From 9fdc4dd248417306c10f31c7bf1ae7ef061a7e8d Mon Sep 17 00:00:00 2001 From: Melanie Matthews Date: Tue, 22 Feb 2022 16:48:03 +1100 Subject: [PATCH] Add `kid` attribute to key resource. The `kid` is an attribute of a key that can be read once the key has been generated. --- docs/resources/key.md | 10 ++++++++-- fusionauth/resource_fusionauth_key.go | 14 +++++++++----- fusionauth/resource_fusionauth_key_test.go | 1 + 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/docs/resources/key.md b/docs/resources/key.md index b17afa2..82eb358 100644 --- a/docs/resources/key.md +++ b/docs/resources/key.md @@ -1,6 +1,6 @@ # Key Resource -Cryptographic keys are used in signing and verifying JWTs and verifying responses for third party identity providers. It is more likely you will interact with keys using the FusionAuth UI in the Key Master menu. +Cryptographic keys are used in signing and verifying JWTs and verifying responses for third party identity providers. It is more likely you will interact with keys using the FusionAuth UI in the Key Master menu. [Keys API](https://fusionauth.io/docs/v1/tech/apis/keys) @@ -28,4 +28,10 @@ resource "fusionauth_key" "admin_id" { - `HS384` - HMAC using SHA-384 hash algorithm - `HS512` - HMAC using SHA-512 hash algorithm * `name` - (Required) The name of the Key. -* `length` - (Optional) \ No newline at end of file +* `length` - (Optional) + +## Attribute Reference + +In addition to all arguments above, the following attribute is exported: + +* `kid` - The id used in the JWT header to identify the key used to generate the signature diff --git a/fusionauth/resource_fusionauth_key.go b/fusionauth/resource_fusionauth_key.go index ee6cc7b..da59568 100644 --- a/fusionauth/resource_fusionauth_key.go +++ b/fusionauth/resource_fusionauth_key.go @@ -55,6 +55,11 @@ func newKey() *schema.Resource { ForceNew: true, Description: "The length of the RSA or EC certificate. This field is required when generating RSA key types.", }, + "kid": { + Type: schema.TypeString, + Computed: true, + Description: "The id used in the JWT header to identify the key used to generate the signature", + }, }, Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, @@ -91,11 +96,7 @@ func createKey(_ context.Context, data *schema.ResourceData, i interface{}) diag } data.SetId(resp.Key.Id) - if err := data.Set("key_id", resp.Key.Id); err != nil { - return diag.Errorf("key.key_id: %s", err.Error()) - } - - return nil + return buildResourceDataFromKey(data, resp.Key) } func buildResourceDataFromKey(data *schema.ResourceData, res fusionauth.Key) diag.Diagnostics { @@ -111,6 +112,9 @@ func buildResourceDataFromKey(data *schema.ResourceData, res fusionauth.Key) dia if err := data.Set("length", res.Length); err != nil { return diag.Errorf("key.length: %s", err.Error()) } + if err := data.Set("kid", res.Kid); err != nil { + return diag.Errorf("key.kid: %s", err.Error()) + } return nil } diff --git a/fusionauth/resource_fusionauth_key_test.go b/fusionauth/resource_fusionauth_key_test.go index a53491f..cfb0cdf 100644 --- a/fusionauth/resource_fusionauth_key_test.go +++ b/fusionauth/resource_fusionauth_key_test.go @@ -120,6 +120,7 @@ func testKeyAccTestCheckFuncs( resource.TestCheckResourceAttr(tfResourcePath, "name", fmt.Sprintf("test-acc %s", resourceName)), resource.TestCheckResourceAttr(tfResourcePath, "algorithm", string(algorithm)), resource.TestCheckResourceAttr(tfResourcePath, "length", fmt.Sprintf("%d", length)), + resource.TestCheckResourceAttrSet(tfResourcePath, "kid"), } if len(extraFuncs) > 0 {