feat: add provider_id attribute to keycloak_realm_keystore_rsa resour…

…ce (#858)
keycloak · Jan 3, 2024 · 54a1a4a · 54a1a4a
1 parent c818211
commit 54a1a4a
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/docs/resources/realm_keystore_rsa.md b/docs/resources/realm_keystore_rsa.md
@@ -28,6 +28,7 @@ resource "keycloak_realm_keystore_rsa" "keystore_rsa" {
 	priority  = 100
 	algorithm = "RS256"
 	keystore_size  = 2048
+	provider_id = "rsa"
 }
 ```
 
@@ -40,8 +41,9 @@ resource "keycloak_realm_keystore_rsa" "keystore_rsa" {
 - `enabled` - (Optional) When `false`, key is not accessible in this realm. Defaults to `true`.
 - `active` - (Optional) When `false`, key in not used for signing. Defaults to `true`.
 - `priority` - (Optional) Priority for the provider. Defaults to `0`
-- `algorithm` - (Optional) Intended algorithm for the key. Defaults to `RS256`
+- `algorithm` - (Optional) Intended algorithm for the key. Defaults to `RS256`. Use `RSA-OAEP` for encryption keys
 - `keystore_size` - (Optional) Size for the generated keys. Defaults to `2048`.
+- `provider_id` - (Optional) Use `rsa` for signing keys, `rsa-enc` for encryption keys
 
 ## Import
 

diff --git a/keycloak/realm_keystore_rsa.go b/keycloak/realm_keystore_rsa.go
@@ -18,6 +18,7 @@ type RealmKeystoreRsa struct {
 
 	PrivateKey  string
 	Certificate string
+	ProviderId  string
 }
 
 func convertFromRealmKeystoreRsaToComponent(realmKey *RealmKeystoreRsa) *component {
@@ -46,7 +47,7 @@ func convertFromRealmKeystoreRsaToComponent(realmKey *RealmKeystoreRsa) *compone
 		Id:           realmKey.Id,
 		Name:         realmKey.Name,
 		ParentId:     realmKey.RealmId,
-		ProviderId:   "rsa",
+		ProviderId:   realmKey.ProviderId,
 		ProviderType: "org.keycloak.keys.KeyProvider",
 		Config:       componentConfig,
 	}
@@ -82,6 +83,7 @@ func convertFromComponentToRealmKeystoreRsa(component *component, realmId string
 		Algorithm:   component.getConfig("algorithm"),
 		PrivateKey:  component.getConfig("privateKey"),
 		Certificate: component.getConfig("certificate"),
+		ProviderId:  component.ProviderId,
 	}
 
 	return realmKey, nil

diff --git a/provider/resource_keycloak_realm_keystore_rsa.go b/provider/resource_keycloak_realm_keystore_rsa.go
@@ -9,7 +9,7 @@ import (
 )
 
 var (
-	keycloakRealmKeystoreRsaAlgorithm = []string{"RS256", "RS384", "RS512", "PS256", "PS384", "PS512"}
+	keycloakRealmKeystoreRsaAlgorithm = []string{"RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "RSA-OAEP"}
 )
 
 func resourceKeycloakRealmKeystoreRsa() *schema.Resource {
@@ -67,6 +67,13 @@ func resourceKeycloakRealmKeystoreRsa() *schema.Resource {
 				Required:    true,
 				Description: "X509 Certificate encoded in PEM format",
 			},
+			"provider_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "rsa",
+				Description: "RSA key provider id",
+				ForceNew:    true,
+			},
 		},
 	}
 }
@@ -83,6 +90,7 @@ func getRealmKeystoreRsaFromData(data *schema.ResourceData) *keycloak.RealmKeyst
 		Algorithm:   data.Get("algorithm").(string),
 		PrivateKey:  data.Get("private_key").(string),
 		Certificate: data.Get("certificate").(string),
+		ProviderId:  data.Get("provider_id").(string),
 	}
 
 	return mapper
@@ -98,6 +106,7 @@ func setRealmKeystoreRsaData(data *schema.ResourceData, realmKey *keycloak.Realm
 	data.Set("enabled", realmKey.Enabled)
 	data.Set("priority", realmKey.Priority)
 	data.Set("algorithm", realmKey.Algorithm)
+	data.Set("provider_id", realmKey.ProviderId)
 	if realmKey.PrivateKey != "**********" {
 		data.Set("private_key", realmKey.PrivateKey)
 		data.Set("certificate", realmKey.Certificate)