chore(ci): Add dependabot.yml.

chore(examples): Dev cluster add more enrollments and deployments for `K8STLSSecr` store types.
fix(discovery): Add support for `UseSSL` from discovery job. This will allow the k8s client to specify `SkipTlsVerify` when calling the k8s API.
chore(deps): Update pacakge versions to latest.
chore: General linting and increase logging verbosity.

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# See GitHub's documentation for more information on this file:
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"

TestConsole/TestConsole.csproj

@@ -11,7 +11,7 @@
     </ItemGroup>
 
     <ItemGroup>
-      <PackageReference Include="Moq" Version="4.18.4" />
+      <PackageReference Include="Moq" Version="4.20.70" />
     </ItemGroup>
 
 </Project>

dev_k8s_cluster/keyfactor_command/enrollments.tf

@@ -1,11 +1,91 @@
+resource "keyfactor_certificate" "pfx_enrollment_00" {
+  common_name           = "K8S PFX Enrollment Certificate 01"
+  country               = "US"
+  state                 = "Ohio"
+  locality              = "Cleveland"
+  organization          = "Keyfactor"
+  organizational_unit   = "Engineering"
+  dns_sans              = ["K8S PFX Enrollment Certificate 00"]
+  // Please don't use this password in production pass in an environmental variable or something
+  certificate_authority = "${var.default_ca_domain}\\${var.default_cert_ca}"
+  certificate_template  = var.webserver_template
+  metadata              = {
+    "Email-Contact" = "terraform@example.com"
+  }
+}
+
 resource "keyfactor_certificate" "pfx_enrollment_01" {
+  common_name           = "K8S PFX Enrollment Certificate 01"
+  country               = "US"
+  state                 = "Ohio"
+  locality              = "Cleveland"
+  organization          = "Keyfactor"
+  organizational_unit   = "Engineering"
+  dns_sans              = ["K8S PFX Enrollment Certificate 01"]
+  // Please don't use this password in production pass in an environmental variable or something
+  certificate_authority = "${var.default_ca_domain}\\${var.default_cert_ca}"
+  certificate_template  = var.webserver_template
+  metadata              = {
+    "Email-Contact" = "terraform@example.com"
+  }
+}
+
+resource "keyfactor_certificate" "pfx_enrollment_02" {
+  common_name           = "K8S PFX Enrollment Certificate 02"
+  country               = "US"
+  state                 = "Ohio"
+  locality              = "Cleveland"
+  organization          = "Keyfactor"
+  organizational_unit   = "Engineering"
+  dns_sans              = ["K8S PFX Enrollment Certificate 02"]
+  // Please don't use this password in production pass in an environmental variable or something
+  certificate_authority = "${var.default_ca_domain}\\${var.default_cert_ca}"
+  certificate_template  = var.webserver_template
+  metadata              = {
+    "Email-Contact" = "terraform@example.com"
+  }
+}
+
+resource "keyfactor_certificate" "pfx_enrollment_03" {
+  common_name           = "K8S PFX Enrollment Certificate 03"
+  country               = "US"
+  state                 = "Ohio"
+  locality              = "Cleveland"
+  organization          = "Keyfactor"
+  organizational_unit   = "Engineering"
+  dns_sans              = ["K8S PFX Enrollment Certificate 03"]
+  // Please don't use this password in production pass in an environmental variable or something
+  certificate_authority = "${var.default_ca_domain}\\${var.default_cert_ca}"
+  certificate_template  = var.webserver_template
+  metadata              = {
+    "Email-Contact" = "terraform@example.com"
+  }
+}
+
+resource "keyfactor_certificate" "pfx_enrollment_04" {
+  common_name           = "K8S PFX Enrollment Certificate 04"
+  country               = "US"
+  state                 = "Ohio"
+  locality              = "Cleveland"
+  organization          = "Keyfactor"
+  organizational_unit   = "Engineering"
+  dns_sans              = ["K8S PFX Enrollment Certificate 04"]
+  // Please don't use this password in production pass in an environmental variable or something
+  certificate_authority = "${var.default_ca_domain}\\${var.default_cert_ca}"
+  certificate_template  = var.webserver_template
+  metadata              = {
+    "Email-Contact" = "terraform@example.com"
+  }
+}
+
+resource "keyfactor_certificate" "pfx_enrollment_05" {
   common_name           = "K8S PFX Enrollment Certificate"
   country               = "US"
   state                 = "Ohio"
   locality              = "Cleveland"
   organization          = "Keyfactor"
   organizational_unit   = "Engineering"
-  dns_sans              = ["K8S PFX Enrollment Certificate"]
+  dns_sans              = ["K8S PFX Enrollment Certificate 05"]
   // Please don't use this password in production pass in an environmental variable or something
   certificate_authority = "${var.default_ca_domain}\\${var.default_cert_ca}"
   certificate_template  = var.webserver_template

