Token auth selectable (#46)

* Add Token Auth Selection

.github/workflows/keyfactor-merge-store-types.yml

@@ -0,0 +1,27 @@
+name: Keyfactor Merge Cert Store Types
+on: [workflow_dispatch]
+
+jobs:
+  get-manifest-properties:
+    runs-on: windows-latest
+    outputs:
+      update_catalog: ${{ steps.read-json.outputs.update_catalog }}
+      integration_type:  ${{ steps.read-json.outputs.integration_type }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Store json
+        id: read-json
+        shell: pwsh
+        run: |
+          $json = Get-Content integration-manifest.json | ConvertFrom-Json
+          $myvar = $json.update_catalog
+          echo "update_catalog=$myvar" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+          $myvar = $json.integration_type
+          echo "integration_type=$myvar" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+
+  call-update-store-types-workflow:
+    needs: get-manifest-properties
+    if: needs.get-manifest-properties.outputs.integration_type == 'orchestrator' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
+    uses: Keyfactor/actions/.github/workflows/update-store-types.yml@main
+    secrets: 
+      token: ${{ secrets.UPDATE_STORE_TYPES }}

Bundle/Discovery.cs

@@ -39,7 +39,7 @@ public override JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDis
                 LogHandlerCommon.Debug(logger, certificateStore, "Getting partitions");
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
 
-                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, new List<PreviousInventoryItem>());
+                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, false, new List<PreviousInventoryItem>());
                 List<string> partitions = f5.GetPartitions().Select(p => p.name).ToList();
 
                 LogHandlerCommon.Trace(logger, certificateStore, $"Found {partitions?.Count} partitions");

Bundle/Inventory.cs

@@ -40,7 +40,7 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
             {
                 base.ParseJobProperties();
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, config.LastInventory) { F5Version = base.F5Version };
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory) { F5Version = base.F5Version };
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Getting inventory for CA Bundle '{config.CertificateStoreDetails.StorePath}'");
                 inventory = f5.GetCABundleInventory();

Bundle/Management.cs

@@ -48,7 +48,7 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
                 base.ParseJobProperties();
                 base.PrimaryNodeActive();
 
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, config.LastInventory)
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, UseTokenAuth, config.LastInventory)
                 {
                     PrimaryNode = base.PrimaryNode,
                     F5Version = base.F5Version

CHANGELOG.md

@@ -1,3 +1,6 @@
+v1.5.0
+- Add new optional custom paramter - UseTokenAuth - to make token auth vs basic auth (default) a selectable option
+
 v1.4.5
 - Bug Fix: For F5-WS-REST store type, make sure certificate chain is ordered properly when installing to F5 - EE Cert => Issuing CA Cert => One-to-many Intermediate CA Certs => Root CA Cert.
 - Bug Fix: Allow PEM formats with # comments at top of file during inventory

F5Client.cs

@@ -45,6 +45,7 @@ internal class F5Client
         public string PrimaryNode { get; set; }
         public string F5Version { get; set; }
         public bool IgnoreSSLWarning { get; set; }
+        public bool UseTokenAuth { get; set; }
         private RESTHandler REST { get; set; }
         private F5Transaction Transaction { get; set; }
 
@@ -53,14 +54,15 @@ internal class F5Client
 
         #region Constructors
 
-        public F5Client(CertificateStore certificateStore, string serverUserName, string serverPassword, bool useSSL, string pfxPassword, bool ignoreSSLWarning, IEnumerable<PreviousInventoryItem> inventory)
+        public F5Client(CertificateStore certificateStore, string serverUserName, string serverPassword, bool useSSL, string pfxPassword, bool ignoreSSLWarning, bool useTokenAuth, IEnumerable<PreviousInventoryItem> inventory)
         {
             CertificateStore = certificateStore;
             ServerUserName = serverUserName;
             ServerPassword = serverPassword;
             UseSSL = useSSL;
             PFXPassword = pfxPassword;
             IgnoreSSLWarning = ignoreSSLWarning;
+            UseTokenAuth = useTokenAuth;
             Inventory = inventory;
 
             if (logger == null)
@@ -69,7 +71,9 @@ public F5Client(CertificateStore certificateStore, string serverUserName, string
             }
 
             REST = new RESTHandler(certificateStore.ClientMachine, serverUserName, serverPassword, useSSL, IgnoreSSLWarning);
-            REST.Token = GetToken(serverUserName, serverPassword);
+
+            if (UseTokenAuth)
+                REST.Token = GetToken(serverUserName, serverPassword);
         }
 
