diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml new file mode 100644 index 0000000..4487162 --- /dev/null +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -0,0 +1,19 @@ +name: Keyfactor Bootstrap Workflow + +on: + workflow_dispatch: + pull_request: + types: [opened, closed, synchronize, edited, reopened] + push: + create: + branches: + - 'release-*.*' + +jobs: + call-starter-workflow: + uses: keyfactor/actions/.github/workflows/starter.yml@v2 + secrets: + token: ${{ secrets.V2BUILDTOKEN}} + APPROVE_README_PUSH: ${{ secrets.V2BUILDTOKEN }} + gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} + gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml deleted file mode 100644 index e43fba7..0000000 --- a/.github/workflows/keyfactor-starter-workflow.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Starter Workflow -on: [workflow_dispatch, push, pull_request] - -jobs: - call-create-github-release-workflow: - uses: Keyfactor/actions/.github/workflows/github-release.yml@main - get-manifest-properties: - runs-on: windows-latest - outputs: - update_catalog: ${{ steps.read-json.outputs.prop }} - steps: - - uses: actions/checkout@v3 - - name: Read json - id: read-json - shell: pwsh - run: | - $json = Get-Content integration-manifest.json | ConvertFrom-Json - echo "::set-output name=prop::$(echo $json.update_catalog)" - - call-dotnet-build-and-release-workflow: - needs: [call-create-github-release-workflow] - uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main - with: - release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} - release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} - release_dir: amazon-acmpca-cagateway/bin/Release - secrets: - token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} - - call-generate-readme-workflow: - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main - secrets: - token: ${{ secrets.APPROVE_README_PUSH }} - - call-update-catalog-workflow: - needs: get-manifest-properties - if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') - uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main - secrets: - token: ${{ secrets.SDK_SYNC_PAT }} diff --git a/README.md b/README.md index 5a4aec3..f29858d 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,45 @@ + # Amazon ACM PCA CA AnyGateway This integration allows for the Synchronization, Enrollment, and Revocation of certificates from Amazon Certificate Manager Private CA. #### Integration status: Production - Ready for use in production environments. -## About the Keyfactor AnyGateway CA Connector - -This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. - +## About the Keyfactor AnyCA Gateway DCOM Connector +This repository contains an AnyCA Gateway Connector, which is a plugin to the Keyfactor AnyGateway. AnyCA Gateway Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. ## Support for Amazon ACM PCA CA AnyGateway -Amazon ACM PCA CA AnyGateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. +Amazon ACM PCA CA AnyGateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. -___ +--- + + +--- + + + + + +## Keyfactor AnyCA Gateway Framework Supported +The Keyfactor gateway framework implements common logic shared across various gateway implementations and handles communication with Keyfactor Command. The gateway framework hosts gateway implementations or plugins that understand how to communicate with specific CAs. This allows you to integrate your third-party CAs with Keyfactor Command such that they behave in a manner similar to the CAs natively supported by Keyfactor Command. + +This gateway extension was compiled against version of the AnyCA Gateway DCOM Framework. You will need at least this version of the framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly. + + +[Keyfactor CAGateway Install Guide](https://software.keyfactor.com/Guides/AnyGateway_Generic/Content/AnyGateway/Introduction.htm) + + + +--- + + # Introduction This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from Amazon's AWS Certificate Manager Private CA Note that this gateway is specific to Private CAs, and will not work against other AWS CAs. @@ -182,3 +202,4 @@ Refer to the AnyGateway Documentation for more detail. } ``` + diff --git a/amazon-acmpca-cagateway/Client/ACMPCAClient.cs b/amazon-acmpca-cagateway/Client/ACMPCAClient.cs index 10838bf..f44ba3e 100644 --- a/amazon-acmpca-cagateway/Client/ACMPCAClient.cs +++ b/amazon-acmpca-cagateway/Client/ACMPCAClient.cs @@ -174,6 +174,7 @@ public int RevokeCertificate(RevokeCertificateRequest request) public List GetAuditReport() { Logger.MethodEntry(ILogExtensions.MethodLogLevel.Trace); + Logger.Trace($"Creating audit report request with:\n\tCAArn: {Config.CAArn}\n\tS3 Bucket: {Config.S3Bucket}"); CreateCertificateAuthorityAuditReportRequest request = new CreateCertificateAuthorityAuditReportRequest() { CertificateAuthorityArn = Config.CAArn, @@ -201,6 +202,7 @@ public List GetAuditReport() private IAmazonACMPCA GetPCAClient() { Logger.MethodEntry(ILogExtensions.MethodLogLevel.Trace); + Logger.Trace($"Creating PCA Client with region {Config.GetRegion()}"); IAmazonACMPCA client = new AmazonACMPCAClient(Config.AccessKey, Config.AccessSecret, Config.GetRegion()); Logger.MethodExit(ILogExtensions.MethodLogLevel.Trace); return client; @@ -210,11 +212,21 @@ private IAmazonS3 GetS3Client() { Logger.MethodEntry(ILogExtensions.MethodLogLevel.Trace); string region = ""; + Logger.Trace($"Locating region for S3 bucket: {Config.S3Bucket}"); using (IAmazonS3 tempClient = new AmazonS3Client(Config.AccessKey, Config.AccessSecret, Config.GetRegion())) { var bucketResponse = tempClient.GetBucketLocation(Config.S3Bucket); region = bucketResponse.Location.Value; } + if (string.IsNullOrEmpty(region)) + { + region = "us-east-1"; + } + if (string.Equals(region, "EU", StringComparison.OrdinalIgnoreCase)) + { + region = "eu-west-1"; + } + Logger.Trace($"Creating S3 Client with region {region}"); var s3Client = new AmazonS3Client(Config.AccessKey, Config.AccessSecret, RegionEndpoint.GetBySystemName(region)); Logger.MethodExit(ILogExtensions.MethodLogLevel.Trace); return s3Client; diff --git a/integration-manifest.json b/integration-manifest.json index 71f10d0..4ae8d1f 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -6,5 +6,6 @@ "support_level": "kf-supported", "update_catalog": true, "link_github": true, + "release_dir": "amazon-acmpca-cagateway/bin/Release", "description": "This integration allows for the Synchronization, Enrollment, and Revocation of certificates from Amazon Certificate Manager Private CA." }