From 4721f1138972dbbb21d23fd75a7b58dbe45e2fb0 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 23 Jan 2025 09:57:56 -0800 Subject: [PATCH 1/6] fix(auth): When using `oauth` pass empty slice for `scopes` if no scopes are provided, rather than default scope `openid` Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 40 ++++++++++++++++++++-------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/go.mod b/go.mod index e0f9465..29bf07e 100644 --- a/go.mod +++ b/go.mod @@ -6,10 +6,10 @@ toolchain go1.23.2 require ( github.com/AlecAivazis/survey/v2 v2.3.7 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 github.com/Jeffail/gabs v1.4.0 - github.com/Keyfactor/keyfactor-auth-client-go v1.1.1-rc.0 + github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.6 github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0 github.com/Keyfactor/keyfactor-go-client/v3 v3.0.0 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 @@ -22,8 +22,8 @@ require ( github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.10.0 - golang.org/x/crypto v0.30.0 - golang.org/x/term v0.27.0 + golang.org/x/crypto v0.32.0 + golang.org/x/term v0.28.0 gopkg.in/yaml.v3 v3.0.1 //github.com/google/go-cmp/cmp v0.5.9 ) @@ -50,9 +50,9 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/spbsoluble/go-pkcs12 v0.3.3 // indirect go.mozilla.org/pkcs7 v0.9.0 // indirect - golang.org/x/net v0.32.0 // indirect - golang.org/x/oauth2 v0.24.0 // indirect - golang.org/x/sys v0.28.0 // indirect + golang.org/x/net v0.34.0 // indirect + golang.org/x/oauth2 v0.25.0 // indirect + golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index 8de6d9d..dc67cbc 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,11 @@ github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ= github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 h1:1mvYtZfWQAnwNah/C+Z+Jb9rQH95LPE2vlmMuWAHJk8= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1/go.mod h1:75I/mXtme1JyWFtz8GocPHVFyH421IBoZErnO16dd0k= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1 h1:Bk5uOhSAenHyR5P61D/NzeQCv+4fEVV8mOkJ82NqpWw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1/go.mod h1:QZ4pw3or1WPmRBxf0cHd1tknzrT54WPBOQoGutCPvSU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0 h1:WLUIpeyv04H0RCcQHaA4TNoyrQ39Ox7V+re+iaqzTe0= @@ -18,8 +18,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5g github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= -github.com/Keyfactor/keyfactor-auth-client-go v1.1.1-rc.0 h1:/N/7pBj/oTUM1cYga2NvKyA4q6nfE0acciJHZqKC9Ug= -github.com/Keyfactor/keyfactor-auth-client-go v1.1.1-rc.0/go.mod h1:yw92P9gSYVEyWkiUAJFsb7hjhXa8slN1+yTQgjSgovM= +github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.6 h1:JCWq/4RFsIDKlWL5QTevlzNg9dAGRzzYcSM6JylmxGk= +github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.6/go.mod h1:7htRcBIWn+X4fI5jaYBALSYwP84H/djN7d8y3n0ZDQ0= github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0 h1:ehk5crxEGVBwkC8yXsoQXcyITTDlgbxMEkANrl1dA2Q= github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0/go.mod h1:11WXGG9VVKSV0EPku1IswjHbGGpzHDKqD4pe2vD7vas= github.com/Keyfactor/keyfactor-go-client/v3 v3.0.0 h1:yMChWRnnxmcgLt6kEQ3FZfteps05v/qot5KXLXxa6so= @@ -89,8 +89,8 @@ github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjL github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= -github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= +github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= +github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= @@ -114,16 +114,16 @@ go.mozilla.org/pkcs7 v0.9.0 h1:yM4/HS9dYv7ri2biPtxt8ikvB37a980dg69/pKmS+eI= go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -141,12 +141,12 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= From cadaf8948c19b811f939daeb7d728aac6dda1196 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 23 Jan 2025 10:57:29 -0800 Subject: [PATCH 2/6] chore(docs): Update CHANGELOG.md Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 010f977..900af0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# v1.6.1 + +## Fixes + +### CLI + +- `auth`: When using `oauth` pass empty list for `scopes` if no scopes are provided, rather than default scope `openid` + # v1.6.0 ## Features From 0cb56625353b0b3b4adefff54655b4fbcf66bf45 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 23 Jan 2025 12:44:17 -0800 Subject: [PATCH 3/6] fix(auth): Output env and config file errors when both are encountered rather than just config file errors. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- cmd/root.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index ee21fc1..22ec1cb 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -210,7 +210,10 @@ func getServerConfigFromEnv() (*auth_providers.Server, error) { } log.Error().Msg("unable to authenticate with provided credentials") - return nil, fmt.Errorf("incomplete environment variable configuration") + return nil, fmt.Errorf( + "incomplete environment variable configuration, " + + "please provide basic auth credentials or oAuth credentials", + ) } @@ -617,7 +620,15 @@ func initClient(saveConfig bool) (*api.Client, error) { Err(envCfgErr). Msg("unable to authenticate to Keyfactor Command") log.Debug().Msg("return: initClient()") - return nil, cfgErr + + //combine envCfgErr and cfgErr and return + outErr := fmt.Errorf( + "Environment Authentication Error:\r\n%s\r\n\r\nConfiguration File Authentication Error:\r\n%s", + envCfgErr, + cfgErr, + ) + + return nil, outErr } // initGenClient initializes the SDK Command API client From e84b8c039f9b00ab7bd6e38a84f4a40f7e9330cf Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 23 Jan 2025 13:08:39 -0800 Subject: [PATCH 4/6] chore(store-types): Update `store_types.json` Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- store_types.json | 929 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 653 insertions(+), 276 deletions(-) diff --git a/store_types.json b/store_types.json index caeb3df..72678ee 100644 --- a/store_types.json +++ b/store_types.json @@ -1,12 +1,12 @@ [ { - "Name": "Azure Keyvault", "BlueprintAllowed": false, "Capability": "AKV", "CustomAliasAllowed": "Optional", - "EntryParameters": null, + "EntryParameters": [], "JobProperties": [], "LocalStore": false, + "Name": "Azure Keyvault", "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -20,7 +20,6 @@ "DisplayName": "Tenant Id", "Type": "String", "DependsOn": "", - "DefaultValue": null, "Required": false }, { @@ -44,7 +43,7 @@ "DisplayName": "Azure Cloud", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "public,china,germany,government", + "DefaultValue": "public,china,government", "Required": false }, { @@ -52,7 +51,6 @@ "DisplayName": "Private KeyVault Endpoint", "Type": "String", "DependsOn": "", - "DefaultValue": null, "Required": false } ], @@ -81,6 +79,14 @@ "Remove": true }, "Properties": [ + { + "Name": "UseEC2AssumeRole", + "DisplayName": "Assume new Account / Role in EC2", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + }, { "Name": "UseOAuth", "DisplayName": "Use OAuth 2.0 Provider", @@ -97,6 +103,14 @@ "DefaultValue": "false", "Required": true }, + { + "Name": "EC2AssumeRole", + "DisplayName": "AWS Role to Assume (EC2)", + "Type": "String", + "DependsOn": "UseEC2AssumeRole", + "DefaultValue": null, + "Required": false + }, { "Name": "OAuthScope", "DisplayName": "OAuth Scope", @@ -137,6 +151,14 @@ "DefaultValue": null, "Required": false }, + { + "Name": "ExternalId", + "DisplayName": "sts:ExternalId", + "Type": "String", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, { "Name": "ServerUsername", "DisplayName": "Server Username", @@ -1240,7 +1262,11 @@ "Name": "CitrixAdc", "ShortName": "CitrixAdc", "Capability": "CitrixAdc", - "LocalStore": false, + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Required", "SupportedOperations": { "Add": true, "Create": false, @@ -1248,38 +1274,20 @@ "Enrollment": false, "Remove": true }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, "Properties": [ - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": null, - "DefaultValue": "true", - "Required": true - }, { "Name": "linkToIssuer", "DisplayName": "Link To Issuer", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "Determines whether an attempt will be made to link the added certificate (via a Management-Add job) to its issuing CA certificate." } ], "EntryParameters": [ @@ -1287,6 +1295,7 @@ "Name": "virtualServerName", "DisplayName": "Virtual Server Name", "Type": "String", + "Description": "When adding a certificate, this can be a single VServer name or a comma separated list of VServers to bind to Note: must match the number of Virtual SNI Cert values.", "RequiredWhen": { "HasPrivateKey": false, "OnAdd": false, @@ -1298,32 +1307,125 @@ "Name": "sniCert", "DisplayName": "SNI Cert", "Type": "String", + "Description": "When adding a certificate, this can be a single boolean value (true/false) or a comma separated list of boolean values to determine whether the binding should use server name indication. Note: must match the number of Virtual Server Name values.", "RequiredWhen": { "HasPrivateKey": false, - "OnAdd": true, + "OnAdd": false, "OnRemove": false, "OnReenrollment": false - }, - "DefaultValue": "FALSE" + } + } + ], + "ClientMachineDescription": "The DNS or IP Address of the Citrix ADC Appliance.", + "StorePathDescription": "The path where certificate files are located on the Citrix ADC appliance. This value will likely be /nsconfig/ssl/" + }, + { + "Name": "IBM Data Power", + "ShortName": "DataPower", + "Capability": "DataPower", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "Api UserName for DataPower. (or valid PAM key if the username is stored in a KF Command configured PAM integration)." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "A password for DataPower API access. Used for inventory.(or valid PAM key if the password is stored in a KF Command configured PAM integration)." + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Should be true, http is not supported." + }, + { + "Name": "InventoryBlackList", + "DisplayName": "Inventory Black List", + "Type": "String", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "Comma seperated list of alias values you do not want to inventory from DataPower." + }, + { + "Name": "Protocol", + "DisplayName": "Protocol Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": "https", + "Required": true, + "IsPAMEligible": false, + "Description": "Comma seperated list of alias values you do not want to inventory from DataPower." + }, + { + "Name": "PublicCertStoreName", + "DisplayName": "Public Cert Store Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": "pubcert", + "Required": true, + "IsPAMEligible": false, + "Description": "This probably will remain pubcert unless someone changed the default name in DataPower." + }, + { + "Name": "InventoryPageSize", + "DisplayName": "Inventory Page Size", + "Type": "String", + "DependsOn": "", + "DefaultValue": "100", + "Required": true, + "IsPAMEligible": false, + "Description": "This determines the page size during the inventory calls. (100 should be fine)." } ], + "EntryParameters": [], + "ClientMachineDescription": "The Client Machine field should contain the IP or Domain name and Port Needed for REST API Access. For SSH Access, Port 22 will be used.", + "StorePathDescription": "The Store Path field should always be / unless we later determine there are alternate locations needed.", "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, - "PrivateKeyAllowed": "Required", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Required", - "InventoryEndpoint": "/AnyInventory/Update" + "CustomAliasAllowed": "Required" }, { "Name": "F5 Big