diff --git a/CHANGELOG.md b/CHANGELOG.md index 21f10966..41759cdb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +v4.0.0 +- Added ability to run post job commands for Management-Add and ODKG jobs. +- Added "+" as an allowed character for store paths and file names +- Bug Fix: Issue adding certificates without private keys introduced in 3.0.0 +- Bug Fix: Issue creating stores on a Linux UO in agent mode (client machine value ending in |LocalMachine) +- Bug Fix: Logging issue with RFORA + v3.0.0 - Added support for post quantum ML-DSA certificates for store types RFPEM, RFJKS, RFPkcs12, and RFDER - Added support for On Device Key Generation (ODKG) diff --git a/README.md b/README.md index 00c79c21..f4639270 100644 --- a/README.md +++ b/README.md @@ -284,6 +284,7 @@ the Keyfactor Command Portal | IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked | | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked | | UseShellCommands | Use Shell Commands | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | Bool | True | 🔲 Unchecked | + | PostJobApplicationRestart | Post Job Application Restart | Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. | MultipleChoice | Apache Tomcat Restart,Jetty Restart | 🔲 Unchecked | The Custom Fields tab should look like this: @@ -314,6 +315,7 @@ the Keyfactor Command Portal The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. ![RFJKS Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png) + ![RFJKS Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png) @@ -321,6 +323,7 @@ the Keyfactor Command Portal The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. ![RFJKS Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png) + ![RFJKS Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png) @@ -328,6 +331,7 @@ the Keyfactor Command Portal The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. ![RFJKS Custom Field - SudoImpersonatingUser](docsource/images/RFJKS-custom-field-SudoImpersonatingUser-dialog.png) + ![RFJKS Custom Field - SudoImpersonatingUser](docsource/images/RFJKS-custom-field-SudoImpersonatingUser-validation-options-dialog.png) @@ -335,6 +339,7 @@ the Keyfactor Command Portal Remove root certificate from chain when adding/renewing a certificate in a store. ![RFJKS Custom Field - RemoveRootCertificate](docsource/images/RFJKS-custom-field-RemoveRootCertificate-dialog.png) + ![RFJKS Custom Field - RemoveRootCertificate](docsource/images/RFJKS-custom-field-RemoveRootCertificate-validation-options-dialog.png) @@ -342,6 +347,7 @@ the Keyfactor Command Portal Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. ![RFJKS Custom Field - IncludePortInSPN](docsource/images/RFJKS-custom-field-IncludePortInSPN-dialog.png) + ![RFJKS Custom Field - IncludePortInSPN](docsource/images/RFJKS-custom-field-IncludePortInSPN-validation-options-dialog.png) @@ -349,6 +355,7 @@ the Keyfactor Command Portal Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. ![RFJKS Custom Field - SSHPort](docsource/images/RFJKS-custom-field-SSHPort-dialog.png) + ![RFJKS Custom Field - SSHPort](docsource/images/RFJKS-custom-field-SSHPort-validation-options-dialog.png) @@ -356,6 +363,15 @@ the Keyfactor Command Portal Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) ![RFJKS Custom Field - UseShellCommands](docsource/images/RFJKS-custom-field-UseShellCommands-dialog.png) + ![RFJKS Custom Field - UseShellCommands](docsource/images/RFJKS-custom-field-UseShellCommands-validation-options-dialog.png) + + + + ###### Post Job Application Restart + Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. + + ![RFJKS Custom Field - PostJobApplicationRestart](docsource/images/RFJKS-custom-field-PostJobApplicationRestart-dialog.png) + ![RFJKS Custom Field - PostJobApplicationRestart](docsource/images/RFJKS-custom-field-PostJobApplicationRestart-validation-options-dialog.png) @@ -479,6 +495,7 @@ the Keyfactor Command Portal | IncludePortInSPN | Include Port in SPN for WinRM | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | Bool | False | 🔲 Unchecked | | SSHPort | SSH Port | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | String | | 🔲 Unchecked | | UseShellCommands | Use Shell Commands | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | Bool | True | 🔲 Unchecked | + | PostJobApplicationRestart | Post Job Application Restart | Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. | MultipleChoice | Apache HTTPD Restart,NGNIX Restart,HAProxy Restart,Envoy Proxy Restart | 🔲 Unchecked | The Custom Fields tab should look like this: @@ -509,6 +526,7 @@ the Keyfactor Command Portal The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. ![RFPEM Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png) + ![RFPEM Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png) @@ -516,6 +534,7 @@ the Keyfactor Command Portal The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. ![RFPEM Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png) + ![RFPEM Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png) @@ -523,6 +542,7 @@ the Keyfactor Command Portal The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting.. ![RFPEM Custom Field - SudoImpersonatingUser](docsource/images/RFPEM-custom-field-SudoImpersonatingUser-dialog.png) + ![RFPEM Custom Field - SudoImpersonatingUser](docsource/images/RFPEM-custom-field-SudoImpersonatingUser-validation-options-dialog.png) @@ -530,6 +550,7 @@ the Keyfactor Command Portal The IsTrustStore field should contain a boolean value ('true' or 'false') indicating whether the store will be identified as a trust store, which can hold multiple certificates without private keys. Example: 'true' for a trust store or 'false' for a store with a single certificate and private key. ![RFPEM Custom Field - IsTrustStore](docsource/images/RFPEM-custom-field-IsTrustStore-dialog.png) + ![RFPEM Custom Field - IsTrustStore](docsource/images/RFPEM-custom-field-IsTrustStore-validation-options-dialog.png) @@ -537,6 +558,7 @@ the Keyfactor Command Portal The IncludesChain field should contain a boolean value ('true' or 'false') indicating whether the certificate store includes the full certificate chain along with the end entity certificate. Example: 'true' to include the full chain or 'false' to exclude it. ![RFPEM Custom Field - IncludesChain](docsource/images/RFPEM-custom-field-IncludesChain-dialog.png) + ![RFPEM Custom Field - IncludesChain](docsource/images/RFPEM-custom-field-IncludesChain-validation-options-dialog.png) @@ -544,6 +566,7 @@ the Keyfactor Command Portal The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.pem'. ![RFPEM Custom Field - SeparatePrivateKeyFilePath](docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-dialog.png) + ![RFPEM Custom Field - SeparatePrivateKeyFilePath](docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png) @@ -551,6 +574,7 @@ the Keyfactor Command Portal The IgnorePrivateKeyOnInventory field should contain a boolean value ('true' or 'false') indicating whether to disregard the private key during inventory. Setting this to 'true' will allow inventory for the store without needing to supply the location of the private key or the password if the key is encrypted. However, doing this makes the store in effect inventory-only and no management jobs will be able to be run for this store. Example: 'true' to ignore the private key or 'false' to include it. ![RFPEM Custom Field - IgnorePrivateKeyOnInventory](docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-dialog.png) + ![RFPEM Custom Field - IgnorePrivateKeyOnInventory](docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-validation-options-dialog.png) @@ -558,6 +582,7 @@ the Keyfactor Command Portal Remove root certificate from chain when adding/renewing a certificate in a store. ![RFPEM Custom Field - RemoveRootCertificate](docsource/images/RFPEM-custom-field-RemoveRootCertificate-dialog.png) + ![RFPEM Custom Field - RemoveRootCertificate](docsource/images/RFPEM-custom-field-RemoveRootCertificate-validation-options-dialog.png) @@ -565,6 +590,7 @@ the Keyfactor Command Portal Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. ![RFPEM Custom Field - IncludePortInSPN](docsource/images/RFPEM-custom-field-IncludePortInSPN-dialog.png) + ![RFPEM Custom Field - IncludePortInSPN](docsource/images/RFPEM-custom-field-IncludePortInSPN-validation-options-dialog.png) @@ -572,6 +598,7 @@ the Keyfactor Command Portal Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. ![RFPEM Custom Field - SSHPort](docsource/images/RFPEM-custom-field-SSHPort-dialog.png) + ![RFPEM Custom Field - SSHPort](docsource/images/RFPEM-custom-field-SSHPort-validation-options-dialog.png) @@ -579,6 +606,15 @@ the Keyfactor Command Portal Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) ![RFPEM Custom Field - UseShellCommands](docsource/images/RFPEM-custom-field-UseShellCommands-dialog.png) + ![RFPEM Custom Field - UseShellCommands](docsource/images/RFPEM-custom-field-UseShellCommands-validation-options-dialog.png) + + + + ###### Post Job Application Restart + Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. + + ![RFPEM Custom Field - PostJobApplicationRestart](docsource/images/RFPEM-custom-field-PostJobApplicationRestart-dialog.png) + ![RFPEM Custom Field - PostJobApplicationRestart](docsource/images/RFPEM-custom-field-PostJobApplicationRestart-validation-options-dialog.png) @@ -726,6 +762,7 @@ the Keyfactor Command Portal The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. ![RFPkcs12 Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png) + ![RFPkcs12 Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png) @@ -733,6 +770,7 @@ the Keyfactor Command Portal The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. ![RFPkcs12 Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png) + ![RFPkcs12 Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png) @@ -740,6 +778,7 @@ the Keyfactor Command Portal The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides DefaultSudoImpersonatedUser [config.json](#post-installation) setting. ![RFPkcs12 Custom Field - SudoImpersonatingUser](docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-dialog.png) + ![RFPkcs12 Custom Field - SudoImpersonatingUser](docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-validation-options-dialog.png) @@ -747,6 +786,7 @@ the Keyfactor Command Portal Remove root certificate from chain when adding/renewing a certificate in a store. ![RFPkcs12 Custom Field - RemoveRootCertificate](docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-dialog.png) + ![RFPkcs12 Custom Field - RemoveRootCertificate](docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-validation-options-dialog.png) @@ -754,6 +794,7 @@ the Keyfactor Command Portal Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. ![RFPkcs12 Custom Field - IncludePortInSPN](docsource/images/RFPkcs12-custom-field-IncludePortInSPN-dialog.png) + ![RFPkcs12 Custom Field - IncludePortInSPN](docsource/images/RFPkcs12-custom-field-IncludePortInSPN-validation-options-dialog.png) @@ -761,6 +802,7 @@ the Keyfactor Command Portal Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. ![RFPkcs12 Custom Field - SSHPort](docsource/images/RFPkcs12-custom-field-SSHPort-dialog.png) + ![RFPkcs12 Custom Field - SSHPort](docsource/images/RFPkcs12-custom-field-SSHPort-validation-options-dialog.png) @@ -768,6 +810,7 @@ the