Merge 4fca821 into 2b21ca7

Author: bhillkeyfactor

.github/workflows/keyfactor-starter-workflow.yml

@@ -1,42 +1,20 @@
-name: Starter Workflow
-on: [workflow_dispatch, push, pull_request]
+name: Keyfactor Bootstrap Workflow
 
-jobs:
-  call-create-github-release-workflow:
-    uses: Keyfactor/actions/.github/workflows/github-release.yml@main
-
-  get-manifest-properties:
-    runs-on: windows-latest
-    outputs:
-      update_catalog: ${{ steps.read-json.outputs.prop }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Read json
-        id: read-json
-        shell: pwsh
-        run: |
-          $json = Get-Content integration-manifest.json | ConvertFrom-Json
-          echo "::set-output name=prop::$(echo $json.update_catalog)"
-
-  call-dotnet-build-and-release-workflow:
-    needs: [call-create-github-release-workflow]
-    uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main
-    with:
-      release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
-      release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
-      release_dir: DataPower/bin/Debug # TODO: set build output directory to upload as a release, relative to checkout workspace
-    secrets: 
-      token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }}
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
 
-  call-generate-readme-workflow:
-    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
-    uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
-      token: ${{ secrets.APPROVE_README_PUSH }}
-
-  call-update-catalog-workflow:
-    needs: get-manifest-properties
-    if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
-    uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
-    secrets: 
-      token: ${{ secrets.SDK_SYNC_PAT }}
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

CHANGELOG.md

@@ -1,8 +1,12 @@
+1.1.1
+* Dual Build .Net 6 and .Net 8 support
+* Test Tool Modifications
+* Readme Updates
+
 1.1.0
 * Convert to Universal Orchestrator Framework
 * Added Support for .cer files during inventory
 * Added PAM Support
 
 1.0.0
 * Windows Orchestrator with Add, Remove and Inventory Capabilities
-

DataPower/DataPower.csproj

@@ -1,9 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <RootNamespace>Keyfactor.Extensions.Orchestrator.DataPower</RootNamespace>
+    <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">

DataPower/Jobs/Inventory.cs

@@ -74,7 +74,6 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
                 _protocol = ci.Protocol;
                 _logger.LogTrace(
                     $"Certificate Config Domain: {ci.Domain} and Certificate Store: {ci.CertificateStore}");
-                _logger.LogTrace($"Any Job Config {JsonConvert.SerializeObject(config)}");
                 _logger.LogTrace("Entering IBM DataPower: Certificate Inventory");
                 _logger.LogTrace(
                     $"Entering processJob for Domain: {ci.Domain} and Certificate Store: {ci.CertificateStore}");

DataPower/Jobs/Management.cs

@@ -43,7 +43,6 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
             try
             {
                 _logger.MethodEntry(LogLevel.Debug);
-                _logger.LogTrace($"Any Job Config {JsonConvert.SerializeObject(config)}");
 
                 var ci = Utility.ParseCertificateConfig(config);
                 var np = Utility.ParseStoreProperties(config);

