new resources: realm key aes, ecdsa, hmac, rsa, java keystore

[Vlad-Kirichenko]

Hi @mrparkers,

This PR adds new resources to manage keystores. #569
Tried creating everything in one resource but decided to separate them.
That's why:

• Easier data validation
• Fewer fields need to be filled when creating a resource
• The scheme for the config for the component is more complicated (also I faced the fact that if you pass empty fields to the keyloak, it will not update the resource, but it also does not throw an error)

Work is still in progress, here's what needs to be done:

• Add tests for new resources
• Fix resource import functions

Best regards,
Vlad

[mrparkers]

Thanks for the PR @Vlad-Kirichenko, this is looking good so far. Let me know if you need help with anything.

[Vlad-Kirichenko]

Hello @mrparkers
I want to write a test for Java keystore. And for this I need to add an alias in the keystore inside instance with the keycloak.
Can you please advise the way to do this?

[mrparkers]

Sorry for the late response @Vlad-Kirichenko. Unfortunately, this is a feature of Keycloak that I'm not really familiar with, so I am not sure how to advise you on that test.

[Vlad-Kirichenko]

That's all right. Then @mrparkers, what do you think if I will add step in .circleci/config.yml which will create java keystore and add alias into it(by using keytool) before Run Tests script?

[mrparkers]

Yeah I have no problem with that at all. If all this is doing is generating a file to mount to Keycloak's file system, you could also just generate it once and store it within provider/misc, which is where I put a cert / key for tests relating to SAML clients. Or we could make a dedicated folder for test artifacts.

[ringods]

Hello @mrparkers, joining the conversation here for a quick question. @Vlad-Kirichenko is one of my team members, and the work done here is contributed by the company we work for. As a technical lead, I was able to have an approved list of OpenSource projects we use internally, so we could contribute back to these projects. Executive management approved but they would like these contributions linked to their brand.

We would very much like to see a notion of this work logged somewhere, something like name of the company, hyperlinked to our website, and mentioning this PR and any later ones (e.g. #594).

Can you live with this? If so, where would be the best place to put this? The README.md file?

[mrparkers]

I'm not opposed to something like that, but I'm not sure that the README is the appropriate place for this.

How about this - I'll make some changes to the changelog file, so that each release includes a "thank you" section that tags the individuals that contributed code towards that release. Once I've done that, you can submit a PR to update one of these entries to include something like "@Vlad-Kirichenko on behalf of Example Company". Does that sound like a good compromise?

[mrparkers]

Okay, I've gone ahead and updated the changelog to include a list of each contributor under every release. Once I've cut a release that includes these changes, feel free to make a PR to this file to include a reference to the company that these changes were contributed on behalf of.

[Vlad-Kirichenko]

Hello @mrparkers.
This PR and #594 are ready to review.
Thank you!

[mrparkers]

overall this looks really good, there's just a couple of issues I found

[mrparkers]

we could probably just mount the misc directory as a volume on the running container and reference it that way. but I'm fine with leaving this as-is for now.

[Vlad-Kirichenko]

Yes, I tried to to this(using the misc dir) but the problem that I need keystore file inside keycloak instance, not in runner instance.

In the terraform manifest inside keystore field I paste path for keycloak itself.

[mrparkers]

Just a few more comments, sorry for the delay. we can get this merged and released ASAP as soon as these are addressed.

[StuxxNet]

Guys, do you have any news about this topic? I would love to use it here, because we have some configurations that were done manually, and now I need to import the keys.

[Vlad-Kirichenko]

Hello @mrparkers. can you review this PR and #599?

Best regards,
Vlad

[mrparkers]

Thanks for your patience, this looks great. Thanks again for your work on this! 🚀

[StuxxNet]

@mrparkers when do you plan to release a new version with this resource available? :D

[ringods]

@StuxxNet the company I work for is contributing 3 PRs, by way of my team member @Vlad-Kirichenko. Two of them are already merged, one is being finalised (#599). Are you OK that we get that last one in before a new release is created?

[StuxxNet]

@StuxxNet the company I work for is contributing 3 PRs, by way of my team member @Vlad-Kirichenko. Two of them are already merged, one is being finalised (#599). Are you OK that we get that last one in before a new release is created?

Totally ok with it, @ringods. Just asking so I can plan myself to start developing here :)

[ringods]

@StuxxNet it seems @mrparkers merged our latest PR and created that release: v3.5.0 😄

[mrparkers]

Thanks again for your patience @ringods and @Vlad-Kirichenko. Feel free to open a PR to update this line of the changelog: https://github.com/mrparkers/terraform-provider-keycloak/blob/c440ec199642debaa2a8f1cc0ec8e9a3a185e9bd/CHANGELOG.md?plain=1#L22 if you'd like to attribute these changes to the company you work for, as we discussed earlier.

[e42sh]

Thanks @Vlad-Kirichenko