feat: mostly terraform shenanigans, but TF can now create ssh keys and servers

docs/swagger.yaml

@@ -6,6 +6,13 @@ definitions:
         example: https://accounts.google.com/o/oauth2/v2/auth?client_id=...
         type: string
     type: object
+  dto.CreateLabelRequest:
+    properties:
+      key:
+        type: string
+      value:
+        type: string
+    type: object
   dto.CreateSSHRequest:
     properties:
       bits:
@@ -77,6 +84,15 @@ definitions:
           $ref: '#/definitions/dto.JWK'
         type: array
     type: object
+  dto.LabelResponse:
+    properties:
+      id:
+        type: string
+      key:
+        type: string
+      value:
+        type: string
+    type: object
   dto.LogoutRequest:
     properties:
       refresh_token:
@@ -176,6 +192,13 @@ definitions:
         example: Bearer
         type: string
     type: object
+  dto.UpdateLabelRequest:
+    properties:
+      key:
+        type: string
+      value:
+        type: string
+    type: object
   dto.UpdateServerRequest:
     properties:
       hostname:
@@ -541,6 +564,255 @@ paths:
       summary: Rotate refresh token
       tags:
       - Auth
+  /labels:
+    get:
+      consumes:
+      - application/json
+      description: 'Returns node labels for the organization in X-Org-ID. Filters:
+        `key`, `value`, and `q` (key contains). Add `include=node_pools` to include
+        linked node groups.'
+      operationId: ListLabels
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        type: string
+      - description: Exact key
+        in: query
+        name: key
+        type: string
+      - description: Exact value
+        in: query
+        name: value
+        type: string
+      - description: Key contains (case-insensitive)
+        in: query
+        name: q
+        type: string
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            items:
+              $ref: '#/definitions/dto.LabelResponse'
+            type: array
+        "401":
+          description: Unauthorized
+          schema:
+            type: string
+        "403":
+          description: organization required
+          schema:
+            type: string
+        "500":
+          description: failed to list node taints
+          schema:
+            type: string
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: List node labels (org scoped)
+      tags:
+      - Labels
+    post:
+      consumes:
+      - application/json
+      description: Creates a label.
+      operationId: CreateLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        type: string
+      - description: Label payload
+        in: body
+        name: body
+        required: true
+        schema:
+          $ref: '#/definitions/dto.CreateLabelRequest'
+      produces:
+      - application/json
+      responses:
+        "201":
+          description: Created
+          schema:
+            $ref: '#/definitions/dto.LabelResponse'
+        "400":
+          description: invalid json / missing fields / invalid node_pool_ids
+          schema:
+            type: string
+        "401":
+          description: Unauthorized
+          schema:
+            type: string
+        "403":
+          description: organization required
+          schema:
+            type: string
+        "500":
+          description: create failed
+          schema:
+            type: string
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Create label (org scoped)
+      tags:
+      - Labels
+  /labels/{id}:
+    delete:
+      consumes:
+      - application/json
+      description: Permanently deletes the label.
+      operationId: DeleteLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        type: string
+      - description: Label ID (UUID)
+        in: path
+        name: id
+        required: true
+        type: string
+      produces:
+      - application/json
+      responses:
+        "204":
+          description: No Content
+          schema:
+            type: string
+        "400":
+          description: invalid id
+          schema:
+            type: string
+        "401":
+          description: Unauthorized
+          schema:
+            type: string
+        "403":
+          description: organization required
+          schema:
+            type: string
+        "500":
+          description: delete failed
+          schema:
+            type: string
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Delete label (org scoped)
+      tags:
+      - Labels
+    get:
+      consumes:
+      - application/json
+      description: Returns one label.
+      operationId: GetLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        type: string
+      - description: Label ID (UUID)
+        in: path
+        name: id
+        required: true
+        type: string
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/dto.LabelResponse'
+        "400":
+          description: invalid id
+          schema:
+            type: string
+        "401":
+          description: Unauthorized
+          schema:
+            type: string
+        "403":
+          description: organization required
+          schema:
+            type: string
+        "404":
+          description: not found
+          schema:
+            type: string
+        "500":
+          description: fetch failed
+          schema:
+            type: string
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Get label by ID (org scoped)
+      tags:
+      - Labels
+    patch:
+      consumes:
+      - application/json
+      description: Partially update label fields.
+      operationId: UpdateLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        type: string
+      - description: Label ID (UUID)
+        in: path
+        name: id
+        required: true
+        type: string
+      - description: Fields to update
+        in: body
+        name: body
+        required: true
+        schema:
+          $ref: '#/definitions/dto.UpdateLabelRequest'
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/dto.LabelResponse'
+        "400":
+          description: invalid id / invalid json
+          schema:
+            type: string
+        "401":
+          description: Unauthorized
+          schema:
+            type: string
+        "403":
+          description: organization required
+          schema:
+            type: string
+        "404":
+          description: not found
+          schema:
+            type: string
+        "500":
+          description: update failed
+          schema:
+            type: string
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Update label (org scoped)
+      tags:
+      - Labels
   /me:
     get:
       operationId: GetMe

internal/api/routes.go

@@ -136,6 +136,15 @@ func NewRouter(db *gorm.DB) http.Handler {
 				s.Patch("/{id}", handlers.UpdateTaint(db))
 				s.Delete("/{id}", handlers.DeleteTaint(db))
 			})
+
+			v1.Route("/labels", func(s chi.Router) {
+				s.Use(authOrg)
+				s.Get("/", handlers.ListLabels(db))
+				s.Post("/", handlers.CreateLabel(db))
+				s.Get("/{id}", handlers.GetLabel(db))
+				s.Patch("/{id}", handlers.UpdateLabel(db))
+				s.Delete("/{id}", handlers.DeleteLabel(db))
+			})
 		})
 	})
 	if config.IsDebug() {

internal/app/runtime.go

@@ -35,6 +35,7 @@ func NewRuntime() *Runtime {
 		&models.SshKey{},
 		&models.Server{},
 		&models.Taint{},
+		&models.Label{},
 	)
 	if err != nil {
 		log.Fatalf("Error initializing database: %v", err)

internal/handlers/dto/labels.go

@@ -0,0 +1,19 @@
+package dto
+
+import "github.com/google/uuid"
+
+type LabelResponse struct {
+	ID    uuid.UUID `json:"id"`
+	Key   string    `json:"key"`
+	Value string    `json:"value"`
+}
+
+type CreateLabelRequest struct {
+	Key   string `json:"key"`
+	Value string `json:"value"`
+}
+
+type UpdateLabelRequest struct {
+	Key   *string `json:"key"`
+	Value *string `json:"value"`
+}

internal/handlers/labels.go

@@ -0,0 +1,290 @@
+package handlers
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/glueops/autoglue/internal/api/httpmiddleware"
+	"github.com/glueops/autoglue/internal/handlers/dto"
+	"github.com/glueops/autoglue/internal/models"
+	"github.com/glueops/autoglue/internal/utils"
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+	"gorm.io/gorm"
+)
+
+// ListLabels godoc
+// @ID           ListLabels
+// @Summary      List node labels (org scoped)
+// @Description  Returns node labels for the organization in X-Org-ID. Filters: `key`, `value`, and `q` (key contains). Add `include=node_pools` to include linked node groups.
+// @Tags         Labels
+// @Accept       json
+// @Produce      json
+// @Param        X-Org-ID header string false "Organization UUID"
+// @Param        key query string false "Exact key"
+// @Param        value query string false "Exact value"
+// @Param        q query string false "Key contains (case-insensitive)"
+// @Success      200 {array}  dto.LabelResponse
+// @Failure      401 {string} string "Unauthorized"
+// @Failure      403 {string} string "organization required"
+// @Failure      500 {string} string "failed to list node taints"
+// @Router       /labels [get]
+// @Security    BearerAuth
+// @Security    OrgKeyAuth
+// @Security    OrgSecretAuth
+func ListLabels(db *gorm.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		orgID, ok := httpmiddleware.OrgIDFrom(r.Context())
+		if !ok {
+			utils.WriteError(w, http.StatusForbidden, "org_required", "specify X-Org-ID")
+			return
+		}
+
+		q := db.Where("organization_id = ?", orgID)
+
+		if key := strings.TrimSpace(r.URL.Query().Get("key")); key != "" {
+			q = q.Where(`key = ?`, key)
+		}
+		if val := strings.TrimSpace(r.URL.Query().Get("value")); val != "" {
+			q = q.Where(`value = ?`, val)
+		}
+		if needle := strings.TrimSpace(r.URL.Query().Get("q")); needle != "" {
+			q = q.Where(`key ILIKE ?`, "%"+needle+"%")
+		}
+		var rows []models.Label
+		if err := q.Order("created_at DESC").Find(&rows).Error; err != nil {
+			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
+			return
+		}
+
+		out := make([]dto.LabelResponse, 0, len(rows))
+		for _, row := range rows {
+			out = append(out, dto.LabelResponse{
+				Key:   row.Key,
+				Value: row.Value,
+				ID:    row.ID,
+			})
+		}
+		utils.WriteJSON(w, http.StatusOK, out)
+	}
+}
+
+// GetLabel godoc
+// @ID           GetLabel
+// @Summary      Get label by ID (org scoped)
+// @Description  Returns one label.
+// @Tags         Labels
+// @Accept       json
+// @Produce      json
+// @Param        X-Org-ID header string false "Organization UUID"
+// @Param        id path string true "Label ID (UUID)"
+// @Success      200 {object} dto.LabelResponse
+// @Failure      400 {string} string "invalid id"
+// @Failure      401 {string} string "Unauthorized"
+// @Failure      403 {string} string "organization required"
+// @Failure      404 {string} string "not found"
+// @Failure      500 {string} string "fetch failed"
+// @Router       /labels/{id} [get]
+// @Security    BearerAuth
+// @Security    OrgKeyAuth
+// @Security    OrgSecretAuth
+func GetLabel(db *gorm.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		orgID, ok := httpmiddleware.OrgIDFrom(r.Context())
+		if !ok {
+			utils.WriteError(w, http.StatusForbidden, "org_required", "specify X-Org-ID")
+			return
+		}
+
+		id, err := uuid.Parse(chi.URLParam(r, "id"))
+		if err != nil {
+			utils.WriteError(w, http.StatusBadRequest, "id_required", "id required")
+			return
+		}
+
+		var row models.Label
+		if err := db.Where("id = ? AND organization_id = ?", id, orgID).First(&row).Error; err != nil {
+			utils.WriteError(w, http.StatusNotFound, "label_not_found", "label not found")
+			return
+		}
+
+		out := dto.LabelResponse{
+			Key:   row.Key,
+			Value: row.Value,
+			ID:    row.ID,
+		}
+		utils.WriteJSON(w, http.StatusOK, out)
+	}
+}
+
+// CreateLabel godoc
+// @ID           CreateLabel
+// @Summary      Create label (org scoped)
+// @Description  Creates a label.
+// @Tags         Labels
+// @Accept       json
+// @Produce      json
+// @Param        X-Org-ID header string false "Organization UUID"
+// @Param        body body dto.CreateLabelRequest true "Label payload"
+// @Success      201 {object} dto.LabelResponse
+// @Failure      400 {string} string "invalid json / missing fields / invalid node_pool_ids"
+// @Failure      401 {string} string "Unauthorized"
+// @Failure      403 {string} string "organization required"
+// @Failure      500 {string} string "create failed"
+// @Router       /labels [post]
+// @Security     BearerAuth
+// @Security     OrgKeyAuth
+// @Security     OrgSecretAuth
+func CreateLabel(db *gorm.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		orgID, ok := httpmiddleware.OrgIDFrom(r.Context())
+		if !ok {
+			utils.WriteError(w, http.StatusForbidden, "org_required", "specify X-Org-ID")
+			return
+		}
+
+		var req dto.CreateLabelRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			utils.WriteError(w, http.StatusBadRequest, "bad_request", "bad request")
+			return
+		}
+
+		req.Key = strings.TrimSpace(req.Key)
+		req.Value = strings.TrimSpace(req.Value)
+
+		if req.Key == "" || req.Value == "" {
+			utils.WriteError(w, http.StatusBadRequest, "bad_request", "missing key/value")
+			return
+		}
+
+		l := models.Label{
+			OrganizationID: orgID,
+			Key:            req.Key,
+			Value:          req.Value,
+		}
+		if err := db.Create(&l).Error; err != nil {
+			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
+			return
+		}
+
+		out := dto.LabelResponse{
+			ID:    l.ID,
+			Key:   l.Key,
+			Value: l.Value,
+		}
+		utils.WriteJSON(w, http.StatusCreated, out)
+	}
+}
+
+// UpdateLabel godoc
+// @ID           UpdateLabel
+// @Summary      Update label (org scoped)
+// @Description  Partially update label fields.
+// @Tags         Labels
+// @Accept       json
+// @Produce      json
+// @Param        X-Org-ID header string false "Organization UUID"
+// @Param        id path string true "Label ID (UUID)"
+// @Param        body body dto.UpdateLabelRequest true "Fields to update"
+// @Success      200 {object} dto.LabelResponse
+// @Failure      400 {string} string "invalid id / invalid json"
+// @Failure      401 {string} string "Unauthorized"
+// @Failure      403 {string} string "organization required"
+// @Failure      404 {string} string "not found"
+// @Failure      500 {string} string "update failed"
+// @Router       /labels/{id} [patch]
+// @Security     BearerAuth
+// @Security     OrgKeyAuth
+// @Security     OrgSecretAuth
+func UpdateLabel(db *gorm.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		orgID, ok := httpmiddleware.OrgIDFrom(r.Context())
+		if !ok {
+			utils.WriteError(w, http.StatusForbidden, "org_required", "specify X-Org-ID")
+			return
+		}
+
+		id, err := uuid.Parse(chi.URLParam(r, "id"))
+		if err != nil {
+			utils.WriteError(w, http.StatusBadRequest, "id_required", "id required")
+			return
+		}
+
+		var l models.Label
+		if err := db.Where("id = ? AND organization_id = ?", id, orgID).First(&l).Error; err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				utils.WriteError(w, http.StatusNotFound, "label_not_found", "label not found")
+				return
+			}
+			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
+			return
+		}
+
+		var req dto.UpdateLabelRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			utils.WriteError(w, http.StatusBadRequest, "bad_request", "bad request")
+			return
+		}
+
+		next := l
+		if req.Key != nil {
+			next.Key = strings.TrimSpace(*req.Key)
+		}
+		if req.Value != nil {
+			next.Value = strings.TrimSpace(*req.Value)
+		}
+
+		if err := db.Save(&next).Error; err != nil {
+			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
+			return
+		}
+		out := dto.LabelResponse{
+			ID:    next.ID,
+			Key:   next.Key,
+			Value: next.Value,
+		}
+		utils.WriteJSON(w, http.StatusOK, out)
+	}
+}
+
+// DeleteLabel godoc
+// @ID           DeleteLabel
+// @Summary      Delete label (org scoped)
+// @Description  Permanently deletes the label.
+// @Tags         Labels
+// @Accept       json
+// @Produce      json
+// @Param        X-Org-ID header string false "Organization UUID"
+// @Param        id path string true "Label ID (UUID)"
+// @Success      204 {string} string "No Content"
+// @Failure      400 {string} string "invalid id"
+// @Failure      401 {string} string "Unauthorized"
+// @Failure      403 {string} string "organization required"
+// @Failure      500 {string} string "delete failed"
+// @Router       /labels/{id} [delete]
+// @Security     BearerAuth
+// @Security     OrgKeyAuth
+// @Security     OrgSecretAuth
+func DeleteLabel(db *gorm.DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		orgID, ok := httpmiddleware.OrgIDFrom(r.Context())
+		if !ok {
+			utils.WriteError(w, http.StatusForbidden, "org_required", "specify X-Org-ID")
+			return
+		}
+
+		id, err := uuid.Parse(chi.URLParam(r, "id"))
+		if err != nil {
+			utils.WriteError(w, http.StatusBadRequest, "id_required", "id required")
+			return
+		}
+
+		if err := db.Where("id = ? AND organization_id = ?", id, orgID).Delete(&models.Label{}).Error; err != nil {
+			utils.WriteError(w, http.StatusInternalServerError, "db_error", "db error")
+			return
+		}
+		w.WriteHeader(http.StatusNoContent)
+	}
+}

internal/handlers/ssh.go

@@ -363,6 +363,7 @@ func DownloadSSHKey(db *gorm.DB) http.HandlerFunc {
 		}
 
 		if mode == "json" {
+			prefix := keyFilenamePrefix(key.PublicKey)
 			resp := dto.SshMaterialJSON{
 				ID:          key.ID.String(),
 				Name:        key.Name,
@@ -372,7 +373,7 @@ func DownloadSSHKey(db *gorm.DB) http.HandlerFunc {
 			case "public":
 				pub := key.PublicKey
 				resp.PublicKey = &pub
-				resp.Filenames = []string{fmt.Sprintf("id_rsa_%s.pub", key.ID.String())}
+				resp.Filenames = []string{fmt.Sprintf("%s_%s.pub", prefix, key.ID.String())}
 				utils.WriteJSON(w, http.StatusOK, resp)
 				return
 
