Merge pull request #6 from microsoft/master

Merge from microsoft/master

README.md

@@ -21,11 +21,6 @@ if ($PSVersionTable.PSVersion -gt [version]'5.1') {
 ```
 Once the module is loaded, check out our [PowerShell samples](https://github.com/Microsoft/MSRC-Microsoft-Security-Updates-API/blob/master/src/README.md)
 
-# API Keys
-The Security Updates API requires an API key.  To obtain an API key please visit the [Security Update Guide Developer page](https://portal.msrc.microsoft.com/en-us/developer).  For help using the Security Updates Guide please visit the [Security Updates Guide Community Forum](https://social.technet.microsoft.com/Forums/security/en-us/home?forum=securityupdateguide).
-
-__NOTE: Generating an API key requires signing in with an @outlook.com, @live.com, or @microsoft.com email address. If you do not have one of these email addresses, you can create a personal outlook account to access this service. In the future, we will be removing this authentication requirement entirely.__
-
 # Change Log
 **_For up to date major changes, please read the psd1 included in the src folder. This can also be seen on [the Microsoft Powershell Gallery](https://www.powershellgallery.com/packages/MsrcSecurityUpdates)._**
 

src/MsrcSecurityUpdates/MsrcSecurityUpdates.psd1

@@ -12,7 +12,7 @@
 RootModule = 'MsrcSecurityUpdates.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.8.8'
+ModuleVersion = '1.9.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()
@@ -130,6 +130,7 @@ PrivateData = @{
 
         # ReleaseNotes of this module
         ReleaseNotes = @'
+February 3, 2021 - Removed Api-key requirement.
 January 17, 2021 - Added Issuing CNA info to Get-MsrcVulnerabilityReportHtml
 December 9, 2020 - Added Executive Summary to Get-MsrcVulnerabilityReportHtml
 November 23, 2020 - Added Known Issues to Get-MsrcVulnerabilityReportHtml

src/MsrcSecurityUpdates/Private/Get-CVRFID.ps1

@@ -16,23 +16,18 @@ Process {
         ErrorAction = 'Stop'
     }
     if ($global:msrcProxy){
+
         $RestMethod.Add('Proxy' , $global:msrcProxy)
     }
     if ($global:msrcProxyCredential){
-        $RestMethod.Add('ProxyCredential',$global:msrcProxyCredential)
-    }
-    if ($global:MSRCApiKey) {
 
-        $RestMethod.Headers.Add('Api-Key',$global:MSRCApiKey)
+        $RestMethod.Add('ProxyCredential',$global:msrcProxyCredential)
 
     } elseif ($global:MSRCAdalAccessToken) {
 
         $RestMethod.Headers.Add('Authorization',$($global:MSRCAdalAccessToken.CreateAuthorizationHeader()))
 
-    } else {
-
-        Throw 'You need to use Set-MSRCApiKey first to set your API Key'
-    }
+    } 
 
     try {
 

src/MsrcSecurityUpdates/Private/Set-GlobalVariables.ps1

@@ -0,0 +1,6 @@
+# we also set other shared variables
+$global:msrcApiUrl     = 'https://api.msrc.microsoft.com'
+Write-Verbose -Message "Successfully defined a msrcApiUrl global variable that points to $($global:msrcApiUrl)"
+
+$global:msrcApiVersion = 'api-version=2016-08-01'
+Write-Verbose -Message "Successfully defined a msrcApiVersion global variable that points to $($global:msrcApiVersion)"

src/MsrcSecurityUpdates/Public/Get-MsrcCvrfDocument.ps1

@@ -35,38 +35,36 @@ Param (
 )
 DynamicParam {
 
-    if (-not ($global:MSRCApiKey -or $global:MSRCAdalAccessToken)) {
-
-	    Write-Warning -Message 'You need to use Set-MSRCApiKey first to set your API Key'
-
-    } else {
-        $Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
-
-        $ParameterName = 'ID'
-        $AttribColl1 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
-        $Param1Att = New-Object System.Management.Automation.ParameterAttribute
-        $Param1Att.Mandatory = $true
-        $AttribColl1.Add($Param1Att)
-
-        try {
-            $allCVRFID = Get-CVRFID
-        } catch {
