fix "caching" behavior in inventory

.github/workflows/keyfactor-starter-workflow.yml

@@ -1,42 +1,20 @@
-name: Starter Workflow
-on: [workflow_dispatch, push, pull_request]
+name: Keyfactor Bootstrap Workflow
 
-jobs:
-  call-create-github-release-workflow:
-    uses: Keyfactor/actions/.github/workflows/github-release.yml@main
-
-  get-manifest-properties:
-    runs-on: windows-latest
-    outputs:
-      update_catalog: ${{ steps.read-json.outputs.prop }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Read json
-        id: read-json
-        shell: pwsh
-        run: |
-          $json = Get-Content integration-manifest.json | ConvertFrom-Json
-          echo "::set-output name=prop::$(echo $json.update_catalog)"
-
-  call-dotnet-build-and-release-workflow:
-    needs: [call-create-github-release-workflow]
-    uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main
-    with:
-      release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
-      release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
-      release_dir: vmware-nsx-orchestrator/bin/Release/netcoreapp3.1
-    secrets: 
-      token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }}
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
 
-  call-generate-readme-workflow:
-    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
-    uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
-      token: ${{ secrets.APPROVE_README_PUSH }}
-
-  call-update-catalog-workflow:
-    needs: get-manifest-properties
-    if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
-    uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
-    secrets: 
-      token: ${{ secrets.SDK_SYNC_PAT }}
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

CHANGELOG.md

@@ -1,3 +1,8 @@
+2.1.2
+- correctly format certs sent in Management job to prevent Inventory errors later
+- no longer setting Inventory status to "Unknown"
+- catch and log errors that occur during Login process
+
 2.1.1
 - Fix CSRF token usage for token auth
 

vmware-nsx-orchestrator.sln

@@ -1,9 +1,9 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.31515.178
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35219.272
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "vmware-nsx-orchestrator", "vmware-nsx-orchestrator\vmware-nsx-orchestrator.csproj", "{85C0BE86-FB6B-4350-BE7B-949EC0DDCEF0}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "vmware-nsx-orchestrator", "vmware-nsx-orchestrator\vmware-nsx-orchestrator.csproj", "{85C0BE86-FB6B-4350-BE7B-949EC0DDCEF0}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution

vmware-nsx-orchestrator/Jobs/Inventory.cs

@@ -16,14 +16,15 @@
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Extensions.Interfaces;
+using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
 
 namespace Keyfactor.Extensions.Orchestrator.Vmware.Nsx.Jobs
 {
     public class Inventory : NsxJob, IInventoryJobExtension
     {
-        private const int PAGE_SIZE = 10;
+        private const int PAGE_SIZE = 2;
 
         public Inventory(IPAMSecretResolver pam)
         {
@@ -39,25 +40,27 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
             List<SSLKeyAndCertificate> allCerts;
             List<CurrentInventoryItem> inventory = new List<CurrentInventoryItem>();
 
+            string certType = GetCertType(config.CertificateStoreDetails.StorePath);
             try
             {
-                string certType = GetCertType(config.CertificateStoreDetails.StorePath);
                 allCerts = Client.GetAllCertificates(certType, PAGE_SIZE).Result;
             }
             catch (Exception ex)
             {
                 return ThrowError(ex, "Certificate Retrieval");
             }
 
+            _logger.LogDebug($"Total certificates found of type {certType} - {allCerts.Count}");
+
             foreach(var foundCert in allCerts)
             {
+                _logger.LogTrace($"Found Certificate - {foundCert.name}");
                 inventory.Add(new CurrentInventoryItem()
                 {
                     Alias = foundCert.name,
                     Certificates = new string[] { foundCert.certificate.certificate }, // need to check base64 status
                     PrivateKeyEntry = !string.IsNullOrEmpty(foundCert.key),
-                    UseChainLevel = false,
-                    ItemStatus = Orchestrators.Common.Enums.OrchestratorInventoryItemStatus.Unknown
+                    UseChainLevel = false
                 });
             }
 

vmware-nsx-orchestrator/NsxClient.cs

@@ -13,6 +13,7 @@
 // limitations under the License.
 
 using Keyfactor.Extensions.Orchestrator.Vmware.Nsx.Models;
+using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
@@ -28,6 +29,7 @@ namespace Keyfactor.Extensions.Orchestrator.Vmware.Nsx
 {
     public class NsxClient : IDisposable
     {
+        private ILogger _logger;
         private HttpClientHandler HttpHandler { get; }
         private HttpClient HttpClient { get; }
         private CookieCollection LoginCookies { get; }
@@ -41,8 +43,9 @@ public class NsxClient : IDisposable
             NullValueHandling = NullValueHandling.Ignore
         };
 
