Merge 700f1b1 into b0b34a2

Keyfactor · Jan 9, 2025 · 97e2c8b · 97e2c8b
2 parents b0b34a2 + 700f1b1
commit 97e2c8b
Show file tree

Hide file tree

Showing 8 changed files with 412 additions and 156 deletions.
diff --git a/...orkflows/keyfactor-bootstrap-workflow.yml → .../workflows/keyfactor-starter-workflow.yml b/...orkflows/keyfactor-bootstrap-workflow.yml → .../workflows/keyfactor-starter-workflow.yml
@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}
diff --git a/PaloAlto/PaloAlto.csproj b/PaloAlto/PaloAlto.csproj
@@ -1,20 +1,21 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <RootNamespace>Keyfactor.Extensions.Orchestrator.PaloAlto</RootNamespace>
+    <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
     <DebugType>none</DebugType>
     <DebugSymbols>false</DebugSymbols>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Remove="Interfaces\**" />
-    <EmbeddedResource Remove="Interfaces\**" />
-    <None Remove="Interfaces\**" />
+  <ItemGroup>
+    <Compile Remove="Interfaces\**" />
+    <EmbeddedResource Remove="Interfaces\**" />
+    <None Remove="Interfaces\**" />
   </ItemGroup>
 
   <ItemGroup>
@@ -27,7 +28,7 @@
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
     <PackageReference Include="Keyfactor.PKI" Version="3.4.8" />
-    <PackageReference Include="RestSharp" Version="107.2.1" />
+    <PackageReference Include="RestSharp" Version="112.1.0" />
     <PackageReference Include="System.Management.Automation" Version="7.0.5" />
   </ItemGroup>
 

diff --git a/PaloAltoTestConsole/PaloAltoTestConsole.csproj b/PaloAltoTestConsole/PaloAltoTestConsole.csproj
@@ -2,7 +2,10 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
+    <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>

diff --git a/README.md b/README.md
diff --git a/docsource/content.md b/docsource/content.md
diff --git a/docsource/paloalto.md b/docsource/paloalto.md
@@ -0,0 +1 @@
+### Overview
diff --git a/integration-manifest.json b/integration-manifest.json
@@ -6,14 +6,15 @@
   "update_catalog": true,
   "link_github": true,
   "support_level": "kf-supported",
-  "release_dir": "PaloAlto/bin/Release/netcoreapp3.1",
+  "release_project": "PaloAlto/PaloAlto.csproj",
+  "release_dir": "PaloAlto/bin/Release",
   "description": "The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama.  If using Panorama, it will push changes to all the devices from Panorama.  It supports adding certificates with or without private keys.  Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more.",
   "about": {
     "orchestrator": {
-      "UOFramework": "10.1",
-      "keyfactor_platform_version": "9.10",
+      "UOFramework": "10.4",
+      "keyfactor_platform_version": "10.4",
       "pam_support": true,
-      "keyfactor_platform_version": "9.10",
+      "keyfactor_platform_version": "10.4",
       "win": {
         "supportsCreateStore": false,
         "supportsDiscovery": false,
@@ -50,54 +51,68 @@
               "Name": "ServerUsername",
               "DisplayName": "Server Username",
               "Type": "Secret",
-              "DependsOn": null,
-              "DefaultValue": null,
-              "Required": false
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": true,
+              "Description": "Palo Alto or Panorama Api User. (or valid PAM key if the username is stored in a KF Command configured PAM integration)."
             },
             {
               "Name": "ServerPassword",
               "DisplayName": "Server Password",
               "Type": "Secret",
-              "DependsOn": null,
-              "DefaultValue": null,
-              "Required": false
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": true,
+              "Description": "Palo Alto or Panorama Api Password. (or valid PAM key if the username is stored in a KF Command configured PAM integration)."
             },
             {
               "Name": "ServerUseSsl",
               "DisplayName": "Use SSL",
               "Type": "Bool",
-              "DependsOn": null,
+              "DependsOn": "",
               "DefaultValue": "true",
-              "Required": true
+              "Required": true,
+              "IsPAMEligible": false,
+              "Description": "Should be true, http is not supported."
             },
             {
               "Name": "DeviceGroup",
               "DisplayName": "Device Group",
               "Type": "String",
-              "DependsOn": null,
-              "DefaultValue": null,
-              "Required": false
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": false,
+              "Description": "Device Group on Panorama that changes will be pushed to."
             },
             {
               "Name": "InventoryTrustedCerts",
               "DisplayName": "Inventory Trusted Certs",
               "Type": "Bool",
-              "DependsOn": null,
+              "DependsOn": "",
               "DefaultValue": "false",
-              "Required": true
+              "Required": true,
+              "IsPAMEligible": false,
+              "Description": "If false, will not inventory default trusted certs, saves time."
             },
             {
               "Name": "TemplateStack",
               "DisplayName": "Template Stack",
               "Type": "String",
-              "DependsOn": null,
-              "DefaultValue": null,
-              "Required": false
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "IsPAMEligible": false,
+              "Description": "Template stack used for device push of certificates via Template."
             }
           ],
           "EntryParameters": [
 
           ],
+          "ClientMachineDescription": "Either the Panorama or Palo Alto Firewall URI or IP address.",
+          "StorePathDescription": "The Store Path field should be reviewed in the store path explanation section.  It varies depending on configuration.",
           "PasswordOptions": {
             "EntrySupported": false,
             "StoreRequired": false,

diff --git a/readme-src/readme-pam-support.md b/readme-src/readme-pam-support.md