add fields to create auth clients

Supports creating oauth clients
Updates: tailscale/tailscale#9632

* fix scopes in test

* remove redundency & increase test coverage

 * fix comment

* rename test for consistency

* test fix

Author: mcoulombe

keys.go

@@ -33,6 +33,18 @@ type CreateKeyRequest struct {
 	Description   string          `json:"description"`
 }
 
+// CreateOAuthClientRequest describes the definition of an OAuth client to create.
+type CreateOAuthClientRequest struct {
+	Scopes      []string `json:"scopes"`
+	Tags        []string `json:"tags"`
+	Description string   `json:"description"`
+}
+
+type createOAuthClientWithKeyTypeRequest struct {
+	KeyType string `json:"keyType"`
+	CreateOAuthClientRequest
+}
+
 // Key describes an authentication key within the tailnet.
 type Key struct {
 	ID           string          `json:"id"`
@@ -47,6 +59,7 @@ type Key struct {
 }
 
 // Create creates a new authentication key. Returns the generated [Key] if successful.
+// Deprecated: Use CreateAuthKey instead.
 func (kr *KeysResource) Create(ctx context.Context, ckr CreateKeyRequest) (*Key, error) {
 	req, err := kr.buildRequest(ctx, http.MethodPost, kr.buildTailnetURL("keys"), requestBody(ckr))
 	if err != nil {
@@ -56,6 +69,24 @@ func (kr *KeysResource) Create(ctx context.Context, ckr CreateKeyRequest) (*Key,
 	return body[Key](kr, req)
 }
 
+// CreateAuthKey creates a new authentication key. Returns the generated [Key] if successful.
+func (kr *KeysResource) CreateAuthKey(ctx context.Context, ckr CreateKeyRequest) (*Key, error) {
+	return kr.Create(ctx, ckr)
+}
+
+// CreateOAuthClient creates a new OAuth client. Returns the generated [Key] if successful.
+func (kr *KeysResource) CreateOAuthClient(ctx context.Context, ckr CreateOAuthClientRequest) (*Key, error) {
+	req, err := kr.buildRequest(ctx, http.MethodPost, kr.buildTailnetURL("keys"), requestBody(createOAuthClientWithKeyTypeRequest{
+		KeyType:                  "oauthclient",
+		CreateOAuthClientRequest: ckr,
+	}))
+	if err != nil {
+		return nil, err
+	}
+
+	return body[Key](kr, req)
+}
+
 // Get returns all information on a [Key] whose identifier matches the one provided. This will not return the
 // authentication key itself, just the metadata.
 func (kr *KeysResource) Get(ctx context.Context, id string) (*Key, error) {

keys_test.go

@@ -13,7 +13,7 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestClient_CreateKey(t *testing.T) {
+func TestClient_CreateAuthKey(t *testing.T) {
 	t.Parallel()
 
 	client, server := NewTestHarness(t)
@@ -36,7 +36,7 @@ func TestClient_CreateKey(t *testing.T) {
 
 	server.ResponseBody = expected
 
-	actual, err := client.Keys().Create(context.Background(), CreateKeyRequest{
+	actual, err := client.Keys().CreateAuthKey(context.Background(), CreateKeyRequest{
 		Capabilities: capabilities,
 	})
 	assert.NoError(t, err)
@@ -51,7 +51,7 @@ func TestClient_CreateKey(t *testing.T) {
 	assert.EqualValues(t, "", actualReq.Description)
 }
 
-func TestClient_CreateKeyWithExpirySeconds(t *testing.T) {
+func TestClient_CreateAuthKeyWithExpirySeconds(t *testing.T) {
 	t.Parallel()
 
 	client, server := NewTestHarness(t)
@@ -74,7 +74,7 @@ func TestClient_CreateKeyWithExpirySeconds(t *testing.T) {
 
 	server.ResponseBody = expected
 
-	actual, err := client.Keys().Create(context.Background(), CreateKeyRequest{
+	actual, err := client.Keys().CreateAuthKey(context.Background(), CreateKeyRequest{
 		Capabilities:  capabilities,
 		ExpirySeconds: 1440,
 	})
@@ -90,7 +90,7 @@ func TestClient_CreateKeyWithExpirySeconds(t *testing.T) {
 	assert.EqualValues(t, "", actualReq.Description)
 }
 
-func TestClient_CreateKeyWithDescription(t *testing.T) {
+func TestClient_CreateAuthKeyWithDescription(t *testing.T) {
 	t.Parallel()
 
 	client, server := NewTestHarness(t)
@@ -113,7 +113,7 @@ func TestClient_CreateKeyWithDescription(t *testing.T) {
 
 	server.ResponseBody = expected
 
-	actual, err := client.Keys().Create(context.Background(), CreateKeyRequest{
+	actual, err := client.Keys().CreateAuthKey(context.Background(), CreateKeyRequest{
 		Capabilities: capabilities,
 		Description:  "key description",
 	})
@@ -129,6 +129,41 @@ func TestClient_CreateKeyWithDescription(t *testing.T) {
 	assert.EqualValues(t, "key description", actualReq.Description)
 }
 
+func TestClient_CreateOAuthClient(t *testing.T) {
+	t.Parallel()
+
+	client, server := NewTestHarness(t)
+	server.ResponseCode = http.StatusOK
+
+	expected := &Key{
+		ID:          "test",
+		Key:         "thisisatestclient",
+		Created:     time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC),
+		Expires:     time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC),
+		Description: "",
+	}
+
+	server.ResponseBody = expected
+
+	actual, err := client.Keys().CreateOAuthClient(context.Background(), CreateOAuthClientRequest{
+		Scopes: []string{"all:read"},
+		Tags:   []string{"tag:test"},
+	})
+	assert.NoError(t, err)
+	assert.EqualValues(t, expected, actual)
+	assert.Equal(t, http.MethodPost, server.Method)
+	assert.Equal(t, "/api/v2/tailnet/example.com/keys", server.Path)
+
+	var actualReq createOAuthClientWithKeyTypeRequest
+	assert.NoError(t, json.Unmarshal(server.Body.Bytes(), &actualReq))
+	assert.EqualValues(t, "oauthclient", actualReq.KeyType)
+	assert.EqualValues(t, 1, len(actualReq.Scopes))
+	assert.EqualValues(t, "all:read", actualReq.Scopes[0])
+	assert.EqualValues(t, 1, len(actualReq.Tags))
+	assert.EqualValues(t, "tag:test", actualReq.Tags[0])
+	assert.EqualValues(t, "", actualReq.Description)
+}
+
 func TestClient_GetKey(t *testing.T) {
 	t.Parallel()