-        public NsxClient(string url, string username, string password, string tenant, string apiVersion)
+        public NsxClient(ILogger logger, string url, string username, string password, string tenant, string apiVersion)
         {
+            _logger = logger;
             // declare cookies and handler to be able to access them after Login process
             CookieContainer cookies = new CookieContainer();
             HttpHandler = new HttpClientHandler();
@@ -52,12 +55,19 @@ public NsxClient(string url, string username, string password, string tenant, st
 
             string aviVersion = apiVersion ?? "20.1.1";
             HttpClient.DefaultRequestHeaders.Add("X-Avi-Version", aviVersion);
+            _logger.LogDebug($"Using X-Avi-Version {aviVersion}");
             if (tenant != null)
             {
                 HttpClient.DefaultRequestHeaders.Add("X-Avi-Tenant", tenant);
+                _logger.LogDebug($"Using X-Avi-Tenant {tenant}");
             }
-
+            else
+            {
+                _logger.LogDebug($"Not using any X-Avi-Tenant. Default tenant for the user will be used.");
+            }
+
             // ensure base url ends as expected
+            _logger.LogTrace($"Passed in URL is {url} - this will be processed to conform to URL expectation...");
             if (!url.EndsWith("/"))
             {
                 url += "/";
@@ -66,6 +76,7 @@ public NsxClient(string url, string username, string password, string tenant, st
             {
                 url = url.Substring(0, url.Length - 4); // remove "api/" from end of base url
             }
+            _logger.LogTrace($"Final proccessed Base URL is {url}");
             BaseUrl = url;
             HttpClient.BaseAddress = new Uri(BaseUrl);
 
@@ -86,12 +97,14 @@ public NsxClient(string url, string username, string password, string tenant, st
 
         private void Login(string username, string password)
         {
+            _logger.LogTrace("Beginning initial Login");
             dynamic loginBody = new {
                 username = username,
                 password = password
             };
             StringContent content = new StringContent(JsonConvert.SerializeObject(loginBody), Encoding.UTF8, "application/json");
             var resp = HttpClient.PostAsync(LOGIN_ENDPOINT, content).Result;
+            _logger.LogTrace("Posted Login request. Reading response.");
             EnsureSuccessfulResponse(resp);
         }
 
@@ -174,6 +187,7 @@ private void EnsureSuccessfulResponse(HttpResponseMessage response)
         {
             if (!response.IsSuccessStatusCode)
             {
+                _logger.LogError($"HTTP Response indicated an error. Status Code: {response.StatusCode} - Reason: {response.ReasonPhrase}");
                 string error = new StreamReader(response.Content.ReadAsStreamAsync().Result).ReadToEnd();
                 throw new Exception($"Request to VMware NSX ALB was not successful - {response.StatusCode} - {error}");
             }

vmware-nsx-orchestrator/NsxJob.cs

@@ -30,7 +30,7 @@ namespace Keyfactor.Extensions.Orchestrator.Vmware.Nsx
 {
     public abstract class NsxJob : IOrchestratorJobExtension
     {
-        private protected ILogger _logger;
+        internal ILogger _logger;
         private long _jobHistoryId;
         private string _apiVersion;
         private protected IPAMSecretResolver _pam;
@@ -62,7 +62,7 @@ private protected SSLKeyAndCertificate ConvertToNsxCertificate(string certType,
                 X509Certificate2 x509 = new X509Certificate2(certBytes, password);
                 PrivateKeyConverter pkey = PrivateKeyConverterFactory.FromPKCS12(certBytes, password);
 
-                nsxCert.certificate.certificate = $"-----BEGIN CERTIFICATE-----\n{Convert.ToBase64String(x509.RawData)}\n-----END CERTIFICATE-----";
+                nsxCert.certificate.certificate = $"-----BEGIN CERTIFICATE-----\n{Convert.ToBase64String(x509.RawData, Base64FormattingOptions.InsertLineBreaks)}\n-----END CERTIFICATE-----";
 
                 // check type of key
                 string keyType;
@@ -123,11 +123,13 @@ private protected void Initialize(string clientMachine, JobConfiguration config,
             {
                 string username = ResolvePamField(_pam, config.ServerUsername, "Server Username");
                 string password = ResolvePamField(_pam, config.ServerPassword, "Server Password");
-                Client = new NsxClient(clientMachine, username, password, tenant, _apiVersion);
+                Client = new NsxClient(_logger, clientMachine, username, password, tenant, _apiVersion);
             }
             catch (Exception ex)
             {
                 ThrowError(ex, "Initialization");
+                _logger.LogError("Error during initialization, cannot return proper Error job result. Re-throwing exception.");
+                throw;
             }
             _logger.LogTrace($"Configuration complete for {ExtensionName}.");
         }

vmware-nsx-orchestrator/vmware-nsx-orchestrator.csproj

@@ -1,9 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <RootNamespace>Keyfactor.Extensions.Orchestrator.Vmware.Nsx</RootNamespace>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
@@ -12,6 +13,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="BouncyCastle.Cryptography" Version="2.5.1" />
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
     <PackageReference Include="Keyfactor.PKI" Version="5.0.0" />