From 42d9b9a04233029c1dc3e72a69c2f9b38efe0034 Mon Sep 17 00:00:00 2001 From: Peter Guthy Date: Fri, 23 Jun 2023 10:58:51 +0200 Subject: [PATCH 1/4] Add provider_id flag to realm_keystore_rsa --- keycloak/realm_keystore_rsa.go | 4 +++- provider/resource_keycloak_realm_keystore_rsa.go | 11 ++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/keycloak/realm_keystore_rsa.go b/keycloak/realm_keystore_rsa.go index 821a769ea..03d797f18 100644 --- a/keycloak/realm_keystore_rsa.go +++ b/keycloak/realm_keystore_rsa.go @@ -18,6 +18,7 @@ type RealmKeystoreRsa struct { PrivateKey string Certificate string + ProviderId string } func convertFromRealmKeystoreRsaToComponent(realmKey *RealmKeystoreRsa) *component { @@ -46,7 +47,7 @@ func convertFromRealmKeystoreRsaToComponent(realmKey *RealmKeystoreRsa) *compone Id: realmKey.Id, Name: realmKey.Name, ParentId: realmKey.RealmId, - ProviderId: "rsa", + ProviderId: realmKey.ProviderId, ProviderType: "org.keycloak.keys.KeyProvider", Config: componentConfig, } @@ -82,6 +83,7 @@ func convertFromComponentToRealmKeystoreRsa(component *component, realmId string Algorithm: component.getConfig("algorithm"), PrivateKey: component.getConfig("privateKey"), Certificate: component.getConfig("certificate"), + ProviderId: component.getConfig("providerId"), } return realmKey, nil diff --git a/provider/resource_keycloak_realm_keystore_rsa.go b/provider/resource_keycloak_realm_keystore_rsa.go index 9cc82a39f..907d62ad3 100644 --- a/provider/resource_keycloak_realm_keystore_rsa.go +++ b/provider/resource_keycloak_realm_keystore_rsa.go @@ -9,7 +9,7 @@ import ( ) var ( - keycloakRealmKeystoreRsaAlgorithm = []string{"RS256", "RS384", "RS512", "PS256", "PS384", "PS512"} + keycloakRealmKeystoreRsaAlgorithm = []string{"RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "RSA-OAEP"} ) func resourceKeycloakRealmKeystoreRsa() *schema.Resource { @@ -67,6 +67,13 @@ func resourceKeycloakRealmKeystoreRsa() *schema.Resource { Required: true, Description: "X509 Certificate encoded in PEM format", }, + "provider_id": { + Type: schema.TypeString, + Optional: true, + Default: "rsa", + Description: "RSA key provider id", + ForceNew: true, + }, }, } } @@ -83,6 +90,7 @@ func getRealmKeystoreRsaFromData(data *schema.ResourceData) *keycloak.RealmKeyst Algorithm: data.Get("algorithm").(string), PrivateKey: data.Get("private_key").(string), Certificate: data.Get("certificate").(string), + ProviderId: data.Get("provider_id").(string), } return mapper @@ -98,6 +106,7 @@ func setRealmKeystoreRsaData(data *schema.ResourceData, realmKey *keycloak.Realm data.Set("enabled", realmKey.Enabled) data.Set("priority", realmKey.Priority) data.Set("algorithm", realmKey.Algorithm) + data.Set("providerId", realmKey.ProviderId) if realmKey.PrivateKey != "**********" { data.Set("private_key", realmKey.PrivateKey) data.Set("certificate", realmKey.Certificate) From a88598a2558b9146e3b2b18916fa09acb36ed529 Mon Sep 17 00:00:00 2001 From: Peter Guthy Date: Fri, 23 Jun 2023 12:09:21 +0200 Subject: [PATCH 2/4] Add provider_id to documentation --- docs/resources/realm_keystore_rsa.