pingidentity · henryrecker-pingidentity · Jun 24, 2024 · Jun 24, 2024 · Jun 25, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v0.12.0 (Unreleased)
+### Resources
+* **New Resource:** `pingfederate_keypairs_oauth_openid_connect` ([#267]([https](https://github.com/pingidentity/terraform-provider-pingfederate/pull/267)))
+
 # v0.11.0 May 30th, 2024
 ### DEPRECATED
 * `location` property in resource reference object types for all Resources and DataSources removed ([#249](https://github.com/pingidentity/terraform-provider-pingfederate/pull/249))

diff --git a/Makefile b/Makefile
@@ -49,7 +49,7 @@ removetestcontainer:
 spincontainer: removetestcontainer starttestcontainer
 
 define test_acc_common_env_vars
-	PINGFEDERATE_PROVIDER_HTTPS_HOST=https://localhost:9999 PINGFEDERATE_PROVIDER_ADMIN_API_PATH="/pf-admin-api/v1" PINGFEDERATE_PROVIDER_INSECURE_TRUST_ALL_TLS=true PINGFEDERATE_PROVIDER_X_BYPASS_EXTERNAL_VALIDATION_HEADER=true PINGFEDERATE_PROVIDER_PRODUCT_VERSION=$${PINGFEDERATE_PROVIDER_PRODUCT_VERSION:-12.0}
+	PINGFEDERATE_PROVIDER_HTTPS_HOST=https://localhost:9999 PINGFEDERATE_PROVIDER_ADMIN_API_PATH="/pf-admin-api/v1" PINGFEDERATE_PROVIDER_INSECURE_TRUST_ALL_TLS=true PINGFEDERATE_PROVIDER_X_BYPASS_EXTERNAL_VALIDATION_HEADER=true PINGFEDERATE_PROVIDER_PRODUCT_VERSION=$${PINGFEDERATE_PROVIDER_PRODUCT_VERSION:-12.0.1}
 endef
 
 define test_acc_basic_auth_env_vars
@@ -64,6 +64,9 @@ endef
 testoneacc:
 	$(call test_acc_common_env_vars) $(call test_acc_basic_auth_env_vars) TF_ACC=1 go test ./internal/acctest/... -timeout 10m -run ${ACC_TEST_NAME} -v count=1
 
+testaccfolder:
+	$(call test_acc_common_env_vars) $(call test_acc_basic_auth_env_vars) TF_ACC=1 go test ./internal/acctest/config/${ACC_TEST_FOLDER}... -timeout 10m -v count=1
+
 testoneacccomplete: spincontainer testoneacc
 
