Skip to content

Commit

Permalink
Set-TssSecretPolicy - updated to accept Policy Item object
Browse files Browse the repository at this point in the history
  • Loading branch information
wsmelton committed Sep 6, 2021
1 parent ba42045 commit a63f059
Show file tree
Hide file tree
Showing 5 changed files with 78 additions and 164 deletions.
84 changes: 11 additions & 73 deletions docs/commands/secret-policies/Set-TssSecretPolicy.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,13 @@ Set a Secret Policy property
### policy (Default)
```
Set-TssSecretPolicy [-TssSession] <Session> -Id <Int32> [-Name <String>] [-Description <String>] [-Active]
[-WhatIf] [-Confirm] [<CommonParameters>]
[-PolicyItem <PolicyItem[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
```

### item
```
Set-TssSecretPolicy [-TssSession] <Session> -Id <Int32> [-ItemName <SecretPolicyItem>]
[-ItemType <SecretPolicyValueType>] [-ItemApplyType <SecretPolicyApplyType>] [-ItemValue <Object>]
[-UserGroupMap <Object>] [-WhatIf] [-Confirm] [<CommonParameters>]
Set-TssSecretPolicy [-TssSession] <Session> -Id <Int32> [-PolicyItem <PolicyItem[]>] [-WhatIf] [-Confirm]
[<CommonParameters>]
```

## DESCRIPTION
Expand All @@ -34,10 +33,12 @@ Set Secret Policy ID 52 to inactive, changing Active property to false
### EXAMPLE 2
```
$session = New-TssSession -SecretServer https://alpha -Credential ssCred
Set-TssSecretPolicy -TssSession $session -Id 52 -Active -Name 'Set Auto Change Enabled'
$cPolicy = Get-TssSecretPolicy -TssSession $session -Id 1
$cPolicy.SecretPolicyItems[0].ValueSecretId = 43
Set-TssSecretPolicy -TssSession $session -Id 1 -PolicyItem $cPolicy.SecretPolicyItems[0]
```

Set Secret Policy ID 52 to active and change the name
Get current Secret Policy ID 1, set the ValueSecretId to 43 (for the AssociatedSecretId1 item)

## PARAMETERS

Expand Down Expand Up @@ -116,75 +117,12 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -ItemName
Secret Policy Item Name
### -PolicyItem
Policy Item(s) to add (utilize Get-TssSecretPolicyItemStub to create each object)
```yaml
Type: SecretPolicyItem
Parameter Sets: item
Aliases:
Accepted values: AutoChangeOnExpiration, HeartBeatEnabled, SiteId, PrivilegedSecretId, AssociatedSecretId1, AutoChangeSchedule, PasswordTypeWebScriptId, CheckOutEnabled, CheckOutIntervalMinutes, CheckOutChangePassword, RequireApprovalForAccess, RequireApprovalForAccessForOwnersAndApprovers, RequireApprovalForAccessForEditors, RequireViewComment, IsSessionRecordingEnabled, HideLauncherPassword, ApprovalGroup, AssociatedSecretId2, IsProxyEnabled, EnableSshCommandRestrictions, SshCommandMenuGroups, AllowOwnersUnrestrictedSshCommands, ApprovalWorkflow, EventPipelinePolicy, RunLauncherUsingSSHKey, WebLauncherRequiresIncognitoMode, SshCommandRestrictionType, SshCommandBlocklistOwners, SshCommandBlocklistEditors, SshCommandBlocklistViewers

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -ItemType
Secret Policy Item Type
```yaml
Type: SecretPolicyValueType
Parameter Sets: item
Aliases:
Accepted values: Bool, Int, SecretId, Group, Schedule, SshMenuGroup, SshBlocklist

