Add SignatureConfiguration to webhooks resource (#296)

* Add SignatureConfiguration to webhooks resource
FusionAuth · Oct 30, 2024 · 60841b7 · 60841b7
1 parent 1c3a42a
commit 60841b7
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 0 deletions.
diff --git a/docs/resources/webhook.md b/docs/resources/webhook.md
@@ -27,13 +27,22 @@ resource "fusionauth_webhook" "example" {
   -----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----
   EOT
   url                          = "http://mygameserver.local:7001/fusionauth-webhook"
+
+  signature_configuration {
+    enabled = true
+    signing_key_id = fusionauth_key.webhook_key.id
+  }
+
 }
 ```
 
 ## Argument Reference
 * `tenant_ids` - (Optional) The Ids of the tenants that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used.
 * `connect_timeout` - (Required) The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
 * `description` - (Optional) A description of the Webhook. This is used for display purposes only.
+* `signature_configuration` - (Optional) Configuration for webhook signing
+    - `enabled` - (Optional) Wether or not webhook signing is enabled
+    - `signing_key_id` - (Optional) The UUID key used for signing the Webhook
 * `events_enabled` - (Optional) A mapping for the events that are enabled for this Webhook.
     - `audit_log_create` - (Optional) When an audit log is created
     - `event_log_create` - (Optional) When an event log is created

diff --git a/fusionauth/resource_fusionauth_webhook.go b/fusionauth/resource_fusionauth_webhook.go
@@ -7,6 +7,7 @@ import (
 	"github.com/FusionAuth/go-client/pkg/fusionauth"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
 func newWebhook() *schema.Resource {
@@ -269,6 +270,30 @@ func newWebhook() *schema.Resource {
 				Required:    true,
 				Description: "The read timeout in milliseconds used when FusionAuth sends events to the Webhook.",
 			},
+			"signature_configuration": {
+				Type:     schema.TypeList,
+				MaxItems: 1,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enabled": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     false,
+							Description: "Indicates if the Webhook request should be signed.",
+							RequiredWith: []string{
+								"signature_configuration.0.signing_key_id",
+							},
+						},
+						"signing_key_id": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							Description:  "The Id of the key used to sign the Webhook request.",
+							ValidateFunc: validation.IsUUID,
+						},
+					},
+				},
+			},
 			"ssl_certificate": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -299,6 +324,7 @@ func buildWebhook(data *schema.ResourceData) fusionauth.Webhook {
 		ReadTimeout:                data.Get("read_timeout").(int),
 		SslCertificate:             data.Get("ssl_certificate").(string),
 		Url:                        data.Get("url").(string),
+		SignatureConfiguration:     buildSignatureConfiguration(data),
 	}
 
 	if i, ok := data.GetOk("headers"); ok {
@@ -308,6 +334,13 @@ func buildWebhook(data *schema.ResourceData) fusionauth.Webhook {
 	return wh
 }
 
+func buildSignatureConfiguration(data *schema.ResourceData) fusionauth.WebhookSignatureConfiguration {
+	return fusionauth.WebhookSignatureConfiguration{
+		Enableable:   buildEnableable("signature_configuration.0.enabled", data),
+		SigningKeyId: data.Get("signature_configuration.0.signing_key_id").(string),
+	}
+}
+
 func buildEventsEnabled(key string, data *schema.ResourceData) map[fusionauth.EventType]bool {
 	prefix := key + ".0."
 	return map[fusionauth.EventType]bool{