Skip to content

Commit

Permalink
Get-TssSecret - add 11.0 support for Secret Path functionality
Browse files Browse the repository at this point in the history
  • Loading branch information
@wsmelton
wsmelton committed Aug 5, 2021
1 parent 0c406e3 commit ba44fc3
Show file tree
Hide file tree
Showing 4 changed files with 88 additions and 78 deletions.
3 changes: 2 additions & 1 deletion .vscode/settings.json
View file
Expand Up @@ -34,6 +34,7 @@
"MD026": false,
"MD033": false,
"MD041": false,
"MD047": false
"MD047": false,
"MD028": false
}
}
17 changes: 9 additions & 8 deletions docs/commands/secrets/Get-TssSecret.md
View file
Expand Up @@ -7,20 +7,21 @@ Get a secret from Secret Server

### all (Default)
```
Get-TssSecret [-TssSession] <Session> [-Id] <Int32[]> [-Path <String>] [-Comment <String>]
Get-TssSecret [-TssSession] <Session> [[-Id] <Int32[]>] [-Path <String[]>] [-Comment <String>]
[-DoublelockPassword <SecureString>] [-ForceCheckIn] [-IncludeInactive] [-TicketNumber <String>]
[-TicketSystemId <Int32>] [<CommonParameters>]
```

### path
```
Get-TssSecret [-TssSession] <Session> [-Id] <Int32[]> [-Path <String>] [<CommonParameters>]
Get-TssSecret [-TssSession] <Session> [[-Id] <Int32[]>] [-Path <String[]>] [<CommonParameters>]
```

### restricted
```
Get-TssSecret [-TssSession] <Session> [-Id] <Int32[]> [-Comment <String>] [-DoublelockPassword <SecureString>]
[-ForceCheckIn] [-IncludeInactive] [-TicketNumber <String>] [-TicketSystemId <Int32>] [<CommonParameters>]
Get-TssSecret [-TssSession] <Session> [[-Id] <Int32[]>] [-Comment <String>]
[-DoublelockPassword <SecureString>] [-ForceCheckIn] [-IncludeInactive] [-TicketNumber <String>]
[-TicketSystemId <Int32>] [<CommonParameters>]
```

## DESCRIPTION
Expand Down Expand Up @@ -72,7 +73,7 @@ $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
Get-TssSecret -TssSession $session -Path '\ABC Company\Vendors\Temp Secret - 32.178.249.171'
```

Get Secret via absolute path.
Get Secret via path.

### EXAMPLE 6
```
Expand Down Expand Up @@ -116,18 +117,18 @@ Type: Int32[]
Parameter Sets: (All)
Aliases: SecretId

Required: True
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
```

### -Path
Secret ID to retrieve
Path of Secret to retrieve

```yaml
Type: String
Type: String[]
Parameter Sets: all, path
Aliases:

Expand Down
29 changes: 15 additions & 14 deletions docs/getting_started/compatibility.md
View file
Expand Up @@ -6,29 +6,30 @@ sort: 3

Secret Server REST API was first released with version 9.0. The API has grown since then and continues to grow as the product evolves. The module is tested on the latest Secret Server release available. This page aims to provide a list of endpoints that are only available in specific build versions of Secret Server.

The starting version for maintaining this content will be Secret Server 10.9.
{: .notice--warning}
> The starting version for maintaining this content will be Secret Server 10.9.
Each function included below will have a version check on Secret Server before the endpoint is called.
{: .notice--info}
> Each function included below will have a version check on Secret Server before the endpoint is called.
## Function List