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -ItemApplyType
Secret Policy Item Apply Type (NotSet, Default, Enforced)
```yaml
Type: SecretPolicyApplyType
Parameter Sets: item
Aliases:
Accepted values: NotSet, Default, Enforced

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -ItemValue
Secret Policy Item Value (based on ItemType what object you have to pass in)
```yaml
Type: Object
Parameter Sets: item
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -UserGroupMap
User and Group Mapping, hashtable of UserGroupId and UserGroupMapType (User or Group)
```yaml
Type: Object
Parameter Sets: item
Type: PolicyItem[]
Parameter Sets: (All)
Aliases:

Required: False
Expand Down
6 changes: 5 additions & 1 deletion docs/getting_started/compatibility.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,11 @@ Secret Server REST API was first released with version 9.0. The API has grown si
| [Get-TssSecret] (-Path param) | 11.0.000005 |
| [Get-TssSecretAudit] | 10.9.000032 |
| [Get-TssSecretPolicy] | 11.0.000005 |
| [Get-TssSecretPolicyStub] | 11.0.000005 |
| [Get-TssSecretState] | 10.9.000032 |
| [Get-TssUserRoleAssigned] | 10.9.000032 |
| [New-TssMetadataField] | 10.9.000064 |
| [New-TssSecretPolicy] | 11.0.000005 |
| [Remove-TssMetadata] | 11.0.000005 |
| [Remove-TssReportSchedule] | 10.9.000033 |
| [Search-TssAutoExportStorage] | 11.0.000005 |
Expand All @@ -48,6 +50,7 @@ Secret Server REST API was first released with version 9.0. The API has grown si
[Get-TssFolder]:/thycotic.secretserver/commands/folders/Get-TssFolder
[Get-TssSecret]:/thycotic.secretserver/commands/secrets/Get-TssSecret
[Get-TssSecretPolicy]:/thycotic.secretserver/commands/secret-policies/Get-TssSecretPolicy
[Get-TssSecretPolicyStub]:/thycotic.secretserver/commands/secret-policies/Get-TssSecretPolicyStub
[Set-TssSecretPolicy]:/thycotic.secretserver/commands/secret-policies/Set-TssSecretPolicy
[Search-TssSystemLog]:/thycotic.secretserver/commands/diagnostics/Search-TssSystemLog
[Remove-TssMetadata]:/thycotic.secretserver/commands/metadata/Remove-TssMetadata
Expand All @@ -60,4 +63,5 @@ Secret Server REST API was first released with version 9.0. The API has grown si
[Set-TssConfigurationAutoExport]:/thycotic.secretserver/commands/configurations/Set-TssConfigurationAutoExport
[Search-TssAutoExportStorage]:/thycotic.secretserver/commands/configurations/Search-TssAutoExportStorage
[Export-TssAutoExportStorageItem]:/thycotic.secretserver/commands/configurations/Export-TssAutoExportStorageItem
[Search-TssConfigurationBackupLog]:/thycotic.secretserver/commands/configurations/Search-TssConfigurationBackupLog
[Search-TssConfigurationBackupLog]:/thycotic.secretserver/commands/configurations/Search-TssConfigurationBackupLog
[New-TssSecretPolicy]:/thycotic.secretserver/commands/configurations/New-TssSecretPolicy
145 changes: 58 additions & 87 deletions src/functions/secret-policies/Set-TssSecretPolicy.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,11 @@ function Set-TssSecretPolicy {
.EXAMPLE
$session = New-TssSession -SecretServer https://alpha -Credential ssCred
Set-TssSecretPolicy -TssSession $session -Id 52 -Active -Name 'Set Auto Change Enabled'
$cPolicy = Get-TssSecretPolicy -TssSession $session -Id 1
$cPolicy.SecretPolicyItems[0].ValueSecretId = 43
Set-TssSecretPolicy -TssSession $session -Id 1 -PolicyItem $cPolicy.SecretPolicyItems[0]
Set Secret Policy ID 52 to active and change the name
Get current Secret Policy ID 1, set the ValueSecretId to 43 (for the AssociatedSecretId1 item)
.LINK
https://thycotic-ps.github.io/thycotic.secretserver/commands/secret-policies/Set-TssSecretPolicy
Expand Down Expand Up @@ -56,30 +58,9 @@ function Set-TssSecretPolicy {
[switch]
$Active,

# Secret Policy Item Name
[Parameter(ParameterSetName = 'item')]
[Thycotic.PowerShell.Enums.SecretPolicyItem]
$ItemName,

# Secret Policy Item Type
[Parameter(ParameterSetName = 'item')]
[Thycotic.PowerShell.Enums.SecretPolicyValueType]
$ItemType,

# Secret Policy Item Apply Type (NotSet, Default, Enforced)
[Parameter(ParameterSetName = 'item')]
[Thycotic.PowerShell.Enums.SecretPolicyApplyType]
$ItemApplyType,

# Secret Policy Item Value (based on ItemType what object you have to pass in)
[Parameter(ParameterSetName = 'item')]
[object]
$ItemValue,

# User and Group Mapping, hashtable of UserGroupId and UserGroupMapType (User or Group)
[Parameter(ParameterSetName = 'item')]
[object]
$UserGroupMap
