Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Start-TssSecretChangePassword - closes #71
added Get_TssSecretPasswordStatus
- Loading branch information
Showing
10 changed files
with
311 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
class TssSecretPasswordStatus { | ||
[string] | ||
[ValidateSet('None','Pending','Success','Fail')] | ||
$Status | ||
|
||
[datetime] | ||
$LastRpcDate | ||
|
||
[string] | ||
$RpcMessage | ||
|
||
[int] | ||
$FailedAttempts | ||
|
||
[datetime] | ||
$NextRpcDate | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
TOPIC | ||
This help topic describes the TssSecretPasswordStatus class in the Thycotic.SecretServer module | ||
|
||
CLASS | ||
TssSecretPasswordStatus | ||
|
||
INHERITANCE | ||
None | ||
|
||
DESCRIPTION | ||
The TssSecretPasswordStatus class represents and object returned by an internal endpoint to Secret Server | ||
|
||
CONSTRUCTORS | ||
new() | ||
|
||
PROPERTIES | ||
Status | ||
Status of password change (None, Pending, Success, Fail) | ||
|
||
LastRpcDate | ||
DateTime of last password change event | ||
|
||
RpcMessage | ||
Message from last password change event | ||
|
||
FailedAttempts | ||
Failed attempts based on password changing configuration for the Secret | ||
|
||
NextRpcDate | ||
DateTime of next RPC attempt based on password changing configuration for the Secret | ||
|
||
METHODS | ||
|
||
RELATED LINKS: | ||
Get-TssSecretPasswordStatus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
function Get-SecretPasswordStatus { | ||
<# | ||
.SYNOPSIS | ||
Get status of password change | ||
.DESCRIPTION | ||
Get status of password change | ||
.EXAMPLE | ||
PS> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred | ||
PS> Get-TssSecretPasswordStatus -TssSession $session -Id 26 | ||
Get password change status of Secret ID 26 | ||
.NOTES | ||
Requires TssSession object returned by New-TssSession | ||
#> | ||
[CmdletBinding()] | ||
[OutputType('TssSecretPasswordStatus')] | ||
param ( | ||
# TssSession object created by New-TssSession for auth | ||
[Parameter(Mandatory, | ||
ValueFromPipeline, | ||
Position = 0)] | ||
[TssSession] | ||
$TssSession, | ||
|
||
# Short description for parameter | ||
[Parameter(Mandatory,ValueFromPipelineByPropertyName)] | ||
[Alias("SecretId")] | ||
[int[]] | ||
$Id | ||
) | ||
begin { | ||
$tssParams = $PSBoundParameters | ||
$invokeParams = . $GetInvokeTssParams $TssSession | ||
} | ||
|
||
process { | ||
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" | ||
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { | ||
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation | ||
foreach ($secret in $Id) { | ||
$restResponse = $null | ||
$uri = $TssSession.ApiUrl.Replace('api/v1','internals'), 'secret-detail', $secret, 'password-status' -join '/' | ||
$invokeParams.Uri = $uri | ||
$invokeParams.Method = 'GET' | ||
|
||
Write-Verbose "Performing the operation $($invokeParams.Method) $uri" | ||
try { | ||
$restResponse = Invoke-TssRestApi @invokeParams | ||
} catch { | ||
Write-Warning "Issue getting password status on Secret [$secret]" | ||
$err = $_ | ||
. $ErrorHandling $err | ||
} | ||
|
||
if ($restResponse) { | ||
. $TssSecretPasswordStatusObject $restResponse | ||
} | ||
} | ||
} else { | ||
Write-Warning "No valid session found" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
function Start-SecretChangePassword { | ||
<# | ||
.SYNOPSIS | ||
Start a current password change | ||
.DESCRIPTION | ||
Start a current password change | ||
.EXAMPLE | ||
$session = New-TssSession -SecretServer https://alpha -Credential $ssCred | ||
Start-TssSecretChangePassword -TssSession $session -Id 46 | ||
Start a current password change operation on secret 46 | ||
.LINK | ||
https://thycotic-ps.github.io/thycotic.secretserver/commands/Start-TssSecretChangePassword | ||
.NOTES | ||
Requires TssSession object returned by New-TssSession | ||
#> | ||
[CmdletBinding(SupportsShouldProcess)] | ||
param ( | ||
# TssSession object created by New-TssSession for auth | ||
[Parameter(Mandatory, | ||
ValueFromPipeline, | ||
Position = 0)] | ||
[TssSession]$TssSession, | ||
|
||
# Secret Id | ||
[Parameter(Mandatory,ValueFromPipelineByPropertyName)] | ||
[Alias("SecretId")] | ||
[int[]] | ||
$Id, | ||
|
||
[Parameter(Mandatory)] | ||
[ValidateSet('Manual','Random')] | ||
[string] | ||
$Type, | ||
|
||
[securestring] | ||
$NextPassword | ||
) | ||
begin { | ||
$tssParams = $PSBoundParameters | ||
$invokeParams = . $GetInvokeTssParams $TssSession | ||
} | ||
|
||
process { | ||
. $InternalEndpointUsed $PSCmdlet.MyInvocation | ||
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" | ||
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { | ||
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation | ||
foreach ($secret in $Id) { | ||
$restResponse = $null | ||