The Secret Server version listed is the minimum required to use the function.
{: .notice--info}
> The Secret Server version listed is the minimum required to use the function.
| **Function Name** | **Secret Server Version** |
| --------------------------------- | ------------------------- |
| [Get-TssConfiguration] | 10.9.000032 |
| [Search-TssDistributedEngineSite] | 10.9.000032 |
| [Get-TssSecretAudit] | 10.9.000032 |
| [Get-TssSecretState] | 10.9.000032 |
| [Get-TssUserRoleAssigned] | 10.9.000032 |
| [Search-TssMetadata] | 10.9.000064 |
| **Function Name** | **Secret Server Version** |
| ----------------------------------- | ------------------------- |
| [Get-TssConfiguration] | 10.9.000032 |
| [Search-TssDistributedEngineSite] | 10.9.000032 |
| [Get-TssSecretAudit] | 10.9.000032 |
| [Get-TssSecretState] | 10.9.000032 |
| [Get-TssUserRoleAssigned] | 10.9.000032 |
| [Search-TssMetadata] | 10.9.000064 |
| [Get-TssFolder] (-FolderPath param) | 11.0.000000 |
| [Get-TssSecret] (-Path param) | 11.0.000000 |

[Get-TssSecretAudit]:/thycotic.secretserver/commands/secrets/Get-TssSecretAudit
[Get-TssUserRoleAssigned]:/thycotic.secretserver/commands/users/Get-TssUserRoleAssigned
[Get-TssSecretState]:/thycotic.secretserver/commands/secrets/Get-TssSecretState
[Get-TssConfiguration]:/thycotic.secretserver/commands/configurations/Get-TssConfiguration
[Search-TssDistributedEngineSite]:/thycotic.secretserver/commands/distributed-engine/Search-TssDistributedEngineSite
[Search-TssMetadata]:/thycotic.secretserver/commands/metadata/Search-TssMetadata
[Get-TssFolder]:/thycotic.secretserver/commands/folders/Get-TssFolder
[Get-TssSecret]:/thycotic.secretserver/commands/secrets/Get-TssSecret
117 changes: 62 additions & 55 deletions src/functions/secrets/Get-TssSecret.ps1
View file
Expand Up @@ -40,7 +40,7 @@ function Get-TssSecret {
$session = New-TssSession -SecretServer https://alpha -Credential $ssCred
Get-TssSecret -TssSession $session -Path '\ABC Company\Vendors\Temp Secret - 32.178.249.171'
Get Secret via absolute path.
Get Secret via path.
.EXAMPLE
$session = nts https://alpha $ssCred
Expand Down Expand Up @@ -73,15 +73,15 @@ function Get-TssSecret {
$TssSession,

# Secret ID to retrieve
[Parameter(Mandatory, ValueFromPipelineByPropertyName, Position = 0)]
[Parameter(ValueFromPipelineByPropertyName, Position = 0)]
[Alias('SecretId')]
[int[]]
$Id,

# Secret ID to retrieve
# Path of Secret to retrieve
[Parameter(ParameterSetName = 'path')]
[Parameter(ParameterSetName = 'all')]
[string]
[string[]]
$Path,

# Comment to provide for restricted secret (Require Comment is enabled)
Expand Down Expand Up @@ -135,65 +135,72 @@ function Get-TssSecret {
process {
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation

if ($tssParams.ContainsKey('Path')) {
$secretName = Split-Path $Path -Leaf
$pathLeaf = Split-Path (Split-Path $Path -Parent) -Leaf
$folderFound = . $SearchFolders $TssSession $pathLeaf | Where-Object FolderPath -EQ $Path
$folderId = $folderFound.Id
$searchSecret = Search-TssSecret $TssSession -FolderId $folderId -SearchText $secretName
$Id = $searchSecret.Where({ $_.Name -eq $secretName }).Id

if (-not $Id) {
Write-Verbose "No secret found at path [$Path]"
return
}
}
. $CheckVersion $TssSession '11.0.000000' $PSCmdlet.MyInvocation
foreach ($p in $Path) {
$restResponse = $null
$uri = $TssSession.ApiUrl, 'secrets', 0 -join '/'
$uri = $uri, "secretPath=$p" -join '?'
$invokeParams.Uri = $uri
$invokeParams.Method = 'GET'

foreach ($secret in $Id) {
$restResponse = $null
$uri = $TssSession.ApiUrl, 'secrets', $secret -join '/'

$getBody = @{}
if ($restrictedParams.Count -gt 0) {
switch ($tssParams.Keys) {
'IncludeInactive' { $getBody.Add('includeInactive', [boolean]$IncludeInactive) }
'Comment' { $getBody.Add('comment', $Comment) }
'ForceCheckIn' { $getBody.Add('forceCheckIn', [boolean]$ForceCheckIn) }
'TicketNumber' { $getBody.Add('ticketNumber', $TicketNumber) }
'TicketSystemId' { $getBody.Add('ticketSystemId', $TicketSystemId) }
'DoublelockPassword' {
$passwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($DoublelockPassword))
$getBody.Add('doubleLockPassword', $passwd)
}
Write-Verbose "$($invokeParams.Method) $uri"
try {
$apiResponse = Invoke-TssApi @invokeParams
$restResponse = . $ProcessResponse $apiResponse
} catch {
Write-Warning "Issue getting secret [$secret]"
$err = $_
. $ErrorHandling $err
}

$uri = $uri, 'restricted' -join '/'
$invokeParams.Uri = $uri
$invokeParams.Method = 'POST'
$invokeParams.Body = $getBody | ConvertTo-Json
} else {
$uri = $uri
$invokeParams.Uri = $uri
$invokeParams.Method = 'GET'
if ($restResponse) {
[Thycotic.PowerShell.Secrets.Secret]$restResponse
}
}
}

Write-Verbose "$($invokeParams.Method) $uri with:`t$($invokeParams.Body)`n"
try {
$apiResponse = Invoke-TssApi @invokeParams
$restResponse = . $ProcessResponse $apiResponse
} catch {
Write-Warning "Issue getting secret [$secret]"
$err = $_
. $ErrorHandling $err
}
if ($tssParams.ContainsKey('Id')) {
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
foreach ($secret in $Id) {
$restResponse = $null
$uri = $TssSession.ApiUrl, 'secrets', $secret -join '/'

$getBody = @{}
if ($restrictedParams.Count -gt 0) {
switch ($tssParams.Keys) {
'IncludeInactive' { $getBody.Add('includeInactive', [boolean]$IncludeInactive) }
'Comment' { $getBody.Add('comment', $Comment) }
'ForceCheckIn' { $getBody.Add('forceCheckIn', [boolean]$ForceCheckIn) }
'TicketNumber' { $getBody.Add('ticketNumber', $TicketNumber) }
'TicketSystemId' { $getBody.Add('ticketSystemId', $TicketSystemId) }
'DoublelockPassword' {
$passwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($DoublelockPassword))
$getBody.Add('doubleLockPassword', $passwd)
}
}

if ($restResponse) {
if ($restResponse.Code) {
$responseCodeMsg = $restResponse | ConvertTo-Json
Write-Error "Issue accessing secret:`n $responseCodeMsg"
$uri = $uri, 'restricted' -join '/'
$invokeParams.Uri = $uri
$invokeParams.Method = 'POST'
$invokeParams.Body = $getBody | ConvertTo-Json
} else {
$uri = $uri
$invokeParams.Uri = $uri
$invokeParams.Method = 'GET'
}

Write-Verbose "$($invokeParams.Method) $uri with:`t$($invokeParams.Body)`n"
try {
$apiResponse = Invoke-TssApi @invokeParams
$restResponse = . $ProcessResponse $apiResponse
} catch {
Write-Warning "Issue getting secret [$secret]"
$err = $_
. $ErrorHandling $err
}

if ($restResponse) {
[Thycotic.PowerShell.Secrets.Secret]$restResponse
}
}
Expand Down

0 comments on commit ba44fc3

Please sign in to comment.