feat(secret): add endpoint to generate password (#669)

Author: scaleway-bot

packages/clients/src/api/secret/v1alpha1/api.gen.ts

@@ -11,6 +11,7 @@ import {
   marshalAddSecretOwnerRequest,
   marshalCreateSecretRequest,
   marshalCreateSecretVersionRequest,
+  marshalGeneratePasswordRequest,
   marshalUpdateSecretRequest,
   marshalUpdateSecretVersionRequest,
   unmarshalAccessSecretVersionResponse,
@@ -30,6 +31,7 @@ import type {
   DestroySecretVersionRequest,
   DisableSecretVersionRequest,
   EnableSecretVersionRequest,
+  GeneratePasswordRequest,
   GetSecretByNameRequest,
   GetSecretRequest,
   GetSecretVersionByNameRequest,
@@ -238,6 +240,33 @@ export class API extends ParentAPI {
       unmarshalSecretVersion,
     )
 
+  /**
+   * Generate a password in a new version. Generate a password for the given
+   * secret specified by the `region` and `secret_id` parameters. This will also
+   * create a new version of the secret that will store the password.
+   *
+   * @param request - The request {@link GeneratePasswordRequest}
+   * @returns A Promise of SecretVersion
+   */
+  generatePassword = (request: Readonly<GeneratePasswordRequest>) =>
+    this.client.fetch<SecretVersion>(
+      {
+        body: JSON.stringify(
+          marshalGeneratePasswordRequest(request, this.client.settings),
+        ),
+        headers: jsonContentHeaders,
+        method: 'POST',
+        path: `/secret-manager/v1alpha1/regions/${validatePathParam(
+          'region',
+          request.region ?? this.client.settings.defaultRegion,
+        )}/secrets/${validatePathParam(
+          'secretId',
+          request.secretId,
+        )}/generate-password`,
+      },
+      unmarshalSecretVersion,
+    )
+
   /**
    * Get metadata of a secret's version using the secret's ID. Retrieve the
    * metadata of a secret's given version specified by the `region`, `secret_id`

packages/clients/src/api/secret/v1alpha1/index.gen.ts

@@ -12,6 +12,7 @@ export type {
   DestroySecretVersionRequest,
   DisableSecretVersionRequest,
   EnableSecretVersionRequest,
+  GeneratePasswordRequest,
   GetSecretByNameRequest,
   GetSecretRequest,
   GetSecretVersionByNameRequest,

packages/clients/src/api/secret/v1alpha1/marshalling.gen.ts

@@ -2,7 +2,6 @@
 // If you have any remark or suggestion do not hesitate to open an issue.
 import {
   isJSONObject,
-  resolveOneOf,
   unmarshalArrayOfObject,
   unmarshalDate,
 } from '../../../bridge'
@@ -12,9 +11,9 @@ import type {
   AddSecretOwnerRequest,
   CreateSecretRequest,
   CreateSecretVersionRequest,
+  GeneratePasswordRequest,
   ListSecretVersionsResponse,
   ListSecretsResponse,
-  PasswordGenerationParams,
   Secret,
   SecretVersion,
   UpdateSecretRequest,
@@ -102,17 +101,6 @@ export const unmarshalListSecretsResponse = (data: unknown) => {
   } as ListSecretsResponse
 }
 
-const marshalPasswordGenerationParams = (
-  request: PasswordGenerationParams,
-  defaults: DefaultValues,
-): Record<string, unknown> => ({
-  additional_chars: request.additionalChars,
-  length: request.length,
-  no_digits: request.noDigits,
-  no_lowercase_letters: request.noLowercaseLetters,
-  no_uppercase_letters: request.noUppercaseLetters,
-})
-
 export const marshalAddSecretOwnerRequest = (
   request: AddSecretOwnerRequest,
   defaults: DefaultValues,
@@ -138,14 +126,19 @@ export const marshalCreateSecretVersionRequest = (
   data_crc32: request.dataCrc32,
   description: request.description,
   disable_previous: request.disablePrevious,
-  ...resolveOneOf([
-    {
-      param: 'password_generation',
-      value: request.passwordGeneration
-        ? marshalPasswordGenerationParams(request.passwordGeneration, defaults)
-        : undefined,
-    },
-  ]),
+})
+
+export const marshalGeneratePasswordRequest = (
+  request: GeneratePasswordRequest,
+  defaults: DefaultValues,
+): Record<string, unknown> => ({
+  additional_chars: request.additionalChars,
+  description: request.description,
+  disable_previous: request.disablePrevious,
+  length: request.length,
+  no_digits: request.noDigits,
+  no_lowercase_letters: request.noLowercaseLetters,
+  no_uppercase_letters: request.noUppercaseLetters,
 })
 
 export const marshalUpdateSecretRequest = (

packages/clients/src/api/secret/v1alpha1/types.gen.ts

@@ -117,7 +117,7 @@ export interface SecretVersion {
   updatedAt?: Date
   /** Description of the version. */
   description?: string
-  /** True if the version is the latest one. */
+  /** Returns `true` if the version is the latest. */
   isLatest: boolean
 }
 
@@ -234,23 +234,50 @@ export type CreateSecretVersionRequest = {
    */
   disablePrevious?: boolean
   /**
-   * Options to generate a password. Optional. If specified, a random password
-   * will be generated. The `data` and `data_crc32` fields must be empty. By
-   * default, the generator will use upper and lower case letters, and digits.
-   * This behavior can be tuned using the generation parameters.
-   *
-   * One-of ('PasswordGeneration'): at most one of 'passwordGeneration' could be
+   * (Optional.) The CRC32 checksum of the data as a base-10 integer. If
+   * specified, Secret Manager will verify the integrity of the data received
+   * against the given CRC32 checksum. An error is returned if the CRC32 does
+   * not match. If, however, the CRC32 matches, it will be stored and returned
+   * along with the SecretVersion on future access requests.
+   */
+  dataCrc32?: number
+}
+
+export type GeneratePasswordRequest = {
+  /**
+   * Region to target. If none is passed will use default region from the
+   * config.
+   */
+  region?: Region
+  /** ID of the secret. */
+  secretId: string
+  /** Description of the version. */
+  description?: string
+  /**
+   * (Optional.) Disable the previous secret version. This has no effect if
+   * there is no previous version or if the previous version was already
+   * disabled.
+   */
+  disablePrevious?: boolean
+  /** Length of the password to generate (between 1 and 1024 characters). */
+  length: number
+  /**
+   * (Optional.) Exclude lower case letters by default in the password character
    * set.
    */
-  passwordGeneration?: PasswordGenerationParams
+  noLowercaseLetters?: boolean
   /**
-   * The CRC32 checksum of the data as a base-10 integer. Optional. If
-   * specified, Secret Manager will verify the integrity of the data received
-   * against the given CRC32. An error is returned if the CRC32 does not match.
-   * Otherwise, the CRC32 will be stored and returned along with the
-   * SecretVersion on futur accesses.
+   * (Optional.) Exclude upper case letters by default in the password character
+   * set.
    */
-  dataCrc32?: number
+  noUppercaseLetters?: boolean
+  /** (Optional.) Exclude digits by default in the password character set. */
+  noDigits?: boolean
+  /**
+   * (Optional.) Additional ASCII characters to be included in the password
+   * character set.
+   */
+  additionalChars?: string
 }
 
 export type GetSecretVersionRequest = {