feat(keymanager): add algorithm field to allow custom key algorithms

Author: jremy42

internal/services/keymanager/helpers.go

@@ -55,25 +55,54 @@ func NewKeyManagerAPIWithRegionAndID(m any, id string) (*key_manager.API, scw.Re
 	return client, region, keyID, nil
 }
 
-func ExpandKeyUsage(usage string) *key_manager.KeyUsage {
+func ExpandKeyUsage(usage string, algorithm string) *key_manager.KeyUsage {
 	switch usage {
 	case "symmetric_encryption":
 		alg := key_manager.KeyAlgorithmSymmetricEncryptionAes256Gcm
+		if algorithm != "" {
+			alg = key_manager.KeyAlgorithmSymmetricEncryption(algorithm)
+		}
 
 		return &key_manager.KeyUsage{SymmetricEncryption: &alg}
 	case "asymmetric_encryption":
 		alg := key_manager.KeyAlgorithmAsymmetricEncryptionRsaOaep3072Sha256
+		if algorithm != "" {
+			alg = key_manager.KeyAlgorithmAsymmetricEncryption(algorithm)
+		}
 
 		return &key_manager.KeyUsage{AsymmetricEncryption: &alg}
 	case "asymmetric_signing":
 		alg := key_manager.KeyAlgorithmAsymmetricSigningEcP256Sha256
+		if algorithm != "" {
+			alg = key_manager.KeyAlgorithmAsymmetricSigning(algorithm)
+		}
 
 		return &key_manager.KeyUsage{AsymmetricSigning: &alg}
 	default:
 		return nil
 	}
 }
 
+func AlgorithmFromKeyUsage(u *key_manager.KeyUsage) string {
+	if u == nil {
+		return ""
+	}
+
+	if u.SymmetricEncryption != nil {
+		return string(*u.SymmetricEncryption)
+	}
+
+	if u.AsymmetricEncryption != nil {
+		return string(*u.AsymmetricEncryption)
+	}
+
+	if u.AsymmetricSigning != nil {
+		return string(*u.AsymmetricSigning)
+	}
+
+	return ""
+}
+
 func ExpandKeyRotationPolicy(v any) (*key_manager.KeyRotationPolicy, error) {
 	list, ok := v.([]any)
 	if !ok || len(list) == 0 {

internal/services/keymanager/key_resource.go

@@ -35,6 +35,12 @@ func ResourceKeyManagerKey() *schema.Resource {
 				}, false),
 				Description: "Key usage. Keys with a usage set to 'symmetric_encryption' can encrypt and decrypt data using the AES-256-GCM key algorithm. Possible values: symmetric_encryption, asymmetric_encryption, asymmetric_signing.",
 			},
+			"algorithm": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "Algorithm for the key. If not specified, a default algorithm is chosen based on usage. See Key Manager documentation for supported algorithms.",
+			},
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -116,7 +122,8 @@ func resourceKeyManagerKeyCreate(ctx context.Context, d *schema.ResourceData, m
 		createReq.Origin = key_manager.KeyOrigin(v.(string))
 	}
 
-	createReq.Usage = ExpandKeyUsage(d.Get("usage").(string))
+	algorithm := d.Get("algorithm").(string)
+	createReq.Usage = ExpandKeyUsage(d.Get("usage").(string), algorithm)
 
 	key, err := api.CreateKey(createReq)
 	if err != nil {
@@ -146,6 +153,7 @@ func resourceKeyManagerKeyRead(ctx context.Context, d *schema.ResourceData, m an
 	_ = d.Set("project_id", key.ProjectID)
 	_ = d.Set("region", key.Region.String())
 	_ = d.Set("usage", UsageToString(key.Usage))
+	_ = d.Set("algorithm", AlgorithmFromKeyUsage(key.Usage))
 	_ = d.Set("description", key.Description)
 	_ = d.Set("tags", key.Tags)
 	_ = d.Set("rotation_count", int(key.RotationCount))