Update-TssSecretAccessRequest - new command

thycotic-ps · Aug 26, 2021 · ca09f56 · ca09f56
1 parent a858c90
commit ca09f56
Show file tree

Hide file tree

Showing 7 changed files with 315 additions and 8 deletions.
diff --git a/docs/commands/secret-access-requests/Update-TssSecretAccessRequest.md b/docs/commands/secret-access-requests/Update-TssSecretAccessRequest.md
@@ -0,0 +1,166 @@
+# Update-TssSecretAccessRequest
+
+## SYNOPSIS
+Update a Access Request for the current user
+
+## SYNTAX
+
+```
+Update-TssSecretAccessRequest [-TssSession] <Session> -RequestId <Int32> -Status <SecretAccessStatus>
+ [-StartDate <String>] [-ExpirationDate <String>] [-Response <String>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+Update a Access Request for the current user
+
+## EXAMPLES
+
+### EXAMPLE 1
+```
+session = New-TssSession -SecretServer https://alpha -Credential ssCred
+Update-TssSecretAccessRequest -TssSession $session -RequestId
+```
+
+Update ...
+
+## PARAMETERS
+
+### -TssSession
+TssSession object created by New-TssSession for authentication
+
+```yaml
+Type: Session
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -RequestId
+Secret Access Request Id
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases: SecretAccessRequestId
+
+Required: True
+Position: Named
+Default value: 0
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Status
+Set the status desired (Pending, Approved, Denied, Canceled)
+
+```yaml
+Type: SecretAccessStatus
+Parameter Sets: (All)
+Aliases:
+Accepted values: Approved, Canceled, Denied, Pending
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -StartDate
+Start date, defaults to now (current datetime)
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: [datetime]::Now
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExpirationDate
+Expiration date
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Response
+Response or comment
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+Requires TssSession object returned by New-TssSession
+
+## RELATED LINKS
+
+[https://thycotic-ps.github.io/thycotic.secretserver/commands/secret-access-requests/Update-TssSecretAccessRequest](https://thycotic-ps.github.io/thycotic.secretserver/commands/secret-access-requests/Update-TssSecretAccessRequest)
+
+[https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secret-access-requests/Update-TssSecretAccessRequest.ps1](https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secret-access-requests/Update-TssSecretAccessRequest.ps1)
+
diff --git a/src/Thycotic.SecretServer.psd1 b/src/Thycotic.SecretServer.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: Shawn Melton
 #
-# Generated on: 8/25/2021
+# Generated on: 8/26/2021
 #
 
 @{
@@ -94,7 +94,7 @@ FunctionsToExport = 'Add-TssEventPipeline', 'Add-TssFolderPermission',
                'Get-TssReport', 'Get-TssReportCategory', 'Get-TssReportParameter', 
                'Get-TssReportSchedule', 'Get-TssRpcAssociatedSecret', 
                'Get-TssRpcPasswordType', 'Get-TssScript', 'Get-TssSecret', 
-               'Get-TssSecretAccessRequestOption', 
+               'Get-TssSecretAccessRequest', 'Get-TssSecretAccessRequestOption', 
                'Get-TssSecretAccessRequestSecret', 'Get-TssSecretAttachment', 
                'Get-TssSecretAudit', 'Get-TssSecretDependency', 
                'Get-TssSecretDependencyGroup', 'Get-TssSecretDependencyRunStatus', 
@@ -113,9 +113,10 @@ FunctionsToExport = 'Add-TssEventPipeline', 'Add-TssFolderPermission',
                'New-TssReport', 'New-TssReportSchedule', 'New-TssScript', 
                'New-TssSecret', 'New-TssSecretDependency', 
                'New-TssSecretDependencyGroup', 'New-TssSecretHook', 
-               'New-TssSecretPermission', 'New-TssSecretTemplate', 
-               'New-TssSecretTemplateField', 'New-TssSession', 'New-TssUser', 
-               'Open-TssSecret', 'Remove-TssEventPipeline', 'Remove-TssFolder', 
+               'New-TssSecretPermission', 'New-TssSecretPolicy', 
+               'New-TssSecretTemplate', 'New-TssSecretTemplateField', 
+               'New-TssSession', 'New-TssUser', 'Open-TssSecret', 
+               'Remove-TssEventPipeline', 'Remove-TssFolder', 
                'Remove-TssFolderPermission', 'Remove-TssFolderTemplate', 
                'Remove-TssGroupMember', 'Remove-TssMetadata', 'Remove-TssReport', 
                'Remove-TssReportCategory', 'Remove-TssReportSchedule', 
@@ -147,7 +148,8 @@ FunctionsToExport = 'Add-TssEventPipeline', 'Add-TssFolderPermission',
                'Unlock-TssUser', 'Update-TssFolder', 'Update-TssFolderPermission', 
                'Update-TssGroupMember', 'Update-TssMetadataField', 
                'Update-TssMetadataSection', 'Update-TssSecret', 
-               'Update-TssSecretHook', 'Update-TssSecretPermission', 
+               'Update-TssSecretAccessRequest', 'Update-TssSecretHook', 
+               'Update-TssSecretPermission', 'Update-TssSecretPolicy', 
                'Update-TssSecretRdpLauncherSetting', 
                'Update-TssSecretTemplateField', 'Update-TssUser', 
                'Update-TssUserPassword', 'Write-TssSecretAccessRequestViewComment'

