Skip to content

Commit c1f8aa5

Browse files
m8rmclarenm8rmclaren
authored
Merge ae0c27c into a115994 
2 parents a115994 + ae0c27c commit c1f8aa5

10 files changed

+346
-347
lines changed

.github/images/AzureAppGW-advanced-store-type-dialog.png

40.2 KB
Loading

.github/images/AzureAppGW-basic-store-type-dialog.png

53.8 KB
Loading

.github/images/AzureAppGW-custom-fields-store-type-dialog.png

36 KB
Loading

.github/images/AzureAppGW-entry-parameters-store-type-dialog.png

27 KB
Loading

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -346,3 +346,5 @@ healthchecksdb
346346
/key.pem
347347
/cert.pem
348348
/cert.csr
349+
350+
.DS_Store

AzureAppGatewayOrchestrator/Client/AzureAppGatewayClient.cs

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,22 @@ public IEnumerable<CurrentInventoryItem> GetAppGatewaySslCertificates()
9797

9898
foreach (ApplicationGatewaySslCertificate certObject in appGatewayResource.Data.SslCertificates)
9999
{
100+
// Verify that certObject.PublicCertData is not null. If the certificate was imported into the app
101+
// gateway from Azure Key Vault, certObject.PublicCertData will be null.
102+
if (certObject.PublicCertData == null)
103+
{
104+
if (!string.IsNullOrEmpty(certObject.KeyVaultSecretId))
105+
{
106+
_logger.LogDebug($"Certificate called \"{certObject.Name}\" ({certObject.Id}) was imported from Azure Key Vault with ID {certObject.KeyVaultSecretId} and cannot be retrieved.");
107+
}
108+
else
109+
{
110+
_logger.LogDebug($"Certificate called \"{certObject.Name}\" ({certObject.Id}) does not have any public certificate data.");
111+
}
112+
113+
continue;
114+
}
115+
100116
// ApplicationGatewaySslCertificate is in PKCS#7 format
101117

102118
// Azure returns public cert data wrapped in parentheses. Remove them.
@@ -117,7 +133,7 @@ public IEnumerable<CurrentInventoryItem> GetAppGatewaySslCertificates()
117133
CurrentInventoryItem inventoryItem = new CurrentInventoryItem()
118134
{
119135
Alias = certObject.Name,
120-
PrivateKeyEntry = false,
136+
PrivateKeyEntry = true,
121137
ItemStatus = OrchestratorInventoryItemStatus.Unknown,
122138
UseChainLevel = true,
123139
Certificates = list

CHANGELOG.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,8 @@
33

44
- 1.2.0
55
- Added support for additional Azure global cloud instances (Government, China, Germany)
6-
- New store type property ("Azure Cloud")
6+
- New store type property ("Azure Cloud")
7+
8+
- 1.3.0
9+
- fix(azure): Fixed bug that resulted in null reference exception when certificate was imported to Azure App Gateway from Azure Key Vault.
10+
- chore(docs): Refactor docs to describe limitation of Azure Key Vault certificate import to Azure App Gateway.

README.md

Lines changed: 106 additions & 123 deletions
Large diffs are not rendered by default.

