From b813310fc520da059a1ac5e20dc9eb4af7c69c93 Mon Sep 17 00:00:00 2001
From: Will Chandler <will@oxidecomputer.com>
Date: Mon, 18 Nov 2024 10:53:23 -0500
Subject: [PATCH] Document IDP key format requirement

We currently require SAML private keys to be in RSA PKCS#1 format, but
do not mention this in our doc string.

Update the doc string to explicitly list the required format.
---
 nexus/types/src/external_api/params.rs | 2 +-
 openapi/nexus.json                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nexus/types/src/external_api/params.rs b/nexus/types/src/external_api/params.rs
index 15bf7f9959..3a395ea768 100644
--- a/nexus/types/src/external_api/params.rs
+++ b/nexus/types/src/external_api/params.rs
@@ -584,7 +584,7 @@ pub struct DerEncodedKeyPair {
     #[serde(deserialize_with = "x509_cert_from_base64_encoded_der")]
     pub public_cert: String,
 
-    /// request signing private key (base64 encoded der file)
+    /// request signing RSA private key in PKCS#1 format (base64 encoded der file)
     #[serde(deserialize_with = "key_from_base64_encoded_der")]
     pub private_key: String,
 }
diff --git a/openapi/nexus.json b/openapi/nexus.json
index d4dfa6d391..bc703710ee 100644
--- a/openapi/nexus.json
+++ b/openapi/nexus.json
@@ -13217,7 +13217,7 @@
         "type": "object",
         "properties": {
           "private_key": {
-            "description": "request signing private key (base64 encoded der file)",
+            "description": "request signing RSA private key in PKCS#1 format (base64 encoded der file)",
             "type": "string"
           },
           "public_cert": {