Keyfactor Command Portal Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) ![RFPkcs12 Custom Field - UseShellCommands](docsource/images/RFPkcs12-custom-field-UseShellCommands-dialog.png) + ![RFPkcs12 Custom Field - UseShellCommands](docsource/images/RFPkcs12-custom-field-UseShellCommands-validation-options-dialog.png) @@ -910,6 +953,7 @@ the Keyfactor Command Portal The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. ![RFDER Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png) + ![RFDER Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png) @@ -917,6 +961,7 @@ the Keyfactor Command Portal The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. ![RFDER Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png) + ![RFDER Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png) @@ -924,6 +969,7 @@ the Keyfactor Command Portal The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. ![RFDER Custom Field - SudoImpersonatingUser](docsource/images/RFDER-custom-field-SudoImpersonatingUser-dialog.png) + ![RFDER Custom Field - SudoImpersonatingUser](docsource/images/RFDER-custom-field-SudoImpersonatingUser-validation-options-dialog.png) @@ -931,6 +977,7 @@ the Keyfactor Command Portal The SeparatePrivateKeyFilePath field should contain the full path and file name where the separate private key file will be stored if it is to be kept outside the main certificate file. Example: '/path/to/privatekey.der'. ![RFDER Custom Field - SeparatePrivateKeyFilePath](docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-dialog.png) + ![RFDER Custom Field - SeparatePrivateKeyFilePath](docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png) @@ -938,6 +985,7 @@ the Keyfactor Command Portal Remove root certificate from chain when adding/renewing a certificate in a store. ![RFDER Custom Field - RemoveRootCertificate](docsource/images/RFDER-custom-field-RemoveRootCertificate-dialog.png) + ![RFDER Custom Field - RemoveRootCertificate](docsource/images/RFDER-custom-field-RemoveRootCertificate-validation-options-dialog.png) @@ -945,6 +993,7 @@ the Keyfactor Command Portal Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. ![RFDER Custom Field - IncludePortInSPN](docsource/images/RFDER-custom-field-IncludePortInSPN-dialog.png) + ![RFDER Custom Field - IncludePortInSPN](docsource/images/RFDER-custom-field-IncludePortInSPN-validation-options-dialog.png) @@ -952,6 +1001,7 @@ the Keyfactor Command Portal Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. ![RFDER Custom Field - SSHPort](docsource/images/RFDER-custom-field-SSHPort-dialog.png) + ![RFDER Custom Field - SSHPort](docsource/images/RFDER-custom-field-SSHPort-validation-options-dialog.png) @@ -959,6 +1009,7 @@ the Keyfactor Command Portal Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) ![RFDER Custom Field - UseShellCommands](docsource/images/RFDER-custom-field-UseShellCommands-dialog.png) + ![RFDER Custom Field - UseShellCommands](docsource/images/RFDER-custom-field-UseShellCommands-validation-options-dialog.png) @@ -1103,6 +1154,7 @@ the Keyfactor Command Portal The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. ![RFKDB Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png) + ![RFKDB Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png) @@ -1110,6 +1162,7 @@ the Keyfactor Command Portal The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. ![RFKDB Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png) + ![RFKDB Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png) @@ -1117,6 +1170,7 @@ the Keyfactor Command Portal The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. ![RFKDB Custom Field - SudoImpersonatingUser](docsource/images/RFKDB-custom-field-SudoImpersonatingUser-dialog.png) + ![RFKDB Custom Field - SudoImpersonatingUser](docsource/images/RFKDB-custom-field-SudoImpersonatingUser-validation-options-dialog.png) @@ -1124,6 +1178,7 @@ the Keyfactor Command Portal Remove root certificate from chain when adding/renewing a certificate in a store. ![RFKDB Custom Field - RemoveRootCertificate](docsource/images/RFKDB-custom-field-RemoveRootCertificate-dialog.png) + ![RFKDB Custom Field - RemoveRootCertificate](docsource/images/RFKDB-custom-field-RemoveRootCertificate-validation-options-dialog.png) @@ -1131,6 +1186,7 @@ the Keyfactor Command Portal Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. ![RFKDB Custom Field - IncludePortInSPN](docsource/images/RFKDB-custom-field-IncludePortInSPN-dialog.png) + ![RFKDB Custom Field - IncludePortInSPN](docsource/images/RFKDB-custom-field-IncludePortInSPN-validation-options-dialog.png) @@ -1138,6 +1194,7 @@ the Keyfactor Command Portal Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. ![RFKDB Custom Field - SSHPort](docsource/images/RFKDB-custom-field-SSHPort-dialog.png) + ![RFKDB Custom Field - SSHPort](docsource/images/RFKDB-custom-field-SSHPort-validation-options-dialog.png) @@ -1145,6 +1202,7 @@ the Keyfactor Command Portal Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) ![RFKDB Custom Field - UseShellCommands](docsource/images/RFKDB-custom-field-UseShellCommands-dialog.png) + ![RFKDB Custom Field - UseShellCommands](docsource/images/RFKDB-custom-field-UseShellCommands-validation-options-dialog.png) @@ -1291,6 +1349,7 @@ the Keyfactor Command Portal The LinuxFilePermissionsOnStoreCreation field should contain a three-digit value between 000 and 777 representing the Linux file permissions to be set for the certificate store upon creation. Example: '600' or '755'. Overrides DefaultLinuxPermissionOnStoreCreation [config.json](#post-installation) setting. ![RFORA Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png) + ![RFORA Custom Field - LinuxFilePermissionsOnStoreCreation](docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png) @@ -1298,6 +1357,7 @@ the Keyfactor Command Portal The LinuxFileOwnerOnStoreCreation field should contain a valid user ID recognized by the destination Linux server, optionally followed by a colon and a group ID if the group owner differs. Example: 'userID' or 'userID:groupID'. Overrides DefaultOwnerOnStoreCreation [config.json](#post-installation) setting. ![RFORA Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png) + ![RFORA Custom Field - LinuxFileOwnerOnStoreCreation](docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png) @@ -1305,6 +1365,7 @@ the Keyfactor Command Portal The SudoImpersonatingUser field should contain a valid user ID to impersonate using sudo on the destination Linux server. Example: 'impersonatedUserID'. Overrides [config.json](#post-installation) DefaultSudoImpersonatedUser setting. ![RFORA Custom Field - SudoImpersonatingUser](docsource/images/RFORA-custom-field-SudoImpersonatingUser-dialog.png) + ![RFORA Custom Field - SudoImpersonatingUser](docsource/images/RFORA-custom-field-SudoImpersonatingUser-validation-options-dialog.png) @@ -1312,6 +1373,7 @@ the Keyfactor Command Portal The WorkFolder field should contain the path on the managed server where temporary work files can be created, modified, and deleted during Inventory and Management jobs. Example: '/path/to/workfolder'. ![RFORA Custom Field - WorkFolder](docsource/images/RFORA-custom-field-WorkFolder-dialog.png) + ![RFORA Custom Field - WorkFolder](docsource/images/RFORA-custom-field-WorkFolder-validation-options-dialog.png) @@ -1319,6 +1381,7 @@ the Keyfactor Command Portal Remove root certificate from chain when adding/renewing a certificate in a store. ![RFORA Custom Field - RemoveRootCertificate](docsource/images/RFORA-custom-field-RemoveRootCertificate-dialog.png) + ![RFORA Custom Field - RemoveRootCertificate](docsource/images/RFORA-custom-field-RemoveRootCertificate-validation-options-dialog.png) @@ -1326,6 +1389,7 @@ the Keyfactor Command Portal Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. ![RFORA Custom Field - IncludePortInSPN](docsource/images/RFORA-custom-field-IncludePortInSPN-dialog.png) + ![RFORA Custom Field - IncludePortInSPN](docsource/images/RFORA-custom-field-IncludePortInSPN-validation-options-dialog.png) @@ -1333,6 +1397,7 @@ the Keyfactor Command Portal Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. ![RFORA Custom Field - SSHPort](docsource/images/RFORA-custom-field-SSHPort-dialog.png) + ![RFORA Custom Field - SSHPort](docsource/images/RFORA-custom-field-SSHPort-validation-options-dialog.png) @@ -1340,6 +1405,7 @@ the Keyfactor Command Portal Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) ![RFORA Custom Field - UseShellCommands](docsource/images/RFORA-custom-field-UseShellCommands-dialog.png) + ![RFORA Custom Field - UseShellCommands](docsource/images/RFORA-custom-field-UseShellCommands-validation-options-dialog.png) @@ -1405,7 +1471,39 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is loc "DefaultLinuxPermissionsOnStoreCreation": "600", "DefaultOwnerOnStoreCreation": "", "SSHPort": "", - "UseShellCommands": "Y" + "UseShellCommands": "Y", + "PostJobCommands": [ + { + "Name": "Apache Tomcat Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart tomcat" + }, + { + "Name": "Apache HTTPD Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart httpd" + }, + { + "Name": "NGNIX Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart nginx" + }, + { + "Name": "HAProxy Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart haproxy" + }, + { + "Name": "Envoy Proxy Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart envoy" + }, + { + "Name": "Jetty Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart jetty" + } + ] } ``` @@ -1419,7 +1517,8 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is loc | `DefaultLinuxPermissionsOnStoreCreation` | `600` | Any 3-digit value from 000-777 | Linux file permissions set on new certificate stores. If blank, permissions from the parent folder will be used. Only applicable for Linux hosted certificate stores. | | `DefaultOwnerOnStoreCreation` | | Any valid user id | Sets the owner for newly created certificate stores. Can include group with format `ownerId:groupId`. If blank, the owner of the parent folder will be used. Only applicable for Linux hosted certificate stores. | | `SSHPort` | | Any valid integer representing a port | The port that SSH is listening on. Default is 22. Only applicable for Linux hosted certificate stores. | -| `UseShellCommands` | `Y` | `Y/N` | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | +| `UseShellCommands` | `Y` | `Y/N` | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting). | +| `PostJobCommands` | | See JSON above | JSON values representing post processing commands for Management-Add and ODKG job. For a detailed explanation of this optional setting, please refer to [Post Job Command Execution](#post-job-command-execution). | ## Defining Certificate Stores @@ -1460,6 +1559,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | | UseShellCommands | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | + | PostJobApplicationRestart | Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. | @@ -1495,6 +1595,7 @@ The Remote File Universal Orchestrator extension implements 6 Certificate Store | Properties.IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | Properties.SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | | Properties.UseShellCommands | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | + | Properties.PostJobApplicationRestart | Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. | 3. **Import the CSV file to create the certificate stores** @@ -1565,6 +1666,7 @@ Please refer to the **Universal Orchestrator (remote)** usage section ([PAM prov | IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | | UseShellCommands | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | + | PostJobApplicationRestart | Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. | @@ -1604,6 +1706,7 @@ Please refer to the **Universal Orchestrator (remote)** usage section ([PAM prov | Properties.IncludePortInSPN | Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations. | | Properties.SSHPort | Integer value representing the port that should be used when connecting to Linux servers over SSH. Overrides SSHPort [config.json](#post-installation) setting. | | Properties.UseShellCommands | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | + | Properties.PostJobApplicationRestart | Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired. | 3. **Import the CSV file to create the certificate stores** @@ -2121,6 +2224,35 @@ will still be executed when Use Shell Commands is set to Y. Commands = 'N' will have no effect. Shell commands will continue to be used because there will be no SSH connection available from which to execute SFTP commands. +## Post Job Command Execution + +Beginning in Release 4.0 of the RemoteFile Orchestrator Extension, you can designate a single command to be run after Management-Add +and ODKG jobs. The typical (although not necessarily only) use case for this functionality would be to restart a process or service +after a certificate has been added or renewed/replaced in a certificate store so that the new certificate will be loaded into the +consuming process/service. + +Steps to Implement: +1. Install RemoteFile Orchestrator Extension version 4.0 or later. +2. On the Universal Orchestrator server where RemoteFile is installed, modify the [config.json PostJobCommands section](#post-installation) to add/modify a post job command. The format of this section is an array of JSON objects containing: + * `Name` - The name of the command. Value must match what is entered for one of the `Multiple Choice Options` for the Custom Field created in Step 3. + * `Environment` - Linux or Windows. The certificate store server environment this command is valid for. + * `Command` - This is the actual command that will be run after a Management-Add or ODKG job. There are up to 2 optional arguments you can pass into this command: %StorePath% and %SeparatePrivateKeyFilePath%. If either or both of these values appear in the entered command, they will be replaced with the values of the certificate store Store Path and Separate Private Key File Location (RFPEM and RFDER only) fields. This may be useful if the command you run calls a script on the local device that needs one or both of these values passed to it. +3. Add a new (or edit the existing) Custom Field to the store type (RFJKS, RFPEM, etc) you wish to allow post Management-Add and ODKG job commands to be run commands after: + * Name = `PostJobApplicationRestart` (name and case must be exact) + * Display Name = your preference + * Type = `MultipleChoice` + * Multiple Choice Options = Comma delimited list of command name values. Each should match an entry in the config.json PostJobCommands as mentioned in Step 2. PLEASE NOTE: if you are on a Keyfactor Command release prior to 25.2, you will need to enter a leading "," (comma) in the Multiple Choice Options to have a default blank option (no command run) when creating your certificate store(s). For 25.2 or later, the comma is not needed, and a blank option will automatically be the default. + * Depends On = unchecked + * Required = unchecked +4. Restart the Universal Orchestrator +5. Create or modify a Keyfactor Command Certificate Store of the type modified in Step 3. You should see a dropdown list with a label matching the Display Name you entered in Step 3. The options in the dropdown should match the Multiple Choice Options you entered in Step 3 and each should match an entry in the config.json from Step 2. Select a value and save the store. For all successful Management-Add and ODKG jobs run for this store, the command entered in the config.json corresponding to the dropdown selection should be run over the SSH/WinRM connection used to process the job. + +When a Management-Add or ODKG job is run for a Keyfactor Command Certificate Store that has a Post Job Command selected in the dropdown, the associated `Command` in the config.json will be run after job completeion as long as the Management-Add/ODKG job completes successfully. + +Release 4.0 of the RemoteFile Orchestrator extension comes delivered with a config.json file containing an initial PostJobCommands section. You may keep these settings as is or modify based on the steps above. The integration-manifest.json file delivered with this integration contains the mappings of store types to these commands if you choose to use `kfutil` to create your RemoteFile store types. + +**PLEASE NOTE: The commands entered for Post Job Commands are the responsibility of the user. Keyfactor does not provide support for any issues arising from the use of these Post Job Commands INCLUDING those delivered with this release.** + ## Developer Notes The Remote File Orchestrator Extension is designed to be highly extensible, enabling its use with various file-based diff --git a/RemoteFile/ApplicationSettings.cs b/RemoteFile/ApplicationSettings.cs index d0ff264f..d23f9995 100644 --- a/RemoteFile/ApplicationSettings.cs +++ b/RemoteFile/ApplicationSettings.cs @@ -13,6 +13,7 @@ using Microsoft.Extensions.Logging; using Keyfactor.Logging; using System.Reflection; +using Microsoft.PowerShell; namespace Keyfactor.Extensions.Orchestrator.RemoteFile @@ -24,25 +25,25 @@ public class ApplicationSettings private const string DEFAULT_SUDO_IMPERSONATION_SETTING = ""; private const int DEFAULT_SSH_PORT = 22; - private static Dictionary configuration; - - public static bool UseSudo { get { return configuration.ContainsKey("UseSudo") ? configuration["UseSudo"]?.ToUpper() == "Y" : false; } } - public static bool CreateStoreIfMissing { get { return configuration.ContainsKey("CreateStoreIfMissing") ? configuration["CreateStoreIfMissing"]?.ToUpper() == "Y" : false; } } - public static bool UseNegotiate { get { return configuration.ContainsKey("UseNegotiate") ? configuration["UseNegotiate"]?.ToUpper() == "Y" : false; } } - public static string SeparateUploadFilePath { get { return configuration.ContainsKey("SeparateUploadFilePath") ? AddTrailingSlash(configuration["SeparateUploadFilePath"]) : string.Empty; } } - public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"] : DEFAULT_LINUX_PERMISSION_SETTING; } } - public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"] : DEFAULT_OWNER_SETTING; } } - public static string DefaultSudoImpersonatedUser { get { return configuration.ContainsKey("DefaultSudoImpersonatedUser") ? configuration["DefaultSudoImpersonatedUser"] : DEFAULT_SUDO_IMPERSONATION_SETTING; } } - public static string TempFilePathForODKG { get { return configuration.ContainsKey("TempFilePathForODKG") ? configuration["TempFilePathForODKG"] : string.Empty; } } - public static bool UseShellCommands { get { return configuration.ContainsKey("UseShellCommands") ? configuration["UseShellCommands"]?.ToUpper() == "Y" : true; } } + private static Dictionary configuration; + + public static bool UseSudo { get { return configuration.ContainsKey("UseSudo") ? configuration["UseSudo"]?.ToString().ToUpper() == "Y" : false; } } + public static bool CreateStoreIfMissing { get { return configuration.ContainsKey("CreateStoreIfMissing") ? configuration["CreateStoreIfMissing"]?.ToString().ToUpper() == "Y" : false; } } + public static bool UseNegotiate { get { return configuration.ContainsKey("UseNegotiate") ? configuration["UseNegotiate"]?.ToString().ToUpper() == "Y" : false; } } + public static string SeparateUploadFilePath { get { return configuration.ContainsKey("SeparateUploadFilePath") ? AddTrailingSlash(configuration["SeparateUploadFilePath"].ToString()) : string.Empty; } } + public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"].ToString() : DEFAULT_LINUX_PERMISSION_SETTING; } } + public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"].ToString() : DEFAULT_OWNER_SETTING; } } + public static string DefaultSudoImpersonatedUser { get { return configuration.ContainsKey("DefaultSudoImpersonatedUser") ? configuration["DefaultSudoImpersonatedUser"].ToString() : DEFAULT_SUDO_IMPERSONATION_SETTING; } } + public static string TempFilePathForODKG { get { return configuration.ContainsKey("TempFilePathForODKG") ? configuration["TempFilePathForODKG"].ToString() : string.Empty; } } + public static bool UseShellCommands { get { return configuration.ContainsKey("UseShellCommands") ? configuration["UseShellCommands"]?.ToString().ToUpper() == "Y" : true; } } public static int SSHPort { get { - if (configuration.ContainsKey("SSHPort") && !string.IsNullOrEmpty(configuration["SSHPort"])) + if (configuration.ContainsKey("SSHPort") && !string.IsNullOrEmpty(configuration["SSHPort"]?.ToString())) { int sshPort; - if (int.TryParse(configuration["SSHPort"], out sshPort)) + if (int.TryParse(configuration["SSHPort"]?.ToString(), out sshPort)) return sshPort; else throw new RemoteFileException($"Invalid optional config.json SSHPort value of {configuration["SSHPort"]}. If present, this must be an integer value."); @@ -53,13 +54,27 @@ public static int SSHPort } } } + public static List PostJobCommands + { + get + { + if (configuration.ContainsKey("PostJobCommands") && configuration["PostJobCommands"] != null) + { + return JsonConvert.DeserializeObject>(configuration["PostJobCommands"]?.ToString()); + } + else + { + return new List(); + } + } + } static ApplicationSettings() { ILogger logger = LogHandler.GetClassLogger(); logger.MethodEntry(LogLevel.Debug); - configuration = new Dictionary(); + configuration = new Dictionary(); string configLocation = $"{Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location)}{Path.DirectorySeparatorChar}config.json"; string configContents = string.Empty; @@ -81,11 +96,18 @@ static ApplicationSettings() return; } - configuration = JsonConvert.DeserializeObject>(configContents); + try + { + configuration = JsonConvert.DeserializeObject>(configContents); + } + catch (Exception ex) + { + throw new RemoteFileException(RemoteFileException.FlattenExceptionMessages(ex, "Error attempting to serialize config.json file. Please review your config.json file for proper formatting.")); + } ValidateConfiguration(logger); logger.LogDebug("Configuration Settings:"); - foreach(KeyValuePair keyValue in configuration) + foreach(KeyValuePair keyValue in configuration) { logger.LogDebug($" {keyValue.Key}: {keyValue.Value}"); } @@ -95,11 +117,11 @@ static ApplicationSettings() private static void ValidateConfiguration(ILogger logger) { - if (!configuration.ContainsKey("UseSudo") || (configuration["UseSudo"].ToUpper() != "Y" && configuration["UseSudo"].ToUpper() != "N")) + if (!configuration.ContainsKey("UseSudo") || (configuration["UseSudo"]?.ToString().ToUpper() != "Y" && configuration["UseSudo"]?.ToString().ToUpper() != "N")) logger.LogDebug($"Missing or invalid configuration parameter - UseSudo. Will