dev_k8s_cluster/keyfactor_command/kfc_tlssecr_stores.tf

@@ -0,0 +1,137 @@
+data keyfactor_agent "k8s" {
+  agent_identifier = var.client_machine_name
+}
+
+
+
+resource "keyfactor_certificate_store" "tls_store_00" {
+  client_machine     = data.keyfactor_agent.k8s.client_machine
+  # Orchestrator client name
+  store_path         = "${var.kube_cluster_name}/${var.kube_namespace}/${var.kube_tlssecr_name}00"           # Varies based on store type
+  agent_identifier   = data.keyfactor_agent.k8s.agent_identifier
+  # Orchestrator GUID or Orchestrator ClientMachine
+  store_type         = "K8STLSSecr"                          # Must exist in KeyFactor
+  server_username    = "kubeconfig"
+  server_password    = file(var.kubeconfig_file)
+  server_use_ssl     = true
+  inventory_schedule = "5m"
+  properties         = {
+    KubeSecretType   = "tls_secret"
+#     KubeNamespace    = var.kube_namespace # this SHOULD take precedence over the store_path
+#     KubeSecretName   = var.k8stlssecr_name # this SHOULD take precedence over the store_path
+#     KubeSvcCreds = file(var.kubeconfig_file) # todo: invalid property
+#     SeparateChain    = true # todo: invalid property
+#     IncludeCertChain = true # todo: invalid property
+  }
+}
+
+resource "keyfactor_certificate_deployment" "k8stlssecr_00" {
+  certificate_id       = keyfactor_certificate.pfx_enrollment_00.certificate_id
+  certificate_store_id = keyfactor_certificate_store.tls_store_00.id
+}
+
+
+
+resource "keyfactor_certificate_store" "tls_store_01" {
+  client_machine     = data.keyfactor_agent.k8s.client_machine
+  # Orchestrator client name
+  store_path         = "${var.kube_cluster_name}/${var.kube_namespace}/${var.kube_tlssecr_name}01"           # Varies based on store type
+  agent_identifier   = data.keyfactor_agent.k8s.agent_identifier
+  # Orchestrator GUID or Orchestrator ClientMachine
+  store_type         = "K8STLSSecr"                          # Must exist in KeyFactor
+  server_username    = "kubeconfig"
+  server_password    = file(var.kubeconfig_file)
+  server_use_ssl     = true
+  inventory_schedule = "5m"
+  properties         = {
+    KubeSecretType   = "tls_secret"
+    #     KubeNamespace    = var.kube_namespace # this SHOULD take precedence over the store_path
+    #     KubeSecretName   = var.k8stlssecr_name # this SHOULD take precedence over the store_path
+    #     KubeSvcCreds = file(var.kubeconfig_file) # todo: invalid property
+    #     SeparateChain    = true # todo: invalid property
+    #     IncludeCertChain = true # todo: invalid property
+  }
+}
+
+resource "keyfactor_certificate_deployment" "k8stlssecr_01" {
+  certificate_id       = keyfactor_certificate.pfx_enrollment_01.certificate_id
+  certificate_store_id = keyfactor_certificate_store.tls_store_01.id
+}
+
+resource "keyfactor_certificate_store" "tls_store_02" {
+  client_machine     = data.keyfactor_agent.k8s.client_machine
+  # Orchestrator client name
+  store_path         = "${var.kube_cluster_name}/${var.kube_namespace}/${var.kube_tlssecr_name}02"           # Varies based on store type
+  agent_identifier   = data.keyfactor_agent.k8s.agent_identifier
+  # Orchestrator GUID or Orchestrator ClientMachine
+  store_type         = "K8STLSSecr"                          # Must exist in KeyFactor
+  server_username    = "kubeconfig"
+  server_password    = file(var.kubeconfig_file)