IQ", "ShortName": "F5-BigIQ", "Capability": "F5-BigIQ", - "LocalStore": false, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": false, @@ -1331,6 +1433,11 @@ "Enrollment": true, "Remove": true }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, "Properties": [ { "Name": "DeployCertificateOnRenewal", @@ -1338,7 +1445,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "This optional setting determines whether renewed certificates (Management-Add jobs with Overwrite selected) will be deployed to all linked Big IP devices. Linked devices are determined by looking at all of the client-ssl profiles that reference the renewed certificate that have an associated virtual server linked to a Big IP device. An immediate deployment is then scheduled within F5 Big IQ for each linked Big IP device." }, { "Name": "IgnoreSSLWarning", @@ -1346,7 +1454,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "If you use a self signed certificate for the F5 Big IQ portal, you will need to add this optional Custom Field and set the value to True on the managed certificate store." }, { "Name": "UseTokenAuth", @@ -1354,7 +1463,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "If you prefer to use F5 Big IQ's Token Authentication to authenticate F5 Big IQ API calls, you will need to add this optional Custom Field and set the value to True on the managed certificate store. If set to True for the store, the userid/password credentials you set for the certificate store will be used once to receive a token. This token is then used for all subsequent API calls for the duration of the job. If this option does not exist or is set to False, the userid/password credentials you set for the certificate store will be used for all API calls." }, { "Name": "LoginProviderName", @@ -1362,7 +1472,28 @@ "Type": "String", "DependsOn": "UseTokenAuth", "DefaultValue": "", - "Required": false + "Required": false, + "Description": "If Use Token Authentication is selected, you may optionally add a value for the authentication provider F5 Big IQ will use to retrieve the auth token. If you choose not to add this field or leave it blank on the certificate store (with no default value set), the default of \"TMOS\" will be used." + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 Big IQ device. MUST be an Admin account." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 Big IQ device." } ], "EntryParameters": [ @@ -1378,7 +1509,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "The name F5 Big IQ uses to identify the certificate" }, { "Name": "Overwrite", @@ -1392,7 +1524,8 @@ }, "DependsOn": "", "DefaultValue": "False", - "Options": "" + "Options": "", + "Description": "Allow overwriting an existing certificate when reenrolling?" }, { "Name": "SANs", @@ -1406,24 +1539,18 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "External SANs for the requested certificate. Each SAN must be prefixed with the type (DNS: or IP:) and multiple SANs must be delimitted by an ampersand (&). Example: DNS:server.domain.com&IP:127.0.0.1&DNS:server2.domain.com. This is an optional field." } - ], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Required", - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + ] }, { "Name": "F5 CA Profiles REST", "ShortName": "F5-CA-REST", "Capability": "F5-CA-REST", + "ServerRequired": true, + "ClientMachineDescription": "The server name or IP Address for the F5 device.", + "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1431,6 +1558,16 @@ "Enrollment": false, "Remove": true }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", "Properties": [ { "Name": "PrimaryNode", @@ -1438,7 +1575,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "", - "Required": true + "Required": true, + "Description": "Only required (and shown) if Primary Node Online Required is added and selected. Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive." }, { "Name": "PrimaryNodeCheckRetryWaitSecs", @@ -1446,7 +1584,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "120", - "Required": true + "Required": true, + "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive." }, { "Name": "PrimaryNodeCheckRetryMax", @@ -1454,31 +1593,55 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "3", - "Required": true + "Required": true, + "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing." }, { - "Name": "F5Version", - "DisplayName": "Version of F5", - "Type": "MultipleChoice", + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", "DependsOn": "", - "DefaultValue": "v12,v13,v14,v15", - "Required": true + "DefaultValue": "", + "Required": true, + "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true, + "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs." + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 device. MUST be an Admin account." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 device." }, { "Name": "ServerUseSsl", @@ -1486,50 +1649,23 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true - }, - { - "Name": "PrimaryNodeOnlineRequired", - "DisplayName": "Primary Node Online Required", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "", - "Required": true - }, - { - "Name": "IgnoreSSLWarning", - "DisplayName": "Ignore SSL Warning", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "False", - "Required": true - }, - { - "Name": "UseTokenAuth", - "DisplayName": "Use Token Authentication", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "false", - "Required": true + "Required": true, + "Description": "True if using https to access the F5 device. False if using http." } ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + "EntryParameters": [] }, { "Name": "F5 SSL Profiles REST", "ShortName": "F5-SL-REST", "Capability": "F5-SL-REST", + "ServerRequired": true, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "ClientMachineDescription": "The server name or IP Address for the F5 device.", + "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1537,6 +1673,15 @@ "Enrollment": false, "Remove": true }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Check \"No Password\" if you wish the private key of any added certificate to be set to Key Security Type \"Normal\". Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of \"Password\".", + "IsPAMEligible": true + } + }, "Properties": [ { "Name": "PrimaryNode", @@ -1544,7 +1689,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "", - "Required": true + "Required": true, + "Description": "Only required (and shown) if Primary Node Online Required is added and selected. Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive." }, { "Name": "PrimaryNodeCheckRetryWaitSecs", @@ -1552,7 +1698,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "120", - "Required": true + "Required": true, + "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive." }, { "Name": "PrimaryNodeCheckRetryMax", @@ -1560,31 +1707,55 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "3", - "Required": true + "Required": true, + "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing." }, { - "Name": "F5Version", - "DisplayName": "Version of F5", - "Type": "MultipleChoice", + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", "DependsOn": "", - "DefaultValue": "v12,v13,v14,v15", - "Required": true + "DefaultValue": "", + "Required": true, + "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true, + "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs." + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 device. MUST be an Admin account." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 device." }, { "Name": "ServerUseSsl", @@ -1592,50 +1763,23 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true - }, - { - "Name": "PrimaryNodeOnlineRequired", - "DisplayName": "Primary Node Online Required", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "", - "Required": true - }, - { - "Name": "IgnoreSSLWarning", - "DisplayName": "Ignore SSL Warning", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "False", - "Required": true - }, - { - "Name": "UseTokenAuth", - "DisplayName": "Use Token Authentication", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "false", - "Required": true + "Required": true, + "Description": "True if using https to access the F5 device. False if using http." } ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": true, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + "EntryParameters": [] }, { "Name": "F5 WS Profiles REST", "ShortName": "F5-WS-REST", "Capability": "F5-WS-REST", + "ServerRequired": true, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Forbidden", + "PowerShell": false, + "PrivateKeyAllowed": "Required", + "ClientMachineDescription": "The server name or IP Address for the F5 device.", + "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1643,6 +1787,11 @@ "Enrollment": false, "Remove": false }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, "Properties": [ { "Name": "PrimaryNode", @@ -1650,7 +1799,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "", - "Required": true + "Required": true, + "Description": "Only required (and shown) if Primary Node Online Required is added and selected. Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive." }, { "Name": "PrimaryNodeCheckRetryWaitSecs", @@ -1658,7 +1808,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "120", - "Required": true + "Required": true, + "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive." }, { "Name": "PrimaryNodeCheckRetryMax", @@ -1666,31 +1817,55 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "3", - "Required": true + "Required": true, + "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing." }, { - "Name": "F5Version", - "DisplayName": "Version of F5", - "Type": "MultipleChoice", + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", "DependsOn": "", - "DefaultValue": "v12,v13,v14,v15", - "Required": true + "DefaultValue": "", + "Required": true, + "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true, + "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs." + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 device. MUST be an Admin account." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 device." }, { "Name": "ServerUseSsl", @@ -1698,45 +1873,79 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "True if using https to access the F5 device. False if using http." + } + ], + "EntryParameters": [] + }, + { + "Name": "FortiWeb", + "ShortName": "FortiWeb", + "Capability": "FortiWeb", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "A username for CLI/SSH and REST API access. Used for inventory. (or valid PAM key if the username is stored in a KF Command configured PAM integration)." }, { - "Name": "PrimaryNodeOnlineRequired", - "DisplayName": "Primary Node Online Required", - "Type": "Bool", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", "DependsOn": "", "DefaultValue": "", - "Required": true + "Required": false, + "IsPAMEligible": true, + "Description": "A password for CLI/SSH and REST API access. Used for inventory.