Get-Secret - Add Path support fixes #174

thycotic-ps · May 4, 2021 · e3fcf0e · e3fcf0e
1 parent 8415185
commit e3fcf0e
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 88 deletions.
diff --git a/src/functions/secrets/Get-Secret.ps1 b/src/functions/secrets/Get-Secret.ps1
@@ -36,6 +36,12 @@ function Get-Secret {
     Call GetCredential() method, only needing the username and password values for the PSCredential object.
     Call GetValue() method to get the 'server' value.
 
+    .EXAMPLE
+    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+    Get-TssSecret -TssSession $session -Path '\ABC Company\Vendors\Temp Secret - 32.178.249.171'
+
+    Get Secret via absolute path.
+
     .LINK
     https://thycotic-ps.github.io/thycotic.secretserver/commands/Get-TssSecret
 
@@ -45,47 +51,59 @@ function Get-Secret {
     .NOTES
     Requires TssSession object returned by New-TssSession
     #>
-    [cmdletbinding(DefaultParameterSetName = 'secret')]
+    [cmdletbinding(DefaultParameterSetName = 'all')]
     [OutputType('TssSecret')]
     param(
         # TssSession object created by New-TssSession for auth
-        [Parameter(Mandatory,ValueFromPipeline,Position = 0)]
+        [Parameter(Mandatory,Position = 0)]
         [TssSession]
         $TssSession,
 
         # Secret ID to retrieve
-        [Parameter(Mandatory,ValueFromPipelineByPropertyName,ParameterSetName = 'secret')]
-        [Parameter(ParameterSetName = 'restricted')]
+        [Parameter(ParameterSetName = 'secret')]
+        [Parameter(ParameterSetName = 'all')]
         [Alias("SecretId")]
         [int[]]
         $Id,
 
+        # Secret ID to retrieve
+        [Parameter(ParameterSetName = 'path')]
+        [Parameter(ParameterSetName = 'all')]
+        [string]
+        $Path,
+
         # Comment to provide for restricted secret (Require Comment is enabled)
+        [Parameter(ParameterSetName = 'all')]
         [Parameter(ParameterSetName = 'restricted')]
         [string]
         $Comment,
 
         # Double lock password, provie as a secure string
+        [Parameter(ParameterSetName = 'all')]
         [Parameter(ParameterSetName = 'restricted')]
         [securestring]
         $DoublelockPassword,
 
         # Check in the secret if it is checked out
+        [Parameter(ParameterSetName = 'all')]
         [Parameter(ParameterSetName = 'restricted')]
         [switch]
         $ForceCheckIn,
 
         # Include secrets that are inactive/disabled
+        [Parameter(ParameterSetName = 'all')]
         [Parameter(ParameterSetName = 'restricted')]
         [switch]
         $IncludeInactive,
 
         # Associated ticket number (required for ticket integrations)
+        [Parameter(ParameterSetName = 'all')]
         [Parameter(ParameterSetName = 'restricted')]
         [string]
         $TicketNumber,
 
         # Associated ticket system ID (required for ticket integrations)
+        [Parameter(ParameterSetName = 'all')]
         [Parameter(ParameterSetName = 'restricted')]
         [int]
         $TicketSystemId
@@ -102,11 +120,24 @@ function Get-Secret {
             }
         }
     }
-
     process {
         Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
         if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
             . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
+
+            if ($tssParams.ContainsKey('Path')) {
+                $secretName = Split-Path $Path -Leaf
+                $pathLeaf = Split-Path (Split-Path $Path -Parent) -Leaf
+                $folderFound = . $SearchFolders $TssSession $pathLeaf | Where-Object FolderPath -EQ $Path
+                $folderId = $folderFound.Id
+                $Id = (. $SearchSecrets $TssSession $folderId $secretName | Where-Object Name -EQ $secretName).Id
+
+                if (-not $Id) {
+                    Write-Verbose "No secret found at path [$Path]"
+                    return
+                }
+            }
+
             foreach ($secret in $Id) {
                 $restResponse = $null
                 $uri = $TssSession.ApiUrl, 'secrets', $secret -join '/'
@@ -128,7 +159,7 @@ function Get-Secret {
                     $invokeParams.Uri = $uri
                     $invokeParams.Method = 'POST'
                     $invokeParams.Body = $getBody | ConvertTo-Json
-                }else {
+                } else {
                     $uri = $uri
                     $invokeParams.Uri = $uri
                     $invokeParams.Method = 'GET'