diff --git a/src/Thycotic.SecretServer/classes/secret-policies/PolicyItem.cs b/src/Thycotic.SecretServer/classes/secret-policies/PolicyItem.cs
@@ -21,6 +21,6 @@ public class PolicyItem
         public int ValueInt { get; set; }
         public int ValueSecretId { get; set; }
         public string ValueString { get; set; }
-        public SecretPolicyType ValueType { get; set; }
+        public SecretPolicyValueType ValueType { get; set; }
     }
 }
diff --git a/src/Thycotic.SecretServer/enums/secret-access-requests/SecretAccessStatus.cs b/src/Thycotic.SecretServer/enums/secret-access-requests/SecretAccessStatus.cs
@@ -0,0 +1,15 @@
+using System;
+using System.Threading.Tasks;
+using System.Management.Automation;
+using System.Management.Automation.Runspaces;
+
+namespace Thycotic.PowerShell.Enums
+{
+    public enum SecretAccessStatus
+    {
+        Approved,
+        Canceled,
+        Denied,
+        Pending
+    }
+}
diff --git a/...enums/secret-policies/SecretPolicyType.cs → .../secret-policies/SecretPolicyValueType.cs b/...enums/secret-policies/SecretPolicyType.cs → .../secret-policies/SecretPolicyValueType.cs
@@ -5,7 +5,7 @@
 
 namespace Thycotic.PowerShell.Enums
 {
-    public enum SecretPolicyType
+    public enum SecretPolicyValueType
     {
         Bool,
         Int,

