Ab#72824 #64
Merged
Ab#72824 #64
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* ab#71127 * Update generated docs --------- Co-authored-by: Lee Fine <lfine@keyfactor.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
* Update generated docs * Ab#71127 (#59) * ab#71127 * Update generated docs --------- Co-authored-by: Lee Fine <lfine@keyfactor.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> * Update generated docs * ab#72700 * ab#72700 * Update generated docs --------- Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> Co-authored-by: Lee Fine <lfine@keyfactor.com>
Release 1.8.1
# Conflicts: # CHANGELOG.md # README.md # docsource/f5-sl-rest.md
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
spbsoluble
approved these changes
Jul 7, 2025
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new read-only SSLProfiles entry parameter for F5 SSL certificate stores, updates related documentation, and refactors inventory logic to associate certificates with SSL profiles.
- Add the
SSLProfilesentry parameter tointegration-manifest.json. - Update documentation (
*.md) to describe the new parameter, correct store path instructions, and note HA limitations. - Refactor inventory code: introduce
F5SSLCertificatemodels, replaceGetSSLProfilescall inInventory.cs, and enhanceF5Clientto fetch and attach profile associations.
Reviewed Changes
Copilot reviewed 11 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| integration-manifest.json | Added SSLProfiles entry parameter under F5-SL-REST |
| docsource/f5-ws-rest.md | Added overview paragraph for WS store |
| docsource/f5-sl-rest.md | Added overview paragraph for SSL Profiles store |
| docsource/f5-ca-rest.md | Added overview paragraph for CA Bundles store |
| docsource/content.md | Replaced legacy bullet list with unified overview |
| README.md | Synced README with new docs and parameter tables |
| SSLProfile/Inventory.cs | Switched from GetSSLProfiles(20) to GetCertificateEntries(50) |
| F5DataModels.cs | Added F5SSLCertificate and updated F5SSLProfile |
| F5Client.cs | Implemented certificate pagination and profile mapping |
| .github/workflows/keyfactor-starter-workflow.yml | Updated workflow version and added Doctool secrets |
Comments suppressed due to low confidence (6)
docsource/f5-ws-rest.md:3
- [nitpick] Rephrase to avoid double-negative: e.g., "adding a new certificate when none exists is not supported due to F5 limitations."
The F5-WS-REST certificate store type manages the TLS certificate bound to the F5 administration website. While replacing the existing website certificate is supported, adding a new certificate if one is not already present is not due to F5 limitations.
docsource/f5-sl-rest.md:3
- Correct subject–verb agreement: change "Renewals ... is supported" to "Renewals ... are supported".
The F5-SL-REST certificate store type manages F5 Big IP TLS certificates. Renewals of bound certificates is supported, but adding new bindings for new or replacement certificates is not. This store type **does** track the SSL Profiles a certificate is bound to by way of the SSL Profiles entry parameter. Inventory jobs will return a comma delimited list of SSL Profile names that each certificate is bound to and return this in the SSLProfiles entry parameter.
docsource/content.md:3
- Remove duplicated word: change "orchestrator orchestrator" to just "orchestrator extension".
The f5-rest-orchestrator orchestrator extension manages various types of certificates on a F5 Big IP device (version 15 or later). TLS certificates, CA bundles, and the TLS certificate bound to the administrative website can all be managed with this integration within the scope described in the sections below. One important note, this integration DOES NOT manage high availability (HA) failover between primary and secondary nodes. If syncing between primary and secondary nodes is desired, this must either be handled within your F5 Big IP instance itself, or you can set up a Keyfactor Command certificate store for each node (primary and secondary) and manage each separately.
README.md:91
- Fix verb form: change "created" to "create".
`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types.
F5Client.cs:96
- Logging full Base64 certificate can expose sensitive data; remove or sanitize this trace log.
LogHandlerCommon.Trace(logger, CertificateStore, $"*** CERT CONTENTS: *** {b64Certificate}");
.github/workflows/keyfactor-starter-workflow.yml:14
- Pin the action to a specific version tag or commit SHA instead of the generic
screenshotstag to ensure reproducible builds.
uses: keyfactor/actions/.github/workflows/starter.yml@screenshots
integration-manifest.json
Outdated
| "DependsOn": "", | ||
| "DefaultValue": "", | ||
| "Options": "", | ||
| "Description": "One to many comma delmited F5 SSL Profile names the certificate is bound to" |
There was a problem hiding this comment.
Fix typo: change "delmited" to "delimited" in the description.
Suggested change
| "Description": "One to many comma delmited F5 SSL Profile names the certificate is bound to" | |
| "Description": "One to many comma delimited F5 SSL Profile names the certificate is bound to" |
Copilot uses AI. Check for mistakes.
SSLProfile/Inventory.cs
Outdated
| @@ -45,7 +45,7 @@ public override JobResult ProcessJob(InventoryJobConfiguration config, SubmitInv | |||
| ValidateF5Release(logger, JobConfig.CertificateStoreDetails, f5); | |||
|
|
|||
| LogHandlerCommon.Debug(logger, JobConfig.CertificateStoreDetails, $"Getting inventory from '{config.CertificateStoreDetails.StorePath}'"); | |||
| inventory = f5.GetSSLProfiles(20); | |||
| inventory = f5.GetCertificateEntries(50); | |||
There was a problem hiding this comment.
[nitpick] Avoid hardcoded page size; consider extracting the literal 50 into a named constant or configuration.
Suggested change
| inventory = f5.GetCertificateEntries(50); | |
| inventory = f5.GetCertificateEntries(DefaultPageSize); |
Copilot uses AI. Check for mistakes.
F5Client.cs
Outdated
| pagedProfiles = REST.Get<F5PagedSSLProfiles>(query); | ||
| } | ||
|
|
||
| LogHandlerCommon.MethodExit(logger, CertificateStore, "GetCertificateEntries"); |
There was a problem hiding this comment.
Mismatched exit method name: in GetSSLProfiles, the exit log still references GetCertificateEntries.
Suggested change
| LogHandlerCommon.MethodExit(logger, CertificateStore, "GetCertificateEntries"); | |
| LogHandlerCommon.MethodExit(logger, CertificateStore, "GetSSLProfiles"); |
Copilot uses AI. Check for mistakes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.