Merge 1.0.1 to main (#4)

* feat: release 1.0 (#1)

The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.0.1

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

Author: 3 people

.gitignore

@@ -328,3 +328,5 @@ ASALocalRun/
 
 # MFractors (Xamarin productivity tool) working folder 
 .mfractor/
+.claude/settings.local.json
+sample change.txt

CHANGELOG.md

@@ -1,2 +1,5 @@
+# v1.0.1
+* SaaS Containerization Fixes, added enabled flag cleaned up some log messages
+
 # v1.0.0
 * Initial Release.  Sync, Enroll, and Revocation. 

HydrantCAProxy/HydrantIdCAPlugin.cs

@@ -29,6 +29,7 @@ public class HydrantIdCAPlugin : IAnyCAPlugin
         private RequestManager _requestManager;
         private IAnyCAPluginConfigProvider Config { get; set; }
         private ICertificateDataReader certDataReader;
+        private HydrantIdCAPluginConfig.Config _config;
 
         public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDataReader certificateDataReader)
         {
@@ -37,10 +38,13 @@ public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDa
             {
                 certDataReader = certificateDataReader;
                 Config = configProvider;
+                var rawData = JsonConvert.SerializeObject(configProvider.CAConnectionData);
+                _config = JsonConvert.DeserializeObject<HydrantIdCAPluginConfig.Config>(rawData);
+                _logger.LogTrace($"Initialize - Enabled: {_config.Enabled}");
             }
             catch (Exception ex)
             {
-                _logger.LogError($"Failed to initialize GCP CAS CAPlugin: {ex}");
+                _logger.LogError($"Failed to initialize HydrantId CAPlugin: {ex}");
             }
         }
 
@@ -58,23 +62,39 @@ private static List<string> CheckRequiredValues(Dictionary<string, object> conne
 
         public async Task Ping()
         {
-
+            _logger.MethodEntry();
+            if (!_config.Enabled)
+            {
+                _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping connectivity test...");
+                _logger.MethodExit(LogLevel.Trace);
+                return;
+            }
+            _logger.LogDebug("Pinging HydrantId to validate connection");
+            _logger.MethodExit();
         }
 
         public Task ValidateCAConnectionInfo(Dictionary<string, object> connectionInfo)
         {
             _logger.MethodEntry();
-            _logger.LogDebug($"Validating GCP CAS CA Connection properties");
+            _logger.LogDebug($"Validating HydrantId CA Connection properties");
             var rawData = JsonConvert.SerializeObject(connectionInfo);
-            HydrantIdCAPluginConfig.Config config = JsonConvert.DeserializeObject<HydrantIdCAPluginConfig.Config>(rawData);
+            _config = JsonConvert.DeserializeObject<HydrantIdCAPluginConfig.Config>(rawData);
 
-            _logger.LogTrace($"HydrantIdClientFromCAConnectionData - HydrantIdBaseUrl: {config.HydrantIdBaseUrl}");
+            _logger.LogTrace($"HydrantIdClientFromCAConnectionData - HydrantIdBaseUrl: {_config.HydrantIdBaseUrl}");
+            _logger.LogTrace($"HydrantIdClientFromCAConnectionData - Enabled: {_config.Enabled}");
+
+            if (!_config.Enabled)
+            {
+                _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping config validation...");
+                _logger.MethodExit();
+                return Task.CompletedTask;
+            }
 
             List<string> missingFields = new List<string>();
 
-            if (string.IsNullOrEmpty(config.HydrantIdBaseUrl)) missingFields.Add(nameof(config.HydrantIdBaseUrl));
-            if (string.IsNullOrEmpty(config.HydrantIdAuthId)) missingFields.Add(nameof(config.HydrantIdAuthId));
-            if (string.IsNullOrEmpty(config.HydrantIdAuthKey)) missingFields.Add(nameof(config.HydrantIdAuthKey));
+            if (string.IsNullOrEmpty(_config.HydrantIdBaseUrl)) missingFields.Add(nameof(_config.HydrantIdBaseUrl));
+            if (string.IsNullOrEmpty(_config.HydrantIdAuthId)) missingFields.Add(nameof(_config.HydrantIdAuthId));
+            if (string.IsNullOrEmpty(_config.HydrantIdAuthKey)) missingFields.Add(nameof(_config.HydrantIdAuthKey));
 
             if (missingFields.Count > 0)
             {

HydrantCAProxy/HydrantIdCAPluginConfig.cs

@@ -28,13 +28,15 @@ public class ConfigConstants
             public static string HydrantIdAuthId = "HydrantIdAuthId";
             public static string HydrantIdAuthKey = "HydrantIdAuthKey";
             public static string DefaultPageSize = "DefaultPageSize";
+            public static string Enabled = "Enabled";
         }
 
         public class Config
         {
             public string HydrantIdBaseUrl { get; set; }
             public string HydrantIdAuthId { get; set; }
             public string HydrantIdAuthKey { get; set; }
+            public bool Enabled { get; set; }
         }
 
         public static class EnrollmentParametersConstants
@@ -68,6 +70,13 @@ public static Dictionary<string, PropertyConfigInfo> GetPluginAnnotations()
                     Hidden = true,
                     DefaultValue = "",
                     Type = "Secret"
+                },
+                [ConfigConstants.Enabled] = new PropertyConfigInfo()
+                {
+                    Comments = "Flag to Enable or Disable the CA connector.",
+                    Hidden = false,
+                    DefaultValue = true,
+                    Type = "Bool"
                 }
             };
         }

README.md

@@ -260,6 +260,7 @@ The plugin supports the following standard CRL revocation reasons:
         * **HydrantIdBaseUrl** - The Base URL For the HydrantId Endpoint similar to https://acm-stage.hydrantid.com.  Get this from HydrantId. 
         * **HydrantIdAuthId** - The AuthId Obtained from HydrantId. 
         * **HydrantIdAuthKey** - The AuthKey Obtained from HydrantId. 
+        * **Enabled** - Flag to Enable or Disable the CA connector. 
 
 2. ### Template (Product) Configuration
 

integration-manifest.json

@@ -24,6 +24,10 @@
                 {
                     "name": "HydrantIdAuthKey",
                     "description": "The AuthKey Obtained from HydrantId."
+                },
+                {
+                    "name": "Enabled",
+                    "description": "Flag to Enable or Disable the CA connector."
                 }
             ],
             "enrollment_config": [