+  server_use_ssl     = true
+  inventory_schedule = "5m"
+  properties         = {
+    KubeSecretType   = "tls_secret"
+    #     KubeNamespace    = var.kube_namespace # this SHOULD take precedence over the store_path
+    #     KubeSecretName   = var.k8stlssecr_name # this SHOULD take precedence over the store_path
+    #     KubeSvcCreds = file(var.kubeconfig_file) # todo: invalid property
+    #     SeparateChain    = true # todo: invalid property
+    #     IncludeCertChain = true # todo: invalid property
+  }
+}
+
+resource "keyfactor_certificate_deployment" "k8stlssecr_02" {
+  certificate_id       = keyfactor_certificate.pfx_enrollment_02.certificate_id
+  certificate_store_id = keyfactor_certificate_store.tls_store_02.id
+}
+
+resource "keyfactor_certificate_store" "tls_store_03" {
+  client_machine     = data.keyfactor_agent.k8s.client_machine
+  # Orchestrator client name
+  store_path         = "${var.kube_cluster_name}/${var.kube_namespace}/${var.kube_tlssecr_name}03"           # Varies based on store type
+  agent_identifier   = data.keyfactor_agent.k8s.agent_identifier
+  # Orchestrator GUID or Orchestrator ClientMachine
+  store_type         = "K8STLSSecr"                          # Must exist in KeyFactor
+  server_username    = "kubeconfig"
+  server_password    = file(var.kubeconfig_file)
+  server_use_ssl     = true
+  inventory_schedule = "5m"
+  properties         = {
+    KubeSecretType   = "tls_secret"
+    #     KubeNamespace    = var.kube_namespace # this SHOULD take precedence over the store_path
+    #     KubeSecretName   = var.k8stlssecr_name # this SHOULD take precedence over the store_path
+    #     KubeSvcCreds = file(var.kubeconfig_file) # todo: invalid property
+    #     SeparateChain    = true # todo: invalid property
+    #     IncludeCertChain = true # todo: invalid property
+  }
+}
+
+resource "keyfactor_certificate_deployment" "k8stlssecr_03" {
+  certificate_id       = keyfactor_certificate.pfx_enrollment_03.certificate_id
+  certificate_store_id = keyfactor_certificate_store.tls_store_03.id
+}
+
+resource "keyfactor_certificate_store" "tls_store_04" {
+  client_machine     = data.keyfactor_agent.k8s.client_machine
+  # Orchestrator client name
+  store_path         = "${var.kube_cluster_name}/${var.kube_namespace}/${var.kube_tlssecr_name}04"           # Varies based on store type
+  agent_identifier   = data.keyfactor_agent.k8s.agent_identifier
+  # Orchestrator GUID or Orchestrator ClientMachine
+  store_type         = "K8STLSSecr"                          # Must exist in KeyFactor
+  server_username    = "kubeconfig"
+  server_password    = file(var.kubeconfig_file)
+  server_use_ssl     = true
+  inventory_schedule = "5m"
+  properties         = {
+    KubeSecretType   = "tls_secret"
+    #     KubeNamespace    = var.kube_namespace # this SHOULD take precedence over the store_path
+    #     KubeSecretName   = var.k8stlssecr_name # this SHOULD take precedence over the store_path
+    #     KubeSvcCreds = file(var.kubeconfig_file) # todo: invalid property
+    #     SeparateChain    = true # todo: invalid property
+    #     IncludeCertChain = true # todo: invalid property
+  }
+}
+
+resource "keyfactor_certificate_deployment" "k8stlssecr_04" {
+  certificate_id       = keyfactor_certificate.pfx_enrollment_04.certificate_id
+  certificate_store_id = keyfactor_certificate_store.tls_store_04.id
+}