Merge pull request #12 from Keyfactor/enabledconfigflg

enabled flag

Author: spbsoluble

CHANGELOG.md

@@ -1,3 +1,6 @@
+- 1.1.0
+    - Enabled Flag For Gateway
+    - Dual Build Support
 - 1.0.0
     - First production release of the Aruba Clearpass AnyCA Gateway REST plugin that implements:
         - CA Sync
@@ -7,3 +10,6 @@
             - Support certificate renewal/re-issuance (new public/private keys with the same or different domain names)
         - Certificate revocation
             - Request revocation of a previously issued certificate
+
+
+

README.md

@@ -54,8 +54,6 @@ The Aruba Clearpass   Gateway AnyCA Gateway REST plugin is supported by Keyfacto
 
 ## Requirements
 
----
-
 ### ClearPass Onboard: Setting Up an API Client
 
 #### Step 1: Access ClearPass Admin Console
@@ -81,7 +79,9 @@ The Aruba Clearpass   Gateway AnyCA Gateway REST plugin is supported by Keyfacto
   - Select **ClearPass REST API - Client will be used for API calls to ClearPass** from the **Operating Mode** dropdown.
 
 - **Operator Profile**:
+
   - Select **Super Administrator** from the **Operator Profile** dropdown.
+
   - This profile will provide the API client with the necessary permissions to interact with ClearPass.
 
 - **Grant Type**:
@@ -94,7 +94,6 @@ The Aruba Clearpass   Gateway AnyCA Gateway REST plugin is supported by Keyfacto
   - **Note:** The client secret is used in the OAuth2 `client_secret` parameter and will be encrypted once stored, so be sure to copy it securely.
 
 #### Step 4: Set Token Lifetimes
-
 - **Access Token Lifetime**:
   - Enter `8` in the **Access Token Lifetime** field.
   - Select **hours** from the dropdown. This means the access token will be valid for 8 hours.
@@ -166,13 +165,16 @@ At the time of writing, there was no API call available to get a list of Certifi
 
 2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [Aruba Clearpass   Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/aruba-clearpass-caplugin/releases/latest) from GitHub.
 
