Keyfactor
diff --git a/‎.github/workflows/build-and-test.yml‎
Lines changed: 38 additions & 0 deletions b/‎.github/workflows/build-and-test.yml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎.github/workflows/keyfactor-starter-workflow.yml‎
Lines changed: 9 additions & 2 deletions b/‎.github/workflows/keyfactor-starter-workflow.yml‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 17 additions & 11 deletions b/‎CHANGELOG.md‎
Lines changed: 17 additions & 11 deletions
diff --git a/‎PaloAlto.IntegrationTests/BaseIntegrationTest.cs‎
Lines changed: 18 additions & 3 deletions b/‎PaloAlto.IntegrationTests/BaseIntegrationTest.cs‎
Lines changed: 18 additions & 3 deletions
diff --git a/‎PaloAlto.IntegrationTests/InventoryIntegrationTests.cs‎
Lines changed: 7 additions & 1 deletion b/‎PaloAlto.IntegrationTests/InventoryIntegrationTests.cs‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎PaloAlto.IntegrationTests/ManagementIntegrationTests.cs‎
Lines changed: 109 additions & 1 deletion b/‎PaloAlto.IntegrationTests/ManagementIntegrationTests.cs‎
Lines changed: 109 additions & 1 deletion
diff --git a/‎PaloAlto.IntegrationTests/PaloAlto.IntegrationTests.csproj‎
Lines changed: 1 addition & 0 deletions b/‎PaloAlto.IntegrationTests/PaloAlto.IntegrationTests.csproj‎
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,38 @@
+run-name: Build and Test Solution - ${{ github.sha }}
+name: Build and Test Solution
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+    build-and-test-solution:
+      runs-on: ubuntu-latest
+      strategy:
+        matrix:
+            dotnet-version: [ '6.0.x', '8.0.x' ]
+      steps:
+        - name: Checkout Code
+          uses: actions/checkout@v4
+
+        - name: Setup .NET 6
+          uses: actions/setup-dotnet@v4
+          with:
+            dotnet-version: '6.0.x'
+
+        - name: Setup .NET 8
+          uses: actions/setup-dotnet@v4
+          with:
+            dotnet-version: '8.0.x'
+
+        - name: Add Keyfactor NuGet Source
+          run: dotnet nuget add source https://nuget.pkg.github.com/Keyfactor/index.json -n github -u ${{ github.actor }} -p ${{ secrets.V2BUILDTOKEN }} --store-password-in-clear-text
+        
+        - name: Restore Dependencies
+          run: dotnet restore
+
+        - name: Build solution
+          run: dotnet build --no-restore --configuration Release
+
+        - name: Run Unit Tests
+          run: dotnet test --configuration Release --no-build --filter "Category!=Integration"
@@ -11,10 +11,17 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v3
+    uses: keyfactor/actions/.github/workflows/starter.yml@v4
+    with:
+      command_token_url: ${{ vars.COMMAND_TOKEN_URL }}
+      command_hostname: ${{ vars.COMMAND_HOSTNAME }}
+      command_base_api_path: ${{ vars.COMMAND_API_PATH }}
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
-      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
       scan_token: ${{ secrets.SAST_TOKEN }}
+      entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }}
+      entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }}
+      command_client_id: ${{ secrets.COMMAND_CLIENT_ID }}
+      command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }}
@@ -1,47 +1,53 @@
-2.5.0
+# 2.5.1
+Features:
+- Add validation logic for certificate alias length. If targeting Firewall directly, alias length must be less than 64 characters. If targeting Panorama, alias length must be less than 32 characters. This is to prevent errors when pushing certificates to Palo Alto.
+- Increased timeout for checking on job status from 10 minutes to 60 minutes.
+- Improved error handling and logging for commit operations, including more detailed error messages when commits fail.
+
+# 2.5.0
 Features:
 - Add support for multiple Device Groups. You can now specify a comma-delimited list of Device Groups for your Certificate Store. i.e. `Group 1;Group 2;Group 3`.
 - Improved support for validating commit changes are successfully pushed from Panorama to Firewall.
 