README.md

@@ -0,0 +1,51 @@
+## Overview
+
+The IBM DataPower Orchestrator allows for the management of certificates in the IBM Datapower platform. Inventory, Add and Remove functions are supported. This integration can add/replace certificates in any domain\directory combination. 
+
+* DataPower
+
+## Requirements
+The IBM DataPower Orchestrator allows for the management of certificates in the IBM Datapower platform. Inventory, Add and Remove functions are supported.  This integration can add/replace certificates in any domain\directory combination.  For example default\pubcert
+
+
+## Test Cases
+
+*** 
+
+#### INVENTORY TEST CASES
+Case Number|Case Name|Case Description|Expected Results|Passed
+------------|---------|----------------|--------------|----------
+1|Pubcert Inventory No Black List Default Domain|Should Inventory Everything in the DataPower pubcert directory on the Default Domain|Keyfactor Inventory Matches pubcert default domain inventory|True
+1a|Pubcert Inventory No Black List Default Domain using PAM Credentials|Should Inventory Everything in the DataPower pubcert directory on the Default Domain using credentials stored in a PAM Provider|Keyfactor Inventory Matches pubcert default domain inventory|True
+1b|Pubcert Inventory With Black List Default Domain|Should Inventory Everything in the DataPower pubcert directory on the Default Domain Outside of Black List Items ex: Test.pem,Test2.pem|Keyfactor Inventory Matches pubcert default domain inventory outside of Black List Items|True
+2|Pubcert Inventory No Black List *testdomain\pubcert* path|Should Inventory Everything in the DataPower pubcert directory on the *testdomain\pubcert* path|Keyfactor Inventory Matches pubcert default domain inventory|True
+2a|Pubcert Inventory With Black List *testdomain\pubcert* path|Should Inventory Everything in the DataPower pubcert directory on the *testdomain\pubcert* path Outside of Black List Items ex: Cert1.pem,Cert2.pem|Keyfactor Inventory Matches pubcert default domain inventory outside of Black List Items|True
+3|Private Key Cert Inventory No Black List Default Domain|Should Inventory Everything in the DataPower cert directory on the Default Domain|Keyfactor Inventory Matches pubcert default domain inventory|True
+3a|Private Key Cert Inventory No Black List Default Domain with Credentials Stored in PAM Provider|Should Inventory Everything in the DataPower cert directory on the Default Domain with Credentials Stored in PAM Provider|Keyfactor Inventory Matches pubcert default domain inventory|True
+3b|Private Key Cert Inventory With Black List Default Domain|Should Inventory Everything in the DataPower cert directory on the Default Domain Oustide of Black List Items ex: Test.pem,Test2.pem|Keyfactor Inventory Matches cert default domain inventory outside of Black List Items|True
+4|Private Key Cert Inventory No Black List *testdomain\cert* path|Should Inventory Everything in the DataPower cert directory on the  *testdomain\cert* path|Keyfactor Inventory Matches *testdomain\cert* path| inventory|True
+4a|Private Key Cert Inventory With Black List *testdomain\cert* path||Should Inventory Everything in the DataPower cert directory on the  *testdomain\cert* path|Keyfactor Inventory Matches *testdomain\cert* path Oustide of Black List Items ex: Test,Test2|Keyfactor Inventory Matches everything in *testdomain\cert* path outside of Black List Items
+
+*** 
+
+#### ADD/REMOVE TEST CASES
+Case Number|Case Name|Case Description|Overwrite Flag|Alias Name|Expected Results|Passed
+------------|---------|----------------|--------------|----------|----------------|--------------
+1|Pubcert Add with Alias Default Domain|Will create new Cert, Key and Pem/crt entry|False|cryptoobjs|Crypto Key Created, Crypto Cert Created, Pem/Crt created|True
+1a|Pubcert Overwrite with Alias Default Domain|Will Replaced Cert, Key and Pem/crt entry|true|cryptoobjs|Crypto Key Replaced, Crypto Cert Replaced, Pem/Crt Replaced|True
+1b|Pubcert Add without Alias Default Domain|Will create new Cert, Key and Pem/crt entry with GUID as name|False|cryptoobjs|Crypto Key Created, Crypto Cert Created, Pem/Crt created with GUID as name|True
+2|Private Key Add with Alias Default Domain|Will create new Cert, Key and Pem/crt entry|False|cryptoobjs|Crypto Key Created, Crypto Cert Created, Pem/Crt created|True
+2a|Private Key Overwrite with Alias Default Domain|Will Replaced Cert, Key and Pem/crt entry|true|cryptoobjs|Crypto Key Replaced, Crypto Cert Replaced, Pem/Crt Replaced|True
+2b|Private Key Add without Alias Default Domain|Will create new Cert, Key and Pem/crt entry with GUID as name|False|cryptoobjs|Crypto Key Created, Crypto Cert Created, Pem/Crt created with GUID as name|True
+2c|Private Key Cert Add with Alias *testdomain\cert* path|Will create new Cert, Key and Pem/crt entry in *testdomain\cert* path|False|cryptoobjs|Crypto Key Created, Crypto Cert Created, Pem/Crt created in *testdomain\pubcert* path|True
+2d|Private Key Cert Add with Alias *testdomain\cert* path|Will create new Cert, Key and Pem/crt entry in *testdomain\cert* path with PAM Credentials|False|cryptoobjs|Crypto Key Created, Crypto Cert Created, Pem/Crt created in *testdomain\pubcert* path gettting credentials from a PAM Provider|True
+3a|Private Key Cert Overwrite with Alias *testdomain\cert* path|Will Replaced Cert, Key and Pem/crt entry in *testdomain\cert* path|true|cryptoobjs|Crypto Key Replaced, Crypto Cert Replaced, Pem/Crt Replaced in *testdomain\pubcert* path|True
+3b|Private Key Cert Add without Alias *testdomain\cert* path|Will create new Cert, Key and Pem/crt entry with GUID as name in *testdomain\cert* path|False|cryptoobjs|Crypto Key Created, Crypto Cert Created, Pem/Crt created with GUID as name in *testdomain\cert* path|True
+4|Remove Private Key and Cert From Default Domain|Remove Private Key and Cert From Default Domain|False|cryptoobjs|Crypto Certificate, Crypto Key and Pem/Crt are removed from Data Power|True
+4a|Remove Private Key and Cert From *testdomain\cert* path|Remove Private Key and Cert From *testdomain\cert* path|False|cryptoobjs|Crypto Certificate, Crypto Key and Pem/Crt are removed from Data Power *testdomain\cert* path|True
+4b|Remove PubCert|Remove PubCert|False|cryptoobjs|Error Occurs, cannot remove Public Certs|True
+4c|Remove Private Key and Cert From *testdomain\cert* path with PAM Credentials|Remove Private Key and Cert From *testdomain\cert* path using credentials stored in a PAM Provider|False|cryptoobjs|Crypto Certificate, Crypto Key and Pem/Crt are removed from Data Power *testdomain\cert* path|True
+
+*** 
+
+

