handle s3 bucket region for us-east-1

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -0,0 +1,19 @@
+name: Keyfactor Bootstrap Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.V2BUILDTOKEN }}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}

README.md

@@ -1,25 +1,45 @@
+
 # Amazon ACM PCA CA AnyGateway
 
 This integration allows for the Synchronization, Enrollment, and Revocation of certificates from Amazon Certificate Manager Private CA.
 
 #### Integration status: Production - Ready for use in production environments.
 
-## About the Keyfactor AnyGateway CA Connector
-
-This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority.
-
+## About the Keyfactor AnyCA Gateway DCOM Connector
 
+This repository contains an AnyCA Gateway Connector, which is a plugin to the Keyfactor AnyGateway. AnyCA Gateway Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority.
 
 ## Support for Amazon ACM PCA CA AnyGateway
 
-Amazon ACM PCA CA AnyGateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative.
+Amazon ACM PCA CA AnyGateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com
 
 ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
-___
 
+---
+
+
+---
+
+
+
+
+
+## Keyfactor AnyCA Gateway Framework Supported
+The Keyfactor gateway framework implements common logic shared across various gateway implementations and handles communication with Keyfactor Command. The gateway framework hosts gateway implementations or plugins that understand how to communicate with specific CAs. This allows you to integrate your third-party CAs with Keyfactor Command such that they behave in a manner similar to the CAs natively supported by Keyfactor Command.
 
 
 
+
+This gateway extension was compiled against version  of the AnyCA Gateway DCOM Framework.  You will need at least this version of the framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly.
+
+
+[Keyfactor CAGateway Install Guide](https://software.keyfactor.com/Guides/AnyGateway_Generic/Content/AnyGateway/Introduction.htm)
+
+
+
+---
+
+
 # Introduction
 This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from Amazon's AWS Certificate Manager Private CA
 Note that this gateway is specific to Private CAs, and will not work against other AWS CAs.
@@ -182,3 +202,4 @@ Refer to the AnyGateway Documentation for more detail.
   }
 ```
 
+

amazon-acmpca-cagateway/Client/ACMPCAClient.cs

@@ -77,7 +77,7 @@
 			{
 				getCertificateResponse = GetPCAClient().GetCertificate(getCertificateRequest);
 			}
 			catch (RequestInProgressException rip)
 			{
 				// If request is still in progress, wait a second and try again
 				Thread.Sleep(1000);
@@ -174,6 +174,7 @@
 		public List<ACMPCACertificate> GetAuditReport()
 		{
 			Logger.MethodEntry(ILogExtensions.MethodLogLevel.Trace);
+			Logger.Trace($"Creating audit report request with:\n\tCAArn: {Config.CAArn}\n\tS3 Bucket: {Config.S3Bucket}");
 			CreateCertificateAuthorityAuditReportRequest request = new CreateCertificateAuthorityAuditReportRequest()
 			{
 				CertificateAuthorityArn = Config.CAArn,
@@ -201,6 +202,7 @@
 		private IAmazonACMPCA GetPCAClient()
 		{
 			Logger.MethodEntry(ILogExtensions.MethodLogLevel.Trace);
+			Logger.Trace($"Creating PCA Client with region {Config.GetRegion()}");
 			IAmazonACMPCA client = new AmazonACMPCAClient(Config.AccessKey, Config.AccessSecret, Config.GetRegion());
 			Logger.MethodExit(ILogExtensions.MethodLogLevel.Trace);
 			return client;
@@ -210,11 +212,21 @@
 		{
 			Logger.MethodEntry(ILogExtensions.MethodLogLevel.Trace);
 			string region = "";
+			Logger.Trace($"Locating region for S3 bucket: {Config.S3Bucket}");
 			using (IAmazonS3 tempClient = new AmazonS3Client(Config.AccessKey, Config.AccessSecret, Config.GetRegion()))
 			{
 				var bucketResponse = tempClient.GetBucketLocation(Config.S3Bucket);
 				region = bucketResponse.Location.Value;
 			}
+			if (string.IsNullOrEmpty(region))
+			{
+				region = "us-east-1";
+			}
+			if (string.Equals(region, "EU", StringComparison.OrdinalIgnoreCase))
+			{
+				region = "eu-west-1";
+			}
+			Logger.Trace($"Creating S3 Client with region {region}");
 			var s3Client = new AmazonS3Client(Config.AccessKey, Config.AccessSecret, RegionEndpoint.GetBySystemName(region));
 			Logger.MethodExit(ILogExtensions.MethodLogLevel.Trace);
 			return s3Client;

integration-manifest.json

@@ -6,5 +6,6 @@
   "support_level": "kf-supported",
   "update_catalog": true,
   "link_github": true,
+  "release_dir": "amazon-acmpca-cagateway/bin/Release",
   "description": "This integration allows for the Synchronization, Enrollment, and Revocation of certificates from Amazon Certificate Manager Private CA."
 }