diff --git a/src/classes/users/TssUserRoleSummary.class.ps1 b/src/classes/users/TssUserRoleSummary.class.ps1 new file mode 100644 index 00000000..a19a1abe --- /dev/null +++ b/src/classes/users/TssUserRoleSummary.class.ps1 @@ -0,0 +1,21 @@ +class TssGroupAssignedRole { + [int] + $GroupId + + [string] + $GroupName + +} +class TssUserRoleSummary { + [TssGroupAssignedRole[]] + $Groups + + [boolean] + $IsDirectAssignment + + [int] + $RoleId + + [string] + $RoleName +} \ No newline at end of file diff --git a/src/en-us/about_tssgroupassignedrole.help.txt b/src/en-us/about_tssgroupassignedrole.help.txt new file mode 100644 index 00000000..c22fe51c --- /dev/null +++ b/src/en-us/about_tssgroupassignedrole.help.txt @@ -0,0 +1,26 @@ +TOPIC + This help topic describes the TssGroupAssignedRole class in the Thycotic.SecretServer module + +CLASS + TssGroupAssignedRole + +INHERITANCE + None + +DESCRIPTION + The TssGroupAssignedRole class represents the GroupAssignedRole object returned by Secret Server endpoint GET /users/{userid}/roles-assigned + +CONSTRUCTORS + new() + +PROPERTIES + GroupId + Group ID of assigned group to User + + GroupName + Group Name of assigned group to User + +METHODS + +RELATED LINKS: + Get-TssUserRoleAssigned \ No newline at end of file diff --git a/src/en-us/about_tssuserrolesummary.help.txt b/src/en-us/about_tssuserrolesummary.help.txt new file mode 100644 index 00000000..9f0bdf96 --- /dev/null +++ b/src/en-us/about_tssuserrolesummary.help.txt @@ -0,0 +1,32 @@ +TOPIC + This help topic describes the TssUserRoleSummary class in the Thycotic.SecretServer module + +CLASS + TssUserRole + +INHERITANCE + None + +DESCRIPTION + The TssUserRoleSummary class represents the UserRoleSummary object returned by Secret Server endpoint GET /users/{userid}/roles-assigned + +CONSTRUCTORS + new() + +PROPERTIES + RoleId + Role ID assigned to user + + RoleName + Name of role assigned to user + + IsDirectAssignment + Is role directly assigned to the user + + Groups [TssGroupAssignedRole] + Groups to which the user belongs that have the role + +METHODS + +RELATED LINKS: + Get-TssUserRoleAssigned \ No newline at end of file diff --git a/src/functions/folders/Get-FolderAudit.ps1 b/src/functions/folders/Get-FolderAudit.ps1 index d486b647..ea8aa0b3 100644 --- a/src/functions/folders/Get-FolderAudit.ps1 +++ b/src/functions/folders/Get-FolderAudit.ps1 @@ -57,7 +57,7 @@ function Get-FolderAudit { . $ErrorHandling $err } - if ($restResponse) { + if ($restResponse.records) { . $TssFolderAuditSummaryObject $restResponse.records } } diff --git a/src/functions/users/Get-UserRoleAssigned.ps1 b/src/functions/users/Get-UserRoleAssigned.ps1 new file mode 100644 index 00000000..d181b519 --- /dev/null +++ b/src/functions/users/Get-UserRoleAssigned.ps1 @@ -0,0 +1,69 @@ +function Get-UserRoleAssigned { + <# + .SYNOPSIS + Get roles assigned to User Id + + .DESCRIPTION + Get roles assigned to User Id + + .EXAMPLE + PS> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred + PS> Get-TssUserRoleAssigned -TssSession $session -UserId 254 + + Returns roles assigned to the User ID 254 + + .NOTES + Requires TssSession object returned by New-TssSession + Only supported on 10.9.32 or higher of Secret Server + #> + [CmdletBinding()] + [OutputType('TssUserRoleSummary')] + param ( + # TssSession object created by New-TssSession for auth + [Parameter(Mandatory, + ValueFromPipeline, + Position = 0)] + [TssSession] + $TssSession, + + # Short description for parameter + [Parameter(Mandatory,ValueFromPipelineByPropertyName)] + [Alias("Id")] + [int[]] + $UserId + ) + begin { + $tssParams = $PSBoundParameters + $invokeParams = . $GetInvokeTssParams $TssSession + } + + process { + Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" + if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { + . $CheckVersion $TssSession '10.9.000032' $PSCmdlet.MyInvocation + + foreach ($user in $UserId) { + $restResponse = $null + $uri = $TssSession.ApiUrl, 'users', $user, 'roles-assigned' -join '/' + $uri = $uri, "take=$($TssSession.Take)" -join '?' + $invokeParams.Uri = $uri + $invokeParams.Method = 'GET' + + Write-Verbose "Performing the operation $($invokeParams.Method) $uri" + try { + $restResponse = Invoke-TssRestApi @invokeParams + } catch { + Write-Warning "Issue getting ___ on [$]" + $err = $_ + . $ErrorHandling $err + } + + if ($restResponse.records) { + . $TssUserRoleSummaryObject $restResponse.records + } + } + } else { + Write-Warning "No valid session found" + } + } +} \ No newline at end of file diff --git a/src/parts/CheckVersion.ps1 b/src/parts/CheckVersion.ps1 new file mode 100644 index 00000000..16232751 --- /dev/null +++ b/src/parts/CheckVersion.ps1 @@ -0,0 +1,29 @@ +<# + .Synopsis + Validates Version of Secret Server + .Description + Validates version of Secret Server + Throws a message if detected version is lower than input (minimum) +#> +[cmdletbinding()] +param( + [Parameter(Mandatory,Position = 0)] + [TssSession] + $TssSession, + + [Parameter(Mandatory,Position = 1)] + $MinimumSupported, + + [Parameter(Mandatory,Position = 2)] + [System.Management.Automation.InvocationInfo] + $Invocation +) + +process { + $source = $Invocation.MyCommand + $currentVersion = (Get-TssVersion -TssSession $TssSession).Version + + if ($MinimumSupported -ge $currentVersion) { + throw "[$source] is only supported on [$MinimumSupported]+ of Secret Server. Secret Server host [$($TssSession.SecretServer)] version: [$currentVersion]" + } +} \ No newline at end of file diff --git a/src/parts/TssUserRoleSummaryObject.ps1 b/src/parts/TssUserRoleSummaryObject.ps1 new file mode 100644 index 00000000..be45d7b3 --- /dev/null +++ b/src/parts/TssUserRoleSummaryObject.ps1 @@ -0,0 +1,50 @@ +<# + .Synopsis + Creates a TssUserRoleSummary object +#> +param( + [pscustomobject]$Object +) + +begin { + $Properties = $Object[0].PSObject.Properties.Name + if ($object.groups) { + $groupProperties = $Object.groups[0].PSObject.Properties.Name + } else { + Write-Verbose "No groups found on records object" + } +} + +process { + if ($groupProperties) { + $groups = @() + foreach ($g in $Object.groups) { + $group = [TssGroupAssignedRole]::new() + foreach ($iProp in $groupProperties) { + if ($iProp -in $group.PSObject.Properties.Name) { + $group.$iProp = $g.$iProp + } else { + Write-Warning "Property $iProp does not exist in the TssGroupAssignedRole class. Please create a bug report at https://github.com/thycotic-ps/thycotic.secretserver/issues/new/choose" + } + $groups += $group + } + } + } + + $outObject = @() + foreach ($r in $Object) { + $currentObject = [TssUserRoleSummary]::new() + foreach ($sProp in $Properties) { + if ($sProp -eq 'groups' -and $groups) { + $currentObject.Groups = $groups + } + if ($sProp -in $currentObject.PSObject.Properties.Name) { + $currentObject.$sProp = $r.$sProp + } else { + Write-Warning "Property $sProp does not exist in the TssUserRoleSummary class. Please create a bug report at https://github.com/thycotic-ps/thycotic.secretserver/issues/new/choose" + } + } + $outObject += $currentObject + } + return $outObject +} \ No newline at end of file diff --git a/src/parts/TssVersionObject.ps1 b/src/parts/TssVersionObject.ps1 index c2a4ae83..0e1e4633 100644 --- a/src/parts/TssVersionObject.ps1 +++ b/src/parts/TssVersionObject.ps1 @@ -24,7 +24,6 @@ process { $invokeParams.Uri = $Uri $invokeParams.Method = 'GET' - try { $restResponse = Invoke-TssRestApi @invokeParams } catch { diff --git a/tests/users/Get-TssUserRoleAssigned.Tests.ps1 b/tests/users/Get-TssUserRoleAssigned.Tests.ps1 new file mode 100644 index 00000000..29f26dcd --- /dev/null +++ b/tests/users/Get-TssUserRoleAssigned.Tests.ps1 @@ -0,0 +1,25 @@ +BeforeDiscovery { + $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf + . ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1')) +} +Describe "$commandName verify parameters" { + BeforeDiscovery { + [object[]]$knownParameters = 'TssSession', 'UserId' + [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys + [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') + $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru + } + Context "Verify parameters" -Foreach @{currentParams = $currentParams} { + It "$commandName should contain <_> parameter" -TestCases $knownParameters { + $_ -in $currentParams | Should -Be $true + } + It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { + $_ | Should -BeNullOrEmpty + } + } + Context "Command specific details" { + It "$commandName should set OutputType to TssUserRoleSummary" -TestCases $commandDetails { + $_.OutputType.Name | Should -Be 'TssUserRoleSummary' + } + } +} \ No newline at end of file