diff --git a/src/functions/secret-access-requests/Update-TssSecretAccessRequest.ps1 b/src/functions/secret-access-requests/Update-TssSecretAccessRequest.ps1
@@ -0,0 +1,105 @@
+function Update-TssSecretAccessRequest {
+    <#
+    .SYNOPSIS
+    Update a Access Request for the current user
+
+    .DESCRIPTION
+    Update a Access Request for the current user
+
+    .EXAMPLE
+    session = New-TssSession -SecretServer https://alpha -Credential ssCred
+    Update-TssSecretAccessRequest -TssSession $session -RequestId
+
+    Update ...
+
+    .LINK
+    https://thycotic-ps.github.io/thycotic.secretserver/commands/secret-access-requests/Update-TssSecretAccessRequest
+
+    .LINK
+    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secret-access-requests/Update-TssSecretAccessRequest.ps1
+
+    .NOTES
+    Requires TssSession object returned by New-TssSession
+    #>
+    [cmdletbinding(SupportsShouldProcess)]
+    param(
+        # TssSession object created by New-TssSession for authentication
+        [Parameter(Mandatory, ValueFromPipeline, Position = 0)]
+        [Thycotic.PowerShell.Authentication.Session]
+        $TssSession,
+
+        # Secret Access Request Id
+        [Parameter(Mandatory, ValueFromPipelineByPropertyName)]
+        [Alias('SecretAccessRequestId')]
+        [int]
+        $RequestId,
+
+        # Set the status desired (Pending, Approved, Denied, Canceled)
+        [Parameter(Mandatory)]
+        [Thycotic.PowerShell.Enums.SecretAccessStatus]
+        $Status,
+
+        # Start date, defaults to now (current datetime)
+        [string]
+        $StartDate = [datetime]::Now,
+
+        # Expiration date
+        [string]
+        $ExpirationDate,
+
+        # Response or comment
+        [string]
+        $Response
+    )
+    begin {
+        $updateParams = $PSBoundParameters
+        $invokeParams = . $GetInvokeApiParams $TssSession
+    }
+    process {
+        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
+        if ($updateParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
+            . $CheckVersion $TssSession '10.9.000064' $PSCmdlet.MyInvocation
+            $restResponse = $null
+            $uri = $TssSession.ApiUrl, 'secret-access-requests' -join '/'
+            $invokeParams.Uri = $uri
+            $invokeParams.Method = 'PUT'
+
+            if ($Status -eq 'Denied' -and (-not $updateParams.ContainsKey('Response'))) {
+                Write-Warning 'A response is required when request has been denied'
+                return
+            }
+            if ($Status -eq 'Approved' -and (-not $updateParams.ContainsKey('ExpirationDate'))) {
+                Write-Warning 'A start and expiration date must be provided when Approving the request.'
+                return
+            }
+            $updateBody = @{}
+            $updateBody.Add('startDate',[datetime]$StartDate)
+            switch ($updateParams.Keys){
+                'RequestId' { $updateBody.Add('secretAccessRequestId',$RequestId) }
+                'Status' { $updateBody.Add('status',[string]$Status) }
+                'ExpirationDate' { $updateBody.Add('expirationDate',[datetime]$ExpirationDate) }
+                'Response' { $updateBody.Add('responseComment',$Response) }
+            }
+            $invokeParams.Body = $updateBody | ConvertTo-Json
+            if ($PSCmdlet.ShouldProcess("Secret Access Request: $RequestId", "$($invokeParams.Method) $uri with: `n$($invokeParams.Body)")) {
+                Write-Verbose "$($invokeParams.Method) $uri with: `n$($invokeParams.Body)"
+                try {
+                    $apiResponse = Invoke-TssApi @invokeParams
+                    $restResponse = . $ProcessResponse $apiResponse
+                } catch {
+                    Write-Warning "Issue updating Secret Access Request [$RequestId]"
+                    $err = $_
+                    . $ErrorHandling $err
+                }
+
+                if ($restResponse) {
+                    Write-Verbose "Secret Access Request [$RequestId] updated successfully"
+                } else {
+                    Write-Warning "Secret Access Request [$RequestId] was not updated, see previous output for errors"
+                }
+            }
+        } else {
+            Write-Warning 'No valid session found'
+        }
+    }
+}
diff --git a/tests/secret-access-requests/Update-TssSecretAccessRequest.Tests.ps1 b/tests/secret-access-requests/Update-TssSecretAccessRequest.Tests.ps1
@@ -0,0 +1,19 @@
+BeforeDiscovery {
+    $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
+}
+Describe "$commandName verify parameters" {
+    BeforeDiscovery {
+        [object[]]$knownParameters = 'TssSession','RequestId','Status','StartDate','ExpirationDate','Response'
+        [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys
+        [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
+        $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
+    }
+    Context "Verify parameters" -Foreach @{currentParams = $currentParams } {
+        It "$commandName should contain <_> parameter" -TestCases $knownParameters {
+            $_ -in $currentParams | Should -Be $true
+        }
+        It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
+            $_ | Should -BeNullOrEmpty
+        }
+    }
+}