Fix overwrite logic to not attempt duplicate cert add

fixes ab#45827

.github/workflows/keyfactor-starter-workflow.yml

@@ -5,22 +5,49 @@ jobs:
   call-create-github-release-workflow:
     uses: Keyfactor/actions/.github/workflows/github-release.yml@main
 
+  get-manifest-properties:
+    runs-on: windows-latest
+    outputs:
+      update_catalog: ${{ steps.read-json.outputs.update_catalog }}
+      integration_type:  ${{ steps.read-json.outputs.integration_type }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Store json
+        id: read-json
+        shell: pwsh
+        run: |
+          $json = Get-Content integration-manifest.json | ConvertFrom-Json
+          $myvar = $json.update_catalog
+          echo "update_catalog=$myvar" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+          $myvar = $json.integration_type
+          echo "integration_type=$myvar" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+
   call-dotnet-build-and-release-workflow:
     needs: [call-create-github-release-workflow]
     uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main
     with:
       release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
       release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
-      release_dir: AviVantageAnyAgent/AnyAgent/bin/Release # TODO: set build output directory to upload as a release, relative to checkout workspace
+      release_dir: AviVantageAnyAgent/AnyAgent/bin/Release 
     secrets: 
       token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }}
 
   call-generate-readme-workflow:
     if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
     uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
+    secrets:
+      token: ${{ secrets.APPROVE_README_PUSH }}
 
   call-update-catalog-workflow:
-    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+    needs: get-manifest-properties
+    if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
     uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
     secrets: 
       token: ${{ secrets.SDK_SYNC_PAT }}
+
+  call-update-store-types-workflow:
+    needs: get-manifest-properties
+    if: needs.get-manifest-properties.outputs.integration_type == 'orchestrator' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
+    uses: Keyfactor/actions/.github/workflows/update-store-types.yml@main
+    secrets: 
+      token: ${{ secrets.UPDATE_STORE_TYPES }}

AviVantageAnyAgent/AnyAgent/Jobs/Management.cs

@@ -1,4 +1,4 @@
-// Copyright 2021 Keyfactor
+// Copyright 2023 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -58,7 +58,9 @@ private async Task<AnyJobCompleteInfo> AddCertificateAsync(AnyJobJobInfo jobInfo
                 string uuid = null;
                 try
                 {
+                    Logger.Trace($"Looking for existing certificate with name '{jobInfo.Alias}'");
                     SSLKeyAndCertificate foundCert = await Client.GetCertificateByName(jobInfo.Alias);
+                    Logger.Trace($"Found existing certificate with name '{jobInfo.Alias}' and UUID '{foundCert.uuid}'");
                     uuid = foundCert.uuid;
                 }
                 catch (Exception ex)
@@ -73,6 +75,7 @@ private async Task<AnyJobCompleteInfo> AddCertificateAsync(AnyJobJobInfo jobInfo
                     // replace found cert with cert to add
                     try
                     {
+                        Logger.Debug($"Attempting to update existing certificate with name '{jobInfo.Alias}'");
                         await Client.UpdateCertificate(uuid, cert);
                     }
                     catch (Exception ex)
@@ -82,20 +85,34 @@ private async Task<AnyJobCompleteInfo> AddCertificateAsync(AnyJobJobInfo jobInfo
                 }
                 else
                 {
-                    // no cert found
+                    // no cert found to overwrite
                     Logger.Info($"No cert found to overwrite with name '{jobInfo.Alias}'");
+                    // add overwrite certificate as normal
+                    try
+                    {
+                        Logger.Debug($"Adding certificate after finding no existing certificate with name '{jobInfo.Alias}'");
+                        await Client.AddCertificate(cert);
+                    }
+                    catch (Exception ex)
+                    {
+                        return ThrowError(ex, "addition of certificate (with none to overwrite) to Avi Vantage");
+                    }
                 }
             }
-
-            // add new certificate
-            try
-            {
-                await Client.AddCertificate(cert);
-            }
-            catch (Exception ex)
+            else
             {
-                return ThrowError(ex, "addition of new certificate to Avi Vantage");
+                // add new certificate
+                try
+                {
+                    Logger.Debug($"Adding new certificate with name '{jobInfo.Alias}'");
+                    await Client.AddCertificate(cert);
+                }
+                catch (Exception ex)
+                {
+                    return ThrowError(ex, "addition of new certificate to Avi Vantage");
+                }
             }
+
             return Success();
         }
 

CHANGELOG.md

@@ -0,0 +1,9 @@
+1.0.2
+- Fixes a bug in the renewal overwrite process that would fail after overwriting the existing certificate by attempting to add the certificate again
+
+1.0.1
+- Mark explicitly as Windows Orchestrator capability
+- Readme documentation updates for clarity
+
+1.0.0
+- Initial release of orchestrator capability

README.md

@@ -4,20 +4,18 @@ The Avi Vantage Orchestrator allows for the management of certificates stored in
 
 #### Integration status: Production - Ready for use in production environments.
 
-## About the Keyfactor Windows Orchestrator AnyAgent
 
-This repository contains a Windows Orchestrator AnyAgent, which is a plugin to the Keyfactor Windows Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications.
 
-The Windows Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing AnyAgents, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific AnyAgent, see below in this readme.
 
-Note that in Keyfactor Version 9, the Windows Orchestrator have been replaced by the Universal Orchestrator. While this AnyAgent continues to work with the Windows Orchestrator, and the Windows Orchestrator is supported alongside the Universal Orchestrator talking to Keyfactor version 9, AnyAgent plugins cannot be used with the Universal Orchestrator.
 
----
+## Support for Avi Vantage
 
+Avi Vantage is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative.
+
+###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
 
 
 
----
 
 
 # Introduction 

integration-manifest.json

@@ -4,5 +4,7 @@
     "name": "Avi Vantage",
     "status": "production",
     "link_github": true,
+    "update_catalog": true,
+    "support_level": "kf-supported",
     "description": "The Avi Vantage Orchestrator allows for the management of certificates stored in the Avi Vantage ADC solution. Application, System, and CA cert types are supported. Inventory, Management, and Renewal functions are supported."
 }