fis: updates to remove Terraform Provider reserved word collisions

Signed-off-by: allanice001 <allanice001@gmail.com>

internal/handlers/clusters.go

@@ -183,7 +183,7 @@ func CreateCluster(db *gorm.DB) http.HandlerFunc {
 		c := models.Cluster{
 			OrganizationID: orgID,
 			Name:           in.Name,
-			Provider:       in.Provider,
+			Provider:       in.ClusterProvider,
 			Region:         in.Region,
 			Status:         models.ClusterStatusPrePending,
 			LastError:      "",
@@ -255,8 +255,8 @@ func UpdateCluster(db *gorm.DB) http.HandlerFunc {
 		if in.Name != nil {
 			cluster.Name = *in.Name
 		}
-		if in.Provider != nil {
-			cluster.Provider = *in.Provider
+		if in.ClusterProvider != nil {
+			cluster.Provider = *in.ClusterProvider
 		}
 		if in.Region != nil {
 			cluster.Region = *in.Region
@@ -1508,6 +1508,12 @@ func clusterToDTO(c models.Cluster) dto.ClusterResponse {
 		controlPlane = &rr
 	}
 
+	var cfqdn *string
+	if captainDomain != nil && controlPlane != nil {
+		fq := fmt.Sprintf("%s.%s", controlPlane.Name, captainDomain.DomainName)
+		cfqdn = &fq
+	}
+
 	var appsLB *dto.LoadBalancerResponse
 	if c.AppsLoadBalancer != nil {
 		lr := loadBalancerToDTO(*c.AppsLoadBalancer)
@@ -1530,6 +1536,7 @@ func clusterToDTO(c models.Cluster) dto.ClusterResponse {
 		Name:                  c.Name,
 		CaptainDomain:         captainDomain,
 		ControlPlaneRecordSet: controlPlane,
+		ControlPlaneFQDN:      cfqdn,
 		AppsLoadBalancer:      appsLB,
 		GlueOpsLoadBalancer:   glueOpsLB,
 		BastionServer:         bastion,

internal/handlers/credentials.go

@@ -29,14 +29,14 @@ import (
 //	@Description	Returns credential metadata for the current org. Secrets are never returned.
 //	@Tags			Credentials
 //	@Produce		json
-//	@Param			X-Org-ID	header		string	false	"Organization ID (UUID)"
-//	@Param			provider	query		string	false	"Filter by provider (e.g., aws)"
-//	@Param			kind		query		string	false	"Filter by kind (e.g., aws_access_key)"
-//	@Param			scope_kind	query		string	false	"Filter by scope kind (provider/service/resource)"
-//	@Success		200			{array}		dto.CredentialOut
-//	@Failure		401			{string}	string	"Unauthorized"
-//	@Failure		403			{string}	string	"organization required"
-//	@Failure		500			{string}	string	"internal server error"
+//	@Param			X-Org-ID			header		string	false	"Organization ID (UUID)"
+//	@Param			credential_provider	query		string	false	"Filter by provider (e.g., aws)"
+//	@Param			kind				query		string	false	"Filter by kind (e.g., aws_access_key)"
+//	@Param			scope_kind			query		string	false	"Filter by scope kind (credential_provider/service/resource)"
+//	@Success		200					{array}		dto.CredentialOut
+//	@Failure		401					{string}	string	"Unauthorized"
+//	@Failure		403					{string}	string	"organization required"
+//	@Failure		500					{string}	string	"internal server error"
 //	@Router			/credentials [get]
 //	@Security		BearerAuth
 //	@Security		OrgKeyAuth
@@ -49,7 +49,7 @@ func ListCredentials(db *gorm.DB) http.HandlerFunc {
 			return
 		}
 		q := db.Where("organization_id = ?", orgID)
-		if v := r.URL.Query().Get("provider"); v != "" {
+		if v := r.URL.Query().Get("credential_provider"); v != "" {
 			q = q.Where("provider = ?", v)
 		}
 		if v := r.URL.Query().Get("kind"); v != "" {
@@ -154,7 +154,7 @@ func CreateCredential(db *gorm.DB) http.HandlerFunc {
 