 # Some tests can step on each other's toes so run those tests in single threaded mode. Run the rest in parallel

diff --git a/docs/resources/keypairs_oauth_openid_connect.md b/docs/resources/keypairs_oauth_openid_connect.md
@@ -0,0 +1,238 @@
+---
+page_title: "pingfederate_keypairs_oauth_openid_connect Resource - terraform-provider-pingfederate"
+subcategory: ""
+description: |-
+
+---
+
+# pingfederate_keypairs_oauth_openid_connect (Resource)
+
+
+
+## Example Usage
+
+```terraform
+resource "pingfederate_keypairs_oauth_openid_connect" "keypairsOAuthOpenIDConnect" {
+  rsa_active_cert_ref = {
+    id = "rsaactive"
+  }
+  rsa_decryption_active_cert_ref = {
+    id = "rsadecryptionactive"
+  }
+  rsa_decryption_previous_cert_ref = {
+    id = "rsadecryptionprevious"
+  }
+  rsa_previous_cert_ref = {
+    id = "rsaprevious"
+  }
+  rsa_publish_x5c_parameter = true
+  static_jwks_enabled       = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `static_jwks_enabled` (Boolean) Enable static keys.
+
+### Optional
+
+- `p256_active_cert_ref` (Attributes) Reference to the P-256 key currently active. (see [below for nested schema](#nestedatt--p256_active_cert_ref))
+- `p256_active_key_id` (String) Key Id for currently active P-256 key.
+- `p256_decryption_active_cert_ref` (Attributes) Reference to the P-256 decryption key currently active. (see [below for nested schema](#nestedatt--p256_decryption_active_cert_ref))
+- `p256_decryption_active_key_id` (String) Key Id for currently active P-256 decryption key.
+- `p256_decryption_previous_cert_ref` (Attributes) Reference to the P-256 decryption key previously active. (see [below for nested schema](#nestedatt--p256_decryption_previous_cert_ref))
+- `p256_decryption_previous_key_id` (String) Key Id for previously active P-256 decryption key.
+- `p256_decryption_publish_x5c_parameter` (Boolean) Enable publishing of the P-256 certificate chain associated with the active key.
+- `p256_previous_cert_ref` (Attributes) Reference to the P-256 key previously active. (see [below for nested schema](#nestedatt--p256_previous_cert_ref))
+- `p256_previous_key_id` (String) Key Id for previously active P-256 key.
+- `p256_publish_x5c_parameter` (Boolean) Enable publishing of the P-256 certificate chain associated with the active key.
+- `p384_active_cert_ref` (Attributes) Reference to the P-384 key currently active. (see [below for nested schema](#nestedatt--p384_active_cert_ref))
+- `p384_active_key_id` (String) Key Id for currently active P-384 key.
+- `p384_decryption_active_cert_ref` (Attributes) Reference to the P-384 decryption key currently active. (see [below for nested schema](#nestedatt--p384_decryption_active_cert_ref))
+- `p384_decryption_active_key_id` (String) Key Id for currently active P-384 decryption key.
+- `p384_decryption_previous_cert_ref` (Attributes) Reference to the P-384 decryption key previously active. (see [below for nested schema](#nestedatt--p384_decryption_previous_cert_ref))
+- `p384_decryption_previous_key_id` (String) Key Id for previously active P-384 decryption key.
+- `p384_decryption_publish_x5c_parameter` (Boolean) Enable publishing of the P-384 certificate chain associated with the active key.
+- `p384_previous_cert_ref` (Attributes) Reference to the P-384 key previously active. (see [below for nested schema](#nestedatt--p384_previous_cert_ref))
+- `p384_previous_key_id` (String) Key Id for previously active P-384 key.
+- `p384_publish_x5c_parameter` (Boolean) Enable publishing of the P-384 certificate chain associated with the active key.
+- `p521_active_cert_ref` (Attributes) Reference to the P-521 key currently active. (see [below for nested schema](#nestedatt--p521_active_cert_ref))
+- `p521_active_key_id` (String) Key Id for currently active P-521 key.
+- `p521_decryption_active_cert_ref` (Attributes) Reference to the P-521 decryption key currently active. (see [below for nested schema](#nestedatt--p521_decryption_active_cert_ref))
+- `p521_decryption_active_key_id` (String) Key Id for currently active P-521 decryption key.
+- `p521_decryption_previous_cert_ref` (Attributes) Reference to the P-521 decryption key previously active. (see [below for nested schema](#nestedatt--p521_decryption_previous_cert_ref))
+- `p521_decryption_previous_key_id` (String) Key Id for previously active P-521 decryption key.
+- `p521_decryption_publish_x5c_parameter` (Boolean) Enable publishing of the P-521 certificate chain associated with the active key.
+- `p521_previous_cert_ref` (Attributes) Reference to the P-521 key previously active. (see [below for nested schema](#nestedatt--p521_previous_cert_ref))
+- `p521_previous_key_id` (String) Key Id for previously active P-521 key.
+- `p521_publish_x5c_parameter` (Boolean) Enable publishing of the P-521 certificate chain associated with the active key.
+- `rsa_active_cert_ref` (Attributes) Reference to the RSA key currently active. (see [below for nested schema](#nestedatt--rsa_active_cert_ref))
+- `rsa_active_key_id` (String) Key Id for currently active RSA key.
+- `rsa_algorithm_active_key_ids` (Attributes List) PingFederate uses the same RSA key for all RSA signing algorithms. To enable active RSA JWK entry to have unique single valued ''alg'' parameter, use this list to set a key identifier for each RSA algorithm (RS256, RS384, RS512, PS256, PS384 and PS512). (see [below for nested schema](#nestedatt--rsa_algorithm_active_key_ids))