docsource/content.md

@@ -0,0 +1,4 @@
+## Keyfactor Orchestrator Integration: DataPower Setup
+
+### Overview
+

docsource/datapower.md

@@ -0,0 +1,20 @@
+## Overview
+
+TODO Overview is a required section
+
+## Requirements
+
+TODO Requirements is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+
+## Discovery Job Configuration
+
+TODO Discovery Job Configuration is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+
+## Certificate Store Configuration
+
+TODO Certificate Store Configuration is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+
+## Global Store Type Section
+
+TODO Global Store Type Section is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+

docsource/fortiweb.md

@@ -3,13 +3,20 @@
   "integration_type": "orchestrator",
   "name": "DataPower Orchestrator",
   "status": "production",
+  "update_catalog": true,
+  "link_github": true,
+  "support_level": "kf-supported",
+  "release_project": "DataPower/DataPower.csproj",
+  "release_dir": "DataPower/bin/Release",
   "description": "The IBM DataPower Orchestrator allows for the management of certificates in the IBM Datapower platform. Inventory, Add and Remove functions are supported. This integration can add/replace certificates in any domain\\directory combination. ",
   "link_github": false,
   "update_catalog": false,
   "about": {
     "orchestrator": {
-      "UOFramework": "10.1",
+      "UOFramework": "10.4",
+      "keyfactor_platform_version": "10.4",
       "pam_support": true,
+      "keyfactor_platform_version": "10.4",
       "win": {
         "supportsCreateStore": false,
         "supportsDiscovery": false,
@@ -27,7 +34,109 @@
         "supportsReenrollment": false,
         "supportsInventory": true,
         "platformSupport": "Unused"
-      }
+      },
+      "store_types": [
+        {
+          "Name": "IBM Data Power",
+          "ShortName": "DataPower",
+          "Capability": "DataPower",
+          "LocalStore": false,
+          "SupportedOperations": {
+            "Add": true,
+            "Create": false,
+            "Discovery": false,
+            "Enrollment": false,
+            "Remove": false
+          },
+          "Properties": [
+            {
+              "Name": "ServerUsername",
+              "DisplayName": "Server Username",
+              "Type": "Secret",
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": true,
+              "Description": "Api UserName for DataPower. (or valid PAM key if the username is stored in a KF Command configured PAM integration)."
+            },
+            {
+              "Name": "ServerPassword",
+              "DisplayName": "Server Password",
+              "Type": "Secret",
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": true,
+              "Description": "A password for DataPower API access.  Used for inventory.(or valid PAM key if the password is stored in a KF Command configured PAM integration)."
+            },
+            {
+              "Name": "ServerUseSsl",
+              "DisplayName": "Use SSL",
+              "Type": "Bool",
+              "DependsOn": "",
+              "DefaultValue": "true",
+              "Required": true,
+              "Description": "Should be true, http is not supported."
+            },
+            {
+              "Name": "InventoryBlackList",
+              "DisplayName": "Inventory Black List",
+              "Type": "String",
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": false,
+              "Description": "Comma seperated list of alias values you do not want to inventory from DataPower."
+            },
+            {
+              "Name": "Protocol",
+              "DisplayName": "Protocol Name",
+              "Type": "String",
+              "DependsOn": "",
+              "DefaultValue": "https",
+              "Required": true,
+              "IsPAMEligible": false,
+              "Description": "Comma seperated list of alias values you do not want to inventory from DataPower."
+            },
+            {
+              "Name": "PublicCertStoreName",
+              "DisplayName": "Public Cert Store Name",
+              "Type": "String",
+              "DependsOn": "",
+              "DefaultValue": "pubcert",
+              "Required": true,
+              "IsPAMEligible": false,
+              "Description": "This probably will remain pubcert unless someone changed the default name in DataPower."
+            },
+            {
+              "Name": "InventoryPageSize",
+              "DisplayName": "Inventory Page Size",
+              "Type": "String",
+              "DependsOn": "",
+              "DefaultValue": "100",
+              "Required": true,
+              "IsPAMEligible": false,
+              "Description": "This determines the page size during the inventory calls. (100 should be fine)."
+            }
+          ],
+          "EntryParameters": [],
+          "ClientMachineDescription": "The Client Machine field should contain the IP or Domain name and Port Needed for REST API Access.  For SSH Access, Port 22 will be used.",
+          "StorePathDescription": "The Store Path field should always be / unless we later determine there are alternate locations needed.",
+          "PasswordOptions": {
+            "EntrySupported": false,
+            "StoreRequired": false,
+            "Style": "Default"
+          },
+          "PrivateKeyAllowed": "Optional",
+          "JobProperties": [
+
+          ],
+          "ServerRequired": true,
+          "PowerShell": false,
+          "BlueprintAllowed": false,
+          "CustomAliasAllowed": "Required"
+        }
+      ]
     }
   }
 }