@@ -383,7 +384,7 @@ func DownloadSSHKey(db *gorm.DB) http.HandlerFunc {
 					return
 				}
 				resp.PrivatePEM = &plain
-				resp.Filenames = []string{fmt.Sprintf("id_rsa_%s.pem", key.ID.String())}
+				resp.Filenames = []string{fmt.Sprintf("%s_%s.pem", prefix, key.ID.String())}
 				utils.WriteJSON(w, http.StatusOK, resp)
 				return
 
@@ -396,16 +397,16 @@ func DownloadSSHKey(db *gorm.DB) http.HandlerFunc {
 
 				var buf bytes.Buffer
 				zw := zip.NewWriter(&buf)
-				_ = toZipFile(fmt.Sprintf("id_rsa_%s.pem", key.ID.String()), []byte(plain), zw)
+				_ = toZipFile(fmt.Sprintf("%s_%s.pem", prefix, key.ID.String()), []byte(plain), zw)
-				_ = toZipFile(fmt.Sprintf("id_rsa_%s.pub", key.ID.String()), []byte(key.PublicKey), zw)
+				_ = toZipFile(fmt.Sprintf("%s_%s.pub", prefix, key.ID.String()), []byte(key.PublicKey), zw)
 				_ = zw.Close()
 
 				b64 := utils.EncodeB64(buf.Bytes())
 				resp.ZipBase64 = &b64
 				resp.Filenames = []string{
-					fmt.Sprintf("id_rsa_%s.zip", key.ID.String()),
+					fmt.Sprintf("%s_%s.zip", prefix, key.ID.String()),
-					fmt.Sprintf("id_rsa_%s.pem", key.ID.String()),
+					fmt.Sprintf("%s_%s.pem", prefix, key.ID.String()),
-					fmt.Sprintf("id_rsa_%s.pub", key.ID.String()),
+					fmt.Sprintf("%s_%s.pub", prefix, key.ID.String()),
 				}
 				utils.WriteJSON(w, http.StatusOK, resp)
 				return
@@ -512,12 +513,18 @@ func toZipFile(filename string, content []byte, zw *zip.Writer) error {
 }
 
 func keyFilenamePrefix(pubAuth string) string {
-	// OpenSSH authorized keys start with the algorithm name
+	pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pubAuth))
-	if strings.HasPrefix(pubAuth, "ssh-ed25519 ") {
+	if err != nil {
-		return "id_ed25519"
+		return "id_key"
+	}
+	switch pk.Type() {
+	case "ssh-ed25519":
+		return "id_ed25519"
+	case "ssh-rsa":
+		return "id_rsa"
+	default:
+		return "id_key"
 	}
-	// default to RSA
-	return "id_rsa"
 }
 
 func GenerateEd25519PEMAndAuthorized(comment string) (privPEM string, authorized string, err error) {

internal/models/label.go

@@ -0,0 +1,18 @@
+package models
+
+import (
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type Label struct {
+	ID             uuid.UUID    `gorm:"type:uuid;default:gen_random_uuid();primaryKey" json:"id"`
+	OrganizationID uuid.UUID    `gorm:"type:uuid;not null" json:"organization_id"`
+	Organization   Organization `gorm:"foreignKey:OrganizationID;constraint:OnDelete:CASCADE" json:"organization"`
+	Key            string       `gorm:"not null" json:"key"`
+	Value          string       `gorm:"not null" json:"value"`
+	NodePools      []NodePool   `gorm:"many2many:node_labels;constraint:OnDelete:CASCADE" json:"servers,omitempty"`
+	CreatedAt      time.Time    `gorm:"column:created_at;not null;default:now()" json:"created_at"`
+	UpdatedAt      time.Time    `gorm:"autoUpdateTime;column:updated_at;not null;default:now()" json:"updated_at"`
+}

internal/models/node_pool.go

@@ -13,9 +13,11 @@ type NodePool struct {
 	Name           string       `gorm:"not null" json:"name"`
 	Servers        []Server     `gorm:"many2many:node_servers;constraint:OnDelete:CASCADE" json:"servers,omitempty"`
 	//Annotations    []Annotation `gorm:"many2many:node_annotations;constraint:OnDelete:CASCADE" json:"annotations,omitempty"`
-	//Labels         []Label      `gorm:"many2many:node_labels;constraint:OnDelete:CASCADE" json:"labels,omitempty"`
+	Labels []Label `gorm:"many2many:node_labels;constraint:OnDelete:CASCADE" json:"labels,omitempty"`
 	Taints []Taint `gorm:"many2many:node_taints;constraint:OnDelete:CASCADE" json:"taints,omitempty"`
 	//Clusters       []Cluster    `gorm:"many2many:cluster_node_pools;constraint:OnDelete:CASCADE" json:"clusters,omitempty"`
+	Topology  string    `gorm:"not null" json:"topology,omitempty"` // stacked or external
+	Role      string    `gorm:"not null" json:"role,omitempty"`     // master, worker, ort etcd (etcd only if topology = external
 	CreatedAt time.Time `gorm:"not null;default:now()" json:"created_at" format:"date-time"`
 	UpdatedAt time.Time `gorm:"not null;default:now()" json:"updated_at" format:"date-time"`
 }

sdk/go/.openapi-generator/FILES

@@ -3,6 +3,7 @@
 README.md
 api/openapi.yaml
 api_auth.go
+api_labels.go
 api_me.go
 api_me_api_keys.go
 api_orgs.go
@@ -13,11 +14,13 @@ client.go
 configuration.go
 docs/AuthAPI.md
 docs/DtoAuthStartResponse.md
+docs/DtoCreateLabelRequest.md
 docs/DtoCreateSSHRequest.md
 docs/DtoCreateServerRequest.md
 docs/DtoCreateTaintRequest.md
 docs/DtoJWK.md
 docs/DtoJWKS.md
+docs/DtoLabelResponse.md
 docs/DtoLogoutRequest.md
 docs/DtoRefreshRequest.md
 docs/DtoServerResponse.md
@@ -25,6 +28,7 @@ docs/DtoSshResponse.md
 docs/DtoSshRevealResponse.md
 docs/DtoTaintResponse.md
 docs/DtoTokenPair.md
+docs/DtoUpdateLabelRequest.md
 docs/DtoUpdateServerRequest.md
 docs/DtoUpdateTaintRequest.md
 docs/HandlersCreateUserKeyRequest.md
@@ -37,6 +41,7 @@ docs/HandlersOrgKeyCreateResp.md
 docs/HandlersOrgUpdateReq.md
 docs/HandlersUpdateMeRequest.md
 docs/HandlersUserAPIKeyOut.md
+docs/LabelsAPI.md
 docs/MeAPI.md
 docs/MeAPIKeysAPI.md
 docs/ModelsAPIKey.md
@@ -52,11 +57,13 @@ git_push.sh
 go.mod
 go.sum
 model_dto_auth_start_response.go
+model_dto_create_label_request.go
 model_dto_create_server_request.go
 model_dto_create_ssh_request.go
 model_dto_create_taint_request.go
 model_dto_jwk.go
 model_dto_jwks.go
+model_dto_label_response.go
 model_dto_logout_request.go
 model_dto_refresh_request.go
 model_dto_server_response.go
@@ -64,6 +71,7 @@ model_dto_ssh_response.go
 model_dto_ssh_reveal_response.go
 model_dto_taint_response.go
 model_dto_token_pair.go
+model_dto_update_label_request.go
 model_dto_update_server_request.go
 model_dto_update_taint_request.go
 model_handlers_create_user_key_request.go
@@ -82,5 +90,4 @@ model_models_user.go
 model_models_user_email.go
 model_utils_error_response.go
 response.go
-test/api_taints_test.go
 utils.go

sdk/go/README.md

@@ -83,6 +83,11 @@ Class | Method | HTTP request | Description
 *AuthAPI* | [**GetJWKS**](docs/AuthAPI.md#getjwks) | **Get** /.well-known/jwks.json | Get JWKS
 *AuthAPI* | [**Logout**](docs/AuthAPI.md#logout) | **Post** /auth/logout | Revoke refresh token family (logout everywhere)
 *AuthAPI* | [**Refresh**](docs/AuthAPI.md#refresh) | **Post** /auth/refresh | Rotate refresh token
+*LabelsAPI* | [**CreateLabel**](docs/LabelsAPI.md#createlabel) | **Post** /labels | Create label (org scoped)
+*LabelsAPI* | [**DeleteLabel**](docs/LabelsAPI.md#deletelabel) | **Delete** /labels/{id} | Delete label (org scoped)
+*LabelsAPI* | [**GetLabel**](docs/LabelsAPI.md#getlabel) | **Get** /labels/{id} | Get label by ID (org scoped)
+*LabelsAPI* | [**ListLabels**](docs/LabelsAPI.md#listlabels) | **Get** /labels | List node labels (org scoped)
+*LabelsAPI* | [**UpdateLabel**](docs/LabelsAPI.md#updatelabel) | **Patch** /labels/{id} | Update label (org scoped)
 *MeAPI* | [**GetMe**](docs/MeAPI.md#getme) | **Get** /me | Get current user profile
 *MeAPI* | [**UpdateMe**](docs/MeAPI.md#updateme) | **Patch** /me | Update current user profile
 *MeAPIKeysAPI* | [**CreateUserAPIKey**](docs/MeAPIKeysAPI.md#createuserapikey) | **Post** /me/api-keys | Create a new user API key
@@ -119,11 +124,13 @@ Class | Method | HTTP request | Description
 ## Documentation For Models
 
  - [DtoAuthStartResponse](docs/DtoAuthStartResponse.md)
+ - [DtoCreateLabelRequest](docs/DtoCreateLabelRequest.md)
  - [DtoCreateSSHRequest](docs/DtoCreateSSHRequest.md)
  - [DtoCreateServerRequest](docs/DtoCreateServerRequest.md)
  - [DtoCreateTaintRequest](docs/DtoCreateTaintRequest.md)
  - [DtoJWK](docs/DtoJWK.md)
  - [DtoJWKS](docs/DtoJWKS.md)
+ - [DtoLabelResponse](docs/DtoLabelResponse.md)
  - [DtoLogoutRequest](docs/DtoLogoutRequest.md)
  - [DtoRefreshRequest](docs/DtoRefreshRequest.md)
  - [DtoServerResponse](docs/DtoServerResponse.md)
@@ -131,6 +138,7 @@ Class | Method | HTTP request | Description
  - [DtoSshRevealResponse](docs/DtoSshRevealResponse.md)
  - [DtoTaintResponse](docs/DtoTaintResponse.md)
  - [DtoTokenPair](docs/DtoTokenPair.md)
+ - [DtoUpdateLabelRequest](docs/DtoUpdateLabelRequest.md)
  - [DtoUpdateServerRequest](docs/DtoUpdateServerRequest.md)
  - [DtoUpdateTaintRequest](docs/DtoUpdateTaintRequest.md)
  - [HandlersCreateUserKeyRequest](docs/HandlersCreateUserKeyRequest.md)

sdk/go/api/openapi.yaml

@@ -103,6 +103,302 @@ paths:
       summary: Begin social login
       tags:
       - Auth
+  /labels:
+    get:
+      description: "Returns node labels for the organization in X-Org-ID. Filters:\
+        \ `key`, `value`, and `q` (key contains). Add `include=node_pools` to include\
+        \ linked node groups."
+      operationId: ListLabels
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        schema:
+          type: string
+      - description: Exact key
+        in: query
+        name: key
+        schema:
+          type: string
+      - description: Exact value
+        in: query
+        name: value
+        schema:
+          type: string
+      - description: Key contains (case-insensitive)
+        in: query
+        name: q
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: "#/components/schemas/dto.LabelResponse"
+                type: array
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: organization required
+        "500":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: failed to list node taints
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: List node labels (org scoped)
+      tags:
+      - Labels
+    post:
+      description: Creates a label.
+      operationId: CreateLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/dto.CreateLabelRequest"
+        description: Label payload
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/dto.LabelResponse"
+          description: Created
+        "400":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: invalid json / missing fields / invalid node_pool_ids
+        "401":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: organization required
+        "500":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: create failed
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Create label (org scoped)
+      tags:
+      - Labels
+      x-codegen-request-body-name: body
+  /labels/{id}:
+    delete:
+      description: Permanently deletes the label.
+      operationId: DeleteLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        schema:
+          type: string
+      - description: Label ID (UUID)
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: invalid id
+        "401":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: organization required
+        "500":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: delete failed
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Delete label (org scoped)
+      tags:
+      - Labels
+    get:
+      description: Returns one label.
+      operationId: GetLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        schema:
+          type: string
+      - description: Label ID (UUID)
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/dto.LabelResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: invalid id
+        "401":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: organization required
+        "404":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: not found
+        "500":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: fetch failed
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Get label by ID (org scoped)
+      tags:
+      - Labels
+    patch:
+      description: Partially update label fields.
+      operationId: UpdateLabel
+      parameters:
+      - description: Organization UUID
+        in: header
+        name: X-Org-ID
+        schema:
+          type: string
+      - description: Label ID (UUID)
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/dto.UpdateLabelRequest"
+        description: Fields to update
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/dto.LabelResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: invalid id / invalid json
+        "401":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: organization required
+        "404":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: not found
+        "500":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: update failed
+      security:
+      - BearerAuth: []
+      - OrgKeyAuth: []
+      - OrgSecretAuth: []
+      summary: Update label (org scoped)
+      tags:
+      - Labels
+      x-codegen-request-body-name: body
   /me:
     get:
       operationId: GetMe
@@ -1452,6 +1748,13 @@ components:
           example: https://accounts.google.com/o/oauth2/v2/auth?client_id=...
           type: string
       type: object
+    dto.CreateLabelRequest:
+      properties:
+        key:
+          type: string
+        value:
+          type: string
+      type: object
     dto.CreateSSHRequest:
       properties:
         bits:
@@ -1547,6 +1850,19 @@ components:
             $ref: "#/components/schemas/dto.JWK"
           type: array
       type: object
+    dto.LabelResponse:
+      example:
+        id: id
+        value: value
+        key: key
+      properties:
+        id:
+          type: string
+        key:
+          type: string
+        value:
+          type: string
+      type: object
     dto.LogoutRequest:
       properties:
         refresh_token:
@@ -1685,6 +2001,13 @@ components:
           example: Bearer
           type: string
       type: object
+    dto.UpdateLabelRequest:
+      properties:
+        key:
+          type: string
+        value:
+          type: string
+      type: object
     dto.UpdateServerRequest:
       properties:
         hostname:

sdk/go/client.go

@@ -50,6 +50,8 @@ type APIClient struct {
 
 	AuthAPI *AuthAPIService
 
+	LabelsAPI *LabelsAPIService
+
 	MeAPI *MeAPIService
 
 	MeAPIKeysAPI *MeAPIKeysAPIService
@@ -80,6 +82,7 @@ func NewAPIClient(cfg *Configuration) *APIClient {
 
