Feature/scope property#15
Merged
Merged
Conversation
GCP Certificate Manager's `scope` field is create-only and immutable. Previous releases hard-coded `Scope = "DEFAULT"` on every certificate created, which made the orchestrator unusable for environments running cross-region internal Application Load Balancers (`ALL_REGIONS`), Media CDN (`EDGE_CACHE`), or mTLS trust configs (`CLIENT_AUTH`). Affected customers had to pre-create empty placeholder certificate resources in GCP via Terraform with the right scope, then point Keyfactor at the shell - breaking the single-pane-of-glass workflow. Adds a `Scope` custom store property honored by Management/Add. Values are case-normalized and validated against the four-value enum GCP accepts; an unsupported value fails the `ResolveScope` flow step before any API call. Blank resolves to `DEFAULT` so existing stores keep working with no operator action. Replace (overwrite) intentionally does not propagate scope: the patch UpdateMask is "SelfManaged", and GCP would reject a scope change anyway. The recommended pattern is one store per (project, location, scope) tuple. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Scope is per-certificate in GCP's data model - a single (project,
location) container can hold certs at different scopes - so modeling it
as a store property forced operators into one-store-per-scope and
required toggling the property between adds. Entry parameter matches
the actual semantics and lets a single store hold mixed-scope certs.
Changes:
- Move Scope from manifest Properties[] to EntryParameters[] as a
MultipleChoice dropdown (DEFAULT/ALL_REGIONS/EDGE_CACHE/CLIENT_AUTH).
Operators pick at Add time; the dropdown prevents typos reaching the
orchestrator (ResolveScope still validates as defence-in-depth).
- Remove Scope from StoreProperties.cs.
- Management.cs now reads Scope from config.JobProperties["Scope"]
rather than the store-properties bag.
- Inventory.cs reads c.Scope from each certificates.list response and
writes it into CurrentInventoryItem.Parameters["Scope"]. GCP omits
the field when the cert is at DEFAULT, so null/blank normalizes to
"DEFAULT" here. This makes renewals/reenrollments carry scope
forward automatically - Keyfactor replays the inventoried value
back into JobProperties on the next Management/Add cycle.
- Regenerate scripts/store_types/{bash,powershell} so operators
applying the store type from the branch get the EntryParameter
shape without waiting for doctool CI.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
RestSharp 107.2.1 was a dead PackageReference - no using directive or type reference exists anywhere in the source. Removing it eliminates the GHSA-4rr6-2v9v-wcpc moderate-severity NU1902 warning without needing a runtime upgrade. Add net10.0 alongside net6.0 and net8.0 so the orchestrator can run on .NET 10 hosts; build verified locally across all three TFMs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
System.Management.Automation 7.0.5 was dead weight - zero usages in the source, and the manifest already declares "PowerShell": false. The package also drove the NETSDK1206 RID warning (legacy win10-x64 etc. RIDs in Microsoft.Management.Infrastructure.Runtime.Win) on net8/net10 builds. Note: removing SMA does *not* eliminate the System.Drawing.Common critical-severity warning (NU1904 / GHSA-rxg9-xrhp-64gj). That dep is pulled in transitively by Keyfactor.Logging 1.1.1 via System.DirectoryServices 5.0.0 -> System.Security.Permissions 5.0.0 -> System.Windows.Extensions 5.0.0 -> System.Drawing.Common 5.0.0. The fix path is either an explicit PackageReference override or a Keyfactor.Logging upgrade upstream - both out of scope for this commit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…p-64gj) Pins System.Drawing.Common to 8.0.10 directly so the transitive 5.0.0 pulled in by Keyfactor.Logging -> System.DirectoryServices -> System.Security.Permissions -> System.Windows.Extensions cannot resolve. The 5.0.0 version has a critical-severity remote-code-execution CVE (GHSA-rxg9-xrhp-64gj); 8.0.10 carries the patch. Direct PackageReference outranks transitive resolution, so no other csproj changes are needed. Override should be removed once Keyfactor publishes a Keyfactor.Logging release that bumps System.DirectoryServices to 8.x upstream. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.