set to default value of 'False'"); - if (!configuration.ContainsKey("CreateStoreIfMissing") || (configuration["CreateStoreIfMissing"].ToUpper() != "Y" && configuration["CreateStoreIfMissing"].ToUpper() != "N")) + if (!configuration.ContainsKey("CreateStoreIfMissing") || (configuration["CreateStoreIfMissing"]?.ToString().ToUpper() != "Y" && configuration["CreateStoreIfMissing"]?.ToString().ToUpper() != "N")) logger.LogDebug($"Missing or invalid configuration parameter - CreateStoreIfMissing. Will set to default value of 'False'"); - if (!configuration.ContainsKey("UseNegotiate") || (configuration["UseNegotiate"].ToUpper() != "Y" && configuration["UseNegotiate"].ToUpper() != "N")) + if (!configuration.ContainsKey("UseNegotiate") || (configuration["UseNegotiate"]?.ToString().ToUpper() != "Y" && configuration["UseNegotiate"]?.ToString().ToUpper() != "N")) logger.LogDebug($"Missing or invalid configuration parameter - UseNegotiate. Will set to default value of 'False'"); if (!configuration.ContainsKey("SeparateUploadFilePath")) logger.LogDebug($"Missing configuration parameter - SeparateUploadFilePath. Will set to default value of ''"); @@ -113,5 +135,12 @@ private static string AddTrailingSlash(string path) { return string.IsNullOrEmpty(path) ? path : path.Substring(path.Length - 1, 1) == @"/" ? path : path += @"/"; } + + public class PostJobCommand + { + public string Name { get; set; } + public string Environment { get; set; } + public string Command { get; set; } + } } } diff --git a/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs index 2e1002fd..4339eb95 100644 --- a/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs +++ b/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs @@ -93,8 +93,8 @@ public List SerializeRemoteCertificateStore(Pkcs12Store cer try { remoteHandler.UploadCertificateFile($"{WorkFolder}", $"{tempStoreFileJKS}", jksStoreInfo[0].Contents); - remoteHandler.RunCommand(orapkiCommand1, null, ApplicationSettings.UseSudo, null); - remoteHandler.RunCommand(orapkiCommand2, null, ApplicationSettings.UseSudo, null); + remoteHandler.RunCommand(orapkiCommand1, null, ApplicationSettings.UseSudo, [storePassword]); + remoteHandler.RunCommand(orapkiCommand2, null, ApplicationSettings.UseSudo, [storePassword]); byte[] storeContents = remoteHandler.DownloadCertificateFile($"{WorkFolder}ewallet.p12"); diff --git a/RemoteFile/ManagementBase.cs b/RemoteFile/ManagementBase.cs index 2a289e50..b527c183 100644 --- a/RemoteFile/ManagementBase.cs +++ b/RemoteFile/ManagementBase.cs @@ -15,6 +15,7 @@ using Org.BouncyCastle.X509; using System; using System.IO; +using System.Linq.Expressions; using static Org.BouncyCastle.Math.EC.ECCurve; namespace Keyfactor.Extensions.Orchestrator.RemoteFile @@ -55,7 +56,21 @@ public JobResult ProcessJob(ManagementJobConfiguration config) certificateStore.AddCertificate(config.JobCertificate.Alias ?? GetThumbprint(config.JobCertificate, logger), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword, RemoveRootCertificate); certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler)); - logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}."); + try + { + if (!string.IsNullOrEmpty(PostJobApplicationRestart)) + certificateStore.RunPostJobCommand(PostJobApplicationRestart, config.CertificateStoreDetails.StorePath, certificateStoreSerializer.GetPrivateKeyPath()); + } + catch (Exception ex) + { + logger.LogError($"Exception for {config.Capability} attempting post job command for {PostJobApplicationRestart}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}"); + return new JobResult() { Result = OrchestratorJobStatusJobResult.Warning, JobHistoryId = config.JobHistoryId, FailureMessage = RemoteFileException.FlattenExceptionMessages(ex, $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: Certificate was successfully added to store, but post job command for {PostJobApplicationRestart} failed with: ") }; + } + finally + { + logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}."); + } + break; case CertStoreOperationType.Remove: @@ -112,17 +127,25 @@ private string GetThumbprint (ManagementJobCertificate jobCertificate, ILogger l string thumbprint = string.Empty; - using (MemoryStream ms = new MemoryStream(Convert.FromBase64String(jobCertificate.Contents))) + if (string.IsNullOrEmpty(jobCertificate.PrivateKeyPassword)) + { + X509Certificate x = new X509Certificate(Convert.FromBase64String(jobCertificate.Contents)); + thumbprint = x.Thumbprint(); + } + else { - Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder(); - Pkcs12Store store = storeBuilder.Build(); + using (MemoryStream ms = new MemoryStream(Convert.FromBase64String(jobCertificate.Contents))) + { + Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder(); + Pkcs12Store store = storeBuilder.Build(); - store.Load(ms, jobCertificate.PrivateKeyPassword.ToCharArray()); + store.Load(ms, jobCertificate.PrivateKeyPassword.ToCharArray()); - foreach (string alias in store.Aliases) - { - thumbprint = store.GetCertificate(alias).Certificate.Thumbprint(); - break; + foreach (string alias in store.Aliases) + { + thumbprint = store.GetCertificate(alias).Certificate.Thumbprint(); + break; + } } } diff --git a/RemoteFile/ReenrollmentBase.cs b/RemoteFile/ReenrollmentBase.cs index 667c97eb..96d14010 100644 --- a/RemoteFile/ReenrollmentBase.cs +++ b/RemoteFile/ReenrollmentBase.cs @@ -104,7 +104,20 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), config.Overwrite, null, RemoveRootCertificate); certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler)); - logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}."); + try + { + if (!string.IsNullOrEmpty(PostJobApplicationRestart)) + certificateStore.RunPostJobCommand(PostJobApplicationRestart, config.CertificateStoreDetails.StorePath, certificateStoreSerializer.GetPrivateKeyPath()); + } + catch (Exception ex) + { + logger.LogError($"Exception for {config.Capability} attempting post job command for {PostJobApplicationRestart}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}"); + return new JobResult() { Result = OrchestratorJobStatusJobResult.Warning, JobHistoryId = config.JobHistoryId, FailureMessage = RemoteFileException.FlattenExceptionMessages(ex, $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: Certificate was successfully added to store, but post job command for {PostJobApplicationRestart} failed with: ") }; + } + finally + { + logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}."); + } } catch (Exception ex) diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs index 4829c7a8..030d50eb 100644 --- a/RemoteFile/RemoteCertificateStore.cs +++ b/RemoteFile/RemoteCertificateStore.cs @@ -25,6 +25,8 @@ using static Keyfactor.Extensions.Orchestrator.RemoteFile.ReenrollmentBase; using static Keyfactor.PKI.PKIConstants.X509; using Keyfactor.PKI.PrivateKeys; +using Keyfactor.PKI.CryptographicObjects.Formatters; +using Org.BouncyCastle.X509; namespace Keyfactor.Extensions.Orchestrator.RemoteFile { @@ -33,6 +35,8 @@ internal class RemoteCertificateStore private const string NO_EXTENSION = "noext"; private const string FULL_SCAN = "fullscan"; private const string LOCAL_MACHINE_SUFFIX = "|localmachine"; + private const string POST_JOB_COMMAND_ARG1 = "%StorePath%"; + private const string POST_JOB_COMMAND_ARG2 = "%SeparatePrivateKeyFilePath%"; internal enum ServerTypeEnum { @@ -263,7 +267,7 @@ internal void AddCertificate(string alias, string certificateEntry, bool overwri RemoveRootCertificate(Convert.FromBase64String(certificateEntry), pfxPassword) : Convert.FromBase64String(certificateEntry); - using (MemoryStream ms = new MemoryStream(newCertBytes)) + using (MemoryStream ms = new MemoryStream(string.IsNullOrEmpty(pfxPassword) ? ConvertDERToP12(newCertBytes) : newCertBytes)) { newEntry.Load(ms, string.IsNullOrEmpty(pfxPassword) ? new char[0] : pfxPassword.ToCharArray()); } @@ -370,6 +374,28 @@ internal string GenerateCSR(string subjectText, bool overwrite, string alias, Su return csr; } + internal void RunPostJobCommand(string applicationName, string storePath, string separatePrivateKeyFilePath) + { + string cmd = string.Empty; + try + { + cmd = ApplicationSettings.PostJobCommands.FirstOrDefault(p => p.Name == applicationName && p.Environment == ServerType.ToString())?.Command; + } + catch (Exception ex) + { + string errMessage = RemoteFileException.FlattenExceptionMessages(ex, "Error reading config.json PostJobCommands Setting: "); + logger.LogError(errMessage); + throw new RemoteFileException(errMessage); + } + if (string.IsNullOrEmpty(cmd)) + throw new RemoteFileException($"Post job application {applicationName} command mapping not found in config.json."); + + if (cmd.IndexOf(POST_JOB_COMMAND_ARG1) > -1) cmd = cmd.Replace(POST_JOB_COMMAND_ARG1, storePath ?? string.Empty); + if (cmd.IndexOf(POST_JOB_COMMAND_ARG2) > -1) cmd = cmd.Replace(POST_JOB_COMMAND_ARG2, separatePrivateKeyFilePath ?? string.Empty); + + RemoteHandler.RunCommand(cmd, null, false, null); + } + internal void Initialize(string sudoImpersonatedUser, bool useShellCommands) { logger.MethodEntry(LogLevel.Debug); @@ -429,7 +455,7 @@ private bool IsValueSafeRegex(string value) { logger.MethodEntry(LogLevel.Debug); - Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-_/@.]*$" : $@"^[\d\s\w-_/.:)(\\\\]*$"); + Regex regex = new Regex(ServerType == ServerTypeEnum.Linux ? $@"^[\d\s\w-+_/@.]*$" : $@"^[\d\s\w-+_/.:)(\\\\]*$"); logger.MethodExit(LogLevel.Debug); @@ -561,6 +587,23 @@ private string FormatPath(string path) return "'" + path + (path.Substring(path.Length - 1) == @"\" ? string.Empty : @"\") + "'"; } + + private byte[] ConvertDERToP12(byte[] cert) + { + X509Certificate x509Cert = new X509CertificateParser().ReadCertificate(cert); + Pkcs12Store store = new Pkcs12StoreBuilder().Build(); + store.SetCertificateEntry("temp", new X509CertificateEntry(x509Cert)); + + using (var ms = new MemoryStream()) + { + store.Save( + ms, + new char[] {}, + new SecureRandom() + ); + return ms.ToArray(); + } + } } class PathFile diff --git a/RemoteFile/RemoteFileJobTypeBase.cs b/RemoteFile/RemoteFileJobTypeBase.cs index ec2f7e76..a9f35b3a 100644 --- a/RemoteFile/RemoteFileJobTypeBase.cs +++ b/RemoteFile/RemoteFileJobTypeBase.cs @@ -29,6 +29,7 @@ public abstract class RemoteFileJobTypeBase internal bool IncludePortInSPN { get; set; } internal bool CreateCSROnDevice { get; set; } internal bool UseShellCommands { get; set; } + internal string PostJobApplicationRestart { get; set; } internal string KeyType { get; set; } internal int KeySize { get; set; } internal string SubjectText { get; set; } @@ -73,6 +74,10 @@ internal void SetJobProperties(JobConfiguration config, CertificateStore certifi ApplicationSettings.UseShellCommands : properties.UseShellCommands; + PostJobApplicationRestart = properties.PostJobApplicationRestart == null || string.IsNullOrEmpty(properties.PostJobApplicationRestart.Value) ? + null : + properties.PostJobApplicationRestart; + if (config.JobProperties != null) { KeyType = !config.JobProperties.ContainsKey("keyType") || config.JobProperties["keyType"] == null || string.IsNullOrEmpty(config.JobProperties["keyType"].ToString()) ? string.Empty : config.JobProperties["keyType"].ToString(); @@ -89,6 +94,8 @@ internal void SetJobProperties(JobConfiguration config, CertificateStore certifi logger.LogDebug($"RemoveRootCertificate: {RemoveRootCertificate}"); logger.LogDebug($"SSHPort: {SSHPort}"); logger.LogDebug($"IncludePortInSPN: {IncludePortInSPN}"); + logger.LogDebug($"UseShellCommands: {UseShellCommands}"); + logger.LogDebug($"PostJobApplicationRestart: {PostJobApplicationRestart}"); logger.LogDebug($"KeyType: {KeyType}"); logger.LogDebug($"KeySize: {KeySize}"); logger.LogDebug($"SubjectText: {SubjectText}"); diff --git a/RemoteFile/RemoteHandlers/LinuxLocalHandler.cs b/RemoteFile/RemoteHandlers/LinuxLocalHandler.cs index a02918c6..18668be5 100644 --- a/RemoteFile/RemoteHandlers/LinuxLocalHandler.cs +++ b/RemoteFile/RemoteHandlers/LinuxLocalHandler.cs @@ -123,16 +123,23 @@ public override void CreateEmptyStoreFile(string path, string linuxFilePermissio { _logger.MethodEntry(LogLevel.Debug); string[] linuxGroupOwner = linuxFileOwner.Split(":"); - string linuxFileGroup = linuxFileOwner; + string linuxFileGroup = String.Empty; if (linuxGroupOwner.Length == 2) { linuxFileOwner = linuxGroupOwner[0]; - linuxFileGroup = linuxGroupOwner[1]; + linuxFileGroup = $"-g {linuxGroupOwner[1]}"; } + string pathOnly = string.Empty; + string fileName = string.Empty; + SplitStorePathFile(path, out pathOnly, out fileName); + + linuxFilePermissions = string.IsNullOrEmpty(linuxFilePermissions) ? GetFolderPermissions(pathOnly) : linuxFilePermissions; + linuxFileOwner = string.IsNullOrEmpty(linuxFileOwner) ? GetFolderOwner(pathOnly) : linuxFileOwner; + AreLinuxPermissionsValid(linuxFilePermissions); - RunCommand($"install -m {linuxFilePermissions} -o {linuxFileOwner} -g {linuxFileGroup} /dev/null {path}", null, ApplicationSettings.UseSudo, null); + RunCommand($"install -m {linuxFilePermissions} -o {linuxFileOwner} {linuxFileGroup} /dev/null {path}", null, ApplicationSettings.UseSudo, null); _logger.MethodExit(LogLevel.Debug); } @@ -151,5 +158,52 @@ public override void RemoveCertificateFile(string path, string fileName) RunCommand($"rm {path}{fileName}", null, ApplicationSettings.UseSudo, null); } + + private string GetFolderPermissions(string path) + { + _logger.MethodEntry(LogLevel.Debug); + + try + { + return RunCommand($"stat -c '%a' {path}", null, ApplicationSettings.UseSudo, null).Replace($"\n", string.Empty); + } + finally + { + _logger.MethodExit(LogLevel.Debug); + } + } + + private string GetFolderOwner(string path) + { + _logger.MethodEntry(LogLevel.Debug); + + try + { + return RunCommand($"stat -c '%U' {path}", null, ApplicationSettings.UseSudo, null).Replace($"\n", string.Empty); + } + finally + { + + _logger.MethodExit(LogLevel.Debug); + } + } + + private void SplitStorePathFile(string pathFileName, out string path, out string fileName) + { + _logger.MethodEntry(LogLevel.Debug); + + try + { + int separatorIndex = pathFileName.LastIndexOf(pathFileName.Substring(0, 1) == "/" ? @"/" : @"\"); + fileName = pathFileName.Substring(separatorIndex + 1); + path = pathFileName.Substring(0, separatorIndex + 1); + } + catch (Exception ex) + { + throw new RemoteFileException($"Error attempting to parse certficate store/key path={pathFileName}.", ex); + } + + _logger.MethodEntry(LogLevel.Debug); + } } } diff --git a/RemoteFile/config.json b/RemoteFile/config.json index c74ec029..b16d622f 100644 --- a/RemoteFile/config.json +++ b/RemoteFile/config.json @@ -6,5 +6,38 @@ "SeparateUploadFilePath": "", "DefaultLinuxPermissionsOnStoreCreation": "600", "DefaultOwnerOnStoreCreation": "", - "SSHPort": "" + "SSHPort": "", + + "PostJobCommands": [ + { + "Name": "Apache Tomcat Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart tomcat" + }, + { + "Name": "Apache HTTPD Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart httpd" + }, + { + "Name": "NGNIX Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart nginx" + }, + { + "Name": "HAProxy Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart haproxy" + }, + { + "Name": "Envoy Proxy Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart envoy" + }, + { + "Name": "Jetty Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart jetty" + } + ] } \ No newline at end of file diff --git a/docsource/content.md b/docsource/content.md index c883307b..8454e11a 100644 --- a/docsource/content.md +++ b/docsource/content.md @@ -127,7 +127,39 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is loc "DefaultLinuxPermissionsOnStoreCreation": "600", "DefaultOwnerOnStoreCreation": "", "SSHPort": "", - "UseShellCommands": "Y" + "UseShellCommands": "Y", + "PostJobCommands": [ + { + "Name": "Apache Tomcat Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart tomcat" + }, + { + "Name": "Apache HTTPD Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart httpd" + }, + { + "Name": "NGNIX Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart nginx" + }, + { + "Name": "HAProxy Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart haproxy" + }, + { + "Name": "Envoy Proxy Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart envoy" + }, + { + "Name": "Jetty Restart", + "Environment": "Linux", + "Command": "sudo systemctl restart jetty" + } + ] } ``` @@ -141,7 +173,8 @@ The Remote File Orchestrator Extension uses a JSON configuration file. It is loc | `DefaultLinuxPermissionsOnStoreCreation` | `600` | Any 3-digit value from 000-777 | Linux file permissions set on new certificate stores. If blank, permissions from the parent folder will be used. Only applicable for Linux hosted certificate stores. | | `DefaultOwnerOnStoreCreation` | | Any valid user id | Sets the owner for newly created certificate stores. Can include group with format `ownerId:groupId`. If blank, the owner of the parent folder will be used. Only applicable for Linux hosted certificate stores. | | `SSHPort` | | Any valid integer representing a port | The port that SSH is listening on. Default is 22. Only applicable for Linux hosted certificate stores. | -| `UseShellCommands` | `Y` | `Y/N` | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting) | +| `UseShellCommands` | `Y` | `Y/N` | Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting). | +| `PostJobCommands` | | See JSON above | JSON values representing post processing commands for Management-Add and ODKG job. For a detailed explanation of this optional setting, please refer to [Post Job Command Execution](#post-job-command-execution). | ## Discovery @@ -214,6 +247,35 @@ will still be executed when Use Shell Commands is set to Y. Commands = 'N' will have no effect. Shell commands will continue to be used because there will be no SSH connection available from which to execute SFTP commands. +## Post Job Command Execution + +Beginning in Release 4.0 of the RemoteFile Orchestrator Extension, you can designate a single command to be run after Management-Add +and ODKG jobs. The typical (although not necessarily only) use case for this functionality would be to restart a process or service +after a certificate has been added or renewed/replaced in a certificate store so that the new certificate will be loaded into the +consuming process/service. + +Steps to Implement: +1. Install RemoteFile Orchestrator Extension version 4.0 or later. +2. On the Universal Orchestrator server where RemoteFile is installed, modify the [config.json PostJobCommands section](#post-installation) to add/modify a post job command. The format of this section is an array of JSON objects containing: + * `Name` - The name of the command. Value must match what is entered for one of the `Multiple Choice Options` for the Custom Field created in Step 3. + * `Environment` - Linux or Windows. The certificate store server environment this command is valid for. + * `Command` - This is the actual command that will be run after a Management-Add or ODKG job. There are up to 2 optional arguments you can pass into this command: %StorePath% and %SeparatePrivateKeyFilePath%. If either or both of these values appear in the entered command, they will be replaced with the values of the certificate store Store Path and Separate Private Key File Location (RFPEM and RFDER only) fields. This may be useful if the command you run calls a script on the local device that needs one or both of these values passed to it. +3. Add a new (or edit the existing) Custom Field to the store type (RFJKS, RFPEM, etc) you wish to allow post Management-Add and ODKG job commands to be run commands after: + * Name = `PostJobApplicationRestart` (name and case must be exact) + * Display Name = your preference + * Type = `MultipleChoice` + * Multiple Choice Options = Comma delimited list of command name values. Each should match an entry in the config.json PostJobCommands as mentioned in Step 2. PLEASE NOTE: if you are on a Keyfactor Command release prior to 25.2, you will need to enter a leading "," (comma) in the Multiple Choice Options to have a default blank option (no command run) when creating your certificate store(s). For 25.2 or later, the comma is not needed, and a blank option will automatically be the default. + * Depends On = unchecked + * Required = unchecked +4. Restart the Universal Orchestrator +5. Create or modify a Keyfactor Command Certificate Store of the type modified in Step 3. You should see a dropdown list with a label matching the Display Name you entered in Step 3. The options in the dropdown should match the Multiple Choice Options you entered in Step 3 and each should match an entry in the config.json from Step 2. Select a value and save the store. For all successful Management-Add and ODKG jobs run for this store, the command entered in the config.json corresponding to the dropdown selection should be run over the SSH/WinRM connection used to process the job. + +When a Management-Add or ODKG job is run for a Keyfactor Command Certificate Store that has a Post Job Command selected in the dropdown, the associated `Command` in the config.json will be run after job completeion as long as the Management-Add/ODKG job completes successfully. + +Release 4.0 of the RemoteFile Orchestrator extension comes delivered with a config.json file containing an initial PostJobCommands section. You may keep these settings as is or modify based on the steps above. The integration-manifest.json file delivered with this integration contains the mappings of store types to these commands if you choose to use `kfutil` to create your RemoteFile store types. + +**PLEASE NOTE: The commands entered for Post Job Commands are the responsibility of the user. Keyfactor does not provide support for any issues arising from the use of these Post Job Commands INCLUDING those delivered with this release.