Skip to content

Add require_crl_on_client_certificate field to certificate authority models#337

Merged
Aravind Khasibhatla (akhasibhatla) merged 1 commit intomasterfrom
akk-try-adding-crl-check-api-change
Mar 4, 2026
Merged

Add require_crl_on_client_certificate field to certificate authority models#337
Aravind Khasibhatla (akhasibhatla) merged 1 commit intomasterfrom
akk-try-adding-crl-check-api-change

Conversation

@akhasibhatla
Copy link
Copy Markdown
Contributor

@akhasibhatla Aravind Khasibhatla (akhasibhatla) commented Mar 3, 2026
edited
Loading

Summary

  • Add RequireCrlOnClientCertificate *bool field to IamV2CertificateAuthority model
  • Add RequireCrlOnClientCertificate *bool field to IamV2CreateCertRequest model
  • Add RequireCrlOnClientCertificate *bool field to IamV2UpdateCertRequest model
  • Add getter/setter/has methods, Redact, and MarshalJSON support for each model

References

Test plan

  • Verify SDK compiles successfully (CI passed)
  • Verify CLI can use the new field (see CLI PR)

🤖 Generated with Claude Code

@akhasibhatla @claude
Add require_crl_on_client_certificate field to certificate authority …
b1c04ec 
…models

Add the new boolean field to support CRL validation on client certificates
for mTLS authentication.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 3, 2026 20:52
Open
13 tasks
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new optional flag to Certificate Authority-related IAM v2 models to represent whether CRL validation is required for client certificates, aligning the SDK with the corresponding API change.

Changes:

  • Add RequireCrlOnClientCertificate *bool to IamV2CertificateAuthority, IamV2CreateCertRequest, and IamV2UpdateCertRequest.
  • Add accessor helpers (Get*, Get*Ok, Has*, Set*) for the new field across the three models.
  • Include the new field in Redact() traversal and MarshalJSON() output when set.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
certificate-authority/v2/model_iam_v2_update_cert_request.go Adds new optional boolean field with getters/setters and JSON serialization support for update requests.
certificate-authority/v2/model_iam_v2_create_cert_request.go Adds new optional boolean field with getters/setters and JSON serialization support for create requests.
certificate-authority/v2/model_iam_v2_certificate_authority.go Adds new optional boolean field with getters/setters and JSON serialization support on the CA resource model.
Comments suppressed due to low confidence (3)

certificate-authority/v2/model_iam_v2_update_cert_request.go:59

  • The generated markdown docs for this model appear out of sync with the new require_crl_on_client_certificate field (e.g., certificate-authority/v2/docs/IamV2UpdateCertRequest.md does not mention it). Please regenerate/update the docs/ artifacts so SDK docs stay consistent with the models.
	// Whether to require CRL validation on client certificates.
	RequireCrlOnClientCertificate *bool `json:"require_crl_on_client_certificate,omitempty"`

certificate-authority/v2/model_iam_v2_create_cert_request.go:59

  • The generated markdown docs for this model appear out of sync with the new require_crl_on_client_certificate field (e.g., certificate-authority/v2/docs/IamV2CreateCertRequest.md does not mention it). Please regenerate/update the docs/ artifacts so SDK docs stay consistent with the models.
	// Whether to require CRL validation on client certificates.
	RequireCrlOnClientCertificate *bool `json:"require_crl_on_client_certificate,omitempty"`

certificate-authority/v2/model_iam_v2_certificate_authority.go:68

  • The generated markdown docs for this model appear out of sync with the new require_crl_on_client_certificate field (e.g., certificate-authority/v2/docs/IamV2CertificateAuthority.md does not mention it). Please regenerate/update the docs/ artifacts so SDK docs stay consistent with the models.
	// Whether to require CRL validation on client certificates.
	RequireCrlOnClientCertificate *bool `json:"require_crl_on_client_certificate,omitempty"`

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@linouk23
Copy link
Copy Markdown
Contributor

Kostya Linou (linouk23) commented Mar 3, 2026

Verify SDK compiles successfully (CI passed)

Aravind Khasibhatla (@akhasibhatla) unfortunately that's not sufficient, could you manually run go vet -v?