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/resources/realm_keystore_rsa.md b/docs/resources/realm_keystore_rsa.md index c16acac6d..6ebe229e6 100644 --- a/docs/resources/realm_keystore_rsa.md +++ b/docs/resources/realm_keystore_rsa.md @@ -28,6 +28,7 @@ resource "keycloak_realm_keystore_rsa" "keystore_rsa" { priority = 100 algorithm = "RS256" keystore_size = 2048 + provider_id = "rsa" } ``` @@ -40,8 +41,9 @@ resource "keycloak_realm_keystore_rsa" "keystore_rsa" { - `enabled` - (Optional) When `false`, key is not accessible in this realm. Defaults to `true`. - `active` - (Optional) When `false`, key in not used for signing. Defaults to `true`. - `priority` - (Optional) Priority for the provider. Defaults to `0` -- `algorithm` - (Optional) Intended algorithm for the key. Defaults to `RS256` +- `algorithm` - (Optional) Intended algorithm for the key. Defaults to `RS256`. Use `RSA-OAEP` for encryption keys - `keystore_size` - (Optional) Size for the generated keys. Defaults to `2048`. +- `provider_id` - (Optional) Use `rsa` for signing keys, `rsa-enc` for encryption keys ## Import From d1f5a201e48534ca1653e57974f34406999adfe7 Mon Sep 17 00:00:00 2001 From: Peter Guthy Date: Fri, 23 Jun 2023 12:19:36 +0200 Subject: [PATCH 3/4] Fixed formatting --- provider/resource_keycloak_realm_keystore_rsa.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider/resource_keycloak_realm_keystore_rsa.go b/provider/resource_keycloak_realm_keystore_rsa.go index 907d62ad3..bf7eb9d3e 100644 --- a/provider/resource_keycloak_realm_keystore_rsa.go +++ b/provider/resource_keycloak_realm_keystore_rsa.go @@ -72,7 +72,7 @@ func resourceKeycloakRealmKeystoreRsa() *schema.Resource { Optional: true, Default: "rsa", Description: "RSA key provider id", - ForceNew: true, + ForceNew: true, }, }, } From 002b4b66819927cd62bbf3656e1c206df9b693ae Mon Sep 17 00:00:00 2001 From: Peter Guthy Date: Fri, 23 Jun 2023 13:03:57 +0200 Subject: [PATCH 4/4] Fixed realm_keystore_rsa.go --- keycloak/realm_keystore_rsa.go | 2 +- provider/resource_keycloak_realm_keystore_rsa.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/keycloak/realm_keystore_rsa.go b/keycloak/realm_keystore_rsa.go index 03d797f18..6ffadeca7 100644 --- a/keycloak/realm_keystore_rsa.go +++ b/keycloak/realm_keystore_rsa.go @@ -83,7 +83,7 @@ func convertFromComponentToRealmKeystoreRsa(component *component, realmId string Algorithm: component.getConfig("algorithm"), PrivateKey: component.getConfig("privateKey"), Certificate: component.getConfig("certificate"), - ProviderId: component.getConfig("providerId"), + ProviderId: component.ProviderId, } return realmKey, nil diff --git a/provider/resource_keycloak_realm_keystore_rsa.go b/provider/resource_keycloak_realm_keystore_rsa.go index bf7eb9d3e..5c1e5f803 100644 --- a/provider/resource_keycloak_realm_keystore_rsa.go +++ b/provider/resource_keycloak_realm_keystore_rsa.go @@ -106,7 +106,7 @@ func setRealmKeystoreRsaData(data *schema.ResourceData, realmKey *keycloak.Realm data.Set("enabled", realmKey.Enabled) data.Set("priority", realmKey.Priority) data.Set("algorithm", realmKey.Algorithm) - data.Set("providerId", realmKey.ProviderId) + data.Set("provider_id", realmKey.ProviderId) if realmKey.PrivateKey != "**********" { data.Set("private_key", realmKey.PrivateKey) data.Set("certificate", realmKey.Certificate)