diff --git a/src/parts/SearchFolders.ps1 b/src/parts/SearchFolders.ps1
@@ -21,7 +21,7 @@ begin {
 process {
     $restResponse = $null
     $uri = $TssSession.ApiUrl, 'folders' -join '/'
-    $uri = $uri, "sortBy[0].direction=asc&sortBy[0].name=FolderPath&take=$($TssSession.Take)&filter.folderTypeId=1" -join '?'
+    $uri = $uri, "sortBy[0].direction=asc&sortBy[0].name=FolderPath&take=$($TssSession.Take)&filter.folderTypeId=1&filter.searchText=$SearchText" -join '?'
 
     $invokeParams.Uri = $uri
     $invokeParams.Method = 'GET'

diff --git a/src/parts/SearchSecrets.ps1 b/src/parts/SearchSecrets.ps1
@@ -0,0 +1,61 @@
+[cmdletbinding()]
+param(
+    [Parameter(Mandatory,Position = 0)]
+    [TssSession]
+    $TssSession,
+
+    [Parameter(Mandatory,Position = 1)]
+    [int]
+    $FolderId,
+
+    [Parameter(Mandatory,Position = 2)]
+    [string]
+    $SearchText
+)
+begin {
+    $invokeParams = . $GetInvokeTssParams $TssSession
+}
+process {
+    . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
+    $uri = $TssSession.ApiUrl, 'secrets' -join '/'
+    $uri += "?take=$($TssSession.Take)"
+    $uri += "&filter.includeRestricted=true&filter.isExactmatch=true"
+
+    $filters = @()
+    $filters += "filter.searchText=$SearchText"
+    $filters += "filter.folderId=$FolderId"
+
+    if ($filters) {
+        $uriFilter = $filters -join '&'
+        Write-Verbose "Filters: $uriFilter"
+        $uri = $uri, $uriFilter -join '&'
+    }
+
+    $invokeParams.Uri = $uri
+
+    $invokeParams.Method = 'GET'
+    Write-Verbose "$($invokeParams.Method) $uri"
+    try {
+        $restResponse = . $InvokeApi @invokeParams
+    } catch {
+        Write-Warning "Issue on search request"
+        $err = $_
+        . $ErrorHandling $err
+    }
+
+    if ($restResponse.records) {
+        foreach ($secret in $restResponse.records) {
+            if (-not $restResponse.lastPasswordChangeAttempt) {
+                $secret.lastPasswordChangeAttempt = [datetime]::MinValue
+            }
+            if (-not $restResponse.lastAccessed) {
+                $secret.lastAccessed = [datetime]::MinValue
+            }
+            if (-not $restResponse.createDate) {
+                $secret.createDate = [datetime]::MinValue
+            }
+
+            [TssSecretSummary]$secret
+        }
+    }
+}
diff --git a/tests/secrets/Get-Secret.Tests.ps1 b/tests/secrets/Get-Secret.Tests.ps1
@@ -0,0 +1,27 @@
+BeforeDiscovery {
+    $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
+    . ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1'))
+}
+Describe "$commandName verify parameters" {
+    BeforeDiscovery {
+        [object[]]$knownParameters = 'TssSession', 'Id', 'Path'
+        # restricted
+        'Comment', 'DoublelockPassword', 'ForceCheckIn', 'IncludeInactive', 'TicketNumber', 'TicketSystemId'
+        [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName, 'Function')).Parameters.Keys
+        [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
+        $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
+    }
+    Context "Verify parameters" -Foreach @{currentParams = $currentParams} {
+        It "$commandName should contain <_> parameter" -TestCases $knownParameters {
+            $_ -in $currentParams | Should -Be $true
+        }
+        It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
+            $_ | Should -BeNullOrEmpty
+        }
+    }
+    Context "Command specific details" {
+        It "$commandName should set OutputType to TssSecret" -TestCases $commandDetails {
+            $_.OutputType.Name | Should -Be 'TssSecret'
+        }
+    }
+}
diff --git a/tests/secrets/Get-TssSecret.Tests.ps1 b/tests/secrets/Get-TssSecret.Tests.ps1