# Policy Item(s) to add (utilize Get-TssSecretPolicyItemStub to create each object)
[Thycotic.PowerShell.SecretPolicies.PolicyItem[]]
$PolicyItem
)
begin {
$setParams = $PSBoundParameters
Expand All @@ -95,7 +76,6 @@ function Set-TssSecretPolicy {
$invokeParams.Method = 'PATCH'

$setPolicyBody = @{data = @{} }
$secretPolicyItem = @{}
switch ($setParams.Keys) {
'Name' {
$setName = @{
Expand All @@ -118,68 +98,59 @@ function Set-TssSecretPolicy {
}
$setPolicyBody.Add('Active',$setActive)
}
'ItemName' { $secretPolicyItem.Add('secretPolicyItemId',[int]$ItemName) }
'ItemApplyType' { $secretPolicyItem.Add('policyApplyType',[string]$ItemApplyType) }
'ItemType' {
switch ($ItemType) {
'Bool' {
$valueBool = @{
dirty = $true
value = $ItemValue
}
$secretPolicyItem.Add('valueBool',$valueBool)
}
'Int' {
$valueInt = @{
dirty = $true
value = $ItemValue
}
$secretPolicyItem.Add('valueInt',$valueInt)
}
'SecretId' {
$valueSecretId = @{
dirty = $true
value = $ItemValue
}
$secretPolicyItem.Add('valueSecretId',$valueSecretId)
}
'Group' {
if ($setParams.ContainsKey('UserGroupMap')){
$userGroupMapObj = @()
foreach ($map in $UserGroupMap) {
$userGroupMapObj += @{
userGroupId = $map.UserGroupId
userGroupMapType = $map.UserGroupMapType
}
}
if ($userGroupMapObj.Count -gt 0) {
$userGroupMapping = @{
dirty = $true
value = $userGroupMapObj
}
}
$secretPolicyItem.Add('userGroupMaps',$userGroupMapping)
} else {
Write-Warning 'ItemType of Group requires the -UserGroupMap to be provided'
}
}
'Schedule' {
Write-Warning "Support for this option is pending"
}
'SshMenuGroup' {
Write-Warning "Support for this option is pending"
}
'SshBlocklist' {
Write-Warning "Support for this option is pending"
}

if ($setParams.ContainsKey('PolicyItem')) {
$bodyItems = @()
foreach ($item in $PolicyItem) {
$cPolicyItem = @{}
$applyType = @{
dirty = $true
value = [string]$item.PolicyApplyType
}
$cPolicyItem.Add('policyApplyType',$applyType)

$cPolicyItem.Add('secretPolicyItemId',[string]$item.SecretPolicyItemId)

if ($item.SshCommandMenuGroupMaps) {
$sshCommandMenu = @{
dirty = $true
value = $item.SshCommandMenuGroupMaps | ConvertTo-Json -Depth 25 | ConvertFrom-Json
}
$cPolicyItem.Add('sshCommandMenuGroupMaps',$sshCommandMenu)
}
}
}
$ugMaps = @{
dirty = $true
value = $item.UserGroupMaps | ConvertTo-Json -Depth 25 | ConvertFrom-Json
}
$cPolicyItem.Add('userGroupMaps',$ugMaps)

$vBool = @{
dirty = $true
value = $item.ValueBool
}
$cPolicyItem.Add('valueBool',$vBool)

$vInt = @{
dirty = $true
value = $item.ValueInt
}
$cPolicyItem.Add('valueInt',$vInt)

$vSecretId = @{
dirty = $true
value = $item.ValueSecretId
}
$cPolicyItem.Add('valueSecretId',$vSecretId)

if ($secretPolicyItem) {
$setPolicyBody.data.Add('secretPolicyItems',@($secretPolicyItem))
} else {
Write-Verbose "No policy item settings to process"
$vString = @{
dirty = $true
value = $item.ValueString
}
$cPolicyItem.Add('valueString',$vString)
$bodyItems += $cPolicyItem
}
$setPolicyBody.data.Add('secretPolicyItems',$bodyItems)
}
$invokeParams.Body = $setPolicyBody | ConvertTo-Json -Depth 100

Expand All @@ -195,7 +166,7 @@ function Set-TssSecretPolicy {
}

if ($restResponse) {
[Thycotic.PowerShell.SecretPolicies.Policy]$restResponse
Write-Verbose "Secret Policy [$Id] set successfully"
} else {
Write-Warning "No change made to Secret Policy [$Id], see previous output for errors"
}
Expand Down
4 changes: 2 additions & 2 deletions src/parts/GetInvocation.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ param(

$cmdText = $Invocation.InvocationName
foreach ($param in $Invocation.BoundParameters.GetEnumerator()) {
$name = $param.Key
$pName = $param.Key
$paramValue = switch ($param.Value) {
{ $_ -is [Thycotic.PowerShell.Authentication.Session] } {
"TssSessionObject"
Expand All @@ -40,7 +40,7 @@ foreach ($param in $Invocation.BoundParameters.GetEnumerator()) {
}
}

$cmdText += " -${name}:${paramValue}"
$cmdText += " -${pName}:${paramValue}"
}

$cmdText
3 changes: 2 additions & 1 deletion tests/secret-policies/Set-TssSecretPolicy.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@ BeforeDiscovery {
}
Describe "$commandName verify parameters" {
BeforeDiscovery {
[object[]]$knownParameters = 'TssSession', 'Id', 'Name', 'Description', 'Active', 'ItemName', 'ItemType', 'ItemApplyType', 'ItemValue', 'UserGroupMap'
[object[]]$knownParameters = 'TssSession','Id','Name','Description','Active','PolicyItem'

[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
Expand Down

0 comments on commit a63f059

Please sign in to comment.