** + ## Developer Notes diff --git a/docsource/images/RFDER-advanced-store-type-dialog.png b/docsource/images/RFDER-advanced-store-type-dialog.png index 90001473..1800c178 100644 Binary files a/docsource/images/RFDER-advanced-store-type-dialog.png and b/docsource/images/RFDER-advanced-store-type-dialog.png differ diff --git a/docsource/images/RFDER-basic-store-type-dialog.png b/docsource/images/RFDER-basic-store-type-dialog.png index a2d7236a..f0a4ed37 100644 Binary files a/docsource/images/RFDER-basic-store-type-dialog.png and b/docsource/images/RFDER-basic-store-type-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-IncludePortInSPN-dialog.png b/docsource/images/RFDER-custom-field-IncludePortInSPN-dialog.png index 797d7945..db183e33 100644 Binary files a/docsource/images/RFDER-custom-field-IncludePortInSPN-dialog.png and b/docsource/images/RFDER-custom-field-IncludePortInSPN-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-IncludePortInSPN-validation-options-dialog.png b/docsource/images/RFDER-custom-field-IncludePortInSPN-validation-options-dialog.png new file mode 100644 index 00000000..d23bcd2a Binary files /dev/null and b/docsource/images/RFDER-custom-field-IncludePortInSPN-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png b/docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png index 524fcdef..a1b84b34 100644 Binary files a/docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png and b/docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png b/docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..19c86e9f Binary files /dev/null and b/docsource/images/RFDER-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png b/docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png index 6c478b2e..3b3e3e3c 100644 Binary files a/docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png and b/docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png b/docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..3eb0d190 Binary files /dev/null and b/docsource/images/RFDER-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-RemoveRootCertificate-dialog.png b/docsource/images/RFDER-custom-field-RemoveRootCertificate-dialog.png index 4dfdaab7..f4040ace 100644 Binary files a/docsource/images/RFDER-custom-field-RemoveRootCertificate-dialog.png and b/docsource/images/RFDER-custom-field-RemoveRootCertificate-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-RemoveRootCertificate-validation-options-dialog.png b/docsource/images/RFDER-custom-field-RemoveRootCertificate-validation-options-dialog.png new file mode 100644 index 00000000..c4d765cd Binary files /dev/null and b/docsource/images/RFDER-custom-field-RemoveRootCertificate-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-SSHPort-dialog.png b/docsource/images/RFDER-custom-field-SSHPort-dialog.png index beeed39a..0ad88003 100644 Binary files a/docsource/images/RFDER-custom-field-SSHPort-dialog.png and b/docsource/images/RFDER-custom-field-SSHPort-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-SSHPort-validation-options-dialog.png b/docsource/images/RFDER-custom-field-SSHPort-validation-options-dialog.png new file mode 100644 index 00000000..154ce416 Binary files /dev/null and b/docsource/images/RFDER-custom-field-SSHPort-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-dialog.png b/docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-dialog.png index 585056e6..efe189ba 100644 Binary files a/docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-dialog.png and b/docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png b/docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png new file mode 100644 index 00000000..e178f8c6 Binary files /dev/null and b/docsource/images/RFDER-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-SudoImpersonatingUser-dialog.png b/docsource/images/RFDER-custom-field-SudoImpersonatingUser-dialog.png index 3f7a63a2..577285c5 100644 Binary files a/docsource/images/RFDER-custom-field-SudoImpersonatingUser-dialog.png and b/docsource/images/RFDER-custom-field-SudoImpersonatingUser-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-SudoImpersonatingUser-validation-options-dialog.png b/docsource/images/RFDER-custom-field-SudoImpersonatingUser-validation-options-dialog.png new file mode 100644 index 00000000..b61c749b Binary files /dev/null and b/docsource/images/RFDER-custom-field-SudoImpersonatingUser-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-UseShellCommands-dialog.png b/docsource/images/RFDER-custom-field-UseShellCommands-dialog.png index 69c67135..7e530470 100644 Binary files a/docsource/images/RFDER-custom-field-UseShellCommands-dialog.png and b/docsource/images/RFDER-custom-field-UseShellCommands-dialog.png differ diff --git a/docsource/images/RFDER-custom-field-UseShellCommands-validation-options-dialog.png b/docsource/images/RFDER-custom-field-UseShellCommands-validation-options-dialog.png new file mode 100644 index 00000000..e7e9edf3 Binary files /dev/null and b/docsource/images/RFDER-custom-field-UseShellCommands-validation-options-dialog.png differ diff --git a/docsource/images/RFDER-custom-fields-store-type-dialog.png b/docsource/images/RFDER-custom-fields-store-type-dialog.png index 7cf4bb3b..d95b10d6 100644 Binary files a/docsource/images/RFDER-custom-fields-store-type-dialog.png and b/docsource/images/RFDER-custom-fields-store-type-dialog.png differ diff --git a/docsource/images/RFJKS-advanced-store-type-dialog.png b/docsource/images/RFJKS-advanced-store-type-dialog.png index 4827627b..368f75c1 100644 Binary files a/docsource/images/RFJKS-advanced-store-type-dialog.png and b/docsource/images/RFJKS-advanced-store-type-dialog.png differ diff --git a/docsource/images/RFJKS-basic-store-type-dialog.png b/docsource/images/RFJKS-basic-store-type-dialog.png index 68a4881e..bb13f7b7 100644 Binary files a/docsource/images/RFJKS-basic-store-type-dialog.png and b/docsource/images/RFJKS-basic-store-type-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-IncludePortInSPN-dialog.png b/docsource/images/RFJKS-custom-field-IncludePortInSPN-dialog.png index 96cbd5a4..67aebc59 100644 Binary files a/docsource/images/RFJKS-custom-field-IncludePortInSPN-dialog.png and b/docsource/images/RFJKS-custom-field-IncludePortInSPN-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-IncludePortInSPN-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-IncludePortInSPN-validation-options-dialog.png new file mode 100644 index 00000000..c4d765cd Binary files /dev/null and b/docsource/images/RFJKS-custom-field-IncludePortInSPN-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png b/docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png index 524fcdef..a1b84b34 100644 Binary files a/docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png and b/docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..19c86e9f Binary files /dev/null and b/docsource/images/RFJKS-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png b/docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png index 6c478b2e..3b3e3e3c 100644 Binary files a/docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png and b/docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..3eb0d190 Binary files /dev/null and b/docsource/images/RFJKS-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-PostJobApplicationRestart-dialog.png b/docsource/images/RFJKS-custom-field-PostJobApplicationRestart-dialog.png new file mode 100644 index 00000000..4afafa3f Binary files /dev/null and b/docsource/images/RFJKS-custom-field-PostJobApplicationRestart-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-PostJobApplicationRestart-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-PostJobApplicationRestart-validation-options-dialog.png new file mode 100644 index 00000000..e7e9edf3 Binary files /dev/null and b/docsource/images/RFJKS-custom-field-PostJobApplicationRestart-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-RemoveRootCertificate-dialog.png b/docsource/images/RFJKS-custom-field-RemoveRootCertificate-dialog.png index 49e337c9..58529555 100644 Binary files a/docsource/images/RFJKS-custom-field-RemoveRootCertificate-dialog.png and b/docsource/images/RFJKS-custom-field-RemoveRootCertificate-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-RemoveRootCertificate-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-RemoveRootCertificate-validation-options-dialog.png new file mode 100644 index 00000000..e178f8c6 Binary files /dev/null and b/docsource/images/RFJKS-custom-field-RemoveRootCertificate-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-SSHPort-dialog.png b/docsource/images/RFJKS-custom-field-SSHPort-dialog.png index 2218397b..8a2dbb83 100644 Binary files a/docsource/images/RFJKS-custom-field-SSHPort-dialog.png and b/docsource/images/RFJKS-custom-field-SSHPort-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-SSHPort-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-SSHPort-validation-options-dialog.png new file mode 100644 index 00000000..d23bcd2a Binary files /dev/null and b/docsource/images/RFJKS-custom-field-SSHPort-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-SudoImpersonatingUser-dialog.png b/docsource/images/RFJKS-custom-field-SudoImpersonatingUser-dialog.png index 3f7a63a2..577285c5 100644 Binary files a/docsource/images/RFJKS-custom-field-SudoImpersonatingUser-dialog.png and b/docsource/images/RFJKS-custom-field-SudoImpersonatingUser-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-SudoImpersonatingUser-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-SudoImpersonatingUser-validation-options-dialog.png new file mode 100644 index 00000000..b61c749b Binary files /dev/null and b/docsource/images/RFJKS-custom-field-SudoImpersonatingUser-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-UseShellCommands-dialog.png b/docsource/images/RFJKS-custom-field-UseShellCommands-dialog.png index 9d27c5a5..8ff23087 100644 Binary files a/docsource/images/RFJKS-custom-field-UseShellCommands-dialog.png and b/docsource/images/RFJKS-custom-field-UseShellCommands-dialog.png differ diff --git a/docsource/images/RFJKS-custom-field-UseShellCommands-validation-options-dialog.png b/docsource/images/RFJKS-custom-field-UseShellCommands-validation-options-dialog.png new file mode 100644 index 00000000..154ce416 Binary files /dev/null and b/docsource/images/RFJKS-custom-field-UseShellCommands-validation-options-dialog.png differ diff --git a/docsource/images/RFJKS-custom-fields-store-type-dialog.png b/docsource/images/RFJKS-custom-fields-store-type-dialog.png index d003aeb1..985f7815 100644 Binary files a/docsource/images/RFJKS-custom-fields-store-type-dialog.png and b/docsource/images/RFJKS-custom-fields-store-type-dialog.png differ diff --git a/docsource/images/RFKDB-advanced-store-type-dialog.png b/docsource/images/RFKDB-advanced-store-type-dialog.png index 4827627b..368f75c1 100644 Binary files a/docsource/images/RFKDB-advanced-store-type-dialog.png and b/docsource/images/RFKDB-advanced-store-type-dialog.png differ diff --git a/docsource/images/RFKDB-basic-store-type-dialog.png b/docsource/images/RFKDB-basic-store-type-dialog.png index 9580898e..dc28e0a0 100644 Binary files a/docsource/images/RFKDB-basic-store-type-dialog.png and b/docsource/images/RFKDB-basic-store-type-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-IncludePortInSPN-dialog.png b/docsource/images/RFKDB-custom-field-IncludePortInSPN-dialog.png index 96cbd5a4..67aebc59 100644 Binary files a/docsource/images/RFKDB-custom-field-IncludePortInSPN-dialog.png and b/docsource/images/RFKDB-custom-field-IncludePortInSPN-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-IncludePortInSPN-validation-options-dialog.png b/docsource/images/RFKDB-custom-field-IncludePortInSPN-validation-options-dialog.png new file mode 100644 index 00000000..c4d765cd Binary files /dev/null and b/docsource/images/RFKDB-custom-field-IncludePortInSPN-validation-options-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png b/docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png index 524fcdef..a1b84b34 100644 Binary files a/docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png and b/docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png b/docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..19c86e9f Binary files /dev/null and b/docsource/images/RFKDB-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png b/docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png index 6c478b2e..3b3e3e3c 100644 Binary files a/docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png and b/docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png b/docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..3eb0d190 Binary files /dev/null and b/docsource/images/RFKDB-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-RemoveRootCertificate-dialog.png b/docsource/images/RFKDB-custom-field-RemoveRootCertificate-dialog.png index 49e337c9..58529555 100644 Binary files a/docsource/images/RFKDB-custom-field-RemoveRootCertificate-dialog.png and b/docsource/images/RFKDB-custom-field-RemoveRootCertificate-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-RemoveRootCertificate-validation-options-dialog.png b/docsource/images/RFKDB-custom-field-RemoveRootCertificate-validation-options-dialog.png new file mode 100644 index 00000000..e178f8c6 Binary files /dev/null and b/docsource/images/RFKDB-custom-field-RemoveRootCertificate-validation-options-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-SSHPort-dialog.png b/docsource/images/RFKDB-custom-field-SSHPort-dialog.png index 2218397b..8a2dbb83 100644 Binary files a/docsource/images/RFKDB-custom-field-SSHPort-dialog.png and b/docsource/images/RFKDB-custom-field-SSHPort-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-SSHPort-validation-options-dialog.png b/docsource/images/RFKDB-custom-field-SSHPort-validation-options-dialog.png new file mode 100644 index 00000000..d23bcd2a Binary files /dev/null and b/docsource/images/RFKDB-custom-field-SSHPort-validation-options-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-SudoImpersonatingUser-dialog.png b/docsource/images/RFKDB-custom-field-SudoImpersonatingUser-dialog.png index 3f7a63a2..577285c5 100644 Binary files a/docsource/images/RFKDB-custom-field-SudoImpersonatingUser-dialog.png and b/docsource/images/RFKDB-custom-field-SudoImpersonatingUser-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-SudoImpersonatingUser-validation-options-dialog.png b/docsource/images/RFKDB-custom-field-SudoImpersonatingUser-validation-options-dialog.png new file mode 100644 index 00000000..b61c749b Binary files /dev/null and b/docsource/images/RFKDB-custom-field-SudoImpersonatingUser-validation-options-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-UseShellCommands-dialog.png b/docsource/images/RFKDB-custom-field-UseShellCommands-dialog.png index 9d27c5a5..8ff23087 100644 Binary files a/docsource/images/RFKDB-custom-field-UseShellCommands-dialog.png and b/docsource/images/RFKDB-custom-field-UseShellCommands-dialog.png differ diff --git a/docsource/images/RFKDB-custom-field-UseShellCommands-validation-options-dialog.png b/docsource/images/RFKDB-custom-field-UseShellCommands-validation-options-dialog.png new file mode 100644 index 00000000..154ce416 Binary files /dev/null and b/docsource/images/RFKDB-custom-field-UseShellCommands-validation-options-dialog.png differ diff --git a/docsource/images/RFKDB-custom-fields-store-type-dialog.png b/docsource/images/RFKDB-custom-fields-store-type-dialog.png index d003aeb1..cf02335f 100644 Binary files a/docsource/images/RFKDB-custom-fields-store-type-dialog.png and b/docsource/images/RFKDB-custom-fields-store-type-dialog.png differ diff --git a/docsource/images/RFORA-advanced-store-type-dialog.png b/docsource/images/RFORA-advanced-store-type-dialog.png index 4827627b..368f75c1 100644 Binary files a/docsource/images/RFORA-advanced-store-type-dialog.png and b/docsource/images/RFORA-advanced-store-type-dialog.png differ diff --git a/docsource/images/RFORA-basic-store-type-dialog.png b/docsource/images/RFORA-basic-store-type-dialog.png index 77a6ef00..7c8a871b 100644 Binary files a/docsource/images/RFORA-basic-store-type-dialog.png and b/docsource/images/RFORA-basic-store-type-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-IncludePortInSPN-dialog.png b/docsource/images/RFORA-custom-field-IncludePortInSPN-dialog.png index 797d7945..db183e33 100644 Binary files a/docsource/images/RFORA-custom-field-IncludePortInSPN-dialog.png and b/docsource/images/RFORA-custom-field-IncludePortInSPN-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-IncludePortInSPN-validation-options-dialog.png b/docsource/images/RFORA-custom-field-IncludePortInSPN-validation-options-dialog.png new file mode 100644 index 00000000..d23bcd2a Binary files /dev/null and b/docsource/images/RFORA-custom-field-IncludePortInSPN-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png b/docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png index 524fcdef..a1b84b34 100644 Binary files a/docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png and b/docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png b/docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..19c86e9f Binary files /dev/null and b/docsource/images/RFORA-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png b/docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png index 6c478b2e..3b3e3e3c 100644 Binary files a/docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png and b/docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png b/docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..3eb0d190 Binary files /dev/null and b/docsource/images/RFORA-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-RemoveRootCertificate-dialog.png b/docsource/images/RFORA-custom-field-RemoveRootCertificate-dialog.png index 4dfdaab7..f4040ace 100644 Binary files a/docsource/images/RFORA-custom-field-RemoveRootCertificate-dialog.png and b/docsource/images/RFORA-custom-field-RemoveRootCertificate-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-RemoveRootCertificate-validation-options-dialog.png b/docsource/images/RFORA-custom-field-RemoveRootCertificate-validation-options-dialog.png new file mode 100644 index 00000000..c4d765cd Binary files /dev/null and b/docsource/images/RFORA-custom-field-RemoveRootCertificate-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-SSHPort-dialog.png b/docsource/images/RFORA-custom-field-SSHPort-dialog.png index beeed39a..0ad88003 100644 Binary files a/docsource/images/RFORA-custom-field-SSHPort-dialog.png and b/docsource/images/RFORA-custom-field-SSHPort-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-SSHPort-validation-options-dialog.png b/docsource/images/RFORA-custom-field-SSHPort-validation-options-dialog.png new file mode 100644 index 00000000..154ce416 Binary files /dev/null and b/docsource/images/RFORA-custom-field-SSHPort-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-SudoImpersonatingUser-dialog.png b/docsource/images/RFORA-custom-field-SudoImpersonatingUser-dialog.png index 3f7a63a2..577285c5 100644 Binary files a/docsource/images/RFORA-custom-field-SudoImpersonatingUser-dialog.png and b/docsource/images/RFORA-custom-field-SudoImpersonatingUser-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-SudoImpersonatingUser-validation-options-dialog.png b/docsource/images/RFORA-custom-field-SudoImpersonatingUser-validation-options-dialog.png new file mode 100644 index 00000000..b61c749b Binary files /dev/null and b/docsource/images/RFORA-custom-field-SudoImpersonatingUser-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-UseShellCommands-dialog.png b/docsource/images/RFORA-custom-field-UseShellCommands-dialog.png index 69c67135..7e530470 100644 Binary files a/docsource/images/RFORA-custom-field-UseShellCommands-dialog.png and b/docsource/images/RFORA-custom-field-UseShellCommands-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-UseShellCommands-validation-options-dialog.png b/docsource/images/RFORA-custom-field-UseShellCommands-validation-options-dialog.png new file mode 100644 index 00000000..e7e9edf3 Binary files /dev/null and b/docsource/images/RFORA-custom-field-UseShellCommands-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-WorkFolder-dialog.png b/docsource/images/RFORA-custom-field-WorkFolder-dialog.png index b2d1e339..219fd102 100644 Binary files a/docsource/images/RFORA-custom-field-WorkFolder-dialog.png and b/docsource/images/RFORA-custom-field-WorkFolder-dialog.png differ diff --git a/docsource/images/RFORA-custom-field-WorkFolder-validation-options-dialog.png b/docsource/images/RFORA-custom-field-WorkFolder-validation-options-dialog.png new file mode 100644 index 00000000..ffad373c Binary files /dev/null and b/docsource/images/RFORA-custom-field-WorkFolder-validation-options-dialog.png differ diff --git a/docsource/images/RFORA-custom-fields-store-type-dialog.png b/docsource/images/RFORA-custom-fields-store-type-dialog.png index c6517879..1bf005ea 100644 Binary files a/docsource/images/RFORA-custom-fields-store-type-dialog.png and b/docsource/images/RFORA-custom-fields-store-type-dialog.png differ diff --git a/docsource/images/RFPEM-advanced-store-type-dialog.png b/docsource/images/RFPEM-advanced-store-type-dialog.png index 90001473..1800c178 100644 Binary files a/docsource/images/RFPEM-advanced-store-type-dialog.png and b/docsource/images/RFPEM-advanced-store-type-dialog.png differ diff --git a/docsource/images/RFPEM-basic-store-type-dialog.png b/docsource/images/RFPEM-basic-store-type-dialog.png index fbe56b2f..11ada246 100644 Binary files a/docsource/images/RFPEM-basic-store-type-dialog.png and b/docsource/images/RFPEM-basic-store-type-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-dialog.png b/docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-dialog.png index aae01996..03d00b6f 100644 Binary files a/docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-dialog.png and b/docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-validation-options-dialog.png new file mode 100644 index 00000000..154ce416 Binary files /dev/null and b/docsource/images/RFPEM-custom-field-IgnorePrivateKeyOnInventory-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IncludePortInSPN-dialog.png b/docsource/images/RFPEM-custom-field-IncludePortInSPN-dialog.png index 8283782e..9c00d24d 100644 Binary files a/docsource/images/RFPEM-custom-field-IncludePortInSPN-dialog.png and b/docsource/images/RFPEM-custom-field-IncludePortInSPN-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IncludePortInSPN-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-IncludePortInSPN-validation-options-dialog.png new file mode 100644 index 00000000..fc2630ff Binary files /dev/null and b/docsource/images/RFPEM-custom-field-IncludePortInSPN-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IncludesChain-dialog.png b/docsource/images/RFPEM-custom-field-IncludesChain-dialog.png index b9cb9c42..ee9aef72 100644 Binary files a/docsource/images/RFPEM-custom-field-IncludesChain-dialog.png and b/docsource/images/RFPEM-custom-field-IncludesChain-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IncludesChain-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-IncludesChain-validation-options-dialog.png new file mode 100644 index 00000000..c4d765cd Binary files /dev/null and b/docsource/images/RFPEM-custom-field-IncludesChain-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IsTrustStore-dialog.png