Venafi · gdbarron · Mar 20, 2024 · Dec 15, 2023 · Dec 15, 2023 · Mar 20, 2024
diff --git a/VenafiPS/Public/Invoke-VenafiRestMethod.ps1 b/VenafiPS/Public/Invoke-VenafiRestMethod.ps1
@@ -80,10 +80,20 @@ function Invoke-VenafiRestMethod {
         [Parameter()]
         [switch] $FullResponse,
 
+        [Parameter()]
+        [Int32] $TimeoutSec = 0,
+
         [Parameter()]
         [switch] $SkipCertificateCheck
     )
 
+    $params = @{
+        Method          = $Method
+        ContentType     = 'application/json'
+        UseBasicParsing = $true
+        TimeoutSec      = $TimeoutSec
+    }
+
 
     if ( $PSCmdLet.ParameterSetName -eq 'Session' ) {
 
@@ -131,6 +141,7 @@ function Invoke-VenafiRestMethod {
                     }
                 }
                 $SkipCertificateCheck = $VenafiSession.SkipCertificateCheck
+                $params.TimeoutSec = $VenafiSession.TimeoutSec
                 break
             }
 
@@ -187,14 +198,7 @@ function Invoke-VenafiRestMethod {
         }
     }
 
-    $uri = '{0}/{1}/{2}' -f $Server, $UriRoot, $UriLeaf
-
-    $params = @{
-        Method          = $Method
-        Uri             = $uri
-        ContentType     = 'application/json'
-        UseBasicParsing = $true
-    }
+    $params.Uri = '{0}/{1}/{2}' -f $Server, $UriRoot, $UriLeaf
 
     # append any headers passed in
     if ( $Header ) { $allHeaders += $Header }

diff --git a/VenafiPS/Public/New-VdcToken.ps1 b/VenafiPS/Public/New-VdcToken.ps1
@@ -44,6 +44,10 @@ function New-VdcToken {
     You can either provide a String, SecureString, or PSCredential.
     If providing a credential, the username is not used.
 
+    .PARAMETER SkipCertificateCheck
+    Bypass certificate validation when connecting to the server.
+    This can be helpful for pre-prod environments where ssl isn't setup on the website or you are connecting via IP.
+
     .PARAMETER VenafiSession
     VenafiSession object created from New-VenafiSession method.
 

diff --git a/VenafiPS/Public/New-VenafiSession.ps1 b/VenafiPS/Public/New-VenafiSession.ps1
@@ -81,6 +81,10 @@ function New-VenafiSession {
     .PARAMETER SkipCertificateCheck
     Bypass certificate validation when connecting to the server.
     This can be helpful for pre-prod environments where ssl isn't setup on the website or you are connecting via IP.
+    You can also create an environment variable named VENAFIPS_SKIP_CERT_CHECK and set it to 1 for the same effect.
+
+    .PARAMETER TimeoutSec
+    Specifies how long the request can be pending before it times out. Enter a value in seconds. The default value, 0, specifies an indefinite time-out.
 
     .PARAMETER PassThru
     Optionally, send the session object to the pipeline instead of script scope.
@@ -260,9 +264,19 @@ function New-VenafiSession {
         [string] $VaultVcKeyName,
 
         [Parameter()]
-        [switch] $PassThru,
+        [Int32] $TimeoutSec = 0,
 
         [Parameter()]
+        [switch] $PassThru,
+
+        [Parameter(ParameterSetName = 'TokenOAuth')]
+        [Parameter(ParameterSetName = 'TokenIntegrated')]
+        [Parameter(ParameterSetName = 'TokenCertificate')]
+        [Parameter(ParameterSetName = 'TokenJwt')]
+        [Parameter(ParameterSetName = 'AccessToken')]
+        [Parameter(ParameterSetName = 'RefreshToken')]
+        [Parameter(ParameterSetName = 'VaultAccessToken')]
+        [Parameter(ParameterSetName = 'VaultRefreshToken')]
         [switch] $SkipCertificateCheck
     )
 
@@ -286,6 +300,7 @@ function New-VenafiSession {
         Server = $serverUrl
     }
 
+    $newSession | Add-Member @{ 'TimeoutSec' = $TimeoutSec }
     $newSession | Add-Member @{ 'SkipCertificateCheck' = $SkipCertificateCheck.IsPresent }
 
     Write-Verbose ('Parameter set: {0}' -f $PSCmdlet.ParameterSetName)
@@ -380,6 +395,7 @@ function New-VenafiSession {
                     Scope       = $secretInfo.Metadata.Scope
                 }
                 $newSession.SkipCertificateCheck = [bool] $secretInfo.Metadata.SkipCertificateCheck
+                $newSession.TimeoutSec = $secretInfo.Metadata.TimeoutSec
             }
             else {
                 throw 'Server and ClientId metadata not found.  Execute New-VenafiSession -Server $server -Credential $cred -ClientId $clientId -Scope $scope -VaultAccessToken $secretName and attempt the operation again.'
@@ -429,6 +445,7 @@ function New-VenafiSession {
             $newSession.Server = $newToken.Server
             $newSession.Token.Scope = $secretInfo.Metadata.Scope | ConvertFrom-Json
             $newSession.SkipCertificateCheck = [bool] $secretInfo.Metadata.SkipCertificateCheck
+            $newSession.TimeoutSec = $secretInfo.Metadata.TimeoutSec
         }
 
         'Vaas' {
@@ -439,7 +456,10 @@ function New-VenafiSession {
             else { throw 'Unsupported type for -VcKey.  Provide either a String, SecureString, or PSCredential.' }
 
             if ( $VaultVcKeyName ) {
-                Set-Secret -Name $VaultVcKeyName -Secret $newSession.Key -Vault 'VenafiPS'
+                $metadata = @{
+                    TimeoutSec = [int]$newSession.TimeoutSec
+                }
+                Set-Secret -Name $VaultVcKeyName -Secret $newSession.Key -Vault 'VenafiPS' -Metadata $metadata
             }
         }
 
@@ -458,13 +478,15 @@ function New-VenafiSession {
     }
 
     if ( $VaultAccessTokenName -or $VaultRefreshTokenName ) {
+        # save secret and all associated metadata to be retrieved later
         $metadata = @{
             Server               = $newSession.Server
             AuthServer           = $newSession.Token.Server
             ClientId             = $newSession.Token.ClientId
             Expires              = $newSession.Expires
             Scope                = $newSession.Token.Scope | ConvertTo-Json -Compress
             SkipCertificateCheck = [int]$newSession.SkipCertificateCheck
+            TimeoutSec           = [int]$newSession.TimeoutSec
         }
 
         $metadata | ConvertTo-Json | Write-Verbose