feat: add all supported alogithms for rsa-enc keystore

Signed-off-by: Thomas Boerger <[email protected]>
keycloak · Jan 29, 2025 · 2ee34be · 2ee34be
1 parent 5f4347a
commit 2ee34be
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 12 deletions.
diff --git a/provider/resource_keycloak_realm_keystore_rsa.go b/provider/resource_keycloak_realm_keystore_rsa.go
@@ -2,14 +2,16 @@ package provider
 
 import (
 	"context"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/keycloak/terraform-provider-keycloak/keycloak"
 )
 
 var (
-	keycloakRealmKeystoreRsaAlgorithm = []string{"RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "RSA-OAEP"}
+	keycloakRealmKeystoreRsaAlgorithm    = []string{"RS256", "RS384", "RS512", "PS256", "PS384", "PS512"}
+	keycloakRealmKeystoreRsaEncAlgorithm = []string{"RSA1_5", "RSA-OAEP", "RSA-OAEP-256"}
 )
 
 func resourceKeycloakRealmKeystoreRsa() *schema.Resource {
@@ -53,7 +55,7 @@ func resourceKeycloakRealmKeystoreRsa() *schema.Resource {
 			"algorithm": {
 				Type:         schema.TypeString,
 				Optional:     true,
-				ValidateFunc: validation.StringInSlice(keycloakRealmKeystoreRsaAlgorithm, false),
+				ValidateFunc: validation.StringInSlice(append(keycloakRealmKeystoreRsaAlgorithm, keycloakRealmKeystoreRsaEncAlgorithm...), false),
 				Default:      "RS256",
 				Description:  "Intended algorithm for the key",
 			},

diff --git a/provider/resource_keycloak_realm_keystore_rsa_test.go b/provider/resource_keycloak_realm_keystore_rsa_test.go
@@ -7,16 +7,17 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
-	"github.com/keycloak/terraform-provider-keycloak/keycloak"
 	"log"
 	"math/big"
 	"regexp"
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/keycloak/terraform-provider-keycloak/keycloak"
 )
 
 func TestAccKeycloakRealmKeystoreRsa_basic(t *testing.T) {
@@ -78,7 +79,8 @@ func TestAccKeycloakRealmKeystoreRsa_createAfterManualDestroy(t *testing.T) {
 func TestAccKeycloakRealmKeystoreRsa_algorithmValidation(t *testing.T) {
 	t.Parallel()
 
-	algorithm := randomStringInSlice(keycloakRealmKeystoreRsaAlgorithm)
+	rsaAlgorithm := randomStringInSlice(keycloakRealmKeystoreRsaAlgorithm)
+	rsaEncAlgorithm := randomStringInSlice(keycloakRealmKeystoreRsaEncAlgorithm)
 	privateKey, certificate := generateKeyAndCert(2048)
 
 	resource.Test(t, resource.TestCase{
@@ -87,12 +89,22 @@ func TestAccKeycloakRealmKeystoreRsa_algorithmValidation(t *testing.T) {
 		CheckDestroy:      testAccCheckRealmKeystoreRsaDestroy(),
 		Steps: []resource.TestStep{
 			{
-				Config: testKeycloakRealmKeystoreRsa_basicWithAttrValidation(algorithm, "algorithm",
+				Config: testKeycloakRealmKeystoreRsa_basicWithAttrValidation("rsa", rsaAlgorithm, "algorithm",
 					acctest.RandString(10), privateKey, certificate),
 				ExpectError: regexp.MustCompile("expected algorithm to be one of .+ got .+"),
 			},
 			{
-				Config: testKeycloakRealmKeystoreRsa_basicWithAttrValidation(algorithm, "algorithm", algorithm,
+				Config: testKeycloakRealmKeystoreRsa_basicWithAttrValidation("rsa", rsaAlgorithm, "algorithm", rsaAlgorithm,
+					privateKey, certificate),
+				Check: testAccCheckRealmKeystoreRsaExists("keycloak_realm_keystore_rsa.realm_rsa"),
+			},
+			{
+				Config: testKeycloakRealmKeystoreRsa_basicWithAttrValidation("rsa-enc", rsaEncAlgorithm, "algorithm",
+					acctest.RandString(10), privateKey, certificate),
+				ExpectError: regexp.MustCompile("expected algorithm to be one of .+ got .+"),
+			},
+			{
+				Config: testKeycloakRealmKeystoreRsa_basicWithAttrValidation("rsa-enc", rsaEncAlgorithm, "algorithm", rsaEncAlgorithm,
 					privateKey, certificate),
 				Check: testAccCheckRealmKeystoreRsaExists("keycloak_realm_keystore_rsa.realm_rsa"),
 			},
@@ -216,7 +228,6 @@ data "keycloak_realm" "realm" {
 }
 
 resource "keycloak_realm_keystore_rsa" "realm_rsa" {
-
 	name      = "%s"
 	realm_id  = data.keycloak_realm.realm.id
 
@@ -228,7 +239,7 @@ resource "keycloak_realm_keystore_rsa" "realm_rsa" {
 	`, testAccRealmUserFederation.Realm, rsaName, privateKey, certificate)
 }
 
-func testKeycloakRealmKeystoreRsa_basicWithAttrValidation(rsaName, attr, val, privateKey,
+func testKeycloakRealmKeystoreRsa_basicWithAttrValidation(provider, rsaName, attr, val, privateKey,
 	certificate string) string {
 	return fmt.Sprintf(`
 data "keycloak_realm" "realm" {
@@ -243,6 +254,7 @@ resource "keycloak_realm_keystore_rsa" "realm_rsa" {
 
     private_key = "%s"
     certificate = "%s"
+	provider_id = "%s"
 }
-	`, testAccRealmUserFederation.Realm, rsaName, attr, val, privateKey, certificate)
+	`, testAccRealmUserFederation.Realm, rsaName, attr, val, privateKey, certificate, provider)
 }