 	// API Services
 	c.AuthAPI = (*AuthAPIService)(&c.common)
+	c.LabelsAPI = (*LabelsAPIService)(&c.common)
 	c.MeAPI = (*MeAPIService)(&c.common)
 	c.MeAPIKeysAPI = (*MeAPIKeysAPIService)(&c.common)
 	c.OrgsAPI = (*OrgsAPIService)(&c.common)

sdk/go/docs/DtoCreateLabelRequest.md

@@ -0,0 +1,82 @@
+# DtoCreateLabelRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Key** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewDtoCreateLabelRequest
+
+`func NewDtoCreateLabelRequest() *DtoCreateLabelRequest`
+
+NewDtoCreateLabelRequest instantiates a new DtoCreateLabelRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDtoCreateLabelRequestWithDefaults
+
+`func NewDtoCreateLabelRequestWithDefaults() *DtoCreateLabelRequest`
+
+NewDtoCreateLabelRequestWithDefaults instantiates a new DtoCreateLabelRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKey
+
+`func (o *DtoCreateLabelRequest) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *DtoCreateLabelRequest) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *DtoCreateLabelRequest) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *DtoCreateLabelRequest) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *DtoCreateLabelRequest) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *DtoCreateLabelRequest) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *DtoCreateLabelRequest) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *DtoCreateLabelRequest) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+

sdk/go/docs/DtoLabelResponse.md

@@ -0,0 +1,108 @@
+# DtoLabelResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] 
+**Key** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewDtoLabelResponse
+
+`func NewDtoLabelResponse() *DtoLabelResponse`
+
+NewDtoLabelResponse instantiates a new DtoLabelResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDtoLabelResponseWithDefaults
+
+`func NewDtoLabelResponseWithDefaults() *DtoLabelResponse`
+
+NewDtoLabelResponseWithDefaults instantiates a new DtoLabelResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *DtoLabelResponse) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *DtoLabelResponse) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *DtoLabelResponse) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *DtoLabelResponse) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetKey
+
+`func (o *DtoLabelResponse) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *DtoLabelResponse) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *DtoLabelResponse) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *DtoLabelResponse) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *DtoLabelResponse) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *DtoLabelResponse) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *DtoLabelResponse) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *DtoLabelResponse) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+

sdk/go/docs/DtoUpdateLabelRequest.md

@@ -0,0 +1,82 @@
+# DtoUpdateLabelRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Key** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewDtoUpdateLabelRequest
+
+`func NewDtoUpdateLabelRequest() *DtoUpdateLabelRequest`
+
+NewDtoUpdateLabelRequest instantiates a new DtoUpdateLabelRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDtoUpdateLabelRequestWithDefaults
+
+`func NewDtoUpdateLabelRequestWithDefaults() *DtoUpdateLabelRequest`
+
+NewDtoUpdateLabelRequestWithDefaults instantiates a new DtoUpdateLabelRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKey
+
+`func (o *DtoUpdateLabelRequest) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *DtoUpdateLabelRequest) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *DtoUpdateLabelRequest) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *DtoUpdateLabelRequest) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *DtoUpdateLabelRequest) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *DtoUpdateLabelRequest) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *DtoUpdateLabelRequest) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *DtoUpdateLabelRequest) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+

sdk/go/docs/LabelsAPI.md

@@ -0,0 +1,371 @@
+# \LabelsAPI
+
+All URIs are relative to *http://localhost:8080/api/v1*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateLabel**](LabelsAPI.md#CreateLabel) | **Post** /labels | Create label (org scoped)
+[**DeleteLabel**](LabelsAPI.md#DeleteLabel) | **Delete** /labels/{id} | Delete label (org scoped)
+[**GetLabel**](LabelsAPI.md#GetLabel) | **Get** /labels/{id} | Get label by ID (org scoped)
+[**ListLabels**](LabelsAPI.md#ListLabels) | **Get** /labels | List node labels (org scoped)
+[**UpdateLabel**](LabelsAPI.md#UpdateLabel) | **Patch** /labels/{id} | Update label (org scoped)
+
+
+
+## CreateLabel
+
+> DtoLabelResponse CreateLabel(ctx).Body(body).XOrgID(xOrgID).Execute()
+
+Create label (org scoped)
+
+
+
+### Example
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	openapiclient "github.com/glueops/autoglue-sdk"
+)
+
+func main() {
+	body := *openapiclient.NewDtoCreateLabelRequest() // DtoCreateLabelRequest | Label payload
+	xOrgID := "xOrgID_example" // string | Organization UUID (optional)
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+	resp, r, err := apiClient.LabelsAPI.CreateLabel(context.Background()).Body(body).XOrgID(xOrgID).Execute()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error when calling `LabelsAPI.CreateLabel``: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+	}
+	// response from `CreateLabel`: DtoLabelResponse
+	fmt.Fprintf(os.Stdout, "Response from `LabelsAPI.CreateLabel`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateLabelRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **body** | [**DtoCreateLabelRequest**](DtoCreateLabelRequest.md) | Label payload | 
+ **xOrgID** | **string** | Organization UUID | 
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteLabel
+
+> string DeleteLabel(ctx, id).XOrgID(xOrgID).Execute()
+
+Delete label (org scoped)
+
+
+
+### Example
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	openapiclient "github.com/glueops/autoglue-sdk"
+)
+
+func main() {
+	id := "id_example" // string | Label ID (UUID)
+	xOrgID := "xOrgID_example" // string | Organization UUID (optional)
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+	resp, r, err := apiClient.LabelsAPI.DeleteLabel(context.Background(), id).XOrgID(xOrgID).Execute()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error when calling `LabelsAPI.DeleteLabel``: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+	}
+	// response from `DeleteLabel`: string
+	fmt.Fprintf(os.Stdout, "Response from `LabelsAPI.DeleteLabel`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**id** | **string** | Label ID (UUID) | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteLabelRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **xOrgID** | **string** | Organization UUID | 
+
+### Return type
+
+**string**
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetLabel
+
+> DtoLabelResponse GetLabel(ctx, id).XOrgID(xOrgID).Execute()
+
+Get label by ID (org scoped)
+
+
+
+### Example
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	openapiclient "github.com/glueops/autoglue-sdk"
+)
+
+func main() {
+	id := "id_example" // string | Label ID (UUID)
+	xOrgID := "xOrgID_example" // string | Organization UUID (optional)
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+	resp, r, err := apiClient.LabelsAPI.GetLabel(context.Background(), id).XOrgID(xOrgID).Execute()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error when calling `LabelsAPI.GetLabel``: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+	}
+	// response from `GetLabel`: DtoLabelResponse
+	fmt.Fprintf(os.Stdout, "Response from `LabelsAPI.GetLabel`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**id** | **string** | Label ID (UUID) | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetLabelRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **xOrgID** | **string** | Organization UUID | 
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListLabels
+
+> []DtoLabelResponse ListLabels(ctx).XOrgID(xOrgID).Key(key).Value(value).Q(q).Execute()
+
+List node labels (org scoped)
+
+
+
+### Example
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	openapiclient "github.com/glueops/autoglue-sdk"
+)
+
+func main() {
+	xOrgID := "xOrgID_example" // string | Organization UUID (optional)
+	key := "key_example" // string | Exact key (optional)
+	value := "value_example" // string | Exact value (optional)
+	q := "q_example" // string | Key contains (case-insensitive) (optional)
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+	resp, r, err := apiClient.LabelsAPI.ListLabels(context.Background()).XOrgID(xOrgID).Key(key).Value(value).Q(q).Execute()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error when calling `LabelsAPI.ListLabels``: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+	}
+	// response from `ListLabels`: []DtoLabelResponse
+	fmt.Fprintf(os.Stdout, "Response from `LabelsAPI.ListLabels`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListLabelsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **xOrgID** | **string** | Organization UUID | 
+ **key** | **string** | Exact key | 
+ **value** | **string** | Exact value | 
+ **q** | **string** | Key contains (case-insensitive) | 
+
+### Return type
+
+[**[]DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateLabel
+
+> DtoLabelResponse UpdateLabel(ctx, id).Body(body).XOrgID(xOrgID).Execute()
+
+Update label (org scoped)
+
+
+
+### Example
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	openapiclient "github.com/glueops/autoglue-sdk"
+)
+
+func main() {
+	id := "id_example" // string | Label ID (UUID)
+	body := *openapiclient.NewDtoUpdateLabelRequest() // DtoUpdateLabelRequest | Fields to update
+	xOrgID := "xOrgID_example" // string | Organization UUID (optional)
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+	resp, r, err := apiClient.LabelsAPI.UpdateLabel(context.Background(), id).Body(body).XOrgID(xOrgID).Execute()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error when calling `LabelsAPI.UpdateLabel``: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+	}
+	// response from `UpdateLabel`: DtoLabelResponse
+	fmt.Fprintf(os.Stdout, "Response from `LabelsAPI.UpdateLabel`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**id** | **string** | Label ID (UUID) | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateLabelRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **body** | [**DtoUpdateLabelRequest**](DtoUpdateLabelRequest.md) | Fields to update | 
+ **xOrgID** | **string** | Organization UUID | 
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+

sdk/go/model_dto_create_label_request.go

@@ -0,0 +1,160 @@
+/*
+AutoGlue API
+
+API for managing K3s clusters across cloud providers
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package autoglue
+
+import (
+	"encoding/json"
+)
+
+// checks if the DtoCreateLabelRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &DtoCreateLabelRequest{}
+
+// DtoCreateLabelRequest struct for DtoCreateLabelRequest
+type DtoCreateLabelRequest struct {
+	Key   *string `json:"key,omitempty"`
+	Value *string `json:"value,omitempty"`
+}
+
+// NewDtoCreateLabelRequest instantiates a new DtoCreateLabelRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDtoCreateLabelRequest() *DtoCreateLabelRequest {
+	this := DtoCreateLabelRequest{}
+	return &this
+}
+
+// NewDtoCreateLabelRequestWithDefaults instantiates a new DtoCreateLabelRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDtoCreateLabelRequestWithDefaults() *DtoCreateLabelRequest {
+	this := DtoCreateLabelRequest{}
+	return &this
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *DtoCreateLabelRequest) GetKey() string {
+	if o == nil || IsNil(o.Key) {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DtoCreateLabelRequest) GetKeyOk() (*string, bool) {
+	if o == nil || IsNil(o.Key) {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *DtoCreateLabelRequest) HasKey() bool {
+	if o != nil && !IsNil(o.Key) {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *DtoCreateLabelRequest) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *DtoCreateLabelRequest) GetValue() string {
+	if o == nil || IsNil(o.Value) {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DtoCreateLabelRequest) GetValueOk() (*string, bool) {
+	if o == nil || IsNil(o.Value) {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *DtoCreateLabelRequest) HasValue() bool {
+	if o != nil && !IsNil(o.Value) {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *DtoCreateLabelRequest) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o DtoCreateLabelRequest) MarshalJSON() ([]byte, error) {
+	toSerialize, err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o DtoCreateLabelRequest) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Key) {
+		toSerialize["key"] = o.Key
+	}
+	if !IsNil(o.Value) {
+		toSerialize["value"] = o.Value
+	}
+	return toSerialize, nil
+}
+
+type NullableDtoCreateLabelRequest struct {
+	value *DtoCreateLabelRequest
+	isSet bool
+}
+
+func (v NullableDtoCreateLabelRequest) Get() *DtoCreateLabelRequest {
+	return v.value
+}
+
+func (v *NullableDtoCreateLabelRequest) Set(val *DtoCreateLabelRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDtoCreateLabelRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDtoCreateLabelRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDtoCreateLabelRequest(val *DtoCreateLabelRequest) *NullableDtoCreateLabelRequest {
+	return &NullableDtoCreateLabelRequest{value: val, isSet: true}
+}
+
+func (v NullableDtoCreateLabelRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDtoCreateLabelRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}

sdk/go/model_dto_label_response.go

@@ -0,0 +1,196 @@
+/*
+AutoGlue API
+
+API for managing K3s clusters across cloud providers
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package autoglue
+
+import (
+	"encoding/json"
+)
+
+// checks if the DtoLabelResponse type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &DtoLabelResponse{}
+
+// DtoLabelResponse struct for DtoLabelResponse
+type DtoLabelResponse struct {
+	Id    *string `json:"id,omitempty"`
+	Key   *string `json:"key,omitempty"`
+	Value *string `json:"value,omitempty"`
+}
+
+// NewDtoLabelResponse instantiates a new DtoLabelResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDtoLabelResponse() *DtoLabelResponse {
+	this := DtoLabelResponse{}
+	return &this
+}
+
+// NewDtoLabelResponseWithDefaults instantiates a new DtoLabelResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDtoLabelResponseWithDefaults() *DtoLabelResponse {
+	this := DtoLabelResponse{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *DtoLabelResponse) GetId() string {
+	if o == nil || IsNil(o.Id) {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DtoLabelResponse) GetIdOk() (*string, bool) {
+	if o == nil || IsNil(o.Id) {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *DtoLabelResponse) HasId() bool {
+	if o != nil && !IsNil(o.Id) {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *DtoLabelResponse) SetId(v string) {
+	o.Id = &v
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *DtoLabelResponse) GetKey() string {
+	if o == nil || IsNil(o.Key) {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DtoLabelResponse) GetKeyOk() (*string, bool) {
+	if o == nil || IsNil(o.Key) {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *DtoLabelResponse) HasKey() bool {
+	if o != nil && !IsNil(o.Key) {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *DtoLabelResponse) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *DtoLabelResponse) GetValue() string {
+	if o == nil || IsNil(o.Value) {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DtoLabelResponse) GetValueOk() (*string, bool) {
+	if o == nil || IsNil(o.Value) {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *DtoLabelResponse) HasValue() bool {
+	if o != nil && !IsNil(o.Value) {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *DtoLabelResponse) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o DtoLabelResponse) MarshalJSON() ([]byte, error) {
+	toSerialize, err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o DtoLabelResponse) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Id) {
+		toSerialize["id"] = o.Id
+	}
+	if !IsNil(o.Key) {
+		toSerialize["key"] = o.Key
+	}
+	if !IsNil(o.Value) {
+		toSerialize["value"] = o.Value
+	}
+	return toSerialize, nil
+}
+
+type NullableDtoLabelResponse struct {
+	value *DtoLabelResponse
+	isSet bool
+}
+
+func (v NullableDtoLabelResponse) Get() *DtoLabelResponse {
+	return v.value
+}
+
+func (v *NullableDtoLabelResponse) Set(val *DtoLabelResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDtoLabelResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDtoLabelResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDtoLabelResponse(val *DtoLabelResponse) *NullableDtoLabelResponse {
+	return &NullableDtoLabelResponse{value: val, isSet: true}
+}
+
+func (v NullableDtoLabelResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDtoLabelResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}

sdk/go/model_dto_update_label_request.go

@@ -0,0 +1,160 @@
+/*
+AutoGlue API
+
+API for managing K3s clusters across cloud providers
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package autoglue
+
+import (
+	"encoding/json"
+)
+
+// checks if the DtoUpdateLabelRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &DtoUpdateLabelRequest{}
+
+// DtoUpdateLabelRequest struct for DtoUpdateLabelRequest
+type DtoUpdateLabelRequest struct {
+	Key   *string `json:"key,omitempty"`
+	Value *string `json:"value,omitempty"`
+}
+
+// NewDtoUpdateLabelRequest instantiates a new DtoUpdateLabelRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDtoUpdateLabelRequest() *DtoUpdateLabelRequest {
+	this := DtoUpdateLabelRequest{}
+	return &this
+}
+
+// NewDtoUpdateLabelRequestWithDefaults instantiates a new DtoUpdateLabelRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDtoUpdateLabelRequestWithDefaults() *DtoUpdateLabelRequest {
+	this := DtoUpdateLabelRequest{}
+	return &this
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *DtoUpdateLabelRequest) GetKey() string {
+	if o == nil || IsNil(o.Key) {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DtoUpdateLabelRequest) GetKeyOk() (*string, bool) {
+	if o == nil || IsNil(o.Key) {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *DtoUpdateLabelRequest) HasKey() bool {
+	if o != nil && !IsNil(o.Key) {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *DtoUpdateLabelRequest) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *DtoUpdateLabelRequest) GetValue() string {
+	if o == nil || IsNil(o.Value) {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DtoUpdateLabelRequest) GetValueOk() (*string, bool) {
+	if o == nil || IsNil(o.Value) {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *DtoUpdateLabelRequest) HasValue() bool {
+	if o != nil && !IsNil(o.Value) {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *DtoUpdateLabelRequest) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o DtoUpdateLabelRequest) MarshalJSON() ([]byte, error) {
+	toSerialize, err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o DtoUpdateLabelRequest) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Key) {
+		toSerialize["key"] = o.Key
+	}
+	if !IsNil(o.Value) {
+		toSerialize["value"] = o.Value
+	}
+	return toSerialize, nil
+}
+
+type NullableDtoUpdateLabelRequest struct {
+	value *DtoUpdateLabelRequest
+	isSet bool
+}
+
+func (v NullableDtoUpdateLabelRequest) Get() *DtoUpdateLabelRequest {
+	return v.value
+}
+
+func (v *NullableDtoUpdateLabelRequest) Set(val *DtoUpdateLabelRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDtoUpdateLabelRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDtoUpdateLabelRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDtoUpdateLabelRequest(val *DtoUpdateLabelRequest) *NullableDtoUpdateLabelRequest {
+	return &NullableDtoUpdateLabelRequest{value: val, isSet: true}
+}
+
+func (v NullableDtoUpdateLabelRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDtoUpdateLabelRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}

sdk/go/test/api_labels_test.go

@@ -0,0 +1,91 @@
+/*
+AutoGlue API
+
+Testing LabelsAPIService
+
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech);
+
+package autoglue
+
+import (
+	"context"
+	openapiclient "github.com/glueops/autoglue-sdk"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"testing"
+)
+
+func Test_autoglue_LabelsAPIService(t *testing.T) {
+
+	configuration := openapiclient.NewConfiguration()
+	apiClient := openapiclient.NewAPIClient(configuration)
+
+	t.Run("Test LabelsAPIService CreateLabel", func(t *testing.T) {
+
+		t.Skip("skip test") // remove to run test
+
+		resp, httpRes, err := apiClient.LabelsAPI.CreateLabel(context.Background()).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+	t.Run("Test LabelsAPIService DeleteLabel", func(t *testing.T) {
+
+		t.Skip("skip test") // remove to run test
+
+		var id string
+
+		resp, httpRes, err := apiClient.LabelsAPI.DeleteLabel(context.Background(), id).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+	t.Run("Test LabelsAPIService GetLabel", func(t *testing.T) {
+
+		t.Skip("skip test") // remove to run test
+
+		var id string
+
+		resp, httpRes, err := apiClient.LabelsAPI.GetLabel(context.Background(), id).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+	t.Run("Test LabelsAPIService ListLabels", func(t *testing.T) {
+
+		t.Skip("skip test") // remove to run test
+
+		resp, httpRes, err := apiClient.LabelsAPI.ListLabels(context.Background()).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+	t.Run("Test LabelsAPIService UpdateLabel", func(t *testing.T) {
+
+		t.Skip("skip test") // remove to run test
+
+		var id string
+
+		resp, httpRes, err := apiClient.LabelsAPI.UpdateLabel(context.Background(), id).Execute()
+
+		require.Nil(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, 200, httpRes.StatusCode)
+
+	})
+
+}