 		cred, err := SaveCredentialWithScope(
 			r.Context(), db, orgID,
-			in.Provider, in.Kind, in.SchemaVersion,
+			in.CredentialProvider, in.Kind, in.SchemaVersion,
 			in.ScopeKind, in.ScopeVersion, json.RawMessage(in.Scope), json.RawMessage(in.Secret),
 			in.Name, in.AccountID, in.Region,
 		)
@@ -548,17 +548,17 @@ func SaveCredentialWithScope(
 // credOut converts model → response DTO
 func credOut(c *models.Credential) dto.CredentialOut {
 	return dto.CredentialOut{
-		ID:            c.ID.String(),
-		Provider:      c.Provider,
-		Kind:          c.Kind,
-		SchemaVersion: c.SchemaVersion,
-		Name:          c.Name,
-		ScopeKind:     c.ScopeKind,
-		ScopeVersion:  c.ScopeVersion,
-		Scope:         dto.RawJSON(c.Scope),
-		AccountID:     c.AccountID,
-		Region:        c.Region,
-		CreatedAt:     c.CreatedAt.UTC().Format(time.RFC3339),
-		UpdatedAt:     c.UpdatedAt.UTC().Format(time.RFC3339),
+		ID:                 c.ID.String(),
+		CredentialProvider: c.Provider,
+		Kind:               c.Kind,
+		SchemaVersion:      c.SchemaVersion,
+		Name:               c.Name,
+		ScopeKind:          c.ScopeKind,
+		ScopeVersion:       c.ScopeVersion,
+		Scope:              dto.RawJSON(c.Scope),
+		AccountID:          c.AccountID,
+		Region:             c.Region,
+		CreatedAt:          c.CreatedAt.UTC().Format(time.RFC3339),
+		UpdatedAt:          c.UpdatedAt.UTC().Format(time.RFC3339),
 	}
 }

internal/handlers/dto/clusters.go

@@ -11,10 +11,11 @@ type ClusterResponse struct {
 	Name                  string                `json:"name"`
 	CaptainDomain         *DomainResponse       `json:"captain_domain,omitempty"`
 	ControlPlaneRecordSet *RecordSetResponse    `json:"control_plane_record_set,omitempty"`
+	ControlPlaneFQDN      *string               `json:"control_plane_fqdn,omitempty"`
 	AppsLoadBalancer      *LoadBalancerResponse `json:"apps_load_balancer,omitempty"`
 	GlueOpsLoadBalancer   *LoadBalancerResponse `json:"glueops_load_balancer,omitempty"`
 	BastionServer         *ServerResponse       `json:"bastion_server,omitempty"`
-	Provider              string                `json:"provider"`
+	Provider              string                `json:"cluster_provider"`
 	Region                string                `json:"region"`
 	Status                string                `json:"status"`
 	LastError             string                `json:"last_error"`
@@ -26,15 +27,15 @@ type ClusterResponse struct {
 }
 
 type CreateClusterRequest struct {
-	Name     string `json:"name"`
-	Provider string `json:"provider"`
-	Region   string `json:"region"`
+	Name            string `json:"name"`
+	ClusterProvider string `json:"cluster_provider"`
+	Region          string `json:"region"`
 }
 
 type UpdateClusterRequest struct {
-	Name     *string `json:"name,omitempty"`
-	Provider *string `json:"provider,omitempty"`
-	Region   *string `json:"region,omitempty"`
+	Name            *string `json:"name,omitempty"`
+	ClusterProvider *string `json:"cluster_provider,omitempty"`
+	Region          *string `json:"region,omitempty"`
 }
 
 type AttachCaptainDomainRequest struct {

internal/handlers/dto/credentials.go

@@ -97,16 +97,16 @@ var ScopeRegistry = map[string]map[string]map[int]ScopeDef{
 
 // CreateCredentialRequest represents the POST /credentials payload
 type CreateCredentialRequest struct {
-	Provider      string  `json:"provider" validate:"required,oneof=aws cloudflare hetzner digitalocean generic"`
-	Kind          string  `json:"kind" validate:"required"`                 // aws_access_key, api_token, basic_auth, oauth2
-	SchemaVersion int     `json:"schema_version" validate:"required,gte=1"` // secret schema version
-	Name          string  `json:"name" validate:"omitempty,max=100"`        // human label
-	ScopeKind     string  `json:"scope_kind" validate:"required,oneof=provider service resource"`
-	ScopeVersion  int     `json:"scope_version" validate:"required,gte=1"`        // scope schema version
-	Scope         RawJSON `json:"scope" validate:"required" swaggertype:"object"` // {"service":"route53"} or {"arn":"..."}
-	AccountID     string  `json:"account_id,omitempty" validate:"omitempty,max=32"`
-	Region        string  `json:"region,omitempty" validate:"omitempty,max=32"`
-	Secret        RawJSON `json:"secret" validate:"required" swaggertype:"object"` // encrypted later
+	CredentialProvider string  `json:"credential_provider" validate:"required,oneof=aws cloudflare hetzner digitalocean generic"`
+	Kind               string  `json:"kind" validate:"required"`                 // aws_access_key, api_token, basic_auth, oauth2
+	SchemaVersion      int     `json:"schema_version" validate:"required,gte=1"` // secret schema version
+	Name               string  `json:"name" validate:"omitempty,max=100"`        // human label
+	ScopeKind          string  `json:"scope_kind" validate:"required,oneof=credential_provider service resource"`
+	ScopeVersion       int     `json:"scope_version" validate:"required,gte=1"`        // scope schema version
+	Scope              RawJSON `json:"scope" validate:"required" swaggertype:"object"` // {"service":"route53"} or {"arn":"..."}
+	AccountID          string  `json:"account_id,omitempty" validate:"omitempty,max=32"`
+	Region             string  `json:"region,omitempty" validate:"omitempty,max=32"`
+	Secret             RawJSON `json:"secret" validate:"required" swaggertype:"object"` // encrypted later
 }
 
 // UpdateCredentialRequest represents PATCH /credentials/{id}
@@ -123,16 +123,16 @@ type UpdateCredentialRequest struct {
 
 // CredentialOut is what we return (no secrets)
 type CredentialOut struct {
-	ID            string  `json:"id"`
-	Provider      string  `json:"provider"`
-	Kind          string  `json:"kind"`
-	SchemaVersion int     `json:"schema_version"`
-	Name          string  `json:"name"`
-	ScopeKind     string  `json:"scope_kind"`
-	ScopeVersion  int     `json:"scope_version"`
-	Scope         RawJSON `json:"scope" swaggertype:"object"`
-	AccountID     string  `json:"account_id,omitempty"`
-	Region        string  `json:"region,omitempty"`
-	CreatedAt     string  `json:"created_at"`
-	UpdatedAt     string  `json:"updated_at"`
+	ID                 string  `json:"id"`
+	CredentialProvider string  `json:"credential_provider"`
+	Kind               string  `json:"kind"`
+	SchemaVersion      int     `json:"schema_version"`
+	Name               string  `json:"name"`
+	ScopeKind          string  `json:"scope_kind"`
+	ScopeVersion       int     `json:"scope_version"`
+	Scope              RawJSON `json:"scope" swaggertype:"object"`
+	AccountID          string  `json:"account_id,omitempty"`
+	Region             string  `json:"region,omitempty"`
+	CreatedAt          string  `json:"created_at"`
+	UpdatedAt          string  `json:"updated_at"`
 }