From f8650e0137b737ee836ec1b0ebc3f221bd443fad Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 12 Jun 2024 16:59:21 -0700 Subject: [PATCH 1/9] New Pull Request - all:latest (#194) * fix(ci): Add KFC v12.0.0 tests. * fix(storetypes): Update all store type definitions. --- .github/workflows/tests.yml | 95 ++ README.md | 1 + store_types.json | 2157 ++++++++++++++++++++++++++++++++--- 3 files changed, 2117 insertions(+), 136 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8580a26..93ed013 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -141,7 +141,37 @@ jobs: - name: Run tests run: echo "Running tests for KF 11.x.x" + ## KFC 12.x.x + kf_12_x_x: + runs-on: ubuntu-latest + needs: + - build + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Run tests + run: echo "Running tests for KF 12.x.x" + ### Store Type Tests + Test_StoreTypes_KFC_12_0_0: + runs-on: ubuntu-latest + needs: + - build + - kf_11_x_x + env: + SECRET_NAME: "command-config-1200-clean" + KEYFACTOR_HOSTNAME: "int1200-test-clean.kfdelivery.com" + KEYFACTOR_DOMAIN: "command" + KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} + KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Run tests + run: | + unset KFUTIL_DEBUG + go test -v ./cmd -run "^Test_StoreTypes*" + Test_StoreTypes_KFC_11_2_0: runs-on: ubuntu-latest needs: @@ -182,6 +212,23 @@ jobs: ### Store Tests + Test_Stores_KFC_12_0_0: + runs-on: ubuntu-latest + needs: + - build + - kf_12_x_x + - Test_StoreTypes_KFC_12_0_0 + env: + SECRET_NAME: "command-config-1200" + KEYFACTOR_HOSTNAME: "integrations1200-lab.kfdelivery.com" + KEYFACTOR_DOMAIN: "command" + KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} + KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Run tests + run: go test -v ./cmd -run "^Test_Stores_*" Test_Stores_KFC_11_2_0: runs-on: ubuntu-latest needs: @@ -218,6 +265,27 @@ jobs: run: go test -v ./cmd -run "^Test_Stores_*" ### PAM Tests + Test_PAM_KFC_12_0_0: + runs-on: ubuntu-latest + needs: + - build + - kf_12_x_x + - Test_StoreTypes_KFC_12_0_0 + env: + SECRET_NAME: "command-config-1200" + KEYFACTOR_HOSTNAME: "integrations1200-lab.kfdelivery.com" + KEYFACTOR_DOMAIN: "command" + KEYFACTOR_USERNAME: ${{ secrets.LAB_USERNAME }} + KEYFACTOR_PASSWORD: ${{ secrets.LAB_PASSWORD }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Run tests + run: | + unset KFUTIL_DEBUG + go test -v ./cmd -run "^Test_PAM*" + + Test_PAM_KFC_11_2_0: runs-on: ubuntu-latest needs: @@ -261,6 +329,33 @@ jobs: ### PAM Tests AKV Auth Provider + Test_AKV_PAM_KFC_12_0_0: + runs-on: self-hosted + needs: + - Test_PAM_KFC_12_0_0 + env: + SECRET_NAME: "command-config-1200-az" + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.21" + - name: Install dependencies + run: go mod download && go mod tidy + - name: Get secret from Azure Key Vault + run: | + . ./examples/auth/akv/akv_auth.sh + cat $HOME/.keyfactor/command_config.json + - name: Install kfutil + run: | + make install + - name: Run tests + run: | + go test -v ./cmd -run "^Test_PAM*" + + Test_AKV_PAM_KFC_11_2_0: runs-on: self-hosted needs: diff --git a/README.md b/README.md index dfe160a..08fc1b1 100644 --- a/README.md +++ b/README.md @@ -440,3 +440,4 @@ alternatively you can specify the parent command cobra-cli add -p 'Cmd' ``` + diff --git a/store_types.json b/store_types.json index 8b7cb27..4cf67c2 100644 --- a/store_types.json +++ b/store_types.json @@ -1,16 +1,19 @@ [ { - "Name": "Azure Keyvault", - "ShortName": "AKV", + "BlueprintAllowed": false, "Capability": "AKV", + "CustomAliasAllowed": "Optional", + "EntryParameters": null, + "JobProperties": [], "LocalStore": false, - "SupportedOperations": { - "Add": true, - "Create": true, - "Discovery": true, - "Enrollment": false, - "Remove": true + "Name": "Azure Keyvault", + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" }, + "PowerShell": false, + "PrivateKeyAllowed": "Optional", "Properties": [ { "Name": "TenantId", @@ -53,26 +56,1228 @@ "Required": false } ], - "EntryParameters": null, + "ServerRequired": true, + "ShortName": "AKV", + "StorePathType": "", + "StorePathValue": "", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + } + }, + { + "Name": "AWS Certificate Manager", + "ShortName": "AWS-ACM", + "Capability": "AWS-ACM", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "UseOAuth", + "DisplayName": "Use OAuth 2.0 Provider", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + }, + { + "Name": "UseIAM", + "DisplayName": "Use IAM User Auth", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + }, + { + "Name": "OAuthScope", + "DisplayName": "OAuth Scope", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": null, + "Required": false + }, + { + "Name": "OAuthGrantType", + "DisplayName": "OAuth Grant Type", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "client_credentials", + "Required": false + }, + { + "Name": "OAuthUrl", + "DisplayName": "OAuth Url", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": "https://***/oauth2/default/v1/token", + "Required": false + }, + { + "Name": "IamAccountId", + "DisplayName": "IAM AWS Account ID", + "Type": "String", + "DependsOn": "UseIAM", + "DefaultValue": null, + "Required": false + }, + { + "Name": "OAuthAccountId", + "DisplayName": "OAuth AWS Account ID", + "Type": "String", + "DependsOn": "UseOAuth", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": true + } + ], + "EntryParameters": [ + { + "Name": "AWS Region", + "DisplayName": "AWS Region", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": false, + "OnReenrollment": false + } + } + ], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, - "StorePathType": "", - "StorePathValue": "", "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Optional" + }, + { + "Name": "Akamai Certificate Provisioning Service", + "ShortName": "Akamai", + "Capability": "Akamai", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "StoreTypeId;omitempty": 0, + "Name": "access_token", + "DisplayName": "Access Token", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": true + }, + { + "StoreTypeId;omitempty": 0, + "Name": "client_token", + "DisplayName": "Client Token", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": true + }, + { + "StoreTypeId;omitempty": 0, + "Name": "client_secret", + "DisplayName": "Client Secret", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": true + } + ], + "EntryParameters": [ + { + "StoreTypeId;omitempty": 0, + "Name": "EnrollmentId", + "DisplayName": "Enrollment ID", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "StoreTypeId;omitempty": 0, + "Name": "ContractId", + "DisplayName": "Contract ID", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "Sans", + "DisplayName": "SANs", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + } + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-addressLineOne", + "DisplayName": "Admin - Address Line 1", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-addressLineTwo", + "DisplayName": "Admin - Address Line 2", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-city", + "DisplayName": "Admin - City", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-country", + "DisplayName": "Admin - Country", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-email", + "DisplayName": "Admin - Email", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-firstName", + "DisplayName": "Admin - First Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-lastName", + "DisplayName": "Admin - Last Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-organizationName", + "DisplayName": "Admin - Organization Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-phone", + "DisplayName": "Admin - Phone", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-postalCode", + "DisplayName": "Admin - Postal Code", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-region", + "DisplayName": "Admin - Region", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "admin-title", + "DisplayName": "Admin - Title", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-addressLineOne", + "DisplayName": "Org - Address Line 1", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-addressLineTwo", + "DisplayName": "Org - Address Line 2", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-city", + "DisplayName": "Org - City", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-country", + "DisplayName": "Org - Country", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-organizationName", + "DisplayName": "Org - Organization Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-phone", + "DisplayName": "Org - Phone", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-postalCode", + "DisplayName": "Org - Postal Code", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "org-region", + "DisplayName": "Org - Region", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-addressLineOne", + "DisplayName": "Tech - Address Line 1", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-addressLineTwo", + "DisplayName": "Tech - Address Line 2", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-city", + "DisplayName": "Tech - City", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-country", + "DisplayName": "Tech - Country", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-email", + "DisplayName": "Tech - Email", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-firstName", + "DisplayName": "Tech - First Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-lastName", + "DisplayName": "Tech - Last Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-organizationName", + "DisplayName": "Tech - Organization Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-phone", + "DisplayName": "Tech - Phone", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-postalCode", + "DisplayName": "Tech - Postal Code", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-region", + "DisplayName": "Tech - Region", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + }, + { + "StoreTypeId;omitempty": 0, + "Name": "tech-title", + "DisplayName": "Tech - Title", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DefaultValue": null + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "MultipleChoice", + "StorePathValue": "[\"Production\",\"Staging\"]", + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": false, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "Azure Application Gateway Certificate Binding", + "ShortName": "AppGwBin", + "Capability": "AzureAppGwBin", + "LocalStore": false, + "ClientMachineDescription": "The Azure Tenant (directory) ID that owns the Service Principal.", + "StorePathDescription": "Azure resource ID of the application gateway, following the format: /subscriptions//resourceGroups//providers/Microsoft.Network/applicationGateways/.", + "SupportedOperations": { + "Add": true, + "Remove": false, + "Enrollment": false, + "Discovery": true, + "Inventory": false + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "Application ID of the service principal, representing the identity used for managing the Application Gateway.", + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "Description": "A Client Secret that the extension will use to authenticate with the Azure Resource Management API for managing Application Gateway certificates, OR the password that encrypts the private key in ClientCertificate", + "Required": false + }, + { + "Name": "ClientCertificate", + "DisplayName": "Client Certificate", + "Type": "Secret", + "Description": "The client certificate used to authenticate with Azure Resource Management API for managing Application Gateway certificates. See the [requirements](#client-certificate-or-client-secret) for more information.", + "Required": false + }, + { + "Name": "AzureCloud", + "DisplayName": "Azure Global Cloud Authority Host", + "Type": "MultipleChoice", + "DefaultValue": "public,china,germany,government", + "Description": "Specifies the Azure Cloud instance used by the organization.", + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DefaultValue": "true", + "Description": "Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it.", + "Required": true + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" + }, + { + "Name": "Azure App Registration (Application)", + "ShortName": "AzureApp", + "Capability": "AzureApp", + "LocalStore": false, + "ClientMachineDescription": "The Azure Tenant (directory) ID that owns the Service Principal.", + "StorePathDescription": "The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension.", + "SupportedOperations": { + "Add": true, + "Remove": true, + "Enrollment": false, + "Discovery": true, + "Inventory": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates.", + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate", + "Required": false + }, + { + "Name": "ClientCertificate", + "DisplayName": "Client Certificate", + "Type": "Secret", + "Description": "The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information.", + "Required": false + }, + { + "Name": "AzureCloud", + "DisplayName": "Azure Global Cloud Authority Host", + "Type": "MultipleChoice", + "DefaultValue": "public,china,germany,government", + "Description": "Specifies the Azure Cloud instance used by the organization.", + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DefaultValue": "true", + "Description": "Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it.", + "Required": true + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" + }, + { + "Name": "Azure Application Gateway", + "ShortName": "AzureAppGW", + "Capability": "AzureAppGW", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + } + ], + "EntryParameters": [ + { + "Name": "HTTPListenerName", + "DisplayName": "HTTP Listener Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "ServerRegistration": 13, + "InventoryEndpoint": "/AnyInventory/Update" + }, + { + "Name": "Azure Application Gateway Certificate", + "ShortName": "AzureAppGw", + "Capability": "AzureAppGw", + "LocalStore": false, + "ClientMachineDescription": "The Azure Tenant (directory) ID that owns the Service Principal.", + "StorePathDescription": "Azure resource ID of the application gateway, following the format: /subscriptions//resourceGroups//providers/Microsoft.Network/applicationGateways/.", + "SupportedOperations": { + "Add": true, + "Remove": true, + "Enrollment": false, + "Discovery": true, + "Inventory": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "Application