         // Constructors

InventoryBase.cs

@@ -23,6 +23,7 @@ public abstract class InventoryBase : F5JobBase, IInventoryJobExtension
 
         protected string F5Version { get; set; }
         protected bool IgnoreSSLWarning { get; set; }
+        protected bool UseTokenAuth { get; set; }
 
         public string ExtensionName => string.Empty;
 
@@ -38,6 +39,7 @@ protected void ParseJobProperties()
             LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"F5 version '{F5Version}'");
 
             IgnoreSSLWarning = properties.IgnoreSSLWarning == null || string.IsNullOrEmpty(properties.IgnoreSSLWarning.Value) ? false : bool.Parse(properties.IgnoreSSLWarning.Value);
+            UseTokenAuth = properties.UseTokenAuth == null || string.IsNullOrEmpty(properties.UseTokenAuth.Value) ? false : bool.Parse(properties.UseTokenAuth.Value);
             LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"Ignore SSL Warnings '{IgnoreSSLWarning.ToString()}'");
         }
     }

ManagementBase.cs

@@ -28,6 +28,7 @@ public abstract class ManagementBase : F5JobBase, IManagementJobExtension
         protected int _primaryNodeRetryCount = 0;
         protected string F5Version { get; set; }
         protected bool IgnoreSSLWarning { get; set; }
+        protected bool UseTokenAuth { get; set; }
 
         public string ExtensionName => string.Empty;
 
@@ -82,6 +83,7 @@ protected void ParseJobProperties()
             LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"F5 version '{F5Version}'");
 
             IgnoreSSLWarning = properties.IgnoreSSLWarning == null || string.IsNullOrEmpty(properties.IgnoreSSLWarning.Value) ? false : bool.Parse(properties.IgnoreSSLWarning.Value);
+            UseTokenAuth = properties.UseTokenAuth == null || string.IsNullOrEmpty(properties.UseTokenAuth.Value) ? false : bool.Parse(properties.UseTokenAuth.Value);
             LogHandlerCommon.Trace(logger, JobConfig.CertificateStoreDetails, $"Ignore SSL Warnings '{IgnoreSSLWarning.ToString()}'");
         }
 
@@ -91,7 +93,7 @@ protected void PrimaryNodeActive()
 
             if (PrimaryNodeOnlineRequired)
             {
-                F5Client f5 = new F5Client(JobConfig.CertificateStoreDetails, ServerUserName, ServerPassword, JobConfig.UseSSL, JobConfig.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, JobConfig.LastInventory)
+                F5Client f5 = new F5Client(JobConfig.CertificateStoreDetails, ServerUserName, ServerPassword, JobConfig.UseSSL, JobConfig.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, UseTokenAuth, JobConfig.LastInventory)
                 { PrimaryNode = this.PrimaryNode };
                 if (!f5.PrimaryNodeActive())
                 {

README.md

@@ -168,7 +168,7 @@ The version number of a the F5 Orchestrator can be verified by right clicking on
 
 
 
-The Custom Fields tab contains 6 custom store parameters.  The set up is consistent across store types, and should look as follows:
+The Custom Fields tab contains 10 custom store parameters (3 of which, Server Username, Server Password, and Use SSL were set up on the Basic tab and are not actually custom parameters you need or want to modify on this tab).  The set up is consistent across store types, and should look as follows:
 
 ![](images/image3.png)<br>  
 ![](images/image6.png)<br>  
@@ -177,6 +177,7 @@ The Custom Fields tab contains 6 custom store parameters.  The set up is consist
 ![](images/image4.png)<br>  
 ![](images/image5.png)<br>  
 ![](images/image15.png)<br>  
+![](images/image16.png)<br>  
 
 If any or all of the 3 certificate store types were already set up on installation of Keyfactor, you may only need to add Primary Node Online Required and Ignore SSL Warning.  These parameters, however, are optional and only necessary if needed to be set to true.  Please see the descriptions below in "2a. Create a F5 Certificate Store wihin Keyfactor Command.
 
@@ -213,6 +214,8 @@ If you choose to manually create a F5 store In Keyfactor Command rather than run
 
 - **Ignore SSL Warning** - Optional.  Select this if you wish to ignore SSL warnings from F5 that occur during API calls when the site does not have a trusted certificate with the proper SAN bound to it.  If you choose not to add this custom field, the default value of False will be assumed and SSL warnings will cause errors during orchestrator extension jobs.
 