b/docsource/images/RFPEM-custom-field-IsTrustStore-dialog.png index 1edc4603..cbb28db5 100644 Binary files a/docsource/images/RFPEM-custom-field-IsTrustStore-dialog.png and b/docsource/images/RFPEM-custom-field-IsTrustStore-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-IsTrustStore-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-IsTrustStore-validation-options-dialog.png new file mode 100644 index 00000000..e178f8c6 Binary files /dev/null and b/docsource/images/RFPEM-custom-field-IsTrustStore-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png b/docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png index 524fcdef..a1b84b34 100644 Binary files a/docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png and b/docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..19c86e9f Binary files /dev/null and b/docsource/images/RFPEM-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png b/docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png index 6c478b2e..3b3e3e3c 100644 Binary files a/docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png and b/docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..3eb0d190 Binary files /dev/null and b/docsource/images/RFPEM-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-PostJobApplicationRestart-dialog.png b/docsource/images/RFPEM-custom-field-PostJobApplicationRestart-dialog.png new file mode 100644 index 00000000..6a6baaad Binary files /dev/null and b/docsource/images/RFPEM-custom-field-PostJobApplicationRestart-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-PostJobApplicationRestart-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-PostJobApplicationRestart-validation-options-dialog.png new file mode 100644 index 00000000..e73a5df5 Binary files /dev/null and b/docsource/images/RFPEM-custom-field-PostJobApplicationRestart-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-RemoveRootCertificate-dialog.png b/docsource/images/RFPEM-custom-field-RemoveRootCertificate-dialog.png index 5e9a912e..0f49566a 100644 Binary files a/docsource/images/RFPEM-custom-field-RemoveRootCertificate-dialog.png and b/docsource/images/RFPEM-custom-field-RemoveRootCertificate-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-RemoveRootCertificate-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-RemoveRootCertificate-validation-options-dialog.png new file mode 100644 index 00000000..e7e9edf3 Binary files /dev/null and b/docsource/images/RFPEM-custom-field-RemoveRootCertificate-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-SSHPort-dialog.png b/docsource/images/RFPEM-custom-field-SSHPort-dialog.png index 812439f1..4fabca8d 100644 Binary files a/docsource/images/RFPEM-custom-field-SSHPort-dialog.png and b/docsource/images/RFPEM-custom-field-SSHPort-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-SSHPort-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-SSHPort-validation-options-dialog.png new file mode 100644 index 00000000..e73a5df5 Binary files /dev/null and b/docsource/images/RFPEM-custom-field-SSHPort-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-dialog.png b/docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-dialog.png index 0db9e6c6..cb7948d2 100644 Binary files a/docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-dialog.png and b/docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png new file mode 100644 index 00000000..d23bcd2a Binary files /dev/null and b/docsource/images/RFPEM-custom-field-SeparatePrivateKeyFilePath-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-SudoImpersonatingUser-dialog.png b/docsource/images/RFPEM-custom-field-SudoImpersonatingUser-dialog.png index 3f7a63a2..577285c5 100644 Binary files a/docsource/images/RFPEM-custom-field-SudoImpersonatingUser-dialog.png and b/docsource/images/RFPEM-custom-field-SudoImpersonatingUser-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-SudoImpersonatingUser-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-SudoImpersonatingUser-validation-options-dialog.png new file mode 100644 index 00000000..b61c749b Binary files /dev/null and b/docsource/images/RFPEM-custom-field-SudoImpersonatingUser-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-UseShellCommands-dialog.png b/docsource/images/RFPEM-custom-field-UseShellCommands-dialog.png index 1fe9d0f9..1e81cb1a 100644 Binary files a/docsource/images/RFPEM-custom-field-UseShellCommands-dialog.png and b/docsource/images/RFPEM-custom-field-UseShellCommands-dialog.png differ diff --git a/docsource/images/RFPEM-custom-field-UseShellCommands-validation-options-dialog.png b/docsource/images/RFPEM-custom-field-UseShellCommands-validation-options-dialog.png new file mode 100644 index 00000000..e73a5df5 Binary files /dev/null and b/docsource/images/RFPEM-custom-field-UseShellCommands-validation-options-dialog.png differ diff --git a/docsource/images/RFPEM-custom-fields-store-type-dialog.png b/docsource/images/RFPEM-custom-fields-store-type-dialog.png index 65bb2379..a40181c7 100644 Binary files a/docsource/images/RFPEM-custom-fields-store-type-dialog.png and b/docsource/images/RFPEM-custom-fields-store-type-dialog.png differ diff --git a/docsource/images/RFPkcs12-advanced-store-type-dialog.png b/docsource/images/RFPkcs12-advanced-store-type-dialog.png index 4827627b..368f75c1 100644 Binary files a/docsource/images/RFPkcs12-advanced-store-type-dialog.png and b/docsource/images/RFPkcs12-advanced-store-type-dialog.png differ diff --git a/docsource/images/RFPkcs12-basic-store-type-dialog.png b/docsource/images/RFPkcs12-basic-store-type-dialog.png index db07a572..1bcfef6e 100644 Binary files a/docsource/images/RFPkcs12-basic-store-type-dialog.png and b/docsource/images/RFPkcs12-basic-store-type-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-IncludePortInSPN-dialog.png b/docsource/images/RFPkcs12-custom-field-IncludePortInSPN-dialog.png index 96cbd5a4..67aebc59 100644 Binary files a/docsource/images/RFPkcs12-custom-field-IncludePortInSPN-dialog.png and b/docsource/images/RFPkcs12-custom-field-IncludePortInSPN-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-IncludePortInSPN-validation-options-dialog.png b/docsource/images/RFPkcs12-custom-field-IncludePortInSPN-validation-options-dialog.png new file mode 100644 index 00000000..c4d765cd Binary files /dev/null and b/docsource/images/RFPkcs12-custom-field-IncludePortInSPN-validation-options-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png b/docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png index 524fcdef..a1b84b34 100644 Binary files a/docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png and b/docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png b/docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..19c86e9f Binary files /dev/null and b/docsource/images/RFPkcs12-custom-field-LinuxFileOwnerOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png b/docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png index 6c478b2e..3b3e3e3c 100644 Binary files a/docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png and b/docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png b/docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png new file mode 100644 index 00000000..3eb0d190 Binary files /dev/null and b/docsource/images/RFPkcs12-custom-field-LinuxFilePermissionsOnStoreCreation-validation-options-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-dialog.png b/docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-dialog.png index 49e337c9..58529555 100644 Binary files a/docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-dialog.png and b/docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-validation-options-dialog.png b/docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-validation-options-dialog.png new file mode 100644 index 00000000..e178f8c6 Binary files /dev/null and b/docsource/images/RFPkcs12-custom-field-RemoveRootCertificate-validation-options-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-SSHPort-dialog.png b/docsource/images/RFPkcs12-custom-field-SSHPort-dialog.png index 2218397b..8a2dbb83 100644 Binary files a/docsource/images/RFPkcs12-custom-field-SSHPort-dialog.png and b/docsource/images/RFPkcs12-custom-field-SSHPort-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-SSHPort-validation-options-dialog.png b/docsource/images/RFPkcs12-custom-field-SSHPort-validation-options-dialog.png new file mode 100644 index 00000000..d23bcd2a Binary files /dev/null and b/docsource/images/RFPkcs12-custom-field-SSHPort-validation-options-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-dialog.png b/docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-dialog.png index 3f7a63a2..577285c5 100644 Binary files a/docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-dialog.png and b/docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-validation-options-dialog.png b/docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-validation-options-dialog.png new file mode 100644 index 00000000..b61c749b Binary files /dev/null and b/docsource/images/RFPkcs12-custom-field-SudoImpersonatingUser-validation-options-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-UseShellCommands-dialog.png b/docsource/images/RFPkcs12-custom-field-UseShellCommands-dialog.png index 9d27c5a5..8ff23087 100644 Binary files a/docsource/images/RFPkcs12-custom-field-UseShellCommands-dialog.png and b/docsource/images/RFPkcs12-custom-field-UseShellCommands-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-field-UseShellCommands-validation-options-dialog.png b/docsource/images/RFPkcs12-custom-field-UseShellCommands-validation-options-dialog.png new file mode 100644 index 00000000..154ce416 Binary files /dev/null and b/docsource/images/RFPkcs12-custom-field-UseShellCommands-validation-options-dialog.png differ diff --git a/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png b/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png index d003aeb1..cf02335f 100644 Binary files a/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png and b/docsource/images/RFPkcs12-custom-fields-store-type-dialog.png differ diff --git a/integration-manifest.json b/integration-manifest.json index 5601c635..ec8f8d51 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -123,6 +123,15 @@ "Type": "Bool", "DefaultValue": "True", "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" + }, + { + "Name": "PostJobApplicationRestart", + "DisplayName": "Post Job Application Restart", + "Required": false, + "DependsOn": "", + "Type": "MultipleChoice", + "DefaultValue": "Apache Tomcat Restart,Jetty Restart", + "Description": "Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired." } ], "EntryParameters": [], @@ -273,6 +282,15 @@ "Type": "Bool", "DefaultValue": "True", "Description": "Recommended to be set to the default value of 'Y'. For a detailed explanation of this setting, please refer to [Use Shell Commands Setting](#use-shell-commands-setting)" + }, + { + "Name": "PostJobApplicationRestart", + "DisplayName": "Post Job Application Restart", + "Required": false, + "DependsOn": "", + "Type": "MultipleChoice", + "DefaultValue": "Apache HTTPD Restart,NGNIX Restart,HAProxy Restart,Envoy Proxy Restart", + "Description": "Select the command to be run after a Management Add or ODKG job executes. Leave unselected if no command is desired." } ], "EntryParameters": [],