sdk/ts/.openapi-generator/FILES

@@ -4,11 +4,13 @@
 README.md
 docs/AuthApi.md
 docs/DtoAuthStartResponse.md
+docs/DtoCreateLabelRequest.md
 docs/DtoCreateSSHRequest.md
 docs/DtoCreateServerRequest.md
 docs/DtoCreateTaintRequest.md
 docs/DtoJWK.md
 docs/DtoJWKS.md
+docs/DtoLabelResponse.md
 docs/DtoLogoutRequest.md
 docs/DtoRefreshRequest.md
 docs/DtoServerResponse.md
@@ -16,6 +18,7 @@ docs/DtoSshResponse.md
 docs/DtoSshRevealResponse.md
 docs/DtoTaintResponse.md
 docs/DtoTokenPair.md
+docs/DtoUpdateLabelRequest.md
 docs/DtoUpdateServerRequest.md
 docs/DtoUpdateTaintRequest.md
 docs/HandlersCreateUserKeyRequest.md
@@ -28,6 +31,7 @@ docs/HandlersOrgKeyCreateResp.md
 docs/HandlersOrgUpdateReq.md
 docs/HandlersUpdateMeRequest.md
 docs/HandlersUserAPIKeyOut.md
+docs/LabelsApi.md
 docs/MeAPIKeysApi.md
 docs/MeApi.md
 docs/ModelsAPIKey.md
@@ -41,6 +45,7 @@ docs/TaintsApi.md
 docs/UtilsErrorResponse.md
 package.json
 src/apis/AuthApi.ts
+src/apis/LabelsApi.ts
 src/apis/MeAPIKeysApi.ts
 src/apis/MeApi.ts
 src/apis/OrgsApi.ts
@@ -50,11 +55,13 @@ src/apis/TaintsApi.ts
 src/apis/index.ts
 src/index.ts
 src/models/DtoAuthStartResponse.ts
+src/models/DtoCreateLabelRequest.ts
 src/models/DtoCreateSSHRequest.ts
 src/models/DtoCreateServerRequest.ts
 src/models/DtoCreateTaintRequest.ts
 src/models/DtoJWK.ts
 src/models/DtoJWKS.ts
+src/models/DtoLabelResponse.ts
 src/models/DtoLogoutRequest.ts
 src/models/DtoRefreshRequest.ts
 src/models/DtoServerResponse.ts
@@ -62,6 +69,7 @@ src/models/DtoSshResponse.ts
 src/models/DtoSshRevealResponse.ts
 src/models/DtoTaintResponse.ts
 src/models/DtoTokenPair.ts
+src/models/DtoUpdateLabelRequest.ts
 src/models/DtoUpdateServerRequest.ts
 src/models/DtoUpdateTaintRequest.ts
 src/models/HandlersCreateUserKeyRequest.ts

sdk/ts/README.md

@@ -50,6 +50,11 @@ All URIs are relative to _http://localhost:8080/api/v1_
 | _AuthApi_      | [**getJWKS**](docs/AuthApi.md#getjwks)                        | **GET** /.well-known/jwks.json          | Get JWKS                                        |
 | _AuthApi_      | [**logout**](docs/AuthApi.md#logout)                          | **POST** /auth/logout                   | Revoke refresh token family (logout everywhere) |
 | _AuthApi_      | [**refresh**](docs/AuthApi.md#refresh)                        | **POST** /auth/refresh                  | Rotate refresh token                            |
+| _LabelsApi_    | [**createLabel**](docs/LabelsApi.md#createlabel)              | **POST** /labels                        | Create label (org scoped)                       |
+| _LabelsApi_    | [**deleteLabel**](docs/LabelsApi.md#deletelabel)              | **DELETE** /labels/{id}                 | Delete label (org scoped)                       |
+| _LabelsApi_    | [**getLabel**](docs/LabelsApi.md#getlabel)                    | **GET** /labels/{id}                    | Get label by ID (org scoped)                    |
+| _LabelsApi_    | [**listLabels**](docs/LabelsApi.md#listlabels)                | **GET** /labels                         | List node labels (org scoped)                   |
+| _LabelsApi_    | [**updateLabel**](docs/LabelsApi.md#updatelabel)              | **PATCH** /labels/{id}                  | Update label (org scoped)                       |
 | _MeApi_        | [**getMe**](docs/MeApi.md#getme)                              | **GET** /me                             | Get current user profile                        |
 | _MeApi_        | [**updateMe**](docs/MeApi.md#updateme)                        | **PATCH** /me                           | Update current user profile                     |
 | _MeAPIKeysApi_ | [**createUserAPIKey**](docs/MeAPIKeysApi.md#createuserapikey) | **POST** /me/api-keys                   | Create a new user API key                       |
@@ -85,11 +90,13 @@ All URIs are relative to _http://localhost:8080/api/v1_
 ### Models
 
 - [DtoAuthStartResponse](docs/DtoAuthStartResponse.md)
+- [DtoCreateLabelRequest](docs/DtoCreateLabelRequest.md)
 - [DtoCreateSSHRequest](docs/DtoCreateSSHRequest.md)
 - [DtoCreateServerRequest](docs/DtoCreateServerRequest.md)
 - [DtoCreateTaintRequest](docs/DtoCreateTaintRequest.md)
 - [DtoJWK](docs/DtoJWK.md)
 - [DtoJWKS](docs/DtoJWKS.md)
+- [DtoLabelResponse](docs/DtoLabelResponse.md)
 - [DtoLogoutRequest](docs/DtoLogoutRequest.md)
 - [DtoRefreshRequest](docs/DtoRefreshRequest.md)
 - [DtoServerResponse](docs/DtoServerResponse.md)
@@ -97,6 +104,7 @@ All URIs are relative to _http://localhost:8080/api/v1_
 - [DtoSshRevealResponse](docs/DtoSshRevealResponse.md)
 - [DtoTaintResponse](docs/DtoTaintResponse.md)
 - [DtoTokenPair](docs/DtoTokenPair.md)
+- [DtoUpdateLabelRequest](docs/DtoUpdateLabelRequest.md)
 - [DtoUpdateServerRequest](docs/DtoUpdateServerRequest.md)
 - [DtoUpdateTaintRequest](docs/DtoUpdateTaintRequest.md)
 - [HandlersCreateUserKeyRequest](docs/HandlersCreateUserKeyRequest.md)

sdk/ts/docs/DtoCreateLabelRequest.md

@@ -0,0 +1,32 @@
+# DtoCreateLabelRequest
+
+## Properties
+
+| Name    | Type   |
+| ------- | ------ |
+| `key`   | string |
+| `value` | string |
+
+## Example
+
+```typescript
+import type { DtoCreateLabelRequest } from "@glueops/autoglue-sdk";
+
+// TODO: Update the object below with actual values
+const example = {
+  key: null,
+  value: null,
+} satisfies DtoCreateLabelRequest;
+
+console.log(example);
+
+// Convert the instance to a JSON string
+const exampleJSON: string = JSON.stringify(example);
+console.log(exampleJSON);
+
+// Parse the JSON string back to an object
+const exampleParsed = JSON.parse(exampleJSON) as DtoCreateLabelRequest;
+console.log(exampleParsed);
+```
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)

sdk/ts/docs/DtoLabelResponse.md

@@ -0,0 +1,34 @@
+# DtoLabelResponse
+
+## Properties
+
+| Name    | Type   |
+| ------- | ------ |
+| `id`    | string |
+| `key`   | string |
+| `value` | string |
+
+## Example
+
+```typescript
+import type { DtoLabelResponse } from "@glueops/autoglue-sdk";
+
+// TODO: Update the object below with actual values
+const example = {
+  id: null,
+  key: null,
+  value: null,
+} satisfies DtoLabelResponse;
+
+console.log(example);
+
+// Convert the instance to a JSON string
+const exampleJSON: string = JSON.stringify(example);
+console.log(exampleJSON);
+
+// Parse the JSON string back to an object
+const exampleParsed = JSON.parse(exampleJSON) as DtoLabelResponse;
+console.log(exampleParsed);
+```
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)

sdk/ts/docs/DtoUpdateLabelRequest.md

@@ -0,0 +1,32 @@
+# DtoUpdateLabelRequest
+
+## Properties
+
+| Name    | Type   |
+| ------- | ------ |
+| `key`   | string |
+| `value` | string |
+
+## Example
+
+```typescript
+import type { DtoUpdateLabelRequest } from "@glueops/autoglue-sdk";
+
+// TODO: Update the object below with actual values
+const example = {
+  key: null,
+  value: null,
+} satisfies DtoUpdateLabelRequest;
+
+console.log(example);
+
+// Convert the instance to a JSON string
+const exampleJSON: string = JSON.stringify(example);
+console.log(exampleJSON);
+
+// Parse the JSON string back to an object
+const exampleParsed = JSON.parse(exampleJSON) as DtoUpdateLabelRequest;
+console.log(exampleParsed);
+```
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)

sdk/ts/docs/LabelsApi.md

@@ -0,0 +1,412 @@
+# LabelsApi
+
+All URIs are relative to _http://localhost:8080/api/v1_
+
+| Method                                      | HTTP request            | Description                   |
+| ------------------------------------------- | ----------------------- | ----------------------------- |
+| [**createLabel**](LabelsApi.md#createlabel) | **POST** /labels        | Create label (org scoped)     |
+| [**deleteLabel**](LabelsApi.md#deletelabel) | **DELETE** /labels/{id} | Delete label (org scoped)     |
+| [**getLabel**](LabelsApi.md#getlabel)       | **GET** /labels/{id}    | Get label by ID (org scoped)  |
+| [**listLabels**](LabelsApi.md#listlabels)   | **GET** /labels         | List node labels (org scoped) |
+| [**updateLabel**](LabelsApi.md#updatelabel) | **PATCH** /labels/{id}  | Update label (org scoped)     |
+
+## createLabel
+
+> DtoLabelResponse createLabel(body, xOrgID)
+
+Create label (org scoped)
+
+Creates a label.
+
+### Example
+
+```ts
+import {
+  Configuration,
+  LabelsApi,
+} from '@glueops/autoglue-sdk';
+import type { CreateLabelRequest } from '@glueops/autoglue-sdk';
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // DtoCreateLabelRequest | Label payload
+    body: ...,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies CreateLabelRequest;
+
+  try {
+    const data = await api.createLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+| Name       | Type                                              | Description       | Notes                                |
+| ---------- | ------------------------------------------------- | ----------------- | ------------------------------------ |
+| **body**   | [DtoCreateLabelRequest](DtoCreateLabelRequest.md) | Label payload     |                                      |
+| **xOrgID** | `string`                                          | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: `application/json`
+- **Accept**: `application/json`
+
+### HTTP response details
+
+| Status code | Description                                           | Response headers |
+| ----------- | ----------------------------------------------------- | ---------------- |
+| **201**     | Created                                               | -                |
+| **400**     | invalid json / missing fields / invalid node_pool_ids | -                |
+| **401**     | Unauthorized                                          | -                |
+| **403**     | organization required                                 | -                |
+| **500**     | create failed                                         | -                |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+## deleteLabel
+
+> string deleteLabel(id, xOrgID)
+
+Delete label (org scoped)
+
+Permanently deletes the label.
+
+### Example
+
+```ts
+import { Configuration, LabelsApi } from "@glueops/autoglue-sdk";
+import type { DeleteLabelRequest } from "@glueops/autoglue-sdk";
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Label ID (UUID)
+    id: id_example,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies DeleteLabelRequest;
+
+  try {
+    const data = await api.deleteLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+| Name       | Type     | Description       | Notes                                |
+| ---------- | -------- | ----------------- | ------------------------------------ |
+| **id**     | `string` | Label ID (UUID)   | [Defaults to `undefined`]            |
+| **xOrgID** | `string` | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+**string**
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: `application/json`
+
+### HTTP response details
+
+| Status code | Description           | Response headers |
+| ----------- | --------------------- | ---------------- |
+| **204**     | No Content            | -                |
+| **400**     | invalid id            | -                |
+| **401**     | Unauthorized          | -                |
+| **403**     | organization required | -                |
+| **500**     | delete failed         | -                |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+## getLabel
+
+> DtoLabelResponse getLabel(id, xOrgID)
+
+Get label by ID (org scoped)
+
+Returns one label.
+
+### Example
+
+```ts
+import { Configuration, LabelsApi } from "@glueops/autoglue-sdk";
+import type { GetLabelRequest } from "@glueops/autoglue-sdk";
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Label ID (UUID)
+    id: id_example,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies GetLabelRequest;
+
+  try {
+    const data = await api.getLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+| Name       | Type     | Description       | Notes                                |
+| ---------- | -------- | ----------------- | ------------------------------------ |
+| **id**     | `string` | Label ID (UUID)   | [Defaults to `undefined`]            |
+| **xOrgID** | `string` | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: `application/json`
+
+### HTTP response details
+
+| Status code | Description           | Response headers |
+| ----------- | --------------------- | ---------------- |
+| **200**     | OK                    | -                |
+| **400**     | invalid id            | -                |
+| **401**     | Unauthorized          | -                |
+| **403**     | organization required | -                |
+| **404**     | not found             | -                |
+| **500**     | fetch failed          | -                |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+## listLabels
+
+> Array<DtoLabelResponse> listLabels(xOrgID, key, value, q)
+
+List node labels (org scoped)
+
+Returns node labels for the organization in X-Org-ID. Filters: `key`, `value`, and `q` (key contains). Add `include=node_pools` to include linked node groups.
+
+### Example
+
+```ts
+import { Configuration, LabelsApi } from "@glueops/autoglue-sdk";
+import type { ListLabelsRequest } from "@glueops/autoglue-sdk";
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+    // string | Exact key (optional)
+    key: key_example,
+    // string | Exact value (optional)
+    value: value_example,
+    // string | Key contains (case-insensitive) (optional)
+    q: q_example,
+  } satisfies ListLabelsRequest;
+
+  try {
+    const data = await api.listLabels(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+| Name       | Type     | Description                     | Notes                                |
+| ---------- | -------- | ------------------------------- | ------------------------------------ |
+| **xOrgID** | `string` | Organization UUID               | [Optional] [Defaults to `undefined`] |
+| **key**    | `string` | Exact key                       | [Optional] [Defaults to `undefined`] |
+| **value**  | `string` | Exact value                     | [Optional] [Defaults to `undefined`] |
+| **q**      | `string` | Key contains (case-insensitive) | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**Array<DtoLabelResponse>**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: `application/json`
+
+### HTTP response details
+
+| Status code | Description                | Response headers |
+| ----------- | -------------------------- | ---------------- |
+| **200**     | OK                         | -                |
+| **401**     | Unauthorized               | -                |
+| **403**     | organization required      | -                |
+| **500**     | failed to list node taints | -                |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+## updateLabel
+
+> DtoLabelResponse updateLabel(id, body, xOrgID)
+
+Update label (org scoped)
+
+Partially update label fields.
+
+### Example
+
+```ts
+import {
+  Configuration,
+  LabelsApi,
+} from '@glueops/autoglue-sdk';
+import type { UpdateLabelRequest } from '@glueops/autoglue-sdk';
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Label ID (UUID)
+    id: id_example,
+    // DtoUpdateLabelRequest | Fields to update
+    body: ...,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies UpdateLabelRequest;
+
+  try {
+    const data = await api.updateLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+| Name       | Type                                              | Description       | Notes                                |
+| ---------- | ------------------------------------------------- | ----------------- | ------------------------------------ |
+| **id**     | `string`                                          | Label ID (UUID)   | [Defaults to `undefined`]            |
+| **body**   | [DtoUpdateLabelRequest](DtoUpdateLabelRequest.md) | Fields to update  |                                      |
+| **xOrgID** | `string`                                          | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: `application/json`
+- **Accept**: `application/json`
+
+### HTTP response details
+
+| Status code | Description               | Response headers |
+| ----------- | ------------------------- | ---------------- |
+| **200**     | OK                        | -                |
+| **400**     | invalid id / invalid json | -                |
+| **401**     | Unauthorized              | -                |
+| **403**     | organization required     | -                |
+| **404**     | not found                 | -                |
+| **500**     | update failed             | -                |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)

sdk/ts/src/apis/LabelsApi.ts

@@ -0,0 +1,437 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import * as runtime from "../runtime";
+import type {
+  DtoCreateLabelRequest,
+  DtoLabelResponse,
+  DtoUpdateLabelRequest,
+} from "../models/index";
+import {
+  DtoCreateLabelRequestFromJSON,
+  DtoCreateLabelRequestToJSON,
+  DtoLabelResponseFromJSON,
+  DtoLabelResponseToJSON,
+  DtoUpdateLabelRequestFromJSON,
+  DtoUpdateLabelRequestToJSON,
+} from "../models/index";
+
+export interface CreateLabelRequest {
+  body: DtoCreateLabelRequest;
+  xOrgID?: string;
+}
+
+export interface DeleteLabelRequest {
+  id: string;
+  xOrgID?: string;
+}
+
+export interface GetLabelRequest {
+  id: string;
+  xOrgID?: string;
+}
+
+export interface ListLabelsRequest {
+  xOrgID?: string;
+  key?: string;
+  value?: string;
+  q?: string;
+}
+
+export interface UpdateLabelRequest {
+  id: string;
+  body: DtoUpdateLabelRequest;
+  xOrgID?: string;
+}
+
+/**
+ *
+ */
+export class LabelsApi extends runtime.BaseAPI {
+  /**
+   * Creates a label.
+   * Create label (org scoped)
+   */
+  async createLabelRaw(
+    requestParameters: CreateLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<runtime.ApiResponse<DtoLabelResponse>> {
+    if (requestParameters["body"] == null) {
+      throw new runtime.RequiredError(
+        "body",
+        'Required parameter "body" was null or undefined when calling createLabel().',
+      );
+    }
+
+    const queryParameters: any = {};
+
+    const headerParameters: runtime.HTTPHeaders = {};
+
+    headerParameters["Content-Type"] = "application/json";
+
+    if (requestParameters["xOrgID"] != null) {
+      headerParameters["X-Org-ID"] = String(requestParameters["xOrgID"]);
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-KEY"] =
+        await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-SECRET"] =
+        await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["Authorization"] =
+        await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+    }
+
+    let urlPath = `/labels`;
+
+    const response = await this.request(
+      {
+        path: urlPath,
+        method: "POST",
+        headers: headerParameters,
+        query: queryParameters,
+        body: DtoCreateLabelRequestToJSON(requestParameters["body"]),
+      },
+      initOverrides,
+    );
+
+    return new runtime.JSONApiResponse(response, (jsonValue) =>
+      DtoLabelResponseFromJSON(jsonValue),
+    );
+  }
+
+  /**
+   * Creates a label.
+   * Create label (org scoped)
+   */
+  async createLabel(
+    requestParameters: CreateLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<DtoLabelResponse> {
+    const response = await this.createLabelRaw(
+      requestParameters,
+      initOverrides,
+    );
+    return await response.value();
+  }
+
+  /**
+   * Permanently deletes the label.
+   * Delete label (org scoped)
+   */
+  async deleteLabelRaw(
+    requestParameters: DeleteLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<runtime.ApiResponse<string>> {
+    if (requestParameters["id"] == null) {
+      throw new runtime.RequiredError(
+        "id",
+        'Required parameter "id" was null or undefined when calling deleteLabel().',
+      );
+    }
+
+    const queryParameters: any = {};
+
+    const headerParameters: runtime.HTTPHeaders = {};
+
+    if (requestParameters["xOrgID"] != null) {
+      headerParameters["X-Org-ID"] = String(requestParameters["xOrgID"]);
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-KEY"] =
+        await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-SECRET"] =
+        await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["Authorization"] =
+        await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+    }
+
+    let urlPath = `/labels/{id}`;
+    urlPath = urlPath.replace(
+      `{${"id"}}`,
+      encodeURIComponent(String(requestParameters["id"])),
+    );
+
+    const response = await this.request(
+      {
+        path: urlPath,
+        method: "DELETE",
+        headers: headerParameters,
+        query: queryParameters,
+      },
+      initOverrides,
+    );
+
+    if (this.isJsonMime(response.headers.get("content-type"))) {
+      return new runtime.JSONApiResponse<string>(response);
+    } else {
+      return new runtime.TextApiResponse(response) as any;
+    }
+  }
+
+  /**
+   * Permanently deletes the label.
+   * Delete label (org scoped)
+   */
+  async deleteLabel(
+    requestParameters: DeleteLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<string> {
+    const response = await this.deleteLabelRaw(
+      requestParameters,
+      initOverrides,
+    );
+    return await response.value();
+  }
+
+  /**
+   * Returns one label.
+   * Get label by ID (org scoped)
+   */
+  async getLabelRaw(
+    requestParameters: GetLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<runtime.ApiResponse<DtoLabelResponse>> {
+    if (requestParameters["id"] == null) {
+      throw new runtime.RequiredError(
+        "id",
+        'Required parameter "id" was null or undefined when calling getLabel().',
+      );
+    }
+
+    const queryParameters: any = {};
+
+    const headerParameters: runtime.HTTPHeaders = {};
+
+    if (requestParameters["xOrgID"] != null) {
+      headerParameters["X-Org-ID"] = String(requestParameters["xOrgID"]);
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-KEY"] =
+        await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-SECRET"] =
+        await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["Authorization"] =
+        await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+    }
+
+    let urlPath = `/labels/{id}`;
+    urlPath = urlPath.replace(
+      `{${"id"}}`,
+      encodeURIComponent(String(requestParameters["id"])),
+    );
+
+    const response = await this.request(
+      {
+        path: urlPath,
+        method: "GET",
+        headers: headerParameters,
+        query: queryParameters,
+      },
+      initOverrides,
+    );
+
+    return new runtime.JSONApiResponse(response, (jsonValue) =>
+      DtoLabelResponseFromJSON(jsonValue),
+    );
+  }
+
+  /**
+   * Returns one label.
+   * Get label by ID (org scoped)
+   */
+  async getLabel(
+    requestParameters: GetLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<DtoLabelResponse> {
+    const response = await this.getLabelRaw(requestParameters, initOverrides);
+    return await response.value();
+  }
+
+  /**
+   * Returns node labels for the organization in X-Org-ID. Filters: `key`, `value`, and `q` (key contains). Add `include=node_pools` to include linked node groups.
+   * List node labels (org scoped)
+   */
+  async listLabelsRaw(
+    requestParameters: ListLabelsRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<runtime.ApiResponse<Array<DtoLabelResponse>>> {
+    const queryParameters: any = {};
+
+    if (requestParameters["key"] != null) {
+      queryParameters["key"] = requestParameters["key"];
+    }
+
+    if (requestParameters["value"] != null) {
+      queryParameters["value"] = requestParameters["value"];
+    }
+
+    if (requestParameters["q"] != null) {
+      queryParameters["q"] = requestParameters["q"];
+    }
+
+    const headerParameters: runtime.HTTPHeaders = {};
+
+    if (requestParameters["xOrgID"] != null) {
+      headerParameters["X-Org-ID"] = String(requestParameters["xOrgID"]);
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-KEY"] =
+        await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-SECRET"] =
+        await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["Authorization"] =
+        await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+    }
+
+    let urlPath = `/labels`;
+
+    const response = await this.request(
+      {
+        path: urlPath,
+        method: "GET",
+        headers: headerParameters,
+        query: queryParameters,
+      },
+      initOverrides,
+    );
+
+    return new runtime.JSONApiResponse(response, (jsonValue) =>
+      jsonValue.map(DtoLabelResponseFromJSON),
+    );
+  }
+
+  /**
+   * Returns node labels for the organization in X-Org-ID. Filters: `key`, `value`, and `q` (key contains). Add `include=node_pools` to include linked node groups.
+   * List node labels (org scoped)
+   */
+  async listLabels(
+    requestParameters: ListLabelsRequest = {},
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<Array<DtoLabelResponse>> {
+    const response = await this.listLabelsRaw(requestParameters, initOverrides);
+    return await response.value();
+  }
+
+  /**
+   * Partially update label fields.
+   * Update label (org scoped)
+   */
+  async updateLabelRaw(
+    requestParameters: UpdateLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<runtime.ApiResponse<DtoLabelResponse>> {
+    if (requestParameters["id"] == null) {
+      throw new runtime.RequiredError(
+        "id",
+        'Required parameter "id" was null or undefined when calling updateLabel().',
+      );
+    }
+
+    if (requestParameters["body"] == null) {
+      throw new runtime.RequiredError(
+        "body",
+        'Required parameter "body" was null or undefined when calling updateLabel().',
+      );
+    }
+
+    const queryParameters: any = {};
+
+    const headerParameters: runtime.HTTPHeaders = {};
+
+    headerParameters["Content-Type"] = "application/json";
+
+    if (requestParameters["xOrgID"] != null) {
+      headerParameters["X-Org-ID"] = String(requestParameters["xOrgID"]);
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-KEY"] =
+        await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["X-ORG-SECRET"] =
+        await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+    }
+
+    if (this.configuration && this.configuration.apiKey) {
+      headerParameters["Authorization"] =
+        await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+    }
+
+    let urlPath = `/labels/{id}`;
+    urlPath = urlPath.replace(
+      `{${"id"}}`,
+      encodeURIComponent(String(requestParameters["id"])),
+    );
+
+    const response = await this.request(
+      {
+        path: urlPath,
+        method: "PATCH",
+        headers: headerParameters,
+        query: queryParameters,
+        body: DtoUpdateLabelRequestToJSON(requestParameters["body"]),
+      },
+      initOverrides,
+    );
+
+    return new runtime.JSONApiResponse(response, (jsonValue) =>
+      DtoLabelResponseFromJSON(jsonValue),
+    );
+  }
+
+  /**
+   * Partially update label fields.
+   * Update label (org scoped)
+   */
+  async updateLabel(
+    requestParameters: UpdateLabelRequest,
+    initOverrides?: RequestInit | runtime.InitOverrideFunction,
+  ): Promise<DtoLabelResponse> {
+    const response = await this.updateLabelRaw(
+      requestParameters,
+      initOverrides,
+    );
+    return await response.value();
+  }
+}

sdk/ts/src/apis/index.ts

@@ -1,6 +1,7 @@
 /* tslint:disable */
 /* eslint-disable */
 export * from "./AuthApi";
+export * from "./LabelsApi";
 export * from "./MeApi";
 export * from "./MeAPIKeysApi";
 export * from "./OrgsApi";

sdk/ts/src/models/DtoCreateLabelRequest.ts

@@ -0,0 +1,80 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from "../runtime";
+/**
+ *
+ * @export
+ * @interface DtoCreateLabelRequest
+ */
+export interface DtoCreateLabelRequest {
+  /**
+   *
+   * @type {string}
+   * @memberof DtoCreateLabelRequest
+   */
+  key?: string;
+  /**
+   *
+   * @type {string}
+   * @memberof DtoCreateLabelRequest
+   */
+  value?: string;
+}
+
+/**
+ * Check if a given object implements the DtoCreateLabelRequest interface.
+ */
+export function instanceOfDtoCreateLabelRequest(
+  value: object,
+): value is DtoCreateLabelRequest {
+  return true;
+}
+
+export function DtoCreateLabelRequestFromJSON(
+  json: any,
+): DtoCreateLabelRequest {
+  return DtoCreateLabelRequestFromJSONTyped(json, false);
+}
+
+export function DtoCreateLabelRequestFromJSONTyped(
+  json: any,
+  ignoreDiscriminator: boolean,
+): DtoCreateLabelRequest {
+  if (json == null) {
+    return json;
+  }
+  return {
+    key: json["key"] == null ? undefined : json["key"],
+    value: json["value"] == null ? undefined : json["value"],
+  };
+}
+
+export function DtoCreateLabelRequestToJSON(json: any): DtoCreateLabelRequest {
+  return DtoCreateLabelRequestToJSONTyped(json, false);
+}
+
+export function DtoCreateLabelRequestToJSONTyped(
+  value?: DtoCreateLabelRequest | null,
+  ignoreDiscriminator: boolean = false,
+): any {
+  if (value == null) {
+    return value;
+  }
+
+  return {
+    key: value["key"],
+    value: value["value"],
+  };
+}

sdk/ts/src/models/DtoLabelResponse.ts

@@ -0,0 +1,86 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from "../runtime";
+/**
+ *
+ * @export
+ * @interface DtoLabelResponse
+ */
+export interface DtoLabelResponse {
+  /**
+   *
+   * @type {string}
+   * @memberof DtoLabelResponse
+   */
+  id?: string;
+  /**
+   *
+   * @type {string}
+   * @memberof DtoLabelResponse
+   */
+  key?: string;
+  /**
+   *
+   * @type {string}
+   * @memberof DtoLabelResponse
+   */
+  value?: string;
+}
+
+/**
+ * Check if a given object implements the DtoLabelResponse interface.
+ */
+export function instanceOfDtoLabelResponse(
+  value: object,
+): value is DtoLabelResponse {
+  return true;
+}
+
+export function DtoLabelResponseFromJSON(json: any): DtoLabelResponse {
+  return DtoLabelResponseFromJSONTyped(json, false);
+}
+
+export function DtoLabelResponseFromJSONTyped(
+  json: any,
+  ignoreDiscriminator: boolean,
+): DtoLabelResponse {
+  if (json == null) {
+    return json;
+  }
+  return {
+    id: json["id"] == null ? undefined : json["id"],
+    key: json["key"] == null ? undefined : json["key"],
+    value: json["value"] == null ? undefined : json["value"],
+  };
+}
+
+export function DtoLabelResponseToJSON(json: any): DtoLabelResponse {
+  return DtoLabelResponseToJSONTyped(json, false);
+}
+
+export function DtoLabelResponseToJSONTyped(
+  value?: DtoLabelResponse | null,
+  ignoreDiscriminator: boolean = false,
+): any {
+  if (value == null) {
+    return value;
+  }
+
+  return {
+    id: value["id"],
+    key: value["key"],
+    value: value["value"],
+  };
+}

sdk/ts/src/models/DtoUpdateLabelRequest.ts

@@ -0,0 +1,80 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from "../runtime";
+/**
+ *
+ * @export
+ * @interface DtoUpdateLabelRequest
+ */
+export interface DtoUpdateLabelRequest {
+  /**
+   *
+   * @type {string}
+   * @memberof DtoUpdateLabelRequest
+   */
+  key?: string;
+  /**
+   *
+   * @type {string}
+   * @memberof DtoUpdateLabelRequest
+   */
+  value?: string;
+}
+
+/**
+ * Check if a given object implements the DtoUpdateLabelRequest interface.
+ */
+export function instanceOfDtoUpdateLabelRequest(
+  value: object,
+): value is DtoUpdateLabelRequest {
+  return true;
+}
+
+export function DtoUpdateLabelRequestFromJSON(
+  json: any,
+): DtoUpdateLabelRequest {
+  return DtoUpdateLabelRequestFromJSONTyped(json, false);
+}
+
+export function DtoUpdateLabelRequestFromJSONTyped(
+  json: any,
+  ignoreDiscriminator: boolean,
+): DtoUpdateLabelRequest {
+  if (json == null) {
+    return json;
+  }
+  return {
+    key: json["key"] == null ? undefined : json["key"],
+    value: json["value"] == null ? undefined : json["value"],
+  };
+}
+
+export function DtoUpdateLabelRequestToJSON(json: any): DtoUpdateLabelRequest {
+  return DtoUpdateLabelRequestToJSONTyped(json, false);
+}
+
+export function DtoUpdateLabelRequestToJSONTyped(
+  value?: DtoUpdateLabelRequest | null,
+  ignoreDiscriminator: boolean = false,
+): any {
+  if (value == null) {
+    return value;
+  }
+
+  return {
+    key: value["key"],
+    value: value["value"],
+  };
+}

sdk/ts/src/models/index.ts

@@ -1,11 +1,13 @@
 /* tslint:disable */
 /* eslint-disable */
 export * from "./DtoAuthStartResponse";
+export * from "./DtoCreateLabelRequest";
 export * from "./DtoCreateSSHRequest";
 export * from "./DtoCreateServerRequest";
 export * from "./DtoCreateTaintRequest";
 export * from "./DtoJWK";
 export * from "./DtoJWKS";
+export * from "./DtoLabelResponse";
 export * from "./DtoLogoutRequest";
 export * from "./DtoRefreshRequest";
 export * from "./DtoServerResponse";
@@ -13,6 +15,7 @@ export * from "./DtoSshResponse";
 export * from "./DtoSshRevealResponse";
 export * from "./DtoTaintResponse";
 export * from "./DtoTokenPair";
+export * from "./DtoUpdateLabelRequest";
 export * from "./DtoUpdateServerRequest";
 export * from "./DtoUpdateTaintRequest";
 export * from "./HandlersCreateUserKeyRequest";

terraform-provider-autoglue/internal/provider/datasource_server.go

@@ -0,0 +1,149 @@
+package provider
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	dschema "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var _ datasource.DataSource = &ServersDataSource{}
+var _ datasource.DataSourceWithConfigure = &ServersDataSource{}
+
+type ServersDataSource struct{ client *Client }
+
+func NewServersDataSource() datasource.DataSource { return &ServersDataSource{} }
+
+type serversDSModel struct {
+	Status types.String `tfsdk:"status"` // pending|provisioning|ready|failed
+	Role   types.String `tfsdk:"role"`
+	Items  []serverItem `tfsdk:"items"`
+}
+
+type serverItem struct {
+	// IDs & timestamps
+	ID             types.String `tfsdk:"id"`
+	OrganizationID types.String `tfsdk:"organization_id"`
+	CreatedAt      types.String `tfsdk:"created_at"`
+	UpdatedAt      types.String `tfsdk:"updated_at"`
+
+	// Desired/actual fields (DTO)
+	Hostname         types.String `tfsdk:"hostname"`
+	PrivateIPAddress types.String `tfsdk:"private_ip_address"`
+	PublicIPAddress  types.String `tfsdk:"public_ip_address"`
+	Role             types.String `tfsdk:"role"`
+	SSHKeyID         types.String `tfsdk:"ssh_key_id"`
+	SSHUser          types.String `tfsdk:"ssh_user"`
+	Status           types.String `tfsdk:"status"`
+
+	// Raw JSON payload from API for debugging
+	Raw types.String `tfsdk:"raw"`
+}
+
+func (d *ServersDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_servers"
+}
+
+func (d *ServersDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = dschema.Schema{
+		Description: "List servers for the organization (org-scoped).",
+		Attributes: map[string]dschema.Attribute{
+			"status": dschema.StringAttribute{
+				Optional:    true,
+				Description: "Filter by status (pending|provisioning|ready|failed).",
+				Validators: []validator.String{
+					stringvalidator.OneOf("pending", "provisioning", "ready", "failed"),
+				},
+			},
+			"role": dschema.StringAttribute{
+				Optional:    true,
+				Description: "Filter by role.",
+			},
+			"items": dschema.ListNestedAttribute{
+				Computed:    true,
+				Description: "Servers returned by the API.",
+				NestedObject: dschema.NestedAttributeObject{
+					Attributes: map[string]dschema.Attribute{
+						"id":                 dschema.StringAttribute{Computed: true, Description: "Server ID (UUID)."},
+						"organization_id":    dschema.StringAttribute{Computed: true},
+						"hostname":           dschema.StringAttribute{Computed: true},
+						"private_ip_address": dschema.StringAttribute{Computed: true},
+						"public_ip_address":  dschema.StringAttribute{Computed: true},
+						"role":               dschema.StringAttribute{Computed: true},
+						"ssh_key_id":         dschema.StringAttribute{Computed: true},
+						"ssh_user":           dschema.StringAttribute{Computed: true},
+						"status":             dschema.StringAttribute{Computed: true},
+						"created_at":         dschema.StringAttribute{Computed: true, Description: "RFC3339, UTC."},
+						"updated_at":         dschema.StringAttribute{Computed: true, Description: "RFC3339, UTC."},
+						"raw":                dschema.StringAttribute{Computed: true, Description: "Full JSON for the item."},
+					},
+				},
+			},
+		},
+	}
+}
+
+func (d *ServersDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+	d.client = req.ProviderData.(*Client)
+}
+
+func (d *ServersDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	if d.client == nil || d.client.SDK == nil {
+		resp.Diagnostics.AddError("Client not configured", "Provider configuration missing")
+		return
+	}
+
+	var conf serversDSModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &conf)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	call := d.client.SDK.ServersAPI.ListServers(ctx)
+	if !conf.Status.IsNull() && !conf.Status.IsUnknown() {
+		call = call.Status(conf.Status.ValueString())
+	}
+	if !conf.Role.IsNull() && !conf.Role.IsUnknown() {
+		call = call.Role(conf.Role.ValueString())
+	}
+
+	items, httpResp, err := call.Execute()
+	if err != nil {
+		resp.Diagnostics.AddError("List servers failed", fmt.Sprintf("%v", httpErr(err, httpResp)))
+		return
+	}
+
+	out := serversDSModel{
+		Status: conf.Status,
+		Role:   conf.Role,
+		Items:  make([]serverItem, 0, len(items)),
+	}
+
+	for _, s := range items {
+		raw, _ := json.Marshal(s)
+		out.Items = append(out.Items, serverItem{
+			ID:               types.StringPointerValue(s.Id),
+			OrganizationID:   types.StringPointerValue(s.OrganizationId),
+			Hostname:         types.StringPointerValue(s.Hostname),
+			PrivateIPAddress: types.StringPointerValue(s.PrivateIpAddress),
+			PublicIPAddress:  types.StringPointerValue(s.PublicIpAddress),
+			Role:             types.StringPointerValue(s.Role),
+			SSHKeyID:         types.StringPointerValue(s.SshKeyId),
+			SSHUser:          types.StringPointerValue(s.SshUser),
+			Status:           types.StringPointerValue(s.Status),
+			CreatedAt:        types.StringPointerValue(s.CreatedAt),
+			UpdatedAt:        types.StringPointerValue(s.UpdatedAt),
+			Raw:              types.StringValue(string(raw)),
+		})
+	}
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &out)...)
+}

terraform-provider-autoglue/internal/provider/provider.go

@@ -48,11 +48,13 @@ func (p *AutoglueProvider) Configure(ctx context.Context, req provider.Configure
 func (p *AutoglueProvider) DataSources(_ context.Context) []func() datasource.DataSource {
 	return []func() datasource.DataSource{
 		NewSshDataSource,
+		NewServersDataSource,
 	}
 }
 
 func (p *AutoglueProvider) Resources(_ context.Context) []func() resource.Resource {
 	return []func() resource.Resource{
 		NewSshResource,
+		NewServerResource,
 	}
 }

terraform-provider-autoglue/internal/provider/resource_server.go

@@ -0,0 +1,382 @@
+package provider
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/glueops/autoglue-sdk"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	rschema "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var _ resource.Resource = &ServerResource{}
+var _ resource.ResourceWithConfigure = &ServerResource{}
+var _ resource.ResourceWithImportState = &ServerResource{}
+
+type ServerResource struct{ client *Client }
+
+func NewServerResource() resource.Resource { return &ServerResource{} }
+
+type serverResModel struct {
+	// Identity
+	ID             types.String `tfsdk:"id"`
+	OrganizationID types.String `tfsdk:"organization_id"`
+	CreatedAt      types.String `tfsdk:"created_at"`
+	UpdatedAt      types.String `tfsdk:"updated_at"`
+
+	// DTO fields
+	Hostname         types.String `tfsdk:"hostname"`
+	PrivateIPAddress types.String `tfsdk:"private_ip_address"`
+	PublicIPAddress  types.String `tfsdk:"public_ip_address"`
+	Role             types.String `tfsdk:"role"`
+	SSHKeyID         types.String `tfsdk:"ssh_key_id"`
+	SSHUser          types.String `tfsdk:"ssh_user"`
+	Status           types.String `tfsdk:"status"`
+
+	// Raw JSON for debugging
+	Raw types.String `tfsdk:"raw"`
+}
+
+func (r *ServerResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_server"
+}
+
+var uuidRx = regexp.MustCompile(`^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$`)
+
+func (r *ServerResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = rschema.Schema{
+		Description: "Create and manage a server (org-scoped). Mirrors API validation for role/status/ssh_key_id.",
+		Attributes: map[string]rschema.Attribute{
+			"id": rschema.StringAttribute{
+				Computed:    true,
+				Description: "Server ID (UUID).",
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
+			},
+			"organization_id": rschema.StringAttribute{Computed: true},
+			"created_at":      rschema.StringAttribute{Computed: true},
+			"updated_at":      rschema.StringAttribute{Computed: true},
+
+			"hostname": rschema.StringAttribute{
+				Required:    true,
+				Description: "Hostname.",
+			},
+			"private_ip_address": rschema.StringAttribute{
+				Required:    true, // API requires on create
+				Description: "Private IP address (required).",
+			},
+			"public_ip_address": rschema.StringAttribute{
+				Optional:    true, // required only if role=bastion
+				Description: "Public IP address (required when role = bastion).",
+			},
+			"role": rschema.StringAttribute{
+				Required:    true, // API requires on create
+				Description: "Server role (e.g., agent/manager/bastion). Lowercased by the provider.",
+			},
+			"ssh_key_id": rschema.StringAttribute{
+				Required:    true, // API requires on create
+				Description: "SSH key ID (UUID) that belongs to the org.",
+				Validators: []validator.String{
+					stringvalidator.RegexMatches(uuidRx, "must be a valid UUID"),
+				},
+			},
+			"ssh_user": rschema.StringAttribute{
+				Required:    true, // API requires on create
+				Description: "SSH username (required).",
+			},
+			"status": rschema.StringAttribute{
+				Optional:    true, // patchable; if omitted, server sets/returns it
+				Computed:    true,
+				Description: "Status (pending|provisioning|ready|failed). Lowercased by the provider.",
+				Validators: []validator.String{
+					stringvalidator.OneOf("", "pending", "provisioning", "ready", "failed"),
+				},
+			},
+			"raw": rschema.StringAttribute{
+				Computed:    true,
+				Description: "Full server JSON from API.",
+			},
+		},
+	}
+}
+
+func (r *ServerResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+	r.client = req.ProviderData.(*Client)
+}
+
+func (r *ServerResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	if r.client == nil || r.client.SDK == nil {
+		resp.Diagnostics.AddError("Client not configured", "Provider configuration missing")
+		return
+	}
+
+	var plan serverResModel
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Normalize + validate against backend rules
+	role := strings.ToLower(strings.TrimSpace(plan.Role.ValueString()))
+	status := strings.ToLower(strings.TrimSpace(plan.Status.ValueString()))
+	pub := strings.TrimSpace(plan.PublicIPAddress.ValueString())
+
+	if role == "bastion" && pub == "" {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("public_ip_address"),
+			"Public IP required for bastion",
+			"public_ip_address must be set when role is 'bastion'.",
+		)
+		return
+	}
+
+	body := autoglue.DtoCreateServerRequest{
+		Hostname:         stringPtrFromAttr(plan.Hostname),
+		PrivateIpAddress: stringPtrFromAttr(plan.PrivateIPAddress),
+		PublicIpAddress:  nil,
+		Role:             &role,
+		SshKeyId:         stringPtrFromAttr(plan.SSHKeyID),
+		SshUser:          stringPtrFromAttr(plan.SSHUser),
+	}
+	if pub != "" {
+		body.PublicIpAddress = &pub
+	}
+	if status != "" {
+		body.Status = &status // validator already checked allowed values
+	}
+
+	created, httpResp, err := r.client.SDK.
+		ServersAPI.
+		CreateServer(ctx).
+		Body(body).
+		Execute()
+	if err != nil {
+		resp.Diagnostics.AddError("Create server failed", fmt.Sprintf("%v", httpErr(err, httpResp)))
+		return
+	}
+
+	var state serverResModel
+	r.mapRespToState(created, &state)
+	raw, _ := json.Marshal(created)
+	state.Raw = types.StringValue(string(raw))
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+}
+
+func (r *ServerResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	if r.client == nil || r.client.SDK == nil {
+		resp.Diagnostics.AddError("Client not configured", "Provider configuration missing")
+		return
+	}
+
+	var state serverResModel
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	got, httpResp, err := r.client.SDK.
+		ServersAPI.
+		GetServer(ctx, state.ID.ValueString()).
+		Execute()
+	if err != nil {
+		if isNotFound(httpResp) {
+			resp.State.RemoveResource(ctx)
+			return
+		}
+		resp.Diagnostics.AddError("Read server failed", fmt.Sprintf("%v", httpErr(err, httpResp)))
+		return
+	}
+
+	r.mapRespToState(got, &state)
+	raw, _ := json.Marshal(got)
+	state.Raw = types.StringValue(string(raw))
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+}
+
+func (r *ServerResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	if r.client == nil || r.client.SDK == nil {
+		resp.Diagnostics.AddError("Client not configured", "Provider configuration missing")
+		return
+	}
+
+	var plan, state serverResModel
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	patch := autoglue.DtoUpdateServerRequest{}
+
+	// helpers to set changed fields
+	setIfChanged := func(p types.String, s types.String, setter func(string)) {
+		if p.IsUnknown() || p.IsNull() {
+			return
+		}
+		if s.IsNull() || s.IsUnknown() || p.ValueString() != s.ValueString() {
+			setter(p.ValueString())
+		}
+	}
+
+	setIfChanged(plan.Hostname, state.Hostname, func(v string) { patch.Hostname = strPtr(v) })
+	setIfChanged(plan.PrivateIPAddress, state.PrivateIPAddress, func(v string) { patch.PrivateIpAddress = strPtr(v) })
+	setIfChanged(plan.PublicIPAddress, state.PublicIPAddress, func(v string) { patch.PublicIpAddress = strPtr(strings.TrimSpace(v)) })
+	setIfChanged(plan.SSHUser, state.SSHUser, func(v string) { patch.SshUser = strPtr(v) })
+
+	// Normalize role/status and enforce rules
+	if !plan.Role.IsNull() && !plan.Role.IsUnknown() {
+		role := strings.ToLower(strings.TrimSpace(plan.Role.ValueString()))
+		if state.Role.IsNull() || state.Role.IsUnknown() || role != strings.ToLower(state.Role.ValueString()) {
+			patch.Role = &role
+		}
+	}
+	if !plan.Status.IsNull() && !plan.Status.IsUnknown() {
+		status := strings.ToLower(strings.TrimSpace(plan.Status.ValueString()))
+		patch.Status = &status
+	}
+
+	// ssh_key_id: validate UUID via regex at runtime too (gives precise attribute error)
+	if !plan.SSHKeyID.IsNull() && !plan.SSHKeyID.IsUnknown() {
+		if !uuidRx.MatchString(plan.SSHKeyID.ValueString()) {
+			resp.Diagnostics.AddAttributeError(
+				path.Root("ssh_key_id"),
+				"Invalid ssh_key_id",
+				"ssh_key_id must be a valid UUID.",
+			)
+			return
+		}
+		if state.SSHKeyID.IsNull() || state.SSHKeyID.IsUnknown() || plan.SSHKeyID.ValueString() != state.SSHKeyID.ValueString() {
+			patch.SshKeyId = strPtr(plan.SSHKeyID.ValueString())
+		}
+	}
+
+	// Bastion rule: if resulting role == "bastion" ensure resulting public IP is non-empty
+	resultRole := firstNonEmptyLower(plan.Role, state.Role)
+	resultPub := firstNonEmptyTrim(plan.PublicIPAddress, state.PublicIPAddress)
+	if resultRole == "bastion" && resultPub == "" {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("public_ip_address"),
+			"Public IP required for bastion",
+			"public_ip_address must be set when role is 'bastion'.",
+		)
+		return
+	}
+
+	if isEmptyUpdateServerRequest(patch) {
+		// Nothing to do; persist state unchanged.
+		resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+		return
+	}
+
+	updated, httpResp, err := r.client.SDK.
+		ServersAPI.
+		UpdateServer(ctx, state.ID.ValueString()).
+		Body(patch).
+		Execute()
+	if err != nil {
+		resp.Diagnostics.AddError("Update server failed", fmt.Sprintf("%v", httpErr(err, httpResp)))
+		return
+	}
+
+	r.mapRespToState(updated, &state)
+	raw, _ := json.Marshal(updated)
+	state.Raw = types.StringValue(string(raw))
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+}
+
+func (r *ServerResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	if r.client == nil || r.client.SDK == nil {
+		resp.Diagnostics.AddError("Client not configured", "Provider configuration missing")
+		return
+	}
+
+	var state serverResModel
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	_, httpResp, err := r.client.SDK.
+		ServersAPI.
+		DeleteServer(ctx, state.ID.ValueString()).
+		Execute()
+	if err != nil && !isNotFound(httpResp) {
+		resp.Diagnostics.AddError("Delete server failed", fmt.Sprintf("%v", httpErr(err, httpResp)))
+	}
+}
+
+func (r *ServerResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("id"), req.ID)...)
+}
+
+// --- helpers ---
+
+func (r *ServerResource) mapRespToState(s *autoglue.DtoServerResponse, out *serverResModel) {
+	out.ID = types.StringPointerValue(s.Id)
+	out.OrganizationID = types.StringPointerValue(s.OrganizationId)
+	out.Hostname = types.StringPointerValue(s.Hostname)
+	out.PrivateIPAddress = types.StringPointerValue(s.PrivateIpAddress)
+	out.PublicIPAddress = types.StringPointerValue(s.PublicIpAddress)
+	out.Role = types.StringPointerValue(s.Role)
+	out.SSHKeyID = types.StringPointerValue(s.SshKeyId)
+	out.SSHUser = types.StringPointerValue(s.SshUser)
+	out.Status = types.StringPointerValue(s.Status)
+	out.CreatedAt = types.StringPointerValue(s.CreatedAt)
+	out.UpdatedAt = types.StringPointerValue(s.UpdatedAt)
+}
+
+func stringPtrFromAttr(a types.String) *string {
+	if a.IsNull() || a.IsUnknown() {
+		return nil
+	}
+	v := a.ValueString()
+	return &v
+}
+
+func strPtr(v string) *string { return &v }
+
+func isEmptyUpdateServerRequest(u autoglue.DtoUpdateServerRequest) bool {
+	return u.Hostname == nil &&
+		u.PrivateIpAddress == nil &&
+		u.PublicIpAddress == nil &&
+		u.Role == nil &&
+		u.SshKeyId == nil &&
+		u.SshUser == nil &&
+		u.Status == nil
+}
+
+func firstNonEmptyLower(a, b types.String) string {
+	if !a.IsNull() && !a.IsUnknown() && strings.TrimSpace(a.ValueString()) != "" {
+		return strings.ToLower(strings.TrimSpace(a.ValueString()))
+	}
+	if !b.IsNull() && !b.IsUnknown() {
+		return strings.ToLower(strings.TrimSpace(b.ValueString()))
+	}
+	return ""
+}
+
+func firstNonEmptyTrim(a, b types.String) string {
+	if !a.IsNull() && !a.IsUnknown() && strings.TrimSpace(a.ValueString()) != "" {
+		return strings.TrimSpace(a.ValueString())
+	}
+	if !b.IsNull() && !b.IsUnknown() {
+		return strings.TrimSpace(b.ValueString())
+	}
+	return ""
+}

terraform/envs/dev/.terraform.lock.hcl

@@ -5,7 +5,7 @@ provider "glueops/autoglue/autoglue" {
   version     = "0.0.1"
   constraints = "0.0.1"
   hashes = [
-    "h1:XW1zYWB6NTuE7jgJwWAkZeBBhL3Me36KE4Puy6lN6+o=",
+    "h1:K5xMCf5zxZVCurwzkSEAaMv70dzBlVU8VN/q72sNyD0=",
   ]
 }
 

terraform/envs/dev/.terraform/modules/modules.json

@@ -1 +1 @@
-{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"ssh","Source":"../../modules/ssh-key","Dir":"../../modules/ssh-key"}]}
+{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"servers","Source":"../../modules/servers","Dir":"../../modules/servers"},{"Key":"ssh","Source":"../../modules/ssh-key","Dir":"../../modules/ssh-key"}]}

terraform/envs/dev/main.tf

@@ -27,3 +27,47 @@ output "ssh_public_keys" {
 output "ssh_written_files" {
   value = { for k, m in module.ssh : k => m.written_files }
 }
+
+module "servers" {
+  source = "../../modules/servers"
+  # Wire the SSH key IDs so servers can reference them by name
+  ssh_key_ids = { for k, m in module.ssh : k => m.id }
+
+  servers = {
+    bastion = {
+      hostname           = "bastion-01"
+      private_ip_address = "10.0.0.10"
+      public_ip_address = "54.12.34.56" # required for role=bastion
+      role               = "bastion"
+      ssh_user           = "ubuntu"
+      ssh_key_ref = "bastionKey"  # points to module.ssh["bastionKey"].id
+      status             = "pending"
+    }
+
+    manager1 = {
+      hostname           = "k3s-mgr-01"
+      private_ip_address = "10.0.1.11"
+      role               = "manager"
+      ssh_user           = "ubuntu"
+      ssh_key_ref        = "clusterKey"
+      status             = "pending"
+    }
+
+    agent1 = {
+      hostname           = "k3s-agent-01"
+      private_ip_address = "10.0.2.21"
+      role               = "agent"
+      ssh_user           = "ubuntu"
+      ssh_key_ref        = "clusterKey"
+      status             = "pending"
+    }
+  }
+}
+
+output "server_ids" {
+  value = module.servers.ids
+}
+
+output "server_statuses" {
+  value = module.servers.statuses
+}

terraform/envs/dev/terraform.tfvars

@@ -2,22 +2,22 @@ org_key = "org_lnJwmyyWH7JC-JgZo5v3Kw"
 org_secret = "fqd9yebGMfK6h5HSgWn4sXrwr9xlFbvbIYtNylRElMQ"
 
 ssh_keys = {
-  key1 = {
+  bastionKey = {
-    name            = "CI deploy key 1"
+    name            = "Bastion Key"
-    comment         = "deploy1@autoglue"
+    comment         = "deploy@autoglue"
     type            = "rsa"
     bits            = 4096
     enable_download = true
     download_part   = "both"
-    download_dir    = "out/key1"
+    download_dir    = "out/bastionKey"
   }
-  key2 = {
+  clusterKey = {
-    name    = "CI deploy key 2"
+    name    = "Cluster Key"
-    comment = "deploy2@autoglue"
+    comment = "bastion@autoglue"
     type    = "ed25519"           # bits ignored
     enable_download = true
     download_part   = "both"
-    download_dir    = "out/key2"
+    download_dir    = "out/clusterKey"
   }
 }
 

terraform/modules/servers/main.tf

@@ -0,0 +1,39 @@
+locals {
+  # Resolve the SSH key ID for each server:
+  # Prefer explicit ssh_key_id, otherwise look up by ssh_key_ref in var.ssh_key_ids.
+  resolved_ssh_key_ids = {
+    for name, spec in var.servers :
+    name => coalesce(
+      try(spec.ssh_key_id, null),
+      try(var.ssh_key_ids[spec.ssh_key_ref], null)
+    )
+  }
+}
+
+resource "autoglue_server" "this" {
+  for_each = var.servers
+
+  hostname           = try(each.value.hostname, null)
+  private_ip_address = each.value.private_ip_address
+  public_ip_address  = try(each.value.public_ip_address, null)
+  role               = lower(each.value.role)
+  ssh_user           = each.value.ssh_user
+  ssh_key_id         = local.resolved_ssh_key_ids[each.key]
+  status             = try(each.value.status, null)
+
+  # Client-side guards to match your API rules
+  lifecycle {
+    precondition {
+      condition     = local.resolved_ssh_key_ids[each.key] != null && local.resolved_ssh_key_ids[each.key] != ""
+      error_message = "Provide either ssh_key_id or ssh_key_ref (and pass ssh_key_ids to the module)."
+    }
+    precondition {
+      condition     = lower(each.value.role) != "bastion" ? true : (try(each.value.public_ip_address, "") != "")
+      error_message = "public_ip_address is required when role == \"bastion\"."
+    }
+    precondition {
+      condition     = try(each.value.status, "") == "" || contains(["pending", "provisioning", "ready", "failed"], lower(each.value.status))
+      error_message = "status must be one of: pending, provisioning, ready, failed (or omitted)."
+    }
+  }
+}

terraform/modules/servers/outputs.tf

@@ -0,0 +1,28 @@
+output "ids" {
+  description = "Map of server IDs by key."
+  value       = { for k, r in autoglue_server.this : k => r.id }
+}
+
+output "statuses" {
+  description = "Map of server statuses by key."
+  value       = { for k, r in autoglue_server.this : k => r.status }
+}
+
+output "details" {
+  description = "Selected attributes for convenience."
+  value = {
+    for k, r in autoglue_server.this : k => {
+      id                  = r.id
+      organization_id     = r.organization_id
+      hostname            = r.hostname
+      private_ip_address  = r.private_ip_address
+      public_ip_address   = r.public_ip_address
+      role                = r.role
+      ssh_user            = r.ssh_user
+      ssh_key_id          = r.ssh_key_id
+      status              = r.status
+      created_at          = r.created_at
+      updated_at          = r.updated_at
+    }
+  }
+}

terraform/modules/servers/variables.tf

@@ -0,0 +1,34 @@
+variable "servers" {
+  description = <<-EOT
+    Map of servers to create. Example shape:
+    {
+      bastion = {
+        hostname           = "bastion-01"
+        private_ip_address = "10.0.0.10"
+        public_ip_address  = "54.12.34.56" # required when role = "bastion"
+        role               = "bastion"
+        ssh_user           = "ubuntu"
+        ssh_key_ref        = "bastionKey"  # OR set ssh_key_id instead
+        # ssh_key_id       = "uuid-string"
+        # status           = "pending|provisioning|ready|failed"
+      }
+    }
+  EOT
+  type = map(object({
+    hostname           = optional(string)
+    private_ip_address = string
+    public_ip_address  = optional(string)
+    role               = string
+    ssh_user           = string
+    ssh_key_ref        = optional(string) # name to look up in var.ssh_key_ids
+    ssh_key_id         = optional(string) # direct UUID (overrides ssh_key_ref if set)
+    status             = optional(string) # pending|provisioning|ready|failed
+  }))
+  default = {}
+}
+
+variable "ssh_key_ids" {
+  description = "Map of SSH key IDs you can reference via servers[*].ssh_key_ref."
+  type        = map(string)
+  default     = {}
+}

terraform/modules/servers/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    autoglue = {
+      source = "glueops/autoglue/autoglue"
+    }
+  }
+}

ui/src/sdk/.openapi-generator/FILES

@@ -4,11 +4,13 @@
 README.md
 docs/AuthApi.md
 docs/DtoAuthStartResponse.md
+docs/DtoCreateLabelRequest.md
 docs/DtoCreateSSHRequest.md
 docs/DtoCreateServerRequest.md
 docs/DtoCreateTaintRequest.md
 docs/DtoJWK.md
 docs/DtoJWKS.md
+docs/DtoLabelResponse.md
 docs/DtoLogoutRequest.md
 docs/DtoRefreshRequest.md
 docs/DtoServerResponse.md
@@ -16,6 +18,7 @@ docs/DtoSshResponse.md
 docs/DtoSshRevealResponse.md
 docs/DtoTaintResponse.md
 docs/DtoTokenPair.md
+docs/DtoUpdateLabelRequest.md
 docs/DtoUpdateServerRequest.md
 docs/DtoUpdateTaintRequest.md
 docs/HandlersCreateUserKeyRequest.md
@@ -28,6 +31,7 @@ docs/HandlersOrgKeyCreateResp.md
 docs/HandlersOrgUpdateReq.md
 docs/HandlersUpdateMeRequest.md
 docs/HandlersUserAPIKeyOut.md
+docs/LabelsApi.md
 docs/MeAPIKeysApi.md
 docs/MeApi.md
 docs/ModelsAPIKey.md
@@ -41,6 +45,7 @@ docs/TaintsApi.md
 docs/UtilsErrorResponse.md
 package.json
 src/apis/AuthApi.ts
+src/apis/LabelsApi.ts
 src/apis/MeAPIKeysApi.ts
 src/apis/MeApi.ts
 src/apis/OrgsApi.ts
@@ -50,11 +55,13 @@ src/apis/TaintsApi.ts
 src/apis/index.ts
 src/index.ts
 src/models/DtoAuthStartResponse.ts
+src/models/DtoCreateLabelRequest.ts
 src/models/DtoCreateSSHRequest.ts
 src/models/DtoCreateServerRequest.ts
 src/models/DtoCreateTaintRequest.ts
 src/models/DtoJWK.ts
 src/models/DtoJWKS.ts
+src/models/DtoLabelResponse.ts
 src/models/DtoLogoutRequest.ts
 src/models/DtoRefreshRequest.ts
 src/models/DtoServerResponse.ts
@@ -62,6 +69,7 @@ src/models/DtoSshResponse.ts
 src/models/DtoSshRevealResponse.ts
 src/models/DtoTaintResponse.ts
 src/models/DtoTokenPair.ts
+src/models/DtoUpdateLabelRequest.ts
 src/models/DtoUpdateServerRequest.ts
 src/models/DtoUpdateTaintRequest.ts
 src/models/HandlersCreateUserKeyRequest.ts

ui/src/sdk/apis/LabelsApi.ts

@@ -0,0 +1,359 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+
+import * as runtime from '../runtime';
+import type {
+  DtoCreateLabelRequest,
+  DtoLabelResponse,
+  DtoUpdateLabelRequest,
+} from '../models/index';
+import {
+    DtoCreateLabelRequestFromJSON,
+    DtoCreateLabelRequestToJSON,
+    DtoLabelResponseFromJSON,
+    DtoLabelResponseToJSON,
+    DtoUpdateLabelRequestFromJSON,
+    DtoUpdateLabelRequestToJSON,
+} from '../models/index';
+
+export interface CreateLabelRequest {
+    body: DtoCreateLabelRequest;
+    xOrgID?: string;
+}
+
+export interface DeleteLabelRequest {
+    id: string;
+    xOrgID?: string;
+}
+
+export interface GetLabelRequest {
+    id: string;
+    xOrgID?: string;
+}
+
+export interface ListLabelsRequest {
+    xOrgID?: string;
+    key?: string;
+    value?: string;
+    q?: string;
+}
+
+export interface UpdateLabelRequest {
+    id: string;
+    body: DtoUpdateLabelRequest;
+    xOrgID?: string;
+}
+
+/**
+ * 
+ */
+export class LabelsApi extends runtime.BaseAPI {
+
+    /**
+     * Creates a label.
+     * Create label (org scoped)
+     */
+    async createLabelRaw(requestParameters: CreateLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<DtoLabelResponse>> {
+        if (requestParameters['body'] == null) {
+            throw new runtime.RequiredError(
+                'body',
+                'Required parameter "body" was null or undefined when calling createLabel().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (requestParameters['xOrgID'] != null) {
+            headerParameters['X-Org-ID'] = String(requestParameters['xOrgID']);
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-KEY"] = await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-SECRET"] = await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/labels`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: DtoCreateLabelRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => DtoLabelResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Creates a label.
+     * Create label (org scoped)
+     */
+    async createLabel(requestParameters: CreateLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<DtoLabelResponse> {
+        const response = await this.createLabelRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Permanently deletes the label.
+     * Delete label (org scoped)
+     */
+    async deleteLabelRaw(requestParameters: DeleteLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<string>> {
+        if (requestParameters['id'] == null) {
+            throw new runtime.RequiredError(
+                'id',
+                'Required parameter "id" was null or undefined when calling deleteLabel().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (requestParameters['xOrgID'] != null) {
+            headerParameters['X-Org-ID'] = String(requestParameters['xOrgID']);
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-KEY"] = await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-SECRET"] = await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/labels/{id}`;
+        urlPath = urlPath.replace(`{${"id"}}`, encodeURIComponent(String(requestParameters['id'])));
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'DELETE',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        if (this.isJsonMime(response.headers.get('content-type'))) {
+            return new runtime.JSONApiResponse<string>(response);
+        } else {
+            return new runtime.TextApiResponse(response) as any;
+        }
+    }
+
+    /**
+     * Permanently deletes the label.
+     * Delete label (org scoped)
+     */
+    async deleteLabel(requestParameters: DeleteLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<string> {
+        const response = await this.deleteLabelRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Returns one label.
+     * Get label by ID (org scoped)
+     */
+    async getLabelRaw(requestParameters: GetLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<DtoLabelResponse>> {
+        if (requestParameters['id'] == null) {
+            throw new runtime.RequiredError(
+                'id',
+                'Required parameter "id" was null or undefined when calling getLabel().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (requestParameters['xOrgID'] != null) {
+            headerParameters['X-Org-ID'] = String(requestParameters['xOrgID']);
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-KEY"] = await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-SECRET"] = await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/labels/{id}`;
+        urlPath = urlPath.replace(`{${"id"}}`, encodeURIComponent(String(requestParameters['id'])));
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => DtoLabelResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Returns one label.
+     * Get label by ID (org scoped)
+     */
+    async getLabel(requestParameters: GetLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<DtoLabelResponse> {
+        const response = await this.getLabelRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Returns node labels for the organization in X-Org-ID. Filters: `key`, `value`, and `q` (key contains). Add `include=node_pools` to include linked node groups.
+     * List node labels (org scoped)
+     */
+    async listLabelsRaw(requestParameters: ListLabelsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Array<DtoLabelResponse>>> {
+        const queryParameters: any = {};
+
+        if (requestParameters['key'] != null) {
+            queryParameters['key'] = requestParameters['key'];
+        }
+
+        if (requestParameters['value'] != null) {
+            queryParameters['value'] = requestParameters['value'];
+        }
+
+        if (requestParameters['q'] != null) {
+            queryParameters['q'] = requestParameters['q'];
+        }
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (requestParameters['xOrgID'] != null) {
+            headerParameters['X-Org-ID'] = String(requestParameters['xOrgID']);
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-KEY"] = await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-SECRET"] = await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/labels`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => jsonValue.map(DtoLabelResponseFromJSON));
+    }
+
+    /**
+     * Returns node labels for the organization in X-Org-ID. Filters: `key`, `value`, and `q` (key contains). Add `include=node_pools` to include linked node groups.
+     * List node labels (org scoped)
+     */
+    async listLabels(requestParameters: ListLabelsRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Array<DtoLabelResponse>> {
+        const response = await this.listLabelsRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Partially update label fields.
+     * Update label (org scoped)
+     */
+    async updateLabelRaw(requestParameters: UpdateLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<DtoLabelResponse>> {
+        if (requestParameters['id'] == null) {
+            throw new runtime.RequiredError(
+                'id',
+                'Required parameter "id" was null or undefined when calling updateLabel().'
+            );
+        }
+
+        if (requestParameters['body'] == null) {
+            throw new runtime.RequiredError(
+                'body',
+                'Required parameter "body" was null or undefined when calling updateLabel().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (requestParameters['xOrgID'] != null) {
+            headerParameters['X-Org-ID'] = String(requestParameters['xOrgID']);
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-KEY"] = await this.configuration.apiKey("X-ORG-KEY"); // OrgKeyAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-ORG-SECRET"] = await this.configuration.apiKey("X-ORG-SECRET"); // OrgSecretAuth authentication
+        }
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/labels/{id}`;
+        urlPath = urlPath.replace(`{${"id"}}`, encodeURIComponent(String(requestParameters['id'])));
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'PATCH',
+            headers: headerParameters,
+            query: queryParameters,
+            body: DtoUpdateLabelRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => DtoLabelResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Partially update label fields.
+     * Update label (org scoped)
+     */
+    async updateLabel(requestParameters: UpdateLabelRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<DtoLabelResponse> {
+        const response = await this.updateLabelRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+}