@akhasibhatla
Copy link
Copy Markdown
Contributor Author

Aravind Khasibhatla (akhasibhatla) commented Mar 3, 2026
edited
Loading

Kostya Linou (@linouk23) - I ran go vet -v on the SDK changes and it passed successfully

cd ~/code/ccloud-sdk-go-v2/certificate-authority
go mod tidy
go vet -v ./...

Output: All packages compiled and vetted without errors.

Summary of Changes

Files Modified:

  • v2/model_iam_v2_certificate_authority.go
  • v2/model_iam_v2_create_cert_request.go
  • v2/model_iam_v2_update_cert_request.go

Changes per file:

  • Added RequireCrlOnClientCertificate *bool field to struct
  • Added GetRequireCrlOnClientCertificate() bool method
  • Added GetRequireCrlOnClientCertificateOk() (*bool, bool) method
  • Added HasRequireCrlOnClientCertificate() bool method
  • Added SetRequireCrlOnClientCertificate(v bool) method
  • Updated Redact() to include new field
  • Updated MarshalJSON() to serialize new field

All changes follow the existing patterns in the codebase for optional boolean fields.

@akhasibhatla
Copy link
Copy Markdown
Contributor Author

Aravind Khasibhatla (akhasibhatla) commented Mar 3, 2026

Verification Approach for Auto-Generated SDK

This SDK is auto-generated code from OpenAPI specs (note: Code generated by OpenAPI Generator at the top of each file), so there are no unit tests in the package.

Verification Checklist

Check Status Details
go vet -v ✅ Passed Static analysis - no issues
go build ✅ Passed CI build successful
Compilation ✅ Passed All packages compile without errors
CLI integration tests ✅ Passed Tested with local SDK replacement in CLI

CLI Integration Testing

The CLI (confluentinc/cli) consumes this SDK and has integration tests that verify the SDK works correctly:

# In CLI repo with local SDK replacement
cd ~/code/cli
echo 'replace github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority => ../ccloud-sdk-go-v2/certificate-authority' >> go.mod
go mod tidy
make test

Result: IAM/Certificate Authority tests passed:

ok  github.com/confluentinc/cli/v4/internal/iam  1.719s  coverage: 0.5%

The CLI PR with the corresponding changes: confluentinc/cli#3274

@akhasibhatla
Copy link
Copy Markdown
Contributor Author

Aravind Khasibhatla (akhasibhatla) commented Mar 3, 2026

Go Vet Verification - Full Output

$ cd certificate-authority && go vet -v ./...

