Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to bootstrap with manifest changes #20

Merged
merged 2 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .github/workflows/keyfactor-bootstrap-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Keyfactor Bootstrap Workflow

on:
workflow_dispatch:
pull_request:
types: [opened, closed, synchronize, edited, reopened]
push:
create:
branches:
- 'release-*.*'

jobs:
call-starter-workflow:
uses: keyfactor/actions/.github/workflows/starter.yml@v2
secrets:
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
42 changes: 0 additions & 42 deletions .github/workflows/keyfactor-starter-workflow.yml

This file was deleted.

12 changes: 7 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@

# Palo Alto Orchestrator

The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama. If using Panorama, it will push changes to all the devices from Panorama. It supports adding certificates with or without private keys. Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more.

#### Integration status: Production - Ready for use in production environments.


## About the Keyfactor Universal Orchestrator Extension

This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications.
Expand All @@ -13,23 +13,22 @@ The Universal Orchestrator is part of the Keyfactor software distribution and is

The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator.


## Support for Palo Alto Orchestrator

Palo Alto Orchestrator is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.


---


---



## Keyfactor Version Supported

The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1

## Platform Specific Notes

The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running.
Expand All @@ -39,7 +38,7 @@ The Keyfactor Universal Orchestrator may be installed on either Windows or Linux
|Supports Management Remove|✓ | |
|Supports Create Store| | |
|Supports Discovery| | |
|Supports Renrollment| | |
|Supports Reenrollment| | |
|Supports Inventory|✓ | |


Expand Down Expand Up @@ -202,3 +201,6 @@ TC25|Panorama Inventory|/config/panorama|N/A|Job Completes with Inventory of cer

</details>

When creating cert store type manually, that store property names and entry parameter names are case sensitive


198 changes: 100 additions & 98 deletions integration-manifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@
"update_catalog": true,
"link_github": true,
"support_level": "kf-supported",
"release_dir": "PaloAlto/bin/Release/netcoreapp3.1",
"description": "The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama. If using Panorama, it will push changes to all the devices from Panorama. It supports adding certificates with or without private keys. Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more.",
"about": {
"orchestrator": {
"UOFramework": "10.1",
"keyfactor_platform_version": "9.10",
"pam_support": true,
"win": {
"supportsCreateStore": false,
Expand All @@ -31,105 +33,105 @@
},
"store_types": [
{
"Name": "PaloAlto",
"ShortName": "PaloAlto",
"Capability": "PaloAlto",
"LocalStore": false,
"SupportedOperations": {
"Add": true,
"Create": false,
"Discovery": false,
"Enrollment": false,
"Remove": true
},
"Properties": [
{
"Name": "ServerUsername",
"DisplayName": "Server Username",
"Type": "Secret",
"DependsOn": null,
"DefaultValue": null,
"Required": false
},
{
"Name": "ServerPassword",
"DisplayName": "Server Password",
"Type": "Secret",
"DependsOn": null,
"DefaultValue": null,
"Required": false
},
{
"Name": "ServerUseSsl",
"DisplayName": "Use SSL",
"Type": "Bool",
"DependsOn": null,
"DefaultValue": "true",
"Required": true
},
{
"Name": "DeviceGroup",
"DisplayName": "Device Group",
"Type": "String",
"DependsOn": null,
"DefaultValue": null,
"Required": false
}
],
"EntryParameters": [
{
"Name": "TlsMinVersion",
"DisplayName": "TLS Min Version",
"Type": "MultipleChoice",
"RequiredWhen": {
"HasPrivateKey": false,
"OnAdd": false,
"OnRemove": false,
"OnReenrollment": false
},
"Options": ",tls1-0,tls1-1,tls1-2"
},
{
"Name": "TLSMaxVersion",
"DisplayName": "TLS Max Version",
"Type": "MultipleChoice",
"RequiredWhen": {
"HasPrivateKey": false,
"OnAdd": false,
"OnRemove": false,
"OnReenrollment": false
},
"Options": ",tls1-0,tls1-1,tls1-2,max"
},
{
"Name": "TlsProfileName",
"DisplayName": "TLS Profile Name",
"Type": "String",
"RequiredWhen": {
"HasPrivateKey": false,
"OnAdd": false,
"OnRemove": false,
"OnReenrollment": false
}
}
],
"PasswordOptions": {
"EntrySupported": false,
"StoreRequired": false,
"Style": "Default"
},
"PrivateKeyAllowed": "Optional",
"JobProperties": [
"TlsMinVersion",
"TLSMaxVersion",
"TlsProfileName"
],
"ServerRequired": true,
"PowerShell": false,
"BlueprintAllowed": false,
"CustomAliasAllowed": "Required"
"Name": "PaloAlto",
"ShortName": "PaloAlto",
"Capability": "PaloAlto",
"LocalStore": false,
"SupportedOperations": {
"Add": true,
"Create": false,
"Discovery": false,
"Enrollment": false,
"Remove": true
},
"Properties": [
{
"Name": "ServerUsername",
"DisplayName": "Server Username",
"Type": "Secret",
"DependsOn": null,
"DefaultValue": null,
"Required": false
},
{
"Name": "ServerPassword",
"DisplayName": "Server Password",
"Type": "Secret",
"DependsOn": null,
"DefaultValue": null,
"Required": false
},
{
"Name": "ServerUseSsl",
"DisplayName": "Use SSL",
"Type": "Bool",
"DependsOn": null,
"DefaultValue": "true",
"Required": true
},
{
"Name": "DeviceGroup",
"DisplayName": "Device Group",
"Type": "String",
"DependsOn": null,
"DefaultValue": null,
"Required": false
}
],
"EntryParameters": [
{
"Name": "TlsMinVersion",
"DisplayName": "TLS Min Version",
"Type": "MultipleChoice",
"RequiredWhen": {
"HasPrivateKey": false,
"OnAdd": false,
"OnRemove": false,
"OnReenrollment": false
},
"Options": ",tls1-0,tls1-1,tls1-2"
},
{
"Name": "TLSMaxVersion",
"DisplayName": "TLS Max Version",
"Type": "MultipleChoice",
"RequiredWhen": {
"HasPrivateKey": false,
"OnAdd": false,
"OnRemove": false,
"OnReenrollment": false
},
"Options": ",tls1-0,tls1-1,tls1-2,max"
},
{
"Name": "TlsProfileName",
"DisplayName": "TLS Profile Name",
"Type": "String",
"RequiredWhen": {
"HasPrivateKey": false,
"OnAdd": false,
"OnRemove": false,
"OnReenrollment": false
}
}
],
"PasswordOptions": {
"EntrySupported": false,
"StoreRequired": false,
"Style": "Default"
},
"PrivateKeyAllowed": "Optional",
"JobProperties": [
"TlsMinVersion",
"TLSMaxVersion",
"TlsProfileName"
],
"ServerRequired": true,
"PowerShell": false,
"BlueprintAllowed": false,
"CustomAliasAllowed": "Required"
}
]
]
}
}
}
Loading