Skip to content

Commit

Permalink
Merge d3d0dcd into 6b50822
Browse files Browse the repository at this point in the history
  • Loading branch information
@leefine02
leefine02 committed Dec 19, 2023
2 parents 6b50822 + d3d0dcd commit c794ff1
Show file tree
Hide file tree
Showing 25 changed files with 443 additions and 681 deletions.
27 changes: 27 additions & 0 deletions .github/workflows/keyfactor-merge-store-types.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Keyfactor Merge Cert Store Types
on: [workflow_dispatch]

jobs:
get-manifest-properties:
runs-on: windows-latest
outputs:
update_catalog: ${{ steps.read-json.outputs.update_catalog }}
integration_type: ${{ steps.read-json.outputs.integration_type }}
steps:
- uses: actions/checkout@v3
- name: Store json
id: read-json
shell: pwsh
run: |
$json = Get-Content integration-manifest.json | ConvertFrom-Json
$myvar = $json.update_catalog
echo "update_catalog=$myvar" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
$myvar = $json.integration_type
echo "integration_type=$myvar" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
call-update-store-types-workflow:
needs: get-manifest-properties
if: needs.get-manifest-properties.outputs.integration_type == 'orchestrator' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
uses: Keyfactor/actions/.github/workflows/update-store-types.yml@main
secrets:
token: ${{ secrets.UPDATE_STORE_TYPES }}
13 changes: 10 additions & 3 deletions .github/workflows/keyfactor-starter-workflow.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,22 +5,29 @@ jobs:
call-create-github-release-workflow:
uses: Keyfactor/actions/.github/workflows/github-release.yml@main

call-assign-from-json-workflow:
uses: Keyfactor/actions/.github/workflows/assign-env-from-json.yml@main

call-dotnet-build-and-release-workflow:
needs: [call-create-github-release-workflow]
needs: [call-create-github-release-workflow, call-assign-from-json-workflow]
uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main
with:
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
release_dir: GcpCertManager/bin/Release/netcoreapp3.1 # TODO: set build output directory to upload as a release, relative to checkout workspace
release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }}

secrets:
token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }}

call-generate-readme-workflow:
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
secrets:
token: ${{ secrets.APPROVE_README_PUSH }}

call-update-catalog-workflow:
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
needs: call-assign-from-json-workflow
if: needs.call-assign-from-json-workflow.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
secrets:
token: ${{ secrets.SDK_SYNC_PAT }}
1 change: 1 addition & 0 deletions GcpCertManager/GcpCertManager.csproj
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup>
<AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
<TargetFramework>netcoreapp3.1</TargetFramework>
<RootNamespace>Keyfactor.Extensions.Orchestrator.GcpCertManager</RootNamespace>
<CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
Expand Down
167 changes: 50 additions & 117 deletions GcpCertManager/Jobs/Inventory.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ public Inventory(ILogger<Inventory> logger)
_logger = logger;
}

public string ExtensionName => "GcpCertManager";
public string ExtensionName => "";

public JobResult ProcessJob(InventoryJobConfiguration jobConfiguration,
SubmitInventoryUpdate submitInventoryUpdate)
Expand All @@ -44,74 +44,67 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
try
{
_logger.MethodEntry(LogLevel.Debug);
_logger.LogTrace($"Inventory Config {JsonConvert.SerializeObject(config)}");
_logger.LogTrace(
$"Client Machine: {config.CertificateStoreDetails.ClientMachine} ApiKey: {config.ServerPassword}");

var storeProps = JsonConvert.DeserializeObject<StorePath>(config.CertificateStoreDetails.Properties,
StoreProperties storeProperties = JsonConvert.DeserializeObject<StoreProperties>(config.CertificateStoreDetails.Properties,
new JsonSerializerSettings {DefaultValueHandling = DefaultValueHandling.Populate});
storeProperties.ProjectId = config.CertificateStoreDetails.ClientMachine;