+- `rsa_algorithm_previous_key_ids` (Attributes List) PingFederate uses the same RSA key for all RSA signing algorithms. To enable previously active RSA JWK entry to have unique single valued ''alg'' parameter, use this list to set a key identifier for each RSA algorithm (RS256, RS384, RS512, PS256, PS384 and PS512). (see [below for nested schema](#nestedatt--rsa_algorithm_previous_key_ids))
+- `rsa_decryption_active_cert_ref` (Attributes) Reference to the RSA decryption key currently active. (see [below for nested schema](#nestedatt--rsa_decryption_active_cert_ref))
+- `rsa_decryption_active_key_id` (String) Key Id for currently active RSA decryption key.
+- `rsa_decryption_previous_cert_ref` (Attributes) Reference to the RSA decryption key previously active. (see [below for nested schema](#nestedatt--rsa_decryption_previous_cert_ref))
+- `rsa_decryption_previous_key_id` (String) Key Id for previously active RSA decryption key.
+- `rsa_decryption_publish_x5c_parameter` (Boolean) Enable publishing of the RSA certificate chain associated with the active key.
+- `rsa_previous_cert_ref` (Attributes) Reference to the RSA key previously active. (see [below for nested schema](#nestedatt--rsa_previous_cert_ref))
+- `rsa_previous_key_id` (String) Key Id for previously active RSA key.
+- `rsa_publish_x5c_parameter` (Boolean) Enable publishing of the RSA certificate chain associated with the active key.
+
+<a id="nestedatt--p256_active_cert_ref"></a>
+### Nested Schema for `p256_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p256_decryption_active_cert_ref"></a>
+### Nested Schema for `p256_decryption_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p256_decryption_previous_cert_ref"></a>
+### Nested Schema for `p256_decryption_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p256_previous_cert_ref"></a>
+### Nested Schema for `p256_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p384_active_cert_ref"></a>
+### Nested Schema for `p384_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p384_decryption_active_cert_ref"></a>
+### Nested Schema for `p384_decryption_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p384_decryption_previous_cert_ref"></a>
+### Nested Schema for `p384_decryption_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p384_previous_cert_ref"></a>
+### Nested Schema for `p384_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p521_active_cert_ref"></a>
+### Nested Schema for `p521_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p521_decryption_active_cert_ref"></a>
+### Nested Schema for `p521_decryption_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p521_decryption_previous_cert_ref"></a>
+### Nested Schema for `p521_decryption_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--p521_previous_cert_ref"></a>
+### Nested Schema for `p521_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--rsa_active_cert_ref"></a>
+### Nested Schema for `rsa_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--rsa_algorithm_active_key_ids"></a>
+### Nested Schema for `rsa_algorithm_active_key_ids`
+
+Required:
+
+- `key_id` (String) Unique key identifier.
+- `rsa_alg_type` (String) The RSA signing algorithm type. The supported RSA signing algorithm types are RS256, RS384, RS512, PS256, PS384 and PS512.
+
+
+<a id="nestedatt--rsa_algorithm_previous_key_ids"></a>
+### Nested Schema for `rsa_algorithm_previous_key_ids`
+
+Required:
+
+- `key_id` (String) Unique key identifier.
+- `rsa_alg_type` (String) The RSA signing algorithm type. The supported RSA signing algorithm types are RS256, RS384, RS512, PS256, PS384 and PS512.
+
+
+<a id="nestedatt--rsa_decryption_active_cert_ref"></a>
+### Nested Schema for `rsa_decryption_active_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--rsa_decryption_previous_cert_ref"></a>
+### Nested Schema for `rsa_decryption_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+
+<a id="nestedatt--rsa_previous_cert_ref"></a>
+### Nested Schema for `rsa_previous_cert_ref`
+
+Required:
+
+- `id` (String) The ID of the resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+~> This resource is singleton, so the value of "id" doesn't matter - it is just a placeholder, and required by Terraform
+
+```shell
+terraform import pingfederate_keypairs_oauth_openid_connect.keypairsOAuthOpenIDConnect id
+```
diff --git a/examples/resources/pingfederate_keypairs_oauth_openid_connect/import.sh b/examples/resources/pingfederate_keypairs_oauth_openid_connect/import.sh
@@ -0,0 +1 @@
+terraform import pingfederate_keypairs_oauth_openid_connect.keypairsOAuthOpenIDConnect id
diff --git a/examples/resources/pingfederate_keypairs_oauth_openid_connect/resource.tf b/examples/resources/pingfederate_keypairs_oauth_openid_connect/resource.tf
@@ -0,0 +1,16 @@
+resource "pingfederate_keypairs_oauth_openid_connect" "keypairsOAuthOpenIDConnect" {
+  rsa_active_cert_ref = {
+    id = "rsaactive"
+  }
+  rsa_decryption_active_cert_ref = {
+    id = "rsadecryptionactive"
+  }
+  rsa_decryption_previous_cert_ref = {
+    id = "rsadecryptionprevious"
+  }
+  rsa_previous_cert_ref = {
+    id = "rsaprevious"
+  }
+  rsa_publish_x5c_parameter = true
+  static_jwks_enabled       = true
+}