-            Throw "`nUnable to get online the list of CVRF ID because:`n$($_.Exception.Message)"
-        }
-        if ($allCVRFID) {
-            $AttribColl1.Add((New-Object System.Management.Automation.ValidateSetAttribute($allCVRFID)))
-            $Dictionary.Add($ParameterName,(New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttribColl1)))
+    $Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
+
+    $ParameterName = 'ID'
+    $AttribColl1 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
+    $Param1Att = New-Object System.Management.Automation.ParameterAttribute
+    $Param1Att.Mandatory = $true
+    $AttribColl1.Add($Param1Att)
+
+    try {
+        $allCVRFID = Get-CVRFID
+    } catch {
+        Throw "`nUnable to get online the list of CVRF ID because:`n$($_.Exception.Message)"
+    }
+    if ($allCVRFID) {
+        $AttribColl1.Add((New-Object System.Management.Automation.ValidateSetAttribute($allCVRFID)))
+        $Dictionary.Add($ParameterName,(New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttribColl1)))
 
-            $Dictionary
-        }
+        $Dictionary
     }
+
 }
 Begin {}
 Process {
 
     # Common
     $RestMethod = @{
         uri = '{0}/cvrf/{1}?{2}' -f $msrcApiUrl,$PSBoundParameters['ID'],$msrcApiVersion
+        Headers = @{
+            'Accept' = if($AsXml){'application/xml'} else {'application/json'}
+        }
         ErrorAction = 'Stop'
     }
 
@@ -76,53 +74,36 @@ Process {
         $RestMethod.Add('Proxy', $global:msrcProxy)
 
     }
+
     if ($global:msrcProxyCredential) {
 
         $RestMethod.Add('ProxyCredential',$global:msrcProxyCredential)
 
     }
 
-    # Adjust header based on our variables
-    if ($global:MSRCApiKey) {
-
-        $RestMethod.Add('Header',@{ 'Api-Key' = $global:MSRCApiKey })
+    if ($global:MSRCAdalAccessToken) {
 
-    } elseif ($global:MSRCAdalAccessToken) {
+        $RestMethod.Headers.Add('Authorization', $global:MSRCAdalAccessToken.CreateAuthorizationHeader())
 
-        $RestMethod.Add('Header',@{ 'Authorization' = $global:MSRCAdalAccessToken.CreateAuthorizationHeader() })
+    }    
 
-    } else {
+    try {
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+        Write-Verbose -Message "Calling $($RestMethod.uri)"
 
-        Write-Warning -Message 'You need to use Set-MSRCApiKey first to set your API Key'
+        $response = Invoke-RestMethod @RestMethod
 
+    } catch {
+        Write-Error -Message "HTTP Get failed with status code $($_.Exception.Response.StatusCode): $($_.Exception.Response.StatusDescription)"
     }
 
-    # If we have a header defined, we proceed
-    if ($RestMethod['Header']) {
-
-        if ($AsXml) {
-            $RestMethod.Header.Add('Accept','application/xml')
-        } else {
-            $RestMethod.Header.Add('Accept','application/json')
-        }
-
-        try {
-            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-            Write-Verbose -Message "Calling $($RestMethod.uri)"
-
-            $response = Invoke-RestMethod @RestMethod
-
-        } catch {
-            Write-Error -Message "HTTP Get failed with status code $($_.Exception.Response.StatusCode): $($_.Exception.Response.StatusDescription)"
-        }
-
-        # Invoke-RestMethod will return an string on PowerShell 4.0 and earlier
-        # if the JSON-formatted response is larger than about two million characters
-        if (-not $AsXml -and $response -is [string]) {
-            $response = ParseJsonString($response)
-        }
-        $response
+    # Invoke-RestMethod will return an string on PowerShell 4.0 and earlier
+    # if the JSON-formatted response is larger than about two million characters
+    if (-not $AsXml -and $response -is [string]) {
+        $response = ParseJsonString($response)
     }
+        $response
+
 }
 End {}
 }