Search-TssSecretAccessRequest - new command

thycotic-ps · Jul 30, 2021 · 7d7f0c8 · 7d7f0c8
1 parent 5a71da2
commit 7d7f0c8
Show file tree

Hide file tree

Showing 9 changed files with 383 additions and 3 deletions.
diff --git a/.vscode/tss.code-snippets b/.vscode/tss.code-snippets
@@ -103,7 +103,7 @@
             "    https://thycotic-ps.github.io/thycotic.secretserver/commands/Search-Tss${1}",
             "",
             "    .LINK",
-            "    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/${7:Folder name}/Search-${1}.ps1",
+            "    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/${7:Folder name}/Search-Tss${1}.ps1",
             "",
             "    .EXAMPLE",
             "    \\$session = New-TssSession -SecretServer https://alpha -Credential \\$ssCred",

diff --git a/docs/about_topics/secret-access-requests/Request.md b/docs/about_topics/secret-access-requests/Request.md
@@ -72,7 +72,7 @@ title: "Request"
     StartDate: string (date-time)
         The Start Date of the request.
 
-    Status: AccessRequestState
+    Status: string
         The Status of the request, ("WaitingForRequest" "Pending" "Approved" "Denied" "Canceled" "Expired")
 
     StatusDescription: string

diff --git a/docs/commands/secret-access-requests/Search-TssSecretAccessRequest.md b/docs/commands/secret-access-requests/Search-TssSecretAccessRequest.md
@@ -0,0 +1,112 @@
+# Search-TssSecretAccessRequest
+
+## SYNOPSIS
+Search Access Request for Secrets by status for current user.
+
+## SYNTAX
+
+```
+Search-TssSecretAccessRequest [-TssSession] <Session> [-Status] <String> [-IsMyRequest] [-SortBy <String>]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+Search Access Request for Secrets by status for current user.
+
+## EXAMPLES
+
+### EXAMPLE 1
+```
+$session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+Search-TssAccessRequest -TssSession $session -IsMyRequest
+```
+
+Return all Access Requests that the connected user submitted
+
+### EXAMPLE 2
+```
+$session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+Search-TssAccessRequest -TssSession $session -Status Pending
+```
+
+Return all pending Access Requests where connected user is submitter or an approver
+
+## PARAMETERS
+
+### -TssSession
+TssSession object created by New-TssSession for auth
+
+```yaml
+Type: Session
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Status
+Status of the request
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -IsMyRequest
+Is request submitted by connecting user
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -SortBy
+Sort by specific property, default SecretId
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: SecretId
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+### Thycotic.PowerShell.AccessRequests.Request
+## NOTES
+Requires TssSession object returned by New-TssSession
+
+## RELATED LINKS
+
+[https://thycotic-ps.github.io/thycotic.secretserver/commands/Search-TssAccessRequest](https://thycotic-ps.github.io/thycotic.secretserver/commands/Search-TssAccessRequest)
+
+[https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secret-access-requests/Search-TssAccessRequest.ps1](https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secret-access-requests/Search-TssAccessRequest.ps1)
+
diff --git a/src/Thycotic.SecretServer.Format.ps1xml b/src/Thycotic.SecretServer.Format.ps1xml
@@ -2085,5 +2085,54 @@
       </TableControl>
     </View>
 
+    <View>
+      <Name>AccessRequest</Name>
+      <ViewSelectedBy>
+        <TypeName>Thycotic.PowerShell.AccessRequests.Request</TypeName>
+      </ViewSelectedBy>
+      <TableControl>
+        <TableHeaders>
+          <TableColumnHeader />
+          <TableColumnHeader />
+          <TableColumnHeader />
+          <TableColumnHeader />
+          <TableColumnHeader />
+          <TableColumnHeader />
+          <TableColumnHeader />
+          <TableColumnHeader />
+        </TableHeaders>
+        <TableRowEntries>
+          <TableRowEntry>
+            <TableColumnItems>
+              <TableColumnItem>
+                <PropertyName>SecretAccessRequestId</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>SecretId</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>SecretName</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>RequestDate</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>RequestUserName</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>RequestComment</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>StatusDescription</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>ExpirationDate</PropertyName>
+              </TableColumnItem>
+            </TableColumnItems>
+          </TableRowEntry>
+        </TableRowEntries>
+      </TableControl>
+    </View>
+
   </ViewDefinitions>
 </Configuration>
diff --git a/src/Thycotic.SecretServer.psd1 b/src/Thycotic.SecretServer.psd1
@@ -152,7 +152,8 @@
         'Get-TssVersion',
         'Test-TssVersion',
         'Search-TssWorkflowTemplate',
-        'Get-TssEventPipelineList'
+        'Get-TssEventPipelineList',
+        'Search-TssSecretAccessRequest'
     )
     Description          = 'PowerShell Tools for Thycotic Secret Server'
     Guid                 = 'e6b56c5f-41ac-4ba4-8b88-2c063f683176'

diff --git a/src/Thycotic.SecretServer/classes/secret-access-requests/Request.cs b/src/Thycotic.SecretServer/classes/secret-access-requests/Request.cs
@@ -25,6 +25,7 @@ public class Request
         public int SecretId { get; set; }
         public string SecretName { get; set; }
         public DateTime? StartDate { get; set; }
+        public string Status { get; set; }
         public string StatusDescription { get; set; }
         public string TicketNumber { get; set; }
         public int TicketSystemId { get; set; }