-3. Copy the unzipped directory (usually called `net6.0`) to the Extensions directory:
+3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory:
+
 
     ```shell
+    Depending on your AnyCA Gateway REST version, copy the unzipped directory to one of the following locations:
     Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions
+    Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions
     ```
 
-    > The directory containing the Aruba Clearpass   Gateway AnyCA Gateway REST plugin DLLs (`net6.0`) can be named anything, as long as it is unique within the `Extensions` directory.
+    > The directory containing the Aruba Clearpass   Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory.
 
 4. Restart the AnyCA Gateway REST service.
 
@@ -184,7 +186,7 @@ At the time of writing, there was no API call available to get a list of Certifi
 
     * **Gateway Registration**
 
-        TODO Gateway Registration is a required section
+        Each defined Certificate Authority in the AnyCA Gateway REST can support one issuing certificate authority. Since Aruba ClearPass Onboard has multiple available Certificate Authorities, if you require certificate enrollment from multiple Aruba ClearPass Certificate Authorities, you must define multiple Certificate Authorities in the AnyCA Gateway REST. This will manifest in Command as one Aruba ClearPass CA per defined Certificate Authority.
 
     * **CA Connection**
 
@@ -194,6 +196,7 @@ At the time of writing, there was no API call available to get a list of Certifi
         * **BaseUrl** - Base Url for ClearPass API such as https://url:8443 
         * **ClearPassApiClient** - ClearPass API Client Name 
         * **ClearPassCaId** - ClearPass Ca Id.  Example would be 2. In ClearPass Onboard UI, click edit on the Ca and look at the id in the Url. 
+        * **Enabled** - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available. 
 
 2. Define [Certificate Profiles](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCP-Gateway.htm) and [Certificate Templates](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm) for the Certificate Authority as required. One Certificate Profile must be defined per Certificate Template. It's recommended that each Certificate Profile be named after the Product ID. The Aruba Clearpass   Gateway plugin supports the following product IDs:
 
@@ -205,12 +208,6 @@ At the time of writing, there was no API call available to get a list of Certifi
 
 3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates.
 
-4. In Keyfactor Command (v12.3+), for each imported Certificate Template, follow the [official documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Configuring%20Template%20Options.htm) to define enrollment fields for each of the following parameters:
-
-    * **NumberOfDaysValid** - OPTIONAL: The number of days of validity to use when requesting certs. If not provided, default is 365. 
-
-
-
 
 
 ## License

aruba-clearpass-caplugin.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
-VisualStudioVersion = 16.0.31729.503
+VisualStudioVersion = 17.10.35027.167
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "aruba-clearpass-caplugin", "aruba-clearpass-caplugin/aruba-clearpass-caplugin.csproj", "{9D2D6ED9-4626-430C-879D-0FE0FEBED146}"
 EndProject

aruba-clearpass-caplugin/ArubaClearPassCAPlugin.cs

@@ -1,4 +1,4 @@
-using Keyfactor.AnyGateway.Extensions;
+using Keyfactor.AnyGateway.Extensions;
 using Keyfactor.Extensions.CAPlugin.ArubaClearPass.Client;
 using Keyfactor.Logging;
 using Keyfactor.PKI.Enums.EJBCA;
@@ -128,6 +128,13 @@ public async Task<EnrollmentResult> Enroll(string csr, string subject, Dictionar
         public async Task Ping()
         {
             _logger.MethodEntry(LogLevel.Trace);
+            if (!_config.Enabled)
+            {
+                _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping connectivity test...");
+                _logger.MethodExit(LogLevel.Trace);
+                return;
+            }
+
             try
             {
                 _logger.LogInformation($"Attempting to authenticate");
@@ -159,7 +166,21 @@ public async Task Ping()
 
         public async Task ValidateCAConnectionInfo(Dictionary<string, object> connectionInfo)
         {
-            _logger.LogInformation("Validation successful");
+            try
+            {
+                if (!(bool)connectionInfo[ArubaClearPassConstants.Config.Enabled])
+                {
+                    _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping validation...");
+                    _logger.MethodExit(LogLevel.Trace);
+                    return;
+                }
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError($"Exception: {LogHandler.FlattenException(ex)}");
+            }
+
+            _logger.LogInformation("Validating CA Connection Info");
 
             List<string> errors = new List<string>();
 
@@ -181,7 +202,7 @@ public async Task ValidateCAConnectionInfo(Dictionary<string, object> connection
                 errors.Add("The Base URL needs http:// or https://");
             }
 
-            _logger.LogTrace("Checking the API Secret.");
+            _logger.LogTrace("Checking the API Client.");
             string apiClient = connectionInfo.ContainsKey(ArubaClearPassConstants.Config.ClearPassApiClient) ? (string)connectionInfo[ArubaClearPassConstants.Config.ClearPassApiClient] : string.Empty;
             if (string.IsNullOrWhiteSpace(apiClient))
             {
@@ -245,6 +266,13 @@ public Dictionary<string, PropertyConfigInfo> GetCAConnectorAnnotations()
                     Hidden = false,
                     DefaultValue = "",
                     Type = "String"
+                },
+                [ArubaClearPassConstants.Config.Enabled] = new PropertyConfigInfo() //No Call Available to get a list of the CAs with Ids in API so...
+                {
+                    Comments = "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available.",
+                    Hidden = false,
+                    DefaultValue = true,
+                    Type = "Boolean"
                 }
             };
         }
@@ -280,5 +308,4 @@ Task<AnyCAPluginCertificate> IAnyCAPlugin.GetSingleRecord(string caRequestID)
         }
 
     }
-}
-
+}

aruba-clearpass-caplugin/ArubaClearPassConfig.cs

@@ -11,5 +11,6 @@ public ArubaClearPassConfig()
 		public string BaseUrl { get; set; }
 		public string ClearPassApiClient {  get; set; }
         public string ClearPassCaId { get; set; }
+		public bool Enabled { get; set; } = true;
     }
-}
+}

aruba-clearpass-caplugin/Constants.cs

@@ -8,6 +8,7 @@ public class Config
 			public const string ClearPassApiClient = "ClearPassApiClient";
 			public const string ClientSecret = "ClientSecret";
             public const string ClearPassCaId = "ClearPassCaId";
+            public const string Enabled = "Enabled";
 		}
 
         public class Products
@@ -24,4 +25,4 @@ public class ProductParams
             public const string NumberOfDaysValid = "NumberOfDaysValid";
         }
     }
-}
+}

aruba-clearpass-caplugin/aruba-clearpass-caplugin.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <RootNamespace>Keyfactor.Extensions.CAPlugin.ArubaClearPass</RootNamespace>
     <ImplicitUsings>disable</ImplicitUsings>
     <Nullable>disable</Nullable>

integration-manifest.json

@@ -1,5 +1,5 @@
 {
-    "$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
+    "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json",
     "integration_type": "anyca-plugin",
     "name": "Aruba Clearpass AnyCA REST Gateway Plugin",
     "status": "pilot",
@@ -8,7 +8,8 @@
     "update_catalog": true,
     "description": "Aruba Clearpass plugin for the AnyCA REST Gateway framework",
     "gateway_framework": "24.2.0",
-    "release_dir": "aruba-clearpass-caplugin/bin/Release/net6.0",
+    "release_dir": "aruba-clearpass-caplugin/bin/Release",
+    "release_project": "aruba-clearpass-caplugin/aruba-clearpass-caplugin.csproj",
     "about": {
         "carest": {
             "ca_plugin_config": [
@@ -27,6 +28,10 @@
                 {
                     "name": "ClearPassCaId",
                     "description": "ClearPass Ca Id.  Example would be 2. In ClearPass Onboard UI, click edit on the Ca and look at the id in the Url."
+                },
+                {
+                    "name": "Enabled",
+                    "description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available."
                 }
             ],
             "enrollment_config": [