ID of the service principal, representing the identity used for managing the Application Gateway.", + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "Description": "A Client Secret that the extension will use to authenticate with the Azure Resource Management API for managing Application Gateway certificates, OR the password that encrypts the private key in ClientCertificate", + "Required": false + }, + { + "Name": "ClientCertificate", + "DisplayName": "Client Certificate", + "Type": "Secret", + "Description": "The client certificate used to authenticate with Azure Resource Management API for managing Application Gateway certificates. See the [requirements](#client-certificate-or-client-secret) for more information.", + "Required": false + }, + { + "Name": "AzureCloud", + "DisplayName": "Azure Global Cloud Authority Host", + "Type": "MultipleChoice", + "DefaultValue": "public,china,germany,government", + "Description": "Specifies the Azure Cloud instance used by the organization.", + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DefaultValue": "true", + "Description": "Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it.", + "Required": true + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" + }, + { + "Name": "Azure Enterprise Application (Service Principal)", + "ShortName": "AzureSP", + "Capability": "AzureSP", + "LocalStore": false, + "ClientMachineDescription": "The Azure Tenant (directory) ID that owns the Service Principal.", + "StorePathDescription": "The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension.", + "SupportedOperations": { + "Add": true, + "Remove": true, + "Enrollment": false, + "Discovery": true, + "Inventory": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates.", + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate", + "Required": false + }, + { + "Name": "ClientCertificate", + "DisplayName": "Client Certificate", + "Type": "Secret", + "Description": "The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information.", + "Required": false + }, + { + "Name": "AzureCloud", + "DisplayName": "Azure Global Cloud Authority Host", + "Type": "MultipleChoice", + "DefaultValue": "public,china,germany,government", + "Description": "Specifies the Azure Cloud instance used by the organization.", + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DefaultValue": "true", + "Description": "Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it.", + "Required": true + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" + }, + { + "Name": "CiscoAsa", + "ShortName": "CiscoAsa", + "Capability": "CiscoAsa", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "CommitToDisk", + "DisplayName": "Commit To Disk", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": true + } + ], + "EntryParameters": [ + { + "Name": "interfaces", + "DisplayName": "Interfaces Comma Separated", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "JobProperties": [ + "interfaces" + ], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required" + }, + { + "Name": "CitrixAdc", + "ShortName": "CitrixAdc", + "Capability": "CitrixAdc", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": true + }, + { + "Name": "linkToIssuer", + "DisplayName": "Link To Issuer", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [ + { + "Name": "virtualServerName", + "DisplayName": "Virtual Server Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "Name": "sniCert", + "DisplayName": "SNI Cert", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "FALSE" + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "JobProperties": [ + "virtualServerName", + "sniCert" + ], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "InventoryEndpoint": "/AnyInventory/Update" + }, + { + "Name": "F5 Big IQ", + "ShortName": "F5-BigIQ", + "Capability": "F5-BigIQ", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "DeployCertificateOnRenewal", + "DisplayName": "Deploy Certificate to Linked Big IP on Renewal", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "LoginProviderName", + "DisplayName": "Authentication Provider Name", + "Type": "String", + "DependsOn": "UseTokenAuth", + "DefaultValue": "", + "Required": false + } + ], + "EntryParameters": [ + { + "Name": "Alias", + "DisplayName": "Alias (Reenrollment only)", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "" + }, + { + "Name": "Overwrite", + "DisplayName": "Overwrite (Reenrollment only)", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "False", + "Options": "" + }, + { + "Name": "SANs", + "DisplayName": "SANs (Reenrollment only)", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "" + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", "JobProperties": [], "ServerRequired": true, "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Optional" + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required" }, { - "Name": "Azure Application (Auth)", - "ShortName": "AzureApp", - "Capability": "AzureApp", - "LocalStore": false, + "Name": "F5 CA Profiles REST", + "ShortName": "F5-CA-REST", + "Capability": "F5-CA-REST", "SupportedOperations": { "Add": true, "Create": false, @@ -82,31 +1287,84 @@ }, "Properties": [ { - "StoreTypeId": 279, + "Name": "PrimaryNode", + "DisplayName": "Primary Node", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "", + "Required": true + }, + { + "Name": "PrimaryNodeCheckRetryWaitSecs", + "DisplayName": "Primary Node Check Retry Wait Seconds", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "120", + "Required": true + }, + { + "Name": "PrimaryNodeCheckRetryMax", + "DisplayName": "Primary Node Check Retry Maximum", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "3", + "Required": true + }, + { + "Name": "F5Version", + "DisplayName": "Version of F5", + "Type": "MultipleChoice", + "DependsOn": "", + "DefaultValue": "v12,v13,v14,v15", + "Required": true + }, + { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": "", + "DefaultValue": null, "Required": false }, { - "StoreTypeId": 279, "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": "", + "DefaultValue": null, "Required": false }, { - "StoreTypeId": 279, "Name": "ServerUseSsl", "DisplayName": "Use SSL", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", "Required": true + }, + { + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "", + "Required": true + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true } ], "EntryParameters": [], @@ -119,14 +1377,13 @@ "JobProperties": [], "ServerRequired": true, "PowerShell": false, - "BlueprintAllowed": false, + "BlueprintAllowed": true, "CustomAliasAllowed": "Required" }, { - "Name": "Azure Application Gateway", - "ShortName": "AzureAppGW", - "Capability": "AzureAppGW", - "LocalStore": false, + "Name": "F5 SSL Profiles REST", + "ShortName": "F5-SL-REST", + "Capability": "F5-SL-REST", "SupportedOperations": { "Add": true, "Create": false, @@ -135,96 +1392,191 @@ "Remove": true }, "Properties": [ + { + "Name": "PrimaryNode", + "DisplayName": "Primary Node", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "", + "Required": true + }, + { + "Name": "PrimaryNodeCheckRetryWaitSecs", + "DisplayName": "Primary Node Check Retry Wait Seconds", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "120", + "Required": true + }, + { + "Name": "PrimaryNodeCheckRetryMax", + "DisplayName": "Primary Node Check Retry Maximum", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "3", + "Required": true + }, + { + "Name": "F5Version", + "DisplayName": "Version of F5", + "Type": "MultipleChoice", + "DependsOn": "", + "DefaultValue": "v12,v13,v14,v15", + "Required": true + }, { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", - "DependsOn": null, + "DependsOn": "", "DefaultValue": null, - "Required": true + "Required": false }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", - "DependsOn": null, + "DependsOn": "", "DefaultValue": null, - "Required": true + "Required": false }, { "Name": "ServerUseSsl", "DisplayName": "Use SSL", "Type": "Bool", - "DependsOn": null, + "DependsOn": "", "DefaultValue": "true", - "Required": false - } - ], - "EntryParameters": [ + "Required": true + }, { - "Name": "HTTPListenerName", - "DisplayName": "HTTP Listener Name", - "Type": "String", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - } + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "", + "Required": true + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true } ], + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, - "PrivateKeyAllowed": "Required", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], "ServerRequired": true, "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Required", - "ServerRegistration": 13, - "InventoryEndpoint": "/AnyInventory/Update" + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required" }, { - "Name": "Azure Service Principal (SSO/SAML)", - "ShortName": "AzureSP", - "Capability": "AzureSP", - "LocalStore": false, + "Name": "F5 WS Profiles REST", + "ShortName": "F5-WS-REST", + "Capability": "F5-WS-REST", "SupportedOperations": { "Add": true, "Create": false, - "Discovery": true, + "Discovery": false, "Enrollment": false, - "Remove": true + "Remove": false }, "Properties": [ { - "StoreTypeId": 280, + "Name": "PrimaryNode", + "DisplayName": "Primary Node", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "", + "Required": true + }, + { + "Name": "PrimaryNodeCheckRetryWaitSecs", + "DisplayName": "Primary Node Check Retry Wait Seconds", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "120", + "Required": true + }, + { + "Name": "PrimaryNodeCheckRetryMax", + "DisplayName": "Primary Node Check Retry Maximum", + "Type": "String", + "DependsOn": "PrimaryNodeOnlineRequired", + "DefaultValue": "3", + "Required": true + }, + { + "Name": "F5Version", + "DisplayName": "Version of F5", + "Type": "MultipleChoice", + "DependsOn": "", + "DefaultValue": "v12,v13,v14,v15", + "Required": true + }, + { "Name": "ServerUsername", "DisplayName": "Server Username", "Type": "Secret", "DependsOn": "", - "DefaultValue": "", + "DefaultValue": null, "Required": false }, { - "StoreTypeId": 280, "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", "DependsOn": "", - "DefaultValue": "", + "DefaultValue": null, "Required": false }, { - "StoreTypeId": 280, "Name": "ServerUseSsl", "DisplayName": "Use SSL", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", "Required": true + }, + { + "Name": "PrimaryNodeOnlineRequired", + "DisplayName": "Primary Node Online Required", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "", + "Required": true + }, + { + "Name": "IgnoreSSLWarning", + "DisplayName": "Ignore SSL Warning", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "False", + "Required": true + }, + { + "Name": "UseTokenAuth", + "DisplayName": "Use Token Authentication", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": true } ], "EntryParameters": [], @@ -237,8 +1589,8 @@ "JobProperties": [], "ServerRequired": true, "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Required" + "BlueprintAllowed": true, + "CustomAliasAllowed": "Forbidden" }, { "Name": "Fortigate", @@ -264,6 +1616,82 @@ "Properties": [], "EntryParameters": [] }, + { + "Name": "GCP Load Balancer", + "ShortName": "GCPLoadBal", + "Capability": "GCPLoadBal", + "ServerRequired": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Optional", + "PowerShell": false, + "PrivateKeyAllowed": "Required", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, + "Properties": [ + { + "Name": "jsonKey", + "DisplayName": "Service Account Key", + "Required": true, + "DependsOn": "", + "Type": "Secret", + "DefaultValue": "" + } + ], + "EntryParameters": [] + }, + { + "Name": "GCP Certificate Manager", + "ShortName": "GcpCertMgr", + "Capability": "GcpCertMgr", + "ServerRequired": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Required", + "StorePathType": "", + "StorePathValue": "n/a", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": false + }, + "Properties": [ + { + "Name": "Location", + "DisplayName": "Location", + "Type": "String", + "DependsOn": "", + "DefaultValue": "global", + "Required": true + }, + { + "Name": "ServiceAccountKey", + "DisplayName": "Service Account Key File Path", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + } + ], + "EntryParameters": [] + }, { "Name": "Hashicorp Vault Key-Value", "ShortName": "HCVKV", @@ -401,6 +1829,8 @@ "StoreRequired": false, "Style": "Default" }, + "StorePathType": "", + "StorePathValue": "", "PrivateKeyAllowed": "Optional", "JobProperties": [], "ServerRequired": true, @@ -476,6 +1906,8 @@ "StoreRequired": false, "Style": "Default" }, + "StorePathType": "", + "StorePathValue": "", "PrivateKeyAllowed": "Optional", "JobProperties": [], "ServerRequired": true, @@ -626,6 +2058,8 @@ "StoreRequired": false, "Style": "Default" }, + "StorePathType": "", + "StorePathValue": "", "PrivateKeyAllowed": "Optional", "JobProperties": [], "ServerRequired": true, @@ -853,7 +2287,7 @@ "HasPrivateKey": false, "OnAdd": false, "OnRemove": false, - "OnReenrollment": false + "OnReenrollment": true }, "DependsOn": "", "DefaultValue": "", @@ -872,6 +2306,30 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" }, + { + "Name": "Imperva", + "ShortName": "Imperva", + "Capability": "Imperva", + "ServerRequired": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Required", + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true + }, + "Properties": [], + "EntryParameters": [] + }, { "Name": "K8SCert", "ShortName": "K8SCert", @@ -908,6 +2366,30 @@ "DependsOn": "", "DefaultValue": "cert", "Required": true + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true } ], "EntryParameters": null, @@ -939,18 +2421,28 @@ }, "Properties": [ { - "Name": "SeparateChain", - "DisplayName": "Separate Certificate Chain", - "Type": "Bool", - "DefaultValue": "false", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, "Required": false }, { - "Name": "IncludeCertChain", - "DisplayName": "Include Certificate Chain", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", "Type": "Bool", + "DependsOn": "", "DefaultValue": "true", - "Required": false + "Required": true } ], "EntryParameters": null, @@ -1010,8 +2502,8 @@ "DisplayName": "CertificateDataFieldName", "Type": "String", "DependsOn": "", - "DefaultValue": ".jks", - "Required": true + "DefaultValue": null, + "Required": false }, { "Name": "PasswordFieldName", @@ -1099,18 +2591,28 @@ "Required": false }, { - "Name": "SeparateChain", - "DisplayName": "Separate Certificate Chain", - "Type": "Bool", - "DefaultValue": "false", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, "Required": false }, { - "Name": "IncludeCertChain", - "DisplayName": "Include Certificate Chain", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", "Type": "Bool", + "DependsOn": "", "DefaultValue": "true", - "Required": false + "Required": true } ], "EntryParameters": null, @@ -1141,14 +2643,6 @@ "Remove": true }, "Properties": [ - { - "Name": "KubeSecretType", - "DisplayName": "Kube Secret Type", - "Type": "String", - "DependsOn": "", - "DefaultValue": "pkcs12", - "Required": true - }, { "Name": "KubeSecretKey", "DisplayName": "Kube Secret Key", @@ -1157,14 +2651,6 @@ "DefaultValue": "pfx", "Required": false }, - { - "Name": "CertificateDataFieldName", - "DisplayName": "CertificateDataFieldName", - "Type": "String", - "DependsOn": "", - "DefaultValue": ".p12", - "Required": true - }, { "Name": "PasswordFieldName", "DisplayName": "Password Field Name", @@ -1197,6 +2683,38 @@ "DefaultValue": null, "Required": false }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true + }, + { + "Name": "KubeSecretType", + "DisplayName": "Kube Secret Type", + "Type": "String", + "DependsOn": "", + "DefaultValue": "pkcs12", + "Required": true + }, { "Name": "StorePasswordPath", "DisplayName": "StorePasswordPath", @@ -1259,21 +2777,153 @@ "Required": true }, { - "Name": "SeparateChain", - "DisplayName": "Separate Certificate Chain", - "Type": "Bool", - "DefaultValue": "false", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, "Required": false }, { - "Name": "IncludeCertChain", - "DisplayName": "Include Certificate Chain", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", "Type": "Bool", + "DependsOn": "", "DefaultValue": "true", + "Required": true + } + ], + "EntryParameters": null, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "K8STLSSecr", + "ShortName": "K8STLSSecr", + "Capability": "K8STLSSecr", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "tls_secret", + "Required": true + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true + } + ], + "EntryParameters": null, + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "MyOrchestratorStoreType", + "ShortName": "MOST", + "Capability": "MOST", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "CustomField1", + "DisplayName": "CustomField1", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": true + }, + { + "Name": "CustomField2", + "DisplayName": "CustomField2", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -1281,7 +2931,7 @@ }, "StorePathType": "", "StorePathValue": "", - "PrivateKeyAllowed": "Optional", + "PrivateKeyAllowed": "Forbidden", "JobProperties": [], "ServerRequired": true, "PowerShell": false, @@ -1289,71 +2939,132 @@ "CustomAliasAllowed": "Forbidden" }, { - "Name": "K8STLSSecr", - "ShortName": "K8STLSSecr", - "Capability": "K8STLSSecr", + "Name": "Nmap Orchestrator", + "ShortName": "Nmap", + "Capability": "Nmap", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Inventory": true, + "Reenrollment": false, + "Remove": true + }, + "Properties": [], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "Freeform", + "StorePathValue": "", + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": false, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Optional" + }, + { + "Name": "PaloAlto", + "ShortName": "PaloAlto", + "Capability": "PaloAlto", "LocalStore": false, "SupportedOperations": { "Add": true, - "Create": true, - "Discovery": true, + "Create": false, + "Discovery": false, "Enrollment": false, "Remove": true }, "Properties": [ { - "Name": "KubeNamespace", - "DisplayName": "KubeNamespace", - "Type": "String", - "DependsOn": "", + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": null, "DefaultValue": null, "Required": false }, { - "Name": "KubeSecretName", - "DisplayName": "KubeSecretName", - "Type": "String", - "DependsOn": "", + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": null, "DefaultValue": null, "Required": false }, { - "Name": "KubeSecretType", - "DisplayName": "KubeSecretType", - "Type": "String", - "DependsOn": "", - "DefaultValue": "tls_secret", + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", "Required": true }, { - "Name": "SeparateChain", - "DisplayName": "Separate Certificate Chain", - "Type": "Bool", - "DefaultValue": "false", + "Name": "DeviceGroup", + "DisplayName": "Device Group", + "Type": "String", + "DependsOn": null, + "DefaultValue": null, "Required": false + } + ], + "EntryParameters": [ + { + "Name": "TlsMinVersion", + "DisplayName": "TLS Min Version", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Options": ",tls1-0,tls1-1,tls1-2" }, { - "Name": "IncludeCertChain", - "DisplayName": "Include Certificate Chain", - "Type": "Bool", - "DefaultValue": "true", - "Required": false + "Name": "TLSMaxVersion", + "DisplayName": "TLS Max Version", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Options": ",tls1-0,tls1-1,tls1-2,max" + }, + { + "Name": "TlsProfileName", + "DisplayName": "TLS Profile Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } } ], - "EntryParameters": null, "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, - "StorePathType": "", - "StorePathValue": "", "PrivateKeyAllowed": "Optional", - "JobProperties": [], + "JobProperties": [ + "TlsMinVersion", + "TLSMaxVersion", + "TlsProfileName" + ], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" + "CustomAliasAllowed": "Required" }, { "Name": "RFDER", @@ -1393,6 +3104,14 @@ "Type": "String", "DefaultValue": "" }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, { "Name": "SeparatePrivateKeyFilePath", "DisplayName": "Separate Private Key File Location", @@ -1441,6 +3160,14 @@ "DependsOn": "", "Type": "String", "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" } ], "EntryParameters": [] @@ -1482,6 +3209,14 @@ "DependsOn": "", "Type": "String", "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" } ], "EntryParameters": [] @@ -1524,6 +3259,14 @@ "Type": "String", "DefaultValue": "" }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, { "Name": "WorkFolder", "DisplayName": "Location to use for creation/removal of work files", @@ -1573,6 +3316,14 @@ "Type": "String", "DefaultValue": "" }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, { "Name": "IsTrustStore", "DisplayName": "Trust Store", @@ -1604,6 +3355,14 @@ "DependsOn": "", "Type": "Bool", "DefaultValue": false + }, + { + "Name": "IgnorePrivateKeyOnInventory", + "DisplayName": "Ignore Private Key On Inventory", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": false } ], "EntryParameters": [] @@ -1645,6 +3404,14 @@ "DependsOn": "", "Type": "String", "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" } ], "EntryParameters": [] @@ -1904,5 +3671,123 @@ "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "WinSql", + "ShortName": "WinSql", + "Capability": "WinSql", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "WinRm Protocol", + "DisplayName": "WinRm Protocol", + "Type": "MultipleChoice", + "DependsOn": null, + "DefaultValue": "https,http", + "Required": true + }, + { + "Name": "WinRm Port", + "DisplayName": "WinRm Port", + "Type": "String", + "DependsOn": null, + "DefaultValue": "5986", + "Required": true + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": true + }, + { + "Name": "RestartService", + "DisplayName": "Restart SQL Service After Cert Installed", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + } + ], + "EntryParameters": [ + { + "Name": "InstanceName", + "DisplayName": "Instance Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "Name": "ProviderName", + "DisplayName": "Crypto Provider Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "" + }, + { + "Name": "SAN", + "DisplayName": "SAN", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "" + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathValue": "My", + "PrivateKeyAllowed": "Optional", + "JobProperties": [ + "InstanceName" + ], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Forbidden" } ] \ No newline at end of file From 33b37280f0d29a22597d42454943d758846d894e Mon Sep 17 00:00:00 2001 From: sbailey <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 13 Jun 2024 08:29:30 -0700 Subject: [PATCH 2/9] fix(storetypes): Update `AzureAppGw`, `CiscoAsa`, `CitrixAdc`, `PaloAlto`, and `WinSql` Signed-off-by: sbailey <1661003+spbsoluble@users.noreply.github.com> --- store_types.json | 79 ------------------------------------------------ 1 file changed, 79 deletions(-) diff --git a/store_types.json b/store_types.json index 4cf67c2..e2404b3 100644 --- a/store_types.json +++ b/store_types.json @@ -820,70 +820,6 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, - { - "Name": "Azure Application Gateway", - "ShortName": "AzureAppGW", - "Capability": "AzureAppGW", - "LocalStore": false, - "SupportedOperations": { - "Add": true, - "Create": false, - "Discovery": true, - "Enrollment": false, - "Remove": true - }, - "Properties": [ - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": null, - "DefaultValue": "true", - "Required": false - } - ], - "EntryParameters": [ - { - "Name": "HTTPListenerName", - "DisplayName": "HTTP Listener Name", - "Type": "String", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - } - } - ], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Required", - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Required", - "ServerRegistration": 13, - "InventoryEndpoint": "/AnyInventory/Update" - }, { "Name": "Azure Application Gateway Certificate", "ShortName": "AzureAppGw", @@ -1077,9 +1013,6 @@ "Style": "Default" }, "PrivateKeyAllowed": "Required", - "JobProperties": [ - "interfaces" - ], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": true, @@ -1162,10 +1095,6 @@ "Style": "Default" }, "PrivateKeyAllowed": "Required", - "JobProperties": [ - "virtualServerName", - "sniCert" - ], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, @@ -3056,11 +2985,6 @@ "Style": "Default" }, "PrivateKeyAllowed": "Optional", - "JobProperties": [ - "TlsMinVersion", - "TLSMaxVersion", - "TlsProfileName" - ], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, @@ -3782,9 +3706,6 @@ }, "StorePathValue": "My", "PrivateKeyAllowed": "Optional", - "JobProperties": [ - "InstanceName" - ], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": true, From 2bece388aca9a8b7f7e1717074227caf89271dc9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 11:29:10 -0700 Subject: [PATCH 3/9] New Pull Request - all:latest (#203) * chore(storetypes): Add `bosch-ipcamera-orchestrator` Signed-off-by: sbailey <1661003+spbsoluble@users.noreply.github.com> --------- Signed-off-by: sbailey <1661003+spbsoluble@users.noreply.github.com> Co-authored-by: Keyfactor Co-authored-by: sbailey <1661003+spbsoluble@users.noreply.github.com> --- store_types.json | 86 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/store_types.json b/store_types.json index e2404b3..885f9e5 100644 --- a/store_types.json +++ b/store_types.json @@ -948,6 +948,92 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Required" }, + { + "Name": "Bosch IP Camera", + "ShortName": "BIPCamera", + "Capability": "BIPCamera", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": null, + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": true + } + ], + "EntryParameters": [ + { + "Name": "CertificateUsage", + "DisplayName": "Certificate Usage", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client" + }, + { + "Name": "Name", + "DisplayName": "Name (Alias)", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + } + }, + { + "Name": "Overwrite", + "DisplayName": "Overwrite", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "false" + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Required" + }, { "Name": "CiscoAsa", "ShortName": "CiscoAsa", From ca778b6ae0f0e2dcc8ac4254ca0eca953d0f4543 Mon Sep 17 00:00:00 2001 From: sbailey <1661003+spbsoluble@users.noreply.github.com> Date: Tue, 9 Jul 2024 15:23:15 -0700 Subject: [PATCH 4/9] fix(store-types): Update `BIPCamera` definition with correct `Capability` and remove unsupported operations. Signed-off-by: sbailey <1661003+spbsoluble@users.noreply.github.com> --- store_types.