Skip to content

Commit f867239

Browse files
author
Lee Fine
committed
1 parent df0170a commit f867239

File tree

3 files changed

+77
-0
lines changed

3 files changed

+77
-0
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
v2.12.0
2+
- Added config.json setting and its override store level custom field - AllowShellCommands. If "N" (default "Y"), SFTP will be used to create stores and move files on Linux-based certificate store servers. No Linux shell commands will be used in the integration. Limitations when running in this mode exist:
3+
- config.json/custom field values SeparateUploadFilePath, DefaultLinuxPermissionsOnStoreCreation, DefaultOwnerOnStoreCreation, LinuxFilePermissionsOnStoreCreation, and LinuxFileOwnerOnStoreCreation cannot be used and will be ignored
4+
- rare issue where a certificate store user id having an expired password causes the orchestrator to hang when attempting an SFTP/SCP connection will NOT be able to be caught and handled
5+
16
v2.11.4
27
- Bug Fix: Handle condition where a certificate store definition that contains an invalid value for `FileTransferProtocol`
38
would return empty inventory. If no value is set or an invalid value is set, the default value of `Both` will be used

docsource/content.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,24 @@ For agent mode (accessing stores on the same server where Universal Orchestrator
174174
- `Store Type` + `Client Machine` + `Store Path` must be unique in Keyfactor Command
175175
- Best practice: Use the full DNS or IP Address to the left of the `|` character
176176

177+
178+
## Use Shell Commands Setting
179+
180+
The Use Shell Commands Setting (orchestrator level in config.json and per store override of this value as a custom field value)
181+
determines whether or not Linux shell commands will be used when managing certificate stores on Linux-based servers.
182+
This is useful for environments where shell access is limited or even not allowed. Keep in mind that the following
183+
restrictions will be in place when using RemoteFile in this mode:
184+
1. The config.json and custom field options SeparateUploadFilePath, DefaultLinuxPermissionsOnStoreCreation, DefaultOwnerOnStoreCreation,
185+
LinuxFilePermissionsOnStoreCreation, and LinuxFileOwnerOnStoreCreation are not supported and will be ignored. As a result, file
186+
permissions and ownership when creating a certificate store or adding a certificate to an existing store will be based
187+
on the user assigned to the Command certificate store and other Linux environmental settings.
188+
2. A rare issue exists where a certificate store user id having an expired password causes the orchestrator to hang when attempting an
189+
SFTP/SCP connection. A modification was added to check for this condition. Running RemoteFile with Use Shell Commands = N will
190+
cause this validation check to NOT occur.
191+
3. Both RFORA and RFKDB use proprietary CLI commands in order to manage their respective certificate stores. These commands
192+
will still be executed when Use Shell Commands is set to Y.
193+
194+
177195
## Developer Notes
178196

179197
The Remote File Orchestrator Extension is designed to be highly extensible, enabling its use with various file-based

integration-manifest.json

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,15 @@
123123
"Type": "String",
124124
"DefaultValue": "",
125125
"Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
126+
},
127+
{
128+
"Name": "UseShellCommands",
129+
"DisplayName": "Use Shell Commands",
130+
"Required": false,
131+
"DependsOn": "",
132+
"Type": "Bool",
133+
"DefaultValue": "Y",
134+
"Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
126135
}
127136
],
128137
"EntryParameters": [],
@@ -273,6 +282,15 @@
273282
"Type": "String",
274283
"DefaultValue": "",
275284
"Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
285+
},
286+
{
287+
"Name": "UseShellCommands",
288+
"DisplayName": "Use Shell Commands",
289+
"Required": false,
290+
"DependsOn": "",
291+
"Type": "Bool",
292+
"DefaultValue": "Y",
293+
"Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
276294
}
277295
],
278296
"EntryParameters": [],
@@ -387,6 +405,15 @@
387405
"Type": "String",
388406
"DefaultValue": "",
389407
"Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
408+
},
409+
{
410+
"Name": "UseShellCommands",
411+
"DisplayName": "Use Shell Commands",
412+
"Required": false,
413+
"DependsOn": "",
414+
"Type": "Bool",
415+
"DefaultValue": "Y",
416+
"Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
390417
}
391418
],
392419
"EntryParameters": [],
@@ -510,6 +537,15 @@
510537
"Type": "String",
511538
"DefaultValue": "",
512539
"Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
540+
},
541+
{
542+
"Name": "UseShellCommands",
543+
"DisplayName": "Use Shell Commands",
544+
"Required": false,
545+
"DependsOn": "",
546+
"Type": "Bool",
547+
"DefaultValue": "Y",
548+
"Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
513549
}
514550
],
515551
"EntryParameters": [],
@@ -624,6 +660,15 @@
624660
"Type": "String",
625661
"DefaultValue": "",
626662
"Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
663+
},
664+
{
665+
"Name": "UseShellCommands",
666+
"DisplayName": "Use Shell Commands",
667+
"Required": false,
668+
"DependsOn": "",
669+
"Type": "Bool",
670+
"DefaultValue": "Y",
671+
"Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
627672
}
628673
],
629674
"EntryParameters": [],
@@ -747,6 +792,15 @@
747792
"Type": "String",
748793
"DefaultValue": "",
749794
"Description": "Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting."
795+
},
796+
{
797+
"Name": "UseShellCommands",
798+
"DisplayName": "Use Shell Commands",
799+
"Required": false,
800+
"DependsOn": "",
801+
"Type": "Bool",
802+
"DefaultValue": "Y",
803+
"Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)"
750804
}
751805
],
752806
"EntryParameters": [],

0 commit comments

Comments
 (0)