feat: use V3 /connect for enrollment-flow gateways, add CallConnectGateway

Enrollment-flow gateways now use POST /api/v3/gateways/connect for cert
refresh instead of POST /api/v2/gateways. Identity-based gateways
continue using V2. Added UseV3Connect flag to GatewayConfig.

Author: bernie-g

packages/api/api.go

@@ -896,6 +896,26 @@ func CallGetRelays(httpClient *resty.Client) (GetRelaysResponse, error) {
 	return resBody, nil
 }
 
+func CallConnectGateway(httpClient *resty.Client, request ConnectGatewayRequest) (RegisterGatewayResponse, error) {
+	var resBody RegisterGatewayResponse
+	response, err := httpClient.
+		R().
+		SetResult(&resBody).
+		SetHeader("User-Agent", USER_AGENT).
+		SetBody(request).
+		Post(fmt.Sprintf("%v/v3/gateways/connect", config.INFISICAL_URL))
+
+	if err != nil {
+		return RegisterGatewayResponse{}, NewGenericRequestError(operationCallRegisterGateway, err)
+	}
+
+	if response.IsError() {
+		return RegisterGatewayResponse{}, NewAPIErrorWithResponse(operationCallRegisterGateway, response, nil)
+	}
+
+	return resBody, nil
+}
+
 func CallRegisterGateway(httpClient *resty.Client, request RegisterGatewayRequest) (RegisterGatewayResponse, error) {
 	var resBody RegisterGatewayResponse
 	response, err := httpClient.

packages/api/model.go

@@ -790,6 +790,10 @@ type RegisterGatewayRequest struct {
 	Name      string `json:"name,omitempty"`
 }
 
+type ConnectGatewayRequest struct {
+	RelayName string `json:"relayName,omitempty"`
+}
+
 type EnrollGatewayRequest struct {
 	Token     string `json:"token"`
 	RelayName string `json:"relayName,omitempty"`

packages/cmd/gateway.go

@@ -373,6 +373,7 @@ var gatewayStartCmd = &cobra.Command{
 			Name:           gatewayName,
 			RelayName:      relayName,
 			ReconnectDelay: 10 * time.Second,
+			UseV3Connect:   runningWithStoredToken,
 		})
 
 		if err != nil {

packages/gateway-v2/gateway.go

@@ -82,6 +82,7 @@ type GatewayConfig struct {
 	IdentityToken  string
 	SSHPort        int
 	ReconnectDelay time.Duration
+	UseV3Connect   bool // Use V3 /connect endpoint instead of V2 /gateways for cert refresh
 }
 
 type pamSessionEntry struct {
@@ -505,10 +506,19 @@ func (g *Gateway) handleConnection(client *ssh.Client) error {
 }
 
 func (g *Gateway) registerGateway() error {
-	certResp, err := api.CallRegisterGateway(g.httpClient, api.RegisterGatewayRequest{
-		RelayName: g.config.RelayName,
-		Name:      g.config.Name,
-	})
+	var certResp api.RegisterGatewayResponse
+	var err error
+
+	if g.config.UseV3Connect {
+		certResp, err = api.CallConnectGateway(g.httpClient, api.ConnectGatewayRequest{
+			RelayName: g.config.RelayName,
+		})
+	} else {
+		certResp, err = api.CallRegisterGateway(g.httpClient, api.RegisterGatewayRequest{
+			RelayName: g.config.RelayName,
+			Name:      g.config.Name,
+		})
+	}
 	if err != nil {
 		return fmt.Errorf("failed to register gateway: %v", err)
 	}