-2.4.0
+# 2.4.0
 * .Net 6 and .Net 8 Build Support
 * Documentation Updates
 
-2.3.1
+# 2.3.1
 * Fixed issue where trace logs had extra info in them
 * Fixed issue with chain support when pushing certs to palo
 
-2.3.0
+# 2.3.0
 * Added support for Template Only Commits
 * Added support for Template Stack Commits
 * Added support for ingoring Trusted Default Certs on inventory to speed up the inventory job
 
-2.2.1
+# 2.2.1
 * Fixed URL Encoding on Palo Username and Pwd that caused invalid credentials error
 
-2.2.0
+# 2.2.0
 * Removed support for binding cert to new binding location, can only update certs that are previously bound
 * Support for replacing certs on all binding locations both Panorama and Firewalls as long as it was there before
 * Support for Virtual Systems on Firewalls, tested with only Azure Virtual Version of Firewall
 * Support for Virtual Systems on Panorama Templates
 
-2.1.1
+# 2.1.1
 * Bug - Add Renew Failure Object Reference Error when Adding/Renewing a cert.
 
-2.1.0
+# 2.1.0
 * Support for Pan Level Certficates
 * Support for Pushing Entire Certificate Chain to Panorama
 * Auto Detection of Trusted Root Certificates
 * Fix Inventory Check For Private Key from Dummy to Anything
 
-2.0.1
+# 2.0.1
 * Fix Epoch Time in Model from int to long to prevent inventory errors
 
-2.0.0
+# 2.0.0
 * Support for Panorama or Firewall connectivity
 * Commits changes to the Individual Firewall
 * Support for Panorama push to firewalls
 
-1.0.3
+# 1.0.3
 * Added PAM Support for Orchestrator
 
@@ -1,4 +1,4 @@
-// Copyright 2025 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,16 +16,31 @@
 using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Extensions.Interfaces;
+using Microsoft.Extensions.Logging;
+using MartinCostello.Logging.XUnit;
 using Moq;
 using Newtonsoft.Json;
 using PaloAlto.IntegrationTests.Models;
 using Xunit;
+using Xunit.Abstractions;
 
 namespace PaloAlto.IntegrationTests;
 
+[Trait("Category", "Integration")]
 public abstract class BaseIntegrationTest
 {
     protected readonly string MockCertificatePassword = "sldfklsdfsldjfk";
+    private readonly ILogger _logger;
+
+    protected BaseIntegrationTest(ITestOutputHelper output)
+    {
+      var loggerFactory = LoggerFactory.Create(builder =>
+      {
+        builder.AddProvider(new XUnitLoggerProvider(output, new XUnitLoggerOptions()));
+        builder.SetMinimumLevel(LogLevel.Debug);
+      });
+      _logger = loggerFactory.CreateLogger<BaseIntegrationTest>();
+    }
 
     protected void AssertJobSuccess(JobResult result, string context)
     {
@@ -62,7 +77,7 @@ protected JobResult ProcessInventoryJob(TestInventoryJobConfigurationProperties
         mgmtSecretResolver
             .Setup(m => m.Resolve(It.Is<string>(s => s == config.ServerPassword)))
             .Returns(() => config.ServerPassword);
-        var inventory = new Inventory(mgmtSecretResolver.Object);
+        var inventory = new Inventory(mgmtSecretResolver.Object, _logger);
         return inventory.ProcessJob(config, _ => true);
     }
 
@@ -75,7 +90,7 @@ private JobResult ProcessManagementJob(ManagementJobConfiguration config)
         mgmtSecretResolver
             .Setup(m => m.Resolve(It.Is<string>(s => s == config.ServerPassword)))
             .Returns(() => config.ServerPassword);
-        var mgmt = new Management(mgmtSecretResolver.Object);
+        var mgmt = new Management(mgmtSecretResolver.Object, _logger);
         return mgmt.ProcessJob(config);
     }
 
 
@@ -1,4 +1,4 @@
-// Copyright 2025 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,11 +14,17 @@
 
 using PaloAlto.IntegrationTests.Models;
 using Xunit;
+using Xunit.Abstractions;
 
 namespace PaloAlto.IntegrationTests;
 
 public class InventoryIntegrationTests : BaseIntegrationTest
 {
+    public InventoryIntegrationTests(ITestOutputHelper output) : base(output)
+    {
+        
+    }
+    
     #region Firewall Tests
 
     // Test Case 6 repeats across Management + Inventory. Keeping number in place for parity.
 
