44 "context"
55 "fmt"
66
7+ "github.com/hashicorp/go-cty/cty"
78 "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
89 "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
910 "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -13,6 +14,7 @@ import (
1314 "github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
1415 "github.com/scaleway/terraform-provider-scaleway/v2/internal/services/account"
1516 "github.com/scaleway/terraform-provider-scaleway/v2/internal/types"
17+ "github.com/scaleway/terraform-provider-scaleway/v2/internal/verify"
1618)
1719
1820func ResourceKeyManagerKey () * schema.Resource {
@@ -40,11 +42,31 @@ func ResourceKeyManagerKey() *schema.Resource {
4042 }, false ),
4143 Description : "Key usage type. Possible values: symmetric_encryption, asymmetric_encryption, asymmetric_signing." ,
4244 },
43- "algorithm" : {
44- Type : schema .TypeString ,
45- Required : true ,
46- Description : "Algorithm to use for the key. The valid algorithms depend on the usage type." ,
47- },
45+ "algorithm" : {
46+ Type : schema .TypeString ,
47+ Required : true ,
48+ Description : "Algorithm to use for the key. The valid algorithms depend on the usage type." ,
49+ ValidateDiagFunc : func (i any , p cty.Path ) diag.Diagnostics {
50+ var allKnownAlgos []string
51+
52+ symAlgos := key_manager .KeyAlgorithmSymmetricEncryption ("" ).Values ()
53+ for _ , algo := range symAlgos {
54+ allKnownAlgos = append (allKnownAlgos , string (algo ))
55+ }
56+
57+ asymEncAlgos := key_manager .KeyAlgorithmAsymmetricEncryption ("" ).Values ()
58+ for _ , algo := range asymEncAlgos {
59+ allKnownAlgos = append (allKnownAlgos , string (algo ))
60+ }
61+
62+ asymSignAlgos := key_manager .KeyAlgorithmAsymmetricSigning ("" ).Values ()
63+ for _ , algo := range asymSignAlgos {
64+ allKnownAlgos = append (allKnownAlgos , string (algo ))
65+ }
66+
67+ return verify .ValidateStringInSliceWithWarning (allKnownAlgos , "algorithm" )(i , p )
68+ },
69+ },
4870 "description" : {
4971 Type : schema .TypeString ,
5072 Optional : true ,
@@ -128,10 +150,12 @@ func resourceKeyManagerKeyCreate(ctx context.Context, d *schema.ResourceData, m
128150
129151 usage := d .Get ("usage" ).(string )
130152 algorithm := d .Get ("algorithm" ).(string )
153+
131154 keyUsage , err := expandUsageAlgorithm (usage , algorithm )
132155 if err != nil {
133156 return diag .FromErr (err )
134157 }
158+
135159 createReq .Usage = keyUsage
136160
137161 key , err := api .CreateKey (createReq )
@@ -247,27 +271,25 @@ func resourceKeyManagerKeyDelete(ctx context.Context, d *schema.ResourceData, m
247271
248272func validateUsageAlgorithmCombination () schema.CustomizeDiffFunc {
249273 return func (ctx context.Context , diff * schema.ResourceDiff , _ any ) error {
250- // No strict validation here - we let the API validate the algorithm
251- // This prevents the provider from being a bottleneck when new algorithms are added
252274 return nil
253275 }
254276}
255277
256278func expandUsageAlgorithm (usage , algorithm string ) (* key_manager.KeyUsage , error ) {
257279 switch usage {
258280 case usageSymmetricEncryption :
259- // Accept any algorithm for symmetric encryption - let API validate
260281 typedAlgo := key_manager .KeyAlgorithmSymmetricEncryption (algorithm )
282+
261283 return & key_manager.KeyUsage {SymmetricEncryption : & typedAlgo }, nil
262284
263285 case usageAsymmetricEncryption :
264- // Accept any algorithm for asymmetric encryption - let API validate
265286 typedAlgo := key_manager .KeyAlgorithmAsymmetricEncryption (algorithm )
287+
266288 return & key_manager.KeyUsage {AsymmetricEncryption : & typedAlgo }, nil
267289
268290 case usageAsymmetricSigning :
269- // Accept any algorithm for asymmetric signing - let API validate
270291 typedAlgo := key_manager .KeyAlgorithmAsymmetricSigning (algorithm )
292+
271293 return & key_manager.KeyUsage {AsymmetricSigning : & typedAlgo }, nil
272294
273295 default :
0 commit comments