Initial version

.github/workflows/keyfactor-starter-workflow.yml

@@ -0,0 +1,26 @@
+name: Starter Workflow
+on: [workflow_dispatch, push, pull_request]
+
+jobs:
+  call-create-github-release-workflow:
+    uses: Keyfactor/actions/.github/workflows/github-release.yml@main
+
+  call-dotnet-build-and-release-workflow:
+    needs: [call-create-github-release-workflow]
+    uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main
+    with:
+      release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
+      release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
+      release_dir: EXAMPLE_SOLUTION/bin/Release/BUILD_TARGET # TODO: set build output directory to upload as a release, relative to checkout workspace
+    secrets: 
+      token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }}
+
+  call-generate-readme-workflow:
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+    uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
+
+  call-update-catalog-workflow:
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+    uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
+    secrets: 
+      token: ${{ secrets.SDK_SYNC_PAT }}

README.md

@@ -1 +1,158 @@
-# a10vthunder-orchestrator
+# a10vThunder
+
+A10 vThunder AnyAgent allows an organization to inventory and deploy certificates in any domain that the appliance services. The AnyAgent deploys the appropriate files (.cer, .pem) within the defined directories and also performs and Inventory on the Items.
+
+#### Integration status: 
+
+## About the Keyfactor Universal Orchestrator Capability
+
+This repository contains a Universal Orchestrator Capability which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications.
+
+The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Capabilities, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Capability, see below in this readme.
+
+The Universal Orchestrator is the successor to the Windows Orchestrator. This Capability plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator.
+
+---
+
+
+
+
+---
+
+**A10 Networks vThunder Orchestrator**
+
+**Overview**
+
+A10 vThunder AnyAgent allows an organization to inventory and deploy certificates in any domain that the appliance services. The AnyAgent deploys the appropriate files (.cer, .pem) within the defined directories and also performs and Inventory on the Items.
+
+This agent implements three job types – Inventory, Management Add, and Management Remove. Below are the steps necessary to configure this AnyAgent.  It supports adding certificates with or without private keys.
+
+
+**A10 vThunder Configuration**
+
+1. Read up on [A10 Networks ADC](https://a10networks.optrics.com/downloads/datasheets/Thunder-Application-Delivery-Controller-ADC.pdf) and how it works.
+2. A user account is needed with the appropriate permissions on vThunder to manage certificates.
+
+**1. Create the New Certificate Store Type for the A10 vThunder Orchestrator**
+
+In Keyfactor Command create a new Certificate Store Type similar to the one below:
+
+#### STORE TYPE CONFIGURATION
+SETTING TAB  |  CONFIG ELEMENT	| DESCRIPTION
+------|-----------|------------------
+Basic |Name	|Descriptive name for the Store Type.  A10 vThunder can be used.
+Basic |Short Name	|The short name that identifies the registered functionality of the orchestrator. Must be vThunderU
+Basic |Custom Capability|Un checked
+Basic |Job Types	|Inventory, Add, and Remove are the supported job types. 
+Basic |Needs Server	|Must be checked
+Basic |Blueprint Allowed	|checked
+Basic |Requires Store Password	|Determines if a store password is required when configuring an individual store.  This must be unchecked.
+Basic |Supports Entry Password	|Determined if an individual entry within a store can have a password.  This must be unchecked.
+Advanced |Store Path Type| Determines how the user will enter the store path when setting up the cert store.  Freeform
+Advanced |Supports Custom Alias	|Determines if an individual entry within a store can have a custom Alias.  This must be Required
+Advanced |Private Key Handling |Determines how the orchestrator deals with private keys.  Optional
+Advanced |PFX Password Style |Determines password style for the PFX Password. Default
+Custom Fields|protocol|Name:protocol Display Name:Protocol Type:Multiple Choice (http,https) Default Value:https Required:True
+Custom Fields|allowInvalidCert|Name:allowInvalidCert Display Name:Allow Invalid Cert Type:Bool Default Value:false Required:True
+Entry Parameters|N/A| There are no Entry Parameters
+
+**Basic Settings:**
+