(or valid PAM key if the password is stored in a KF Command configured PAM integration)." }, { - "Name": "IgnoreSSLWarning", - "DisplayName": "Ignore SSL Warning", + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", "Type": "Bool", "DependsOn": "", - "DefaultValue": "False", - "Required": true + "DefaultValue": "true", + "Required": true, + "Description": "Should be true, http is not supported." }, { - "Name": "UseTokenAuth", - "DisplayName": "Use Token Authentication", - "Type": "Bool", + "Name": "ADom", + "DisplayName": "Administrative Domain", + "Type": "String", "DependsOn": "", - "DefaultValue": "false", - "Required": true + "DefaultValue": "root", + "Required": true, + "IsPAMEligible": false, + "Description": "Specifies the administrative or virtual domain within the FortiWeb system that the API user is targeting." } ], "EntryParameters": [], + "ClientMachineDescription": "The Client Machine field should contain the IP or Domain name and Port Needed for REST API Access. For SSH Access, Port 22 will be used.", + "StorePathDescription": "The Store Path field should always be / unless we later determine there are alternate locations needed.", "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, - "PrivateKeyAllowed": "Required", + "PrivateKeyAllowed": "Optional", "JobProperties": [], "ServerRequired": true, "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Forbidden" + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" }, { "Name": "Fortigate", @@ -1941,7 +2150,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -1949,7 +2158,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -1957,7 +2166,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -1969,7 +2178,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2010,7 +2219,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2026,7 +2235,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2034,7 +2243,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2046,7 +2255,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2095,7 +2304,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2103,7 +2312,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2111,7 +2320,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2123,7 +2332,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2170,7 +2379,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2178,7 +2387,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2186,7 +2395,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2198,7 +2407,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2231,27 +2440,11 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "VaultToken", - "DisplayName": "VaultToken", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": true - }, - { - "Name": "VaultServerUrl", - "DisplayName": "Vault Server URL", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2259,7 +2452,7 @@ }, "PrivateKeyAllowed": "Optional", "JobProperties": [], - "ServerRequired": false, + "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Optional" @@ -2283,39 +2476,44 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations." }, { - "Name": "WinRm Protocol", - "DisplayName": "WinRm Protocol", + "Name": "WinRM Protocol", + "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", "DefaultValue": "https,http", - "Required": true + "Required": true, + "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." }, { - "Name": "WinRm Port", - "DisplayName": "WinRm Port", + "Name": "WinRM Port", + "DisplayName": "WinRM Port", "Type": "String", "DependsOn": "", "DefaultValue": "5986", - "Required": true + "Required": true, + "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\\username'." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." }, { "Name": "ServerUseSsl", @@ -2323,7 +2521,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Determine whether the server uses SSL or not (This field is automatically created)" } ], "EntryParameters": [ @@ -2339,7 +2538,8 @@ }, "DependsOn": "", "DefaultValue": "443", - "Options": "" + "Options": "", + "Description": "String value specifying the IP port to bind the certificate to for the IIS site. Example: '443' for HTTPS." }, { "Name": "IPAddress", @@ -2353,7 +2553,8 @@ }, "DependsOn": "", "DefaultValue": "*", - "Options": "" + "Options": "", + "Description": "String value specifying the IP address to bind the certificate to for the IIS site. Example: '*' for all IP addresses or '192.168.1.1' for a specific IP address." }, { "Name": "HostName", @@ -2367,7 +2568,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the host name (host header) to bind the certificate to for the IIS site. Leave blank for all host names or enter a specific hostname such as 'www.example.com'." }, { "Name": "SiteName", @@ -2381,12 +2583,13 @@ }, "DependsOn": "", "DefaultValue": "Default Web Site", - "Options": "" + "Options": "", + "Description": "String value specifying the name of the IIS web site to bind the certificate to. Example: 'Default Web Site' or any custom site name such as 'MyWebsite'." }, { "Name": "SniFlag", - "DisplayName": "SNI Support", - "Type": "MultipleChoice", + "DisplayName": "SSL Flags", + "Type": "String", "RequiredWhen": { "HasPrivateKey": false, "OnAdd": false, @@ -2394,8 +2597,9 @@ "OnReenrollment": false }, "DependsOn": "", - "DefaultValue": "0 - No SNI", - "Options": "0 - No SNI,1 - SNI Enabled,2 - Non SNI Binding,3 - SNI Binding" + "DefaultValue": "0", + "Options": "", + "Description": "A 128-Bit Flag that determines what type of SSL settings you wish to use. The default is 0, meaning No SNI. For more information, check IIS documentation for the appropriate bit setting.)" }, { "Name": "Protocol", @@ -2409,7 +2613,8 @@ }, "DependsOn": "", "DefaultValue": "https", - "Options": "https,http" + "Options": "https,http", + "Description": "Multiple choice value specifying the protocol to bind to. Example: 'https' for secure communication." }, { "Name": "ProviderName", @@ -2423,7 +2628,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." }, { "Name": "SAN", @@ -2437,7 +2643,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Format as a list of = entries separated by ampersands; Example: 'dns=www.example.com&dns=www.example2.com' for multiple SANs. Can be made optional if RFC 2818 is disabled on the CA." } ], "PasswordOptions": { @@ -2450,7 +2657,9 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "Hostname of the Windows Server containing the IIS certificate store to be managed. If this value is a hostname, a WinRM session will be established using the credentials specified in the Server Username and Server Password fields. For more information, see [Client Machine](#note-regarding-client-machine).", + "StorePathDescription": "Windows certificate store path to manage. Choose 'My' for the Personal store or 'WebHosting' for the Web Hosting store." }, { "Name": "Imperva", @@ -3045,6 +3254,22 @@ "DependsOn": null, "DefaultValue": null, "Required": false + }, + { + "Name": "InventoryTrustedCerts", + "DisplayName": "Inventory Trusted Certs", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + }, + { + "Name": "TemplateStack", + "DisplayName": "Template Stack", + "Type": "String", + "DependsOn": null, + "DefaultValue": null, + "Required": false } ], "EntryParameters": [], @@ -3497,7 +3722,7 @@ "DependsOn": "", "Type": "Bool", "DefaultValue": "false", - "Description": "The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to ignore the private key during inventory, which will make the store inventory-only and return all certificates without private key entries. Example: 'true' to ignore the private key or 'false' to include it." + "Description": "The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it." } ], "EntryParameters": [], @@ -3753,7 +3978,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations." }, { "Name": "WinRM Protocol", @@ -3761,7 +3987,8 @@ "Type": "MultipleChoice", "DependsOn": "", "DefaultValue": "https,http", - "Required": true + "Required": true, + "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." }, { "Name": "WinRM Port", @@ -3769,23 +3996,26 @@ "Type": "String", "DependsOn": "", "DefaultValue": "5986", - "Required": true + "Required": true, + "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\\username'." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." }, { "Name": "ServerUseSsl", @@ -3793,7 +4023,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Determine whether the server uses SSL or not (This field is automatically created)" } ], "EntryParameters": [ @@ -3809,7 +4040,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." }, { "Name": "SAN", @@ -3823,7 +4055,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Format as a list of = entries separated by ampersands; Example: 'dns=www.example.com&dns=www.example2.com' for multiple SANs. Can be made optional if RFC 2818 is disabled on the CA." } ], "PasswordOptions": { @@ -3836,7 +4069,9 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "Hostname of the Windows Server containing the certificate store to be managed. If this value is a hostname, a WinRM session will be established using the credentials specified in the Server Username and Server Password fields. For more information, see [Client Machine](#note-regarding-client-machine).", + "StorePathDescription": "Windows certificate store path to manage. The store must exist in the Local Machine store on the target server, e.g., 'My' for the Personal Store or 'Root' for the Trusted Root Certification Authorities Store." }, { "Name": "WinSql", @@ -3852,52 +4087,67 @@ }, "Properties": [ { - "Name": "WinRm Protocol", - "DisplayName": "WinRm Protocol", + "Name": "spnwithport", + "DisplayName": "SPN With Port", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false, + "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations." + }, + { + "Name": "WinRM Protocol", + "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "https,http", - "Required": true + "Required": true, + "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." }, { - "Name": "WinRm Port", - "DisplayName": "WinRm Port", + "Name": "WinRM Port", + "DisplayName": "WinRM Port", "Type": "String", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "5986", - "Required": true + "Required": true, + "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\\username'." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." }, { "Name": "ServerUseSsl", "DisplayName": "Use SSL", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Determine whether the server uses SSL or not (This field is automatically created)" }, { "Name": "RestartService", "DisplayName": "Restart SQL Service After Cert Installed", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "false", - "Required": true + "Required": true, + "Description": "Boolean value (true or false) indicating whether to restart the SQL Server service after installing the certificate. Example: 'true' to enable service restart after installation." } ], "EntryParameters": [ @@ -3910,7 +4160,8 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "String value specifying the SQL Server instance name to bind the certificate to. Example: 'MSSQLServer' for the default instance or 'Instance1' for a named instance." }, { "Name": "ProviderName", @@ -3924,7 +4175,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "Optional string value specifying the name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing private keys. Example: 'Microsoft Strong Cryptographic Provider'." }, { "Name": "SAN", @@ -3938,7 +4190,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Format as a list of = entries separated by ampersands; Example: 'dns=www.example.com&dns=www.example2.com' for multiple SANs." } ], "PasswordOptions": { @@ -3951,6 +4204,130 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": true, + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "Hostname of the Windows Server containing the SQL Server Certificate Store to be managed. If this value is a hostname, a WinRM session will be established using the credentials specified in the Server Username and Server Password fields. For more information, see [Client Machine](#note-regarding-client-machine).", + "StorePathDescription": "Fixed string value 'My' indicating the Personal store on the Local Machine. This denotes the Windows certificate store to be managed for SQL Server." + }, + { + "Name": "F5 WAF CA", + "ShortName": "f5WafCa", + "Capability": "f5WafCa", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "Not used. Set to No Value." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The API Token configured in the F5 Distributed Cloud instance's Account Settings. Please review the Requirements & Prerequisites section in this README for more information on creating this API token." + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "ClientMachineDescription": "The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io').", + "StorePathDescription": "The Multi-Cloud App Connect namespace containing the certificates you wish to manage." + }, + { + "Name": "F5 WAF TLS", + "ShortName": "f5WafTls", + "Capability": "f5WafTls", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "Not used. Set to No Value." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "The API Token configured in the F5 Distributed Cloud instance's Account Settings. Please review the Requirements & Prerequisites section in this README for more information on creating this API token." + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "ClientMachineDescription": "The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io').", + "StorePathDescription": "The Multi-Cloud App Connect namespace containing the certificates you wish to manage." + }, + { + "Name": "iDRAC", + "ShortName": "iDRAC", + "Capability": "iDRAC", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": false + }, + "Properties": [], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, "CustomAliasAllowed": "Forbidden" } ] \ No newline at end of file From fd159c23b249d98721ce5e75e45d8d999a59d128 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 30 Jan 2025 10:37:25 -0800 Subject: [PATCH 5/6] chore(store-types): Update `store_types.json` Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- CHANGELOG.md | 5 + cmd/storeTypes_test.go | 69 +-- cmd/store_types.json | 939 +++++++++++++++++++++++++++++------------ go.mod | 12 +- go.sum | 21 +- store_types.json | 10 +- 6 files changed, 733 insertions(+), 323 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 900af0b..f645123 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ ### CLI - `auth`: When using `oauth` pass empty list for `scopes` if no scopes are provided, rather than default scope `openid` +- `auth`: Output env and config file errors when both are encountered rather than just config file errors. + +## Chores + +- `store-types`: Update embedded `store-type` definitions to latest. # v1.6.0 diff --git a/cmd/storeTypes_test.go b/cmd/storeTypes_test.go index 9098d7f..1126177 100644 --- a/cmd/storeTypes_test.go +++ b/cmd/storeTypes_test.go @@ -22,6 +22,7 @@ import ( "strings" "testing" + "github.com/rs/zerolog/log" "github.com/spf13/cobra" "github.com/stretchr/testify/assert" ) @@ -185,23 +186,23 @@ func Test_StoreTypesCreateFromTemplatesCmd(t *testing.T) { assert.True(t, len(storeTypes) >= 0, "Expected non-empty list of store types") // iterate over the store types and verify that each has a name shortname and storetype - for sType := range storeTypes { - t.Log("Creating store type: " + sType) - storeType := storeTypes[sType].(map[string]interface{}) - assert.NotNil(t, storeType["Name"], "Expected store type to have a name") - assert.NotNil(t, storeType["ShortName"], "Expected store type to have short name") - - // verify short name is a string - _, ok := storeType["ShortName"].(string) - assert.True(t, ok, "Expected short name to be a string") - // verify name is a string - _, ok = storeType["Name"].(string) - assert.True(t, ok, "Expected name to be a string") - - // Attempt to create the store type - shortName := storeType["ShortName"].(string) - createStoreTypeTest(t, shortName, false) - } + //for sType := range storeTypes { + // t.Log("Creating store type: " + sType) + // storeType := storeTypes[sType].(map[string]interface{}) + // assert.NotNil(t, storeType["Name"], "Expected store type to have a name") + // assert.NotNil(t, storeType["ShortName"], "Expected store type to have short name") + // + // // verify short name is a string + // _, ok := storeType["ShortName"].(string) + // assert.True(t, ok, "Expected short name to be a string") + // // verify name is a string + // _, ok = storeType["Name"].(string) + // assert.True(t, ok, "Expected name to be a string") + // + // // Attempt to create the store type + // shortName := storeType["ShortName"].(string) + // createStoreTypeTest(t, shortName, false) + //} createAllStoreTypes(t, storeTypes) } @@ -225,6 +226,7 @@ func testCreateStoreType( allowFail := false // Attempt to get the AWS store type because it comes with the product testCmd.SetArgs(testArgs) + t.Log(fmt.Sprintf("Test args: %s", testArgs)) output := captureOutput( func() { err := testCmd.Execute() @@ -291,21 +293,32 @@ func testCreateStoreType( } func createAllStoreTypes(t *testing.T, storeTypes map[string]interface{}) { - t.Run( - fmt.Sprintf("ONLINE Create ALL StoreTypes"), func(t *testing.T) { - testCmd := RootCmd - // check if I'm running inside a GitHub Action - testArgs := []string{"store-types", "create", "--all"} - testCreateStoreType(t, testCmd, testArgs, storeTypes) - - }, - ) + //t.Run( + // fmt.Sprintf("ONLINE Create ALL StoreTypes"), func(t *testing.T) { + // testCmd := RootCmd + // // check if I'm running inside a GitHub Action + // testArgs := []string{"store-types", "create", "--all"} + // testCreateStoreType(t, testCmd, testArgs, storeTypes) + // + // }, + //) t.Run( fmt.Sprintf("OFFLINE Create ALL StoreTypes"), func(t *testing.T) { testCmd := RootCmd - // check if I'm running inside a GitHub Action testArgs := []string{"store-types", "create", "--all", "--offline"} - testCreateStoreType(t, testCmd, testArgs, storeTypes) + + var emStoreTypes []interface{} + if err := json.Unmarshal(EmbeddedStoreTypesJSON, &emStoreTypes); err != nil { + log.Error().Err(err).Msg("Unable to unmarshal embedded store type definitions") + t.FailNow() + } + offlineStoreTypes, stErr := formatStoreTypes(&emStoreTypes) + if stErr != nil { + log.Error().Err(stErr).Msg("Unable to format store types") + t.FailNow() + } + + testCreateStoreType(t, testCmd, testArgs, offlineStoreTypes) }, ) } diff --git a/cmd/store_types.json b/cmd/store_types.json index caeb3df..c77e4c3 100644 --- a/cmd/store_types.json +++ b/cmd/store_types.json @@ -1,12 +1,12 @@ [ { - "Name": "Azure Keyvault", "BlueprintAllowed": false, "Capability": "AKV", "CustomAliasAllowed": "Optional", - "EntryParameters": null, + "EntryParameters": [], "JobProperties": [], "LocalStore": false, + "Name": "Azure Keyvault", "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -20,7 +20,6 @@ "DisplayName": "Tenant Id", "Type": "String", "DependsOn": "", - "DefaultValue": null, "Required": false }, { @@ -44,7 +43,7 @@ "DisplayName": "Azure Cloud", "Type": "MultipleChoice", "DependsOn": "", - "DefaultValue": "public,china,germany,government", + "DefaultValue": "public,china,government", "Required": false }, { @@ -52,7 +51,6 @@ "DisplayName": "Private KeyVault Endpoint", "Type": "String", "DependsOn": "", - "DefaultValue": null, "Required": false } ], @@ -81,6 +79,14 @@ "Remove": true }, "Properties": [ + { + "Name": "UseEC2AssumeRole", + "DisplayName": "Assume new Account / Role in EC2", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + }, { "Name": "UseOAuth", "DisplayName": "Use OAuth 2.0 Provider", @@ -97,6 +103,14 @@ "DefaultValue": "false", "Required": true }, + { + "Name": "EC2AssumeRole", + "DisplayName": "AWS Role to Assume (EC2)", + "Type": "String", + "DependsOn": "UseEC2AssumeRole", + "DefaultValue": null, + "Required": false + }, { "Name": "OAuthScope", "DisplayName": "OAuth Scope", @@ -137,6 +151,14 @@ "DefaultValue": null, "Required": false }, + { + "Name": "ExternalId", + "DisplayName": "sts:ExternalId", + "Type": "String", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, { "Name": "ServerUsername", "DisplayName": "Server Username", @@ -1240,7 +1262,11 @@ "Name": "CitrixAdc", "ShortName": "CitrixAdc", "Capability": "CitrixAdc", - "LocalStore": false, + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Required", "SupportedOperations": { "Add": true, "Create": false, @@ -1248,38 +1274,20 @@ "Enrollment": false, "Remove": true }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, "Properties": [ - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": null, - "DefaultValue": "true", - "Required": true - }, { "Name": "linkToIssuer", "DisplayName": "Link To Issuer", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "Determines whether an attempt will be made to link the added certificate (via a Management-Add job) to its issuing CA certificate." } ], "EntryParameters": [ @@ -1287,6 +1295,7 @@ "Name": "virtualServerName", "DisplayName": "Virtual Server Name", "Type": "String", + "Description": "When adding a certificate, this can be a single VServer name or a comma separated list of VServers to bind to Note: must match the number of Virtual SNI Cert values.", "RequiredWhen": { "HasPrivateKey": false, "OnAdd": false, @@ -1298,32 +1307,125 @@ "Name": "sniCert", "DisplayName": "SNI Cert", "Type": "String", + "Description": "When adding a certificate, this can be a single boolean value (true/false) or a comma separated list of boolean values to determine whether the binding should use server name indication. Note: must match the number of Virtual Server Name values.", "RequiredWhen": { "HasPrivateKey": false, - "OnAdd": true, + "OnAdd": false, "OnRemove": false, "OnReenrollment": false - }, - "DefaultValue": "FALSE" + } + } + ], + "ClientMachineDescription": "The DNS or IP Address of the Citrix ADC Appliance.", + "StorePathDescription": "The path where certificate files are located on the Citrix ADC appliance. This value will likely be /nsconfig/ssl/" + }, + { + "Name": "IBM Data Power", + "ShortName": "DataPower", + "Capability": "DataPower", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "Api UserName for DataPower. (or valid PAM key if the username is stored in a KF Command configured PAM integration)." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "A password for DataPower API access. Used for inventory.