internal/coverage/rtcov
internal/byteorder
internal/unsafeheader
internal/profilerecord
internal/asan
internal/goarch
math/bits
internal/goos
internal/trace/tracev2
internal/msan
internal/godebugs
cmp
unicode/utf8
internal/itoa
unicode
encoding
unicode/utf16
internal/goexperiment
internal/runtime/math
vendor/golang.org/x/crypto/cryptobyte/asn1
internal/runtime/gc
crypto/internal/fips140/alias
crypto/internal/fips140deps/byteorder
internal/nettrace
container/list
vendor/golang.org/x/crypto/internal/alias
log/internal
internal/runtime/strconv
crypto/internal/boring/sig
internal/cpu
crypto/internal/fips140/subtle
sync/atomic
internal/abi
crypto/internal/fips140deps/cpu
internal/chacha8rand
internal/race
internal/runtime/atomic
internal/synctest
internal/runtime/sys
internal/bytealg
internal/runtime/exithook
internal/sync
internal/stringslite
internal/runtime/maps
math
runtime
iter
weak
crypto/subtle
internal/reflectlite
maps
sync
slices
errors
internal/singleflight
internal/bisect
internal/testlog
unique
crypto/internal/fips140cache
sort
internal/oserror
path
vendor/golang.org/x/net/dns/dnsmessage
io
math/rand/v2
internal/godebug
hash
crypto/internal/randutil
internal/saferio
crypto/internal/fips140deps/godebug
bytes
strings
strconv
math/rand
net/http/internal/ascii
crypto/internal/impl
encoding/base64
vendor/golang.org/x/text/transform
hash/crc32
crypto
bufio
crypto/internal/fips140
net/netip
encoding/pem
regexp/syntax
crypto/internal/fips140/sha256
crypto/internal/fips140/sha512
crypto/internal/fips140/sha3
syscall
reflect
regexp
crypto/internal/fips140/hmac
crypto/sha3
internal/syscall/execenv
internal/fmtsort
encoding/binary
crypto/internal/fips140hash
crypto/internal/fips140/check
internal/routebsd
vendor/golang.org/x/crypto/internal/poly1305
crypto/internal/fips140/tls12
crypto/fips140
crypto/internal/fips140/hkdf
crypto/internal/fips140/bigmod
internal/syscall/unix
crypto/internal/fips140/edwards25519/field
time
crypto/internal/fips140/aes
crypto/internal/fips140/tls13
crypto/tls/internal/fips140tls
context
crypto/internal/fips140/edwards25519
crypto/x509/internal/macos
crypto/internal/fips140/nistec/fiat
io/fs
embed
internal/filepathlite
internal/poll
crypto/internal/fips140/nistec
github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority/v2/api
os
io/ioutil
crypto/internal/sysrand
path/filepath
crypto/internal/entropy
fmt
net/http/internal
net/url
encoding/hex
log
mime/quotedprintable
crypto/internal/fips140/drbg
encoding/xml
mime
vendor/golang.org/x/net/http2/hpack
compress/flate
encoding/json
crypto/internal/fips140only
crypto/internal/fips140/ecdh
crypto/internal/fips140/ecdsa
compress/gzip
crypto/internal/fips140/ed25519
vendor/golang.org/x/text/unicode/norm
crypto/internal/fips140/aes/gcm
crypto/internal/fips140/rsa
crypto/hkdf
crypto/md5
crypto/rc4
math/big
crypto/internal/fips140/mlkem
crypto/dsa
crypto/cipher
crypto/elliptic
vendor/golang.org/x/text/unicode/bidi
encoding/asn1
crypto/internal/boring
crypto/des
vendor/golang.org/x/crypto/chacha20
vendor/golang.org/x/text/secure/bidirule
crypto/x509/pkix
crypto/internal/boring/bbig
crypto/aes
crypto/sha256
crypto/sha512
vendor/golang.org/x/crypto/cryptobyte
crypto/hmac
crypto/rand
crypto/ecdh
crypto/sha1
vendor/golang.org/x/crypto/chacha20poly1305
crypto/ed25519
vendor/golang.org/x/net/idna
crypto/ecdsa
crypto/rsa
crypto/internal/hpke
net
vendor/golang.org/x/net/http/httpproxy
net/textproto
vendor/golang.org/x/net/http/httpguts
crypto/x509
mime/multipart
crypto/tls
net/http/httptrace
net/http/internal/httpcommon
net/http
golang.org/x/net/context/ctxhttp
net/http/httputil
golang.org/x/oauth2/internal
golang.org/x/oauth2
github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority/v2

Result: No errors or warnings - all packages pass go vet checks including the modified SDK models.

@akhasibhatla
Copy link
Copy Markdown
Contributor Author

Aravind Khasibhatla (akhasibhatla) commented Mar 3, 2026

Related CLI PR

The CLI changes that use this SDK update are in: confluentinc/cli#3274

The CLI PR adds the --require-crl-on-client-certificate flag to the confluent iam certificate-authority create and update commands, and displays the field in describe and list output.

@akhasibhatla Aravind Khasibhatla (akhasibhatla) merged commit a27d679 into master Mar 4, 2026
6 checks passed
@akhasibhatla Aravind Khasibhatla (akhasibhatla) deleted the akk-try-adding-crl-check-api-change branch March 4, 2026 22:02
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@linouk23 Kostya Linou (linouk23) linouk23 approved these changes

@fzhong-connect Frank Zhong (fzhong-connect) Awaiting requested review from fzhong-connect

@jeffhuang26 Jeff Huang (jeffhuang26) Awaiting requested review from jeffhuang26

Assignees

@akhasibhatla Aravind Khasibhatla (akhasibhatla)

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@akhasibhatla @linouk23 @fzhong-connect