Get-TssFolderPermission - closes #88

thycotic-ps · Feb 26, 2021 · db137c2 · db137c2
1 parent a128a5d
commit db137c2
Show file tree

Hide file tree

Showing 3 changed files with 151 additions and 0 deletions.
diff --git a/src/en-us/about_tssfolderpermission.help.txt b/src/en-us/about_tssfolderpermission.help.txt
@@ -0,0 +1,29 @@
+TOPIC
+    This help topic describes the TssFolderPermission class in the Thycotic.SecretServer module
+
+CLASS
+    TssFolderPermission
+
+INHERITANCE
+    None
+
+DESCRIPTION
+    The TssFolderPermission class represents the FolderPermissionModel object returned by Secret Server endpoint GET /folder-permissions/{id}
+
+CONSTRUCTORS
+    new()
+
+PROPERTIES
+    FolderAccessRoleId
+        Folder Access Role Id
+
+    GroupId
+        Group Id
+
+    SecretAccessRoleId
+        Secret Access Role Id
+
+METHODS
+
+RELATED LINKS:
+    Get-TssFolderPermission
diff --git a/src/functions/folder-permissions/Get-FolderPermission.ps1 b/src/functions/folder-permissions/Get-FolderPermission.ps1
@@ -0,0 +1,72 @@
+function Get-FolderPermission {
+    <#
+    .SYNOPSIS
+    Get a folder permission(s)
+
+    .DESCRIPTION
+    Get a folder permission(s)
+
+    .EXAMPLE
+    PS> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+    PS> Get-TssFolderPermission -TssSession $session -Id 36
+
+    Returns Folder Permission(s) for Folder ID
+
+    .NOTES
+    Requires TssSession object returned by New-TssSession
+    #>
+    [CmdletBinding()]
+    [OutputType('TssFolderPermission')]
+    param (
+        # TssSession object created by New-TssSession for auth
+        [Parameter(Mandatory,
+            ValueFromPipeline,
+            Position = 0)]
+        [TssSession]$TssSession,
+
+        # Folder Permission ID
+        [Parameter(Mandatory,ValueFromPipelineByPropertyName)]
+        [Alias("FolderPermissionId")]
+        [int[]]
+        $Id,
+
+        # Include inactive Folder Permissions in results
+        [switch]
+        $IncludeInactive
+    )
+    begin {
+        $tssParams = $PSBoundParameters
+        $invokeParams = . $GetInvokeTssParams $TssSession
+    }
+
+    process {
+        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
+        if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
+            foreach ($folderPermission in $Id) {
+                $restResponse = $null
+                $uri = $TssSession.ApiUrl, 'folder-permissions', $folderPermission -join '/'
+                $invokeParams.Uri = $uri
+                $invokeParams.Method = 'GET'
+
+                Write-Verbose "$($invokeParams.Method) $uri with $body"
+                try {
+                    $restResponse = Invoke-TssRestApi @invokeParams
+                } catch {
+                    Write-Warning "Issue getting folder permission on [$folderPermission]"
+                    $err = $_
+                    . $ErrorHandling $err
+                }
+
+                if ($restResponse) {
+                    [TssFolderPermission]@{
+                        FolderAccessRoleId = $restResponse.folderAccessRoleId
+                        GroupId            = $restResponse.groupId
+                        SecretAccessRole   = $restResponse.secretAccessRoleId
+                    }
+                }
+            }
+        } else {
+            Write-Warning "No valid session found"
+        }
+    }
+}
diff --git a/tests/folder-permissions/Get-TssFolderPermission.Tests.ps1 b/tests/folder-permissions/Get-TssFolderPermission.Tests.ps1
@@ -0,0 +1,50 @@
+BeforeDiscovery {
+    $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
+    . ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1'))
+}
+Describe "$commandName verify parameters" {
+    BeforeDiscovery {
+        [object[]]$knownParameters = 'TssSession', 'Id', 'IncludeInactive'
+        [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys
+        [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
+        $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
+    }
+    Context "Verify parameters" -Foreach @{currentParams = $currentParams} {
+        It "$commandName should contain <_> parameter" -TestCases $knownParameters {
+            $_ -in $currentParams | Should -Be $true
+        }
+        It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
+            $_ | Should -BeNullOrEmpty
+        }
+    }
+    Context "Command specific details" {
+        It "$commandName should set OutputType to TssFolderPermission" -TestCases $commandDetails {
+            $_.OutputType.Name | Should -Be 'TssFolderPermission'
+        }
+    }
+}
+Describe "$commandName works" {
+    BeforeDiscovery {
+        $session = New-TssSession -SecretServer $ss -Credential $ssCred
+        $invokeParams = @{
+            Uri = "$ss/api/v1/folders?take=$($session.take)"
+            ExpandProperty = 'records'
+            PersonalAccessToken = $session.AccessToken
+        }
+        $getFolders = Invoke-TssRestApi @invokeParams
+        $tssSecretFolder = $getFolders.Where({$_.folderPath -eq '\tss_module_testing'})
+
+        $searchFolderPerm = Search-TssFolderPermission -TssSession $session -FolderId $tssSecretFolder.id
+        $object = Get-TssFolderPermission -TssSession $session -Id $searchFolderPerm.FolderPermissionId
+        $session.SessionExpire()
+        $props = 'FolderAccessRoleId', 'GroupId', 'SecretAccessRole'
+    }
+    Context "Checking" -Foreach @{object = $object} {
+        It "Should not be empty" {
+            $object | Should -Not -BeNullOrEmpty
+        }
+        It "Should output <_> property" -TestCases $props {
+            $object[0].PSObject.Properties.Name | Should -Contain $_
+        }
+    }
+}