Skip to content

Commit

Permalink
Merge pull request #16 from Keyfactor/release-2.1
Browse files Browse the repository at this point in the history
Release 2.1.2 to main
  • Loading branch information
fiddlermikey authored Feb 2, 2024
2 parents 6614ca2 + 3108cd8 commit cdd3f1c
Show file tree
Hide file tree
Showing 6 changed files with 71 additions and 46 deletions.
55 changes: 16 additions & 39 deletions .github/workflows/keyfactor-starter-workflow.yml
Original file line number Diff line number Diff line change
@@ -1,42 +1,19 @@
name: Starter Workflow
on: [workflow_dispatch, push, pull_request]
name: Keyfactor Bootstrap Workflow

jobs:
call-create-github-release-workflow:
uses: Keyfactor/actions/.github/workflows/github-release.yml@main

get-manifest-properties:
runs-on: windows-latest
outputs:
update_catalog: ${{ steps.read-json.outputs.prop }}
steps:
- uses: actions/checkout@v3
- name: Read json
id: read-json
shell: pwsh
run: |
$json = Get-Content integration-manifest.json | ConvertFrom-Json
echo "::set-output name=prop::$(echo $json.update_catalog)"
call-dotnet-build-and-release-workflow:
needs: [call-create-github-release-workflow]
uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main
with:
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
release_dir: GCPLoadBalancer/bin/Release/netcoreapp3.1
secrets:
token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }}
on:
workflow_dispatch:
pull_request:
types: [opened, closed, synchronize, edited, reopened]
push:
create:
branches:
- 'release-*.*'

call-generate-readme-workflow:
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
jobs:
call-starter-workflow:
uses: keyfactor/actions/.github/workflows/starter.yml@v2
secrets:
token: ${{ secrets.APPROVE_README_PUSH }}

call-update-catalog-workflow:
needs: get-manifest-properties
if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
secrets:
token: ${{ secrets.SDK_SYNC_PAT }}
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
v2.1.2
- Bug Fix: Private key entry return value - set to True

v2.1.1
- Modify to include root certificate in certificate chain during a Managment-Add (cert add/renewal) job

v2.1.0
- Added status checking between steps when renewing a bound certificate

Expand Down
4 changes: 2 additions & 2 deletions GCPLoadBalancer/GCPStore.cs
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ public List<CurrentInventoryItem> list()
Alias = sslCertificate.Name,
Certificates = new string[] { sslCertificate.Certificate },
ItemStatus = OrchestratorInventoryItemStatus.Unknown,
PrivateKeyEntry = false,
PrivateKeyEntry = true,
UseChainLevel = false
});
}
Expand All @@ -228,7 +228,7 @@ public List<CurrentInventoryItem> list()
Alias = sslCertificate.Name,
Certificates = new string[] { sslCertificate.SelfManaged.Certificate },
ItemStatus = OrchestratorInventoryItemStatus.Unknown,
PrivateKeyEntry = false,
PrivateKeyEntry = true,
UseChainLevel = false
});
}
Expand Down
5 changes: 3 additions & 2 deletions GCPLoadBalancer/Management.cs
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,9 @@ public class Management : IManagementJobExtension
string certPem = string.Empty;
foreach (X509CertificateEntry certEntry in p.GetCertificateChain(alias))
{
if (certEntry.Certificate.IssuerDN.ToString() == certEntry.Certificate.SubjectDN.ToString())
continue;
//commenting out code to remove root certificate from chain.
//if (certEntry.Certificate.IssuerDN.ToString() == certEntry.Certificate.SubjectDN.ToString())
// continue;
certPem += (certStart + pemify(Convert.ToBase64String(certEntry.Certificate.GetEncoded())) + certEnd + "\n");
}

Expand Down
7 changes: 5 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the manage

#### Integration status: Production - Ready for use in production environments.


## About the Keyfactor Universal Orchestrator Extension

This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” &mdash; collections of certificates and roots of trust that are found within and used by various applications.
Expand All @@ -13,20 +14,22 @@ The Universal Orchestrator is part of the Keyfactor software distribution and is
The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator.



## Support for GCP Load Balancer

GCP Load Balancer is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative.

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.



---




## Keyfactor Version Supported

The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1

## Platform Specific Notes

The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running.
Expand Down
40 changes: 39 additions & 1 deletion integration-manifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,12 @@
"update_catalog": true,
"link_github": true,
"support_level": "kf-supported",
"release_dir": "GCPLoadBalancer/bin/Release/netcoreapp3.1",
"description": "The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores. Inventory, Management-Add, and Management-Remove functions are supported. Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates). The orchestrator uses the Google Cloud Compute Engine API (https://cloud.google.com/compute/docs/reference/rest/v1) to manage stores.",
"about": {
"orchestrator": {
"UOFramework": "10.1",
"keyfactor_platform_version": "9.10",
"win": {
"supportsCreateStore": false,
"supportsDiscovery": false,
Expand All @@ -26,7 +29,42 @@
"supportsReenrollment": false,
"supportsInventory": false,
"platformSupport": "Unused"
},
"store_types": {
"GCPLoadBal": {
"Name": "GCP Load Balancer",
"ShortName": "GCPLoadBal",
"Capability": "GCPLoadBal",
"ServerRequired": false,
"BlueprintAllowed": false,
"CustomAliasAllowed": "Optional",
"PowerShell": false,
"PrivateKeyAllowed": "Required",
"SupportedOperations": {
"Add": true,
"Create": false,
"Discovery": false,
"Enrollment": false,
"Remove": true
},
"PasswordOptions": {
"Style": "Default",
"EntrySupported": false,
"StoreRequired": false
},
"Properties": [
{
"Name": "jsonKey",
"DisplayName": "Service Account Key",
"Required": true,
"DependsOn": "",
"Type": "Secret",
"DefaultValue": ""
}
],
"EntryParameters": []
}
}
}
}
}
}

0 comments on commit cdd3f1c

Please sign in to comment.