Skip to content

Commit

Permalink
Get-Secret - Add Path support fixes #174
Browse files Browse the repository at this point in the history
  • Loading branch information
@wsmelton
wsmelton committed May 4, 2021
1 parent 8415185 commit e3fcf0e
Show file tree
Hide file tree
Showing 5 changed files with 126 additions and 88 deletions.
43 changes: 37 additions & 6 deletions src/functions/secrets/Get-Secret.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,12 @@ function Get-Secret {
Call GetCredential() method, only needing the username and password values for the PSCredential object.
Call GetValue() method to get the 'server' value.
.EXAMPLE
$session = New-TssSession -SecretServer https://alpha -Credential $ssCred
Get-TssSecret -TssSession $session -Path '\ABC Company\Vendors\Temp Secret - 32.178.249.171'
Get Secret via absolute path.
.LINK
https://thycotic-ps.github.io/thycotic.secretserver/commands/Get-TssSecret
Expand All @@ -45,47 +51,59 @@ function Get-Secret {
.NOTES
Requires TssSession object returned by New-TssSession
#>
[cmdletbinding(DefaultParameterSetName = 'secret')]
[cmdletbinding(DefaultParameterSetName = 'all')]
[OutputType('TssSecret')]
param(
# TssSession object created by New-TssSession for auth
[Parameter(Mandatory,ValueFromPipeline,Position = 0)]
[Parameter(Mandatory,Position = 0)]
[TssSession]
$TssSession,

# Secret ID to retrieve
[Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName = 'secret')]
[Parameter(ParameterSetName = 'restricted')]
[Parameter(ParameterSetName = 'secret')]
[Parameter(ParameterSetName = 'all')]
[Alias("SecretId")]
[int[]]
$Id,

# Secret ID to retrieve
[Parameter(ParameterSetName = 'path')]
[Parameter(ParameterSetName = 'all')]
[string]
$Path,

# Comment to provide for restricted secret (Require Comment is enabled)
[Parameter(ParameterSetName = 'all')]
[Parameter(ParameterSetName = 'restricted')]
[string]
$Comment,

# Double lock password, provie as a secure string
[Parameter(ParameterSetName = 'all')]
[Parameter(ParameterSetName = 'restricted')]
[securestring]
$DoublelockPassword,

# Check in the secret if it is checked out
[Parameter(ParameterSetName = 'all')]
[Parameter(ParameterSetName = 'restricted')]
[switch]
$ForceCheckIn,

# Include secrets that are inactive/disabled
[Parameter(ParameterSetName = 'all')]
[Parameter(ParameterSetName = 'restricted')]
[switch]
$IncludeInactive,

# Associated ticket number (required for ticket integrations)
[Parameter(ParameterSetName = 'all')]
[Parameter(ParameterSetName = 'restricted')]
[string]
$TicketNumber,

# Associated ticket system ID (required for ticket integrations)
[Parameter(ParameterSetName = 'all')]
[Parameter(ParameterSetName = 'restricted')]
[int]
$TicketSystemId
Expand All @@ -102,11 +120,24 @@ function Get-Secret {
}
}
}

process {
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation

if ($tssParams.ContainsKey('Path')) {
$secretName = Split-Path $Path -Leaf
$pathLeaf = Split-Path (Split-Path $Path -Parent) -Leaf
$folderFound = . $SearchFolders $TssSession $pathLeaf | Where-Object FolderPath -EQ $Path
$folderId = $folderFound.Id
$Id = (. $SearchSecrets $TssSession $folderId $secretName | Where-Object Name -EQ $secretName).Id

if (-not $Id) {
Write-Verbose "No secret found at path [$Path]"
return
}
}

foreach ($secret in $Id) {
$restResponse = $null
$uri = $TssSession.ApiUrl, 'secrets', $secret -join '/'
Expand All @@ -128,7 +159,7 @@ function Get-Secret {
$invokeParams.Uri = $uri
$invokeParams.Method = 'POST'
$invokeParams.Body = $getBody | ConvertTo-Json
}else {
} else {
$uri = $uri
$invokeParams.Uri = $uri
$invokeParams.Method = 'GET'
Expand Down
2 changes: 1 addition & 1 deletion src/parts/SearchFolders.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ begin {
process {
$restResponse = $null
$uri = $TssSession.ApiUrl, 'folders' -join '/'
$uri = $uri, "sortBy[0].direction=asc&sortBy[0].name=FolderPath&take=$($TssSession.Take)&filter.folderTypeId=1" -join '?'
$uri = $uri, "sortBy[0].direction=asc&sortBy[0].name=FolderPath&take=$($TssSession.Take)&filter.folderTypeId=1&filter.searchText=$SearchText" -join '?'

$invokeParams.Uri = $uri
$invokeParams.Method = 'GET'
Expand Down
61 changes: 61 additions & 0 deletions src/parts/SearchSecrets.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
[cmdletbinding()]
param(
[Parameter(Mandatory,Position = 0)]
[TssSession]
$TssSession,

[Parameter(Mandatory,Position = 1)]
[int]
$FolderId,

[Parameter(Mandatory,Position = 2)]
[string]
$SearchText
)
begin {
$invokeParams = . $GetInvokeTssParams $TssSession
}
process {
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
$uri = $TssSession.ApiUrl, 'secrets' -join '/'
$uri += "?take=$($TssSession.Take)"
$uri += "&filter.includeRestricted=true&filter.isExactmatch=true"

$filters = @()
$filters += "filter.searchText=$SearchText"
$filters += "filter.folderId=$FolderId"

if ($filters) {
$uriFilter = $filters -join '&'
Write-Verbose "Filters: $uriFilter"
$uri = $uri, $uriFilter -join '&'
}

$invokeParams.Uri = $uri

$invokeParams.Method = 'GET'
Write-Verbose "$($invokeParams.Method) $uri"
try {
$restResponse = . $InvokeApi @invokeParams
} catch {
Write-Warning "Issue on search request"
$err = $_
. $ErrorHandling $err
}

if ($restResponse.records) {
foreach ($secret in $restResponse.records) {
if (-not $restResponse.lastPasswordChangeAttempt) {
$secret.lastPasswordChangeAttempt = [datetime]::MinValue
}
if (-not $restResponse.lastAccessed) {
$secret.lastAccessed = [datetime]::MinValue
}
if (-not $restResponse.createDate) {
$secret.createDate = [datetime]::MinValue
}

[TssSecretSummary]$secret
}
}
}
27 changes: 27 additions & 0 deletions tests/secrets/Get-Secret.Tests.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
BeforeDiscovery {
$commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
. ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1'))
}
Describe "$commandName verify parameters" {
BeforeDiscovery {
[object[]]$knownParameters = 'TssSession', 'Id', 'Path'
# restricted
'Comment', 'DoublelockPassword', 'ForceCheckIn', 'IncludeInactive', 'TicketNumber', 'TicketSystemId'
[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName, 'Function')).Parameters.Keys
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
}
Context "Verify parameters" -Foreach @{currentParams = $currentParams} {
It "$commandName should contain <_> parameter" -TestCases $knownParameters {
$_ -in $currentParams | Should -Be $true
}
It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
$_ | Should -BeNullOrEmpty
}
}
Context "Command specific details" {
It "$commandName should set OutputType to TssSecret" -TestCases $commandDetails {
$_.OutputType.Name | Should -Be 'TssSecret'
}
}
}
81 changes: 0 additions & 81 deletions tests/secrets/Get-TssSecret.Tests.ps1
View file

This file was deleted.

0 comments on commit e3fcf0e

Please sign in to comment.