diff --git a/CHANGELOG.md b/CHANGELOG.md index f643ebb4..527541c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +# 1.2.3 + +## Bug Fixes +- fix(management): `K8SNS` and `K8SCluster` Management Remove jobs no longer throw `IndexOutOfRangeException` when alias does not contain the expected `/` delimiter. + # 1.2.2 ## Bug Fixes @@ -22,6 +27,12 @@ on missing or invalid secret field name. ## Features - feat(client): Retry interrupted connections to k8s cluster. +# 1.1.4 + +## Bug Fixes +- fix(management): `K8SNS` Management Add job no longer throws `IndexOutOfRangeException` when alias does not contain the expected `/` delimiter. +- fix(management): `K8SNS` and `K8SCluster` Management Remove jobs no longer throw `IndexOutOfRangeException` when alias does not contain the expected `/` delimiter. + # 1.1.3 ## Bug Fixes diff --git a/docsource/images/K8SCluster-basic-store-type-dialog.png b/docsource/images/K8SCluster-basic-store-type-dialog.png index be0b7ece..0519073b 100644 Binary files a/docsource/images/K8SCluster-basic-store-type-dialog.png and b/docsource/images/K8SCluster-basic-store-type-dialog.png differ diff --git a/docsource/images/K8SNS-basic-store-type-dialog.png b/docsource/images/K8SNS-basic-store-type-dialog.png index 3425d444..4864cba7 100644 Binary files a/docsource/images/K8SNS-basic-store-type-dialog.png and b/docsource/images/K8SNS-basic-store-type-dialog.png differ diff --git a/docsource/images/K8STLSSecr-basic-store-type-dialog.png b/docsource/images/K8STLSSecr-basic-store-type-dialog.png index 37d40bac..1002e885 100644 Binary files a/docsource/images/K8STLSSecr-basic-store-type-dialog.png and b/docsource/images/K8STLSSecr-basic-store-type-dialog.png differ diff --git a/kubernetes-orchestrator-extension/Jobs/Management.cs b/kubernetes-orchestrator-extension/Jobs/Management.cs index d771d915..c1c13252 100644 --- a/kubernetes-orchestrator-extension/Jobs/Management.cs +++ b/kubernetes-orchestrator-extension/Jobs/Management.cs @@ -688,6 +688,12 @@ private JobResult HandleRemove(string secretType, ManagementJobConfiguration con var splitAlias = certAlias.Split("/"); if (Capability.Contains("K8SNS")) { + if (splitAlias.Length < 2) + { + var errMsg = $"Invalid alias format for K8SNS store type. Expected pattern: 'secrets//' but got '{certAlias}'"; + Logger.LogError(errMsg); + return FailJob(errMsg, config.JobHistoryId); + } // Split alias by / and get second to last element KubeSecretType KubeSecretType = splitAlias[^2]; KubeSecretName = splitAlias[^1]; @@ -695,6 +701,12 @@ private JobResult HandleRemove(string secretType, ManagementJobConfiguration con } else if (Capability.Contains("K8SCluster")) { + if (splitAlias.Length < 3) + { + var errMsg = $"Invalid alias format for K8SCluster store type. Expected pattern: '/secrets//' but got '{certAlias}'"; + Logger.LogError(errMsg); + return FailJob(errMsg, config.JobHistoryId); + } KubeSecretType = splitAlias[^2]; KubeSecretName = splitAlias[^1]; KubeNamespace = splitAlias[0]; diff --git a/scripts/store_types/bash/curl_create_store_types.sh b/scripts/store_types/bash/curl_create_store_types.sh old mode 100644 new mode 100755 index 45f8391c..d4ee47e9 --- a/scripts/store_types/bash/curl_create_store_types.sh +++ b/scripts/store_types/bash/curl_create_store_types.sh @@ -1,233 +1,576 @@ -###CURL script to create DER certificate store type +#!/usr/bin/env bash -###Replacement Variables - Manually replace these before running### -# {URL} - Base URL for your Keyfactor deployment -# {UserName} - User name with access to run Keyfactor APIs -# {UserPassword} - Password for the UserName above +# Creates all 7 store types via the Keyfactor Command REST API using curl. +# +# Authentication (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN +# +# Always required: +# KEYFACTOR_HOSTNAME Command hostname (e.g. my-command.example.com) +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. -export KEYFACTOR_USERNAME="" -export KEYFACTOR_PASSWORD="" -export KEYFACTOR_HOSTNAME="" -export KEYFACTOR_DOMAIN="" +if [ -z "${KEYFACTOR_HOSTNAME}" ]; then + echo "ERROR: KEYFACTOR_HOSTNAME is required" + exit 1 +fi + +BASE_URL="https://${KEYFACTOR_HOSTNAME}/keyfactorapi" -# Check environment variables are set -if [ -z "$KEYFACTOR_USERNAME" ] || [ -z "$KEYFACTOR_PASSWORD" ] || [ -z "$KEYFACTOR_HOSTNAME" ] || [ -z "$KEYFACTOR_DOMAIN" ]; then - echo "Please set the environment variables KEYFACTOR_USERNAME, KEYFACTOR_PASSWORD, KEYFACTOR_HOSTNAME and KEYFACTOR_DOMAIN" +# --------------------------------------------------------------------------- +# Resolve auth +# --------------------------------------------------------------------------- +if [ -n "${KEYFACTOR_AUTH_ACCESS_TOKEN}" ]; then + BEARER_TOKEN="${KEYFACTOR_AUTH_ACCESS_TOKEN}" +elif [ -n "${KEYFACTOR_AUTH_CLIENT_ID}" ] && [ -n "${KEYFACTOR_AUTH_CLIENT_SECRET}" ] && [ -n "${KEYFACTOR_AUTH_TOKEN_URL}" ]; then + echo "Fetching OAuth token..." + BEARER_TOKEN=$(curl -s -X POST "${KEYFACTOR_AUTH_TOKEN_URL}" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + --data-urlencode "grant_type=client_credentials" \ + --data-urlencode "client_id=${KEYFACTOR_AUTH_CLIENT_ID}" \ + --data-urlencode "client_secret=${KEYFACTOR_AUTH_CLIENT_SECRET}" | jq -r '.access_token') + if [ -z "${BEARER_TOKEN}" ] || [ "${BEARER_TOKEN}" = "null" ]; then + echo "ERROR: Failed to fetch OAuth token from ${KEYFACTOR_AUTH_TOKEN_URL}" + exit 1 + fi +elif [ -n "${KEYFACTOR_USERNAME}" ] && [ -n "${KEYFACTOR_PASSWORD}" ] && [ -n "${KEYFACTOR_DOMAIN}" ]; then + BEARER_TOKEN="" +else + echo "ERROR: Authentication required. Set one of:" + echo " KEYFACTOR_AUTH_ACCESS_TOKEN" + echo " KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET + KEYFACTOR_AUTH_TOKEN_URL" + echo " KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN" exit 1 fi -echo "Creating K8SCert store type" -curl -X POST "https://${KEYFACTOR_HOSTNAME}/keyfactorapi/certificatestoretypes" \ - -H "Content-Type: application/json" \ - -H "x-keyfactor-requested-with: APIClient" \ - -u "${KEYFACTOR_USERNAME}:${KEYFACTOR_PASSWORD}" -d \ -'{ - "Name": "K8SCert", - "ShortName": "K8SCert", - "Capability": "K8SCert", - "LocalStore": false, - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": true, - "Enrollment": false, - "Remove": false - }, - "Properties": [ - { - "StoreTypeId;omitempty": 0, - "Name": "KubeNamespace", - "DisplayName": "KubeNamespace", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretName", - "DisplayName": "KubeSecretName", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretType", - "DisplayName": "KubeSecretType", - "Type": "String", - "DependsOn": "", - "DefaultValue": "cert", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSvcCreds", - "DisplayName": "KubeSvcCreds", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" +if [ -n "${BEARER_TOKEN}" ]; then + CURL_AUTH=("-H" "Authorization: Bearer ${BEARER_TOKEN}") +else + CURL_AUTH=("-u" "${KEYFACTOR_USERNAME}@${KEYFACTOR_DOMAIN}:${KEYFACTOR_PASSWORD}") +fi + +create_store_type() { + local name="$1" + local body="$2" + echo "Creating ${name} store type..." + response=$(curl -s -o /dev/null -w "%{http_code}" \ + -X POST "${BASE_URL}/certificatestoretypes" \ + -H "Content-Type: application/json" \ + -H "x-keyfactor-requested-with: APIClient" \ + "${CURL_AUTH[@]}" \ + -d "${body}") + if [ "$response" = "200" ] || [ "$response" = "201" ]; then + echo " OK (HTTP ${response})" + else + echo " FAILED (HTTP ${response})" + fi +} + +# --------------------------------------------------------------------------- +# K8SCert — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +create_store_type "K8SCert" '{ + "Name": "K8SCert", + "ShortName": "K8SCert", + "Capability": "K8SCert", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": "", + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "cert", + "Required": true + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" +}' + +# --------------------------------------------------------------------------- +# K8SCluster — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +create_store_type "K8SCluster" '{ + "Name": "K8SCluster", + "ShortName": "K8SCluster", + "Capability": "K8SCluster", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" +}' + +# --------------------------------------------------------------------------- +# K8SJKS — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +create_store_type "K8SJKS" '{ + "Name": "K8SJKS", + "ShortName": "K8SJKS", + "Capability": "K8SJKS", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "jks", + "Required": true + }, + { + "Name": "CertificateDataFieldName", + "DisplayName": "CertificateDataFieldName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "PasswordFieldName", + "DisplayName": "PasswordFieldName", + "Type": "String", + "DependsOn": "", + "DefaultValue": "password", + "Required": false + }, + { + "Name": "PasswordIsK8SSecret", + "DisplayName": "PasswordIsK8SSecret", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "StorePasswordPath", + "DisplayName": "StorePasswordPath", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" +}' + +# --------------------------------------------------------------------------- +# K8SNS — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +create_store_type "K8SNS" '{ + "Name": "K8SNS", + "ShortName": "K8SNS", + "Capability": "K8SNS", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "Kube Namespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" }' -echo "Creating K8SSecret store type" -curl -X POST "https://$KEYFACTOR_HOSTNAME/keyfactorapi/certificatestoretypes" \ - -H "Content-Type: application/json" \ - -H "x-keyfactor-requested-with: APIClient" \ - -u {UserName}:{UserPassword} -d \ -'{ - "Name": "K8SSecret", - "ShortName": "K8SSecret", - "Capability": "K8SSecret", - "LocalStore": false, - "SupportedOperations": { - "Add": true, - "Create": true, - "Discovery": true, - "Enrollment": false, - "Remove": true - }, - "Properties": [ - { - "StoreTypeId;omitempty": 0, - "Name": "KubeNamespace", - "DisplayName": "KubeNamespace", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretName", - "DisplayName": "KubeSecretName", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretType", - "DisplayName": "KubeSecretType", - "Type": "String", - "DependsOn": "", - "DefaultValue": "secret", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSvcCreds", - "DisplayName": "KubeSvcCreds", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" +# --------------------------------------------------------------------------- +# K8SPKCS12 — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +create_store_type "K8SPKCS12" '{ + "Name": "K8SPKCS12", + "ShortName": "K8SPKCS12", + "Capability": "K8SPKCS12", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "CertificateDataFieldName", + "DisplayName": "CertificateDataFieldName", + "Type": "String", + "DependsOn": "", + "DefaultValue": ".p12", + "Required": true + }, + { + "Name": "PasswordFieldName", + "DisplayName": "Password Field Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": "password", + "Required": false + }, + { + "Name": "PasswordIsK8SSecret", + "DisplayName": "Password Is K8S Secret", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "KubeNamespace", + "DisplayName": "Kube Namespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "Kube Secret Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "Kube Secret Type", + "Type": "String", + "DependsOn": "", + "DefaultValue": "pkcs12", + "Required": true + }, + { + "Name": "StorePasswordPath", + "DisplayName": "StorePasswordPath", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" }' -echo "Creating K8STLSSecr store type" -curl -X POST "https://$KEYFACTOR_HOSTNAME/keyfactorapi/certificatestoretypes" \ - -H "Content-Type: application/json" \ - -H "x-keyfactor-requested-with: APIClient" \ - -u {UserName}:{UserPassword} -d \ -'{ - "Name": "K8STLSSecr", - "ShortName": "K8STLSSecr", - "Capability": "K8STLSSecr", - "LocalStore": false, - "SupportedOperations": { - "Add": true, - "Create": true, - "Discovery": true, - "Enrollment": false, - "Remove": true - }, - "Properties": [ - { - "StoreTypeId;omitempty": 0, - "Name": "KubeNamespace", - "DisplayName": "KubeNamespace", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretName", - "DisplayName": "KubeSecretName", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretType", - "DisplayName": "KubeSecretType", - "Type": "String", - "DependsOn": "", - "DefaultValue": "tls_secret", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSvcCreds", - "DisplayName": "KubeSvcCreds", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - } +# --------------------------------------------------------------------------- +# K8SSecret — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +create_store_type "K8SSecret" '{ + "Name": "K8SSecret", + "ShortName": "K8SSecret", + "Capability": "K8SSecret", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "secret", + "Required": true + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" +}' + +# --------------------------------------------------------------------------- +# K8STLSSecr — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +create_store_type "K8STLSSecr" '{ + "Name": "K8STLSSecr", + "ShortName": "K8STLSSecr", + "Capability": "K8STLSSecr", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "tls_secret", + "Required": true + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" }' -echo "Completed" \ No newline at end of file + +echo "Completed." diff --git a/scripts/store_types/bash/kfutil_create_store_types.sh b/scripts/store_types/bash/kfutil_create_store_types.sh old mode 100644 new mode 100755 index 1adad442..c447a8cf --- a/scripts/store_types/bash/kfutil_create_store_types.sh +++ b/scripts/store_types/bash/kfutil_create_store_types.sh @@ -1,29 +1,34 @@ #!/usr/bin/env bash -#export KEYFACTOR_USERNAME="" -#export KEYFACTOR_PASSWORD="" -#export KEYFACTOR_HOSTNAME="" -#export KEYFACTOR_DOMAIN="" +# Creates all 7 store types using kfutil. +# kfutil reads definitions from the Keyfactor integration catalog. +# +# Auth environment variables (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_HOSTNAME + KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD +# + KEYFACTOR_DOMAIN +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. -# Check kfutil is installed -if ! command -v kfutil &> /dev/null -then +if ! command -v kfutil &> /dev/null; then echo "kfutil could not be found. Please install kfutil" - echo "See the official docs: https://github.com/Keyfactor/kfutil#quickstart" - # Check if kfutil deps are already installed and if they are then provide the command to install kfutil from GitHub. - if command -v gh &> /dev/null || command -v zip &> /dev/null || command -v unzip &> /dev/null; - then - echo "To install kfutil, run the following command:" - echo "bash <(curl -s https://raw.githubusercontent.com/Keyfactor/kfutil/main/gh-dl-release.sh)" - fi + echo "See https://github.com/Keyfactor/kfutil#quickstart" + exit 1 fi -# Check environment variables are set -if [ -z "$KEYFACTOR_USERNAME" ] || [ -z "$KEYFACTOR_PASSWORD" ] || [ -z "$KEYFACTOR_HOSTNAME" ] || [ -z "$KEYFACTOR_DOMAIN" ]; then - echo "Please set the environment variables KEYFACTOR_USERNAME, KEYFACTOR_PASSWORD, KEYFACTOR_HOSTNAME and KEYFACTOR_DOMAIN" - kfutil login +if [ -z "$KEYFACTOR_HOSTNAME" ]; then + echo "KEYFACTOR_HOSTNAME not set — launching kfutil login" + kfutil login fi kfutil store-types create --name "K8SCert" +kfutil store-types create --name "K8SCluster" +kfutil store-types create --name "K8SJKS" +kfutil store-types create --name "K8SNS" +kfutil store-types create --name "K8SPKCS12" kfutil store-types create --name "K8SSecret" -kfutil store-types create --name "K8STLSSecr" \ No newline at end of file +kfutil store-types create --name "K8STLSSecr" + +echo "Done. All store types created." diff --git a/scripts/store_types/powershell/kfutil_create_store_types.ps1 b/scripts/store_types/powershell/kfutil_create_store_types.ps1 index e909e642..fe6bf043 100644 --- a/scripts/store_types/powershell/kfutil_create_store_types.ps1 +++ b/scripts/store_types/powershell/kfutil_create_store_types.ps1 @@ -1,23 +1,35 @@ -$username = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_USERNAME", "User") -$password = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_PASSWORD", "User") -$hostname = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_HOSTNAME", "User") -$domain = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_DOMAIN", "User") - -Set-Alias -Name kfutil -Value 'C:\Program Files\Keyfactor\kfutil\kfutil.exe' # Comment this out if you have kfutil in your PATH or somewhere custom - -if ((Get-Command "kfutil" -ErrorAction SilentlyContinue) -eq $null) -{ - Write-Host "kfutil could not be found in your PATH. Please install kfutil" - Write-Host "See the official docs: https://github.com/Keyfactor/kfutil#quickstart" -} - -if (-not $username -or -not $password -or -not $hostname -or -not $domain) { - Write-Host "Please set the environment variables KEYFACTOR_USERNAME, KEYFACTOR_PASSWORD, KEYFACTOR_HOSTNAME and KEYFACTOR_DOMAIN" - & kfutil login -} - -& kfutil store-types create --name "K8SCert" -& kfutil store-types create --name "K8SSecret" -& kfutil store-types create --name "K8STLSSecr" - - +# Creates all 7 store types using kfutil. +# kfutil reads definitions from the Keyfactor integration catalog. +# +# Auth environment variables (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_HOSTNAME + KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD +# + KEYFACTOR_DOMAIN +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. + +# Uncomment if kfutil is not in your PATH +# Set-Alias -Name kfutil -Value 'C:\Program Files\Keyfactor\kfutil\kfutil.exe' + +if ($null -eq (Get-Command "kfutil" -ErrorAction SilentlyContinue)) { + Write-Host "kfutil could not be found. Please install kfutil" + Write-Host "See https://github.com/Keyfactor/kfutil#quickstart" + exit 1 +} + +if (-not $env:KEYFACTOR_HOSTNAME) { + Write-Host "KEYFACTOR_HOSTNAME not set — launching kfutil login" + & kfutil login +} + +& kfutil store-types create --name "K8SCert" +& kfutil store-types create --name "K8SCluster" +& kfutil store-types create --name "K8SJKS" +& kfutil store-types create --name "K8SNS" +& kfutil store-types create --name "K8SPKCS12" +& kfutil store-types create --name "K8SSecret" +& kfutil store-types create --name "K8STLSSecr" + +Write-Host "Done. All store types created." diff --git a/scripts/store_types/powershell/restmethod_create_store_types.ps1 b/scripts/store_types/powershell/restmethod_create_store_types.ps1 index 7182d625..9cbe6ed1 100644 --- a/scripts/store_types/powershell/restmethod_create_store_types.ps1 +++ b/scripts/store_types/powershell/restmethod_create_store_types.ps1 @@ -1,229 +1,582 @@ -$username = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_USERNAME", "User") -$password = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_PASSWORD", "User") -$hostname = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_HOSTNAME", "User") -$domain = [System.Environment]::GetEnvironmentVariable("KEYFACTOR_DOMAIN", "User") - -if (-not $username -or -not $password -or -not $hostname -or -not $domain) { - Write-Host "Please set the environment variables KEYFACTOR_USERNAME, KEYFACTOR_PASSWORD, KEYFACTOR_HOSTNAME and KEYFACTOR_DOMAIN" - exit -} - -$uri = "https://$hostname/keyfactorapi/certificatestoretypes" -$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${username}@${domain}:${password}")) -$headers = @{ - 'Authorization' = "Basic $auth" - 'Content-Type' = "application/json" - 'x-keyfactor-requested-with' = "APIClient" -} - - - -Write-Host "Creating K8SCert store type" -$body = @" -{ - "Name": "K8SCert", - "ShortName": "K8SCert", - "Capability": "K8SCert", - "LocalStore": false, - "SupportedOperations": { - "Add": false, - "Create": false, - "Discovery": true, - "Enrollment": false, - "Remove": false - }, - "Properties": [ - { - "StoreTypeId;omitempty": 0, - "Name": "KubeNamespace", - "DisplayName": "KubeNamespace", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretName", - "DisplayName": "KubeSecretName", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretType", - "DisplayName": "KubeSecretType", - "Type": "String", - "DependsOn": "", - "DefaultValue": "cert", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSvcCreds", - "DisplayName": "KubeSvcCreds", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Forbidden", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - } -"@ -Invoke-RestMethod -Method Post -Uri $uri -Headers $headers -Body $body -ContentType "application/json" - -Write-Host "Creating K8SSecret store type" -$body = @" -{ - "Name": "K8SSecret", - "ShortName": "K8SSecret", - "Capability": "K8SSecret", - "LocalStore": false, - "SupportedOperations": { - "Add": true, - "Create": true, - "Discovery": true, - "Enrollment": false, - "Remove": true - }, - "Properties": [ - { - "StoreTypeId;omitempty": 0, - "Name": "KubeNamespace", - "DisplayName": "KubeNamespace", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretName", - "DisplayName": "KubeSecretName", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretType", - "DisplayName": "KubeSecretType", - "Type": "String", - "DependsOn": "", - "DefaultValue": "secret", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSvcCreds", - "DisplayName": "KubeSvcCreds", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - } -"@ - -Invoke-RestMethod -Method Post -Uri $uri -Headers $headers -Body $body -ContentType "application/json" - -Write-Host "Creating K8STLSSecr store type" -$body = @" -{ - "Name": "K8STLSSecr", - "ShortName": "K8STLSSecr", - "Capability": "K8STLSSecr", - "LocalStore": false, - "SupportedOperations": { - "Add": true, - "Create": true, - "Discovery": true, - "Enrollment": false, - "Remove": true - }, - "Properties": [ - { - "StoreTypeId;omitempty": 0, - "Name": "KubeNamespace", - "DisplayName": "KubeNamespace", - "Type": "String", - "DependsOn": "", - "DefaultValue": "default", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretName", - "DisplayName": "KubeSecretName", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSecretType", - "DisplayName": "KubeSecretType", - "Type": "String", - "DependsOn": "", - "DefaultValue": "tls_secret", - "Required": true - }, - { - "StoreTypeId;omitempty": 0, - "Name": "KubeSvcCreds", - "DisplayName": "KubeSvcCreds", - "Type": "String", - "DependsOn": "", - "DefaultValue": null, - "Required": true - } - ], - "EntryParameters": [], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "StorePathType": "", - "StorePathValue": "", - "PrivateKeyAllowed": "Optional", - "JobProperties": [], - "ServerRequired": false, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Forbidden" - } -"@ \ No newline at end of file +# Creates all 7 store types via the Keyfactor Command REST API +# using PowerShell Invoke-RestMethod. +# +# Authentication (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN +# +# Always required: +# KEYFACTOR_HOSTNAME Command hostname (e.g. my-command.example.com) +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. + +if (-not $env:KEYFACTOR_HOSTNAME) { + Write-Error "KEYFACTOR_HOSTNAME is required" + exit 1 +} + +$uri = "https://$($env:KEYFACTOR_HOSTNAME)/keyfactorapi/certificatestoretypes" +$headers = @{ + 'Content-Type' = "application/json" + 'x-keyfactor-requested-with' = "APIClient" +} + +# --------------------------------------------------------------------------- +# Resolve auth +# --------------------------------------------------------------------------- +if ($env:KEYFACTOR_AUTH_ACCESS_TOKEN) { + $headers['Authorization'] = "Bearer $($env:KEYFACTOR_AUTH_ACCESS_TOKEN)" +} elseif ($env:KEYFACTOR_AUTH_CLIENT_ID -and $env:KEYFACTOR_AUTH_CLIENT_SECRET -and $env:KEYFACTOR_AUTH_TOKEN_URL) { + Write-Host "Fetching OAuth token..." + $tokenBody = @{ + grant_type = 'client_credentials' + client_id = $env:KEYFACTOR_AUTH_CLIENT_ID + client_secret = $env:KEYFACTOR_AUTH_CLIENT_SECRET + } + $tokenResp = Invoke-RestMethod -Method Post -Uri $env:KEYFACTOR_AUTH_TOKEN_URL -Body $tokenBody + $headers['Authorization'] = "Bearer $($tokenResp.access_token)" +} elseif ($env:KEYFACTOR_USERNAME -and $env:KEYFACTOR_PASSWORD -and $env:KEYFACTOR_DOMAIN) { + $cred = [System.Convert]::ToBase64String( + [System.Text.Encoding]::ASCII.GetBytes( + "$($env:KEYFACTOR_USERNAME)@$($env:KEYFACTOR_DOMAIN):$($env:KEYFACTOR_PASSWORD)")) + $headers['Authorization'] = "Basic $cred" +} else { + Write-Error ("Authentication required. Set one of:`n" + + " KEYFACTOR_AUTH_ACCESS_TOKEN`n" + + " KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET + KEYFACTOR_AUTH_TOKEN_URL`n" + + " KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN") + exit 1 +} + +function New-StoreType { + param([string]$Name, [string]$Body) + Write-Host "Creating $Name store type..." + try { + Invoke-RestMethod -Method Post -Uri $uri -Headers $headers -Body $Body -ContentType "application/json" | Out-Null + Write-Host " OK" + } catch { + Write-Warning " FAILED: $($_.Exception.Message)" + } +} + +# --------------------------------------------------------------------------- +# K8SCert — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +New-StoreType "K8SCert" @' +{ + "Name": "K8SCert", + "ShortName": "K8SCert", + "Capability": "K8SCert", + "LocalStore": false, + "SupportedOperations": { + "Add": false, + "Create": false, + "Discovery": true, + "Enrollment": false, + "Remove": false + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": "", + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "cert", + "Required": true + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Forbidden", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" +} +'@ + +# --------------------------------------------------------------------------- +# K8SCluster — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +New-StoreType "K8SCluster" @' +{ + "Name": "K8SCluster", + "ShortName": "K8SCluster", + "Capability": "K8SCluster", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": false, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" +} +'@ + +# --------------------------------------------------------------------------- +# K8SJKS — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +New-StoreType "K8SJKS" @' +{ + "Name": "K8SJKS", + "ShortName": "K8SJKS", + "Capability": "K8SJKS", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "jks", + "Required": true + }, + { + "Name": "CertificateDataFieldName", + "DisplayName": "CertificateDataFieldName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "PasswordFieldName", + "DisplayName": "PasswordFieldName", + "Type": "String", + "DependsOn": "", + "DefaultValue": "password", + "Required": false + }, + { + "Name": "PasswordIsK8SSecret", + "DisplayName": "PasswordIsK8SSecret", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "StorePasswordPath", + "DisplayName": "StorePasswordPath", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" +} +'@ + +# --------------------------------------------------------------------------- +# K8SNS — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +New-StoreType "K8SNS" @' +{ + "Name": "K8SNS", + "ShortName": "K8SNS", + "Capability": "K8SNS", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "Kube Namespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" +} +'@ + +# --------------------------------------------------------------------------- +# K8SPKCS12 — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +New-StoreType "K8SPKCS12" @' +{ + "Name": "K8SPKCS12", + "ShortName": "K8SPKCS12", + "Capability": "K8SPKCS12", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "CertificateDataFieldName", + "DisplayName": "CertificateDataFieldName", + "Type": "String", + "DependsOn": "", + "DefaultValue": ".p12", + "Required": true + }, + { + "Name": "PasswordFieldName", + "DisplayName": "Password Field Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": "password", + "Required": false + }, + { + "Name": "PasswordIsK8SSecret", + "DisplayName": "Password Is K8S Secret", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "KubeNamespace", + "DisplayName": "Kube Namespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": "default", + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "Kube Secret Name", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "Kube Secret Type", + "Type": "String", + "DependsOn": "", + "DefaultValue": "pkcs12", + "Required": true + }, + { + "Name": "StorePasswordPath", + "DisplayName": "StorePasswordPath", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": true, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" +} +'@ + +# --------------------------------------------------------------------------- +# K8SSecret — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +New-StoreType "K8SSecret" @' +{ + "Name": "K8SSecret", + "ShortName": "K8SSecret", + "Capability": "K8SSecret", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "secret", + "Required": true + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" +} +'@ + +# --------------------------------------------------------------------------- +# K8STLSSecr — This can be anything useful, recommend using the k8s cluster name or identifier. +# --------------------------------------------------------------------------- +New-StoreType "K8STLSSecr" @' +{ + "Name": "K8STLSSecr", + "ShortName": "K8STLSSecr", + "Capability": "K8STLSSecr", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "Properties": [ + { + "Name": "KubeNamespace", + "DisplayName": "KubeNamespace", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretName", + "DisplayName": "KubeSecretName", + "Type": "String", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "KubeSecretType", + "DisplayName": "KubeSecretType", + "Type": "String", + "DependsOn": "", + "DefaultValue": "tls_secret", + "Required": true + }, + { + "Name": "IncludeCertChain", + "DisplayName": "Include Certificate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "true", + "Required": false + }, + { + "Name": "SeparateChain", + "DisplayName": "Separate Chain", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": false + } + ], + "EntryParameters": [], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathType": "", + "StorePathValue": "", + "PrivateKeyAllowed": "Optional", + "JobProperties": [], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden" +} +'@ + + +Write-Host "Completed."