Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove cert fixes closes #4 #65

Merged
merged 5 commits into from
Jan 24, 2022
Merged

Remove cert fixes closes #4 #65

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
35323d0
Changes to use -RemoveConsumer to give a choice as to removing associ…
wilddev65 Jan 19, 2022
8677f45
Change RemoveConsumer to KeepAssociatedApps
wilddev65 Jan 20, 2022
f7c387d
Remove error if no associations
wilddev65 Jan 20, 2022
d24ac2e
Update help for Remove-TppCertificate
wilddev65 Jan 20, 2022
fb6722c
help fix, shouldprocess message update
gdbarron Jan 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 24 additions & 41 deletions VenafiPS/Public/Remove-TppCertificate.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,19 @@ Remove a certificate

.DESCRIPTION
Removes a Certificate object, all associated objects including pending workflow tickets, and the corresponding Secret Store vault information.
All associations must be removed for the certificate to be removed.
You must either be a Master Admin or have Delete permission to the Certificate object
and to the Application and Device objects if they are to be deleted automatically with -Force

.PARAMETER InputObject
TppObject which represents a unique object
You must either be a Master Admin or have Delete permission to the objects and have certificate:delete token scope.

.PARAMETER Path
Path to the certificate to remove

.PARAMETER Force
Provide this switch to force all associations to be removed prior to certificate removal
.PARAMETER KeepAssociatedApps
Provide this switch to remove associations prior to certificate removal

.PARAMETER VenafiSession
Session object created from New-VenafiSession method. The value defaults to the script session object $VenafiSession.

.INPUTS
InputObject or Path
Path

.OUTPUTS
None
Expand All @@ -32,11 +27,11 @@ Remove a certificate via pipeline

.EXAMPLE
Remove-TppCertificate -Path '\ved\policy\my cert'
Remove a certificate
Remove a certificate and any associated app

.EXAMPLE
Remove-TppCertificate -Path '\ved\policy\my cert' -force
Remove a certificate and automatically remove all associations
Remove-TppCertificate -Path '\ved\policy\my cert' -KeepAssociatedApps
Remove a certificate and first remove all associations, keeping the apps

.LINK
http://VenafiPS.readthedocs.io/en/latest/functions/Remove-TppCertificate/
Expand All @@ -58,15 +53,16 @@ function Remove-TppCertificate {
[ValidateScript( {
if ( $_ | Test-TppDnPath ) {
$true
} else {
}
else {
throw "'$_' is not a valid DN path"
}
})]
[Alias('DN', 'CertificateDN')]
[String] $Path,

[Parameter()]
[switch] $Force,
[switch] $KeepAssociatedApps,

[Parameter()]
[VenafiSession] $VenafiSession = $script:VenafiSession
Expand All @@ -77,40 +73,27 @@ function Remove-TppCertificate {

$params = @{
VenafiSession = $VenafiSession
Method = 'Delete'
UriLeaf = 'placeholder'
Method = 'Delete'
UriLeaf = 'placeholder'
}

# use in shouldprocess messaging below
$appsMessage = if ($KeepAssociatedApps) { 'but keep associated apps' } else { 'and associated apps' }
}

process {

# if ( $PSBoundParameters.ContainsKey('InputObject') ) {
# $path = $InputObject.Path
# $guid = $InputObject.Guid
# } else {
# $guid = $Path | ConvertTo-TppGuid -VenafiSession $VenafiSession
# }

# ensure either there are no associations or the force flag was provided
$associatedApps = $Path |
Get-TppAttribute -Attribute "Consumers" -Effective -VenafiSession $VenafiSession |
Select-Object -ExpandProperty Value

if ( $associatedApps ) {
if ( $Force ) {
$params.Body = @{'ApplicationDN' = @($associatedApps) }
} else {
Write-Error ("Path '{0}' has associations and cannot be removed. Provide -Force to override." -f $Path)
Return
}
}

$guid = $Path | ConvertTo-TppGuid -VenafiSession $VenafiSession
$params.UriLeaf = "Certificates/$guid"

if ( $PSCmdlet.ShouldProcess($Path, 'Remove certificate and all associations') ) {
Remove-TppCertificateAssociation -Path $Path -All -VenafiSession $VenafiSession -Confirm:$false
Invoke-TppRestMethod @params | Out-Null
if ( $PSCmdlet.ShouldProcess($Path, "Remove certificate $appsMessage") ) {
if ($KeepAssociatedApps) {
$associatedApps = $Path | Get-TppAttribute -Attribute "Consumers" -Effective -VenafiSession $VenafiSession | Select-Object -ExpandProperty Value
if ( $associatedApps ) {
Remove-TppCertificateAssociation -Path $Path -ApplicationPath $associatedApps -VenafiSession $VenafiSession -Confirm:$false
}
}

Invoke-VenafiRestMethod @params | Out-Null
}
}
}