500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateRedisPamResource500StatusCode `json:"statusCode"` } } -type DeleteSecretV42000 struct { - Secret struct { - UnderscoreId string `json:"_id"` - Actor *struct { - ActorId *string `json:"actorId"` - ActorType *string `json:"actorType"` - GroupId *string `json:"groupId"` - MembershipId *string `json:"membershipId"` - Name *string `json:"name"` - } `json:"actor"` - CreatedAt time.Time `json:"createdAt"` - Environment string `json:"environment"` - Id string `json:"id"` - IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` - RotationId *openapi_types.UUID `json:"rotationId"` - SecretComment string `json:"secretComment"` - SecretKey string `json:"secretKey"` - SecretReminderNote *string `json:"secretReminderNote"` - SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` - SecretValue string `json:"secretValue"` - SecretValueHidden bool `json:"secretValueHidden"` - SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` - Type string `json:"type"` - UpdatedAt time.Time `json:"updatedAt"` - Version float32 `json:"version"` - Workspace string `json:"workspace"` - } `json:"secret"` -} -type DeleteSecretV42001 struct { - Approval struct { - BypassReason *string `json:"bypassReason"` - CommitterUserId *openapi_types.UUID `json:"committerUserId"` - Conflicts interface{} `json:"conflicts"` - CreatedAt time.Time `json:"createdAt"` - FolderId openapi_types.UUID `json:"folderId"` - HasMerged *bool `json:"hasMerged,omitempty"` - Id openapi_types.UUID `json:"id"` - IsReplicated *bool `json:"isReplicated"` - PolicyId openapi_types.UUID `json:"policyId"` - Slug string `json:"slug"` - Status *string `json:"status,omitempty"` - StatusChangedByUserId *openapi_types.UUID `json:"statusChangedByUserId"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"approval"` -} -type DeleteSecretV4400StatusCode float32 -type DeleteSecretV4401StatusCode float32 -type DeleteSecretV4403StatusCode float32 -type DeleteSecretV4404StatusCode float32 -type DeleteSecretV4422StatusCode float32 -type DeleteSecretV4500StatusCode float32 - -// Status returns HTTPResponse.Status -func (r DeleteSecretV4Response) Status() string { - if r.HTTPResponse != nil { - return r.HTTPResponse.Status - } - return http.StatusText(0) +type CreateRedisPamResource200ResourceResourceType string +type CreateRedisPamResource400StatusCode float32 +type CreateRedisPamResource401StatusCode float32 +type CreateRedisPamResource403StatusCode float32 +type CreateRedisPamResource404StatusCode float32 +type CreateRedisPamResource422StatusCode float32 +type CreateRedisPamResource500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r CreateRedisPamResourceResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) } // StatusCode returns HTTPResponse.StatusCode -func (r DeleteSecretV4Response) StatusCode() int { +func (r CreateRedisPamResourceResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type GetSecretByNameV4Response struct { +type CreateProjectResponse struct { Body []byte HTTPResponse *http.Response JSON200 *struct { - Secret struct { - UnderscoreId string `json:"_id"` - Actor *struct { - ActorId *string `json:"actorId"` - ActorType *string `json:"actorType"` - GroupId *string `json:"groupId"` - MembershipId *string `json:"membershipId"` - Name *string `json:"name"` - } `json:"actor"` - CreatedAt time.Time `json:"createdAt"` - Environment string `json:"environment"` - Id string `json:"id"` - IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` - RotationId *openapi_types.UUID `json:"rotationId"` - SecretComment string `json:"secretComment"` - SecretKey string `json:"secretKey"` - SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` - } `json:"secretMetadata,omitempty"` - SecretPath string `json:"secretPath"` - SecretReminderNote *string `json:"secretReminderNote"` - SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` - SecretValue string `json:"secretValue"` - SecretValueHidden bool `json:"secretValueHidden"` - SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` - Tags *[]struct { - Color *string `json:"color"` - Id openapi_types.UUID `json:"id"` - Name string `json:"name"` - Slug string `json:"slug"` - } `json:"tags,omitempty"` - Type string `json:"type"` - UpdatedAt time.Time `json:"updatedAt"` - Version float32 `json:"version"` - Workspace string `json:"workspace"` - } `json:"secret"` + Project struct { + UnderscoreId string `json:"_id"` + AuditLogsRetentionDays *float32 `json:"auditLogsRetentionDays"` + AutoCapitalization *bool `json:"autoCapitalization"` + CreatedAt time.Time `json:"createdAt"` + DefaultProduct *string `json:"defaultProduct"` + Description *string `json:"description"` + EnforceEncryptedSecretManagerSecretMetadata *bool `json:"enforceEncryptedSecretManagerSecretMetadata"` + Environments []struct { + Id string `json:"id"` + Name string `json:"name"` + Slug string `json:"slug"` + } `json:"environments"` + HasDeleteProtection *bool `json:"hasDeleteProtection"` + Id string `json:"id"` + KmsCertificateKeyId *openapi_types.UUID `json:"kmsCertificateKeyId"` + Name string `json:"name"` + OrgId openapi_types.UUID `json:"orgId"` + PitVersionLimit *float32 `json:"pitVersionLimit,omitempty"` + SecretDetectionIgnoreValues *[]string `json:"secretDetectionIgnoreValues"` + SecretSharing *bool `json:"secretSharing,omitempty"` + ShowSnapshotsLegacy *bool `json:"showSnapshotsLegacy,omitempty"` + Slug string `json:"slug"` + Type string `json:"type"` + UpdatedAt time.Time `json:"updatedAt"` + UpgradeStatus *string `json:"upgradeStatus"` + Version *float32 `json:"version,omitempty"` + } `json:"project"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetSecretByNameV4400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateProject400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetSecretByNameV4401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateProject401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetSecretByNameV4403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateProject403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetSecretByNameV4404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateProject404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode GetSecretByNameV4422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateProject422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode GetSecretByNameV4500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateProject500StatusCode `json:"statusCode"` } } -type GetSecretByNameV4400StatusCode float32 -type GetSecretByNameV4401StatusCode float32 -type GetSecretByNameV4403StatusCode float32 -type GetSecretByNameV4404StatusCode float32 -type GetSecretByNameV4422StatusCode float32 -type GetSecretByNameV4500StatusCode float32 +type CreateProject400StatusCode float32 +type CreateProject401StatusCode float32 +type CreateProject403StatusCode float32 +type CreateProject404StatusCode float32 +type CreateProject422StatusCode float32 +type CreateProject500StatusCode float32 // Status returns HTTPResponse.Status -func (r GetSecretByNameV4Response) Status() string { +func (r CreateProjectResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -3228,112 +4725,75 @@ func (r GetSecretByNameV4Response) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r GetSecretByNameV4Response) StatusCode() int { +func (r CreateProjectResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type UpdateSecretV4Response struct { +type GetRelaysResponse struct { Body []byte HTTPResponse *http.Response - JSON200 *struct { - union json.RawMessage + JSON200 *[]struct { + CreatedAt time.Time `json:"createdAt"` + HealthAlertedAt *time.Time `json:"healthAlertedAt"` + Heartbeat *time.Time `json:"heartbeat"` + Host string `json:"host"` + Id openapi_types.UUID `json:"id"` + IdentityId *openapi_types.UUID `json:"identityId"` + Name string `json:"name"` + OrgId *openapi_types.UUID `json:"orgId"` + UpdatedAt time.Time `json:"updatedAt"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode UpdateSecretV4400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetRelays400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode UpdateSecretV4401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetRelays401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode UpdateSecretV4403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetRelays403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode UpdateSecretV4404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetRelays404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode UpdateSecretV4422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode GetRelays422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode UpdateSecretV4500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetRelays500StatusCode `json:"statusCode"` } } -type UpdateSecretV42000 struct { - Secret struct { - UnderscoreId string `json:"_id"` - Actor *struct { - ActorId *string `json:"actorId"` - ActorType *string `json:"actorType"` - GroupId *string `json:"groupId"` - MembershipId *string `json:"membershipId"` - Name *string `json:"name"` - } `json:"actor"` - CreatedAt time.Time `json:"createdAt"` - Environment string `json:"environment"` - Id string `json:"id"` - IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` - RotationId *openapi_types.UUID `json:"rotationId"` - SecretComment string `json:"secretComment"` - SecretKey string `json:"secretKey"` - SecretReminderNote *string `json:"secretReminderNote"` - SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` - SecretValue string `json:"secretValue"` - SecretValueHidden bool `json:"secretValueHidden"` - SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` - Type string `json:"type"` - UpdatedAt time.Time `json:"updatedAt"` - Version float32 `json:"version"` - Workspace string `json:"workspace"` - } `json:"secret"` -} -type UpdateSecretV42001 struct { - Approval struct { - BypassReason *string `json:"bypassReason"` - CommitterUserId *openapi_types.UUID `json:"committerUserId"` - Conflicts interface{} `json:"conflicts"` - CreatedAt time.Time `json:"createdAt"` - FolderId openapi_types.UUID `json:"folderId"` - HasMerged *bool `json:"hasMerged,omitempty"` - Id openapi_types.UUID `json:"id"` - IsReplicated *bool `json:"isReplicated"` - PolicyId openapi_types.UUID `json:"policyId"` - Slug string `json:"slug"` - Status *string `json:"status,omitempty"` - StatusChangedByUserId *openapi_types.UUID `json:"statusChangedByUserId"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"approval"` -} -type UpdateSecretV4400StatusCode float32 -type UpdateSecretV4401StatusCode float32 -type UpdateSecretV4403StatusCode float32 -type UpdateSecretV4404StatusCode float32 -type UpdateSecretV4422StatusCode float32 -type UpdateSecretV4500StatusCode float32 +type GetRelays400StatusCode float32 +type GetRelays401StatusCode float32 +type GetRelays403StatusCode float32 +type GetRelays404StatusCode float32 +type GetRelays422StatusCode float32 +type GetRelays500StatusCode float32 // Status returns HTTPResponse.Status -func (r UpdateSecretV4Response) Status() string { +func (r GetRelaysResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -3341,111 +4801,76 @@ func (r UpdateSecretV4Response) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r UpdateSecretV4Response) StatusCode() int { +func (r GetRelaysResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -type CreateSecretV4Response struct { +type ListGatewaysResponse struct { Body []byte HTTPResponse *http.Response - JSON200 *struct { - union json.RawMessage + JSON200 *[]struct { + CreatedAt time.Time `json:"createdAt"` + Heartbeat *time.Time `json:"heartbeat"` + Id openapi_types.UUID `json:"id"` + Identity struct { + Id string `json:"id"` + Name string `json:"name"` + } `json:"identity"` + IdentityId openapi_types.UUID `json:"identityId"` + Name string `json:"name"` + UpdatedAt time.Time `json:"updatedAt"` } JSON400 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateSecretV4400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListGateways400StatusCode `json:"statusCode"` } JSON401 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateSecretV4401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListGateways401StatusCode `json:"statusCode"` } JSON403 *struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateSecretV4403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListGateways403StatusCode `json:"statusCode"` } JSON404 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateSecretV4404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListGateways404StatusCode `json:"statusCode"` } JSON422 *struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode CreateSecretV4422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode ListGateways422StatusCode `json:"statusCode"` } JSON500 *struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateSecretV4500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListGateways500StatusCode `json:"statusCode"` } } -type CreateSecretV42000 struct { - Secret struct { - UnderscoreId string `json:"_id"` - Actor *struct { - ActorId *string `json:"actorId"` - ActorType *string `json:"actorType"` - GroupId *string `json:"groupId"` - MembershipId *string `json:"membershipId"` - Name *string `json:"name"` - } `json:"actor"` - CreatedAt time.Time `json:"createdAt"` - Environment string `json:"environment"` - Id string `json:"id"` - IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` - RotationId *openapi_types.UUID `json:"rotationId"` - SecretComment string `json:"secretComment"` - SecretKey string `json:"secretKey"` - SecretReminderNote *string `json:"secretReminderNote"` - SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` - SecretValue string `json:"secretValue"` - SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` - Type string `json:"type"` - UpdatedAt time.Time `json:"updatedAt"` - Version float32 `json:"version"` - Workspace string `json:"workspace"` - } `json:"secret"` -} -type CreateSecretV42001 struct { - Approval struct { - BypassReason *string `json:"bypassReason"` - CommitterUserId *openapi_types.UUID `json:"committerUserId"` - Conflicts interface{} `json:"conflicts"` - CreatedAt time.Time `json:"createdAt"` - FolderId openapi_types.UUID `json:"folderId"` - HasMerged *bool `json:"hasMerged,omitempty"` - Id openapi_types.UUID `json:"id"` - IsReplicated *bool `json:"isReplicated"` - PolicyId openapi_types.UUID `json:"policyId"` - Slug string `json:"slug"` - Status *string `json:"status,omitempty"` - StatusChangedByUserId *openapi_types.UUID `json:"statusChangedByUserId"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"approval"` -} -type CreateSecretV4400StatusCode float32 -type CreateSecretV4401StatusCode float32 -type CreateSecretV4403StatusCode float32 -type CreateSecretV4404StatusCode float32 -type CreateSecretV4422StatusCode float32 -type CreateSecretV4500StatusCode float32 +type ListGateways400StatusCode float32 +type ListGateways401StatusCode float32 +type ListGateways403StatusCode float32 +type ListGateways404StatusCode float32 +type ListGateways422StatusCode float32 +type ListGateways500StatusCode float32 // Status returns HTTPResponse.Status -func (r CreateSecretV4Response) Status() string { +func (r ListGatewaysResponse) Status() string { if r.HTTPResponse != nil { return r.HTTPResponse.Status } @@ -3453,254 +4878,2006 @@ func (r CreateSecretV4Response) Status() string { } // StatusCode returns HTTPResponse.StatusCode -func (r CreateSecretV4Response) StatusCode() int { +func (r ListGatewaysResponse) StatusCode() int { if r.HTTPResponse != nil { return r.HTTPResponse.StatusCode } return 0 } -// AdminSignUpWithBodyWithResponse request with arbitrary body returning *AdminSignUpResponse -func (c *ClientWithResponses) AdminSignUpWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AdminSignUpResponse, error) { - rsp, err := c.AdminSignUpWithBody(ctx, contentType, body, reqEditors...) - if err != nil { - return nil, err +type SelectOrganizationV3Response struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + IsMfaEnabled bool `json:"isMfaEnabled"` + MfaMethod *string `json:"mfaMethod,omitempty"` + Token string `json:"token"` } - return ParseAdminSignUpResponse(rsp) -} - -func (c *ClientWithResponses) AdminSignUpWithResponse(ctx context.Context, body AdminSignUpJSONRequestBody, reqEditors ...RequestEditorFn) (*AdminSignUpResponse, error) { - rsp, err := c.AdminSignUp(ctx, body, reqEditors...) - if err != nil { - return nil, err + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode SelectOrganizationV3400StatusCode `json:"statusCode"` } - return ParseAdminSignUpResponse(rsp) -} - -// RefreshAuthTokenWithResponse request returning *RefreshAuthTokenResponse -func (c *ClientWithResponses) RefreshAuthTokenWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*RefreshAuthTokenResponse, error) { - rsp, err := c.RefreshAuthToken(ctx, reqEditors...) - if err != nil { - return nil, err + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode SelectOrganizationV3401StatusCode `json:"statusCode"` } - return ParseRefreshAuthTokenResponse(rsp) -} - -// AttachTokenAuthWithBodyWithResponse request with arbitrary body returning *AttachTokenAuthResponse -func (c *ClientWithResponses) AttachTokenAuthWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AttachTokenAuthResponse, error) { - rsp, err := c.AttachTokenAuthWithBody(ctx, identityId, contentType, body, reqEditors...) - if err != nil { - return nil, err + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode SelectOrganizationV3403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode SelectOrganizationV3404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode SelectOrganizationV3422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode SelectOrganizationV3500StatusCode `json:"statusCode"` } - return ParseAttachTokenAuthResponse(rsp) } +type SelectOrganizationV3400StatusCode float32 +type SelectOrganizationV3401StatusCode float32 +type SelectOrganizationV3403StatusCode float32 +type SelectOrganizationV3404StatusCode float32 +type SelectOrganizationV3422StatusCode float32 +type SelectOrganizationV3500StatusCode float32 -func (c *ClientWithResponses) AttachTokenAuthWithResponse(ctx context.Context, identityId string, body AttachTokenAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*AttachTokenAuthResponse, error) { - rsp, err := c.AttachTokenAuth(ctx, identityId, body, reqEditors...) - if err != nil { - return nil, err +// Status returns HTTPResponse.Status +func (r SelectOrganizationV3Response) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status } - return ParseAttachTokenAuthResponse(rsp) + return http.StatusText(0) } -// CreateTokenAuthTokenWithBodyWithResponse request with arbitrary body returning *CreateTokenAuthTokenResponse -func (c *ClientWithResponses) CreateTokenAuthTokenWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateTokenAuthTokenResponse, error) { - rsp, err := c.CreateTokenAuthTokenWithBody(ctx, identityId, contentType, body, reqEditors...) - if err != nil { - return nil, err +// StatusCode returns HTTPResponse.StatusCode +func (r SelectOrganizationV3Response) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode } - return ParseCreateTokenAuthTokenResponse(rsp) + return 0 } -func (c *ClientWithResponses) CreateTokenAuthTokenWithResponse(ctx context.Context, identityId string, body CreateTokenAuthTokenJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateTokenAuthTokenResponse, error) { - rsp, err := c.CreateTokenAuthToken(ctx, identityId, body, reqEditors...) - if err != nil { - return nil, err - } +type ListSecretsV4Response struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + Imports *[]struct { + Environment string `json:"environment"` + FolderId *string `json:"folderId,omitempty"` + SecretPath string `json:"secretPath"` + Secrets []struct { + UnderscoreId string `json:"_id"` + Actor *struct { + ActorId *string `json:"actorId"` + ActorType *string `json:"actorType"` + GroupId *string `json:"groupId"` + MembershipId *string `json:"membershipId"` + Name *string `json:"name"` + } `json:"actor"` + Environment string `json:"environment"` + Id string `json:"id"` + IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` + RotationId *openapi_types.UUID `json:"rotationId"` + SecretComment string `json:"secretComment"` + SecretKey string `json:"secretKey"` + SecretMetadata *[]struct { + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` + } `json:"secretMetadata,omitempty"` + SecretReminderNote *string `json:"secretReminderNote"` + SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` + SecretValue string `json:"secretValue"` + SecretValueHidden bool `json:"secretValueHidden"` + SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` + Type string `json:"type"` + Version float32 `json:"version"` + Workspace string `json:"workspace"` + } `json:"secrets"` + } `json:"imports,omitempty"` + Secrets []struct { + UnderscoreId string `json:"_id"` + Actor *struct { + ActorId *string `json:"actorId"` + ActorType *string `json:"actorType"` + GroupId *string `json:"groupId"` + MembershipId *string `json:"membershipId"` + Name *string `json:"name"` + } `json:"actor"` + CreatedAt time.Time `json:"createdAt"` + Environment string `json:"environment"` + Id string `json:"id"` + IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` + RotationId *openapi_types.UUID `json:"rotationId"` + SecretComment string `json:"secretComment"` + SecretKey string `json:"secretKey"` + SecretMetadata *[]struct { + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` + } `json:"secretMetadata,omitempty"` + SecretPath *string `json:"secretPath,omitempty"` + SecretReminderNote *string `json:"secretReminderNote"` + SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` + SecretValue string `json:"secretValue"` + SecretValueHidden bool `json:"secretValueHidden"` + SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` + Tags *[]struct { + Color *string `json:"color"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + Slug string `json:"slug"` + } `json:"tags,omitempty"` + Type string `json:"type"` + UpdatedAt time.Time `json:"updatedAt"` + Version float32 `json:"version"` + Workspace string `json:"workspace"` + } `json:"secrets"` + } + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListSecretsV4400StatusCode `json:"statusCode"` + } + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListSecretsV4401StatusCode `json:"statusCode"` + } + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListSecretsV4403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListSecretsV4404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode ListSecretsV4422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode ListSecretsV4500StatusCode `json:"statusCode"` + } +} +type ListSecretsV4400StatusCode float32 +type ListSecretsV4401StatusCode float32 +type ListSecretsV4403StatusCode float32 +type ListSecretsV4404StatusCode float32 +type ListSecretsV4422StatusCode float32 +type ListSecretsV4500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r ListSecretsV4Response) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r ListSecretsV4Response) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type DeleteSecretV4Response struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + union json.RawMessage + } + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode DeleteSecretV4400StatusCode `json:"statusCode"` + } + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode DeleteSecretV4401StatusCode `json:"statusCode"` + } + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode DeleteSecretV4403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode DeleteSecretV4404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode DeleteSecretV4422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode DeleteSecretV4500StatusCode `json:"statusCode"` + } +} +type DeleteSecretV42000 struct { + Secret struct { + UnderscoreId string `json:"_id"` + Actor *struct { + ActorId *string `json:"actorId"` + ActorType *string `json:"actorType"` + GroupId *string `json:"groupId"` + MembershipId *string `json:"membershipId"` + Name *string `json:"name"` + } `json:"actor"` + CreatedAt time.Time `json:"createdAt"` + Environment string `json:"environment"` + Id string `json:"id"` + IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` + RotationId *openapi_types.UUID `json:"rotationId"` + SecretComment string `json:"secretComment"` + SecretKey string `json:"secretKey"` + SecretReminderNote *string `json:"secretReminderNote"` + SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` + SecretValue string `json:"secretValue"` + SecretValueHidden bool `json:"secretValueHidden"` + SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` + Type