+![](Media/Images/CertStoreType-Basic.gif)
+
+**Advanced Settings:**
+
+![](Media/Images/CertStoreType-Advanced.gif)
+
+**Custom Fields:**
+
+![](Media/Images/CertStoreType-CustomFields.gif)
+
+**Entry Params:**
+
+![](Media/Images/CertStoreType-EntryParameters.gif)
+
+**2. Register the A10 vThunder Orchestrator with Keyfactor**
+See Keyfactor InstallingKeyfactorOrchestrators.pdf Documentation.  Get from your Keyfactor contact/representative.
+
+**3. Create a A10 vThunder Certificate Store within Keyfactor Command**
+In Keyfactor Command create a new Certificate Store similar to the one below
+
+![](Media/Images/CertStore1.gif)
+![](Media/Images/CertStore2.gif)
+
+#### STORE CONFIGURATION 
+CONFIG ELEMENT	|DESCRIPTION
+----------------|---------------
+Category	|The type of certificate store to be configured. Select category based on the display name configured above "VThunder Universal".
+Container	|This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store.
+Client Machine	|The url to the vThunder api.  This file should the url and port of the vThunder api sample vThunder.test.com:1113.
+Store Path	|This will be "cert".  This is not used but just hard code it as "cert".
+Allow Invalid Cert|Only used for testing should be false in production.
+Protocol| http is only used for testing should be https in production
+Orchestrator	|This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. 
+Inventory Schedule	|The interval that the system will use to report on what certificates are currently in the store. 
+Use SSL	|This should be checked.
+User	|This is the user name for the vThunder api to access the certficate management functionality.
+Password |This is the password for the vThunder api to access the certficate management functionality.
+
+*** 
+
+#### Usage
+
+**Adding New Certificate New Alias**
+
+![](Media/Images/NewCertNewAlias.gif)
+
+*** 
+
+**Replace Cert With Same Alias**
+
+![](Media/Images/ReplaceCertSameAlias.gif)
+
+*** 
+
+**Add Cert No Private Key**
+
+![](Media/Images/AddPubCert.gif)
+
+*** 
+
+**Replace Cert No Private Key**
+
+![](Media/Images/PubCertReplace.gif)
+
+*** 
+
+**Remove Cert No Private Key**
+
+![](Media/Images/RemovePubCert.gif)
+
+*** 
+
+**Remove Cert and Private Key**
+
+![](Media/Images/RemoveCertAndKey.gif)
+
+*** 
+
+**Certificate Inventory**
+
+![](Media/Images/CertificateInventory.gif)
+
+#### TEST CASES
+Case Number|Case Name|Case Description|Overwrite Flag|Alias Name|Expected Results|Passed
+------------|---------|----------------|--------------|----------|----------------|--------------
+1|Fresh Add With Alias|Will create new certificate and private key on the vThunder appliance|true|KeyAndCertBTest|The new KeyAndCertBTest certificate and private key will be created in the ADC/SSL Cerificates area on vThunder.|True
+1a|Replace Alias with no overwrite flag|Should warn user that a cert cannot be replaced with the same name without overwrite flag|false|KeyAndCertBTest|Error Saying Overwrite Flag Needs To Be Used|True
+1b|Replace Alias with overwrite flag|Will create new certificate and private key on the vThunder appliance|true|KeyAndCertBTest|Cert will be replaced because overwrite flag was used|True
+2|Add Cert Without Private Key|This will create a cert with no private key on vThunder|false|NewCertNoPk|Only Cert will be added to vThunder with no private key|True
+2a|Replace Cert Without Private Key|This will Replace a cert with no private key on vThunder|true|NewCertNoPk|Only Cert will be replaced on vThunder with no private key|True
+2b|Replace Cert Without Private Key no overwrite flag|Should warn user that a cert cannot be replaced with the same name without overwrite flag|false|NewCertNoPk|Error Saying Overwrite Flag Needs To Be Used|True
+3|Remove Certificate and Private Key|Certificate and Private Key Will Be Removed from A10|N/A|KeyAndCertBTest|Cert and Key will be removed from vThunder and Keyfactor Store|True
+3a|Remove Certificate without Private Key|Certificate Will Be Removed from A10|N/A|KeyAndCertBTest|Cert will be removed from vThunder and Keyfactor Store|True
+4|Inventory Certificates with Private Key|Inventory of Certificates with private keys will be pulled from vThunder up to 125 tested|N/A|N/A|125 Certs will be inventoried, more should be supported but there is no paging in the API so limits apply|True
+4a|Inventory Certificates without Private Key|Inventory of Certificates without private keys will be pulled from vThunder up to 125 tested|N/A|N/A|125 Certs will be inventoried, more should be supported but there is no paging in the API so limits apply|True
+
+
+

README.md.tpl

@@ -0,0 +1,96 @@
+# {{ name }}
+## {{ integration_type | capitalize }}
+
+{{ description }}
+
+## {{ status | capitalize }} Ready
+
+<!-- add integration specific information below -->
+*** 
+## **A10 vThunder Configuration**
+
+**Overview**
+
+The A10 vThunder Agent allows a user to inventory certificates and manage (add/remove/replace) certificates from the A10 vThunder platform.
+
+**1) Create the new Certificate store Type for the New A10 vThunder AnyAgent**
+
+In Keyfactor Command create a new Certificate Store Type similar to the one below:
+
+![image.png](/Media/Images/CertStores.gif)
+
+
+- **Name** – Required. The display name of the new Certificate Store Type
+- **Short Name** – Required. MUST be "vThunder"
+
+- **Needs Server, Blueprint Allowed** – checked as shown
+- **Requires Store Password, Supports Entry Password** – unchecked as shown
+- **Supports Custom Alias** – Forbidden. Not used.
+- **Use PowerShell** – Unchecked
+- **Store PathType** – Freeform (user will enter the the location of the store).
+- **Private Keys** – Optional
+- **PFX Password Style** – Default
+- **Job Types** – Inventory, Add and Remove are the 3 job types implemented by this AnyAgent
+
+
+**2) Register the A10 vThunder AnyAgent with Keyfactor**
+
+Open the Keyfactor Windows Agent Configuration Wizard and perform the tasks as illustrated below:
+
+![image.png](/Media/Images/ConfigWizard1.gif)
+
+- Click **<Next>**
+
+![image.png](/Media/Images/ConfigWizard2.gif)
+
+If you have configured the agent service previously, you should be able to skip to just click **<Next>**. Otherwise, enter the service account Username and Password you wish to run the Keyfactor Windows Agent Service under, click **<Update Windows Service Account>** and click **<Next>**.
+
+![image.png](/Media/Images/ConfigWizard3.gif)
+
+If you have configured the agent service previously, you should be able to skip to just re-enter the password to the service account the agent service will run under, click **<Validate Keyfactor Connection>** and then **<Next>**.
+
+![image.png](/Media/Images/ConfigWizard4.gif)
+
+Select the agent you are adding capabilities for (in this case, vThunder, and also select the specific capabilities (Inventory and Management in this example). Click **<Next>**.
+
+![image.png](/Media/Images/ConfigWizard5.gif)
+
+For each AnyAgent implementation, check Load assemblies containing extension modules from other location , browse to the location of the compiled AnyAgent dlls, and click **<Validate Capabilities>**. Once all AnyAgents have been validated, click **<Apply Configuration>**.
+
+![image.png](/Media/Images/ConfigWizard6.gif)
+
+If the Keyfactor Agent Configuration Wizard configured everything correctly, you should see the dialog above.
+
+**3) Create a Cert Store within the Keyfactor Portal**
+
+Navigate to Certificate Locations => Certificate Stores within Keyfactor Command to add an A10 vThunder certificate store. Below are the values that should be entered.
+
+![image.png](/Media/Images/CertStores.gif)
+
+- **Category** – Required. The vThunder category name must be selected
+- **Container** – Optional. Select a container if utilized.
+- **Client Machine** – Required. The server name or IP Address of the A10 vThunder API plus port.  [Azure Test Machine](https://portal.azure.com/#@csspkioutlook.onmicrosoft.com/resource/subscriptions/b3114ff1-bb92-45b6-9bd6-e4a1eed8c91e/resourceGroups/kVThunderA10/providers/Microsoft.Compute/virtualMachines/kVThunderA10/overview) port is :1113 for ssl.
+- **Store Path** – Required.  This will be one of the following based on what you are looking to add to the store.
+1. **[DomainName]\cert** where [DomainName] is the name of the domain in A10 vThunder you are looking to manage and inventory.
+
+2.  **cert** - This will use the default domain in A10 vThunder to manage and inventory **domain** certs
+
+3. **[DomainName]\pubcert** - This will give you the ability to Inventory the Pub Cert Folder on the specified domain where [DomainName] is the name of the domain in A10 vThunder you are looking to inventory.  
+
+4. **pubcert** - This will use the default domain in A10 vThunder to manage and inventory **public certs** certs
+
+### App Config Settings
+Keyfactor.AnyAgent.vThunder.dll.config (Deployed with all AnyAgent Binaries)
+```
+<appSettings>
+    <!--Should be https, made configurable in case needed for dev or whatever-->
+    <add key="Protocol" value="https" />
+    <!--true for debugging/testing on Azure VM since the cert will be invalid at .eastus.cloudapp.azure.com should be false in Production with a valid cert-->
+    <add key="AllowInvalidCerts" value="true" />
+</appSettings>
+```
+
+There are 2 App Config Settings
+1. Protocol should always be **https** in **Production** but you may need to switch to **http** for **Testing** only
+
+2. AllowInvalidCerts should be set to **false** in **Production**.  It is set to **true** in **Dev/Test** since the VM we are testing with a vThunder VM that does not have a valid SSL Certificate on the Azure Platform.

