diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml new file mode 100644 index 0000000..6d8de53 --- /dev/null +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -0,0 +1,19 @@ +name: Keyfactor Bootstrap Workflow + +on: + workflow_dispatch: + pull_request: + types: [opened, closed, synchronize, edited, reopened] + push: + create: + branches: + - 'release-*.*' + +jobs: + call-starter-workflow: + uses: keyfactor/actions/.github/workflows/starter.yml@v2 + secrets: + token: ${{ secrets.V2BUILDTOKEN}} + APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} + gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} + gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..27e19aa --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,6 @@ +- 1.0.1 + - Switched order of cert/key submission + - additional logging + +- 1.0.0 + - initial release \ No newline at end of file diff --git a/README.md b/README.md index a781231..13818cf 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,23 @@ + # Orchestrator Extension for Alteon Load Balancer The Alteon Load Balancer integration allows you to manage certificates within the Alteon Load Balancer device. -#### Integration status: Prototype - Demonstration quality. Not for use in customer environments. +#### Integration status: Production - Ready for use in production environments. + +## About the Keyfactor Universal Orchestrator Extension + +This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications. -## About the Keyfactor Universal Orchestrator Capability +The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Extensions, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Extension see below in this readme. -This repository contains a Universal Orchestrator Capability which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications. +The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator. -The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Capabilities, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Capability, see below in this readme. +## Support for Orchestrator Extension for Alteon Load Balancer + +Orchestrator Extension for Alteon Load Balancer is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com -The Universal Orchestrator is the successor to the Windows Orchestrator. This Capability plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator. +###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. @@ -22,12 +29,12 @@ Orchestrator Extension for Alteon Load Balancer is supported by Keyfactor for Ke ___ - --- +## Keyfactor Version Supported - +The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.4 ## Platform Specific Notes The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running. @@ -37,12 +44,10 @@ The Keyfactor Universal Orchestrator may be installed on either Windows or Linux |Supports Management Remove|✓ |✓ | |Supports Create Store| | | |Supports Discovery| | | -|Supports Renrollment| | | +|Supports Reenrollment| | | |Supports Inventory|✓ |✓ | - - --- @@ -137,3 +142,6 @@ The steps to do this are: [Apache](https://apache.org/licenses/LICENSE-2.0) +When creating cert store type manually, that store property names and entry parameter names are case sensitive + + diff --git a/alteon-orchestrator.sln b/alteon-orchestrator.sln index be5971e..1fde54a 100644 --- a/alteon-orchestrator.sln +++ b/alteon-orchestrator.sln @@ -1,12 +1,13 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.32413.511 +# Visual Studio Version 17 +VisualStudioVersion = 17.9.34902.65 MinimumVisualStudioVersion = 10.0.40219.1 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "alteon-orchestrator", "alteon-orchestrator\alteon-orchestrator.csproj", "{E3D51525-B1FB-4B14-B7AD-0430A8718DEE}" EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{583BA6E4-B528-45FE-B027-3ECE30FB7500}" ProjectSection(SolutionItems) = preProject + CHANGELOG.md = CHANGELOG.md integration-manifest.json = integration-manifest.json readme_source.md = readme_source.md EndProjectSection diff --git a/alteon-orchestrator/AlteonLoadBalancerClient.cs b/alteon-orchestrator/AlteonLoadBalancerClient.cs index a024cec..18db854 100644 --- a/alteon-orchestrator/AlteonLoadBalancerClient.cs +++ b/alteon-orchestrator/AlteonLoadBalancerClient.cs @@ -32,11 +32,11 @@ public AlteonLoadBalancerClient(string baseUrl, string username, string password { var options = new RestClientOptions(baseUrl) { - RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true + RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true, + Authenticator = new HttpBasicAuthenticator(username, password) + }; _restClient = new RestClient(options); - - _restClient.Authenticator = new HttpBasicAuthenticator(username, password); } public async Task GetCertificates() @@ -77,9 +77,14 @@ public async Task GetCertificatesById(string id public string GetCertificateContent(string certId) { + logger.MethodEntry(); var request = new RestRequest(Endpoints.CertificateContent); request.AddQueryParameter("id", certId); request.AddQueryParameter("type", "srvcrt"); + var fullUri = _restClient.BuildUri(request); + + logger.LogTrace($"making request to get certificate to uri: {fullUri}"); + try { var response = _restClient.DownloadData(request); @@ -96,6 +101,7 @@ public string GetCertificateContent(string certId) public async Task AddCertificate(string alias, string pfxPassword, string certContents, string type) { + logger.MethodEntry(); var request = new RestRequest(Endpoints.AddCertificate, Method.Post); request.AddQueryParameter("id", alias); request.AddQueryParameter("type", type); @@ -103,6 +109,8 @@ public async Task AddCertificate(string alias, string pfxPassword, string certCo request.AddQueryParameter("src", "txt"); request.AddBody(certContents); + var fullUri = _restClient.BuildUri(request); + logger.LogTrace($"posting certificate to the uri {fullUri}"); try { @@ -117,10 +125,13 @@ public async Task AddCertificate(string alias, string pfxPassword, string certCo logger.LogError(ex.Message, ex); throw; } + logger.MethodExit(); } internal async Task RemoveCertificate(string alias) { + logger.MethodEntry(); + var existing = (await GetCertificatesById(alias)).SlbNewSslCfgCertsTable; if (existing.Count == 0) { @@ -132,7 +143,8 @@ internal async Task RemoveCertificate(string alias) { var url = $"{Endpoints.CertificateRepository}/{c.ID}/{c.Type}"; var request = new RestRequest(url, Method.Delete); - + var fullUri = _restClient.BuildUri(request); + logger.LogTrace($"making request to remove certificate to uri {fullUri}"); var response = _restClient.DeleteAsync(request).Result; if (!response.IsSuccessful) @@ -146,6 +158,7 @@ internal async Task RemoveCertificate(string alias) logger.LogError(ex.Message, ex); throw; } + logger.MethodExit(); } } } diff --git a/alteon-orchestrator/Jobs/Management.cs b/alteon-orchestrator/Jobs/Management.cs index 166dca7..e7faf4a 100644 --- a/alteon-orchestrator/Jobs/Management.cs +++ b/alteon-orchestrator/Jobs/Management.cs @@ -110,12 +110,16 @@ protected virtual async Task PerformAddition(string alias, string pfx { if (certType == AlteonCertTypes.CERTIFICATE_AND_KEY) { - // add key and cert separately. - await aClient.AddCertificate(alias, pfxPassword, pemCert, AlteonCertTypes.CERT_ONLY); + // add key and cert separately. + // this needs to be done in the following order: key, then cert (per Alteon support) + logger.LogTrace($"adding key and then certificate for certificate with alias {alias}"); + await aClient.AddCertificate(alias, pfxPassword, pemKey, AlteonCertTypes.KEY_ONLY); + await aClient.AddCertificate(alias, pfxPassword, pemCert, AlteonCertTypes.CERT_ONLY); } else { + logger.LogTrace($"Adding certificate only for certificate with alias {alias}"); await aClient.AddCertificate(alias, pfxPassword, pemCert, certType); } complete.Result = OrchestratorJobStatusJobResult.Success; diff --git a/alteon-orchestrator/alteon-orchestrator.csproj b/alteon-orchestrator/alteon-orchestrator.csproj index 8f44f6b..26ab37d 100644 --- a/alteon-orchestrator/alteon-orchestrator.csproj +++ b/alteon-orchestrator/alteon-orchestrator.csproj @@ -20,7 +20,7 @@ - + diff --git a/integration-manifest.json b/integration-manifest.json index fe6c5d3..3a9a7a9 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -6,9 +6,12 @@ "support_level": "kf-supported", "update_catalog": true, "link_github": true, + "release_dir": "alteon-orchestrator\\bin\\Release", "description": "The Alteon Load Balancer integration allows you to manage certificates within the Alteon Load Balancer device.", "about": { "orchestrator": { + "keyfactor_platform_version": "10.4", + "UOFramework": "10.4", "win": { "supportsCreateStore": false, "supportsDiscovery": false,