string `json:"type"` + UpdatedAt time.Time `json:"updatedAt"` + Version float32 `json:"version"` + Workspace string `json:"workspace"` + } `json:"secret"` +} +type DeleteSecretV42001 struct { + Approval struct { + BypassReason *string `json:"bypassReason"` + CommitterUserId *openapi_types.UUID `json:"committerUserId"` + Conflicts interface{} `json:"conflicts"` + CreatedAt time.Time `json:"createdAt"` + FolderId openapi_types.UUID `json:"folderId"` + HasMerged *bool `json:"hasMerged,omitempty"` + Id openapi_types.UUID `json:"id"` + IsReplicated *bool `json:"isReplicated"` + PolicyId openapi_types.UUID `json:"policyId"` + Slug string `json:"slug"` + Status *string `json:"status,omitempty"` + StatusChangedByUserId *openapi_types.UUID `json:"statusChangedByUserId"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"approval"` +} +type DeleteSecretV4400StatusCode float32 +type DeleteSecretV4401StatusCode float32 +type DeleteSecretV4403StatusCode float32 +type DeleteSecretV4404StatusCode float32 +type DeleteSecretV4422StatusCode float32 +type DeleteSecretV4500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r DeleteSecretV4Response) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r DeleteSecretV4Response) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type GetSecretByNameV4Response struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + Secret struct { + UnderscoreId string `json:"_id"` + Actor *struct { + ActorId *string `json:"actorId"` + ActorType *string `json:"actorType"` + GroupId *string `json:"groupId"` + MembershipId *string `json:"membershipId"` + Name *string `json:"name"` + } `json:"actor"` + CreatedAt time.Time `json:"createdAt"` + Environment string `json:"environment"` + Id string `json:"id"` + IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` + RotationId *openapi_types.UUID `json:"rotationId"` + SecretComment string `json:"secretComment"` + SecretKey string `json:"secretKey"` + SecretMetadata *[]struct { + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` + } `json:"secretMetadata,omitempty"` + SecretPath string `json:"secretPath"` + SecretReminderNote *string `json:"secretReminderNote"` + SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` + SecretValue string `json:"secretValue"` + SecretValueHidden bool `json:"secretValueHidden"` + SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` + Tags *[]struct { + Color *string `json:"color"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + Slug string `json:"slug"` + } `json:"tags,omitempty"` + Type string `json:"type"` + UpdatedAt time.Time `json:"updatedAt"` + Version float32 `json:"version"` + Workspace string `json:"workspace"` + } `json:"secret"` + } + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetSecretByNameV4400StatusCode `json:"statusCode"` + } + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetSecretByNameV4401StatusCode `json:"statusCode"` + } + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetSecretByNameV4403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetSecretByNameV4404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode GetSecretByNameV4422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode GetSecretByNameV4500StatusCode `json:"statusCode"` + } +} +type GetSecretByNameV4400StatusCode float32 +type GetSecretByNameV4401StatusCode float32 +type GetSecretByNameV4403StatusCode float32 +type GetSecretByNameV4404StatusCode float32 +type GetSecretByNameV4422StatusCode float32 +type GetSecretByNameV4500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r GetSecretByNameV4Response) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r GetSecretByNameV4Response) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type UpdateSecretV4Response struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + union json.RawMessage + } + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateSecretV4400StatusCode `json:"statusCode"` + } + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateSecretV4401StatusCode `json:"statusCode"` + } + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateSecretV4403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateSecretV4404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode UpdateSecretV4422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateSecretV4500StatusCode `json:"statusCode"` + } +} +type UpdateSecretV42000 struct { + Secret struct { + UnderscoreId string `json:"_id"` + Actor *struct { + ActorId *string `json:"actorId"` + ActorType *string `json:"actorType"` + GroupId *string `json:"groupId"` + MembershipId *string `json:"membershipId"` + Name *string `json:"name"` + } `json:"actor"` + CreatedAt time.Time `json:"createdAt"` + Environment string `json:"environment"` + Id string `json:"id"` + IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` + RotationId *openapi_types.UUID `json:"rotationId"` + SecretComment string `json:"secretComment"` + SecretKey string `json:"secretKey"` + SecretReminderNote *string `json:"secretReminderNote"` + SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` + SecretValue string `json:"secretValue"` + SecretValueHidden bool `json:"secretValueHidden"` + SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` + Type string `json:"type"` + UpdatedAt time.Time `json:"updatedAt"` + Version float32 `json:"version"` + Workspace string `json:"workspace"` + } `json:"secret"` +} +type UpdateSecretV42001 struct { + Approval struct { + BypassReason *string `json:"bypassReason"` + CommitterUserId *openapi_types.UUID `json:"committerUserId"` + Conflicts interface{} `json:"conflicts"` + CreatedAt time.Time `json:"createdAt"` + FolderId openapi_types.UUID `json:"folderId"` + HasMerged *bool `json:"hasMerged,omitempty"` + Id openapi_types.UUID `json:"id"` + IsReplicated *bool `json:"isReplicated"` + PolicyId openapi_types.UUID `json:"policyId"` + Slug string `json:"slug"` + Status *string `json:"status,omitempty"` + StatusChangedByUserId *openapi_types.UUID `json:"statusChangedByUserId"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"approval"` +} +type UpdateSecretV4400StatusCode float32 +type UpdateSecretV4401StatusCode float32 +type UpdateSecretV4403StatusCode float32 +type UpdateSecretV4404StatusCode float32 +type UpdateSecretV4422StatusCode float32 +type UpdateSecretV4500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r UpdateSecretV4Response) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r UpdateSecretV4Response) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +type CreateSecretV4Response struct { + Body []byte + HTTPResponse *http.Response + JSON200 *struct { + union json.RawMessage + } + JSON400 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateSecretV4400StatusCode `json:"statusCode"` + } + JSON401 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateSecretV4401StatusCode `json:"statusCode"` + } + JSON403 *struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateSecretV4403StatusCode `json:"statusCode"` + } + JSON404 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateSecretV4404StatusCode `json:"statusCode"` + } + JSON422 *struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateSecretV4422StatusCode `json:"statusCode"` + } + JSON500 *struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateSecretV4500StatusCode `json:"statusCode"` + } +} +type CreateSecretV42000 struct { + Secret struct { + UnderscoreId string `json:"_id"` + Actor *struct { + ActorId *string `json:"actorId"` + ActorType *string `json:"actorType"` + GroupId *string `json:"groupId"` + MembershipId *string `json:"membershipId"` + Name *string `json:"name"` + } `json:"actor"` + CreatedAt time.Time `json:"createdAt"` + Environment string `json:"environment"` + Id string `json:"id"` + IsRotatedSecret *bool `json:"isRotatedSecret,omitempty"` + RotationId *openapi_types.UUID `json:"rotationId"` + SecretComment string `json:"secretComment"` + SecretKey string `json:"secretKey"` + SecretReminderNote *string `json:"secretReminderNote"` + SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` + SecretValue string `json:"secretValue"` + SkipMultilineEncoding *bool `json:"skipMultilineEncoding"` + Type string `json:"type"` + UpdatedAt time.Time `json:"updatedAt"` + Version float32 `json:"version"` + Workspace string `json:"workspace"` + } `json:"secret"` +} +type CreateSecretV42001 struct { + Approval struct { + BypassReason *string `json:"bypassReason"` + CommitterUserId *openapi_types.UUID `json:"committerUserId"` + Conflicts interface{} `json:"conflicts"` + CreatedAt time.Time `json:"createdAt"` + FolderId openapi_types.UUID `json:"folderId"` + HasMerged *bool `json:"hasMerged,omitempty"` + Id openapi_types.UUID `json:"id"` + IsReplicated *bool `json:"isReplicated"` + PolicyId openapi_types.UUID `json:"policyId"` + Slug string `json:"slug"` + Status *string `json:"status,omitempty"` + StatusChangedByUserId *openapi_types.UUID `json:"statusChangedByUserId"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"approval"` +} +type CreateSecretV4400StatusCode float32 +type CreateSecretV4401StatusCode float32 +type CreateSecretV4403StatusCode float32 +type CreateSecretV4404StatusCode float32 +type CreateSecretV4422StatusCode float32 +type CreateSecretV4500StatusCode float32 + +// Status returns HTTPResponse.Status +func (r CreateSecretV4Response) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r CreateSecretV4Response) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + +// AdminSignUpWithBodyWithResponse request with arbitrary body returning *AdminSignUpResponse +func (c *ClientWithResponses) AdminSignUpWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AdminSignUpResponse, error) { + rsp, err := c.AdminSignUpWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseAdminSignUpResponse(rsp) +} + +func (c *ClientWithResponses) AdminSignUpWithResponse(ctx context.Context, body AdminSignUpJSONRequestBody, reqEditors ...RequestEditorFn) (*AdminSignUpResponse, error) { + rsp, err := c.AdminSignUp(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseAdminSignUpResponse(rsp) +} + +// CreateCloudflareAppConnectionWithBodyWithResponse request with arbitrary body returning *CreateCloudflareAppConnectionResponse +func (c *ClientWithResponses) CreateCloudflareAppConnectionWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateCloudflareAppConnectionResponse, error) { + rsp, err := c.CreateCloudflareAppConnectionWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateCloudflareAppConnectionResponse(rsp) +} + +func (c *ClientWithResponses) CreateCloudflareAppConnectionWithResponse(ctx context.Context, body CreateCloudflareAppConnectionJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateCloudflareAppConnectionResponse, error) { + rsp, err := c.CreateCloudflareAppConnection(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateCloudflareAppConnectionResponse(rsp) +} + +// RefreshAuthTokenWithResponse request returning *RefreshAuthTokenResponse +func (c *ClientWithResponses) RefreshAuthTokenWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*RefreshAuthTokenResponse, error) { + rsp, err := c.RefreshAuthToken(ctx, reqEditors...) + if err != nil { + return nil, err + } + return ParseRefreshAuthTokenResponse(rsp) +} + +// AttachTokenAuthWithBodyWithResponse request with arbitrary body returning *AttachTokenAuthResponse +func (c *ClientWithResponses) AttachTokenAuthWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AttachTokenAuthResponse, error) { + rsp, err := c.AttachTokenAuthWithBody(ctx, identityId, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseAttachTokenAuthResponse(rsp) +} + +func (c *ClientWithResponses) AttachTokenAuthWithResponse(ctx context.Context, identityId string, body AttachTokenAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*AttachTokenAuthResponse, error) { + rsp, err := c.AttachTokenAuth(ctx, identityId, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseAttachTokenAuthResponse(rsp) +} + +// CreateTokenAuthTokenWithBodyWithResponse request with arbitrary body returning *CreateTokenAuthTokenResponse +func (c *ClientWithResponses) CreateTokenAuthTokenWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateTokenAuthTokenResponse, error) { + rsp, err := c.CreateTokenAuthTokenWithBody(ctx, identityId, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateTokenAuthTokenResponse(rsp) +} + +func (c *ClientWithResponses) CreateTokenAuthTokenWithResponse(ctx context.Context, identityId string, body CreateTokenAuthTokenJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateTokenAuthTokenResponse, error) { + rsp, err := c.CreateTokenAuthToken(ctx, identityId, body, reqEditors...) + if err != nil { + return nil, err + } return ParseCreateTokenAuthTokenResponse(rsp) } -// CreateMachineIdentityWithBodyWithResponse request with arbitrary body returning *CreateMachineIdentityResponse -func (c *ClientWithResponses) CreateMachineIdentityWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateMachineIdentityResponse, error) { - rsp, err := c.CreateMachineIdentityWithBody(ctx, contentType, body, reqEditors...) - if err != nil { - return nil, err +// AttachUniversalAuthWithBodyWithResponse request with arbitrary body returning *AttachUniversalAuthResponse +func (c *ClientWithResponses) AttachUniversalAuthWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*AttachUniversalAuthResponse, error) { + rsp, err := c.AttachUniversalAuthWithBody(ctx, identityId, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseAttachUniversalAuthResponse(rsp) +} + +func (c *ClientWithResponses) AttachUniversalAuthWithResponse(ctx context.Context, identityId string, body AttachUniversalAuthJSONRequestBody, reqEditors ...RequestEditorFn) (*AttachUniversalAuthResponse, error) { + rsp, err := c.AttachUniversalAuth(ctx, identityId, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseAttachUniversalAuthResponse(rsp) +} + +// CreateUniversalAuthClientSecretWithBodyWithResponse request with arbitrary body returning *CreateUniversalAuthClientSecretResponse +func (c *ClientWithResponses) CreateUniversalAuthClientSecretWithBodyWithResponse(ctx context.Context, identityId string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateUniversalAuthClientSecretResponse, error) { + rsp, err := c.CreateUniversalAuthClientSecretWithBody(ctx, identityId, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateUniversalAuthClientSecretResponse(rsp) +} + +func (c *ClientWithResponses) CreateUniversalAuthClientSecretWithResponse(ctx context.Context, identityId string, body CreateUniversalAuthClientSecretJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateUniversalAuthClientSecretResponse, error) { + rsp, err := c.CreateUniversalAuthClientSecret(ctx, identityId, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateUniversalAuthClientSecretResponse(rsp) +} + +// CreateAcmeCertificateAuthorityV1WithBodyWithResponse request with arbitrary body returning *CreateAcmeCertificateAuthorityV1Response +func (c *ClientWithResponses) CreateAcmeCertificateAuthorityV1WithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateAcmeCertificateAuthorityV1Response, error) { + rsp, err := c.CreateAcmeCertificateAuthorityV1WithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateAcmeCertificateAuthorityV1Response(rsp) +} + +func (c *ClientWithResponses) CreateAcmeCertificateAuthorityV1WithResponse(ctx context.Context, body CreateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*CreateAcmeCertificateAuthorityV1Response, error) { + rsp, err := c.CreateAcmeCertificateAuthorityV1(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateAcmeCertificateAuthorityV1Response(rsp) +} + +// UpdateAcmeCertificateAuthorityV1WithBodyWithResponse request with arbitrary body returning *UpdateAcmeCertificateAuthorityV1Response +func (c *ClientWithResponses) UpdateAcmeCertificateAuthorityV1WithBodyWithResponse(ctx context.Context, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateAcmeCertificateAuthorityV1Response, error) { + rsp, err := c.UpdateAcmeCertificateAuthorityV1WithBody(ctx, id, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseUpdateAcmeCertificateAuthorityV1Response(rsp) +} + +func (c *ClientWithResponses) UpdateAcmeCertificateAuthorityV1WithResponse(ctx context.Context, id string, body UpdateAcmeCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateAcmeCertificateAuthorityV1Response, error) { + rsp, err := c.UpdateAcmeCertificateAuthorityV1(ctx, id, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseUpdateAcmeCertificateAuthorityV1Response(rsp) +} + +// CreateInternalCertificateAuthorityV1WithBodyWithResponse request with arbitrary body returning *CreateInternalCertificateAuthorityV1Response +func (c *ClientWithResponses) CreateInternalCertificateAuthorityV1WithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateInternalCertificateAuthorityV1Response, error) { + rsp, err := c.CreateInternalCertificateAuthorityV1WithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateInternalCertificateAuthorityV1Response(rsp) +} + +func (c *ClientWithResponses) CreateInternalCertificateAuthorityV1WithResponse(ctx context.Context, body CreateInternalCertificateAuthorityV1JSONRequestBody, reqEditors ...RequestEditorFn) (*CreateInternalCertificateAuthorityV1Response, error) { + rsp, err := c.CreateInternalCertificateAuthorityV1(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateInternalCertificateAuthorityV1Response(rsp) +} + +// CreateCertificatePolicyWithBodyWithResponse request with arbitrary body returning *CreateCertificatePolicyResponse +func (c *ClientWithResponses) CreateCertificatePolicyWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateCertificatePolicyResponse, error) { + rsp, err := c.CreateCertificatePolicyWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateCertificatePolicyResponse(rsp) +} + +func (c *ClientWithResponses) CreateCertificatePolicyWithResponse(ctx context.Context, body CreateCertificatePolicyJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateCertificatePolicyResponse, error) { + rsp, err := c.CreateCertificatePolicy(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateCertificatePolicyResponse(rsp) +} + +// CreateCertificateProfileWithBodyWithResponse request with arbitrary body returning *CreateCertificateProfileResponse +func (c *ClientWithResponses) CreateCertificateProfileWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateCertificateProfileResponse, error) { + rsp, err := c.CreateCertificateProfileWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateCertificateProfileResponse(rsp) +} + +func (c *ClientWithResponses) CreateCertificateProfileWithResponse(ctx context.Context, body CreateCertificateProfileJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateCertificateProfileResponse, error) { + rsp, err := c.CreateCertificateProfile(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateCertificateProfileResponse(rsp) +} + +// CreateMachineIdentityWithBodyWithResponse request with arbitrary body returning *CreateMachineIdentityResponse +func (c *ClientWithResponses) CreateMachineIdentityWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateMachineIdentityResponse, error) { + rsp, err := c.CreateMachineIdentityWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateMachineIdentityResponse(rsp) +} + +func (c *ClientWithResponses) CreateMachineIdentityWithResponse(ctx context.Context, body CreateMachineIdentityJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateMachineIdentityResponse, error) { + rsp, err := c.CreateMachineIdentity(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateMachineIdentityResponse(rsp) +} + +// CreateKubernetesPamResourceWithBodyWithResponse request with arbitrary body returning *CreateKubernetesPamResourceResponse +func (c *ClientWithResponses) CreateKubernetesPamResourceWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateKubernetesPamResourceResponse, error) { + rsp, err := c.CreateKubernetesPamResourceWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateKubernetesPamResourceResponse(rsp) +} + +func (c *ClientWithResponses) CreateKubernetesPamResourceWithResponse(ctx context.Context, body CreateKubernetesPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateKubernetesPamResourceResponse, error) { + rsp, err := c.CreateKubernetesPamResource(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateKubernetesPamResourceResponse(rsp) +} + +// CreateRedisPamResourceWithBodyWithResponse request with arbitrary body returning *CreateRedisPamResourceResponse +func (c *ClientWithResponses) CreateRedisPamResourceWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateRedisPamResourceResponse, error) { + rsp, err := c.CreateRedisPamResourceWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateRedisPamResourceResponse(rsp) +} + +func (c *ClientWithResponses) CreateRedisPamResourceWithResponse(ctx context.Context, body CreateRedisPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateRedisPamResourceResponse, error) { + rsp, err := c.CreateRedisPamResource(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateRedisPamResourceResponse(rsp) +} + +// CreateProjectWithBodyWithResponse request with arbitrary body returning *CreateProjectResponse +func (c *ClientWithResponses) CreateProjectWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateProjectResponse, error) { + rsp, err := c.CreateProjectWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateProjectResponse(rsp) +} + +func (c *ClientWithResponses) CreateProjectWithResponse(ctx context.Context, body CreateProjectJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateProjectResponse, error) { + rsp, err := c.CreateProject(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateProjectResponse(rsp) +} + +// GetRelaysWithResponse request returning *GetRelaysResponse +func (c *ClientWithResponses) GetRelaysWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*GetRelaysResponse, error) { + rsp, err := c.GetRelays(ctx, reqEditors...) + if err != nil { + return nil, err + } + return ParseGetRelaysResponse(rsp) +} + +// ListGatewaysWithResponse request returning *ListGatewaysResponse +func (c *ClientWithResponses) ListGatewaysWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*ListGatewaysResponse, error) { + rsp, err := c.ListGateways(ctx, reqEditors...) + if err != nil { + return nil, err + } + return ParseListGatewaysResponse(rsp) +} + +// SelectOrganizationV3WithBodyWithResponse request with arbitrary body returning *SelectOrganizationV3Response +func (c *ClientWithResponses) SelectOrganizationV3WithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*SelectOrganizationV3Response, error) { + rsp, err := c.SelectOrganizationV3WithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseSelectOrganizationV3Response(rsp) +} + +func (c *ClientWithResponses) SelectOrganizationV3WithResponse(ctx context.Context, body SelectOrganizationV3JSONRequestBody, reqEditors ...RequestEditorFn) (*SelectOrganizationV3Response, error) { + rsp, err := c.SelectOrganizationV3(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseSelectOrganizationV3Response(rsp) +} + +// ListSecretsV4WithResponse request returning *ListSecretsV4Response +func (c *ClientWithResponses) ListSecretsV4WithResponse(ctx context.Context, params *ListSecretsV4Params, reqEditors ...RequestEditorFn) (*ListSecretsV4Response, error) { + rsp, err := c.ListSecretsV4(ctx, params, reqEditors...) + if err != nil { + return nil, err + } + return ParseListSecretsV4Response(rsp) +} + +// DeleteSecretV4WithBodyWithResponse request with arbitrary body returning *DeleteSecretV4Response +func (c *ClientWithResponses) DeleteSecretV4WithBodyWithResponse(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*DeleteSecretV4Response, error) { + rsp, err := c.DeleteSecretV4WithBody(ctx, secretName, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseDeleteSecretV4Response(rsp) +} + +func (c *ClientWithResponses) DeleteSecretV4WithResponse(ctx context.Context, secretName string, body DeleteSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*DeleteSecretV4Response, error) { + rsp, err := c.DeleteSecretV4(ctx, secretName, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseDeleteSecretV4Response(rsp) +} + +// GetSecretByNameV4WithResponse request returning *GetSecretByNameV4Response +func (c *ClientWithResponses) GetSecretByNameV4WithResponse(ctx context.Context, secretName string, params *GetSecretByNameV4Params, reqEditors ...RequestEditorFn) (*GetSecretByNameV4Response, error) { + rsp, err := c.GetSecretByNameV4(ctx, secretName, params, reqEditors...) + if err != nil { + return nil, err + } + return ParseGetSecretByNameV4Response(rsp) +} + +// UpdateSecretV4WithBodyWithResponse