_logger.LogTrace($"Store Properties: {JsonConvert.SerializeObject(storeProps)}");
_logger.LogTrace($"Store Properties:");
_logger.LogTrace($" Location: {storeProperties.Location}");
_logger.LogTrace($" Project Id: {storeProperties.ProjectId}");
_logger.LogTrace($" Service Account Key Path: {storeProperties.ServiceAccountKey}");

var client = new GcpCertificateManagerClient();
_logger.LogTrace("Getting Credentials from Google...");
var svc = client.GetGoogleCredentials(config.CertificateStoreDetails.ClientMachine);
var svc = string.IsNullOrEmpty(storeProperties.ServiceAccountKey) ? new CertificateManagerService() : new GcpCertificateManagerClient().GetGoogleCredentials(storeProperties.ServiceAccountKey);
_logger.LogTrace("Got Credentials from Google");


var warningFlag = false;
var sb = new StringBuilder();
sb.Append("");
var inventoryItems = new List<CurrentInventoryItem>();
var nextPageToken = string.Empty;

//todo support labels
if (storeProps != null)
foreach (var location in storeProps.Location.Split(','))
{
var storePath = $"projects/{config.CertificateStoreDetails.StorePath}/locations/{location}";
do
{
var certificatesRequest =
svc.Projects.Locations.Certificates.List(storePath);
certificatesRequest.Filter = "pemCertificate!=\"\"";
certificatesRequest.PageSize = 100;
if (nextPageToken?.Length > 0) certificatesRequest.PageToken = nextPageToken;

var certificatesResponse = certificatesRequest.Execute();
_logger.LogTrace(
$"certificatesResponse: {JsonConvert.SerializeObject(certificatesResponse)}");

nextPageToken = null;
//Debug Write Certificate List Response from Google Cert Manager
if (certificatesResponse?.Certificates != null)
inventoryItems.AddRange(certificatesResponse.Certificates.Select(
c =>
{
try
{
_logger.LogTrace(
$"Building Cert List Inventory Item Alias: {c.Name} Pem: {c.PemCertificate} Private Key: dummy (from PA API)");
return BuildInventoryItem(c.Name, c.PemCertificate,
true, storePath, svc,
storeProps
.ProjectNumber); //todo figure out how to see if private key exists not in Google Api return
}
catch
{
_logger.LogWarning(
$"Could not fetch the certificate: {c?.Name} associated with description {c?.Description}.");
sb.Append(
$"Could not fetch the certificate: {c?.Name} associated with issuer {c?.Description}.{Environment.NewLine}");
warningFlag = true;
return new CurrentInventoryItem();
}
}).Where(acsii => acsii?.Certificates != null).ToList());
var storePath = $"projects/{storeProperties.ProjectId}/locations/{storeProperties.Location}";

if (certificatesResponse?.NextPageToken?.Length > 0)
nextPageToken = certificatesResponse.NextPageToken;
} while (nextPageToken?.Length > 0);
}
do
{
var certificatesRequest =
svc.Projects.Locations.Certificates.List(storePath);
certificatesRequest.Filter = "pemCertificate!=\"\"";
certificatesRequest.PageSize = 100;
if (nextPageToken?.Length > 0) certificatesRequest.PageToken = nextPageToken;

var certificatesResponse = certificatesRequest.Execute();
_logger.LogTrace(
$"certificatesResponse: {JsonConvert.SerializeObject(certificatesResponse)}");

nextPageToken = null;
//Debug Write Certificate List Response from Google Cert Manager
if (certificatesResponse?.Certificates != null)
inventoryItems.AddRange(certificatesResponse.Certificates.Select(
c =>
{
try
{
_logger.LogTrace(
$"Building Cert List Inventory Item Alias: {c.Name} Pem: {c.PemCertificate} Private Key: dummy (from PA API)");
return BuildInventoryItem(c.Name, c.PemCertificate,
true, storePath, svc);
}
catch
{
_logger.LogWarning(
$"Could not fetch the certificate: {c?.Name} associated with description {c?.Description}.");
sb.Append(
$"Could not fetch the certificate: {c?.Name} associated with issuer {c?.Description}.{Environment.NewLine}");
warningFlag = true;
return new CurrentInventoryItem();
}
}).Where(acsii => acsii?.Certificates != null).ToList());

nextPageToken = certificatesResponse.NextPageToken;
} while (nextPageToken?.Length > 0);

