diff --git a/.github/workflows/update-stores.yml b/.github/workflows/update-stores.yml index 63d3834..e2140eb 100644 --- a/.github/workflows/update-stores.yml +++ b/.github/workflows/update-stores.yml @@ -69,6 +69,7 @@ jobs: repository: 'keyfactor/kfutil' sparse-checkout: | .github + cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} ref: '${{env.KFUTIL_ARG}}' @@ -81,6 +82,7 @@ jobs: repository: 'keyfactor/kfutil' sparse-checkout: | .github + cmd path: './merge-folder/' token: ${{ secrets.V2BUILDTOKEN }} @@ -102,7 +104,6 @@ jobs: working-directory: ./tools/store-type-merge run: | python main.py --repo-name ${{ env.KFUTIL_ARG }} --ref ${{ env.TARGET_REPO_BRANCH }} - cat store_types.json env: GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }} @@ -134,6 +135,10 @@ jobs: run: | echo "Saving original store_types.json as store_types.sav.json" cp -f ./tools/store-type-merge/store_types.json ./merge-folder/store_types.json + mkdir -p ./merge-folder/cmd || true + cp -f ./tools/store-type-merge/store_types.json ./merge-folder/cmd/store_types.json # this necessary? + ls -la ./merge-folder/ + ls -la ./merge-folder/cmd/ # Diff the new json against the saved copy and set an UPDATE_FILE variable - name: Diff the results @@ -154,7 +159,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json --force + add: | + store_types.json + ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io @@ -167,7 +174,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} with: - add: store_types.json --force + add: | + store_types.json + ./cmd/store_types.json --force message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} author_name: Keyfactor author_email: keyfactor@keyfactor.github.io @@ -182,7 +191,13 @@ jobs: console.log("Commit to ${{env.KFUTIL_ARG}} for PR") const owner = context.repo.owner; const repo = context.repo.repo; - const baseBranch = 'main'; + + // Get the current branch name that the workflow is running on + const baseBranch = context.payload.ref ? + context.payload.ref.replace('refs/heads/', '') : 'main'; + + console.log(`Base branch for PR: ${baseBranch}`); + const newBranch = '${{env.KFUTIL_ARG}}'; const response = await github.rest.pulls.create({ owner, diff --git a/cmd/store_types.json b/cmd/store_types.json index 0439fb1..6fac9af 100644 --- a/cmd/store_types.json +++ b/cmd/store_types.json @@ -421,6 +421,34 @@ "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." }, + { + "Name": "Airlock Application Firewall Certificate", + "ShortName": "AirlockWAF", + "Capability": "AirlockWAF", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Allowed" + }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", @@ -2086,7 +2114,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "One to many comma delimited F5 SSL Profile names the certificate is bound to" + "Description": "One to many comma delimited F5 SSL Profiles to bind the certificate to (new certificates ONLY)" } ] }, @@ -3618,6 +3646,51 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" }, + { + "Name": "MyOrchestratorStoreType", + "ShortName": "MOST", + "Capability": "MOST", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "CustomField1", + "DisplayName": "CustomField1", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": true + }, + { + "Name": "CustomField2", + "DisplayName": "CustomField2", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": true + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "Nmap Orchestrator", "ShortName": "Nmap", @@ -3647,6 +3720,135 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Optional" }, + { + "Name": "OktaApp", + "ShortName": "OktaApp", + "LocalStore": false, + "StorePathDescription": "This should contain the Okta App ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "false", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "OktaIdP", + "ShortName": "OktaIdP", + "StorePathDescription": "This should contain the Okta IdP ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "true", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "PaloAlto", "ShortName": "PaloAlto", @@ -4474,6 +4676,119 @@ "ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.", "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." }, + { + "Name": "Sample Orchestrator Solution", + "ShortName": "SOS", + "Capability": "SOS", + "LocalStore": false, + "StorePathDescription": "Path points to a local .json file. Orchestrator and its account should have read/write access.", + "ClientMachineDescription": "Runs on a Windows based machine.", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "StoreNameString", + "DisplayName": "Store Name", + "Type": "String", + "Required": false, + "Description": "The Store name for the particular SOS store." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "DefaultValue": "true", + "Required": false, + "Description": "Test bool variable." + }, + { + "Name": "CollectionNameMultipleChoice", + "DisplayName": "Collection Name", + "Type": "MultipleChoice", + "DefaultValue": "internal", + "Options": "internal,public,single use,ssl", + "Required": true, + "Description": "A test collection." + }, + { + "Name": "PrivateDetailsSecret", + "DisplayName": "Private Details", + "Type": "Secret", + "Required": false, + "DefaultValue": "test", + "Description": "A test secret." + } + ], + "EntryParameters": [ + { + "Name": "CommaSeparatedSansString", + "DisplayName": "SANs", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Description": "SAN string." + }, + { + "Name": "CertColorMultipleChoice", + "DisplayName": "Certificate Color", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "red", + "Options": "red,green,blue,orange", + "Description": "A test variable with multiple choice." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": true, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "true", + "Description": "Another test boolean." + }, + { + "Name": "PrivateCertDetailsSecret", + "DisplayName": "Private Cert Details", + "Type": "Secret", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "test", + "Description": "A per cert secret." + } + ], + "PasswordOptions": { + "EntrySupported": true, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Optional" + }, { "Name": "Signum", "ShortName": "Signum", diff --git a/pkg/version/version.go b/pkg/version/version.go index 7532f44..85a1ebe 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -15,7 +15,7 @@ package version var ( - VERSION = "1.8.3" - BUILD_DATE = "2025-08-14" + VERSION = "1.8.4" + BUILD_DATE = "2025-09-10" COMMIT = "HEAD" ) diff --git a/store_types.json b/store_types.json index 0439fb1..6fac9af 100644 --- a/store_types.json +++ b/store_types.json @@ -421,6 +421,34 @@ "ClientMachineDescription": "This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth.", "StorePathDescription": "A single specified AWS Region the store will operate in. Additional regions should get their own store defined." }, + { + "Name": "Airlock Application Firewall Certificate", + "ShortName": "AirlockWAF", + "Capability": "AirlockWAF", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Required", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Allowed" + }, { "Name": "Akamai Certificate Provisioning Service", "ShortName": "Akamai", @@ -2086,7 +2114,7 @@ "DependsOn": "", "DefaultValue": "", "Options": "", - "Description": "One to many comma delimited F5 SSL Profile names the certificate is bound to" + "Description": "One to many comma delimited F5 SSL Profiles to bind the certificate to (new certificates ONLY)" } ] }, @@ -3618,6 +3646,51 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Forbidden" }, + { + "Name": "MyOrchestratorStoreType", + "ShortName": "MOST", + "Capability": "MOST", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "CustomField1", + "DisplayName": "CustomField1", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": true + }, + { + "Name": "CustomField2", + "DisplayName": "CustomField2", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": true + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "Nmap Orchestrator", "ShortName": "Nmap", @@ -3647,6 +3720,135 @@ "BlueprintAllowed": false, "CustomAliasAllowed": "Optional" }, + { + "Name": "OktaApp", + "ShortName": "OktaApp", + "LocalStore": false, + "StorePathDescription": "This should contain the Okta App ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "false", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, + { + "Name": "OktaIdP", + "ShortName": "OktaIdP", + "StorePathDescription": "This should contain the Okta IdP ID (please see overview for description).", + "ClientMachineDescription": "This should contain your Okta URL (e.g. https://trial-1111.okta.com).", + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": true, + "Remove": false + }, + "Properties": [ + { + "Name": "DefaultValidityYears", + "DisplayName": "DefaultValidityYears", + "Type": "String", + "DependsOn": null, + "DefaultValue": "1", + "Required": true, + "Description": "Number of years the certificate will be valid for by default. Required by Okta." + } + ], + "EntryParameters": [ + { + "Name": "SANList", + "DisplayName": "SANList", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "", + "Options": "", + "Description": "This is a comma-separated list of Subject Alternative Names (SANs) to be included in the certificate. Required by Okta. Must contain at least one SAN." + }, + { + "Name": "ActivateCredential", + "DisplayName": "ActivateCredential", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + }, + "DependsOn": "", + "DefaultValue": "true", + "Options": "", + "Description": "This is a boolean indicating whether to activate the certificate in Okta after reenrollment/ODKG." + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "CustomAliasAllowed": "Forbidden" + }, { "Name": "PaloAlto", "ShortName": "PaloAlto", @@ -4474,6 +4676,119 @@ "ClientMachineDescription": "The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access.", "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." }, + { + "Name": "Sample Orchestrator Solution", + "ShortName": "SOS", + "Capability": "SOS", + "LocalStore": false, + "StorePathDescription": "Path points to a local .json file. Orchestrator and its account should have read/write access.", + "ClientMachineDescription": "Runs on a Windows based machine.", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "StoreNameString", + "DisplayName": "Store Name", + "Type": "String", + "Required": false, + "Description": "The Store name for the particular SOS store." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "DefaultValue": "true", + "Required": false, + "Description": "Test bool variable." + }, + { + "Name": "CollectionNameMultipleChoice", + "DisplayName": "Collection Name", + "Type": "MultipleChoice", + "DefaultValue": "internal", + "Options": "internal,public,single use,ssl", + "Required": true, + "Description": "A test collection." + }, + { + "Name": "PrivateDetailsSecret", + "DisplayName": "Private Details", + "Type": "Secret", + "Required": false, + "DefaultValue": "test", + "Description": "A test secret." + } + ], + "EntryParameters": [ + { + "Name": "CommaSeparatedSansString", + "DisplayName": "SANs", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "Description": "SAN string." + }, + { + "Name": "CertColorMultipleChoice", + "DisplayName": "Certificate Color", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "red", + "Options": "red,green,blue,orange", + "Description": "A test variable with multiple choice." + }, + { + "Name": "ForTestingOnlyBool", + "DisplayName": "For Testing Only", + "Type": "Bool", + "RequiredWhen": { + "HasPrivateKey": true, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "true", + "Description": "Another test boolean." + }, + { + "Name": "PrivateCertDetailsSecret", + "DisplayName": "Private Cert Details", + "Type": "Secret", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "test", + "Description": "A per cert secret." + } + ], + "PasswordOptions": { + "EntrySupported": true, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Optional", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": true, + "CustomAliasAllowed": "Optional" + }, { "Name": "Signum", "ShortName": "Signum",