request with arbitrary body returning *UpdateSecretV4Response +func (c *ClientWithResponses) UpdateSecretV4WithBodyWithResponse(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateSecretV4Response, error) { + rsp, err := c.UpdateSecretV4WithBody(ctx, secretName, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseUpdateSecretV4Response(rsp) +} + +func (c *ClientWithResponses) UpdateSecretV4WithResponse(ctx context.Context, secretName string, body UpdateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateSecretV4Response, error) { + rsp, err := c.UpdateSecretV4(ctx, secretName, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseUpdateSecretV4Response(rsp) +} + +// CreateSecretV4WithBodyWithResponse request with arbitrary body returning *CreateSecretV4Response +func (c *ClientWithResponses) CreateSecretV4WithBodyWithResponse(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateSecretV4Response, error) { + rsp, err := c.CreateSecretV4WithBody(ctx, secretName, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateSecretV4Response(rsp) +} + +func (c *ClientWithResponses) CreateSecretV4WithResponse(ctx context.Context, secretName string, body CreateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*CreateSecretV4Response, error) { + rsp, err := c.CreateSecretV4(ctx, secretName, body, reqEditors...) + if err != nil { + return nil, err + } + return ParseCreateSecretV4Response(rsp) +} + +// ParseAdminSignUpResponse parses an HTTP response from a AdminSignUpWithResponse call +func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &AdminSignUpResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + Message string `json:"message"` + New string `json:"new"` + Organization struct { + AllowSecretSharingOutsideOrganization *bool `json:"allowSecretSharingOutsideOrganization"` + AuthEnforced *bool `json:"authEnforced"` + BlockDuplicateSecretSyncDestinations *bool `json:"blockDuplicateSecretSyncDestinations,omitempty"` + BypassOrgAuthEnabled *bool `json:"bypassOrgAuthEnabled,omitempty"` + CreatedAt time.Time `json:"createdAt"` + CustomerId *string `json:"customerId"` + DefaultMembershipRole *string `json:"defaultMembershipRole,omitempty"` + EnforceMfa *bool `json:"enforceMfa,omitempty"` + GoogleSsoAuthEnforced *bool `json:"googleSsoAuthEnforced,omitempty"` + GoogleSsoAuthLastUsed *time.Time `json:"googleSsoAuthLastUsed"` + Id openapi_types.UUID `json:"id"` + KmsDefaultKeyId *openapi_types.UUID `json:"kmsDefaultKeyId"` + KmsEncryptedDataKey interface{} `json:"kmsEncryptedDataKey"` + KmsProductEnabled *bool `json:"kmsProductEnabled"` + MaxSharedSecretLifetime *float32 `json:"maxSharedSecretLifetime"` + MaxSharedSecretViewLimit *float32 `json:"maxSharedSecretViewLimit"` + Name string `json:"name"` + ParentOrgId *openapi_types.UUID `json:"parentOrgId"` + PkiProductEnabled *bool `json:"pkiProductEnabled"` + PrivilegeUpgradeInitiatedAt *time.Time `json:"privilegeUpgradeInitiatedAt"` + PrivilegeUpgradeInitiatedByUsername *string `json:"privilegeUpgradeInitiatedByUsername"` + RootOrgId *openapi_types.UUID `json:"rootOrgId"` + ScannerProductEnabled *bool `json:"scannerProductEnabled"` + ScimEnabled *bool `json:"scimEnabled"` + SecretShareBrandConfig interface{} `json:"secretShareBrandConfig"` + SecretsProductEnabled *bool `json:"secretsProductEnabled"` + SelectedMfaMethod *string `json:"selectedMfaMethod"` + ShareSecretsProductEnabled *bool `json:"shareSecretsProductEnabled"` + ShouldUseNewPrivilegeSystem *bool `json:"shouldUseNewPrivilegeSystem,omitempty"` + Slug string `json:"slug"` + SshProductEnabled *bool `json:"sshProductEnabled"` + UpdatedAt time.Time `json:"updatedAt"` + UserTokenExpiration *string `json:"userTokenExpiration"` + } `json:"organization"` + Token string `json:"token"` + User struct { + AuthMethods *[]string `json:"authMethods"` + ConsecutiveFailedMfaAttempts *float32 `json:"consecutiveFailedMfaAttempts"` + ConsecutiveFailedPasswordAttempts *float32 `json:"consecutiveFailedPasswordAttempts"` + CreatedAt time.Time `json:"createdAt"` + Devices interface{} `json:"devices"` + Email *string `json:"email"` + FirstName *string `json:"firstName"` + Id openapi_types.UUID `json:"id"` + IsAccepted *bool `json:"isAccepted"` + IsEmailVerified *bool `json:"isEmailVerified"` + IsGhost *bool `json:"isGhost,omitempty"` + IsLocked *bool `json:"isLocked"` + IsMfaEnabled *bool `json:"isMfaEnabled"` + LastName *string `json:"lastName"` + MfaMethods *[]string `json:"mfaMethods"` + SelectedMfaMethod *string `json:"selectedMfaMethod"` + SuperAdmin *bool `json:"superAdmin"` + TemporaryLockDateEnd *time.Time `json:"temporaryLockDateEnd"` + UpdatedAt time.Time `json:"updatedAt"` + Username string `json:"username"` + } `json:"user"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AdminSignUp400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AdminSignUp401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AdminSignUp403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AdminSignUp404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode AdminSignUp422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AdminSignUp500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + } + + return response, nil +} + +// ParseCreateCloudflareAppConnectionResponse parses an HTTP response from a CreateCloudflareAppConnectionWithResponse call +func ParseCreateCloudflareAppConnectionResponse(rsp *http.Response) (*CreateCloudflareAppConnectionResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &CreateCloudflareAppConnectionResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + AppConnection CreateCloudflareAppConnection_200_AppConnection `json:"appConnection"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCloudflareAppConnection500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + } + + return response, nil +} + +// ParseRefreshAuthTokenResponse parses an HTTP response from a RefreshAuthTokenWithResponse call +func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &RefreshAuthTokenResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + OrganizationId *string `json:"organizationId,omitempty"` + SubOrganizationId *string `json:"subOrganizationId,omitempty"` + Token string `json:"token"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode RefreshAuthToken500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + } - return ParseCreateMachineIdentityResponse(rsp) + + return response, nil } -func (c *ClientWithResponses) CreateMachineIdentityWithResponse(ctx context.Context, body CreateMachineIdentityJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateMachineIdentityResponse, error) { - rsp, err := c.CreateMachineIdentity(ctx, body, reqEditors...) +// ParseAttachTokenAuthResponse parses an HTTP response from a AttachTokenAuthWithResponse call +func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - return ParseCreateMachineIdentityResponse(rsp) -} -// CreateKubernetesPamResourceWithBodyWithResponse request with arbitrary body returning *CreateKubernetesPamResourceResponse -func (c *ClientWithResponses) CreateKubernetesPamResourceWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateKubernetesPamResourceResponse, error) { - rsp, err := c.CreateKubernetesPamResourceWithBody(ctx, contentType, body, reqEditors...) - if err != nil { - return nil, err + response := &AttachTokenAuthResponse{ + Body: bodyBytes, + HTTPResponse: rsp, } - return ParseCreateKubernetesPamResourceResponse(rsp) -} -func (c *ClientWithResponses) CreateKubernetesPamResourceWithResponse(ctx context.Context, body CreateKubernetesPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateKubernetesPamResourceResponse, error) { - rsp, err := c.CreateKubernetesPamResource(ctx, body, reqEditors...) - if err != nil { - return nil, err + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + IdentityTokenAuth struct { + AccessTokenMaxTTL *float32 `json:"accessTokenMaxTTL,omitempty"` + AccessTokenNumUsesLimit *float32 `json:"accessTokenNumUsesLimit,omitempty"` + AccessTokenPeriod *float32 `json:"accessTokenPeriod,omitempty"` + AccessTokenTTL *float32 `json:"accessTokenTTL,omitempty"` + AccessTokenTrustedIps interface{} `json:"accessTokenTrustedIps,omitempty"` + CreatedAt time.Time `json:"createdAt"` + Id openapi_types.UUID `json:"id"` + IdentityId openapi_types.UUID `json:"identityId"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"identityTokenAuth"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachTokenAuth400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachTokenAuth401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachTokenAuth403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachTokenAuth404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode AttachTokenAuth422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachTokenAuth500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + } - return ParseCreateKubernetesPamResourceResponse(rsp) + + return response, nil } -// CreateRedisPamResourceWithBodyWithResponse request with arbitrary body returning *CreateRedisPamResourceResponse -func (c *ClientWithResponses) CreateRedisPamResourceWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateRedisPamResourceResponse, error) { - rsp, err := c.CreateRedisPamResourceWithBody(ctx, contentType, body, reqEditors...) +// ParseCreateTokenAuthTokenResponse parses an HTTP response from a CreateTokenAuthTokenWithResponse call +func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthTokenResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - return ParseCreateRedisPamResourceResponse(rsp) -} -func (c *ClientWithResponses) CreateRedisPamResourceWithResponse(ctx context.Context, body CreateRedisPamResourceJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateRedisPamResourceResponse, error) { - rsp, err := c.CreateRedisPamResource(ctx, body, reqEditors...) - if err != nil { - return nil, err + response := &CreateTokenAuthTokenResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + AccessToken string `json:"accessToken"` + AccessTokenMaxTTL float32 `json:"accessTokenMaxTTL"` + ExpiresIn float32 `json:"expiresIn"` + TokenData struct { + AccessTokenLastRenewedAt *time.Time `json:"accessTokenLastRenewedAt"` + AccessTokenLastUsedAt *time.Time `json:"accessTokenLastUsedAt"` + AccessTokenMaxTTL *float32 `json:"accessTokenMaxTTL,omitempty"` + AccessTokenNumUses *float32 `json:"accessTokenNumUses,omitempty"` + AccessTokenNumUsesLimit *float32 `json:"accessTokenNumUsesLimit,omitempty"` + AccessTokenPeriod *float32 `json:"accessTokenPeriod,omitempty"` + AccessTokenTTL *float32 `json:"accessTokenTTL,omitempty"` + AuthMethod string `json:"authMethod"` + CreatedAt time.Time `json:"createdAt"` + Id string `json:"id"` + IdentityId openapi_types.UUID `json:"identityId"` + IdentityUAClientSecretId *string `json:"identityUAClientSecretId"` + IsAccessTokenRevoked *bool `json:"isAccessTokenRevoked,omitempty"` + Name *string `json:"name"` + SubOrganizationId *openapi_types.UUID `json:"subOrganizationId"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"tokenData"` + TokenType CreateTokenAuthToken200TokenType `json:"tokenType"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateTokenAuthToken400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateTokenAuthToken401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateTokenAuthToken403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateTokenAuthToken404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateTokenAuthToken422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateTokenAuthToken500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + } - return ParseCreateRedisPamResourceResponse(rsp) -} -// CreateProjectWithBodyWithResponse request with arbitrary body returning *CreateProjectResponse -func (c *ClientWithResponses) CreateProjectWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateProjectResponse, error) { - rsp, err := c.CreateProjectWithBody(ctx, contentType, body, reqEditors...) - if err != nil { - return nil, err - } - return ParseCreateProjectResponse(rsp) + return response, nil } -func (c *ClientWithResponses) CreateProjectWithResponse(ctx context.Context, body CreateProjectJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateProjectResponse, error) { - rsp, err := c.CreateProject(ctx, body, reqEditors...) +// ParseAttachUniversalAuthResponse parses an HTTP response