Setup/InstallA10AzureVM.ps1

@@ -0,0 +1,66 @@
+$location = Read-Host 'Enter the location'
+$resourceGroup = Read-Host 'Enter resource group name'
+$storageaccount = Read-Host 'Enter storage account name'
+$vmName = Read-Host 'VM Name'
+$vmSize = Read-Host 'Enter VM size'
+
+#Create new resource group for deployment
+New-AzureRmResourceGroup -Name $resourceGroup -Location $location
+
+#Create storage account
+New-AzureRmStorageAccount -ResourceGroupName $resourceGroup -AccountName $storageaccount -Location $location -SkuName Standard_RAGRS -Kind StorageV2 -AssignIdentity
+
+# Create a subnet configuration
+$mgmtsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name "mgmtSubnet" -AddressPrefix "192.168.1.0/24"
+$data1subnet = New-AzureRmVirtualNetworkSubnetConfig -Name "data1subnet" -AddressPrefix "192.168.2.0/24"
+$data2subnet = New-AzureRmVirtualNetworkSubnetConfig -Name "data2subnet" -AddressPrefix "192.168.3.0/24"
+
+# Create a virtual network
+$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Location $location -Name "TestVnet" -AddressPrefix 192.168.0.0/16 -Subnet $mgmtsubnet,$data1subnet,$data2subnet
+
+# Create a public IP address and specify a DNS name
+$mgmtpip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location $location -AllocationMethod Dynamic -IdleTimeoutInMinutes 4 -Name "myip$(Get-Random)"
+$data1pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location $location -AllocationMethod Dynamic -IdleTimeoutInMinutes 4 -Name "myip$(Get-Random)"
+$data2pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location $location -AllocationMethod Dynamic -IdleTimeoutInMinutes 4 -Name "myip$(Get-Random)"
+
+# Create an inbound network security group rule for port 22
+$nsgRuleSSH = New-AzureRmNetworkSecurityRuleConfig -Name "myNetworkSecurityGroupRuleSSH"  -Protocol "Tcp" -Direction "Inbound" -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22 -Access "Allow"
+# Create an inbound network security group rule for port 80
+$nsgRuleWeb = New-AzureRmNetworkSecurityRuleConfig -Name "myNetworkSecurityGroupRuleWWW"  -Protocol "Tcp" -Direction "Inbound" -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 -Access "Allow"
+
+# Create a network security group
+$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location -Name "myNetworkSecurityGroup" -SecurityRules $nsgRuleSSH,$nsgRuleWeb
+
+# Create a virtual network card and associate with public IP address and NSG
+$mgmtsubnet = $vnet.Subnets | ?{ $_.Name -eq 'mgmtsubnet' }
+$mgmtnic = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroup -Name "mgmtnic" -Location $location -SubnetId $mgmtsubnet.Id -PublicIpAddressId $mgmtpip.Id -NetworkSecurityGroupId $nsg.Id
+
+$data1subnet = $vnet.Subnets | ?{ $_.Name -eq 'data1subnet' }
+$data1nic = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroup -Name "data1nic" -Location $location -SubnetId $data1subnet.Id -PublicIpAddressId $data1pip.Id -NetworkSecurityGroupId $nsg.Id
+
+$data2subnet = $vnet.Subnets | ?{ $_.Name -eq 'data2subnet' }
+$data2nic = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroup -Name "data2nic" -Location $location -SubnetId $data2subnet.Id -PublicIpAddressId $data2pip.Id -NetworkSecurityGroupId $nsg.Id
+
+# Define a credential object
+$name= Read-Host 'Enter Username' 
+$securePassword = Read-Host 'Enter the password' -AsSecureString
+$cred = New-Object System.Management.Automation.PSCredential ($name, $securePassword)
+
+# Start building the VM configuration
+$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize
+
+#Create the rest of configuration 
+$vmConfig = Set-AzureRmVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred
+$vmConfig = Set-AzureRmVMSourceImage -VM $vmConfig -PublisherName "a10networks" -Offer "a10-vthunder-adc" -skus "vthunder_500mbps" -Version "latest"
+$vmConfig = Set-AzureRmVMPlan -Name "vthunder_500mbps" -Product "a10-vthunder-adc" -Publisher "a10networks" -VM $vmconfig
+
+# for bootdiag
+$vmConfig = Set-AzureRmVMBootDiagnostics -VM $vmconfig -Enable -ResourceGroupName $resourceGroup -StorageAccountName $storageaccount
+
+#Attach the NIC that are created
+$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $mgmtnic.Id -Primary 
+$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $data1nic.Id 
+$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $data2nic.Id
+
+#Creating VM with all configuration
+New-AzureRmVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig