diff --git a/docs/commands/configurations/Get-TssConfigurationSecurity.md b/docs/commands/configurations/Get-TssConfigurationSecurity.md new file mode 100644 index 00000000..31be101f --- /dev/null +++ b/docs/commands/configurations/Get-TssConfigurationSecurity.md @@ -0,0 +1,58 @@ +# Get-TssConfigurationSecurity + +## SYNOPSIS +Get security configuration + +## SYNTAX + +``` +Get-TssConfigurationSecurity [-TssSession] [] +``` + +## DESCRIPTION +Get security configuration + +## EXAMPLES + +### EXAMPLE 1 +``` +$session = New-TssSession -SecretServer https://alpha -Credential $ssCred +Get-TssConfigurationSecurity -TssSession $session +``` + +Returns security configuration for Secret Server + +## PARAMETERS + +### -TssSession +TssSession object created by New-TssSession for authentication + +```yaml +Type: Session +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### Thycotic.PowerShell.Configuration.Security +## NOTES +Requires TssSession object returned by New-TssSession + +## RELATED LINKS + +[https://thycotic-ps.github.io/thycotic.secretserver/commands/configurations/Get-TssConfigurationSecurity](https://thycotic-ps.github.io/thycotic.secretserver/commands/configurations/Get-TssConfigurationSecurity) + +[https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/configurations/Get-TssConfigurationSecurity.ps1](https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/configurations/Get-TssConfigurationSecurity.ps1) + diff --git a/src/Thycotic.SecretServer.psd1 b/src/Thycotic.SecretServer.psd1 index 54ea090a..1e7d8b1e 100644 --- a/src/Thycotic.SecretServer.psd1 +++ b/src/Thycotic.SecretServer.psd1 @@ -80,7 +80,9 @@ FunctionsToExport = 'Add-TssEventPipeline', 'Add-TssFolderPermission', 'Enable-TssUnlimitedAdmin', 'Enable-TssUser', 'Export-TssReport', 'Find-TssFolder', 'Find-TssGroup', 'Find-TssReport', 'Find-TssSecret', 'Find-TssUser', 'Get-TssConfiguration', - 'Get-TssConfigurationLocalUserPassword', 'Get-TssEventPipeline', + 'Get-TssConfigurationLocalUserPassword', + 'Get-TssConfigurationLogin', 'Get-TssConfigurationSaml', + 'Get-TssConfigurationSecurity', 'Get-TssEventPipeline', 'Get-TssEventPipelinePolicy', 'Get-TssEventPipelinePolicyActivity', 'Get-TssEventPipelineRun', 'Get-TssFolder', 'Get-TssFolderAudit', 'Get-TssFolderPermission', 'Get-TssFolderState', 'Get-TssGroup', diff --git a/src/Thycotic.SecretServer/classes/configurations/Security.cs b/src/Thycotic.SecretServer/classes/configurations/Security.cs new file mode 100644 index 00000000..0dafcd42 --- /dev/null +++ b/src/Thycotic.SecretServer/classes/configurations/Security.cs @@ -0,0 +1,29 @@ +using System; +using System.Threading.Tasks; +using System.Management.Automation; +using System.Management.Automation.Runspaces; + +namespace Thycotic.PowerShell.Configuration +{ + public class Security + { + public bool AllowWebServiceHttpGet { get; set; } + public bool AuditTlsErrors { get; set; } + public bool AuditTlsErrorsDebug { get; set; } + public string CertificateChainPolicyOptions { get; set; } + public string ClientCertificateIds { get; set; } + public string DatabaseIntegrityMonitoringSymmetricKey { get; set; } + public bool EnableDatabaseIntegrityMonitoring { get; set; } + public bool EnableFileRestrictions { get; set; } + public bool EnableFrameBlocking { get; set; } + public bool EnableHSTS { get; set; } + public string FileExtensionRestrictions { get; set; } + public bool FipsEnabled { get; set; } + public bool ForceHttps { get; set; } + public bool HideVersionNumber { get; set; } + public int HstsMaxAge { get; set; } + public string MaximumFileSizeBytes { get; set; } + public bool MaximumFileSizeSupported { get; set; } + public bool WebPasswordFillerRequiresFullDomainMatch { get; set; } + } +} \ No newline at end of file diff --git a/src/functions/configurations/Get-TssConfigurationSecurity.ps1 b/src/functions/configurations/Get-TssConfigurationSecurity.ps1 new file mode 100644 index 00000000..31b785f7 --- /dev/null +++ b/src/functions/configurations/Get-TssConfigurationSecurity.ps1 @@ -0,0 +1,61 @@ +function Get-TssConfigurationSecurity { + <# + .SYNOPSIS + Get security configuration + + .DESCRIPTION + Get security configuration + + .EXAMPLE + $session = New-TssSession -SecretServer https://alpha -Credential $ssCred + Get-TssConfigurationSecurity -TssSession $session + + Returns security configuration for Secret Server + + .LINK + https://thycotic-ps.github.io/thycotic.secretserver/commands/configurations/Get-TssConfigurationSecurity + + .LINK + https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/configurations/Get-TssConfigurationSecurity.ps1 + + .NOTES + Requires TssSession object returned by New-TssSession + #> + [CmdletBinding()] + [OutputType('Thycotic.PowerShell.Configuration.Security')] + param ( + # TssSession object created by New-TssSession for authentication + [Parameter(Mandatory,ValueFromPipeline,Position = 0)] + [Thycotic.PowerShell.Authentication.Session] + $TssSession + ) + begin { + $tssParams = $PSBoundParameters + $invokeParams = . $GetInvokeApiParams $TssSession + } + process { + Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" + if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { + . $CheckVersion $TssSession '10.9.000064' $PSCmdlet.MyInvocation + $uri = $TssSession.ApiUrl, 'configuration', 'security' -join '/' + $invokeParams.Uri = $uri + $invokeParams.Method = 'GET' + + Write-Verbose "Performing the operation $($invokeParams.Method) $($invokeParams.Uri)" + try { + $apiResponse = Invoke-TssApi @invokeParams + $restResponse = . $ProcessResponse $apiResponse + } catch { + Write-Warning "Issue getting security configuration" + $err = $_ + . $ErrorHandling $err + } + + if ($restResponse) { + [Thycotic.PowerShell.Configuration.Security]$restResponse + } + } else { + Write-Warning "No valid session found" + } + } +} \ No newline at end of file diff --git a/tests/configurations/Get-TssConfigurationSecurity.Tests.ps1 b/tests/configurations/Get-TssConfigurationSecurity.Tests.ps1 new file mode 100644 index 00000000..cb82863b --- /dev/null +++ b/tests/configurations/Get-TssConfigurationSecurity.Tests.ps1 @@ -0,0 +1,24 @@ +BeforeDiscovery { + $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf +} +Describe "$commandName verify parameters" { + BeforeDiscovery { + [object[]]$knownParameters = 'TssSession' + [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys + [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') + $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru + } + Context "Verify parameters" -Foreach @{currentParams = $currentParams } { + It "$commandName should contain <_> parameter" -TestCases $knownParameters { + $_ -in $currentParams | Should -Be $true + } + It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { + $_ | Should -BeNullOrEmpty + } + } + Context "Command specific details" { + It "$commandName should set OutputType to Thycotic.PowerShell.Configuration.Security" -TestCases $commandDetails { + $_.OutputType.Name | Should -Be 'Thycotic.PowerShell.Configuration.Security' + } + } +} \ No newline at end of file