+- **Use Token Authentication** - Optional.  Select this if you wish to use F5's token authentiation instead of basic authentication for all API requests.  If you choose not to add this custom field, the default value of False will be assumed and basic authentication will be used for all API requests for all jobs.  Setting this value to True will enable an initial basic authenticated request to acquire an authentication token, which will then be used for all subsequent API requests.
+
 - **Orchestrator** – Required.  Select the orchestrator you wish to use to manage this store
 
 - **Inventory Schedule** – Set a schedule for running Inventory jobs or none, if you choose not to schedule Inventory at this time.

RESTHandler.cs

@@ -274,8 +274,14 @@ public void UploadFile(string filename, byte[] fileBytes)
                 webClient.Headers.Add("ServerHost", $"{GetProtocol()}{Host}/mgmt/shared/file-transfer/uploads/{filename}");
                 webClient.Headers.Add("Content-Type", "application/octet-stream");
                 webClient.Headers.Add("Content-Range", $"0-{fileBytes.Length - 1}/{fileBytes.Length}");
-                webClient.Headers.Add("X-F5-Auth-Token", Token);
-                //webClient.Headers.Add("Authorization", $"Basic {Convert.ToBase64String(Encoding.ASCII.GetBytes($"{User}:{Password}"))}");
+                if (Token == null)
+                {
+                    webClient.Headers.Add("Authorization", $"Basic {Convert.ToBase64String(Encoding.ASCII.GetBytes($"{User}:{Password}"))}");
+                }
+                else
+                {
+                    webClient.Headers.Add("X-F5-Auth-Token", Token);
+                }
 
                 webClient.UploadData($"{GetProtocol()}{Host}/mgmt/shared/file-transfer/uploads/{filename}", fileBytes);
             }

SSLProfile/Discovery.cs

@@ -40,7 +40,7 @@ public override JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDis
 
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
 
-                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, new List<PreviousInventoryItem>());
+                F5Client f5 = new F5Client(certificateStore, ServerUserName, ServerPassword, config.UseSSL, string.Empty, true, false, new List<PreviousInventoryItem>());
                 List<string> locations = f5.GetPartitions().Select(p => p.name).ToList();
 
                 LogHandlerCommon.Debug(logger, certificateStore, $"Submitting {locations?.Count} partitions");

SSLProfile/Inventory.cs

@@ -40,7 +40,7 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
             {
                 base.ParseJobProperties();
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, config.LastInventory) { F5Version = base.F5Version };
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory) { F5Version = base.F5Version };
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Getting inventory from '{config.CertificateStoreDetails.StorePath}'");
                 inventory = f5.GetSSLProfiles(20);

SSLProfile/Management.cs

@@ -47,7 +47,7 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
                 base.ParseJobProperties();
                 base.PrimaryNodeActive();
 
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, config.LastInventory)
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, config.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, UseTokenAuth, config.LastInventory)
                 {
                     PrimaryNode = base.PrimaryNode,
                     F5Version = base.F5Version

WebServer/Inventory.cs

@@ -43,7 +43,7 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv
                 base.ParseJobProperties();
                 SetPAMSecrets(config.ServerUsername, config.ServerPassword, logger);
 
-                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, config.LastInventory);
+                F5Client f5 = new F5Client(config.CertificateStoreDetails, ServerUserName, ServerPassword, config.UseSSL, null, IgnoreSSLWarning, UseTokenAuth, config.LastInventory);
 
                 LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, "Getting the F5 web server device inventory");
                 inventory = f5.GetWebServerInventory();

WebServer/Management.cs

@@ -47,7 +47,7 @@ public override JobResult ProcessJob(ManagementJobConfiguration config)
                 base.ParseJobProperties();
                 base.PrimaryNodeActive();
 
-                F5Client f5 = new F5Client(JobConfig.CertificateStoreDetails, ServerUserName, ServerPassword, JobConfig.UseSSL, JobConfig.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, JobConfig.LastInventory)
+                F5Client f5 = new F5Client(JobConfig.CertificateStoreDetails, ServerUserName, ServerPassword, JobConfig.UseSSL, JobConfig.JobCertificate.PrivateKeyPassword, IgnoreSSLWarning, UseTokenAuth, JobConfig.LastInventory)
                 {
                     PrimaryNode = base.PrimaryNode
                 };