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/store_types.json b/store_types.json index 885f9e5..3460b5b 100644 --- a/store_types.json +++ b/store_types.json @@ -951,14 +951,14 @@ { "Name": "Bosch IP Camera", "ShortName": "BIPCamera", - "Capability": "BIPCamera", + "Capability": "BoschIpCamera", "LocalStore": false, "SupportedOperations": { - "Add": true, + "Add": false, "Create": false, "Discovery": false, "Enrollment": true, - "Remove": true + "Remove": false }, "Properties": [ { From 56eeeed285ca508cbd8fca91d70e30d228dcd3c2 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 4 Sep 2024 21:32:02 +0000 Subject: [PATCH 5/9] Update store_types.json for all:latest --- store_types.json | 249 ++++++++++------------------------------------- 1 file changed, 51 insertions(+), 198 deletions(-) diff --git a/store_types.json b/store_types.json index 3460b5b..cf7471a 100644 --- a/store_types.json +++ b/store_types.json @@ -180,7 +180,7 @@ "StoreRequired": false, "Style": "Default" }, - "PrivateKeyAllowed": "Optional", + "PrivateKeyAllowed": "Required", "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": true, @@ -951,14 +951,14 @@ { "Name": "Bosch IP Camera", "ShortName": "BIPCamera", - "Capability": "BoschIpCamera", + "Capability": "BIPCamera", "LocalStore": false, "SupportedOperations": { - "Add": false, + "Add": true, "Create": false, "Discovery": false, "Enrollment": true, - "Remove": false + "Remove": true }, "Properties": [ { @@ -2381,30 +2381,6 @@ "DependsOn": "", "DefaultValue": "cert", "Required": true - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": null, @@ -2436,28 +2412,18 @@ }, "Properties": [ { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, + "Name": "SeparateChain", + "DisplayName": "Separate Certificate Chain", + "Type": "Bool", + "DefaultValue": "false", "Required": false }, { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", "Type": "Bool", - "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": false } ], "EntryParameters": null, @@ -2517,8 +2483,8 @@ "DisplayName": "CertificateDataFieldName", "Type": "String", "DependsOn": "", - "DefaultValue": null, - "Required": false + "DefaultValue": ".jks", + "Required": true }, { "Name": "PasswordFieldName", @@ -2530,7 +2496,7 @@ }, { "Name": "PasswordIsK8SSecret", - "DisplayName": "PasswordIsK8SSecret", + "DisplayName": "Password Is K8S Secret", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -2543,36 +2509,12 @@ "DependsOn": "", "DefaultValue": null, "Required": false - }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true } ], "EntryParameters": null, "PasswordOptions": { "EntrySupported": false, - "StoreRequired": true, + "StoreRequired": false, "Style": "Default" }, "StorePathType": "", @@ -2606,28 +2548,18 @@ "Required": false }, { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, + "Name": "SeparateChain", + "DisplayName": "Separate Certificate Chain", + "Type": "Bool", + "DefaultValue": "false", "Required": false }, { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", "Type": "Bool", - "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": false } ], "EntryParameters": null, @@ -2659,12 +2591,20 @@ }, "Properties": [ { - "Name": "KubeSecretKey", - "DisplayName": "Kube Secret Key", + "Name": "KubeSecretType", + "DisplayName": "Kube Secret Type", "Type": "String", "DependsOn": "", - "DefaultValue": "pfx", - "Required": false + "DefaultValue": "pkcs12", + "Required": true + }, + { + "Name": "CertificateDataFieldName", + "DisplayName": "CertificateDataFieldName", + "Type": "String", + "DependsOn": "", + "DefaultValue": ".p12", + "Required": true }, { "Name": "PasswordFieldName", @@ -2698,38 +2638,6 @@ "DefaultValue": null, "Required": false }, - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": "", - "DefaultValue": "true", - "Required": true - }, - { - "Name": "KubeSecretType", - "DisplayName": "Kube Secret Type", - "Type": "String", - "DependsOn": "", - "DefaultValue": "pkcs12", - "Required": true - }, { "Name": "StorePasswordPath", "DisplayName": "StorePasswordPath", @@ -2742,7 +2650,7 @@ "EntryParameters": null, "PasswordOptions": { "EntrySupported": false, - "StoreRequired": true, + "StoreRequired": false, "Style": "Default" }, "StorePathType": "", @@ -2792,28 +2700,18 @@ "Required": true }, { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, + "Name": "SeparateChain", + "DisplayName": "Separate Certificate Chain", + "Type": "Bool", + "DefaultValue": "false", "Required": false }, { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", "Type": "Bool", - "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": false } ], "EntryParameters": null, @@ -2869,28 +2767,18 @@ "Required": true }, { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, + "Name": "SeparateChain", + "DisplayName": "Separate Certificate Chain", + "Type": "Bool", + "DefaultValue": "false", "Required": false }, { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", "Type": "Bool", - "DependsOn": "", "DefaultValue": "true", - "Required": true + "Required": false } ], "EntryParameters": null, @@ -3028,49 +2916,14 @@ "Required": false } ], - "EntryParameters": [ - { - "Name": "TlsMinVersion", - "DisplayName": "TLS Min Version", - "Type": "MultipleChoice", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "Options": ",tls1-0,tls1-1,tls1-2" - }, - { - "Name": "TLSMaxVersion", - "DisplayName": "TLS Max Version", - "Type": "MultipleChoice", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "Options": ",tls1-0,tls1-1,tls1-2,max" - }, - { - "Name": "TlsProfileName", - "DisplayName": "TLS Profile Name", - "Type": "String", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - } - } - ], + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, "Style": "Default" }, "PrivateKeyAllowed": "Optional", + "JobProperties": [], "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, From 6ee895944f85a2ac458ab155ccd9c15cd2f66023 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 23 Oct 2024 12:12:36 -0700 Subject: [PATCH 6/9] feat(inv): add sub command `rfpkcs12fix` to `stores inventory`. This subcli will "fix" stores of type `RFPKCS12` that contain more than 1 certificate chain by removing all chains, except for the most recently issued leaf cert. Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- cmd/helpers.go | 10 +- cmd/inventory.go | 660 +++++++++++++++++++++++++++++++++++++---- pkg/version/version.go | 2 +- 3 files changed, 608 insertions(+), 64 deletions(-) diff --git a/cmd/helpers.go b/cmd/helpers.go index 0a07df8..b45ea06 100644 --- a/cmd/helpers.go +++ b/cmd/helpers.go @@ -19,16 +19,17 @@ import ( "encoding/json" "errors" "fmt" - "github.com/google/uuid" - "github.com/rs/zerolog" - "github.com/rs/zerolog/log" - "github.com/spf13/cobra" "io" "net/http" "os" "path/filepath" "strconv" "time" + + "github.com/google/uuid" + "github.com/rs/zerolog" + "github.com/rs/zerolog/log" + "github.com/spf13/cobra" ) func boolToPointer(b bool) *bool { @@ -191,6 +192,7 @@ func initLogger() { zerolog.TimeFieldFormat = zerolog.TimeFormatUnix log.Logger = log.With().Caller().Logger() log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: time.RFC3339}) + zerolog.SetGlobalLevel(zerolog.Disabled) } func intToPointer(i int) *int { diff --git a/cmd/inventory.go b/cmd/inventory.go index 0b004ec..be7885a 100644 --- a/cmd/inventory.go +++ b/cmd/inventory.go @@ -15,11 +15,17 @@ package cmd import ( + "encoding/csv" "encoding/json" "fmt" + "log" + "os" + "reflect" + "strconv" + "time" + "github.com/Keyfactor/keyfactor-go-client/v2/api" "github.com/spf13/cobra" - "log" ) // inventoryCmd represents the inventory command @@ -133,7 +139,11 @@ var inventoryClearCmd = &cobra.Command{ } if !force { - fmt.Printf("This will clear the inventory of ALL certificates in the store %s:%s. Are you sure you sure?! Press 'y' to continue? (y/n) ", store.ClientMachine, store.StorePath) + fmt.Printf( + "This will clear the inventory of ALL certificates in the store %s:%s. Are you sure you sure?! Press 'y' to continue? (y/n) ", + store.ClientMachine, + store.StorePath, + ) var answer string fmt.Scanln(&answer) if answer != "y" { @@ -145,7 +155,8 @@ var inventoryClearCmd = &cobra.Command{ for _, inv := range *sInvs { certs := inv.Certificates for _, cert := range certs { - st := api.CertificateStore{ //TODO: This conversion is a bit weird to have to do. Should be able to pass the store directly. + st := api.CertificateStore{ + //TODO: This conversion is a bit weird to have to do. Should be able to pass the store directly. CertificateStoreId: store.Id, Alias: cert.Thumbprint, Overwrite: true, @@ -163,12 +174,23 @@ var inventoryClearCmd = &cobra.Command{ if !dryRun { _, err := kfClient.RemoveCertificateFromStores(&removeReq) if err != nil { - fmt.Printf("Error removing certificate %s(%d) from store %s: %s\n", cert.IssuedDN, cert.Id, st.CertificateStoreId, err) + fmt.Printf( + "Error removing certificate %s(%d) from store %s: %s\n", + cert.IssuedDN, + cert.Id, + st.CertificateStoreId, + err, + ) log.Printf("[ERROR] %s", err) continue } } else { - fmt.Printf("Dry run: Would have removed certificate %s(%d) from store %s\n", cert.IssuedDN, cert.Id, st.CertificateStoreId) + fmt.Printf( + "Dry run: Would have removed certificate %s(%d) from store %s\n", + cert.IssuedDN, + cert.Id, + st.CertificateStoreId, + ) } } @@ -264,9 +286,11 @@ attempt to add all the certificate(s) meeting the specified criteria to all stor var filteredCerts []api.GetCertificateResponse for _, cn := range subjects { - cert, err := kfClient.ListCertificates(map[string]string{ - "subject": cn, - }) + cert, err := kfClient.ListCertificates( + map[string]string{ + "subject": cn, + }, + ) if err != nil { fmt.Printf("Unable to find certificate with subject: %s\n", cn) continue @@ -274,9 +298,11 @@ attempt to add all the certificate(s) meeting the specified criteria to all stor filteredCerts = append(filteredCerts, cert...) } for _, thumbprint := range thumbprints { - cert, err := kfClient.ListCertificates(map[string]string{ - "thumbprint": thumbprint, - }) + cert, err := kfClient.ListCertificates( + map[string]string{ + "thumbprint": thumbprint, + }, + ) if err != nil { fmt.Printf("Unable to find certificate with thumbprint: %s\n", thumbprint) continue @@ -284,9 +310,11 @@ attempt to add all the certificate(s) meeting the specified criteria to all stor filteredCerts = append(filteredCerts, cert...) } for _, certID := range certIDs { - cert, err := kfClient.ListCertificates(map[string]string{ - "id": certID, - }) + cert, err := kfClient.ListCertificates( + map[string]string{ + "id": certID, + }, + ) if err != nil { fmt.Printf("Unable to find certificate with ID: %s\n", certID) continue @@ -323,7 +351,8 @@ attempt to add all the certificate(s) meeting the specified criteria to all stor Immediate: boolToPointer(true), } for _, cert := range filteredCerts { - st := api.CertificateStore{ //TODO: This conversion is weird. Should be able to use the store directly. + st := api.CertificateStore{ + //TODO: This conversion is weird. Should be able to use the store directly. CertificateStoreId: store.Id, Alias: cert.Thumbprint, Overwrite: true, @@ -340,7 +369,13 @@ attempt to add all the certificate(s) meeting the specified criteria to all stor } if !dryRun { if !force { - fmt.Printf("This will add the certificate %s(%d) to certificate store %s%s's inventory. Are you sure you shouldPass to continue? (y/n) ", cert.IssuedCN, cert.Id, store.ClientMachine, store.StorePath) + fmt.Printf( + "This will add the certificate %s(%d) to certificate store %s%s's inventory. Are you sure you shouldPass to continue? (y/n) ", + cert.IssuedCN, + cert.Id, + store.ClientMachine, + store.StorePath, + ) var answer string fmt.Scanln(&answer) if answer != "y" { @@ -350,12 +385,23 @@ attempt to add all the certificate(s) meeting the specified criteria to all stor } _, err := kfClient.AddCertificateToStores(&addReq) if err != nil { - fmt.Printf("Error adding certificate %s(%d) to store %s: %s\n", cert.IssuedCN, cert.Id, st.CertificateStoreId, err) + fmt.Printf( + "Error adding certificate %s(%d) to store %s: %s\n", + cert.IssuedCN, + cert.Id, + st.CertificateStoreId, + err, + ) log.Printf("[ERROR] %s", err) continue } } else { - fmt.Printf("Dry run: Would have added certificate %s(%d) from store %s", cert.IssuedDN, cert.Id, st.CertificateStoreId) + fmt.Printf( + "Dry run: Would have added certificate %s(%d) from store %s", + cert.IssuedDN, + cert.Id, + st.CertificateStoreId, + ) } } @@ -430,9 +476,11 @@ var inventoryRemoveCmd = &cobra.Command{ var filteredCerts []api.GetCertificateResponse for _, cn := range subjects { - cert, err := kfClient.ListCertificates(map[string]string{ - "subject": cn, - }) + cert, err := kfClient.ListCertificates( + map[string]string{ + "subject": cn, + }, + ) if err != nil { fmt.Printf("Unable to find certificate with subject: %s\n", cn) continue @@ -440,9 +488,11 @@ var inventoryRemoveCmd = &cobra.Command{ filteredCerts = append(filteredCerts, cert...) } for _, thumbprint := range thumbprints { - cert, err := kfClient.ListCertificates(map[string]string{ - "thumbprint": thumbprint, - }) + cert, err := kfClient.ListCertificates( + map[string]string{ + "thumbprint": thumbprint, + }, + ) if err != nil { fmt.Printf("Unable to find certificate with thumbprint: %s\n", thumbprint) continue @@ -450,9 +500,11 @@ var inventoryRemoveCmd = &cobra.Command{ filteredCerts = append(filteredCerts, cert...) } for _, certID := range certIDs { - cert, err := kfClient.ListCertificates(map[string]string{ - "id": certID, - }) + cert, err := kfClient.ListCertificates( + map[string]string{ + "id": certID, + }, + ) if err != nil { fmt.Printf("Unable to find certificate with ID: %s\n", certID) continue @@ -490,7 +542,8 @@ var inventoryRemoveCmd = &cobra.Command{ Immediate: boolToPointer(true), } for _, cert := range filteredCerts { - st := api.CertificateStore{ //TODO: This conversion is weird. Should be able to use the store directly. + st := api.CertificateStore{ + //TODO: This conversion is weird. Should be able to use the store directly. CertificateStoreId: store.Id, Alias: cert.Thumbprint, Overwrite: true, @@ -507,7 +560,12 @@ var inventoryRemoveCmd = &cobra.Command{ } if !dryRun { if !force { - fmt.Printf("This will remove the certificate %s from certificate store %s%s's inventory. Are you sure you shouldPass to continue? (y/n) ", certToString(&cert), store.ClientMachine, store.StorePath) + fmt.Printf( + "This will remove the certificate %s from certificate store %s%s's inventory. Are you sure you shouldPass to continue? (y/n) ", + certToString(&cert), + store.ClientMachine, + store.StorePath, + ) var answer string fmt.Scanln(&answer) if answer != "y" { @@ -517,12 +575,21 @@ var inventoryRemoveCmd = &cobra.Command{ } _, err := kfClient.RemoveCertificateFromStores(&removeReq) if err != nil { - fmt.Printf("Error removing certificate %s to store %s: %s\n", certToString(&cert), st.CertificateStoreId, err) + fmt.Printf( + "Error removing certificate %s to store %s: %s\n", + certToString(&cert), + st.CertificateStoreId, + err, + ) log.Printf("[ERROR] %s", err) continue } } else { - fmt.Printf("Dry run: Would have removed certificate %s from store %s\n", certToString(&cert), st.CertificateStoreId) + fmt.Printf( + "Dry run: Would have removed certificate %s from store %s\n", + certToString(&cert), + st.CertificateStoreId, + ) } } @@ -531,6 +598,326 @@ var inventoryRemoveCmd = &cobra.Command{ }, } +var inventoryFixRFPKCS12 = &cobra.Command{ + Use: "fixrfpkcs12", + Aliases: nil, + SuggestFor: nil, + Short: "Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date.", + GroupID: "", + Long: `Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date.`, + Example: "", + ValidArgs: nil, + ValidArgsFunction: nil, + Args: nil, + ArgAliases: nil, + BashCompletionFunction: "", + Deprecated: "", + Annotations: nil, + Version: "", + PersistentPreRun: nil, + PersistentPreRunE: nil, + PreRun: nil, + PreRunE: nil, + Run: func(cmd *cobra.Command, args []string) { + force, _ := cmd.Flags().GetBool("force") + //dryRun, _ := cmd.Flags().GetBool("dry-run") + importFile, _ := cmd.Flags().GetString("file") + //csvHeader := "Alias,Issued Date,Store Path,Client Machine,StoreId" + + authConfig := createAuthConfigFromParams(kfcHostName, kfcUsername, kfcPassword, kfcDomain, kfcAPIPath) + isExperimental := true + + _, expErr := isExperimentalFeatureEnabled(expEnabled, isExperimental) + if expErr != nil { + fmt.Println(fmt.Sprintf("WARNING this is an expEnabled feature, %s", expErr)) + log.Fatalf("[ERROR]: %s", expErr) + } + + debugModeEnabled := checkDebug(debugFlag) + log.Println("Debug mode enabled: ", debugModeEnabled) + rfpkcs12StoreType := "RFPKCS12" + + kfClient, _ := initClient(configFile, profile, "", "", noPrompt, authConfig, false) + rfpkcs12StoreTypeResponse, sTypeErr := kfClient.GetCertificateStoreTypeByName(rfpkcs12StoreType) + if sTypeErr != nil { + fmt.Printf("Error getting store type id for store type %s: %s\n", rfpkcs12StoreType, sTypeErr) + log.Fatal(sTypeErr) + return + } + + type CSVLine struct { + StoreId string + StorePath string + Action string + Alias string + IssuedDN string + Thumbprint string + IssuedDate time.Time + ExpiryDate time.Time + CertId int + } + outputFileName := "rfpkcs12_fix.csv" + var outputCSV []CSVLine + + stId := rfpkcs12StoreTypeResponse.StoreType + + if importFile != "" { + fmt.Println("Importing CSV file") + //Read CSV file into outputCSV + csvFile, csvErr := os.Open(importFile) + if csvErr != nil { + fmt.Printf("Error opening CSV file: %s\n", csvErr) + log.Fatal(csvErr) + return + } + defer csvFile.Close() + //Read CSV file + reader := csv.NewReader(csvFile) + + // Read the first line (header) + header, err := reader.Read() + if err != nil { + fmt.Printf("Error reading CSV header: %s\n", err) + log.Fatal(err) + return + } + + // Read the rest of the lines + records, err := reader.ReadAll() + if err != nil { + fmt.Println("Error reading records:", err) + return + } + + for _, record := range records { + var line CSVLine + // Use reflection to map CSV values to struct fields based on header + v := reflect.ValueOf(&line).Elem() + t := v.Type() + + for i, fieldName := range header { + for j := 0; j < t.NumField(); j++ { + field := t.Field(j) + if fieldName == field.Name { + // Convert and set the value based on the field type + switch field.Type.Kind() { + case reflect.String: + v.Field(j).SetString(record[i]) + case reflect.Int: + val, _ := strconv.Atoi(record[i]) + v.Field(j).SetInt(int64(val)) + case reflect.Struct: + if field.Type == reflect.TypeOf(time.Time{}) { + layout := "2006-01-02" // assuming the date format in the CSV is YYYY-MM-DD + parsedTime, _ := time.Parse(layout, record[i]) + v.Field(j).Set(reflect.ValueOf(parsedTime)) + } + } + } + } + } + outputCSV = append(outputCSV, line) + } + } else { + log.Println("No import file specified. Listing all RFPKCS12 stores.") + params := map[string]interface{}{ + "ClientMachine": []string{}, + "ContainerId": []int{}, + "Storepath": []string{}, + "CertStoreType": []string{}, + "AgentId": []string{}, + "ContainerName": []string{}, + "Id": []string{}, + } + params["CertStoreType"] = append(params["CertStoreType"].([]string), fmt.Sprintf("%d", stId)) + stResp, err := kfClient.ListCertificateStores(¶ms) + if err != nil { + fmt.Println("Error, unable to list certificate stores. ", err) + log.Printf("[ERROR] Unable to list certificate stores: %s\n", err) + return + } + + for _, cStore := range *stResp { + inv, iErr := kfClient.GetCertStoreInventory(cStore.Id) + if iErr != nil { + fmt.Printf("Error, unable to retrieve certificate store inventory from %v: %s\n", cStore, err) + } + if inv != nil && len(*inv) > 1 { + certs := make(map[string]string) + newestAlias := "" + var newestDate time.Time + for _, cert := range *inv { + alias := cert.Name + issuedDate := cert.Certificates[0].NotBefore + certs[alias] = issuedDate + issuedDateTime, _ := time.Parse(time.RFC3339, issuedDate) + expiresDate := cert.Certificates[0].NotAfter + expiresDateTime, _ := time.Parse(time.RFC3339, expiresDate) + + newLine := CSVLine{ + StoreId: cStore.Id, + StorePath: fmt.Sprintf("%s/%s", cStore.ClientMachine, cStore.StorePath), + Action: "", + Alias: alias, + IssuedDN: cert.Certificates[0].IssuedDN, + Thumbprint: cert.Certificates[0].Thumbprint, + IssuedDate: issuedDateTime, + ExpiryDate: expiresDateTime, + CertId: cert.Certificates[0].Id, + } + outputCSV = append(outputCSV, newLine) + if newestAlias == "" { + newestAlias = alias + newestDate, _ = time.Parse(time.RFC3339, issuedDate) + } else { + issuedDate, _ := time.Parse(time.RFC3339, issuedDate) + if issuedDate.After(newestDate) { + newestAlias = alias + newestDate = issuedDate + } + } + } + + //convert outputCSV to CSV file + + csvFile, csvErr := os.Create(outputFileName) + if csvErr != nil { + fmt.Printf("Error creating CSV file: %s\n", csvErr) + log.Fatal(csvErr) + } + defer csvFile.Close() + + csvWriter := csv.NewWriter(csvFile) + defer csvWriter.Flush() + + // Write the header + header := []string{ + "StoreId", + "StorePath", + "Action", + "Alias", + "IssuedDN", + "Thumbprint", + "IssuedDate", + "ExpiryDate", + "CertId", + } + if err := csvWriter.Write(header); err != nil { + fmt.Println("Error writing header:", err) + return + } + + for _, line := range outputCSV { + if line.Alias != newestAlias { + line.Action = "REMOVE" + } + record := []string{ + line.StoreId, + line.StorePath, + line.Action, + line.Alias, + line.IssuedDN, + line.Thumbprint, + line.IssuedDate.Format(time.RFC3339), // Format date as string (adjust format as needed) + line.ExpiryDate.Format(time.RFC3339), // Format date as string (adjust format as needed) + strconv.Itoa(line.CertId), // Convert CertId (int) to string + } + if err := csvWriter.Write(record); err != nil { + fmt.Println("Error writing record:", err) + continue + } + + } + } + //invData := make(map[string]interface{}) + //invData["StoreId"] = cStore.Id + //invData["Storepath"] = cStore.StorePath + //invData["StoreType"] = cStore.CertStoreType + //invData["ContainerName"] = cStore.ContainerName + //invData["ClientMachine"] = cStore.ClientMachine + //invData["Inventory"] = inv + //if _, ok := lkup[cStore.Id]; !ok { + // output = append(output, invData) + //} + //lkup[cStore.Id] = invData + } + } + for _, line := range outputCSV { + if line.Action == "REMOVE" { + st := api.CertificateStore{ + CertificateStoreId: line.StoreId, + Alias: line.Alias, + Overwrite: true, + EntryPassword: nil, + PfxPassword: "", + IncludePrivateKey: true, + } + var stores []api.CertificateStore + stores = append(stores, st) + schedule := &api.InventorySchedule{ + Immediate: boolToPointer(true), + } + removeReq := api.RemoveCertificateFromStore{ + CertificateId: line.CertId, + Alias: line.Alias, + CertificateStores: &stores, + InventorySchedule: schedule, + } + if force { + fmt.Printf( + "Force flag specified scheduling immediate removal of certificate '%s'(%s) from store '%s'\n", + line.Alias, + line.IssuedDN, + line.StorePath, + ) + remResp, err := kfClient.RemoveCertificateFromStores(&removeReq) + if err != nil { + fmt.Printf( + "Error removing certificate '%s'(%s) from store %s: %s\n", + line.Alias, + line.IssuedDN, + line.StorePath, + err, + ) + continue + } + fmt.Printf( + "Job %s scheduled for immediate removal of certificate %s from store %s\n", remResp, + line.Alias, line.StorePath, + ) + } else { + fmt.Println("Dry run:") + fmt.Printf( + "Would have removed certificate '%s'(%s) from store '%s'\n", + line.Alias, + line.IssuedDN, + line.StorePath, + ) + fmt.Println("To execute the removal, re-run the command with the --force flag") + } + + } + } + + }, + RunE: nil, + PostRun: nil, + PostRunE: nil, + PersistentPostRun: nil, + PersistentPostRunE: nil, + FParseErrWhitelist: cobra.FParseErrWhitelist{}, + CompletionOptions: cobra.CompletionOptions{}, + TraverseChildren: false, + Hidden: false, + SilenceErrors: false, + SilenceUsage: false, + DisableFlagParsing: false, + DisableAutoGenTag: false, + DisableFlagsInUseLine: false, + DisableSuggestions: false, + SuggestionsMinimumDistance: 0, +} + var inventoryShowCmd = &cobra.Command{ Use: "show", Aliases: nil, @@ -664,47 +1051,202 @@ func init() { dryRun bool cIDs []string subjectNames []string + importFile string ) storesCmd.AddCommand(inventoryCmd) + inventoryCmd.AddCommand(inventoryFixRFPKCS12) + inventoryFixRFPKCS12.Flags().BoolVar( + &force, + "force", + false, + "Force the removal of the certificate(s) without prompting for confirmation.", + ) + inventoryFixRFPKCS12.Flags().StringVar( + &importFile, + "file", + "", + "CSV file to import for RFPKCS12 store fix.", + ) + inventoryCmd.AddCommand(inventoryClearCmd) - inventoryClearCmd.Flags().StringSliceVar(&ids, "sid", []string{}, "The Keyfactor Command ID of the certificate store(s) remove all inventory from.") - inventoryClearCmd.Flags().StringSliceVar(&clients, "client", []string{}, "Remove all inventory from store(s) of specific client machine(s).") - inventoryClearCmd.Flags().StringSliceVar(&types, "store-type", []string{}, "Remove all inventory from store(s) of specific store type(s).") - inventoryClearCmd.Flags().StringSliceVar(&containers, "container", []string{}, "Remove all inventory from store(s) of specific container type(s).") + inventoryClearCmd.Flags().StringSliceVar( + &ids, + "sid", + []string{}, + "The Keyfactor Command ID of the certificate store(s) remove all inventory from.", + ) + inventoryClearCmd.Flags().StringSliceVar( + &clients, + "client", + []string{}, + "Remove all inventory from store(s) of specific client machine(s).", + ) + inventoryClearCmd.Flags().StringSliceVar( + &types, + "store-type", + []string{}, + "Remove all inventory from store(s) of specific store type(s).", + ) + inventoryClearCmd.Flags().StringSliceVar( + &containers, + "container", + []string{}, + "Remove all inventory from store(s) of specific container type(s).", + ) inventoryClearCmd.Flags().BoolVar(&all, "all", false, "Remove all inventory from all certificate stores.") - inventoryClearCmd.Flags().BoolVar(&force, "force", false, "Force removal of inventory without prompting for confirmation.") - inventoryClearCmd.Flags().BoolVar(&dryRun, "dry-run", false, "Do not remove inventory, only show what would be removed.") + inventoryClearCmd.Flags().BoolVar( + &force, + "force", + false, + "Force removal of inventory without prompting for confirmation.", + ) + inventoryClearCmd.Flags().BoolVar( + &dryRun, + "dry-run", + false, + "Do not remove inventory, only show what would be removed.", + ) inventoryCmd.AddCommand(inventoryAddCmd) - inventoryAddCmd.Flags().StringSliceVar(&ids, "sid", []string{}, "The Keyfactor Command ID of the certificate store(s) to add inventory to.") - inventoryAddCmd.Flags().StringSliceVar(&clients, "client", []string{}, "Add a certificate to all stores of specific client machine(s).") - inventoryAddCmd.Flags().StringSliceVar(&types, "store-type", []string{}, "Add a certificate to all stores of specific store type(s).") - inventoryAddCmd.Flags().StringSliceVar(&containers, "container", []string{}, "Add a certificate to all stores of specific container type(s).") - inventoryAddCmd.Flags().StringSliceVar(&thumbprints, "thumbprint", []string{}, "The thumbprint of the certificate(s) to add to the store(s).") - inventoryAddCmd.Flags().StringSliceVar(&cIDs, "cid", []string{}, "The Keyfactor command certificate ID(s) of the certificate to add to the store(s).") - inventoryAddCmd.Flags().StringSliceVar(&subjectNames, "cn", []string{}, "Subject name(s) of the certificate(s) to add to the store(s).") + inventoryAddCmd.Flags().StringSliceVar( + &ids, + "sid", + []string{}, + "The Keyfactor Command ID of the certificate store(s) to add inventory to.", + ) + inventoryAddCmd.Flags().StringSliceVar( + &clients, + "client", + []string{}, + "Add a certificate to all stores of specific client machine(s).", + ) + inventoryAddCmd.Flags().StringSliceVar( + &types, + "store-type", + []string{}, + "Add a certificate to all stores of specific store type(s).", + ) + inventoryAddCmd.Flags().StringSliceVar( + &containers, + "container", + []string{}, + "Add a certificate to all stores of specific container type(s).", + ) + inventoryAddCmd.Flags().StringSliceVar( + &thumbprints, + "thumbprint", + []string{}, + "The thumbprint of the certificate(s) to add to the store(s).", + ) + inventoryAddCmd.Flags().StringSliceVar( + &cIDs, + "cid", + []string{}, + "The Keyfactor command certificate ID(s) of the certificate to add to the store(s).", + ) + inventoryAddCmd.Flags().StringSliceVar( + &subjectNames, + "cn", + []string{}, + "Subject name(s) of the certificate(s) to add to the store(s).", + ) inventoryAddCmd.Flags().BoolVar(&all, "all-stores", false, "Add the certificate(s) to all certificate stores.") - inventoryAddCmd.Flags().BoolVar(&force, "force", false, "Force addition of inventory without prompting for confirmation.") + inventoryAddCmd.Flags().BoolVar( + &force, + "force", + false, + "Force addition of inventory without prompting for confirmation.", + ) inventoryAddCmd.Flags().BoolVar(&dryRun, "dry-run", false, "Do not add inventory, only show what would be added.") inventoryCmd.AddCommand(inventoryRemoveCmd) - inventoryRemoveCmd.Flags().StringSliceVar(&ids, "sid", []string{}, "The Keyfactor Command ID of the certificate store(s) to remove inventory from.") - inventoryRemoveCmd.Flags().StringSliceVar(&clients, "client", []string{}, "Remove certificate(s) from all stores of specific client machine(s).") - inventoryRemoveCmd.Flags().StringSliceVar(&types, "store-type", []string{}, "Remove certificate(s) from all stores of specific store type(s).") - inventoryRemoveCmd.Flags().StringSliceVar(&containers, "container", []string{}, "Remove certificate(s) from all stores of specific container type(s).") - inventoryRemoveCmd.Flags().StringSliceVar(&thumbprints, "thumbprint", []string{}, "The thumbprint of the certificate(s) to remove from the store(s).") - inventoryRemoveCmd.Flags().StringSliceVar(&cIDs, "cid", []string{}, "The Keyfactor command certificate ID(s) of the certificate to remove from the store(s).") - inventoryRemoveCmd.Flags().StringSliceVar(&subjectNames, "cn", []string{}, "Subject name(s) of the certificate(s) to remove from the store(s).") - inventoryRemoveCmd.Flags().BoolVar(&all, "all-stores", false, "Remove the certificate(s) from all certificate stores.") - inventoryRemoveCmd.Flags().BoolVar(&force, "force", false, "Force removal of inventory without prompting for