@@ -1,4 +1,4 @@
-// Copyright 2025 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,11 +15,16 @@
 using PaloAlto.IntegrationTests.Generators;
 using PaloAlto.IntegrationTests.Models;
 using Xunit;
+using Xunit.Abstractions;
 
 namespace PaloAlto.IntegrationTests;
 
 public class ManagementIntegrationTests : BaseIntegrationTest
 {
+    public ManagementIntegrationTests(ITestOutputHelper output) : base(output)
+    {
+    }
+    
     #region Firewall Tests
 
     [Fact(DisplayName = "TC01: Firewall Enroll No Bindings")]
@@ -898,4 +903,107 @@ public void TestCase25_PanoramaAdd_Vsys_BoundCert_WithOverride_ShouldSucceed()
     }
 
     #endregion
+    
+    #region Alias Length Validation
+    
+    [Fact(DisplayName = "TC26a: Panorama Enroll when alias name is too long, returns error")]
+    public void TestCase26a_PanoramaEnroll_WhenAliasNameIsTooLong_ReturnsFailure()
+    {
+        var alias = new string('a', 32);
+        var certificateContent = PfxGenerator.GetBlobWithChain(alias, MockCertificatePassword);
+
+        var props = new TestManagementJobConfigurationProperties()
+        {
+            StorePath =
+                "/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared",
+            DeviceGroup = "Group1",
+            Alias = alias,
+            Overwrite = false,
+
+            CertificateContents = certificateContent,
+            CertificatePassword = MockCertificatePassword,
+            TemplateStack = ""
+        };
+        props.AddPanoramaCredentials();
+
+        var result = ProcessManagementAddJob(props);
+
+        AssertJobFailure(result, $"Certificate alias '{alias}' is too long, it must not be more than 31 characters. Current length: 32");
+    }
+    
+    [Fact(DisplayName = "TC26b: Firewall Enroll when alias name is too long, returns error")]
+    public void TestCase26b_FirewallEnroll_WhenAliasNameIsTooLong_ReturnsFailure()
+    {
+        var alias = new string('a', 64);
+        var certificateContent = PfxGenerator.GetBlobWithChain(alias, MockCertificatePassword);
+
+        var props = new TestManagementJobConfigurationProperties()
+        {
+            StorePath =
+                "/config/shared",
+            DeviceGroup = "",
+            Alias = alias,
+            Overwrite = false,
+
+            CertificateContents = certificateContent,
+            CertificatePassword = MockCertificatePassword,
+            TemplateStack = ""
+        };
+        props.AddPanoramaCredentials();
+
+        var result = ProcessManagementAddJob(props);
+
+        AssertJobFailure(result, $"Certificate alias '{alias}' is too long, it must not be more than 63 characters. Current length: 64");
+    }
+    
+    [Fact(DisplayName = "TC26c: Panorama Enroll Enroll Alias Length Valid")]
+    public void TestCase26c_PanoramaEnroll_WhenAliasNameValid_NoFailure()
+    {
+        var alias = new string('a', 31);
+        var certificateContent = PfxGenerator.GetBlobWithChain(alias, MockCertificatePassword);
+
+        var props = new TestManagementJobConfigurationProperties()
+        {
+            StorePath =
+                "/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared",
+            DeviceGroup = "",
+            Alias = alias,
+            Overwrite = true,
+
+            CertificateContents = certificateContent,
+            CertificatePassword = MockCertificatePassword,
+            TemplateStack = ""
+        };
+        props.AddPanoramaCredentials();
+
+        var result = ProcessManagementAddJob(props);
+
+        AssertJobSuccess(result, "Add");
+    }
+    
+    [Fact(DisplayName = "TC26d: Firewall Enroll Alias Length Valid")]
+    public void TestCase26d_FirewallEnroll_WhenAliasNameValid_NoFailure()
+    {
+        var alias = new string('a', 63);
+        var certificateContent = PfxGenerator.GetBlobWithChain(alias, MockCertificatePassword);
+
+        var props = new TestManagementJobConfigurationProperties()
+        {
+            StorePath = "/config/shared",
+            DeviceGroup = "",
+            Alias = alias,
+            Overwrite = true,
+
+            CertificateContents = certificateContent,
+            CertificatePassword = MockCertificatePassword,
+            TemplateStack = ""
+        };
+        props.AddFirewallCredentials();
+
+        var result = ProcessManagementAddJob(props);
+
+        AssertJobSuccess(result, "Add");
+    }
+    
+    #endregion
 }
@@ -9,6 +9,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <PackageReference Include="MartinCostello.Logging.XUnit" Version="0.6.0" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0"/>
         <PackageReference Include="Moq.AutoMock" Version="3.4.0" />
         <PackageReference Include="xunit" Version="2.4.1"/>