_logger.LogTrace("Submitting Inventory To Keyfactor via submitInventory.Invoke");
submitInventory.Invoke(inventoryItems);
Expand Down Expand Up @@ -139,7 +132,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
}
catch (GoogleApiException e)
{
var googleError = e.Error.ErrorResponseContent;
var googleError = e.Error?.ErrorResponseContent + " " + LogHandler.FlattenException(e);
return new JobResult
{
Result = OrchestratorJobStatusJobResult.Failure,
Expand All @@ -156,7 +149,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
}

protected virtual CurrentInventoryItem BuildInventoryItem(string alias, string certPem, bool privateKey,
string storePath, CertificateManagerService svc, string projectNumber)
string storePath, CertificateManagerService svc)
{
try
{
Expand All @@ -166,16 +159,8 @@ protected virtual CurrentInventoryItem BuildInventoryItem(string alias, string c
//1. Look up certificate map entries based on certificate name
var certAttributes = GetCertificateAttributes(storePath);
var modAlias = alias.Split('/')[5];
var mapSettings = GetMapSettings(storePath, modAlias, svc, projectNumber);

_logger.LogTrace($"Got modAlias: {modAlias}, certAttributes and mapSettings");

if (mapSettings != null && mapSettings.ContainsKey("Certificate Map Name") &&
mapSettings["Certificate Map Name"]?.Length > 0)
modAlias = mapSettings["Certificate Map Name"] + "/" + mapSettings["Certificate Map Entry Name"] +
"/" + modAlias;

_logger.LogTrace($"Got modAlias after map additions: {modAlias}");
_logger.LogTrace($"Got modAlias: {modAlias}");

var acsi = new CurrentInventoryItem
{
Expand Down Expand Up @@ -220,57 +205,5 @@ protected Dictionary<string, object> GetCertificateAttributes(string storePath)
throw;
}
}


protected Dictionary<string, string> GetMapSettings(string storePath, string certificateName,
CertificateManagerService svc, string projectNumber)
{
try
{
_logger.MethodEntry();
var locationName = storePath.Split('/')[3];
var siteSettingsDict = new Dictionary<string, string>();
var certName = $"projects/{projectNumber}/locations/{locationName}/certificates/{certificateName}";

_logger.LogTrace($"certName: {certName}");

//Loop through list of maps and map entries until you find the certificate
var mapListRequest =
svc.Projects.Locations.CertificateMaps.List(storePath);

var mapListResponse = mapListRequest.Execute();
_logger.LogTrace(
$"mapListResponse: {JsonConvert.SerializeObject(mapListResponse)}");

if (mapListResponse?.CertificateMaps != null)
foreach (var map in mapListResponse.CertificateMaps)
{
var mapEntryListRequest =
svc.Projects.Locations.CertificateMaps.CertificateMapEntries.List(map.Name);
mapEntryListRequest.Filter = $"certificates:\"{certName}\"";
var mapEntryListResponse = mapEntryListRequest.Execute();
_logger.LogTrace(
$"mapEntryListResponse: {JsonConvert.SerializeObject(mapEntryListResponse)}");

if (mapEntryListResponse?.CertificateMapEntries?.Count > 0)
{
var mapEntry = mapEntryListResponse.CertificateMapEntries[0];
_logger.LogTrace($"mapEntry: {mapEntry}");
siteSettingsDict.Add("Certificate Map Name", map.Name.Split('/')[5]);
siteSettingsDict.Add("Certificate Map Entry Name", mapEntry.Name.Split('/')[7]);
_logger.MethodExit();
return siteSettingsDict;
}
}

_logger.MethodExit();
return siteSettingsDict;
}
catch (Exception e)
{
_logger.LogError($"Error Occurred in Inventory.GetMapSettings: {LogHandler.FlattenException(e)}");
throw;
}
}
}
}
Loading

0 comments on commit c794ff1

Please sign in to comment.