flattening exceptions

.github/workflows/keyfactor-bootstrap-workflow.yml → .github/workflows/keyfactor-starter-workflow.yml

@@ -1,4 +1,4 @@
-name: Keyfactor Bootstrap Workflow
+name: Keyfactor Bootstrap Workflow 
 
 on:
   workflow_dispatch:
@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

AzureKeyVault/AzureClient.cs

@@ -81,7 +81,8 @@ private protected virtual CertificateClient CertClient
                     cred = new ClientSecretCredential(VaultProperties.TenantId, VaultProperties.ClientId, VaultProperties.ClientSecret, new ClientSecretCredentialOptions() { AuthorityHost = AzureCloudEndpoint, AdditionallyAllowedTenants = { "*" } });
                     logger.LogTrace("generated credentials");
                 }
-                _certClient = new CertificateClient(new Uri(VaultProperties.VaultURL), credential: cred);
+                var certClientOptions = new CertificateClientOptions() { DisableChallengeResourceVerification = true }; // without this, requests fail when running behind a proxy https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/TROUBLESHOOTING.md#incorrect-challenge-resource 
+                _certClient = new CertificateClient(new Uri(VaultProperties.VaultURL), credential: cred, certClientOptions);
 
                 return _certClient;
             }
@@ -111,7 +112,7 @@ internal protected virtual ArmClient getArmClient(string tenantId)
                 logger.LogTrace("got credentials for service principal identity");
             }
 
-            _mgmtClient = new ArmClient(credential);
+            _mgmtClient = new ArmClient(credential, VaultProperties.SubscriptionId, new ArmClientOptions() { });
             logger.LogTrace("created management client");
             return _mgmtClient;
         }
@@ -219,10 +220,7 @@ public virtual async Task<KeyVaultCertificateWithPolicy> ImportCertificateAsync(
                 logger.LogTrace($"importing created x509 certificate named {1}", certName);
                 logger.LogTrace($"There are {x509Collection.Count} certificates in the chain.");
                 var cert = await CertClient.ImportCertificateAsync(new ImportCertificateOptions(certName, certWithKey));
-
-                // var fullCert = _secretClient.GetSecret(certName);
-                // The certificate must be retrieved as a secret from AKV in order to have the full chain included.
-
+
                 return cert;
             }
             catch (Exception ex)
@@ -278,8 +276,9 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn
             var fullInventoryList = new List<CertificateProperties>();
             var failedCount = 0;
             Exception innerException = null;
-
-            await foreach (var cert in inventory) {
+
+            await foreach (var cert in inventory)
+            {
                 logger.LogTrace($"adding cert with ID: {cert.Id} to the list.");
                 fullInventoryList.Add(cert); // convert to list from pages
             }
@@ -300,23 +299,25 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn
                         PrivateKeyEntry = true,
                         ItemStatus = OrchestratorInventoryItemStatus.Unknown,
                         UseChainLevel = true,
-                        Certificates =  new List<string>() { Convert.ToBase64String(cert.Value.Cer) }
+                        Certificates = new List<string>() { Convert.ToBase64String(cert.Value.Cer) }
                     });
                 }
                 catch (Exception ex)
                 {
                     failedCount++;
                     innerException = ex;
-                    logger.LogError($"Failed to retreive details for certificate {certificate.Name}.  Exception: {ex.Message}");                    
+                    logger.LogError($"Failed to retreive details for certificate {certificate.Name}.  Exception: {ex.Message}");
                     // continuing with inventory instead of throwing, in case there's an issue with a single certificate
                 }
             }
 
-            if (failedCount == fullInventoryList.Count()) {
+            if (failedCount == fullInventoryList.Count())
+            {
                 throw new Exception("Unable to retreive details for certificates.", innerException);
             }
 
-            if (failedCount > 0) {
+            if (failedCount > 0)
+            {
                 logger.LogWarning($"{failedCount} of {fullInventoryList.Count()} certificates were not able to be retreieved.  Please review the errors.");
             }
 

AzureKeyVault/AzureKeyVault.csproj

@@ -1,16 +1,16 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
-		<TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <AssemblyName>Keyfactor.Extensions.Orchestrators.AKV</AssemblyName>
     <RootNamespace>Keyfactor.Extensions.Orchestrator.AzureKeyVault</RootNamespace>
 		<CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
-	  <SignAssembly>false</SignAssembly>
+    <ImplicitUsings>disable</ImplicitUsings>
+    <SignAssembly>false</SignAssembly>
 	  <Copyright />
 	  <PackageLicenseExpression>https://apache.org/licenses/LICENSE-2.0</PackageLicenseExpression>
 	  <PackageLicenseFile></PackageLicenseFile> 
-		<AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
-		<AppendRuntimeIdentifierToOutputPath>false</AppendRuntimeIdentifierToOutputPath>
+		<AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
 	</PropertyGroup>
 
 	<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">

AzureKeyVault/Jobs/Discovery.cs

@@ -41,7 +41,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd
             }
             catch (Exception ex)
             {
-                complete.FailureMessage = ex.Message;
+                complete.FailureMessage = LogHandler.FlattenException(ex);
                 return complete;
             }
 

AzureKeyVault/Jobs/Inventory.cs

@@ -24,7 +24,7 @@ public Inventory(IPAMSecretResolver resolver)
             PamSecretResolver = resolver;
             logger = LogHandler.GetClassLogger<Inventory>();
         }
-        
+
         public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate callBack)
         {
             logger.LogDebug($"Begin Inventory...");
@@ -44,7 +44,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
 
             catch (Exception ex)
             {
-                logger.LogTrace($"an error occured when performing inventory: {ex.Message}");
+                logger.LogTrace($"an error occured when performing inventory: {LogHandler.FlattenException(ex)}");
                 return new JobResult
                 {
                     Result = OrchestratorJobStatusJobResult.Failure,

CHANGELOG.md

@@ -1,6 +1,8 @@
 - 3.1.6
   - Preventing CertStore parameters from getting used if present but empty. 	
   - Improved trace logging
+  - Convert to .net6/8 dual build
+  - Update README to use doctool
 
 - 3.1.5
   - Bug fix for error when adding new cert and overwrite is unchecked