ui/src/sdk/apis/index.ts

@@ -1,6 +1,7 @@
 /* tslint:disable */
 /* eslint-disable */
 export * from './AuthApi';
+export * from './LabelsApi';
 export * from './MeApi';
 export * from './MeAPIKeysApi';
 export * from './OrgsApi';

ui/src/sdk/docs/DtoCreateLabelRequest.md

@@ -0,0 +1,36 @@
+
+# DtoCreateLabelRequest
+
+
+## Properties
+
+Name | Type
+------------ | -------------
+`key` | string
+`value` | string
+
+## Example
+
+```typescript
+import type { DtoCreateLabelRequest } from '@glueops/autoglue-sdk'
+
+// TODO: Update the object below with actual values
+const example = {
+  "key": null,
+  "value": null,
+} satisfies DtoCreateLabelRequest
+
+console.log(example)
+
+// Convert the instance to a JSON string
+const exampleJSON: string = JSON.stringify(example)
+console.log(exampleJSON)
+
+// Parse the JSON string back to an object
+const exampleParsed = JSON.parse(exampleJSON) as DtoCreateLabelRequest
+console.log(exampleParsed)
+```
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+

ui/src/sdk/docs/DtoLabelResponse.md

@@ -0,0 +1,38 @@
+
+# DtoLabelResponse
+
+
+## Properties
+
+Name | Type
+------------ | -------------
+`id` | string
+`key` | string
+`value` | string
+
+## Example
+
+```typescript
+import type { DtoLabelResponse } from '@glueops/autoglue-sdk'
+
+// TODO: Update the object below with actual values
+const example = {
+  "id": null,
+  "key": null,
+  "value": null,
+} satisfies DtoLabelResponse
+
+console.log(example)
+
+// Convert the instance to a JSON string
+const exampleJSON: string = JSON.stringify(example)
+console.log(exampleJSON)
+
+// Parse the JSON string back to an object
+const exampleParsed = JSON.parse(exampleJSON) as DtoLabelResponse
+console.log(exampleParsed)
+```
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+

ui/src/sdk/docs/DtoUpdateLabelRequest.md

@@ -0,0 +1,36 @@
+
+# DtoUpdateLabelRequest
+
+
+## Properties
+
+Name | Type
+------------ | -------------
+`key` | string
+`value` | string
+
+## Example
+
+```typescript
+import type { DtoUpdateLabelRequest } from '@glueops/autoglue-sdk'
+
+// TODO: Update the object below with actual values
+const example = {
+  "key": null,
+  "value": null,
+} satisfies DtoUpdateLabelRequest
+
+console.log(example)
+
+// Convert the instance to a JSON string
+const exampleJSON: string = JSON.stringify(example)
+console.log(exampleJSON)
+
+// Parse the JSON string back to an object
+const exampleParsed = JSON.parse(exampleJSON) as DtoUpdateLabelRequest
+console.log(exampleParsed)
+```
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+

ui/src/sdk/docs/LabelsApi.md

@@ -0,0 +1,433 @@
+# LabelsApi
+
+All URIs are relative to *http://localhost:8080/api/v1*
+
+| Method | HTTP request | Description |
+|------------- | ------------- | -------------|
+| [**createLabel**](LabelsApi.md#createlabel) | **POST** /labels | Create label (org scoped) |
+| [**deleteLabel**](LabelsApi.md#deletelabel) | **DELETE** /labels/{id} | Delete label (org scoped) |
+| [**getLabel**](LabelsApi.md#getlabel) | **GET** /labels/{id} | Get label by ID (org scoped) |
+| [**listLabels**](LabelsApi.md#listlabels) | **GET** /labels | List node labels (org scoped) |
+| [**updateLabel**](LabelsApi.md#updatelabel) | **PATCH** /labels/{id} | Update label (org scoped) |
+
+
+
+## createLabel
+
+> DtoLabelResponse createLabel(body, xOrgID)
+
+Create label (org scoped)
+
+Creates a label.
+
+### Example
+
+```ts
+import {
+  Configuration,
+  LabelsApi,
+} from '@glueops/autoglue-sdk';
+import type { CreateLabelRequest } from '@glueops/autoglue-sdk';
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({ 
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // DtoCreateLabelRequest | Label payload
+    body: ...,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies CreateLabelRequest;
+
+  try {
+    const data = await api.createLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+
+| Name | Type | Description  | Notes |
+|------------- | ------------- | ------------- | -------------|
+| **body** | [DtoCreateLabelRequest](DtoCreateLabelRequest.md) | Label payload | |
+| **xOrgID** | `string` | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: `application/json`
+- **Accept**: `application/json`
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+| **201** | Created |  -  |
+| **400** | invalid json / missing fields / invalid node_pool_ids |  -  |
+| **401** | Unauthorized |  -  |
+| **403** | organization required |  -  |
+| **500** | create failed |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+
+## deleteLabel
+
+> string deleteLabel(id, xOrgID)
+
+Delete label (org scoped)
+
+Permanently deletes the label.
+
+### Example
+
+```ts
+import {
+  Configuration,
+  LabelsApi,
+} from '@glueops/autoglue-sdk';
+import type { DeleteLabelRequest } from '@glueops/autoglue-sdk';
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({ 
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Label ID (UUID)
+    id: id_example,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies DeleteLabelRequest;
+
+  try {
+    const data = await api.deleteLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+
+| Name | Type | Description  | Notes |
+|------------- | ------------- | ------------- | -------------|
+| **id** | `string` | Label ID (UUID) | [Defaults to `undefined`] |
+| **xOrgID** | `string` | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+**string**
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: `application/json`
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+| **204** | No Content |  -  |
+| **400** | invalid id |  -  |
+| **401** | Unauthorized |  -  |
+| **403** | organization required |  -  |
+| **500** | delete failed |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+
+## getLabel
+
+> DtoLabelResponse getLabel(id, xOrgID)
+
+Get label by ID (org scoped)
+
+Returns one label.
+
+### Example
+
+```ts
+import {
+  Configuration,
+  LabelsApi,
+} from '@glueops/autoglue-sdk';
+import type { GetLabelRequest } from '@glueops/autoglue-sdk';
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({ 
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Label ID (UUID)
+    id: id_example,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies GetLabelRequest;
+
+  try {
+    const data = await api.getLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+
+| Name | Type | Description  | Notes |
+|------------- | ------------- | ------------- | -------------|
+| **id** | `string` | Label ID (UUID) | [Defaults to `undefined`] |
+| **xOrgID** | `string` | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: `application/json`
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+| **200** | OK |  -  |
+| **400** | invalid id |  -  |
+| **401** | Unauthorized |  -  |
+| **403** | organization required |  -  |
+| **404** | not found |  -  |
+| **500** | fetch failed |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+
+## listLabels
+
+> Array<DtoLabelResponse> listLabels(xOrgID, key, value, q)
+
+List node labels (org scoped)
+
+Returns node labels for the organization in X-Org-ID. Filters: `key`, `value`, and `q` (key contains). Add `include=node_pools` to include linked node groups.
+
+### Example
+
+```ts
+import {
+  Configuration,
+  LabelsApi,
+} from '@glueops/autoglue-sdk';
+import type { ListLabelsRequest } from '@glueops/autoglue-sdk';
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({ 
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+    // string | Exact key (optional)
+    key: key_example,
+    // string | Exact value (optional)
+    value: value_example,
+    // string | Key contains (case-insensitive) (optional)
+    q: q_example,
+  } satisfies ListLabelsRequest;
+
+  try {
+    const data = await api.listLabels(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+
+| Name | Type | Description  | Notes |
+|------------- | ------------- | ------------- | -------------|
+| **xOrgID** | `string` | Organization UUID | [Optional] [Defaults to `undefined`] |
+| **key** | `string` | Exact key | [Optional] [Defaults to `undefined`] |
+| **value** | `string` | Exact value | [Optional] [Defaults to `undefined`] |
+| **q** | `string` | Key contains (case-insensitive) | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**Array<DtoLabelResponse>**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: `application/json`
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+| **200** | OK |  -  |
+| **401** | Unauthorized |  -  |
+| **403** | organization required |  -  |
+| **500** | failed to list node taints |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+
+## updateLabel
+
+> DtoLabelResponse updateLabel(id, body, xOrgID)
+
+Update label (org scoped)
+
+Partially update label fields.
+
+### Example
+
+```ts
+import {
+  Configuration,
+  LabelsApi,
+} from '@glueops/autoglue-sdk';
+import type { UpdateLabelRequest } from '@glueops/autoglue-sdk';
+
+async function example() {
+  console.log("🚀 Testing @glueops/autoglue-sdk SDK...");
+  const config = new Configuration({ 
+    // To configure API key authorization: OrgKeyAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: OrgSecretAuth
+    apiKey: "YOUR API KEY",
+    // To configure API key authorization: BearerAuth
+    apiKey: "YOUR API KEY",
+  });
+  const api = new LabelsApi(config);
+
+  const body = {
+    // string | Label ID (UUID)
+    id: id_example,
+    // DtoUpdateLabelRequest | Fields to update
+    body: ...,
+    // string | Organization UUID (optional)
+    xOrgID: xOrgID_example,
+  } satisfies UpdateLabelRequest;
+
+  try {
+    const data = await api.updateLabel(body);
+    console.log(data);
+  } catch (error) {
+    console.error(error);
+  }
+}
+
+// Run the test
+example().catch(console.error);
+```
+
+### Parameters
+
+
+| Name | Type | Description  | Notes |
+|------------- | ------------- | ------------- | -------------|
+| **id** | `string` | Label ID (UUID) | [Defaults to `undefined`] |
+| **body** | [DtoUpdateLabelRequest](DtoUpdateLabelRequest.md) | Fields to update | |
+| **xOrgID** | `string` | Organization UUID | [Optional] [Defaults to `undefined`] |
+
+### Return type
+
+[**DtoLabelResponse**](DtoLabelResponse.md)
+
+### Authorization
+
+[OrgKeyAuth](../README.md#OrgKeyAuth), [OrgSecretAuth](../README.md#OrgSecretAuth), [BearerAuth](../README.md#BearerAuth)
+
+### HTTP request headers
+
+- **Content-Type**: `application/json`
+- **Accept**: `application/json`
+
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+| **200** | OK |  -  |
+| **400** | invalid id / invalid json |  -  |
+| **401** | Unauthorized |  -  |
+| **403** | organization required |  -  |
+| **404** | not found |  -  |
+| **500** | update failed |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+

ui/src/sdk/models/DtoCreateLabelRequest.ts

@@ -0,0 +1,73 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface DtoCreateLabelRequest
+ */
+export interface DtoCreateLabelRequest {
+    /**
+     * 
+     * @type {string}
+     * @memberof DtoCreateLabelRequest
+     */
+    key?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof DtoCreateLabelRequest
+     */
+    value?: string;
+}
+
+/**
+ * Check if a given object implements the DtoCreateLabelRequest interface.
+ */
+export function instanceOfDtoCreateLabelRequest(value: object): value is DtoCreateLabelRequest {
+    return true;
+}
+
+export function DtoCreateLabelRequestFromJSON(json: any): DtoCreateLabelRequest {
+    return DtoCreateLabelRequestFromJSONTyped(json, false);
+}
+
+export function DtoCreateLabelRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): DtoCreateLabelRequest {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'key': json['key'] == null ? undefined : json['key'],
+        'value': json['value'] == null ? undefined : json['value'],
+    };
+}
+
+export function DtoCreateLabelRequestToJSON(json: any): DtoCreateLabelRequest {
+    return DtoCreateLabelRequestToJSONTyped(json, false);
+}
+
+export function DtoCreateLabelRequestToJSONTyped(value?: DtoCreateLabelRequest | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'key': value['key'],
+        'value': value['value'],
+    };
+}
+

ui/src/sdk/models/DtoLabelResponse.ts

@@ -0,0 +1,81 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface DtoLabelResponse
+ */
+export interface DtoLabelResponse {
+    /**
+     * 
+     * @type {string}
+     * @memberof DtoLabelResponse
+     */
+    id?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof DtoLabelResponse
+     */
+    key?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof DtoLabelResponse
+     */
+    value?: string;
+}
+
+/**
+ * Check if a given object implements the DtoLabelResponse interface.
+ */
+export function instanceOfDtoLabelResponse(value: object): value is DtoLabelResponse {
+    return true;
+}
+
+export function DtoLabelResponseFromJSON(json: any): DtoLabelResponse {
+    return DtoLabelResponseFromJSONTyped(json, false);
+}
+
+export function DtoLabelResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): DtoLabelResponse {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'id': json['id'] == null ? undefined : json['id'],
+        'key': json['key'] == null ? undefined : json['key'],
+        'value': json['value'] == null ? undefined : json['value'],
+    };
+}
+
+export function DtoLabelResponseToJSON(json: any): DtoLabelResponse {
+    return DtoLabelResponseToJSONTyped(json, false);
+}
+
+export function DtoLabelResponseToJSONTyped(value?: DtoLabelResponse | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'id': value['id'],
+        'key': value['key'],
+        'value': value['value'],
+    };
+}
+

ui/src/sdk/models/DtoUpdateLabelRequest.ts

@@ -0,0 +1,73 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * AutoGlue API
+ * API for managing K3s clusters across cloud providers
+ *
+ * The version of the OpenAPI document: 1.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface DtoUpdateLabelRequest
+ */
+export interface DtoUpdateLabelRequest {
+    /**
+     * 
+     * @type {string}
+     * @memberof DtoUpdateLabelRequest
+     */
+    key?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof DtoUpdateLabelRequest
+     */
+    value?: string;
+}
+
+/**
+ * Check if a given object implements the DtoUpdateLabelRequest interface.
+ */
+export function instanceOfDtoUpdateLabelRequest(value: object): value is DtoUpdateLabelRequest {
+    return true;
+}
+
+export function DtoUpdateLabelRequestFromJSON(json: any): DtoUpdateLabelRequest {
+    return DtoUpdateLabelRequestFromJSONTyped(json, false);
+}
+
+export function DtoUpdateLabelRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): DtoUpdateLabelRequest {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'key': json['key'] == null ? undefined : json['key'],
+        'value': json['value'] == null ? undefined : json['value'],
+    };
+}
+
+export function DtoUpdateLabelRequestToJSON(json: any): DtoUpdateLabelRequest {
+    return DtoUpdateLabelRequestToJSONTyped(json, false);
+}
+
+export function DtoUpdateLabelRequestToJSONTyped(value?: DtoUpdateLabelRequest | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'key': value['key'],
+        'value': value['value'],
+    };
+}
+

ui/src/sdk/models/index.ts

@@ -1,11 +1,13 @@
 /* tslint:disable */
 /* eslint-disable */
 export * from './DtoAuthStartResponse';
+export * from './DtoCreateLabelRequest';
 export * from './DtoCreateSSHRequest';
 export * from './DtoCreateServerRequest';
 export * from './DtoCreateTaintRequest';
 export * from './DtoJWK';
 export * from './DtoJWKS';
+export * from './DtoLabelResponse';
 export * from './DtoLogoutRequest';
 export * from './DtoRefreshRequest';
 export * from './DtoServerResponse';
@@ -13,6 +15,7 @@ export * from './DtoSshResponse';
 export * from './DtoSshRevealResponse';
 export * from './DtoTaintResponse';
 export * from './DtoTokenPair';
+export * from './DtoUpdateLabelRequest';
 export * from './DtoUpdateServerRequest';
 export * from './DtoUpdateTaintRequest';
 export * from './HandlersCreateUserKeyRequest';