diff --git a/src/functions/secret-access-requests/Search-TssSecretAccessRequest.ps1 b/src/functions/secret-access-requests/Search-TssSecretAccessRequest.ps1
@@ -0,0 +1,95 @@
+function Search-TssSecretAccessRequest {
+    <#
+    .SYNOPSIS
+    Search Access Request for Secrets by status for current user.
+
+    .DESCRIPTION
+    Search Access Request for Secrets by status for current user.
+
+    .LINK
+    https://thycotic-ps.github.io/thycotic.secretserver/commands/Search-TssAccessRequest
+
+    .LINK
+    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secret-access-requests/Search-TssAccessRequest.ps1
+
+    .EXAMPLE
+    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+    Search-TssAccessRequest -TssSession $session -IsMyRequest
+
+    Return all Access Requests that the connected user submitted
+
+    .EXAMPLE
+    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+    Search-TssAccessRequest -TssSession $session -Status Pending
+
+    Return all pending Access Requests where connected user is submitter or an approver
+
+    .NOTES
+    Requires TssSession object returned by New-TssSession
+    #>
+    [CmdletBinding()]
+    [OutputType('Thycotic.PowerShell.AccessRequests.Request')]
+    param (
+        # TssSession object created by New-TssSession for auth
+        [Parameter(Mandatory,ValueFromPipeline, Position = 0)]
+        [Thycotic.PowerShell.Authentication.Session]
+        $TssSession,
+
+        # Status of the request
+        [Parameter(Mandatory, Position = 1)]
+        [ValidateSet('WaitingForRequest','Pending','Approved','Denied','Canceled','Expired')]
+        [string]
+        $Status,
+
+        # Is request submitted by connecting user
+        [switch]
+        $IsMyRequest,
+
+        # Sort by specific property, default SecretId
+        [string]
+        $SortBy = 'SecretId'
+    )
+    begin {
+        $tssParams = $PSBoundParameters
+        $invokeParams = . $GetInvokeTssParams $TssSession
+    }
+    process {
+        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
+        if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
+            . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
+            $uri = $TssSession.ApiUrl, 'secret-access-requests' -join '/'
+            $uri = $uri, "sortBy[0].direction=asc&sortBy[0].name=$SortBy&take=$($TssSession.Take)" -join '?'
+            $invokeParams.Method = 'GET'
+
+            $filters = @()
+            switch ($tssParams.Keys) {
+                'IsMyRequest' { $filters += "filter.IsMyRequest=$([boolean]$IsMyRequest)" }
+                'Status' { $filters += "filter.status=$Status" }
+            }
+            if ($filters) {
+                $uriFilter = $filters -join '&'
+                Write-Verbose "Filters: $uriFilter"
+                $uri = $uri, $uriFilter -join '&'
+            }
+            $invokeParams.Uri = $uri
+
+            Write-Verbose "Performing the operation $($invokeParams.Method) $uri"
+            try {
+                $restResponse = . $InvokeApi @invokeParams
+            } catch {
+                Write-Warning "Issue on search request"
+                $err = $_
+                . $ErrorHandling $err
+            }
+
+            if ($restResponse.records.Count -le 0 -and $restResponse.records.Length -eq 0) {
+                Write-Warning "No AccessRequest found"
+            }
+            if ($restResponse.records) {
+                [Thycotic.PowerShell.AccessRequests.Request[]]$restResponse.records
+            }
+        } else {
+            Write-Warning "No valid session found"
+        }
+    }
+}
diff --git a/tests/event-pipeline-policy/Get-TssEventPipelineList.Tests.ps1 b/tests/event-pipeline-policy/Get-TssEventPipelineList.Tests.ps1
@@ -0,0 +1,61 @@
+BeforeDiscovery {
+    $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
+}
+Describe "$commandName verify parameters" {
+    BeforeDiscovery {
+        [object[]]$knownParameters = 'TssSession', 'FolderId', 'IncludeInactive', 'SortBy'
+        [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys
+        [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
+        $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
+    }
+    Context "Verify parameters" -Foreach @{currentParams = $currentParams } {
+        It "$commandName should contain <_> parameter" -TestCases $knownParameters {
+            $_ -in $currentParams | Should -Be $true
+        }
+        It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
+            $_ | Should -BeNullOrEmpty
+        }
+    }
+    Context "Command specific details" {
+        It "$commandName should set OutputType to Thycotic.PowerShell.EventPipelinePolicy.List" -TestCases $commandDetails {
+            $_.OutputType.Name | Should -Be 'Thycotic.PowerShell.EventPipelinePolicy.List'
+        }
+    }
+}
+Describe "$commandName functions" {
+    Context "Checking" {
+        BeforeAll {
+            $session = [pscustomobject]@{
+                ApiVersion         = 'api/v1'
+                Take               = 2147483647
+                SecretServer       = 'http://alpha/'
+                SecretServerVersion= '10.9.000000'
+                ApiUrl             = 'http://alpha/api/v1'
+                AccessToken        = 'AgJf5YLChrisPine312UcBrM1s1KB2BGZ5Ufc4qLZ'
+                RefreshToken       = '9oacYeah0YqgBNg0L7VinDiesel6-Z9ITE51Humus'
+                TokenType          = 'bearer'
+                ExpiresIn          = 1199
+            }
+
+            Mock -Verifiable -CommandName Invoke-RestMethod -ParameterFilter { $Uri -match '/Endpoint' } -MockWith {
+                return [pscustomobject]@{
+                    # Object expected by REST API call
+                }
+            }
+            $object = Endpoint -TssSession $session Parameters
+            Assert-VerifiableMock
+        }
+        It "Should not be empty" {
+            $object | Should -Not -BeNullOrEmpty
+        }
+        It "Should have property <_>" -TestCases Properties {
+            $object[0].PSObject.Properties.Name | Should -Contain $_
+        }
+        It "Should have property Property equal value" {
+            $object.Property | Should -Be value
+        }
+        It "Should have called Invoke-RestMethod 2 times" {
+            Assert-MockCalled -CommandName Invoke-RestMethod -Times 2 -Scope Describe
+        }
+    }
+}