integration-manifest.json

Lines changed: 113 additions & 103 deletions
Original file line numberDiff line numberDiff line change
@@ -1,109 +1,119 @@
11
{
2-
"$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
3-
"integration_type": "orchestrator",
4-
"name": "Azure Application Gateway Orchestrator",
5-
"status": "production",
6-
"update_catalog": true,
7-
"link_github": true,
8-
"support_level": "kf-community",
9-
"release_dir": "AzureAppGatewayOrchestrator\\bin\\Release",
10-
"description": "The Azure Application Gateway Orchestrator extension acts as a proxy between Keyfactor and Azure that allows Keyfactor to manage Application Gateway certificates.",
11-
"about": {
12-
"orchestrator": {
13-
"win": {
14-
"platformSupport": "Unused",
15-
"supportsCreateStore": false,
16-
"supportsDiscovery": true,
17-
"supportsInventory": true,
18-
"supportsManagementAdd": true,
19-
"supportsManagementRemove": true,
20-
"supportsReenrollment": false
21-
},
22-
"linux": {
23-
"supportsCreateStore": false,
24-
"supportsDiscovery": true,
25-
"supportsManagementAdd": true,
26-
"supportsManagementRemove": true,
27-
"supportsReenrollment": false,
28-
"supportsInventory": true,
29-
"platformSupport": "Unused"
30-
},
31-
"UOFramework": "10.1",
32-
"keyfactor_platform_version": "9.10",
33-
"store_types": [
34-
{
35-
"Name": "Azure Application Gateway",
36-
"ShortName": "AzureAppGW",
37-
"Capability": "AzureAppGW",
38-
"LocalStore": false,
39-
"SupportedOperations": {
40-
"Add": true,
41-
"Create": false,
42-
"Discovery": true,
43-
"Enrollment": false,
44-
"Remove": true
45-
},
46-
"Properties": [
47-
{
48-
"Name": "ServerUsername",
49-
"DisplayName": "Server Username",
50-
"Type": "Secret",
51-
"DependsOn": null,
52-
"DefaultValue": null,
53-
"Required": true
2+
"$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
3+
"integration_type": "orchestrator",
4+
"name": "Azure Application Gateway Orchestrator",
5+
"status": "production",
6+
"update_catalog": true,
7+
"link_github": true,
8+
"support_level": "kf-community",
9+
"release_dir": "AzureAppGatewayOrchestrator\\bin\\Release",
10+
"description": "The Azure Application Gateway Orchestrator extension acts as a proxy between Keyfactor and Azure that allows Keyfactor to manage Application Gateway certificates.",
11+
"about": {
12+
"orchestrator": {
13+
"win": {
14+
"platformSupport": "Unused",
15+
"supportsCreateStore": false,
16+
"supportsDiscovery": true,
17+
"supportsInventory": true,
18+
"supportsManagementAdd": true,
19+
"supportsManagementRemove": true,
20+
"supportsReenrollment": false
5421
},
55-
{
56-
"Name": "ServerPassword",
57-
"DisplayName": "Server Password",
58-
"Type": "Secret",
59-
"DependsOn": null,
60-
"DefaultValue": null,
61-
"Required": true
22+
"linux": {
23+
"supportsCreateStore": false,
24+
"supportsDiscovery": true,
25+
"supportsManagementAdd": true,
26+
"supportsManagementRemove": true,
27+
"supportsReenrollment": false,
28+
"supportsInventory": true,
29+
"platformSupport": "Unused"
6230
},
63-
{
64-
"Name": "ServerUseSsl",
65-
"DisplayName": "Use SSL",
66-
"Type": "Bool",
67-
"DependsOn": null,
68-
"DefaultValue": "true",
69-
"Required": false
70-
},
71-
{
72-
"Name": "AzureCloud",
73-
"DisplayName": "Azure Cloud",
74-
"Type": "MultipleChoice",
75-
"DependsOn": "",
76-
"DefaultValue": "public,china,germany,government",
77-
"Required": false
78-
}
79-
],
80-
"EntryParameters": [
81-
{
82-
"Name": "HTTPListenerName",
83-
"DisplayName": "HTTP Listener Name",
84-
"Type": "String",
85-
"RequiredWhen": {
86-
"HasPrivateKey": false,
87-
"OnAdd": false,
88-
"OnRemove": false,
89-
"OnReenrollment": false
90-
}
31+
"UOFramework": "10.1",
32+
"keyfactor_platform_version": "9.10",
33+
"store_types": [
34+
{
35+
"Name": "Azure Application Gateway",
36+
"ShortName": "AzureAppGW",
37+
"Capability": "AzureAppGW",
38+
"LocalStore": false,
39+
"SupportedOperations": {
40+
"Add": true,
41+
"Create": false,
42+
"Discovery": true,
43+
"Enrollment": false,
44+
"Remove": true
45+
},
46+
"Properties": [
47+
{
48+
"Name": "ServerUsername",
49+
"DisplayName": "Server Username",
50+
"Type": "Secret",
51+
"Required": true
52+
},
53+
{
54+
"Name": "ServerPassword",
55+
"DisplayName": "Server Password",
56+
"Type": "Secret",
57+
"Required": true
58+
},
59+
{
60+
"Name": "ServerUseSsl",
61+
"DisplayName": "Use SSL",
62+
"Type": "Bool",
63+
"DefaultValue": "true",
64+
"Required": false
65+
},
66+
{
67+
"Name": "AzureCloud",
68+
"DisplayName": "Azure Cloud",
69+
"Type": "MultipleChoice",
70+
"DependsOn": "",
71+
"DefaultValue": "public,china,germany,government",
72+
"Required": false
73+
}
74+
],
75+
"EntryParameters": [
76+
{
77+
"Name": "HTTPListenerName",
78+
"DisplayName": "HTTP Listener Name",
79+
"Type": "String",
80+
"RequiredWhen": {
81+
"HasPrivateKey": false,
82+
"OnAdd": false,
83+
"OnRemove": false,
84+
"OnReenrollment": false
85+
}
86+
}
87+
],
88+
"PasswordOptions": {
89+
"EntrySupported": false,
90+
"StoreRequired": false,
91+
"Style": "Default"
92+
},
93+
"PrivateKeyAllowed": "Required",
94+
"ServerRequired": true,
95+
"PowerShell": false,
96+
"BlueprintAllowed": false,
97+
"CustomAliasAllowed": "Required",
98+
"ServerRegistration": 13,
99+
"InventoryEndpoint": "/AnyInventory/Update"
100+
}
101+
],
102+
"store_types_metadata": {
103+
"AzureAppGW": {
104+
"ClientMachine": "The Azure Tenant ID of the service principal.",
105+
"StorePath": "Azure resource ID of the application gateway in the form `/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Network/applicationGateways/<application-gateway-name>`",
106+
"Properties": {
107+
"ServerUsername": "Application ID of the service principal that will be used to manage the Application Gateway.",
108+
"ServerPassword": "Secret of the service principal that will be used to manage the Application Gateway.",
109+
"ServerUseSsl": "Indicates whether SSL should be used",
110+
"AzureCloud": "The Azure Cloud field, if necessary, should contain one of the following values: 'china, germany, government'. This field specifies the Azure Cloud instance used by the organization. If using the standard 'public' cloud, this field can be left blank or omitted from the store type definition."
111+
},
112+
"EntryParameters": {
113+
"HTTPListenerName": "The name of the HTTP listener to which the certificate will be bound."
114+
}
115+
}
91116
}
92-
],
93-
"PasswordOptions": {
94-
"EntrySupported": false,
95-
"StoreRequired": false,
96-
"Style": "Default"
97-
},
98-
"PrivateKeyAllowed": "Required",
99-
"ServerRequired": true,
100-
"PowerShell": false,
101-
"BlueprintAllowed": false,
102-
"CustomAliasAllowed": "Required",
103-
"ServerRegistration": 13,
104-
"InventoryEndpoint": "/AnyInventory/Update"
105117
}
106-
]
107118
}
108-
}
109-
}
119+
}

0 commit comments

Comments
 (0)