New-TssSecet - fixes #29

thycotic-ps · Feb 5, 2021 · 579a2b8 · 579a2b8
1 parent 2941460
commit 579a2b8
Show file tree

Hide file tree

Showing 4 changed files with 198 additions and 7 deletions.
diff --git a/src/classes/secrets/TssSecret.class.ps1 b/src/classes/secrets/TssSecret.class.ps1
@@ -10,10 +10,16 @@
     [int]$ItemId
     [string]$ItemValue
     [string]$Slug
+
+    [boolean] SetFieldValue([string]$Slug,$Value) {
+        if ($this.Slug -eq $Slug) {
+            $this.ItemValue = $Value
+        }
+        return $true
+    }
 }
 
 class TssSecret {
-
     [int]$AccessRequestWorkflowMapId
     [boolean]$Active
     [boolean]$AllowOwnersUnrestrictedSshCommands
@@ -55,15 +61,13 @@ class TssSecret {
     [int]$SiteId
     [boolean]$WebLauncherRequiresIncognitoMode
 
-    [System.Management.Automation.PSCredential] GetCredential()
-    {
-        $username = ($this.Items | Where-Object FieldName -eq 'username').ItemValue
+    [System.Management.Automation.PSCredential] GetCredential() {
+        $username = ($this.Items | Where-Object FieldName -EQ 'username').ItemValue
         $passwd = ($this.Items | Where-Object IsPassword).ItemValue
         return [pscredential]::new($username,(ConvertTo-SecureString -AsPlainText -Force -String $passwd))
     }
-
     [System.String] GetFieldValue([string]$Slug) {
-        $value = $this.Items.Where({$_.Slug -eq $Slug}).ItemValue
+        $value = $this.Items.Where( { $_.Slug -eq $Slug }).ItemValue
         return $value
     }
 }
diff --git a/src/en-us/about_tsssecret.help.txt b/src/en-us/about_tsssecret.help.txt
@@ -25,5 +25,10 @@ METHODS
     [System.String] GetFieldValue(string Slug)
         Pulls the ItemValue of the field based on the slug name
 
