Skip to content

Commit

Permalink
Merge ae0caa0 into 56be023
Browse files Browse the repository at this point in the history
  • Loading branch information
@leefine02
leefine02 authored Jan 29, 2025
2 parents 56be023 + ae0caa0 commit f37a6e5
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 12 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
2.2.1
* Add ServerUsername and ServerPassword to the integration-manifest.json to add both fields to the README documentation.

2.2.0
* Removed the ability to manage certificate/key file combinations uploaded but not yet installed on the Citrix ADC device. This was done due to issues centered around inconsistent naming of uploaded certificate and key files. From this release forward only installed certificate objects will be managed by this orchestrator extension.
* Modify process for renewing certificates to create new certificate/key files instead of deleting/re-adding existing so that no sub second outage occurs
Expand Down
42 changes: 41 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,8 @@ To use the Citrix Netscaler Universal Orchestrator extension, you **must** creat

| Name | Display Name | Description | Type | Default Value/Options | Required |
| ---- | ------------ | ---- | --------------------- | -------- | ----------- |
| ServerUsername | Server Username | The Citrix username (or valid PAM key if the username is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. | Secret | | 🔲 Unchecked |
| ServerPassword | Server Password | The Citrix password (or valid PAM key if the password is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. | Secret | | 🔲 Unchecked |
| linkToIssuer | Link To Issuer | Determines whether an attempt will be made to link the added certificate (via a Management-Add job) to its issuing CA certificate. | Bool | false | 🔲 Unchecked |

The Custom Fields tab should look like this:
Expand Down Expand Up @@ -154,7 +156,7 @@ To use the Citrix Netscaler Universal Orchestrator extension, you **must** creat
| --------- | ----------- | ----------- | ----------- |
| Older than `11.0.0` | | | `net6.0` |
| Between `11.0.0` and `11.5.1` (inclusive) | `net6.0` | | `net6.0` |
| Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `Never` | `net6.0` |
| Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `Disable` | `net6.0` |
| Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `LatestMajor` | `net8.0` |
| `11.6` _and_ newer | `net8.0` | | `net8.0` |

Expand All @@ -179,6 +181,12 @@ To use the Citrix Netscaler Universal Orchestrator extension, you **must** creat
Refer to [Starting/Restarting the Universal Orchestrator service](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/StarttheService.htm).
6. **(optional) PAM Integration**
The Citrix Netscaler Universal Orchestrator extension is compatible with all supported Keyfactor PAM extensions to resolve PAM-eligible secrets. PAM extensions running on Universal Orchestrators enable secure retrieval of secrets from a connected PAM provider.
To configure a PAM provider, [reference the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) to select an extension, and follow the associated instructions to install it on the Universal Orchestrator (remote).
> The above installation steps can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions).
Expand Down Expand Up @@ -212,11 +220,28 @@ An optional config.json configuration file has been provided in the extensions f
| Client Machine | The DNS or IP Address of the Citrix ADC Appliance. |
| Store Path | The path where certificate files are located on the Citrix ADC appliance. This value will likely be /nsconfig/ssl/ |
| Orchestrator | Select an approved orchestrator capable of managing `CitrixAdc` certificates. Specifically, one with the `CitrixAdc` capability. |
| ServerUsername | The Citrix username (or valid PAM key if the username is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
| ServerPassword | The Citrix password (or valid PAM key if the password is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
| linkToIssuer | Determines whether an attempt will be made to link the added certificate (via a Management-Add job) to its issuing CA certificate. |
<details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
| Attribute | Description |
| --------- | ----------- |
| ServerUsername | The Citrix username (or valid PAM key if the username is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
| ServerPassword | The Citrix password (or valid PAM key if the password is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side.
> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
</details>
</details>
* **Using kfutil**
Expand All @@ -238,11 +263,26 @@ An optional config.json configuration file has been provided in the extensions f
| Client Machine | The DNS or IP Address of the Citrix ADC Appliance. |
| Store Path | The path where certificate files are located on the Citrix ADC appliance. This value will likely be /nsconfig/ssl/ |
| Orchestrator | Select an approved orchestrator capable of managing `CitrixAdc` certificates. Specifically, one with the `CitrixAdc` capability. |
| ServerUsername | The Citrix username (or valid PAM key if the username is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
| ServerPassword | The Citrix password (or valid PAM key if the password is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
| linkToIssuer | Determines whether an attempt will be made to link the added certificate (via a Management-Add job) to its issuing CA certificate. |
<details><summary>Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator</summary>
If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_.
| Attribute | Description |
| --------- | ----------- |
| ServerUsername | The Citrix username (or valid PAM key if the username is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
| ServerPassword | The Citrix password (or valid PAM key if the password is stored in a KF Command configured PAM integration) to be used to log into the Citrix device. |
> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself.
</details>
3. **Import the CSV file to create the certificate stores**
```shell
Expand Down
42 changes: 31 additions & 11 deletions integration-manifest.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,17 +36,37 @@
"StoreRequired": false,
"Style": "Default"
},
"Properties": [
{
"Name": "linkToIssuer",
"DisplayName": "Link To Issuer",
"Type": "Bool",
"DependsOn": "",
"DefaultValue": "false",
"Required": false,
"Description": "Determines whether an attempt will be made to link the added certificate (via a Management-Add job) to its issuing CA certificate."
}
],
"Properties": [
{
"Name": "ServerUsername",
"DisplayName": "Server Username",
"Type": "Secret",
"DependsOn": "",
"DefaultValue": "",
"Required": false,
"IsPAMEligible": true,
"Description": "The Citrix username (or valid PAM key if the username is stored in a KF Command configured PAM integration) to be used to log into the Citrix device."
},
{
"Name": "ServerPassword",
"DisplayName": "Server Password",
"Type": "Secret",
"DependsOn": "",
"DefaultValue": "",
"Required": false,
"IsPAMEligible": true,
"Description": "The Citrix password (or valid PAM key if the password is stored in a KF Command configured PAM integration) to be used to log into the Citrix device."
},
{
"Name": "linkToIssuer",
"DisplayName": "Link To Issuer",
"Type": "Bool",
"DependsOn": "",
"DefaultValue": "false",
"Required": false,
"Description": "Determines whether an attempt will be made to link the added certificate (via a Management-Add job) to its issuing CA certificate."
}
],
"EntryParameters": [
{
"Name": "virtualServerName",
Expand Down

0 comments on commit f37a6e5

Please sign in to comment.