from a AttachUniversalAuthWithResponse call +func ParseAttachUniversalAuthResponse(rsp *http.Response) (*AttachUniversalAuthResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - return ParseCreateProjectResponse(rsp) -} -// GetRelaysWithResponse request returning *GetRelaysResponse -func (c *ClientWithResponses) GetRelaysWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*GetRelaysResponse, error) { - rsp, err := c.GetRelays(ctx, reqEditors...) - if err != nil { - return nil, err + response := &AttachUniversalAuthResponse{ + Body: bodyBytes, + HTTPResponse: rsp, } - return ParseGetRelaysResponse(rsp) -} -// ListGatewaysWithResponse request returning *ListGatewaysResponse -func (c *ClientWithResponses) ListGatewaysWithResponse(ctx context.Context, reqEditors ...RequestEditorFn) (*ListGatewaysResponse, error) { - rsp, err := c.ListGateways(ctx, reqEditors...) - if err != nil { - return nil, err - } - return ParseListGatewaysResponse(rsp) -} + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + IdentityUniversalAuth struct { + AccessTokenMaxTTL *float32 `json:"accessTokenMaxTTL,omitempty"` + AccessTokenNumUsesLimit *float32 `json:"accessTokenNumUsesLimit,omitempty"` + AccessTokenPeriod *float32 `json:"accessTokenPeriod,omitempty"` + AccessTokenTTL *float32 `json:"accessTokenTTL,omitempty"` + AccessTokenTrustedIps interface{} `json:"accessTokenTrustedIps,omitempty"` + ClientId string `json:"clientId"` + ClientSecretTrustedIps interface{} `json:"clientSecretTrustedIps,omitempty"` + CreatedAt time.Time `json:"createdAt"` + Id openapi_types.UUID `json:"id"` + IdentityId openapi_types.UUID `json:"identityId"` + LockoutCounterResetSeconds *float32 `json:"lockoutCounterResetSeconds,omitempty"` + LockoutDurationSeconds *float32 `json:"lockoutDurationSeconds,omitempty"` + LockoutEnabled *bool `json:"lockoutEnabled,omitempty"` + LockoutThreshold *float32 `json:"lockoutThreshold,omitempty"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"identityUniversalAuth"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest -// SelectOrganizationV3WithBodyWithResponse request with arbitrary body returning *SelectOrganizationV3Response -func (c *ClientWithResponses) SelectOrganizationV3WithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*SelectOrganizationV3Response, error) { - rsp, err := c.SelectOrganizationV3WithBody(ctx, contentType, body, reqEditors...) - if err != nil { - return nil, err - } - return ParseSelectOrganizationV3Response(rsp) -} + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode AttachUniversalAuth500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest -func (c *ClientWithResponses) SelectOrganizationV3WithResponse(ctx context.Context, body SelectOrganizationV3JSONRequestBody, reqEditors ...RequestEditorFn) (*SelectOrganizationV3Response, error) { - rsp, err := c.SelectOrganizationV3(ctx, body, reqEditors...) - if err != nil { - return nil, err } - return ParseSelectOrganizationV3Response(rsp) + + return response, nil } -// ListSecretsV4WithResponse request returning *ListSecretsV4Response -func (c *ClientWithResponses) ListSecretsV4WithResponse(ctx context.Context, params *ListSecretsV4Params, reqEditors ...RequestEditorFn) (*ListSecretsV4Response, error) { - rsp, err := c.ListSecretsV4(ctx, params, reqEditors...) +// ParseCreateUniversalAuthClientSecretResponse parses an HTTP response from a CreateUniversalAuthClientSecretWithResponse call +func ParseCreateUniversalAuthClientSecretResponse(rsp *http.Response) (*CreateUniversalAuthClientSecretResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - return ParseListSecretsV4Response(rsp) -} -// DeleteSecretV4WithBodyWithResponse request with arbitrary body returning *DeleteSecretV4Response -func (c *ClientWithResponses) DeleteSecretV4WithBodyWithResponse(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*DeleteSecretV4Response, error) { - rsp, err := c.DeleteSecretV4WithBody(ctx, secretName, contentType, body, reqEditors...) - if err != nil { - return nil, err + response := &CreateUniversalAuthClientSecretResponse{ + Body: bodyBytes, + HTTPResponse: rsp, } - return ParseDeleteSecretV4Response(rsp) -} -func (c *ClientWithResponses) DeleteSecretV4WithResponse(ctx context.Context, secretName string, body DeleteSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*DeleteSecretV4Response, error) { - rsp, err := c.DeleteSecretV4(ctx, secretName, body, reqEditors...) - if err != nil { - return nil, err + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + ClientSecret string `json:"clientSecret"` + ClientSecretData struct { + ClientSecretNumUses *float32 `json:"clientSecretNumUses,omitempty"` + ClientSecretNumUsesLimit *float32 `json:"clientSecretNumUsesLimit,omitempty"` + ClientSecretPrefix string `json:"clientSecretPrefix"` + ClientSecretTTL *float32 `json:"clientSecretTTL,omitempty"` + CreatedAt time.Time `json:"createdAt"` + Description string `json:"description"` + Id string `json:"id"` + IdentityUAId openapi_types.UUID `json:"identityUAId"` + IsClientSecretRevoked *bool `json:"isClientSecretRevoked,omitempty"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"clientSecretData"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateUniversalAuthClientSecret500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + } - return ParseDeleteSecretV4Response(rsp) + + return response, nil } -// GetSecretByNameV4WithResponse request returning *GetSecretByNameV4Response -func (c *ClientWithResponses) GetSecretByNameV4WithResponse(ctx context.Context, secretName string, params *GetSecretByNameV4Params, reqEditors ...RequestEditorFn) (*GetSecretByNameV4Response, error) { - rsp, err := c.GetSecretByNameV4(ctx, secretName, params, reqEditors...) +// ParseCreateAcmeCertificateAuthorityV1Response parses an HTTP response from a CreateAcmeCertificateAuthorityV1WithResponse call +func ParseCreateAcmeCertificateAuthorityV1Response(rsp *http.Response) (*CreateAcmeCertificateAuthorityV1Response, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - return ParseGetSecretByNameV4Response(rsp) -} -// UpdateSecretV4WithBodyWithResponse request with arbitrary body returning *UpdateSecretV4Response -func (c *ClientWithResponses) UpdateSecretV4WithBodyWithResponse(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateSecretV4Response, error) { - rsp, err := c.UpdateSecretV4WithBody(ctx, secretName, contentType, body, reqEditors...) - if err != nil { - return nil, err + response := &CreateAcmeCertificateAuthorityV1Response{ + Body: bodyBytes, + HTTPResponse: rsp, } - return ParseUpdateSecretV4Response(rsp) -} -func (c *ClientWithResponses) UpdateSecretV4WithResponse(ctx context.Context, secretName string, body UpdateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateSecretV4Response, error) { - rsp, err := c.UpdateSecretV4(ctx, secretName, body, reqEditors...) - if err != nil { - return nil, err - } - return ParseUpdateSecretV4Response(rsp) -} + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: + var dest struct { + Configuration struct { + // AccountEmail The email address for the ACME Certificate Authority. + AccountEmail string `json:"accountEmail"` + + // DirectoryUrl The directory URL for the ACME Certificate Authority. + DirectoryUrl string `json:"directoryUrl"` + + // DnsAppConnectionId The ID of the App Connection to use for creating and managing DNS TXT records required for ACME domain validation. This connection must have permissions to create and delete TXT records in your DNS provider (e.g., Route53) for the ACME challenge process. + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + // HostedZoneId The hosted zone ID for the ACME Certificate Authority. + HostedZoneId string `json:"hostedZoneId"` + + // Provider The DNS provider for the ACME Certificate Authority. + Provider CreateAcmeCertificateAuthorityV1200ConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + + // EabHmacKey The External Account Binding (EAB) HMAC key for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabHmacKey *string `json:"eabHmacKey,omitempty"` + + // EabKid The External Account Binding (EAB) Key ID for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabKid *string `json:"eabKid,omitempty"` + } `json:"configuration"` + EnableDirectIssuance *bool `json:"enableDirectIssuance,omitempty"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + Status CreateAcmeCertificateAuthorityV1200Status `json:"status"` + Type CreateAcmeCertificateAuthorityV1200Type `json:"type"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON200 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1400StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1401StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON401 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: + var dest struct { + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1403StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON403 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1404StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON404 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: + var dest struct { + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1422StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON422 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest struct { + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateAcmeCertificateAuthorityV1500StatusCode `json:"statusCode"` + } + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest -// CreateSecretV4WithBodyWithResponse request with arbitrary body returning *CreateSecretV4Response -func (c *ClientWithResponses) CreateSecretV4WithBodyWithResponse(ctx context.Context, secretName string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateSecretV4Response, error) { - rsp, err := c.CreateSecretV4WithBody(ctx, secretName, contentType, body, reqEditors...) - if err != nil { - return nil, err } - return ParseCreateSecretV4Response(rsp) -} -func (c *ClientWithResponses) CreateSecretV4WithResponse(ctx context.Context, secretName string, body CreateSecretV4JSONRequestBody, reqEditors ...RequestEditorFn) (*CreateSecretV4Response, error) { - rsp, err := c.CreateSecretV4(ctx, secretName, body, reqEditors...) - if err != nil { - return nil, err - } - return ParseCreateSecretV4Response(rsp) + return response, nil } -// ParseAdminSignUpResponse parses an HTTP response from a AdminSignUpWithResponse call -func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) { +// ParseUpdateAcmeCertificateAuthorityV1Response parses an HTTP response from a UpdateAcmeCertificateAuthorityV1WithResponse call +func ParseUpdateAcmeCertificateAuthorityV1Response(rsp *http.Response) (*UpdateAcmeCertificateAuthorityV1Response, error) { bodyBytes, err := io.ReadAll(rsp.Body) defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - response := &AdminSignUpResponse{ + response := &UpdateAcmeCertificateAuthorityV1Response{ Body: bodyBytes, HTTPResponse: rsp, } @@ -3708,66 +6885,35 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) switch { case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: var dest struct { - Message string `json:"message"` - New string `json:"new"` - Organization struct { - AllowSecretSharingOutsideOrganization *bool `json:"allowSecretSharingOutsideOrganization"` - AuthEnforced *bool `json:"authEnforced"` - BlockDuplicateSecretSyncDestinations *bool `json:"blockDuplicateSecretSyncDestinations,omitempty"` - BypassOrgAuthEnabled *bool `json:"bypassOrgAuthEnabled,omitempty"` - CreatedAt time.Time `json:"createdAt"` - CustomerId *string `json:"customerId"` - DefaultMembershipRole *string `json:"defaultMembershipRole,omitempty"` - EnforceMfa *bool `json:"enforceMfa,omitempty"` - GoogleSsoAuthEnforced *bool `json:"googleSsoAuthEnforced,omitempty"` - GoogleSsoAuthLastUsed *time.Time `json:"googleSsoAuthLastUsed"` - Id openapi_types.UUID `json:"id"` - KmsDefaultKeyId *openapi_types.UUID `json:"kmsDefaultKeyId"` - KmsEncryptedDataKey interface{} `json:"kmsEncryptedDataKey"` - KmsProductEnabled *bool `json:"kmsProductEnabled"` - MaxSharedSecretLifetime *float32 `json:"maxSharedSecretLifetime"` - MaxSharedSecretViewLimit *float32 `json:"maxSharedSecretViewLimit"` - Name string `json:"name"` - ParentOrgId *openapi_types.UUID `json:"parentOrgId"` - PkiProductEnabled *bool `json:"pkiProductEnabled"` - PrivilegeUpgradeInitiatedAt *time.Time `json:"privilegeUpgradeInitiatedAt"` - PrivilegeUpgradeInitiatedByUsername *string `json:"privilegeUpgradeInitiatedByUsername"` - RootOrgId *openapi_types.UUID `json:"rootOrgId"` - ScannerProductEnabled *bool `json:"scannerProductEnabled"` - ScimEnabled *bool `json:"scimEnabled"` - SecretShareBrandConfig interface{} `json:"secretShareBrandConfig"` - SecretsProductEnabled *bool `json:"secretsProductEnabled"` - SelectedMfaMethod *string `json:"selectedMfaMethod"` - ShareSecretsProductEnabled *bool `json:"shareSecretsProductEnabled"` - ShouldUseNewPrivilegeSystem *bool `json:"shouldUseNewPrivilegeSystem,omitempty"` - Slug string `json:"slug"` - SshProductEnabled *bool `json:"sshProductEnabled"` - UpdatedAt time.Time `json:"updatedAt"` - UserTokenExpiration *string `json:"userTokenExpiration"` - } `json:"organization"` - Token string `json:"token"` - User struct { - AuthMethods *[]string `json:"authMethods"` - ConsecutiveFailedMfaAttempts *float32 `json:"consecutiveFailedMfaAttempts"` - ConsecutiveFailedPasswordAttempts *float32 `json:"consecutiveFailedPasswordAttempts"` - CreatedAt time.Time `json:"createdAt"` - Devices interface{} `json:"devices"` - Email *string `json:"email"` - FirstName *string `json:"firstName"` - Id openapi_types.UUID `json:"id"` - IsAccepted *bool `json:"isAccepted"` - IsEmailVerified *bool `json:"isEmailVerified"` - IsGhost *bool `json:"isGhost,omitempty"` - IsLocked *bool `json:"isLocked"` - IsMfaEnabled *bool `json:"isMfaEnabled"` - LastName *string `json:"lastName"` - MfaMethods *[]string `json:"mfaMethods"` - SelectedMfaMethod *string `json:"selectedMfaMethod"` - SuperAdmin *bool `json:"superAdmin"` - TemporaryLockDateEnd *time.Time `json:"temporaryLockDateEnd"` - UpdatedAt time.Time `json:"updatedAt"` - Username string `json:"username"` - } `json:"user"` + Configuration struct { + // AccountEmail The email address for the ACME Certificate Authority. + AccountEmail string `json:"accountEmail"` + + // DirectoryUrl The directory URL for the ACME Certificate Authority. + DirectoryUrl string `json:"directoryUrl"` + + // DnsAppConnectionId The ID of the App Connection to use for creating and managing DNS TXT records required for ACME domain validation. This connection must have permissions to create and delete TXT records in your DNS provider (e.g., Route53) for the ACME challenge process. + DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"` + DnsProviderConfig struct { + // HostedZoneId The hosted zone ID for the ACME Certificate Authority. + HostedZoneId string `json:"hostedZoneId"` + + // Provider The DNS provider for the ACME Certificate Authority. + Provider UpdateAcmeCertificateAuthorityV1200ConfigurationDnsProviderConfigProvider `json:"provider"` + } `json:"dnsProviderConfig"` + + // EabHmacKey The External Account Binding (EAB) HMAC key for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabHmacKey *string `json:"eabHmacKey,omitempty"` + + // EabKid The External Account Binding (EAB) Key ID for the ACME Certificate Authority. Required if the ACME provider uses EAB. + EabKid *string `json:"eabKid,omitempty"` + } `json:"configuration"` + EnableDirectIssuance *bool `json:"enableDirectIssuance,omitempty"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + Status UpdateAcmeCertificateAuthorityV1200Status `json:"status"` + Type UpdateAcmeCertificateAuthorityV1200Type `json:"type"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3776,11 +6922,11 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AdminSignUp400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1400StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3789,10 +6935,10 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AdminSignUp401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1401StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3801,11 +6947,11 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AdminSignUp403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1403StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3814,10 +6960,10 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AdminSignUp404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1404StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3826,10 +6972,10 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: var dest struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode AdminSignUp422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1422StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3838,10 +6984,10 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AdminSignUp500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode UpdateAcmeCertificateAuthorityV1500StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3853,15 +6999,15 @@ func ParseAdminSignUpResponse(rsp *http.Response) (*AdminSignUpResponse, error) return response, nil } -// ParseRefreshAuthTokenResponse parses an HTTP response from a RefreshAuthTokenWithResponse call -func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenResponse, error) { +// ParseCreateInternalCertificateAuthorityV1Response parses an HTTP response from a CreateInternalCertificateAuthorityV1WithResponse call +func ParseCreateInternalCertificateAuthorityV1Response(rsp *http.Response) (*CreateInternalCertificateAuthorityV1Response, error) { bodyBytes, err := io.ReadAll(rsp.Body) defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - response := &RefreshAuthTokenResponse{ + response := &CreateInternalCertificateAuthorityV1Response{ Body: bodyBytes, HTTPResponse: rsp, } @@ -3869,9 +7015,54 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons switch { case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: var dest struct { - OrganizationId *string `json:"organizationId,omitempty"` - SubOrganizationId *string `json:"subOrganizationId,omitempty"` - Token string `json:"token"` + Configuration struct { + ActiveCaCertId *openapi_types.UUID `json:"activeCaCertId"` + + // CommonName The common name (CN) for the CA. + CommonName *string `json:"commonName,omitempty"` + + // Country The country name (C) for the CA. + Country *string `json:"country,omitempty"` + Dn *string `json:"dn"` + + // FriendlyName A friendly name for the CA. + FriendlyName *string `json:"friendlyName,omitempty"` + + // KeyAlgorithm The type of public key algorithm and size, in bits, of the key pair for the CA; when you create an intermediate CA, you must use a key algorithm supported by the parent CA. + KeyAlgorithm CreateInternalCertificateAuthorityV1200ConfigurationKeyAlgorithm `json:"keyAlgorithm"` + + // Locality The locality name for the CA. + Locality *string `json:"locality,omitempty"` + + // MaxPathLength The maximum number of intermediate CAs that may follow this CA in the certificate / CA chain. A maxPathLength of -1 implies no path limit on the chain. + MaxPathLength *float32 `json:"maxPathLength"` + + // NotAfter The date and time when the CA expires in YYYY-MM-DDTHH:mm:ss.sssZ format. + NotAfter *string `json:"notAfter,omitempty"` + + // NotBefore The date and time when the CA becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format. + NotBefore *string `json:"notBefore,omitempty"` + + // Organization The organization (O) for the CA. + Organization *string `json:"organization,omitempty"` + + // Ou The organization unit (OU) for the CA. + Ou *string `json:"ou,omitempty"` + ParentCaId *openapi_types.UUID `json:"parentCaId"` + + // Province The state of province name for the CA. + Province *string `json:"province,omitempty"` + SerialNumber *string `json:"serialNumber"` + + // Type The type of CA to create. + Type CreateInternalCertificateAuthorityV1200ConfigurationType `json:"type"` + } `json:"configuration"` + EnableDirectIssuance *bool `json:"enableDirectIssuance,omitempty"` + Id openapi_types.UUID `json:"id"` + Name string `json:"name"` + ProjectId string `json:"projectId"` + Status CreateInternalCertificateAuthorityV1200Status `json:"status"` + Type CreateInternalCertificateAuthorityV1200Type `json:"type"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3880,11 +7071,11 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1400StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3893,10 +7084,10 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1401StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3905,11 +7096,11 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1403StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3918,10 +7109,10 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1404StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3930,10 +7121,10 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: var dest struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1422StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3942,10 +7133,10 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode RefreshAuthToken500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateInternalCertificateAuthorityV1500StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3957,15 +7148,15 @@ func ParseRefreshAuthTokenResponse(rsp *http.Response) (*RefreshAuthTokenRespons return response, nil } -// ParseAttachTokenAuthResponse parses an HTTP response from a AttachTokenAuthWithResponse call -func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, error) { +// ParseCreateCertificatePolicyResponse parses an HTTP response from a CreateCertificatePolicyWithResponse call +func ParseCreateCertificatePolicyResponse(rsp *http.Response) (*CreateCertificatePolicyResponse, error) { bodyBytes, err := io.ReadAll(rsp.Body) defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - response := &AttachTokenAuthResponse{ + response := &CreateCertificatePolicyResponse{ Body: bodyBytes, HTTPResponse: rsp, } @@ -3973,17 +7164,47 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, switch { case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: var dest struct { - IdentityTokenAuth struct { - AccessTokenMaxTTL *float32 `json:"accessTokenMaxTTL,omitempty"` - AccessTokenNumUsesLimit *float32 `json:"accessTokenNumUsesLimit,omitempty"` - AccessTokenPeriod *float32 `json:"accessTokenPeriod,omitempty"` - AccessTokenTTL *float32 `json:"accessTokenTTL,omitempty"` - AccessTokenTrustedIps interface{} `json:"accessTokenTrustedIps,omitempty"` - CreatedAt time.Time `json:"createdAt"` - Id openapi_types.UUID `json:"id"` - IdentityId openapi_types.UUID `json:"identityId"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"identityTokenAuth"` + CertificatePolicy struct { + Algorithms *struct { + KeyAlgorithm *[]string `json:"keyAlgorithm,omitempty"` + Signature *[]string `json:"signature,omitempty"` + } `json:"algorithms,omitempty"` + BasicConstraints *struct { + IsCA *CreateCertificatePolicy200CertificatePolicyBasicConstraintsIsCA `json:"isCA,omitempty"` + MaxPathLength *int `json:"maxPathLength,omitempty"` + } `json:"basicConstraints"` + CreatedAt time.Time `json:"createdAt"` + Description *string `json:"description"` + ExtendedKeyUsages *struct { + Allowed *[]CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesDenied `json:"denied,omitempty"` + Required *[]CreateCertificatePolicy200CertificatePolicyExtendedKeyUsagesRequired `json:"required,omitempty"` + } `json:"extendedKeyUsages,omitempty"` + Id openapi_types.UUID `json:"id"` + KeyUsages *struct { + Allowed *[]CreateCertificatePolicy200CertificatePolicyKeyUsagesAllowed `json:"allowed,omitempty"` + Denied *[]CreateCertificatePolicy200CertificatePolicyKeyUsagesDenied `json:"denied,omitempty"` + Required *[]CreateCertificatePolicy200CertificatePolicyKeyUsagesRequired `json:"required,omitempty"` + } `json:"keyUsages,omitempty"` + Name string `json:"name"` + ProjectId openapi_types.UUID `json:"projectId"` + Sans *[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type CreateCertificatePolicy200CertificatePolicySansType `json:"type"` + } `json:"sans,omitempty"` + Subject *[]struct { + Allowed *[]string `json:"allowed,omitempty"` + Denied *[]string `json:"denied,omitempty"` + Required *[]string `json:"required,omitempty"` + Type CreateCertificatePolicy200CertificatePolicySubjectType `json:"type"` + } `json:"subject,omitempty"` + UpdatedAt time.Time `json:"updatedAt"` + Validity *struct { + Max *string `json:"max,omitempty"` + } `json:"validity,omitempty"` + } `json:"certificatePolicy"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -3992,11 +7213,11 