Merge pull request #55 from Keyfactor/ab#69253

fiddlermikey · web-flow · commit 2e046beaa1dc · 2025-03-24T08:38:23.000-07:00
v1.2.1 approved by Chadd on 91507(https://css-security.lightning.force.com/lightning/r/Case/500Pc00000UfeY5IAJ/view)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+# 1.2.1
+- fix(management): `K8SNS` management jobs handle `storepath` parsed length is less than expected.
+
 # 1.2.0
 
 ## Features
diff --git a/kubernetes-orchestrator-extension/Jobs/JobBase.cs b/kubernetes-orchestrator-extension/Jobs/JobBase.cs
@@ -443,13 +443,13 @@ protected K8SJobCertificate InitJobCertificate(dynamic config)
 
     private static bool IsNamespaceStore(string capability)
     {
-        return capability != null && string.IsNullOrEmpty(capability) &&
+        return !string.IsNullOrEmpty(capability) &&
                capability.Contains("K8SNS", StringComparison.OrdinalIgnoreCase);
     }
 
     private static bool IsClusterStore(string capability)
     {
-        return capability != null && string.IsNullOrEmpty(capability) &&
+        return !string.IsNullOrEmpty(capability) &&
                capability.Contains("K8SCLUSTER", StringComparison.OrdinalIgnoreCase);
     }
 
diff --git a/kubernetes-orchestrator-extension/Jobs/Management.cs b/kubernetes-orchestrator-extension/Jobs/Management.cs
@@ -281,10 +281,10 @@ private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remo
             {
                 if (config.OperationType == CertStoreOperationType.Remove)
                 {
-                    Logger.LogWarning("Secret {Name} not found in Kubernetes so nothing to remove...", KubeSecretName);
+                    Logger.LogWarning("Secret {Name} not found in Kubernetes, nothing to remove...", KubeSecretName);
                     return null;
                 }
-                Logger.LogWarning("Secret {Name} not found in Kubernetes so creating new secret...", KubeSecretName);
+                Logger.LogWarning("Secret {Name} not found in Kubernetes, creating new secret...", KubeSecretName);
             }
         }
 
@@ -548,6 +548,13 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura
                 jobCertObj.Alias = config.JobCertificate.Alias;
                 // Split alias by / and get second to last element KubeSecretType
                 var splitAlias = jobCertObj.Alias.Split("/");
+                if (splitAlias.Length < 2)
+                {
+                    var invalidAliasErrMsg = "Invalid alias format for K8SNS store type. Alias pattern: `<secret_type>/<secret_name>` where `secret_type` is one of 'opaque' or 'tls' and `secret_name` is the name of the secret.";
+                    Logger.LogError(invalidAliasErrMsg);
+                    Logger.LogInformation("End MANAGEMENT job " + config.JobId + " " + invalidAliasErrMsg + " Failed!");
+                    return FailJob(invalidAliasErrMsg, config.JobHistoryId);
+                }
                 KubeSecretType = splitAlias[^2];
                 KubeSecretName = splitAlias[^1];
                 Logger.LogDebug("Handling managment add job for K8SNS secret type '" + KubeSecretType + "(" + jobCertObj.Alias + ")'...");

-Original file line number
+Diff line change
@@ @@ -1,3 +1,6 @@ @@
 +# 1.2.1
 +- fix(management): `K8SNS` management jobs handle `storepath` parsed length is less than expected.
++
 # 1.2.0
 ## Features
Original file line number	Diff line number	Diff line change
`@@ -443,13 +443,13 @@ protected K8SJobCertificate InitJobCertificate(dynamic config)`
`443`	`443`
`444`	`444`	`private static bool IsNamespaceStore(string capability)`
`445`	`445`	`{`
`446`		`- return capability != null && string.IsNullOrEmpty(capability) &&`
	`446`	`+ return !string.IsNullOrEmpty(capability) &&`
`447`	`447`	`capability.Contains("K8SNS", StringComparison.OrdinalIgnoreCase);`
`448`	`448`	`}`
`449`	`449`
`450`	`450`	`private static bool IsClusterStore(string capability)`
`451`	`451`	`{`
`452`		`- return capability != null && string.IsNullOrEmpty(capability) &&`
	`452`	`+ return !string.IsNullOrEmpty(capability) &&`
`453`	`453`	`capability.Contains("K8SCLUSTER", StringComparison.OrdinalIgnoreCase);`
`454`	`454`	`}`
`455`	`455`
Original file line number	Diff line number	Diff line change
`@@ -281,10 +281,10 @@ private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remo`
`281`	`281`	`{`
`282`	`282`	`if (config.OperationType == CertStoreOperationType.Remove)`
`283`	`283`	`{`
`284`		`- Logger.LogWarning("Secret {Name} not found in Kubernetes so nothing to remove...", KubeSecretName);`
	`284`	`+ Logger.LogWarning("Secret {Name} not found in Kubernetes, nothing to remove...", KubeSecretName);`
`285`	`285`	`return null;`
`286`	`286`	`}`
`287`		`- Logger.LogWarning("Secret {Name} not found in Kubernetes so creating new secret...", KubeSecretName);`
	`287`	`+ Logger.LogWarning("Secret {Name} not found in Kubernetes, creating new secret...", KubeSecretName);`
`288`	`288`	`}`
`289`	`289`	`}`
`290`	`290`
`@@ -548,6 +548,13 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura`
`548`	`548`	`jobCertObj.Alias = config.JobCertificate.Alias;`
`549`	`549`	`// Split alias by / and get second to last element KubeSecretType`
`550`	`550`	`var splitAlias = jobCertObj.Alias.Split("/");`
	`551`	`+ if (splitAlias.Length < 2)`
	`552`	`+ {`
	`553`	+ var invalidAliasErrMsg = "Invalid alias format for K8SNS store type. Alias pattern: `<secret_type>/<secret_name>` where `secret_type` is one of 'opaque' or 'tls' and `secret_name` is the name of the secret.";
	`554`	`+ Logger.LogError(invalidAliasErrMsg);`
	`555`	`+ Logger.LogInformation("End MANAGEMENT job " + config.JobId + " " + invalidAliasErrMsg + " Failed!");`
	`556`	`+ return FailJob(invalidAliasErrMsg, config.JobHistoryId);`
	`557`	`+ }`
`551`	`558`	`KubeSecretType = splitAlias[^2];`
`552`	`559`	`KubeSecretName = splitAlias[^1];`
`553`	`560`	`Logger.LogDebug("Handling managment add job for K8SNS secret type '" + KubeSecretType + "(" + jobCertObj.Alias + ")'...");`