ab#66563

.github/workflows/keyfactor-bootstrap-workflow.yml → .github/workflows/keyfactor-starter-workflow.yml

@@ -1,4 +1,4 @@
-name: Keyfactor Bootstrap Workflow
+name: Keyfactor Bootstrap Workflow 
 
 on:
   workflow_dispatch:
@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

F5WafOrchestrator.sln

@@ -1,8 +1,9 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "F5WafOrchestrator", "F5WafOrchestrator\F5WafOrchestrator.csproj", "{3645725A-2C84-4536-9A04-4F4CEDF30B21}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "F5WafOrchestrator.Tests", "F5WafOrchestrator.Tests\F5WafOrchestrator.Tests.csproj", "{E53E4095-667E-4F26-B596-28DC0E5CEEED}"
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35312.102
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "F5WafOrchestrator", "F5WafOrchestrator\F5WafOrchestrator.csproj", "{3645725A-2C84-4536-9A04-4F4CEDF30B21}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -12,12 +13,11 @@ Global
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.Deploy.0 = Debug|Any CPU
 		{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Release|Any CPU.Build.0 = Release|Any CPU
-		{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.Deploy.0 = Debug|Any CPU
-		{E53E4095-667E-4F26-B596-28DC0E5CEEED}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{E53E4095-667E-4F26-B596-28DC0E5CEEED}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{E53E4095-667E-4F26-B596-28DC0E5CEEED}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{E53E4095-667E-4F26-B596-28DC0E5CEEED}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
 	EndGlobalSection
 EndGlobal

F5WafOrchestrator/CA/Discovery.cs

@@ -18,6 +18,10 @@
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
 namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.CA;
 
 public class Discovery : Job, IDiscoveryJobExtension

F5WafOrchestrator/CA/Inventory.cs

@@ -18,6 +18,10 @@
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
 namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.CA;
 
 public class Inventory : Job, IInventoryJobExtension

F5WafOrchestrator/CA/Management.cs

@@ -18,6 +18,8 @@
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 
+using System;
+
 namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.CA;
 
 public class Management : Job, IManagementJobExtension

F5WafOrchestrator/F5WafClient.cs

@@ -12,6 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+using System;
+using System.IO;
+using System.Linq;
+using System.Collections.Generic;
 using System.Net.Http.Headers;
 using System.Text;
 using System.Text.Json;
@@ -24,8 +28,7 @@
 using Newtonsoft.Json.Linq;
 using Org.BouncyCastle.Pkcs;
 using System.Net;
-using Org.BouncyCastle.Asn1.Ocsp;
-using System.Xml.Linq;
+using System.Net.Http;
 
 namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.Client;
 

F5WafOrchestrator/F5WafOrchestrator.csproj

@@ -1,13 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
-        <TargetFramework>net6.0</TargetFramework>
-        <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
-        <ImplicitUsings>enable</ImplicitUsings>
-        <Nullable>enable</Nullable>
-        <RootNamespace>Keyfactor.Extensions.Orchestrator.F5WafOrchestrator</RootNamespace>
-        <LangVersion>latest</LangVersion>
+      <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+      <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
+      <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+      <ImplicitUsings>disable</ImplicitUsings>
     </PropertyGroup>
 
     <ItemGroup>
@@ -19,31 +16,10 @@
         <PackageReference Include="netvmomi.Models" Version="1.0.16" />
         <PackageReference Include="RestSharp.Authenticators.Digest" Version="1.3.1" />
         <PackageReference Include="System.Diagnostics.Debug" Version="4.3.0" />
-    </ItemGroup>
 
-    <ItemGroup>
         <None Update="manifest.json">
             <CopyToOutputDirectory>Always</CopyToOutputDirectory>
         </None>
     </ItemGroup>
 
-    <ItemGroup>
-      <Reference Include="BouncyCastle.Crypto">
-        <HintPath>..\..\..\..\..\..\Program Files\Keyfactor\Keyfactor Orchestrator\BouncyCastle.Crypto.dll</HintPath>
-      </Reference>
-    </ItemGroup>
-
-    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-        <DefineConstants></DefineConstants>
-        <BaseOutputPath></BaseOutputPath>
-        <OutputPath>$(BaseOutputPath)</OutputPath>
-        <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
-        <AppendRuntimeIdentifierToOutputPath>false</AppendRuntimeIdentifierToOutputPath>
-
-    </PropertyGroup>
-
-    <Target Name="PreBuild" BeforeTargets="PreBuildEvent">
-      <Exec Command="echo F | xcopy &quot;$(ProjectDir)manifest.json&quot; &quot;$(TargetDir)\manifest.json&quot; /Y" />
-    </Target>
-
 </Project>

F5WafOrchestrator/TLS/Discovery.cs

@@ -18,6 +18,10 @@
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
 namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.TLS;
 
 public class Discovery : Job, IDiscoveryJobExtension

F5WafOrchestrator/TLS/Inventory.cs

@@ -17,6 +17,10 @@
 using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Text.RegularExpressions;
 
 namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.TLS;

F5WafOrchestrator/TLS/Management.cs

@@ -18,6 +18,8 @@
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 
+using System;
+
 namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.TLS;
 
 public class Management : Job, IManagementJobExtension

docsource/content.md

@@ -0,0 +1,19 @@
+## Overview
+
+The Fortigate Orchestrator Extension supports the following use cases:
+1. Inventory of local user and factory cerificates
+2. Ability to add new local certificates
+3. Ability to renew **unbound** local user certificates
+4. Ability to delete **unbound** local user certificates
+
+The Fortigate Orchestrator Extension DOES NOT support the following use cases:
+1. The renewal or removal of certificates enrolled through the internal Fortigate CA
+2. The renewal or removal of factory certificates
+3. The renewal or removal of ANY certificate bound to a Fortigate object
+4. Certificate enrollment using the internal Fortigate CA (Keyfactor's "reenrollment" or "on device key generation" use case)
+
+
+## Requirements
+
+The Fortigate Orchestrator Extension requires an API token be created in the Fortigate environment being managed.  Please review the following [instructions](https://docs.fortinet.com/document/forticonverter/7.0.1/online-help/866905/connect-fortigate-device-via-api-token) for creating an API token to be used in this integration. 
+

docsource/f5wafTls.md

@@ -0,0 +1 @@
+## Overview

integration-manifest.json

@@ -6,33 +6,16 @@
   "link_github": true,
   "update_catalog": true,
   "release_dir": "F5WafOrchestrator/bin/Release",
+  "release_project": "F5WafOrchestrator/F5WafOrchestrator.csproj",
   "support_level": "kf-supported",
   "description": "The F5 WAF Orchestrator is an extension to the Keyfactor Universal Orchestrator. It Integrates with Multi-Cloud App Connect, which is F5 Distributed Cloud's service for connecting apps across clouds and within on premise installationss using load balancers. The purpose of the F5 WAF orchestrator is to manage the TLS and CA Root certificates. The TLS certificates may be bound to load balancers.  The orchestrator facilitates the inventory, addition, renewal, and removal of these certificates as well as the discovery of namespaces (certificate stores) within the F5 Multi-Cloud App Connect instance.",
   "about": {
     "orchestrator": {
       "UOFramework": "10.4.1",
       "pam_support": true,
       "keyfactor_platform_version": "9.10",
-      "win": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": true,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "linux": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": true,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "store_types": {
-        "f5WafTls": {
+      "store_types": [
+        {
           "Name": "F5 WAF TLS",
           "ShortName": "f5WafTls",
           "Capability": "f5WafTls",
@@ -57,7 +40,7 @@
           "BlueprintAllowed": true,
           "CustomAliasAllowed": "Required"
         },
-        "f5WafCa": {
+        {
           "Name": "F5 WAF CA",
           "ShortName": "f5WafCa",
           "Capability": "f5WafCa",
@@ -68,7 +51,28 @@
             "Enrollment": false,
             "Remove": true
           },
-          "Properties": [],
+          "Properties": [
+            {
+              "Name": "ServerUsername",
+              "DisplayName": "Server Username",
+              "Type": "Secret",
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": true,
+              "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+            },
+            {
+              "Name": "ServerPassword",
+              "DisplayName": "Server Password",
+              "Type": "Secret",
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": true,
+              "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+            }
+          ],
           "EntryParameters": [],
           "PasswordOptions": {
             "EntrySupported": false,
@@ -82,7 +86,7 @@
           "BlueprintAllowed": true,
           "CustomAliasAllowed": "Required"
         }
-      }
+      ]
     }
   }
 }