Merge 1.4.0 to main#14
Conversation
This release enables specifying the VDOM during configuration. NOTE: previously, this defaulted to "root" but no longer does, you must specify the VDOM. --------- Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> Co-authored-by: Lee Fine <lfine@keyfactor.com> Co-authored-by: spbsoluble <1661003+spbsoluble@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR introduces support for managing custom VDOMs (Virtual Domains) in the Fortigate Orchestrator Extension. The changes enable users to specify which VDOM to manage through the Store Path field, which was previously unused. This is a breaking change that requires the Store Path to contain the VDOM value (with "root" as the default).
Key changes:
- Modified Store Path from unused field to VDOM specification field
- Added VDOM validation to prevent operations on globally scoped certificates
- Improved error handling with warnings for partial inventory failures
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| integration-manifest.json | Updated StorePathDescription to explain VDOM requirement |
| docsource/content.md | Updated documentation to reflect VDOM scoping in use cases and limitations |
| README.md | Updated installation instructions and store configuration documentation for VDOM support |
| Fortigate/Management.cs | Added VDOM parameter to FortigateStore initialization and validation |
| Fortigate/Inventory.cs | Added VDOM parameter and error handling for certificate retrieval failures |
| Fortigate/FortigateStore.cs | Implemented VDOM support throughout store operations with validation methods |
| Fortigate/Api/cmdb_certificate_resource.cs | Added vdom property to certificate resource model |
| CHANGELOG.md | Documented v1.4.0 breaking change for VDOM management |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| 3. Ability to replace bound* and unbound local user certificates (usually after renewal in Keyfactor Command) | ||
| 4. Ability to delete **unbound** local user certificates | ||
| The Fortigate Orchestrator Extension supports the following use cases against a specified VDOM: | ||
| 1. Inventory of local user and factory VDOM and globally scoped cerificates |
There was a problem hiding this comment.
Corrected spelling of 'cerificates' to 'certificates'.
| 1. Inventory of local user and factory VDOM and globally scoped cerificates | |
| 1. Inventory of local user and factory VDOM and globally scoped certificates |
| 3. Ability to replace bound* and unbound local user certificates (usually after renewal in Keyfactor Command) | ||
| 4. Ability to delete **unbound** local user certificates | ||
| The Fortigate Orchestrator Extension supports the following use cases against a specified VDOM: | ||
| 1. Inventory of local user and factory VDOM and globally scoped cerificates |
There was a problem hiding this comment.
Corrected spelling of 'cerificates' to 'certificates'.
| 1. Inventory of local user and factory VDOM and globally scoped cerificates | |
| 1. Inventory of local user and factory VDOM and globally scoped certificates |
| 1. **Download the latest Fortigate Universal Orchestrator extension from GitHub.** | ||
|
|
||
| Navigate to the [Fortigate Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/fortigate-orchestrator/releases/latest). Refer to the compatibility matrix below to determine whether the `net6.0` or `net8.0` asset should be downloaded. Then, click the corresponding asset to download the zip archive. | ||
| Navigate to the [Fortigate Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/fortigate-orchestrator/releases/latest). Refer to the compatibility matrix below to determine the asset should be downloaded. Then, click the corresponding asset to download the zip archive. |
There was a problem hiding this comment.
The sentence is grammatically incomplete. It should read "determine which asset should be downloaded" instead of "determine the asset should be downloaded".
| Navigate to the [Fortigate Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/fortigate-orchestrator/releases/latest). Refer to the compatibility matrix below to determine the asset should be downloaded. Then, click the corresponding asset to download the zip archive. | |
| Navigate to the [Fortigate Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/fortigate-orchestrator/releases/latest). Refer to the compatibility matrix below to determine which asset should be downloaded. Then, click the corresponding asset to download the zip archive. |
| | Container | Optional container to associate certificate store with. | | ||
| | Client Machine | The IP address or DNS of the Fortigate server | | ||
| | Store Path | This is not used in this integration, but is a required field in the UI. Just enter any value here | | ||
| | Orchestrator | Select an approved orchestrator capable of managing `Fortigate` certificates. Specifically, one with the `Fortigate` capability. | |
There was a problem hiding this comment.
This row appears to be a duplicate documentation entry. The table already has an "Orchestrator" row at line 241 with identical content. This duplicate entry is placed where "Store Path" documentation should be, causing confusion about the VDOM configuration requirement.
| | Orchestrator | Select an approved orchestrator capable of managing `Fortigate` certificates. Specifically, one with the `Fortigate` capability. | | |
| | Store Path | For Fortigate VDOM configurations, enter the VDOM name or path required by your deployment. For non‑VDOM configurations, leave this blank or use the default path as appropriate. | |
| | Container | Optional container to associate certificate store with. | | ||
| | Client Machine | The IP address or DNS of the Fortigate server | | ||
| | Store Path | This is not used in this integration, but is a required field in the UI. Just enter any value here | | ||
| | Orchestrator | Select an approved orchestrator capable of managing `Fortigate` certificates. Specifically, one with the `Fortigate` capability. | |
There was a problem hiding this comment.
This row appears to be a duplicate documentation entry. The table already has an "Orchestrator" row at line 267 with identical content. This duplicate entry is placed where "Store Path" documentation should be, causing confusion about the VDOM configuration requirement.
| using Keyfactor.Logging; | ||
| using Microsoft.Extensions.Logging; | ||
| using Keyfactor.Orchestrators.Extensions.Interfaces; | ||
| using Org.BouncyCastle.Tls; |
There was a problem hiding this comment.
This import statement for Org.BouncyCastle.Tls appears to be unused in the code. No types from this namespace are referenced in the visible changes to this file.
| using Org.BouncyCastle.Tls; |
Merge release-1.4 to main - Automated PR