+    [Boolean] SetFieldValue(string Slug, Value)
+        Sets the ItemValue value of a Field item
+
 RELATED LINKS:
-    Get-TssSecret
+    Get-TssSecret
+    Get-TssSecretStub
+    New-TssSecret
diff --git a/src/functions/secrets/New-Secret.ps1 b/src/functions/secrets/New-Secret.ps1
@@ -0,0 +1,92 @@
+function New-Secret {
+    <#
+    .SYNOPSIS
+    Create a new secret
+
+    .DESCRIPTION
+    Create a new secret
+
+    .EXAMPLE
+    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+    $TemplateId = 6003
+    $WindowsAccountTemplate = Get-TssSecretStub -TssSession $session -SecretTemplateId $TemplateId
+    $data = Import-Csv c:\temp\testdata.csv
+    $createdSecrets = @()
+    foreach ($item in $data) {
+        $currentTemplate = $WindowsAccountTemplate.PSObject.Copy()
+        $machine = $item.Machine
+        $user = $item.Username
+
+        $currentTemplate.Name = "$machine $user"
+        $currentTemplate.FolderId = 9
+        $currentTemplate.Items.SetFieldValue('Machine',$item.Machine) > $null
+        $currentTemplate.Items.SetFieldValue('Username',$item.Username) > $null
+        $currentTemplate.Items.SetFieldValue('Password',$item.Password) > $null
+
+        $created = New-TssSecret -TssSession $session -SecretStub $currentTemplate -Verbose
+        $createdSecrets += $created
+
+        Remove-Variable currentTemplate,machine,user -Force
+    }
+    return $createdSecrets | Select-Object FolderId, Name, SecretTemplateName, Active
+
+    Accept input from CSV file that contains Machine, Username and Password. Iterate over each record and create a secret.
+    Output will show the FolderId, Name, SecretTemplateName, and Active properties.
+
+    .LINK
+    https://thycotic.secretserver.github.io/commands/New-TssSecret
+
+    .NOTES
+    Requires TssSession object returned by New-TssSession
+    #>
+    [CmdletBinding(SupportsShouldProcess)]
+    [OutputType('TssSecret')]
+    param (
+        # TssSession object created by New-TssSession for auth
+        [Parameter(Mandatory,
+            ValueFromPipeline,
+            Position = 0)]
+        [TssSession]$TssSession,
+
+        # Input object obtained via Get-TssSecretStub
+        [Parameter(Mandatory, Position = 1)]
+        [TssSecret]
+        $SecretStub
+    )
+
+    begin {
+        $tssParams = $PSBoundParameters
+        $invokeParams = @{ }
+    }
+
+    process {
+        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
+        if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
+            $restResponse = $null
+            $uri = $TssSession.ApiUrl, 'secrets' -join '/'
+            $invokeParams.Uri = $uri
+            $invokeParams.Method = 'POST'
+
+            <# validate propert default values #>
+            if ($SecretStub.SiteId -lt 1) {
+                $SecretStub.SiteId = 1
+            }
+            $invokeParams.Body = ($SecretStub | ConvertTo-Json)
+            $invokeParams.PersonalAccessToken = $TssSession.AccessToken
+            Write-Verbose "$($invokeParams.Method) $uri with:`n $SecretStub"
+            if (-not $PSCmdlet.ShouldProcess($SecretStub.Name, "$($invokeParams.Method) $uri with $($invokeParams.Body)")) { return }
+            try {
+                $restResponse = Invoke-TssRestApi @invokeParams
+            } catch {
+                Write-Warning "Issue creating report [$ReportName]"
+                $err = $_.ErrorDetails.Message
+                Write-Error $err
+            }
+            if ($restResponse) {
+                . $TssSecretObject $restResponse
+            }
+        } else {
+            Write-Warning "No valid session found"
+        }
+    }
+}
diff --git a/tests/secrets/New-TssSecret.Tests.ps1 b/tests/secrets/New-TssSecret.Tests.ps1
@@ -0,0 +1,90 @@
+BeforeDiscovery {
+    $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
+    . ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1'))
+}
+Describe "$commandName verify parameters" {
+    BeforeDiscovery {
+        [object[]]$knownParameters = 'TssSession','SecretStub'
+        [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys
+        [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
+        $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
+    }
+    Context "Verify parmaeters" -ForEach @{currentParams = $currentParams } {
+        It "$commandName should contain <_> parameter" -TestCases $knownParameters {
+            $_ -in $currentParams | Should -Be $true
+        }
+        It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
+            $_ | Should -BeNullOrEmpty
+        }
+    }
+    Context "Command specific details" {
+        It "$commandName should set OutputType to TssSecret" -TestCases $commandDetails {
+            $_.OutputType.Name | Should -Be 'TssSecret'
+        }
+    }
+}
+Describe "$commandName works" {
+    BeforeDiscovery {
+        $session = New-TssSession -SecretServer $ss -Credential $ssCred
+        $invokeParams = @{
+            Uri                 = "$ss/api/v1/folders?take=$($session.take)"
+            ExpandProperty      = 'records'
+            PersonalAccessToken = $session.AccessToken
+        }
+        $getFolders = Invoke-TssRestApi @invokeParams
+        $tssSecretFolder = $getFolders.Where( { $_.folderPath -eq '\tss_module_testing\NewSecret' })
+
+        $invokeParams = @{
+            Uri = "$ss/api/v1/secret-templates?take=$($session.take)&filter.searchText=tssFileTemplate"
+            ExpandProperty = 'records'
+            PersonalAccessToken = $session.AccessToken
+        }
+        $getTemplates = Invoke-TssRestApi @invokeParams
+
+        # Prep work
+        $stub = Get-TssSecretStub -TssSession $session -SecretTemplateId $getTemplates.Id -FolderId $tssSecretFolder.Id
+
+        $testCase = [pscustomobject]@{
+            SecretName = "tssNewFileSecret$(Get-Random)"
+            FolderId = $tssSecretFolder.Id
+            Username = "tssUsername$(Get-Random)"
+            Password = "$((New-Guid).Guid)"
+        }
+
+        $stub.Name = $testCase.SecretName
+        $stub.FolderId = $testCase.FolderId
+        $stub.Items.SetFieldValue('username',$testCase.Username)
+        $stub.Items.SetFieldValue('password',$testCase.Password)
+
+        $newSecret = New-TssSecret -TssSession $session -SecretStub $stub
+        $createdSecret = Get-TssSecret -TssSession $session -Id $newSecret.Id
+
+        $session.SessionExpire()
+        $props = 'Name', 'ProxyEnabled', 'Items'
+    }
+    Context "Checking" -ForEach @{newSecret = $newSecret} {
+        It "Should not be empty" {
+            $newSecret | Should -Not -BeNullOrEmpty
+        }
+        It "Should output <_> property" -TestCases $props {
+            $newSecret.PSObject.Properties.Name | Should -Contain $_
+        }
+    }
+    Context "Validate created secret" -Foreach @{createdSecret = $createdSecret} {
+        It "Should not be empty" {
+            $createdSecret | Should -Not -BeNullOrEmpty
+        }
+        It "Should have set secret's Name to <_.SecretName>" -TestCases $testCase {
+            $createdSecret.Name | Should -Be $_.SecretName
+        }
+        It "Should have set FolderId to <_.FolderId>" -TestCases $testCase {
+            $createdSecret.FolderId | Should -Be $_.FolderId
+        }
+        It "Should have set Username to <_.Username>" -TestCases $testCase {
+            $createdSecret.GetFieldValue('Username') | Should -Be $_.Username
+        }
+        It "Should have set Password to <_.Password>" -TestCases $testCase {
+            $createdSecret.GetFieldValue('Password') | Should -Be $_.Password
+        }
+    }
+}