confirmation.") - inventoryRemoveCmd.Flags().BoolVar(&dryRun, "dry-run", false, "Do not remove inventory, only show what would be removed.") + inventoryRemoveCmd.Flags().StringSliceVar( + &ids, + "sid", + []string{}, + "The Keyfactor Command ID of the certificate store(s) to remove inventory from.", + ) + inventoryRemoveCmd.Flags().StringSliceVar( + &clients, + "client", + []string{}, + "Remove certificate(s) from all stores of specific client machine(s).", + ) + inventoryRemoveCmd.Flags().StringSliceVar( + &types, + "store-type", + []string{}, + "Remove certificate(s) from all stores of specific store type(s).", + ) + inventoryRemoveCmd.Flags().StringSliceVar( + &containers, + "container", + []string{}, + "Remove certificate(s) from all stores of specific container type(s).", + ) + inventoryRemoveCmd.Flags().StringSliceVar( + &thumbprints, + "thumbprint", + []string{}, + "The thumbprint of the certificate(s) to remove from the store(s).", + ) + inventoryRemoveCmd.Flags().StringSliceVar( + &cIDs, + "cid", + []string{}, + "The Keyfactor command certificate ID(s) of the certificate to remove from the store(s).", + ) + inventoryRemoveCmd.Flags().StringSliceVar( + &subjectNames, + "cn", + []string{}, + "Subject name(s) of the certificate(s) to remove from the store(s).", + ) + inventoryRemoveCmd.Flags().BoolVar( + &all, + "all-stores", + false, + "Remove the certificate(s) from all certificate stores.", + ) + inventoryRemoveCmd.Flags().BoolVar( + &force, + "force", + false, + "Force removal of inventory without prompting for confirmation.", + ) + inventoryRemoveCmd.Flags().BoolVar( + &dryRun, + "dry-run", + false, + "Do not remove inventory, only show what would be removed.", + ) inventoryCmd.AddCommand(inventoryShowCmd) - inventoryShowCmd.Flags().StringSliceVar(&ids, "sid", []string{}, "The Keyfactor Command ID of the certificate store(s) to retrieve inventory from.") - inventoryShowCmd.Flags().StringSliceVar(&clients, "client", []string{}, "Show certificate inventories for stores of specific client machine(s).") - inventoryShowCmd.Flags().StringSliceVar(&types, "store-type", []string{}, "Show certificate inventories for stores of specific store type(s).") - inventoryShowCmd.Flags().StringSliceVar(&containers, "container", []string{}, "Show certificate inventories for stores of specific container type(s).") + inventoryShowCmd.Flags().StringSliceVar( + &ids, + "sid", + []string{}, + "The Keyfactor Command ID of the certificate store(s) to retrieve inventory from.", + ) + inventoryShowCmd.Flags().StringSliceVar( + &clients, + "client", + []string{}, + "Show certificate inventories for stores of specific client machine(s).", + ) + inventoryShowCmd.Flags().StringSliceVar( + &types, + "store-type", + []string{}, + "Show certificate inventories for stores of specific store type(s).", + ) + inventoryShowCmd.Flags().StringSliceVar( + &containers, + "container", + []string{}, + "Show certificate inventories for stores of specific container type(s).", + ) } diff --git a/pkg/version/version.go b/pkg/version/version.go index 354b351..5746b7c 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -14,4 +14,4 @@ package version -const VERSION = "1.4.0" +const VERSION = "1.5.0-rc1" From e8ccb3a6407c7cacfc25e1206f8dd960ec0c2cb8 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 23 Oct 2024 13:50:59 -0700 Subject: [PATCH 7/9] chore(docs): Update docs Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- cmd/inventory.go | 21 ++++--- docs/kfutil.md | 2 +- docs/kfutil_completion.md | 2 +- docs/kfutil_completion_bash.md | 2 +- docs/kfutil_completion_fish.md | 2 +- docs/kfutil_completion_powershell.md | 2 +- docs/kfutil_completion_zsh.md | 2 +- docs/kfutil_containers.md | 2 +- docs/kfutil_containers_get.md | 2 +- docs/kfutil_containers_list.md | 2 +- docs/kfutil_export.md | 2 +- docs/kfutil_helm.md | 2 +- docs/kfutil_helm_uo.md | 2 +- docs/kfutil_import.md | 2 +- docs/kfutil_login.md | 2 +- docs/kfutil_logout.md | 2 +- docs/kfutil_orchs.md | 2 +- docs/kfutil_orchs_approve.md | 2 +- docs/kfutil_orchs_disapprove.md | 2 +- docs/kfutil_orchs_ext.md | 2 +- docs/kfutil_orchs_get.md | 2 +- docs/kfutil_orchs_list.md | 2 +- docs/kfutil_orchs_logs.md | 2 +- docs/kfutil_orchs_reset.md | 2 +- docs/kfutil_pam.md | 2 +- docs/kfutil_pam_create.md | 2 +- docs/kfutil_pam_delete.md | 2 +- docs/kfutil_pam_get.md | 2 +- docs/kfutil_pam_list.md | 2 +- docs/kfutil_pam_types-create.md | 2 +- docs/kfutil_pam_types-list.md | 2 +- docs/kfutil_pam_update.md | 2 +- docs/kfutil_status.md | 2 +- docs/kfutil_store-types.md | 2 +- docs/kfutil_store-types_create.md | 4 +- docs/kfutil_store-types_delete.md | 2 +- docs/kfutil_store-types_get.md | 2 +- docs/kfutil_store-types_list.md | 2 +- docs/kfutil_store-types_templates-fetch.md | 2 +- docs/kfutil_stores.md | 2 +- docs/kfutil_stores_delete.md | 2 +- docs/kfutil_stores_export.md | 2 +- docs/kfutil_stores_get.md | 2 +- docs/kfutil_stores_import.md | 2 +- docs/kfutil_stores_import_csv.md | 2 +- .../kfutil_stores_import_generate-template.md | 2 +- docs/kfutil_stores_inventory.md | 4 +- docs/kfutil_stores_inventory_add.md | 2 +- docs/kfutil_stores_inventory_fixrfpkcs12.md | 57 +++++++++++++++++++ docs/kfutil_stores_inventory_remove.md | 2 +- docs/kfutil_stores_inventory_show.md | 2 +- docs/kfutil_stores_list.md | 2 +- docs/kfutil_stores_rot.md | 2 +- docs/kfutil_stores_rot_audit.md | 2 +- docs/kfutil_stores_rot_generate-template.md | 2 +- docs/kfutil_stores_rot_reconcile.md | 2 +- docs/kfutil_version.md | 2 +- main.go | 4 ++ 58 files changed, 133 insertions(+), 63 deletions(-) create mode 100644 docs/kfutil_stores_inventory_fixrfpkcs12.md diff --git a/cmd/inventory.go b/cmd/inventory.go index be7885a..e81b948 100644 --- a/cmd/inventory.go +++ b/cmd/inventory.go @@ -599,13 +599,20 @@ var inventoryRemoveCmd = &cobra.Command{ } var inventoryFixRFPKCS12 = &cobra.Command{ - Use: "fixrfpkcs12", - Aliases: nil, - SuggestFor: nil, - Short: "Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date.", - GroupID: "", - Long: `Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date.`, - Example: "", + Use: "fixrfpkcs12", + Aliases: nil, + SuggestFor: nil, + Short: "Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date.", + GroupID: "", + Long: `Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date.`, + Example: ` +# The below will create a CSV file that can be reviewed and modified before running the command with the --file option. +kfutil stores inventory fixrfpkcs12 + +# The below will read the CSV file and schedule remove jobs as specified in the file where the 'Action' col is "REMOVE". +# The --force flag is *required* to actually schedule the remove jobs for the certificates. +kfutil stores inventory fixrfpkcs12 --file rfpkcs12_fix.csv --force +`, ValidArgs: nil, ValidArgsFunction: nil, Args: nil, diff --git a/docs/kfutil.md b/docs/kfutil.md index e201503..ae927e1 100644 --- a/docs/kfutil.md +++ b/docs/kfutil.md @@ -42,4 +42,4 @@ A CLI wrapper around the Keyfactor Platform API. * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. * [kfutil version](kfutil_version.md) - Shows version of kfutil -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_completion.md b/docs/kfutil_completion.md index e4557d0..c005a1e 100644 --- a/docs/kfutil_completion.md +++ b/docs/kfutil_completion.md @@ -41,4 +41,4 @@ See each sub-command's help for details on how to use the generated script. * [kfutil completion powershell](kfutil_completion_powershell.md) - Generate the autocompletion script for powershell * [kfutil completion zsh](kfutil_completion_zsh.md) - Generate the autocompletion script for zsh -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_completion_bash.md b/docs/kfutil_completion_bash.md index 81afccb..1b64ff2 100644 --- a/docs/kfutil_completion_bash.md +++ b/docs/kfutil_completion_bash.md @@ -60,4 +60,4 @@ kfutil completion bash * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_completion_fish.md b/docs/kfutil_completion_fish.md index 32b1b40..973265f 100644 --- a/docs/kfutil_completion_fish.md +++ b/docs/kfutil_completion_fish.md @@ -51,4 +51,4 @@ kfutil completion fish [flags] * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_completion_powershell.md b/docs/kfutil_completion_powershell.md index 5a19e9f..111a40a 100644 --- a/docs/kfutil_completion_powershell.md +++ b/docs/kfutil_completion_powershell.md @@ -48,4 +48,4 @@ kfutil completion powershell [flags] * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_completion_zsh.md b/docs/kfutil_completion_zsh.md index 8865a54..5487b6f 100644 --- a/docs/kfutil_completion_zsh.md +++ b/docs/kfutil_completion_zsh.md @@ -62,4 +62,4 @@ kfutil completion zsh [flags] * [kfutil completion](kfutil_completion.md) - Generate the autocompletion script for the specified shell -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_containers.md b/docs/kfutil_containers.md index 745d5f6..147b817 100644 --- a/docs/kfutil_containers.md +++ b/docs/kfutil_containers.md @@ -37,4 +37,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil containers get](kfutil_containers_get.md) - Get certificate store container by ID or name. * [kfutil containers list](kfutil_containers_list.md) - List certificate store containers. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_containers_get.md b/docs/kfutil_containers_get.md index 5838b6d..d3bb95e 100644 --- a/docs/kfutil_containers_get.md +++ b/docs/kfutil_containers_get.md @@ -40,4 +40,4 @@ kfutil containers get [flags] * [kfutil containers](kfutil_containers.md) - Keyfactor certificate store container API and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_containers_list.md b/docs/kfutil_containers_list.md index 73e5c1d..438b842 100644 --- a/docs/kfutil_containers_list.md +++ b/docs/kfutil_containers_list.md @@ -39,4 +39,4 @@ kfutil containers list [flags] * [kfutil containers](kfutil_containers.md) - Keyfactor certificate store container API and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_export.md b/docs/kfutil_export.md index 5445dc2..cbdb610 100644 --- a/docs/kfutil_export.md +++ b/docs/kfutil_export.md @@ -51,4 +51,4 @@ kfutil export [flags] * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_helm.md b/docs/kfutil_helm.md index 55754d4..597a574 100644 --- a/docs/kfutil_helm.md +++ b/docs/kfutil_helm.md @@ -42,4 +42,4 @@ kubectl helm uo | helm install -f - keyfactor-universal-orchestrator keyfactor/k * [kfutil](kfutil.md) - Keyfactor CLI utilities * [kfutil helm uo](kfutil_helm_uo.md) - Configure the Keyfactor Universal Orchestrator Helm Chart -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_helm_uo.md b/docs/kfutil_helm_uo.md index d7d8f9c..c444628 100644 --- a/docs/kfutil_helm_uo.md +++ b/docs/kfutil_helm_uo.md @@ -46,4 +46,4 @@ kfutil helm uo [-t ] [-o ] [-f ] [-e -e @,@ -o ./app/extension * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_orchs_get.md b/docs/kfutil_orchs_get.md index 5011e1a..e4736f9 100644 --- a/docs/kfutil_orchs_get.md +++ b/docs/kfutil_orchs_get.md @@ -40,4 +40,4 @@ kfutil orchs get [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_orchs_list.md b/docs/kfutil_orchs_list.md index e41c8f3..38945b1 100644 --- a/docs/kfutil_orchs_list.md +++ b/docs/kfutil_orchs_list.md @@ -39,4 +39,4 @@ kfutil orchs list [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_orchs_logs.md b/docs/kfutil_orchs_logs.md index 07c7e5d..72dfeca 100644 --- a/docs/kfutil_orchs_logs.md +++ b/docs/kfutil_orchs_logs.md @@ -40,4 +40,4 @@ kfutil orchs logs [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_orchs_reset.md b/docs/kfutil_orchs_reset.md index 0e46fd0..c6f0957 100644 --- a/docs/kfutil_orchs_reset.md +++ b/docs/kfutil_orchs_reset.md @@ -40,4 +40,4 @@ kfutil orchs reset [flags] * [kfutil orchs](kfutil_orchs.md) - Keyfactor agents/orchestrators APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam.md b/docs/kfutil_pam.md index 48ec53a..8199b61 100644 --- a/docs/kfutil_pam.md +++ b/docs/kfutil_pam.md @@ -44,4 +44,4 @@ programmatically create, delete, edit, and list PAM Providers. * [kfutil pam types-list](kfutil_pam_types-list.md) - Returns a list of all available PAM provider types. * [kfutil pam update](kfutil_pam_update.md) - Updates an existing PAM Provider, currently only supported from file. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam_create.md b/docs/kfutil_pam_create.md index 752f914..b536fb6 100644 --- a/docs/kfutil_pam_create.md +++ b/docs/kfutil_pam_create.md @@ -40,4 +40,4 @@ kfutil pam create [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam_delete.md b/docs/kfutil_pam_delete.md index 27d2410..a0a537f 100644 --- a/docs/kfutil_pam_delete.md +++ b/docs/kfutil_pam_delete.md @@ -40,4 +40,4 @@ kfutil pam delete [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam_get.md b/docs/kfutil_pam_get.md index 62f4b75..0f2e7f2 100644 --- a/docs/kfutil_pam_get.md +++ b/docs/kfutil_pam_get.md @@ -40,4 +40,4 @@ kfutil pam get [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam_list.md b/docs/kfutil_pam_list.md index af95f9b..ed64c10 100644 --- a/docs/kfutil_pam_list.md +++ b/docs/kfutil_pam_list.md @@ -39,4 +39,4 @@ kfutil pam list [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam_types-create.md b/docs/kfutil_pam_types-create.md index d6e2e49..be5d84f 100644 --- a/docs/kfutil_pam_types-create.md +++ b/docs/kfutil_pam_types-create.md @@ -47,4 +47,4 @@ kfutil pam types-create [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam_types-list.md b/docs/kfutil_pam_types-list.md index 33fb9da..10e234c 100644 --- a/docs/kfutil_pam_types-list.md +++ b/docs/kfutil_pam_types-list.md @@ -39,4 +39,4 @@ kfutil pam types-list [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_pam_update.md b/docs/kfutil_pam_update.md index c92d707..26e8d34 100644 --- a/docs/kfutil_pam_update.md +++ b/docs/kfutil_pam_update.md @@ -40,4 +40,4 @@ kfutil pam update [flags] * [kfutil pam](kfutil_pam.md) - Keyfactor PAM Provider APIs. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_status.md b/docs/kfutil_status.md index 55a3647..413e5f2 100644 --- a/docs/kfutil_status.md +++ b/docs/kfutil_status.md @@ -39,4 +39,4 @@ kfutil status [flags] * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_store-types.md b/docs/kfutil_store-types.md index 6512726..c2f2d5e 100644 --- a/docs/kfutil_store-types.md +++ b/docs/kfutil_store-types.md @@ -40,4 +40,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil store-types list](kfutil_store-types_list.md) - List certificate store types. * [kfutil store-types templates-fetch](kfutil_store-types_templates-fetch.md) - Fetches store type templates from Keyfactor's Github. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_store-types_create.md b/docs/kfutil_store-types_create.md index e9cca52..d10daa3 100644 --- a/docs/kfutil_store-types_create.md +++ b/docs/kfutil_store-types_create.md @@ -18,7 +18,7 @@ kfutil store-types create [flags] -b, --git-ref string The git branch or tag to reference when pulling store-types from the internet. (default "main") -h, --help help for create -l, --list List valid store types. - -n, --name string Short name of the certificate store type to get. Valid choices are: AKV, AzureApp, AzureAppGW, AzureSP, Fortigate, HCVKV, HCVKVJKS, HCVKVP12, HCVKVPEM, HCVKVPFX, HCVPKI, IISU, K8SCert, K8SCluster, K8SJKS, K8SNS, K8SPKCS12, K8SSecret, K8STLSSecr, RFDER, RFJKS, RFKDB, RFORA, RFPEM, RFPkcs12, SAMPLETYPE, Signum, VMware-NSX, WinCerMgmt, WinCert + -n, --name string Short name of the certificate store type to get. Valid choices are: AKV, AWS-ACM, Akamai, AppGwBin, AzureApp, AzureAppGw, AzureSP, BIPCamera, CiscoAsa, CitrixAdc, F5-BigIQ, F5-CA-REST, F5-SL-REST, F5-WS-REST, Fortigate, GCPLoadBal, GcpCertMgr, HCVKV, HCVKVJKS, HCVKVP12, HCVKVPEM, HCVKVPFX, HCVPKI, IISU, Imperva, K8SCert, K8SCluster, K8SJKS, K8SNS, K8SPKCS12, K8SSecret, K8STLSSecr, MOST, Nmap, PaloAlto, RFDER, RFJKS, RFKDB, RFORA, RFPEM, RFPkcs12, SAMPLETYPE, Signum, VMware-NSX, WinCerMgmt, WinCert, WinSql ``` ### Options inherited from parent commands @@ -44,4 +44,4 @@ kfutil store-types create [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_store-types_delete.md b/docs/kfutil_store-types_delete.md index 2fd868d..9668789 100644 --- a/docs/kfutil_store-types_delete.md +++ b/docs/kfutil_store-types_delete.md @@ -43,4 +43,4 @@ kfutil store-types delete [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_store-types_get.md b/docs/kfutil_store-types_get.md index f272b16..e26d995 100644 --- a/docs/kfutil_store-types_get.md +++ b/docs/kfutil_store-types_get.md @@ -44,4 +44,4 @@ kfutil store-types get [-i | -n ] [-b * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_store-types_list.md b/docs/kfutil_store-types_list.md index 5e65ce9..0c8394b 100644 --- a/docs/kfutil_store-types_list.md +++ b/docs/kfutil_store-types_list.md @@ -39,4 +39,4 @@ kfutil store-types list [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_store-types_templates-fetch.md b/docs/kfutil_store-types_templates-fetch.md index 305f700..3f88a97 100644 --- a/docs/kfutil_store-types_templates-fetch.md +++ b/docs/kfutil_store-types_templates-fetch.md @@ -40,4 +40,4 @@ kfutil store-types templates-fetch [flags] * [kfutil store-types](kfutil_store-types.md) - Keyfactor certificate store types APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores.md b/docs/kfutil_stores.md index 895cb02..51be7a1 100644 --- a/docs/kfutil_stores.md +++ b/docs/kfutil_stores.md @@ -42,4 +42,4 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s * [kfutil stores list](kfutil_stores_list.md) - List certificate stores. * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_delete.md b/docs/kfutil_stores_delete.md index b1f6f10..5b248da 100644 --- a/docs/kfutil_stores_delete.md +++ b/docs/kfutil_stores_delete.md @@ -42,4 +42,4 @@ kfutil stores delete [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_export.md b/docs/kfutil_stores_export.md index 07a8a61..5fb180f 100644 --- a/docs/kfutil_stores_export.md +++ b/docs/kfutil_stores_export.md @@ -43,4 +43,4 @@ kfutil stores export [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_get.md b/docs/kfutil_stores_get.md index 4592c8e..d5aa5cc 100644 --- a/docs/kfutil_stores_get.md +++ b/docs/kfutil_stores_get.md @@ -40,4 +40,4 @@ kfutil stores get [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_import.md b/docs/kfutil_stores_import.md index fe02d29..0bbf1a0 100644 --- a/docs/kfutil_stores_import.md +++ b/docs/kfutil_stores_import.md @@ -37,4 +37,4 @@ Tools for generating import templates and importing certificate stores * [kfutil stores import csv](kfutil_stores_import_csv.md) - Create certificate stores from CSV file. * [kfutil stores import generate-template](kfutil_stores_import_generate-template.md) - For generating a CSV template with headers for bulk store creation. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_import_csv.md b/docs/kfutil_stores_import_csv.md index 1766049..9c0cf0b 100644 --- a/docs/kfutil_stores_import_csv.md +++ b/docs/kfutil_stores_import_csv.md @@ -47,4 +47,4 @@ kfutil stores import csv --file --store-type-id --store-t * [kfutil stores import](kfutil_stores_import.md) - Import a file with certificate store parameters and create them in keyfactor. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_inventory.md b/docs/kfutil_stores_inventory.md index 39563a5..de68904 100644 --- a/docs/kfutil_stores_inventory.md +++ b/docs/kfutil_stores_inventory.md @@ -35,7 +35,9 @@ Commands related to certificate store inventory management * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. * [kfutil stores inventory add](kfutil_stores_inventory_add.md) - Adds one or more certificates to one or more certificate store inventories. +* [kfutil stores inventory fixrfpkcs12](kfutil_stores_inventory_fixrfpkcs12.md) - Fix RFPKCS12 stores that contain 2 + or more leaf certificates, by removing the certificate with the earliest issued date. * [kfutil stores inventory remove](kfutil_stores_inventory_remove.md) - Removes a certificate from the certificate store inventory. * [kfutil stores inventory show](kfutil_stores_inventory_show.md) - Show the inventory of a certificate store. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_inventory_add.md b/docs/kfutil_stores_inventory_add.md index 84014d2..cc65b84 100644 --- a/docs/kfutil_stores_inventory_add.md +++ b/docs/kfutil_stores_inventory_add.md @@ -53,4 +53,4 @@ kfutil stores inventory add [flags] * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_inventory_fixrfpkcs12.md b/docs/kfutil_stores_inventory_fixrfpkcs12.md new file mode 100644 index 0000000..d2e9adf --- /dev/null +++ b/docs/kfutil_stores_inventory_fixrfpkcs12.md @@ -0,0 +1,57 @@ +## kfutil stores inventory fixrfpkcs12 + +Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date. + +### Synopsis + +Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date. + +``` +kfutil stores inventory fixrfpkcs12 [flags] +``` + +### Examples + +``` + +# The below will create a CSV file that can be reviewed and modified before running the command with the --file option. +kfutil stores inventory fixrfpkcs12 + +# The below will read the CSV file and schedule remove jobs as specified in the file where the 'Action' col is "REMOVE". +# The --force flag is *required* to actually schedule the remove jobs for the certificates. +kfutil stores inventory fixrfpkcs12 --file rfpkcs12_fix.csv --force + +``` + +### Options + +``` + --file string CSV file to import for RFPKCS12 store fix. + --force Force the removal of the certificate(s) without prompting for confirmation. + -h, --help help for fixrfpkcs12 +``` + +### Options inherited from parent commands + +``` + --api-path string API Path to use for authenticating to Keyfactor Command. (default is KeyfactorAPI) (default "KeyfactorAPI") + --auth-provider-profile string The profile to use defined in the securely stored config. If not specified the config named 'default' will be used if it exists. (default "default") + --auth-provider-type string Provider type choices: (azid) + --config string Full path to config file in JSON format. (default is $HOME/.keyfactor/command_config.json) + --debug Enable debugFlag logging. + --domain string Domain to use for authenticating to Keyfactor Command. + --exp Enable expEnabled features. (USE AT YOUR OWN RISK, these features are not supported and may change or be removed at any time.) + --format text How to format the CLI output. Currently only text is supported. (default "text") + --hostname string Hostname to use for authenticating to Keyfactor Command. + --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) + --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. + --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. + --username string Username to use for authenticating to Keyfactor Command. +``` + +### SEE ALSO + +* [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management + +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_inventory_remove.md b/docs/kfutil_stores_inventory_remove.md index 200d649..2ac7ee6 100644 --- a/docs/kfutil_stores_inventory_remove.md +++ b/docs/kfutil_stores_inventory_remove.md @@ -49,4 +49,4 @@ kfutil stores inventory remove [flags] * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_inventory_show.md b/docs/kfutil_stores_inventory_show.md index 76ec36d..a7ed434 100644 --- a/docs/kfutil_stores_inventory_show.md +++ b/docs/kfutil_stores_inventory_show.md @@ -43,4 +43,4 @@ kfutil stores inventory show [flags] * [kfutil stores inventory](kfutil_stores_inventory.md) - Commands related to certificate store inventory management -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_list.md b/docs/kfutil_stores_list.md index eb1eeb4..cce48a5 100644 --- a/docs/kfutil_stores_list.md +++ b/docs/kfutil_stores_list.md @@ -39,4 +39,4 @@ kfutil stores list [flags] * [kfutil stores](kfutil_stores.md) - Keyfactor certificate stores APIs and utilities. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_rot.md b/docs/kfutil_stores_rot.md index d3d7d63..a54018f 100644 --- a/docs/kfutil_stores_rot.md +++ b/docs/kfutil_stores_rot.md @@ -50,4 +50,4 @@ kfutil stores rot reconcile --import-csv * [kfutil stores rot generate-template](kfutil_stores_rot_generate-template.md) - For generating Root Of Trust template(s) * [kfutil stores rot reconcile](kfutil_stores_rot_reconcile.md) - Reconcile either takes in or will generate an audit report and then add/remove certs as needed. -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_rot_audit.md b/docs/kfutil_stores_rot_audit.md index a03ce0d..a19d744 100644 --- a/docs/kfutil_stores_rot_audit.md +++ b/docs/kfutil_stores_rot_audit.md @@ -47,4 +47,4 @@ kfutil stores rot audit [flags] * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_rot_generate-template.md b/docs/kfutil_stores_rot_generate-template.md index 7c143a9..a13afa7 100644 --- a/docs/kfutil_stores_rot_generate-template.md +++ b/docs/kfutil_stores_rot_generate-template.md @@ -45,4 +45,4 @@ kfutil stores rot generate-template [flags] * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_stores_rot_reconcile.md b/docs/kfutil_stores_rot_reconcile.md index 24c49be..ea57c10 100644 --- a/docs/kfutil_stores_rot_reconcile.md +++ b/docs/kfutil_stores_rot_reconcile.md @@ -52,4 +52,4 @@ kfutil stores rot reconcile [flags] * [kfutil stores rot](kfutil_stores_rot.md) - Root of trust utility -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/docs/kfutil_version.md b/docs/kfutil_version.md index 45ebfb3..58142ca 100644 --- a/docs/kfutil_version.md +++ b/docs/kfutil_version.md @@ -39,4 +39,4 @@ kfutil version [flags] * [kfutil](kfutil.md) - Keyfactor CLI utilities -###### Auto generated by spf13/cobra on 27-Feb-2024 +###### Auto generated by spf13/cobra on 23-Oct-2024 diff --git a/main.go b/main.go index 69f352b..bb3ff94 100644 --- a/main.go +++ b/main.go @@ -28,3 +28,7 @@ func main() { //} cmd.Execute() } + +//func docs() { +// doc.GenMarkdownTree(cmd.RootCmd, "./docs") +//} From 61cbfaa19d4336cdc330eb769f366e82b674a528 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 23 Oct 2024 13:59:53 -0700 Subject: [PATCH 8/9] chore: Resolve merge conflicts Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- main.go | 1 - 1 file changed, 1 deletion(-) diff --git a/main.go b/main.go index 47d3414..d1e0870 100644 --- a/main.go +++ b/main.go @@ -17,7 +17,6 @@ package main import ( _ "embed" - "github.com/spf13/cobra/doc" "kfutil/cmd" ) From ebfac47cea96b19b03250ab91b28ffcd8d687747 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Wed, 23 Oct 2024 14:05:12 -0700 Subject: [PATCH 9/9] chore(docs): Update docs Signed-off-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com> --- cmd/inventory.go | 4 ++-- docs/kfutil.md | 1 + docs/kfutil_completion.md | 1 + docs/kfutil_completion_bash.md | 1 + docs/kfutil_completion_fish.md | 1 + docs/kfutil_completion_powershell.md | 1 + docs/kfutil_completion_zsh.md | 1 + docs/kfutil_containers.md | 1 + docs/kfutil_containers_get.md | 1 + docs/kfutil_containers_list.md | 1 + docs/kfutil_export.md | 1 + docs/kfutil_helm.md | 1 + docs/kfutil_helm_uo.md | 1 + docs/kfutil_import.md | 1 + docs/kfutil_login.md | 1 + docs/kfutil_logout.md | 1 + docs/kfutil_orchs.md | 1 + docs/kfutil_orchs_approve.md | 1 + docs/kfutil_orchs_disapprove.md | 1 + docs/kfutil_orchs_ext.md | 1 + docs/kfutil_orchs_get.md | 1 + docs/kfutil_orchs_list.md | 1 + docs/kfutil_orchs_logs.md | 1 + docs/kfutil_orchs_reset.md | 1 + docs/kfutil_pam.md | 1 + docs/kfutil_pam_create.md | 1 + docs/kfutil_pam_delete.md | 1 + docs/kfutil_pam_get.md | 1 + docs/kfutil_pam_list.md | 1 + docs/kfutil_pam_types-create.md | 1 + docs/kfutil_pam_types-list.md | 1 + docs/kfutil_pam_update.md | 1 + docs/kfutil_status.md | 1 + docs/kfutil_store-types.md | 1 + docs/kfutil_store-types_create.md | 1 + docs/kfutil_store-types_delete.md | 1 + docs/kfutil_store-types_get.md | 1 + docs/kfutil_store-types_list.md | 1 + docs/kfutil_store-types_templates-fetch.md | 1 + docs/kfutil_stores.md | 1 + docs/kfutil_stores_delete.md | 1 + docs/kfutil_stores_export.md | 1 + docs/kfutil_stores_get.md | 1 + docs/kfutil_stores_import.md | 1 + docs/kfutil_stores_import_csv.md | 1 + docs/kfutil_stores_import_generate-template.md | 1 + docs/kfutil_stores_inventory.md | 1 + docs/kfutil_stores_inventory_add.md | 1 + docs/kfutil_stores_inventory_fixrfpkcs12.md | 5 +++-- docs/kfutil_stores_inventory_remove.md | 1 + docs/kfutil_stores_inventory_show.md | 1 + docs/kfutil_stores_list.md | 1 + docs/kfutil_stores_rot.md | 1 + docs/kfutil_stores_rot_audit.md | 1 + docs/kfutil_stores_rot_generate-template.md | 1 + docs/kfutil_stores_rot_reconcile.md | 1 + docs/kfutil_version.md | 1 + 57 files changed, 60 insertions(+), 4 deletions(-) diff --git a/cmd/inventory.go b/cmd/inventory.go index e81b948..c54d26c 100644 --- a/cmd/inventory.go +++ b/cmd/inventory.go @@ -607,11 +607,11 @@ var inventoryFixRFPKCS12 = &cobra.Command{ Long: `Fix RFPKCS12 stores that contain 2 or more leaf certificates, by removing the certificate with the earliest issued date.`, Example: ` # The below will create a CSV file that can be reviewed and modified before running the command with the --file option. -kfutil stores inventory fixrfpkcs12 +kfutil stores inventory fixrfpkcs12 --exp # The below will read the CSV file and schedule remove jobs as specified in the file where the 'Action' col is "REMOVE". # The --force flag is *required* to actually schedule the remove jobs for the certificates. -kfutil stores inventory fixrfpkcs12 --file rfpkcs12_fix.csv --force +kfutil stores inventory fixrfpkcs12 --file rfpkcs12_fix.csv --force --exp `, ValidArgs: nil, ValidArgsFunction: nil, diff --git a/docs/kfutil.md b/docs/kfutil.md index ae927e1..253584e 100644 --- a/docs/kfutil.md +++ b/docs/kfutil.md @@ -21,6 +21,7 @@ A CLI wrapper around the Keyfactor Platform API. --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_completion.md b/docs/kfutil_completion.md index c005a1e..755ea74 100644 --- a/docs/kfutil_completion.md +++ b/docs/kfutil_completion.md @@ -28,6 +28,7 @@ See each sub-command's help for details on how to use the generated script. --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_completion_bash.md b/docs/kfutil_completion_bash.md index 1b64ff2..a1bf05c 100644 --- a/docs/kfutil_completion_bash.md +++ b/docs/kfutil_completion_bash.md @@ -51,6 +51,7 @@ kfutil completion bash --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_completion_fish.md b/docs/kfutil_completion_fish.md index 973265f..8b611f7 100644 --- a/docs/kfutil_completion_fish.md +++ b/docs/kfutil_completion_fish.md @@ -42,6 +42,7 @@ kfutil completion fish [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_completion_powershell.md b/docs/kfutil_completion_powershell.md index 111a40a..fbf830c 100644 --- a/docs/kfutil_completion_powershell.md +++ b/docs/kfutil_completion_powershell.md @@ -39,6 +39,7 @@ kfutil completion powershell [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_completion_zsh.md b/docs/kfutil_completion_zsh.md index 5487b6f..3a8c798 100644 --- a/docs/kfutil_completion_zsh.md +++ b/docs/kfutil_completion_zsh.md @@ -53,6 +53,7 @@ kfutil completion zsh [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_containers.md b/docs/kfutil_containers.md index 147b817..ed5cc55 100644 --- a/docs/kfutil_containers.md +++ b/docs/kfutil_containers.md @@ -26,6 +26,7 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_containers_get.md b/docs/kfutil_containers_get.md index d3bb95e..b374d24 100644 --- a/docs/kfutil_containers_get.md +++ b/docs/kfutil_containers_get.md @@ -31,6 +31,7 @@ kfutil containers get [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_containers_list.md b/docs/kfutil_containers_list.md index 438b842..fb96eb8 100644 --- a/docs/kfutil_containers_list.md +++ b/docs/kfutil_containers_list.md @@ -30,6 +30,7 @@ kfutil containers list [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_export.md b/docs/kfutil_export.md index cbdb610..f09ca61 100644 --- a/docs/kfutil_export.md +++ b/docs/kfutil_export.md @@ -42,6 +42,7 @@ kfutil export [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_helm.md b/docs/kfutil_helm.md index 597a574..a7eabb9 100644 --- a/docs/kfutil_helm.md +++ b/docs/kfutil_helm.md @@ -32,6 +32,7 @@ kubectl helm uo | helm install -f - keyfactor-universal-orchestrator keyfactor/k --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_helm_uo.md b/docs/kfutil_helm_uo.md index c444628..38bb9e5 100644 --- a/docs/kfutil_helm_uo.md +++ b/docs/kfutil_helm_uo.md @@ -37,6 +37,7 @@ kfutil helm uo [-t ] [-o ] [-f ] [-e -e @,@ -o ./app/extension --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_orchs_get.md b/docs/kfutil_orchs_get.md index e4736f9..36d9b49 100644 --- a/docs/kfutil_orchs_get.md +++ b/docs/kfutil_orchs_get.md @@ -31,6 +31,7 @@ kfutil orchs get [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_orchs_list.md b/docs/kfutil_orchs_list.md index 38945b1..e541b05 100644 --- a/docs/kfutil_orchs_list.md +++ b/docs/kfutil_orchs_list.md @@ -30,6 +30,7 @@ kfutil orchs list [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_orchs_logs.md b/docs/kfutil_orchs_logs.md index 72dfeca..038171a 100644 --- a/docs/kfutil_orchs_logs.md +++ b/docs/kfutil_orchs_logs.md @@ -31,6 +31,7 @@ kfutil orchs logs [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_orchs_reset.md b/docs/kfutil_orchs_reset.md index c6f0957..0b315ce 100644 --- a/docs/kfutil_orchs_reset.md +++ b/docs/kfutil_orchs_reset.md @@ -31,6 +31,7 @@ kfutil orchs reset [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam.md b/docs/kfutil_pam.md index 8199b61..834be61 100644 --- a/docs/kfutil_pam.md +++ b/docs/kfutil_pam.md @@ -28,6 +28,7 @@ programmatically create, delete, edit, and list PAM Providers. --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam_create.md b/docs/kfutil_pam_create.md index b536fb6..4a1e5f1 100644 --- a/docs/kfutil_pam_create.md +++ b/docs/kfutil_pam_create.md @@ -31,6 +31,7 @@ kfutil pam create [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam_delete.md b/docs/kfutil_pam_delete.md index a0a537f..a09f152 100644 --- a/docs/kfutil_pam_delete.md +++ b/docs/kfutil_pam_delete.md @@ -31,6 +31,7 @@ kfutil pam delete [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam_get.md b/docs/kfutil_pam_get.md index 0f2e7f2..3812f01 100644 --- a/docs/kfutil_pam_get.md +++ b/docs/kfutil_pam_get.md @@ -31,6 +31,7 @@ kfutil pam get [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam_list.md b/docs/kfutil_pam_list.md index ed64c10..507dd92 100644 --- a/docs/kfutil_pam_list.md +++ b/docs/kfutil_pam_list.md @@ -30,6 +30,7 @@ kfutil pam list [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam_types-create.md b/docs/kfutil_pam_types-create.md index be5d84f..023bf17 100644 --- a/docs/kfutil_pam_types-create.md +++ b/docs/kfutil_pam_types-create.md @@ -38,6 +38,7 @@ kfutil pam types-create [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam_types-list.md b/docs/kfutil_pam_types-list.md index 10e234c..51b573e 100644 --- a/docs/kfutil_pam_types-list.md +++ b/docs/kfutil_pam_types-list.md @@ -30,6 +30,7 @@ kfutil pam types-list [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_pam_update.md b/docs/kfutil_pam_update.md index 26e8d34..6467f2f 100644 --- a/docs/kfutil_pam_update.md +++ b/docs/kfutil_pam_update.md @@ -31,6 +31,7 @@ kfutil pam update [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_status.md b/docs/kfutil_status.md index 413e5f2..1b6dcc7 100644 --- a/docs/kfutil_status.md +++ b/docs/kfutil_status.md @@ -30,6 +30,7 @@ kfutil status [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_store-types.md b/docs/kfutil_store-types.md index c2f2d5e..8bd3ccb 100644 --- a/docs/kfutil_store-types.md +++ b/docs/kfutil_store-types.md @@ -26,6 +26,7 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_store-types_create.md b/docs/kfutil_store-types_create.md index d10daa3..e6a87d0 100644 --- a/docs/kfutil_store-types_create.md +++ b/docs/kfutil_store-types_create.md @@ -35,6 +35,7 @@ kfutil store-types create [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_store-types_delete.md b/docs/kfutil_store-types_delete.md index 9668789..d572d11 100644 --- a/docs/kfutil_store-types_delete.md +++ b/docs/kfutil_store-types_delete.md @@ -34,6 +34,7 @@ kfutil store-types delete [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_store-types_get.md b/docs/kfutil_store-types_get.md index e26d995..7d54067 100644 --- a/docs/kfutil_store-types_get.md +++ b/docs/kfutil_store-types_get.md @@ -35,6 +35,7 @@ kfutil store-types get [-i | -n ] [-b --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_store-types_list.md b/docs/kfutil_store-types_list.md index 0c8394b..f8e18da 100644 --- a/docs/kfutil_store-types_list.md +++ b/docs/kfutil_store-types_list.md @@ -30,6 +30,7 @@ kfutil store-types list [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_store-types_templates-fetch.md b/docs/kfutil_store-types_templates-fetch.md index 3f88a97..3252f0e 100644 --- a/docs/kfutil_store-types_templates-fetch.md +++ b/docs/kfutil_store-types_templates-fetch.md @@ -31,6 +31,7 @@ kfutil store-types templates-fetch [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores.md b/docs/kfutil_stores.md index 51be7a1..1f2fa40 100644 --- a/docs/kfutil_stores.md +++ b/docs/kfutil_stores.md @@ -26,6 +26,7 @@ A collections of APIs and utilities for interacting with Keyfactor certificate s --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_delete.md b/docs/kfutil_stores_delete.md index 5b248da..9b62b92 100644 --- a/docs/kfutil_stores_delete.md +++ b/docs/kfutil_stores_delete.md @@ -33,6 +33,7 @@ kfutil stores delete [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_export.md b/docs/kfutil_stores_export.md index 5fb180f..10fd3b8 100644 --- a/docs/kfutil_stores_export.md +++ b/docs/kfutil_stores_export.md @@ -34,6 +34,7 @@ kfutil stores export [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_get.md b/docs/kfutil_stores_get.md index d5aa5cc..7683310 100644 --- a/docs/kfutil_stores_get.md +++ b/docs/kfutil_stores_get.md @@ -31,6 +31,7 @@ kfutil stores get [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_import.md b/docs/kfutil_stores_import.md index 0bbf1a0..4144bca 100644 --- a/docs/kfutil_stores_import.md +++ b/docs/kfutil_stores_import.md @@ -26,6 +26,7 @@ Tools for generating import templates and importing certificate stores --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_import_csv.md b/docs/kfutil_stores_import_csv.md index 9c0cf0b..994d744 100644 --- a/docs/kfutil_stores_import_csv.md +++ b/docs/kfutil_stores_import_csv.md @@ -38,6 +38,7 @@ kfutil stores import csv --file --store-type-id --store-t --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_inventory.md b/docs/kfutil_stores_inventory.md index de68904..38a018a 100644 --- a/docs/kfutil_stores_inventory.md +++ b/docs/kfutil_stores_inventory.md @@ -26,6 +26,7 @@ Commands related to certificate store inventory management --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_inventory_add.md b/docs/kfutil_stores_inventory_add.md index cc65b84..838e900 100644 --- a/docs/kfutil_stores_inventory_add.md +++ b/docs/kfutil_stores_inventory_add.md @@ -44,6 +44,7 @@ kfutil stores inventory add [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_inventory_fixrfpkcs12.md b/docs/kfutil_stores_inventory_fixrfpkcs12.md index d2e9adf..306005d 100644 --- a/docs/kfutil_stores_inventory_fixrfpkcs12.md +++ b/docs/kfutil_stores_inventory_fixrfpkcs12.md @@ -15,11 +15,11 @@ kfutil stores inventory fixrfpkcs12 [flags] ``` # The below will create a CSV file that can be reviewed and modified before running the command with the --file option. -kfutil stores inventory fixrfpkcs12 +kfutil stores inventory fixrfpkcs12 --exp # The below will read the CSV file and schedule remove jobs as specified in the file where the 'Action' col is "REMOVE". # The --force flag is *required* to actually schedule the remove jobs for the certificates. -kfutil stores inventory fixrfpkcs12 --file rfpkcs12_fix.csv --force +kfutil stores inventory fixrfpkcs12 --file rfpkcs12_fix.csv --force --exp ``` @@ -45,6 +45,7 @@ kfutil stores inventory fixrfpkcs12 --file rfpkcs12_fix.csv --force --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_inventory_remove.md b/docs/kfutil_stores_inventory_remove.md index 2ac7ee6..27edfaa 100644 --- a/docs/kfutil_stores_inventory_remove.md +++ b/docs/kfutil_stores_inventory_remove.md @@ -40,6 +40,7 @@ kfutil stores inventory remove [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_inventory_show.md b/docs/kfutil_stores_inventory_show.md index a7ed434..cd3a748 100644 --- a/docs/kfutil_stores_inventory_show.md +++ b/docs/kfutil_stores_inventory_show.md @@ -34,6 +34,7 @@ kfutil stores inventory show [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_list.md b/docs/kfutil_stores_list.md index cce48a5..e13d7ec 100644 --- a/docs/kfutil_stores_list.md +++ b/docs/kfutil_stores_list.md @@ -30,6 +30,7 @@ kfutil stores list [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_rot.md b/docs/kfutil_stores_rot.md index a54018f..cb30b79 100644 --- a/docs/kfutil_stores_rot.md +++ b/docs/kfutil_stores_rot.md @@ -38,6 +38,7 @@ kfutil stores rot reconcile --import-csv --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_rot_audit.md b/docs/kfutil_stores_rot_audit.md index a19d744..df9cc1b 100644 --- a/docs/kfutil_stores_rot_audit.md +++ b/docs/kfutil_stores_rot_audit.md @@ -38,6 +38,7 @@ kfutil stores rot audit [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_rot_generate-template.md b/docs/kfutil_stores_rot_generate-template.md index a13afa7..1f30785 100644 --- a/docs/kfutil_stores_rot_generate-template.md +++ b/docs/kfutil_stores_rot_generate-template.md @@ -36,6 +36,7 @@ kfutil stores rot generate-template [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_stores_rot_reconcile.md b/docs/kfutil_stores_rot_reconcile.md index ea57c10..1d27793 100644 --- a/docs/kfutil_stores_rot_reconcile.md +++ b/docs/kfutil_stores_rot_reconcile.md @@ -43,6 +43,7 @@ kfutil stores rot reconcile [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command. diff --git a/docs/kfutil_version.md b/docs/kfutil_version.md index 58142ca..6cba39c 100644 --- a/docs/kfutil_version.md +++ b/docs/kfutil_version.md @@ -30,6 +30,7 @@ kfutil version [flags] --hostname string Hostname to use for authenticating to Keyfactor Command. --log-insecure Log insecure API requests. (USE AT YOUR OWN RISK, this WILL log sensitive information to the console.) --no-prompt Do not prompt for any user input and assume defaults or environmental variables are set. + --offline Will not attempt to connect to GitHub for latest release information and resources. --password string Password to use for authenticating to Keyfactor Command. WARNING: Remember to delete your console history if providing kfcPassword here in plain text. --profile string Use a specific profile from your config file. If not specified the config named 'default' will be used if it exists. --username string Username to use for authenticating to Keyfactor Command.