(or valid PAM key if the password is stored in a KF Command configured PAM integration)." + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true, + "Description": "Should be true, http is not supported." + }, + { + "Name": "InventoryBlackList", + "DisplayName": "Inventory Black List", + "Type": "String", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "Comma seperated list of alias values you do not want to inventory from DataPower." + }, + { + "Name": "Protocol", + "DisplayName": "Protocol Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": "https", + "Required": true, + "IsPAMEligible": false, + "Description": "Comma seperated list of alias values you do not want to inventory from DataPower." + }, + { + "Name": "PublicCertStoreName", + "DisplayName": "Public Cert Store Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": "pubcert", + "Required": true, + "IsPAMEligible": false, + "Description": "This probably will remain pubcert unless someone changed the default name in DataPower." + }, + { + "Name": "InventoryPageSize", + "DisplayName": "Inventory Page Size", + "Type": "String", + "DependsOn": "", + "DefaultValue": "100", + "Required": true, + "IsPAMEligible": false, + "Description": "This determines the page size during the inventory calls. (100 should be fine)." } ], + "EntryParameters": [], + "ClientMachineDescription": "The Client Machine field should contain the IP or Domain name and Port Needed for REST API Access. For SSH Access, Port 22 will be used.", + "StorePathDescription": "The Store Path field should always be / unless we later determine there are alternate locations needed.", "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, - "PrivateKeyAllowed": "Required", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Required", - "InventoryEndpoint": "/AnyInventory/Update" + "CustomAliasAllowed": "Required" }, { "Name": "F5 Big IQ", "ShortName": "F5-BigIQ", "Capability": "F5-BigIQ", - "LocalStore": false, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", "SupportedOperations": { "Add": true, "Create": false, @@ -1331,6 +1433,11 @@ "Enrollment": true, "Remove": true }, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, "Properties": [ { "Name": "DeployCertificateOnRenewal", @@ -1338,7 +1445,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "This optional setting determines whether renewed certificates (Management-Add jobs with Overwrite selected) will be deployed to all linked Big IP devices. Linked devices are determined by looking at all of the client-ssl profiles that reference the renewed certificate that have an associated virtual server linked to a Big IP device. An immediate deployment is then scheduled within F5 Big IQ for each linked Big IP device." }, { "Name": "IgnoreSSLWarning", @@ -1346,7 +1454,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "If you use a self signed certificate for the F5 Big IQ portal, you will need to add this optional Custom Field and set the value to True on the managed certificate store." }, { "Name": "UseTokenAuth", @@ -1354,7 +1463,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "If you prefer to use F5 Big IQ's Token Authentication to authenticate F5 Big IQ API calls, you will need to add this optional Custom Field and set the value to True on the managed certificate store. If set to True for the store, the userid/password credentials you set for the certificate store will be used once to receive a token. This token is then used for all subsequent API calls for the duration of the job. If this option does not exist or is set to False, the userid/password credentials you set for the certificate store will be used for all API calls." }, { "Name": "LoginProviderName", @@ -1362,7 +1472,28 @@ "Type": "String", "DependsOn": "UseTokenAuth", "DefaultValue": "", - "Required": false + "Required": false, + "Description": "If Use Token Authentication is selected, you may optionally add a value for the authentication provider F5 Big IQ will use to retrieve the auth token. If you choose not to add this field or leave it blank on the certificate store (with no default value set), the default of \"TMOS\" will be used." + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 Big IQ device. MUST be an Admin account." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 Big IQ device." } ], "EntryParameters": [ @@ -1378,7 +1509,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "The name F5 Big IQ uses to identify the certificate" }, { "Name": "Overwrite", @@ -1392,7 +1524,8 @@ }, "DependsOn": "", "DefaultValue": "False", - "Options": "" + "Options": "", + "Description": "Allow overwriting an existing certificate when reenrolling?" }, { "Name": "SANs", @@ -1406,24 +1539,18 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "External SANs for the requested certificate. Each SAN must be prefixed with the type (DNS: or IP:) and multiple SANs must be delimitted by an ampersand (&). Example: DNS:server.domain.com&IP:127.0.0.1&DNS:server2.domain.com. This is an optional field." } - ], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Required", - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + ] }, { "Name": "F5 CA Profiles REST", "ShortName": "F5-CA-REST", "Capability": "F5-CA-REST", + "ServerRequired": true, + "ClientMachineDescription": "The server name or IP Address for the F5 device.", + "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1431,6 +1558,16 @@ "Enrollment": false, "Remove": true }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", "Properties": [ { "Name": "PrimaryNode", @@ -1438,7 +1575,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "", - "Required": true + "Required": true, + "Description": "Only required (and shown) if Primary Node Online Required is added and selected. Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive." }, { "Name": "PrimaryNodeCheckRetryWaitSecs", @@ -1446,7 +1584,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "120", - "Required": true + "Required": true, + "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive." }, { "Name": "PrimaryNodeCheckRetryMax", @@ -1454,31 +1593,55 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "3", - "Required": true + "Required": true, + "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing." }, { - "Name": "F5Version", - "DisplayName": "Version of F5", - "Type": "MultipleChoice", + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", "DependsOn": "", - "DefaultValue": "v12,v13,v14,v15", - "Required": true + "DefaultValue": "", + "Required": true, + "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true, + "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs." + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 device. MUST be an Admin account." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 device." }, { "Name": "ServerUseSsl", @@ -1486,50 +1649,23 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true - }, - { - "Name": "PrimaryNodeOnlineRequired", - "DisplayName": "Primary Node Online Required", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "", - "Required": true - }, - { - "Name": "IgnoreSSLWarning", - "DisplayName": "Ignore SSL Warning", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "False", - "Required": true - }, - { - "Name": "UseTokenAuth", - "DisplayName": "Use Token Authentication", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "false", - "Required": true + "Required": true, + "Description": "True if using https to access the F5 device. False if using http." } ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + "EntryParameters": [] }, { "Name": "F5 SSL Profiles REST", "ShortName": "F5-SL-REST", "Capability": "F5-SL-REST", + "ServerRequired": true, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "ClientMachineDescription": "The server name or IP Address for the F5 device.", + "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1537,6 +1673,15 @@ "Enrollment": false, "Remove": true }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Check \"No Password\" if you wish the private key of any added certificate to be set to Key Security Type \"Normal\". Enter a value (either a password or pointer to an installed PAM provider key for the password) to be used to encrypt the private key of any added certificate for Key Security Type of \"Password\".", + "IsPAMEligible": true + } + }, "Properties": [ { "Name": "PrimaryNode", @@ -1544,7 +1689,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "", - "Required": true + "Required": true, + "Description": "Only required (and shown) if Primary Node Online Required is added and selected. Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive." }, { "Name": "PrimaryNodeCheckRetryWaitSecs", @@ -1552,7 +1698,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "120", - "Required": true + "Required": true, + "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive." }, { "Name": "PrimaryNodeCheckRetryMax", @@ -1560,31 +1707,55 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "3", - "Required": true + "Required": true, + "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing." }, { - "Name": "F5Version", - "DisplayName": "Version of F5", - "Type": "MultipleChoice", + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", "DependsOn": "", - "DefaultValue": "v12,v13,v14,v15", - "Required": true + "DefaultValue": "", + "Required": true, + "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true, + "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs." + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 device. MUST be an Admin account." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 device." }, { "Name": "ServerUseSsl", @@ -1592,50 +1763,23 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true - }, - { - "Name": "PrimaryNodeOnlineRequired", - "DisplayName": "Primary Node Online Required", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "", - "Required": true - }, - { - "Name": "IgnoreSSLWarning", - "DisplayName": "Ignore SSL Warning", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "False", - "Required": true - }, - { - "Name": "UseTokenAuth", - "DisplayName": "Use Token Authentication", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "false", - "Required": true + "Required": true, + "Description": "True if using https to access the F5 device. False if using http." } ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": true, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Required" + "EntryParameters": [] }, { "Name": "F5 WS Profiles REST", "ShortName": "F5-WS-REST", "Capability": "F5-WS-REST", + "ServerRequired": true, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Forbidden", + "PowerShell": false, + "PrivateKeyAllowed": "Required", + "ClientMachineDescription": "The server name or IP Address for the F5 device.", + "StorePathDescription": "Enter the name of the partition on the F5 device you wish to manage. This value is case sensitive, so if the partition name is \"Common\", it must be entered as \"Common\" and not \"common\",", "SupportedOperations": { "Add": true, "Create": false, @@ -1643,6 +1787,11 @@ "Enrollment": false, "Remove": false }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, "Properties": [ { "Name": "PrimaryNode", @@ -1650,7 +1799,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "", - "Required": true + "Required": true, + "Description": "Only required (and shown) if Primary Node Online Required is added and selected. Enter the Host Name of the F5 device that acts as the primary node in a highly available F5 implementation. Please note that this value IS case sensitive." }, { "Name": "PrimaryNodeCheckRetryWaitSecs", @@ -1658,7 +1808,8 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "120", - "Required": true + "Required": true, + "Description": "Enter the number of seconds to wait between attempts to add/replace/renew a certificate if the node is inactive." }, { "Name": "PrimaryNodeCheckRetryMax", @@ -1666,31 +1817,55 @@ "Type": "String", "DependsOn": "PrimaryNodeOnlineRequired", "DefaultValue": "3", - "Required": true + "Required": true, + "Description": "Enter the number of times a Management-Add job will attempt to add/replace/renew a certificate if the node is inactive before failing." }, { - "Name": "F5Version", - "DisplayName": "Version of F5", - "Type": "MultipleChoice", + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", "DependsOn": "", - "DefaultValue": "v12,v13,v14,v15", - "Required": true + "DefaultValue": "", + "Required": true, + "Description": "Select this if you wish to stop the orchestrator from adding, replacing or renewing certificates on nodes that are inactive. If this is not selected, adding, replacing and renewing certificates on inactive nodes will be allowed. If you choose not to add this custom field, the default value of False will be assumed." + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true, + "Description": "Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it. If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs." + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true, + "Description": "Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests. If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs. Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login credential for the F5 device. MUST be an Admin account." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "IsPAMEligible": true, + "Required": false, + "Description": "Login password for the F5 device." }, { "Name": "ServerUseSsl", @@ -1698,45 +1873,79 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "True if using https to access the F5 device. False if using http." + } + ], + "EntryParameters": [] + }, + { + "Name": "FortiWeb", + "ShortName": "FortiWeb", + "Capability": "FortiWeb", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "A username for CLI/SSH and REST API access. Used for inventory. (or valid PAM key if the username is stored in a KF Command configured PAM integration)." }, { - "Name": "PrimaryNodeOnlineRequired", - "DisplayName": "Primary Node Online Required", - "Type": "Bool", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", "DependsOn": "", "DefaultValue": "", - "Required": true + "Required": false, + "IsPAMEligible": true, + "Description": "A password for CLI/SSH and REST API access. Used for inventory.(or valid PAM key if the password is stored in a KF Command configured PAM integration)." }, { - "Name": "IgnoreSSLWarning", - "DisplayName": "Ignore SSL Warning", + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", "Type": "Bool", "DependsOn": "", - "DefaultValue": "False", - "Required": true + "DefaultValue": "true", + "Required": true, + "Description": "Should be true, http is not supported." }, { - "Name": "UseTokenAuth", - "DisplayName": "Use Token Authentication", - "Type": "Bool", + "Name": "ADom", + "DisplayName": "Administrative Domain", + "Type": "String", "DependsOn": "", - "DefaultValue": "false", - "Required": true + "DefaultValue": "root", + "Required": true, + "IsPAMEligible": false, + "Description": "Specifies the administrative or virtual domain within the FortiWeb system that the API user is targeting." } ], "EntryParameters": [], + "ClientMachineDescription": "The Client Machine field should contain the IP or Domain name and Port Needed for REST API Access. For SSH Access, Port 22 will be used.", + "StorePathDescription": "The Store Path field should always be / unless we later determine there are alternate locations needed.", "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, - "PrivateKeyAllowed": "Required", + "PrivateKeyAllowed": "Optional", "JobProperties": [], "ServerRequired": true, "PowerShell": false, - "BlueprintAllowed": true, - "CustomAliasAllowed": "Forbidden" + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" }, { "Name": "Fortigate", @@ -1941,7 +2150,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -1949,7 +2158,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -1957,7 +2166,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -1969,7 +2178,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2010,7 +2219,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2026,7 +2235,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2034,7 +2243,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2046,7 +2255,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2095,7 +2304,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2103,7 +2312,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2111,7 +2320,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2123,7 +2332,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2170,7 +2379,7 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2178,7 +2387,7 @@ "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2186,7 +2395,7 @@ "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -2198,7 +2407,7 @@ "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2231,27 +2440,11 @@ "DisplayName": "Mount Point", "Type": "String", "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "VaultToken", - "DisplayName": "VaultToken", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": true - }, - { - "Name": "VaultServerUrl", - "DisplayName": "Vault Server URL", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -2259,7 +2452,7 @@ }, "PrivateKeyAllowed": "Optional", "JobProperties": [], - "ServerRequired": false, + "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Optional" @@ -2283,39 +2476,44 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations." }, { - "Name": "WinRm Protocol", - "DisplayName": "WinRm Protocol", + "Name": "WinRM Protocol", + "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", "DependsOn": "", "DefaultValue": "https,http", - "Required": true + "Required": true, + "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." }, { - "Name": "WinRm Port", - "DisplayName": "WinRm Port", + "Name": "WinRM Port", + "DisplayName": "WinRM Port", "Type": "String", "DependsOn": "", "DefaultValue": "5986", - "Required": true + "Required": true, + "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\\username'." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." }, { "Name": "ServerUseSsl", @@ -2323,7 +2521,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Determine whether the server uses SSL or not (This field is automatically created)" } ], "EntryParameters": [ @@ -2339,7 +2538,8 @@ }, "DependsOn": "", "DefaultValue": "443", - "Options": "" + "Options": "", + "Description": "String value specifying the IP port to bind the certificate to for the IIS site. Example: '443' for HTTPS." }, { "Name": "IPAddress", @@ -2353,7 +2553,8 @@ }, "DependsOn": "", "DefaultValue": "*", - "Options": "" + "Options": "", + "Description": "String value specifying the IP address to bind the certificate to for the IIS site. Example: '*' for all IP addresses or '192.168.1.1' for a specific IP address." }, { "Name": "HostName", @@ -2367,7 +2568,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the host name (host header) to bind the certificate to for the IIS site. Leave blank for all host names or enter a specific hostname such as 'www.example.com'." }, { "Name": "SiteName", @@ -2381,12 +2583,13 @@ }, "DependsOn": "", "DefaultValue": "Default Web Site", - "Options": "" + "Options": "", + "Description": "String value specifying the name of the IIS web site to bind the certificate to. Example: 'Default Web Site' or any custom site name such as 'MyWebsite'." }, { "Name": "SniFlag", - "DisplayName": "SNI Support", - "Type": "MultipleChoice", + "DisplayName": "SSL Flags", + "Type": "String", "RequiredWhen": { "HasPrivateKey": false, "OnAdd": false, @@ -2394,8 +2597,9 @@ "OnReenrollment": false }, "DependsOn": "", - "DefaultValue": "0 - No SNI", - "Options": "0 - No SNI,1 - SNI Enabled,2 - Non SNI Binding,3 - SNI Binding" + "DefaultValue": "0", + "Options": "", + "Description": "A 128-Bit Flag that determines what type of SSL settings you wish to use. The default is 0, meaning No SNI. For more information, check IIS documentation for the appropriate bit setting.)" }, { "Name": "Protocol", @@ -2409,7 +2613,8 @@ }, "DependsOn": "", "DefaultValue": "https", - "Options": "https,http" + "Options": "https,http", + "Description": "Multiple choice value specifying the protocol to bind to. Example: 'https' for secure communication." }, { "Name": "ProviderName", @@ -2423,7 +2628,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." }, { "Name": "SAN", @@ -2437,7 +2643,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Format as a list of = entries separated by ampersands; Example: 'dns=www.example.com&dns=www.example2.com' for multiple SANs. Can be made optional if RFC 2818 is disabled on the CA." } ], "PasswordOptions": { @@ -2450,7 +2657,9 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "Hostname of the Windows Server containing the IIS certificate store to be managed. If this value is a hostname, a WinRM session will be established using the credentials specified in the Server Username and Server Password fields. For more information, see [Client Machine](#note-regarding-client-machine).", + "StorePathDescription": "Windows certificate store path to manage. Choose 'My' for the Personal store or 'WebHosting' for the Web Hosting store." }, { "Name": "Imperva", @@ -2471,10 +2680,16 @@ "PasswordOptions": { "Style": "Default", "EntrySupported": false, - "StoreRequired": true + "StoreRequired": true, + "StorePassword": { + "Description": "Your Imperva API id and API key concatenated with a comma (,}. For example: 12345,12345678-1234-1234-1234-123456789ABC. Please refer to the [Imperva documentation](https://docs.imperva.com/bundle/cloud-application-security/page/settings/api-keys.htm#:~:text=In%20the%20Cloud%20Security%20Console%20top%20menu%20bar%2C%20click%20Account,to%20create%20a%20new%20key.) as to how to create an API id and key.", + "IsPAMEligible": true + } }, "Properties": [], - "EntryParameters": [] + "EntryParameters": [], + "ClientMachineDescription": "The URL that will be used as the base URL for Imperva endpoint calls. Should be https://my.imperva.com", + "StorePathDescription": "Your Imperva account id. Please refer to the [Imperva documentation](https://docs.imperva.com/howto/bd68301b) as to how to find your Imperva account id." }, { "Name": "K8SCert", @@ -3045,6 +3260,22 @@ "DependsOn": null, "DefaultValue": null, "Required": false + }, + { + "Name": "InventoryTrustedCerts", + "DisplayName": "Inventory Trusted Certs", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + }, + { + "Name": "TemplateStack", + "DisplayName": "Template Stack", + "Type": "String", + "DependsOn": null, + "DefaultValue": null, + "Required": false } ], "EntryParameters": [], @@ -3497,7 +3728,7 @@ "DependsOn": "", "Type": "Bool", "DefaultValue": "false", - "Description": "The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to ignore the private key during inventory, which will make the store inventory-only and return all certificates without private key entries. Example: 'true' to ignore the private key or 'false' to include it." + "Description": "The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it." } ], "EntryParameters": [], @@ -3753,7 +3984,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "false", - "Required": false + "Required": false, + "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations." }, { "Name": "WinRM Protocol", @@ -3761,7 +3993,8 @@ "Type": "MultipleChoice", "DependsOn": "", "DefaultValue": "https,http", - "Required": true + "Required": true, + "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." }, { "Name": "WinRM Port", @@ -3769,23 +4002,26 @@ "Type": "String", "DependsOn": "", "DefaultValue": "5986", - "Required": true + "Required": true, + "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\\username'." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": "", + "Required": false, + "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." }, { "Name": "ServerUseSsl", @@ -3793,7 +4029,8 @@ "Type": "Bool", "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Determine whether the server uses SSL or not (This field is automatically created)" } ], "EntryParameters": [ @@ -3809,7 +4046,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "Name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing the private keys. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be specified when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' on the target Server." }, { "Name": "SAN", @@ -3823,7 +4061,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Format as a list of = entries separated by ampersands; Example: 'dns=www.example.com&dns=www.example2.com' for multiple SANs. Can be made optional if RFC 2818 is disabled on the CA." } ], "PasswordOptions": { @@ -3836,7 +4075,9 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "Hostname of the Windows Server containing the certificate store to be managed. If this value is a hostname, a WinRM session will be established using the credentials specified in the Server Username and Server Password fields. For more information, see [Client Machine](#note-regarding-client-machine).", + "StorePathDescription": "Windows certificate store path to manage. The store must exist in the Local Machine store on the target server, e.g., 'My' for the Personal Store or 'Root' for the Trusted Root Certification Authorities Store." }, { "Name": "WinSql", @@ -3852,52 +4093,67 @@ }, "Properties": [ { - "Name": "WinRm Protocol", - "DisplayName": "WinRm Protocol", + "Name": "spnwithport", + "DisplayName": "SPN With Port", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false, + "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations." + }, + { + "Name": "WinRM Protocol", + "DisplayName": "WinRM Protocol", "Type": "MultipleChoice", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "https,http", - "Required": true + "Required": true, + "Description": "Multiple choice value specifying the protocol (https or http) that the target server's WinRM listener is using. Example: 'https' to use secure communication." }, { - "Name": "WinRm Port", - "DisplayName": "WinRm Port", + "Name": "WinRM Port", + "DisplayName": "WinRM Port", "Type": "String", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "5986", - "Required": true + "Required": true, + "Description": "String value specifying the port number that the target server's WinRM listener is configured to use. Example: '5986' for HTTPS or '5985' for HTTP." }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Username used to log into the target server for establishing the WinRM session. Example: 'administrator' or 'domain\\username'." }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "Description": "Password corresponding to the Server Username used to log into the target server for establishing the WinRM session. Example: 'P@ssw0rd123'." }, { "Name": "ServerUseSsl", "DisplayName": "Use SSL", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": true, + "Description": "Determine whether the server uses SSL or not (This field is automatically created)" }, { "Name": "RestartService", "DisplayName": "Restart SQL Service After Cert Installed", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "false", - "Required": true + "Required": true, + "Description": "Boolean value (true or false) indicating whether to restart the SQL Server service after installing the certificate. Example: 'true' to enable service restart after installation." } ], "EntryParameters": [ @@ -3910,7 +4166,8 @@ "OnAdd": false, "OnRemove": false, "OnReenrollment": false - } + }, + "Description": "String value specifying the SQL Server instance name to bind the certificate to. Example: 'MSSQLServer' for the default instance or 'Instance1' for a named instance." }, { "Name": "ProviderName", @@ -3924,7 +4181,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "Optional string value specifying the name of the Windows cryptographic provider to use during reenrollment jobs when generating and storing private keys. Example: 'Microsoft Strong Cryptographic Provider'." }, { "Name": "SAN", @@ -3938,7 +4196,8 @@ }, "DependsOn": "", "DefaultValue": "", - "Options": "" + "Options": "", + "Description": "String value specifying the Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Format as a list of = entries separated by ampersands; Example: 'dns=www.example.com&dns=www.example2.com' for multiple SANs." } ], "PasswordOptions": { @@ -3951,6 +4210,130 @@ "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": true, + "CustomAliasAllowed": "Forbidden", + "ClientMachineDescription": "Hostname of the Windows Server containing the SQL Server Certificate Store to be managed. If this value is a hostname, a WinRM session will be established using the credentials specified in the Server Username and Server Password fields. For more information, see [Client Machine](#note-regarding-client-machine).", + "StorePathDescription": "Fixed string value 'My' indicating the Personal store on the Local Machine. This denotes the Windows certificate store to be managed for SQL Server." + }, + { + "Name": "F5 WAF CA", + "ShortName": "f5WafCa", + "Capability": "f5WafCa", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "Not used. Set to No Value." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": true, + "Description": "The API Token configured in the F5 Distributed Cloud instance's Account Settings. Please review the Requirements & Prerequisites section in this README for more information on creating this API token." + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "ClientMachineDescription": "The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io').", + "StorePathDescription": "The Multi-Cloud App Connect namespace containing the certificates you wish to manage." + }, + { + "Name": "F5 WAF TLS", + "ShortName": "f5WafTls", + "Capability": "f5WafTls", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "Not used. Set to No Value." + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": "", + "Required": false, + "IsPAMEligible": false, + "Description": "The API Token configured in the F5 Distributed Cloud instance's Account Settings. Please review the Requirements & Prerequisites section in this README for more information on creating this API token." + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required", + "ClientMachineDescription": "The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io').", + "StorePathDescription": "The Multi-Cloud App Connect namespace containing the certificates you wish to manage." + }, + { + "Name": "iDRAC", + "ShortName": "iDRAC", + "Capability": "iDRAC", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": false + }, + "Properties": [], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, "CustomAliasAllowed": "Forbidden" } ] \ No newline at end of file diff --git a/go.mod b/go.mod index 29bf07e..38cdf70 100644 --- a/go.mod +++ b/go.mod @@ -9,9 +9,9 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 github.com/Jeffail/gabs v1.4.0 - github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.6 + github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.9 github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0 - github.com/Keyfactor/keyfactor-go-client/v3 v3.0.0 + github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 github.com/creack/pty v1.1.24 github.com/google/go-cmp v0.6.0 @@ -35,15 +35,15 @@ require ( github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/fatih/color v1.13.0 // indirect + github.com/fatih/color v1.18.0 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/hashicorp/go-hclog v1.5.0 // indirect + github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.0 // indirect diff --git a/go.sum b/go.sum index dc67cbc..440c026 100644 --- a/go.sum +++ b/go.sum @@ -18,12 +18,12 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5g github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= -github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.6 h1:JCWq/4RFsIDKlWL5QTevlzNg9dAGRzzYcSM6JylmxGk= -github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.6/go.mod h1:7htRcBIWn+X4fI5jaYBALSYwP84H/djN7d8y3n0ZDQ0= +github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.9 h1:CaPTRbFwssCFPvFQlKE4h+0LG6mKMIjAtnniuiZp+38= +github.com/Keyfactor/keyfactor-auth-client-go v1.2.0-rc.9/go.mod h1:7htRcBIWn+X4fI5jaYBALSYwP84H/djN7d8y3n0ZDQ0= github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0 h1:ehk5crxEGVBwkC8yXsoQXcyITTDlgbxMEkANrl1dA2Q= github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0/go.mod h1:11WXGG9VVKSV0EPku1IswjHbGGpzHDKqD4pe2vD7vas= -github.com/Keyfactor/keyfactor-go-client/v3 v3.0.0 h1:yMChWRnnxmcgLt6kEQ3FZfteps05v/qot5KXLXxa6so= -github.com/Keyfactor/keyfactor-go-client/v3 v3.0.0/go.mod h1:HWb+S60YAALFVSfB8QuQ8ugjsjr+FHLQET0/4K7EVWw= +github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0 h1:DQgb93m3xHZZ0FxWGFS90XI8prwS5fmIGrXNxP2IfHM= +github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0/go.mod h1:LhIBGzTZeZ6o4i0gNg4qmwpwBnkoI6AfcEz8PLKruvc= github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s= github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -39,8 +39,9 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= -github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= @@ -48,8 +49,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= -github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68= @@ -72,14 +73,16 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+ github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= diff --git a/store_types.json b/store_types.json index 72678ee..c77e4c3 100644 --- a/store_types.json +++ b/store_types.json @@ -2680,10 +2680,16 @@ "PasswordOptions": { "Style": "Default", "EntrySupported": false, - "StoreRequired": true + "StoreRequired": true, + "StorePassword": { + "Description": "Your Imperva API id and API key concatenated with a comma (,}. For example: 12345,12345678-1234-1234-1234-123456789ABC. Please refer to the [Imperva documentation](https://docs.imperva.com/bundle/cloud-application-security/page/settings/api-keys.htm#:~:text=In%20the%20Cloud%20Security%20Console%20top%20menu%20bar%2C%20click%20Account,to%20create%20a%20new%20key.) as to how to create an API id and key.", + "IsPAMEligible": true + } }, "Properties": [], - "EntryParameters": [] + "EntryParameters": [], + "ClientMachineDescription": "The URL that will be used as the base URL for Imperva endpoint calls. Should be https://my.imperva.com", + "StorePathDescription": "Your Imperva account id. Please refer to the [Imperva documentation](https://docs.imperva.com/howto/bd68301b) as to how to find your Imperva account id." }, { "Name": "K8SCert", From 82c2ad4ca11637f781810f0c5b43652f2b7bc86f Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 30 Jan 2025 13:08:51 -0800 Subject: [PATCH 6/6] chore(ci): Comment out KFC 10.5 tests until a usable lab can be created. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- .github/workflows/tests.yml | 416 ++++++++++++++++++------------------ 1 file changed, 208 insertions(+), 208 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 54f2ca1..ff65272 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -35,179 +35,8 @@ jobs: run: | curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash az --version - # 10.x.x - kf_10_x_x: - runs-on: kfutil-runner-set - needs: - - build - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Run tests - run: echo "Running tests for KF 10.x.x" - - ### Store Type Tests - Test_StoreTypes_KFC_10_5_0: - runs-on: kfutil-runner-set - needs: - - build - - kf_10_x_x - environment: "KFC_10_5_0_CLEAN" - env: - GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} - KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }} - KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }} - KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }} - KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }} - KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }} - KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }} - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: 1.23 - - - name: Get Public IP - run: curl -s https://api.ipify.org - - - name: Set up private repo access for go get - run: | - git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" - - - name: Run tests - run: | - unset KFUTIL_DEBUG - go test -timeout 20m -v ./cmd -run "^Test_StoreTypes*" - - ### Store Tests - Test_Stores_KFC_10_5_0: - runs-on: kfutil-runner-set - needs: - - build - - kf_10_x_x - # - Test_StoreTypes_KFC_10_5_0 - environment: "KFC_10_5_0" - env: - GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} - KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }} - KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }} - KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }} - KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }} - KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }} - KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }} - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: 1.23 - - - name: Get Public IP - run: curl -s https://api.ipify.org - - - name: Set up private repo access for go get - run: | - git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" - - - name: Run tests - run: go test -timeout 20m -v ./cmd -run "^Test_Stores_*" - - ### PAM Tests - Test_PAM_KFC_10_5_0: - runs-on: kfutil-runner-set - needs: - - build - - kf_10_x_x - # - Test_StoreTypes_KFC_10_5_0 - environment: "KFC_10_5_0" - env: - GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} - KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }} - KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }} - KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }} - KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }} - KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }} - KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }} - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: 1.23 - - - name: Get Public IP - run: curl -s https://api.ipify.org - - - name: Set up private repo access for go get - run: | - git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" - - - - name: Display working directory - run: | - pwd - ls -ltr - ls -ltr ./artifacts/pam - - - name: Run tests - run: | - unset KFUTIL_DEBUG - go test -timeout 20m -v ./cmd -run "^Test_PAM*" - - ### PAM Tests AKV Auth Provider - Test_AKV_PAM_KFC_10_5_0: - runs-on: self-hosted - needs: - - Test_PAM_KFC_10_5_0 - environment: "KFC_10_5_0" - env: - SECRET_NAME: "command-config-1050-az" - GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: 1.23 - - - name: Get Public IP - run: curl -s https://api.ipify.org - - - name: Set up private repo access for go get - run: | - git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" - - - - name: Install dependencies - run: go mod download && go mod tidy - - - name: Get secret from Azure Key Vault - run: | - . ./examples/auth/akv/akv_auth_v2.sh - cat $HOME/.keyfactor/command_config.json - - - name: Install kfutil - run: | - echo "Installing kfutil on self-hosted runner" - make install - - - name: Run tests - run: | - go test -timeout 20m -v ./cmd -run "^Test_PAM*" - - - # ## KFC 11.x.x - # kf_11_x_x: + # # 10.x.x + # kf_10_x_x: # runs-on: kfutil-runner-set # needs: # - build @@ -215,108 +44,279 @@ jobs: # - name: Checkout code # uses: actions/checkout@v4 # - name: Run tests - # run: echo "Running tests for KF 11.x.x" + # run: echo "Running tests for KF 10.x.x" # # ### Store Type Tests - # Test_StoreTypes_KFC_11_1_2: + # Test_StoreTypes_KFC_10_5_0: # runs-on: kfutil-runner-set # needs: # - build - # - kf_11_x_x + # - kf_10_x_x + # environment: "KFC_10_5_0_CLEAN" # env: - # SECRET_NAME: "command-config-1112-clean" - # KEYFACTOR_HOSTNAME: "int1112-test-clean.kfdelivery.com" - # KEYFACTOR_DOMAIN: "command" - # KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} - # KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} # GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} + # KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }} + # KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }} + # KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }} + # KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }} + # KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }} + # KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }} + # # steps: - # - name: Checkout code + # - name: Check out code # uses: actions/checkout@v4 + # + # - name: Set up Go + # uses: actions/setup-go@v5 + # with: + # go-version: 1.23 + # + # - name: Get Public IP + # run: curl -s https://api.ipify.org + # + # - name: Set up private repo access for go get + # run: | + # git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" + # # - name: Run tests # run: | # unset KFUTIL_DEBUG # go test -timeout 20m -v ./cmd -run "^Test_StoreTypes*" # - # # ### Store Tests - # Test_Stores_KFC_11_1_2: + # Test_Stores_KFC_10_5_0: # runs-on: kfutil-runner-set # needs: # - build - # - kf_11_x_x - # - Test_StoreTypes_KFC_11_1_2 + # - kf_10_x_x + # # - Test_StoreTypes_KFC_10_5_0 + # environment: "KFC_10_5_0" # env: - # SECRET_NAME: "command-config-1112" - # KEYFACTOR_HOSTNAME: "integrations1112-lab.kfdelivery.com" - # KEYFACTOR_DOMAIN: "command" - # KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} - # KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} # GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} + # KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }} + # KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }} + # KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }} + # KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }} + # KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }} + # KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }} # steps: - # - name: Checkout code + # - name: Check out code # uses: actions/checkout@v4 + # + # - name: Set up Go + # uses: actions/setup-go@v5 + # with: + # go-version: 1.23 + # + # - name: Get Public IP + # run: curl -s https://api.ipify.org + # # - name: Set up private repo access for go get # run: | # git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" + # # - name: Run tests # run: go test -timeout 20m -v ./cmd -run "^Test_Stores_*" # # ### PAM Tests - # Test_PAM_KFC_11_1_2: + # Test_PAM_KFC_10_5_0: # runs-on: kfutil-runner-set # needs: # - build - # - kf_11_x_x - # - Test_StoreTypes_KFC_11_1_2 + # - kf_10_x_x + # # - Test_StoreTypes_KFC_10_5_0 + # environment: "KFC_10_5_0" # env: - # SECRET_NAME: "command-config-1112" - # KEYFACTOR_HOSTNAME: "integrations1112-lab.kfdelivery.com" - # KEYFACTOR_DOMAIN: "command" - # KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} - # KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} # GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} + # KEYFACTOR_PASSWORD: ${{ secrets.KEYFACTOR_PASSWORD }} + # KEYFACTOR_USERNAME: ${{ secrets.KEYFACTOR_USERNAME }} + # KEYFACTOR_AUTH_CONFIG_B64: ${{ secrets.KEYFACTOR_AUTH_CONFIG_B64 }} + # KEYFACTOR_HOSTNAME: ${{ vars.KEYFACTOR_HOSTNAME }} + # KEYFACTOR_AUTH_HOSTNAME: ${{ vars.KEYFACTOR_AUTH_HOSTNAME }} + # KEYFACTOR_SKIP_VERIFY: ${{ vars.KEYFACTOR_SKIP_VERIFY }} # steps: - # - name: Checkout code + # - name: Check out code # uses: actions/checkout@v4 + # + # - name: Set up Go + # uses: actions/setup-go@v5 + # with: + # go-version: 1.23 + # + # - name: Get Public IP + # run: curl -s https://api.ipify.org + # # - name: Set up private repo access for go get # run: | # git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" + # + # + # - name: Display working directory + # run: | + # pwd + # ls -ltr + # ls -ltr ./artifacts/pam + # # - name: Run tests # run: | # unset KFUTIL_DEBUG # go test -timeout 20m -v ./cmd -run "^Test_PAM*" # - # # ### PAM Tests AKV Auth Provider - # Test_AKV_PAM_KFC_11_1_2: + # Test_AKV_PAM_KFC_10_5_0: # runs-on: self-hosted # needs: - # - Test_PAM_KFC_11_1_2 + # - Test_PAM_KFC_10_5_0 + # environment: "KFC_10_5_0" # env: - # SECRET_NAME: "command-config-1112-az" + # SECRET_NAME: "command-config-1050-az" + # GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} # steps: - # - name: Checkout code + # - name: Check out code # uses: actions/checkout@v4 + # # - name: Set up Go # uses: actions/setup-go@v5 # with: - # go-version: "1.21" + # go-version: 1.23 + # + # - name: Get Public IP + # run: curl -s https://api.ipify.org + # # - name: Set up private repo access for go get # run: | # git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" + # + # # - name: Install dependencies # run: go mod download && go mod tidy + # # - name: Get secret from Azure Key Vault # run: | - # . ./examples/auth/akv/akv_auth.sh + # . ./examples/auth/akv/akv_auth_v2.sh # cat $HOME/.keyfactor/command_config.json + # # - name: Install kfutil # run: | + # echo "Installing kfutil on self-hosted runner" # make install + # # - name: Run tests # run: | # go test -timeout 20m -v ./cmd -run "^Test_PAM*" + # + # + # # ## KFC 11.x.x + # # kf_11_x_x: + # # runs-on: kfutil-runner-set + # # needs: + # # - build + # # steps: + # # - name: Checkout code + # # uses: actions/checkout@v4 + # # - name: Run tests + # # run: echo "Running tests for KF 11.x.x" + # # + # # ### Store Type Tests + # # Test_StoreTypes_KFC_11_1_2: + # # runs-on: kfutil-runner-set + # # needs: + # # - build + # # - kf_11_x_x + # # env: + # # SECRET_NAME: "command-config-1112-clean" + # # KEYFACTOR_HOSTNAME: "int1112-test-clean.kfdelivery.com" + # # KEYFACTOR_DOMAIN: "command" + # # KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} + # # KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} + # # GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} + # # steps: + # # - name: Checkout code + # # uses: actions/checkout@v4 + # # - name: Run tests + # # run: | + # # unset KFUTIL_DEBUG + # # go test -timeout 20m -v ./cmd -run "^Test_StoreTypes*" + # # + # # + # # ### Store Tests + # # Test_Stores_KFC_11_1_2: + # # runs-on: kfutil-runner-set + # # needs: + # # - build + # # - kf_11_x_x + # # - Test_StoreTypes_KFC_11_1_2 + # # env: + # # SECRET_NAME: "command-config-1112" + # # KEYFACTOR_HOSTNAME: "integrations1112-lab.kfdelivery.com" + # # KEYFACTOR_DOMAIN: "command" + # # KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} + # # KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} + # # GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} + # # steps: + # # - name: Checkout code + # # uses: actions/checkout@v4 + # # - name: Set up private repo access for go get + # # run: | + # # git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" + # # - name: Run tests + # # run: go test -timeout 20m -v ./cmd -run "^Test_Stores_*" + # # + # # ### PAM Tests + # # Test_PAM_KFC_11_1_2: + # # runs-on: kfutil-runner-set + # # needs: + # # - build + # # - kf_11_x_x + # # - Test_StoreTypes_KFC_11_1_2 + # # env: + # # SECRET_NAME: "command-config-1112" + # # KEYFACTOR_HOSTNAME: "integrations1112-lab.kfdelivery.com" + # # KEYFACTOR_DOMAIN: "command" + # # KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} + # # KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} + # # GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN}} + # # steps: + # # - name: Checkout code + # # uses: actions/checkout@v4 + # # - name: Set up private repo access for go get + # # run: | + # # git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" + # # - name: Run tests + # # run: | + # # unset KFUTIL_DEBUG + # # go test -timeout 20m -v ./cmd -run "^Test_PAM*" + # # + # # + # # ### PAM Tests AKV Auth Provider + # # Test_AKV_PAM_KFC_11_1_2: + # # runs-on: self-hosted + # # needs: + # # - Test_PAM_KFC_11_1_2 + # # env: + # # SECRET_NAME: "command-config-1112-az" + # # steps: + # # - name: Checkout code + # # uses: actions/checkout@v4 + # # - name: Set up Go + # # uses: actions/setup-go@v5 + # # with: + # # go-version: "1.21" + # # - name: Set up private repo access for go get + # # run: | + # # git config --global url."https://$GITHUB_TOKEN:x-oauth-basic@github.com/".insteadOf "https://github.com/" + # # - name: Install dependencies + # # run: go mod download && go mod tidy + # # - name: Get secret from Azure Key Vault + # # run: | + # # . ./examples/auth/akv/akv_auth.sh + # # cat $HOME/.keyfactor/command_config.json + # # - name: Install kfutil + # # run: | + # # make install + # # - name: Run tests + # # run: | + # # go test -timeout 20m -v ./cmd -run "^Test_PAM*" ## KFC 12.x.x kf_12_x_x: