Merge 38d9a1a into 9ef853c

Author: leefine02

.github/workflows/keyfactor-starter-workflow.yml

@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

GCPLoadBalancer/GCPLoadBalancer.csproj

@@ -1,8 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
@@ -14,10 +16,10 @@
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.6.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
-  </ItemGroup>
 
-  <Target Name="PostBuild" AfterTargets="PostBuildEvent">
-    <Exec Command="echo F | xcopy &quot;$(SolutionDir)manifest.json&quot; &quot;$(TargetDir)\manifest.json&quot; /Y" />
-  </Target>
+    <None Update="manifest.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
 
 </Project>

docsource/content.md

@@ -0,0 +1,19 @@
+## Overview
+
+The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores. Inventory, Management-Add, and Management-Remove functions are supported. Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates). The orchestrator uses the Google Cloud Compute Engine API (https://cloud.google.com/compute/docs/reference/rest/v1) to manage stores.
+
+
+## Requirements
+
+A service account is necessary for authentication to GCP.  The following are the required permissions:
+- compute.sslCertificates.create
+- compute.sslCertificates.delete
+- compute.sslCertificates.list
+- compute.sslCertificates.get
+- compute.targetHttpsProxies.list
+- compute.targetHttpsProxies.setSslCertificates
+- compute.regionSslCertificates.list
+
+The orchestrator extension supports having credentials provided by the environment, environment variable, or passed manually from Keyfactor Command.  You can read more about the first two options [here](https://cloud.google.com/docs/authentication/production#automatically).
+
+To pass credentials from Keyfactor Command you need to first create a service account and then download a service account key.  Instructions are [here](https://cloud.google.com/docs/authentication/set-up-adc-local-dev-environment#local-key).  Remember to assign the appropriate role/permissions for the service account.  Afterwards inside Keyfactor Command copy and paste the contents of the service account key in the password field for the GCP Certificate Store Type.

docsource/gcploadbal.md

@@ -0,0 +1 @@
+## Overview

images/image1.png

@@ -7,32 +7,15 @@
   "link_github": true,
   "support_level": "kf-supported",
   "release_dir": "GCPLoadBalancer/bin/Release/netcoreapp3.1",
+  "release_project": "GCPLoadBalancer/GCPLoadBalancer.csproj",
   "description": "The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores.  Inventory, Management-Add, and Management-Remove functions are supported.  Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates).  The orchestrator uses the Google Cloud Compute Engine API (https://cloud.google.com/compute/docs/reference/rest/v1) to manage stores.",
   "about": {
     "orchestrator": {
       "UOFramework": "10.1",
       "keyfactor_platform_version": "9.10",
       "pam_support": false,
-      "win": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": false,
-        "supportsManagementAdd": true,
-        "supportsManagementRemove": true,
-        "supportsReenrollment": false,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "linux": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": false,
-        "supportsManagementAdd": false,
-        "supportsManagementRemove": false,
-        "supportsReenrollment": false,
-        "supportsInventory": false,
-        "platformSupport": "Unused"
-      },
-      "store_types": {
-        "GCPLoadBal": {
+      "store_types": [
+        {
           "Name": "GCP Load Balancer",
           "ShortName": "GCPLoadBal",
           "Capability": "GCPLoadBal",
@@ -58,14 +41,18 @@
               "Name": "jsonKey",
               "DisplayName": "Service Account Key",
               "Required": true,
+              "IsPAMEligible": false,
               "DependsOn": "",
               "Type": "Secret",
-              "DefaultValue": ""
+              "DefaultValue": "",
+              "Description": "If authenticating by passing credentials from Keyfactor Command, this is the JSON-based service account key created from within Google Cloud.  If authenticating via Application Default Credentials (ADC), select No Value"
             }
           ],
+          "ClientMachineDescription": "Not used, but required when creating a store.  Just enter any value.",
+          "StorePathDescription": "Your Google Cloud Project ID only if you choose to use global resources.  Append a forward slash '/' and valid GCP region to process against a specific [GCP region](https://gist.github.com/rpkim/084046e02fd8c452ba6ddef3a61d5d59).",
           "EntryParameters": []
         }
-      }
+      ]
     }
   }
- }
+}