chore(docs): Changelog and update readme to discuss changes

m8rmclaren · m8rmclaren · commit ca88243f160a · 2024-03-05T15:24:21.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,3 +17,6 @@
   - chore(jobs): Refactored Orchestrator job implementations to prefer dependency injection pattern.
   - chore(tests): Implemented unit testing framework with a fake client interface.
   - chore(tests): Implemented integration tests for both Orchestrator jobs and App Gateway client.
+
+- 2.1.0
+  - chore(client): Pass error back to Command if certificate download from AKV fails
diff --git a/readme_source.md b/readme_source.md
@@ -51,9 +51,7 @@ Natively, Azure Application Gateways support integration with Azure Key Vault fo
 
 #### Mechanics of the Azure Key Vault Download Operation for Inventory Jobs that report certificates imported from AKV
 
-If an AzureApplicationSslCertificate references a secret in AKV (was imported to the App Gateway from AKV), the inventory job will create and use a `SecretClient` from the [`Azure.Security.KeyVault.Secrets.SecretClient` dotnet package](https://learn.microsoft.com/en-us/dotnet/api/azure.security.keyvault.secrets.secretclient?view=azure-dotnet). Authentication to AKV via this client is configured using the exact same `TokenCredential` provided by the [Azure Identity client library for .NET](https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme?view=azure-dotnet). This means that the Service Principal described in the [Azure Configuration](#azure-configuration) section must also have appropriate permissions to read secrets from the AKV that the App Gateway is integrated with.
-
-The secret referenced in the AzureApplicationSslCertificate will be accessed exactly as reported by Azure, regardless of whether it exists in AKV. Since the App Gateway orchestrator extension doesn't manage AKV secrets in any way, the client will _only log an error_ if the client is unsuccessful in downloading the secret for any reason. IE, if the request to AKV fails after five tries, the imported certificate will not be reported to Keyfactor Command in Inventory operations. This design choice was made based on the logical existance or non-existance of the link between AKV and the App Gateway. 
+If an AzureApplicationSslCertificate references a secret in AKV (was imported to the App Gateway from AKV), the inventory job will create and use a `SecretClient` from the [`Azure.Security.KeyVault.Secrets.SecretClient` dotnet package](https://learn.microsoft.com/en-us/dotnet/api/azure.security.keyvault.secrets.secretclient?view=azure-dotnet). Authentication to AKV via this client is configured using the exact same `TokenCredential` provided by the [Azure Identity client library for .NET](https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme?view=azure-dotnet). This means that the Service Principal described in the [Azure Configuration](#azure-configuration) section must also have appropriate permissions to read secrets from the AKV that the App Gateway is integrated with. The secret referenced in the AzureApplicationSslCertificate will be accessed exactly as reported by Azure, regardless of whether it exists in AKV. 
 
 ## Azure Configuration and Permissions
 
