Expose ssh endpoints to api reference, update ssh sign/issue endpoints

2026-01-10 07:58:15 -05:00 · 2024-12-18 10:59:28 -08:00
parent fed99a14a8
commit a0411e3ba8
18 changed files with 101 additions and 5 deletions
--- a/backend/src/ee/routes/v1/index.ts
+++ b/backend/src/ee/routes/v1/index.ts
@@ -26,8 +26,8 @@ import { registerSecretScanningRouter } from "./secret-scanning-router";
 import { registerSecretVersionRouter } from "./secret-version-router";
 import { registerSnapshotRouter } from "./snapshot-router";
 import { registerSshCaRouter } from "./ssh-certificate-authority-router";
+import { registerSshCertRouter } from "./ssh-certificate-router";
 import { registerSshCertificateTemplateRouter } from "./ssh-certificate-template-router";
-import { registerSshRouter } from "./ssh-router";
 import { registerTrustedIpRouter } from "./trusted-ip-router";
 import { registerUserAdditionalPrivilegeRouter } from "./user-additional-privilege-router";

@@ -73,8 +73,8 @@ export const registerV1EERoutes = async (server: FastifyZodProvider) => {

  await server.register(
    async (sshRouter) => {
-      await sshRouter.register(registerSshRouter, { prefix: "/" });
      await sshRouter.register(registerSshCaRouter, { prefix: "/ca" });
+      await sshRouter.register(registerSshCertRouter, { prefix: "/certificates" });
      await sshRouter.register(registerSshCertificateTemplateRouter, { prefix: "/certificate-templates" });
    },
    { prefix: "/ssh" }
--- a/backend/src/ee/routes/v1/ssh-certificate-router.ts
+++ b/backend/src/ee/routes/v1/ssh-certificate-router.ts
@@ -9,7 +9,7 @@ import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 import { CertKeyAlgorithm } from "@app/services/certificate/certificate-types";