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AttachTokenAuth400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy400StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4005,10 +7226,10 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AttachTokenAuth401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy401StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4017,11 +7238,11 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AttachTokenAuth403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy403StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4030,10 +7251,10 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AttachTokenAuth404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy404StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4042,10 +7263,10 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: var dest struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode AttachTokenAuth422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy422StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4054,10 +7275,10 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode AttachTokenAuth500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificatePolicy500StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4069,15 +7290,15 @@ func ParseAttachTokenAuthResponse(rsp *http.Response) (*AttachTokenAuthResponse, return response, nil } -// ParseCreateTokenAuthTokenResponse parses an HTTP response from a CreateTokenAuthTokenWithResponse call -func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthTokenResponse, error) { +// ParseCreateCertificateProfileResponse parses an HTTP response from a CreateCertificateProfileWithResponse call +func ParseCreateCertificateProfileResponse(rsp *http.Response) (*CreateCertificateProfileResponse, error) { bodyBytes, err := io.ReadAll(rsp.Body) defer func() { _ = rsp.Body.Close() }() if err != nil { return nil, err } - response := &CreateTokenAuthTokenResponse{ + response := &CreateCertificateProfileResponse{ Body: bodyBytes, HTTPResponse: rsp, } @@ -4085,28 +7306,39 @@ func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthToke switch { case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: var dest struct { - AccessToken string `json:"accessToken"` - AccessTokenMaxTTL float32 `json:"accessTokenMaxTTL"` - ExpiresIn float32 `json:"expiresIn"` - TokenData struct { - AccessTokenLastRenewedAt *time.Time `json:"accessTokenLastRenewedAt"` - AccessTokenLastUsedAt *time.Time `json:"accessTokenLastUsedAt"` - AccessTokenMaxTTL *float32 `json:"accessTokenMaxTTL,omitempty"` - AccessTokenNumUses *float32 `json:"accessTokenNumUses,omitempty"` - AccessTokenNumUsesLimit *float32 `json:"accessTokenNumUsesLimit,omitempty"` - AccessTokenPeriod *float32 `json:"accessTokenPeriod,omitempty"` - AccessTokenTTL *float32 `json:"accessTokenTTL,omitempty"` - AuthMethod string `json:"authMethod"` - CreatedAt time.Time `json:"createdAt"` - Id string `json:"id"` - IdentityId openapi_types.UUID `json:"identityId"` - IdentityUAClientSecretId *string `json:"identityUAClientSecretId"` - IsAccessTokenRevoked *bool `json:"isAccessTokenRevoked,omitempty"` - Name *string `json:"name"` - SubOrganizationId *openapi_types.UUID `json:"subOrganizationId"` - UpdatedAt time.Time `json:"updatedAt"` - } `json:"tokenData"` - TokenType CreateTokenAuthToken200TokenType `json:"tokenType"` + CertificateProfile struct { + AcmeConfigId *openapi_types.UUID `json:"acmeConfigId"` + ApiConfigId *openapi_types.UUID `json:"apiConfigId"` + CaId *openapi_types.UUID `json:"caId"` + CertificatePolicyId openapi_types.UUID `json:"certificatePolicyId"` + CreatedAt time.Time `json:"createdAt"` + Defaults *struct { + BasicConstraints *struct { + IsCA bool `json:"isCA"` + PathLength *float32 `json:"pathLength,omitempty"` + } `json:"basicConstraints,omitempty"` + CommonName *string `json:"commonName,omitempty"` + Country *string `json:"country,omitempty"` + ExtendedKeyUsages *[]CreateCertificateProfile200CertificateProfileDefaultsExtendedKeyUsages `json:"extendedKeyUsages,omitempty"` + KeyAlgorithm *CreateCertificateProfile200CertificateProfileDefaultsKeyAlgorithm `json:"keyAlgorithm,omitempty"` + KeyUsages *[]CreateCertificateProfile200CertificateProfileDefaultsKeyUsages `json:"keyUsages,omitempty"` + Locality *string `json:"locality,omitempty"` + Organization *string `json:"organization,omitempty"` + OrganizationalUnit *string `json:"organizationalUnit,omitempty"` + SignatureAlgorithm *CreateCertificateProfile200CertificateProfileDefaultsSignatureAlgorithm `json:"signatureAlgorithm,omitempty"` + State *string `json:"state,omitempty"` + TtlDays *float32 `json:"ttlDays,omitempty"` + } `json:"defaults"` + Description *string `json:"description"` + EnrollmentType string `json:"enrollmentType"` + EstConfigId *openapi_types.UUID `json:"estConfigId"` + ExternalConfigs *CreateCertificateProfile_200_CertificateProfile_ExternalConfigs `json:"externalConfigs"` + Id openapi_types.UUID `json:"id"` + IssuerType *string `json:"issuerType,omitempty"` + ProjectId string `json:"projectId"` + Slug string `json:"slug"` + UpdatedAt time.Time `json:"updatedAt"` + } `json:"certificateProfile"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4115,11 +7347,11 @@ func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthToke case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateTokenAuthToken400StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile400StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4128,10 +7360,10 @@ func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthToke case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 401: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateTokenAuthToken401StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile401StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4140,11 +7372,11 @@ func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthToke case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403: var dest struct { - Details interface{} `json:"details,omitempty"` - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateTokenAuthToken403StatusCode `json:"statusCode"` + Details interface{} `json:"details,omitempty"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile403StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4153,10 +7385,10 @@ func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthToke case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateTokenAuthToken404StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile404StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4165,10 +7397,10 @@ func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthToke case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 422: var dest struct { - Error string `json:"error"` - Message interface{} `json:"message,omitempty"` - ReqId string `json:"reqId"` - StatusCode CreateTokenAuthToken422StatusCode `json:"statusCode"` + Error string `json:"error"` + Message interface{} `json:"message,omitempty"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile422StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4177,10 +7409,10 @@ func ParseCreateTokenAuthTokenResponse(rsp *http.Response) (*CreateTokenAuthToke case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: var dest struct { - Error string `json:"error"` - Message string `json:"message"` - ReqId string `json:"reqId"` - StatusCode CreateTokenAuthToken500StatusCode `json:"statusCode"` + Error string `json:"error"` + Message string `json:"message"` + ReqId string `json:"reqId"` + StatusCode CreateCertificateProfile500StatusCode `json:"statusCode"` } if err := json.Unmarshal(bodyBytes, &dest); err != nil { return nil, err @@ -4326,15 +7558,21 @@ func ParseCreateKubernetesPamResourceResponse(rsp *http.Response) (*CreateKubern case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: var dest struct { Resource struct { - ConnectionDetails struct { + AdServerResourceId *openapi_types.UUID `json:"adServerResourceId"` + ConnectionDetails struct { SslCertificate *string `json:"sslCertificate,omitempty"` SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` Url string `json:"url"` } `json:"connectionDetails"` - CreatedAt time.Time `json:"createdAt"` - EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` - GatewayId *openapi_types.UUID `json:"gatewayId"` - Id openapi_types.UUID `json:"id"` + CreatedAt time.Time `json:"createdAt"` + EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` + GatewayId *openapi_types.UUID `json:"gatewayId"` + Id openapi_types.UUID `json:"id"` + Metadata *[]struct { + Id openapi_types.UUID `json:"id"` + Key string `json:"key"` + Value *string `json:"value"` + } `json:"metadata,omitempty"` Name string `json:"name"` ProjectId string `json:"projectId"` ResourceType CreateKubernetesPamResource200ResourceResourceType `json:"resourceType"` @@ -4443,17 +7681,23 @@ func ParseCreateRedisPamResourceResponse(rsp *http.Response) (*CreateRedisPamRes case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: var dest struct { Resource struct { - ConnectionDetails struct { + AdServerResourceId *openapi_types.UUID `json:"adServerResourceId"` + ConnectionDetails struct { Host string `json:"host"` Port float32 `json:"port"` SslCertificate *string `json:"sslCertificate,omitempty"` SslEnabled bool `json:"sslEnabled"` SslRejectUnauthorized bool `json:"sslRejectUnauthorized"` } `json:"connectionDetails"` - CreatedAt time.Time `json:"createdAt"` - EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` - GatewayId *openapi_types.UUID `json:"gatewayId"` - Id openapi_types.UUID `json:"id"` + CreatedAt time.Time `json:"createdAt"` + EncryptedResourceMetadata interface{} `json:"encryptedResourceMetadata"` + GatewayId *openapi_types.UUID `json:"gatewayId"` + Id openapi_types.UUID `json:"id"` + Metadata *[]struct { + Id openapi_types.UUID `json:"id"` + Key string `json:"key"` + Value *string `json:"value"` + } `json:"metadata,omitempty"` Name string `json:"name"` ProjectId string `json:"projectId"` ResourceType CreateRedisPamResource200ResourceResourceType `json:"resourceType"` @@ -4564,13 +7808,14 @@ func ParseCreateProjectResponse(rsp *http.Response) (*CreateProjectResponse, err case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200: var dest struct { Project struct { - UnderscoreId string `json:"_id"` - AuditLogsRetentionDays *float32 `json:"auditLogsRetentionDays"` - AutoCapitalization *bool `json:"autoCapitalization"` - CreatedAt time.Time `json:"createdAt"` - DefaultProduct *string `json:"defaultProduct"` - Description *string `json:"description"` - Environments []struct { + UnderscoreId string `json:"_id"` + AuditLogsRetentionDays *float32 `json:"auditLogsRetentionDays"` + AutoCapitalization *bool `json:"autoCapitalization"` + CreatedAt time.Time `json:"createdAt"` + DefaultProduct *string `json:"defaultProduct"` + Description *string `json:"description"` + EnforceEncryptedSecretManagerSecretMetadata *bool `json:"enforceEncryptedSecretManagerSecretMetadata"` + Environments []struct { Id string `json:"id"` Name string `json:"name"` Slug string `json:"slug"` @@ -5036,8 +8281,9 @@ func ParseListSecretsV4Response(rsp *http.Response) (*ListSecretsV4Response, err SecretComment string `json:"secretComment"` SecretKey string `json:"secretKey"` SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` } `json:"secretMetadata,omitempty"` SecretReminderNote *string `json:"secretReminderNote"` SecretReminderRepeatDays *float32 `json:"secretReminderRepeatDays"` @@ -5066,8 +8312,9 @@ func ParseListSecretsV4Response(rsp *http.Response) (*ListSecretsV4Response, err SecretComment string `json:"secretComment"` SecretKey string `json:"secretKey"` SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` } `json:"secretMetadata,omitempty"` SecretPath *string `json:"secretPath,omitempty"` SecretReminderNote *string `json:"secretReminderNote"` @@ -5306,8 +8553,9 @@ func ParseGetSecretByNameV4Response(rsp *http.Response) (*GetSecretByNameV4Respo SecretComment string `json:"secretComment"` SecretKey string `json:"secretKey"` SecretMetadata *[]struct { - Key string `json:"key"` - Value *string `json:"value,omitempty"` + IsEncrypted *bool `json:"isEncrypted,omitempty"` + Key string `json:"key"` + Value *string `json:"value,omitempty"` } `json:"secretMetadata,omitempty"` SecretPath string `json:"secretPath"` SecretReminderNote *string `json:"secretReminderNote"`