merge 1.1.2 to main

Author: Michael Henderson

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# See GitHub's documentation for more information on this file:
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/keyfactor-merge-store-types.yml

@@ -0,0 +1,115 @@
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+.PHONY: all
+all: build
+
+# Required environemnt variables for the project
+ENV_VARS := AZURE_TENANT_ID AZURE_CLIENT_SECRET AZURE_CLIENT_ID AZURE_APP_GATEWAY_RESOURCE_ID
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Development
+
+.PHONY: reset
+reset: ## Reset the environment
+	@echo "Resetting..."
+	@rm -rf test.env
+	@rm -rf .env
+
+.PHONY: setup
+setup: ## Setup the environment for development
+	@if [ ! -f .test.env ]; then \
+		echo "Creating .test.env file..."; \
+		> .env; \
+		for var in $(ENV_VARS); do \
+			echo -n "Enter value for $$var: "; \
+			read value; \
+			echo "export $$var=$$value" >> .test.env; \
+		done; \
+		echo ".test.env file created with input values."; \
+	fi
+	@if [ ! -f .env ]; then \
+		echo "PROJECT_ROOT=$$(pwd)" >> .env; \
+		echo "Select a project to target:"; \
+		PS3="Enter your choice: "; \
+		select opt in $$(ls */*.csproj); do \
+			if [ -n "$$opt" ]; then \
+				echo "You have selected $$opt"; \
+				echo "PROJECT_FILE=$$opt" >> .env; \
+				break; \
+			else \
+				echo "Invalid selection. Please try again."; \
+			fi; \
+		done; \
+		echo "PROJECT_NAME=$$(basename $$(dirname $$(grep PROJECT_FILE .env | cut -d '=' -f 2)))" >> .env; \
+	fi
+
+.PHONY: newtest
+newtest: setup ## Create a new test project
+	@source .env; \
+	testProjectName="$$PROJECT_NAME".Tests; \
+	echo "Creating new xUnit project called $$testProjectName"; \
+	dotnet new xunit -o $$testProjectName; \
+	dotnet sln add $$testProjectName/$$testProjectName.csproj; \
+	dotnet add $$testProjectName reference $$PROJECT_FILE;
+
+.PHONY: installpackage
+installpackage: ## Install a package to the project
+	@source .env; \
+	echo "Select a project to install the package into"; \
+	PS3="Selection: "; \
+	select opt in $$(ls */*.csproj); do \
+		if [ -n "$$opt" ]; then \
+			echo "You have selected $$opt"; \
+			break; \
+		else \
+			echo "Invalid selection. Please try again."; \
+		fi; \
+	done; \
+	echo "Enter the package name to install: "; \
+	read packageName; \
+	echo "Installing $$packageName to $$opt"; \
+	dotnet add $$opt package $$packageName;
+
+.PHONY: testall
+testall: ## Run all tests.
+	@source .env; \
+	source .test.env; \
+	dotnet test
+
+.PHONY: test
+test: ## Run a single test.
+	@source .env; \
+	source .test.env; \
+	dotnet test --no-restore --list-tests | \
+	grep -A 1000 "The following Tests are available:" | \
+	awk 'NR>1' | \
+	cut -d ' ' -f 5- | \
+	sed 's/(.*//i' | \
+	sort | uniq | \
+	fzf | \
+	xargs -I {} dotnet test --filter {} --logger "console;verbosity=detailed"
+
+##@ Build
+
+.PHONY: build
+build: ## Build the test project
+	dotnet build 

Makefile

@@ -11,7 +11,7 @@
     </ItemGroup>
 
     <ItemGroup>
-      <PackageReference Include="Moq" Version="4.18.4" />
+      <PackageReference Include="Moq" Version="4.20.70" />
     </ItemGroup>
 
 </Project>

TestConsole/TestConsole.csproj

@@ -0,0 +1,37 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >=2.30 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.30.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_cluster_role_binding.example](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
+| [kubernetes_namespace.keyfactor_command](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.test](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_secret.admin_user_token](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_service_account.admin_user](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+| [kubernetes_namespace.dashboard](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_admin_user_token"></a> [admin\_user\_token](#output\_admin\_user\_token) | n/a |

TestConsole/tests.json

@@ -0,0 +1,26 @@
+.DEFAULT_GOAL := help
+
+##@ Utility
+help:  ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+deps: ## Install deps for macos
+	@brew install pre-commit tflint terraform terraform-docs
+
+docs: ## Run terraform-docs to update module docs.
+	@terraform-docs markdown . > MODULE.MD
+	@terraform-docs markdown table --output-file README.md --output-mode inject .
+
+lint: ## Run tflint
+	@tflint
+
+validate: ## Run terraform validate
+	@terraform init --upgrade
+	@terraform validate
+
+precommit/add: ## Install pre-commit hook
+	@pre-commit install
+
+precommit/remove: ## Uninstall pre-commit hook
+	@pre-commit uninstall
+

TestConsole/tests.yml

@@ -0,0 +1,73 @@
+# Docker Desktop Kubernetes Cluster
+This is a quick guide on how to setup a Kubernetes cluster using Docker Desktop that can be used for development purposes,
+and testing the Keyfactor Command Kubernetes Universal Orchestrator extension.
+
+## Prerequisites
+- [Docker Desktop](https://www.docker.com/products/docker-desktop)
+- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+- [helm](https://helm.sh/docs/intro/install/)
+- [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli)
+
+## Kubernetes Setup
+1. Enable Kubernetes in Docker Desktop
+    - Open Docker Desktop
+    - Click on the Docker icon in the system tray
+    - Click on `Settings`
+    - Click on `Kubernetes`
+    - Check the box for `Enable Kubernetes`
+    - Click `Apply & Restart`
+2. Configure kubectl to use the Docker Desktop Kubernetes cluster
+    - Run the following command in a terminal
+    ```shell
+    kubectl config use-context docker-desktop
+    ```
+3. Run the `setup_dashboard.sh` script to install the Kubernetes dashboard
+    ```shell
+    ./setup_dashboard.sh
+    ```
+4. Run the terraform code to create the necessary resources
+    ```shell
+    terraform init
+    terraform apply
+    ```
+Now the cluster is ready to be used for development and testing purposes.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >=2.30 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.30.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_cluster_role_binding.example](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
+| [kubernetes_namespace.keyfactor_command](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.test](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_secret.admin_user_token](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_service_account.admin_user](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+| [kubernetes_namespace.dashboard](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_admin_user_token"></a> [admin\_user\_token](#output\_admin\_user\_token) | n/a |
+<!-- END_TF_DOCS -->

dev_k8s_cluster/MODULE.MD

@@ -0,0 +1,10 @@
+client_machine_name="container_uo-11-4"
+kubeconfig_file="keyfactor-orchestrator-sa-context.json"
+
+kfc_ca_domain="DC-CA.Command.local"
+kfc_ca_name="CommandCA"
+webserver_template="2YearTestWebServer"
+
+kube_namespace="keyfactor-command"
+kube_tlssecr_name="tls-deployment"
+kube_cluster_name="docker-desktop"

dev_k8s_cluster/Makefile

@@ -0,0 +1,44 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_keyfactor"></a> [keyfactor](#requirement\_keyfactor) | >=2.1.11 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_keyfactor"></a> [keyfactor](#provider\_keyfactor) | 2.1.11 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [keyfactor_certificate.pfx_enrollment_01](https://registry.terraform.io/providers/keyfactor-pub/keyfactor/latest/docs/resources/certificate) | resource |
+| [keyfactor_certificate_deployment.k8stlssecr](https://registry.terraform.io/providers/keyfactor-pub/keyfactor/latest/docs/resources/certificate_deployment) | resource |
+| [keyfactor_certificate_store.tls_store](https://registry.terraform.io/providers/keyfactor-pub/keyfactor/latest/docs/resources/certificate_store) | resource |
+| [keyfactor_agent.k8s](https://registry.terraform.io/providers/keyfactor-pub/keyfactor/latest/docs/data-sources/agent) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_client_machine_name"></a> [client\_machine\_name](#input\_client\_machine\_name) | Name of the client machine name of the Keyfactor Command Universal Orchestrator to use. | `string` | n/a | yes |
+| <a name="input_default_ca_domain"></a> [default\_ca\_domain](#input\_default\_ca\_domain) | The default certificate authority domain to use in certificate generation | `string` | `"DC-CA.Command.local"` | no |
+| <a name="input_default_cert_ca"></a> [default\_cert\_ca](#input\_default\_cert\_ca) | The default certificate authority to use in certificate generation | `string` | `"CommandCA1"` | no |
+| <a name="input_kfc_ca_domain"></a> [kfc\_ca\_domain](#input\_kfc\_ca\_domain) | The default CA domain to use for the certificate | `string` | `"Keyfactor"` | no |
+| <a name="input_kfc_ca_name"></a> [kfc\_ca\_name](#input\_kfc\_ca\_name) | The name of the certificate authority to use for the Keyfactor Command certificate enrollments. | `string` | `"CommandCA"` | no |
+| <a name="input_kube_cluster_name"></a> [kube\_cluster\_name](#input\_kube\_cluster\_name) | The name of the Kubernetes cluster to use | `string` | `"dev-cluster"` | no |
+| <a name="input_kube_namespace"></a> [kube\_namespace](#input\_kube\_namespace) | Kubernetes namespace to store the certificate in | `string` | `"default"` | no |
+| <a name="input_kube_tlssecr_name"></a> [kube\_tlssecr\_name](#input\_kube\_tlssecr\_name) | The name of the Kubernetes TLS secret for the Keyfactor Command `k8s-orchestrator` extension to manage | `string` | `"kfc-k8stlssecr-deployment"` | no |
+| <a name="input_kubeconfig_file"></a> [kubeconfig\_file](#input\_kubeconfig\_file) | Path to the kubeconfig file | `string` | `"~/.kube/config"` | no |
+| <a name="input_webserver_template"></a> [webserver\_template](#input\_webserver\_template) | The webserver template to use in certificate generation | `string` | `"2YearTestWebServer"` | no |
+
+## Outputs
+
+No outputs.

dev_k8s_cluster/README.md

@@ -0,0 +1,26 @@
+.DEFAULT_GOAL := help
+
+##@ Utility
+help:  ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+deps: ## Install deps for macos
+	@brew install pre-commit tflint terraform terraform-docs
+
+docs: ## Run terraform-docs to update module docs.
+	@terraform-docs markdown . > MODULE.MD
+	@terraform-docs markdown table --output-file README.md --output-mode inject .
+
+lint: ## Run tflint
+	@tflint
+
+validate: ## Run terraform validate
+	@terraform init --upgrade
+	@terraform validate
+
+precommit/add: ## Install pre-commit hook
+	@pre-commit install
+
+precommit/remove: ## Uninstall pre-commit hook
+	@pre-commit uninstall
+