-export const registerSshRouter = async (server: FastifyZodProvider) => {
+export const registerSshCertRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "POST",
    url: "/sign",
--- a/docs/api-reference/endpoints/ssh/ca/create.mdx
+++ b/docs/api-reference/endpoints/ssh/ca/create.mdx
@@ -0,0 +1,4 @@
+---
+title: "Create"
+openapi: "POST /api/v1/ssh/ca"
+---
--- a/docs/api-reference/endpoints/ssh/ca/delete.mdx
+++ b/docs/api-reference/endpoints/ssh/ca/delete.mdx
@@ -0,0 +1,4 @@
+---
+title: "Delete"
+openapi: "DELETE /api/v1/ssh/ca/{sshCaId}"
+---
--- a/docs/api-reference/endpoints/ssh/ca/list-certificate-templates.mdx
+++ b/docs/api-reference/endpoints/ssh/ca/list-certificate-templates.mdx
@@ -0,0 +1,4 @@
+---
+title: "List templates"
+openapi: "GET /api/v1/ssh/ca/{sshCaId}/certificate-templates"
+---
--- a/docs/api-reference/endpoints/ssh/ca/list.mdx
+++ b/docs/api-reference/endpoints/ssh/ca/list.mdx
@@ -0,0 +1,4 @@
+---
+title: "List"
+openapi: "GET /api/v2/workspace/{projectId}/ssh-cas"
+---
--- a/docs/api-reference/endpoints/ssh/ca/public-key.mdx
+++ b/docs/api-reference/endpoints/ssh/ca/public-key.mdx
@@ -0,0 +1,4 @@
+---
+title: "Retrieve public key"
+openapi: "GET /api/v1/ssh/ca/{sshCaId}/public-key"
+---
--- a/docs/api-reference/endpoints/ssh/ca/read.mdx
+++ b/docs/api-reference/endpoints/ssh/ca/read.mdx
@@ -0,0 +1,4 @@
+---
+title: "Retrieve"
+openapi: "GET /api/v1/ssh/ca/{sshCaId}"
+---
--- a/docs/api-reference/endpoints/ssh/ca/update.mdx
+++ b/docs/api-reference/endpoints/ssh/ca/update.mdx
@@ -0,0 +1,4 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/ssh/ca/{sshCaId}"
+---
--- a/docs/api-reference/endpoints/ssh/certificate-templates/create.mdx
+++ b/docs/api-reference/endpoints/ssh/certificate-templates/create.mdx
@@ -0,0 +1,4 @@
+---
+title: "Create"
+openapi: "POST /api/v1/ssh/certificate-templates"
+---
--- a/docs/api-reference/endpoints/ssh/certificate-templates/delete.mdx
+++ b/docs/api-reference/endpoints/ssh/certificate-templates/delete.mdx
@@ -0,0 +1,4 @@
+---
+title: "Delete"
+openapi: "DELETE /api/v1/ssh/certificate-templates/{certificateTemplateId}"
+---
--- a/docs/api-reference/endpoints/ssh/certificate-templates/list.mdx
+++ b/docs/api-reference/endpoints/ssh/certificate-templates/list.mdx
@@ -0,0 +1,4 @@
+---
+title: "List"
+openapi: "GET /api/v2/workspace/{projectId}/ssh-certificate-templates"
+---
--- a/docs/api-reference/endpoints/ssh/certificate-templates/read.mdx
+++ b/docs/api-reference/endpoints/ssh/certificate-templates/read.mdx
@@ -0,0 +1,4 @@
+---
+title: "Retrieve"
+openapi: "GET /api/v1/ssh/certificate-templates/{certificateTemplateId}"
+---
--- a/docs/api-reference/endpoints/ssh/certificate-templates/update.mdx
+++ b/docs/api-reference/endpoints/ssh/certificate-templates/update.mdx
@@ -0,0 +1,4 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/ssh/certificate-templates/{certificateTemplateId}"
+---
--- a/docs/api-reference/endpoints/ssh/certificates/issue-credentials.mdx
+++ b/docs/api-reference/endpoints/ssh/certificates/issue-credentials.mdx
@@ -0,0 +1,4 @@
+---
+title: "Issue SSH Credentials"
+openapi: "POST /api/v1/ssh/certificates/issue"
+---
--- a/docs/api-reference/endpoints/ssh/certificates/sign-key.mdx
+++ b/docs/api-reference/endpoints/ssh/certificates/sign-key.mdx
@@ -0,0 +1,4 @@
+---
+title: "Sign SSH Public Key"
+openapi: "POST /api/v1/ssh/certificates/sign"
+---
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -847,6 +847,40 @@
        }
      ]
    },
+    {
+      "group": "Infisical SSH",
+      "pages": [
+        {
+          "group": "Certificates",
+          "pages": [
+            "api-reference/endpoints/ssh/certificates/issue-credentials",
+            "api-reference/endpoints/ssh/certificates/sign-key"
+          ]
+        },
+        {
+          "group": "Certificate Authorities",
+          "pages": [
+            "api-reference/endpoints/ssh/ca/list",
+            "api-reference/endpoints/ssh/ca/create",
+            "api-reference/endpoints/ssh/ca/read",
+            "api-reference/endpoints/ssh/ca/update",
+            "api-reference/endpoints/ssh/ca/delete",
+            "api-reference/endpoints/ssh/ca/public-key",
+            "api-reference/endpoints/ssh/ca/list-certificate-templates"
+          ]
+        },
+        {
+          "group": "Certificate Templates",
+          "pages": [
+            "api-reference/endpoints/ssh/certificate-templates/list",
+            "api-reference/endpoints/ssh/certificate-templates/create",
+            "api-reference/endpoints/ssh/certificate-templates/read",
+            "api-reference/endpoints/ssh/certificate-templates/update",
+            "api-reference/endpoints/ssh/certificate-templates/delete"
+          ]
+        }
+      ]
+    },
    {
      "group": "Infisical KMS",
      "pages": [
--- a/frontend/src/hooks/api/ssh-ca/mutations.tsx
+++ b/frontend/src/hooks/api/ssh-ca/mutations.tsx
@@ -68,7 +68,10 @@ export const useSignSshKey = () => {
  const queryClient = useQueryClient();
  return useMutation<TSignSshKeyResponse, {}, TSignSshKeyDTO>({
    mutationFn: async (body) => {
-      const { data } = await apiRequest.post<TSignSshKeyResponse>("/api/v1/ssh/sign", body);
+      const { data } = await apiRequest.post<TSignSshKeyResponse>(
+        "/api/v1/ssh/certificates/sign",
+        body
+      );
      return data;
    },
    onSuccess: (_, { projectId }) => {
@@ -81,7 +84,10 @@ export const useIssueSshCreds = () => {
  const queryClient = useQueryClient();
  return useMutation<TIssueSshCredsResponse, {}, TIssueSshCredsDTO>({
    mutationFn: async (body) => {
-      const { data } = await apiRequest.post<TIssueSshCredsResponse>("/api/v1/ssh/issue", body);
+      const { data } = await apiRequest.post<TIssueSshCredsResponse>(
+        "/api/v1/ssh/certificates/issue",
+        body
+      );
      return data;
    },
    onSuccess: (_, { projectId }) => {