From 51bcf65bf4a951f9a4986de37749c36bb2e3a3df Mon Sep 17 00:00:00 2001
From: Kenan Yildirim <kenan.yildirim@pangea.cloud>
Date: Mon, 24 Jun 2024 15:57:20 -0400
Subject: [PATCH] Add AuthN user password expiration (PAN-15056)

---
 CHANGELOG.md                                  |  1 +
 pangea-sdk/v3/service/authn/api.go            | 21 +++++++++++++++++++
 .../v3/service/authn/integration_test.go      |  5 +++++
 3 files changed, 27 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9ec02673..a9881f62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Doc example for unredact.
 - Vault `/export` support
 - `exportable` field support in Vault `/key/store` and `/key/generate`
+- AuthN user password expiration support.
 
 ## [3.9.0] - 2024-06-07
 
diff --git a/pangea-sdk/v3/service/authn/api.go b/pangea-sdk/v3/service/authn/api.go
index ddfa354f..3ce6cf75 100644
--- a/pangea-sdk/v3/service/authn/api.go
+++ b/pangea-sdk/v3/service/authn/api.go
@@ -124,6 +124,27 @@ func (a *ClientPassword) Change(ctx context.Context, input ClientPasswordChangeR
 	return request.DoPost(ctx, a.Client, "v2/client/password/change", &input, &ClientPasswordChangeResult{})
 }
 
+type ExpirePasswordRequest struct {
+	// Base request has ConfigID for multi-config projects
+	pangea.BaseRequest
+
+	ID string `json:"id"` // The identity of a user or a service.
+}
+
+// @summary Expire a user's password
+//
+// @description Expire a user's password.
+//
+// @operationId authn_post_v2_user_password_expire
+//
+// @example
+//
+//	resp, err := authncli.Client.Password.Expire(ctx, "pui_[...]")
+func (a *ClientPassword) Expire(ctx context.Context, id string) (*pangea.PangeaResponse[struct{}], error) {
+	var result struct{}
+	return request.DoPost(ctx, a.Client, "v2/user/password/expire", &ExpirePasswordRequest{ID: id}, &result)
+}
+
 type IDProvider string
 
 const (
diff --git a/pangea-sdk/v3/service/authn/integration_test.go b/pangea-sdk/v3/service/authn/integration_test.go
index 476f6b3b..66bbc2c6 100644
--- a/pangea-sdk/v3/service/authn/integration_test.go
+++ b/pangea-sdk/v3/service/authn/integration_test.go
@@ -445,6 +445,11 @@ func Test_Integration_Session(t *testing.T) {
 		assert.NoError(t, err)
 		assert.NotNil(t, resp3)
 	}
+
+	expireResp, err := client.Client.Password.Expire(ctx, USER_ID)
+	assert.NoError(t, err)
+	assert.NotNil(t, expireResp)
+	assert.Equal(t, "Success", pangea.StringValue(expireResp.Status))
 }
 
 func Test_Integration_User_Invite(t *testing.T) {