$uri = $TssSession.ApiUrl.Replace('api/v1','internals'), 'secret-detail', $secret, 'change-password-now' -join '/' | ||
$invokeParams.Uri = $uri | ||
$invokeParams.Method = 'POST' | ||
|
||
$rpcBody = @{ data = @{ } } | ||
switch ($Type) { | ||
'Manual' { | ||
if ($tssParams.ContainsKey('NextPassword')) { | ||
$rpcBody.data.Add('NextPassword',[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NextPassword))) | ||
$rpcBody.data.Add('PasswordType',1) | ||
} else { | ||
Write-Error "-NextPassword parameter must be provided when using PasswordType of [Manual]" | ||
return | ||
} | ||
} | ||
'Random' { | ||
if ($tssParams.ContainsKey('NextPassword')) { | ||
Write-Error "-NextPassword parameter cannot be used with PasswordType of [Random]" | ||
return | ||
} else { | ||
$rpcBody.data.Add('NextPassword',$null) | ||
$rpcBody.data.Add('PasswordType',0) | ||
} | ||
} | ||
} | ||
$invokeParams.Body = $rpcBody | ConvertTo-Json | ||
|
||
if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret","$($invokeParamsOther.Method) $uri with:`t$($invokeParamsOther.Body)`n")) { return } | ||
Write-Verbose "$($invokeParamsOther.Method) $uri with:`t$($invokeParamsOther.Body)`n" | ||
try { | ||
$restResponse = Invoke-TssRestApi @invokeParams | ||
} catch { | ||
$err = $_ | ||
. $ErrorHandling $err | ||
} | ||
|
||
if ($restResponse.success -eq $false) { | ||
Write-Warning "Password Change not successful on Secret [$secret]" | ||
} else { | ||
Write-Verbose "Password Change successfully started on Secret [$secret]" | ||
} | ||
} | ||
} else { | ||
Write-Warning "No valid session found" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
<# | ||
.Synopsis | ||
To centralize the code around verbose/warning output when an internal endpoint is utilized | ||
#> | ||
[cmdletbinding()] | ||
param ( | ||
[Parameter(Mandatory,Position = 2)] | ||
[System.Management.Automation.InvocationInfo] | ||
$Invocation | ||
) | ||
process { | ||
$source = $Invocation.MyCommand | ||
Write-Verbose "[Important]: $source utilizes an internal endpoint that is not formally supported by Thycotic" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<# | ||
.Synopsis | ||
Creates a TssSecretPasswordStatus object | ||
#> | ||
param( | ||
[pscustomobject]$Object | ||
) | ||
|
||
begin { | ||
$Properties = $Object[0].PSObject.Properties.Name | ||
} | ||
|
||
process { | ||
$outObject = @() | ||
foreach ($p in $Object) { | ||
$currentObject = [TssSecretPasswordStatus]::new() | ||
foreach ($pProp in $Properties) { | ||
if ($pProp -in $currentObject.PSObject.Properties.Name) { | ||
if ($p.$pProp) { | ||
$currentObject.$pProp = $p.$pProp | ||
} | ||
} else { | ||
Write-Warning "Property $pProp does not exist in the TssSecretPasswordStatus class. Please create a bug report at https://github.com/thycotic-ps/thycotic.secretserver/issues/new/choose" | ||
} | ||
} | ||
$outObject += $currentObject | ||
} | ||
return $outObject | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
BeforeDiscovery { | ||
$commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf | ||
. ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1')) | ||
} | ||
Describe "$commandName verify parameters" { | ||
BeforeDiscovery { | ||
[object[]]$knownParameters = 'TssSession', 'Id' | ||
[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys | ||
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') | ||
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru | ||
} | ||
Context "Verify parameters" -Foreach @{currentParams = $currentParams} { | ||
It "$commandName should contain <_> parameter" -TestCases $knownParameters { | ||
$_ -in $currentParams | Should -Be $true | ||
} | ||
It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { | ||
$_ | Should -BeNullOrEmpty | ||
} | ||
} | ||
Context "Command specific details" { | ||
It "$commandName should set OutputType to TssSecretPasswordStatus" -TestCases $commandDetails { | ||
$_.OutputType.Name | Should -Be 'TssSecretPasswordStatus' | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
BeforeDiscovery { | ||
$commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf | ||
. ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1')) | ||
} | ||
Describe "$commandName verify parameters" { | ||
BeforeDiscovery { | ||
[object[]]$knownParameters = 'TssSession', 'Id', 'Type', 'NextPassword' | ||
[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys | ||
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') | ||
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru | ||
} | ||
Context "Verify parameters" -Foreach @{currentParams = $currentParams} { | ||
It "$commandName should contain <_> parameter" -TestCases $knownParameters { | ||
$_ -in $currentParams | Should -Be $true | ||
} | ||
It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { | ||
$_ | Should -BeNullOrEmpty | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters