Merge e0c1ce5 into 9bad561

.github/workflows/keyfactor-bootstrap-workflow.yml → .github/workflows/keyfactor-starter-workflow.yml

@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

GcpCertManager/GcpCertManager.csproj

@@ -1,10 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <RootNamespace>Keyfactor.Extensions.Orchestrator.GcpCertManager</RootNamespace>
+    <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
@@ -27,11 +27,9 @@
     <PackageReference Include="Portable.BouncyCastle" Version="1.9.0" />
     <PackageReference Include="RestSharp" Version="107.2.1" />
     <PackageReference Include="System.Management.Automation" Version="7.0.5" />
-  </ItemGroup>
 
-  <ItemGroup>
     <None Update="manifest.json">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
   </ItemGroup>
 

docsource/content.md

@@ -0,0 +1,21 @@
+## Overview
+
+The GCP Certificate Manager Orchestrator Extension remotely manages certificates on the Google Cloud Platform Certificate Manager Product.
+
+This orchestrator extension implements three job types - Inventory, Management Add, and Management Remove. Below are the steps necessary to configure this Orchestrator Extension.  It supports adding certificates with private keys only.  The GCP Certificate Manager Orchestrator Extension supports the replacement of unbound certificates as well as certificates bound to existing map entries, but it does **not** support specifying map entry bindings when adding new certificates.
+
+
+## Requirements
+
+**Google Cloud Configuration**
+
+1. Read up on [Google Certificate Manager](https://cloud.google.com/certificate-manager/docs) and how it works.
+
+2. Either a Google Service Account is needed with the following permissions (Note: Workload Identity Management Should be used but at the time of the writing it was not available in the .net library yet), or the virtual machine running the Keyfactor Orchestrator Service must reside within Google Cloud.
+![](docsource/images/ServiceAccountSettings.gif)
+
+3. The following Api Access is needed:
+![](docsource/images/ApiAccessNeeded.gif)
+
+4. If authenticating via service account, download the Json Credential file as shown below:
+![](docsource/images/GoogleKeyJsonDownload.gif)

docsource/gcpcertmgr.md

@@ -0,0 +1 @@
+## Overview

integration-manifest.json

@@ -7,32 +7,15 @@
   "support_level": "kf-supported",
   "link_github": true,
   "release_dir": "GcpCertManager/bin/release",
+  "release_project": "GcpCertManager/GcpCertManager.csproj",
   "description": "Google Certificate Manager Orchestrator for Add, Remove and Inventory.",
   "about": {
     "orchestrator": {
       "UOFramework": "10.4.1",
       "keyfactor_platform_version": "9.1.0",
       "pam_support": false,
-      "win": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": false,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "linux": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": false,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "store_types": {
-        "GcpCertMgr": {
+      "store_types": [
+        {
           "Name": "GCP Certificate Manager",
           "ShortName": "GcpCertMgr",
           "Capability": "GcpCertMgr",
@@ -62,20 +45,28 @@
               "Type": "String",
               "DependsOn": "",
               "DefaultValue": "global",
-              "Required": true
+              "Required": true,
+              "IsPAMEligible": true,
+              "Description": "**global** is the default but could be another region based on the project."
+
             },
             {
               "Name": "ServiceAccountKey",
               "DisplayName": "Service Account Key File Path",
               "Type": "String",
               "DependsOn": "",
-              "DefaultValue": null,
-              "Required": false
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": false,
+              "Description": "The tional field blank if the Keyfactor Orchestrator Service is running from an authenticated VM within Google Cloud."
+
             }
           ],
+          "ClientMachineDescription": "GCP Project ID for your account.",
+          "StorePathDescription": "This is not used and should be defaulted to n/a per the certificate store type set up.",
           "EntryParameters": []
         }
-      }
+      ]
     }
   }
 }