-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Get-TssSecretAttachment - closes #44
- Loading branch information
Showing
2 changed files
with
151 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
function Get-SecretAttachment { | ||
<# | ||
.SYNOPSIS | ||
Get a Secret attachment | ||
.DESCRIPTION | ||
Get a Secret attachment with the filename in order to write it out to disk. Combining the use of two public functions to write the attachment out to the given filename in the Secret. | ||
The filename of an attachment is in Get-TssSecret output (items) | ||
The content of the file is in Get-TssSecretField. | ||
.EXAMPLE | ||
$session = New-TssSession -SecretServer https://alpha -Credential $ssCred | ||
Get-TssSecretAttachment -TssSession $session -Id 35 -Slug attached-file -Path 'c:\thycotic' | ||
Get the Secert ID 35's field Attached File (using slug name attached-file), writing the file to c:\thycotic directory using the filename stored on that Secret | ||
.LINK | ||
https://thycotic-ps.github.io/thycotic.secretserver/commands/Get-TssSecretAttachment | ||
.NOTES | ||
Requires TssSession object returned by New-TssSession | ||
#> | ||
[CmdletBinding()] | ||
param ( | ||
# TssSession object created by New-TssSession for auth | ||
[Parameter(Mandatory,ValueFromPipeline,Position = 0)] | ||
[TssSession] | ||
$TssSession, | ||
|
||
# Secret ID | ||
[Parameter(Mandatory,ValueFromPipelineByPropertyName)] | ||
[Alias("SecretId")] | ||
[int[]] | ||
$Id, | ||
|
||
# Field name | ||
[Parameter(Mandatory,ValueFromPipelineByPropertyName)] | ||
[Alias('FieldName')] | ||
[string] | ||
$Slug, | ||
|
||
# Write contents to a file (for file attachments and SSH public/private keys) | ||
[Parameter(Mandatory)] | ||
[ValidateScript({Test-Path $_ -PathType Container})] | ||
[string] | ||
$Path, | ||
|
||
# Comment to provide for restricted secret (Require Comment is enabled) | ||
[Parameter(ParameterSetName = 'restricted')] | ||
[string] | ||
$Comment, | ||
|
||
# Check in the secret if it is checked out | ||
[Parameter(ParameterSetName = 'restricted')] | ||
[switch] | ||
$ForceCheckIn, | ||
|
||
# Associated ticket number (required for ticket integrations) | ||
[Parameter(ParameterSetName = 'restricted')] | ||
[string] | ||
$TicketNumber, | ||
|
||
# Associated ticket system ID (required for ticket integrations) | ||
[Parameter(ParameterSetName = 'restricted')] | ||
[int] | ||
$TicketSystemId | ||
) | ||
begin { | ||
$tssParams = $PSBoundParameters | ||
|
||
$restrictedParamSet = . $ParameterSetParams 'Get-TssSecretAttachment' 'restricted' | ||
$restrictedParams = @() | ||
foreach ($r in $restrictedParamSet) { | ||
if ($tssParams.ContainsKey($r)) { | ||
$restrictedParams += $r | ||
} | ||
} | ||
} | ||
|
||
process { | ||
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" | ||
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { | ||
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation | ||
foreach ($secret in $Id) { | ||
$currentSecret = $null | ||
|
||
$getSecretParams = @{ | ||
TssSession = $TssSession | ||
Id = $secret | ||
} | ||
if ($restrictedParams.Count -gt 0) { | ||
$getSecretParams.Add('Comment',$Comment) | ||
$getSecretParams.Add('ForceCheckIn',$ForceCheckIn) | ||
$getSecretParams.Add('TicketNumber',$TicketNumber) | ||
$getSecretParams.Add('TicketSystemId',$TicketSystemId) | ||
} | ||
$currentSecret = Get-TssSecret @getSecretParams | ||
$currentSecretFileItem = $currentSecret.Items.Where({$_.Slug -eq $Slug}) | ||
|
||
if ($currentSecretFileItem.IsFile) { | ||
$attachmentFilename = $currentSecretFileItem.Filename | ||
} else { | ||
Write-Warning "Secert [$secret] and slug [$slug] is not found to be a file field" | ||
continue | ||
} | ||
|
||
$fileAttachment = [IO.Path]::Combine($Path, $attachmentFilename) | ||
$getSecretFieldParams = @{ | ||
TssSession = $TssSession | ||
Id = $secret | ||
Slug = $Slug | ||
OutFile = $fileAttachment | ||
} | ||
if ($restrictedParams.Count -gt 0) { | ||
$getSecretFieldParams.Add('Comment',$Comment) | ||
$getSecretFieldParams.Add('ForceCheckIn',$ForceCheckIn) | ||
$getSecretFieldParams.Add('TicketNumber',$TicketNumber) | ||
$getSecretFieldParams.Add('TicketSystemId',$TicketSystemId) | ||
} | ||
Get-TssSecretField @getSecretFieldParams | ||
|
||
if (Test-Path $fileAttachment) { | ||
Write-Verbose "Secret [$secret] file [$attachmentFilename] successfully written to the path [$fileAttachment]" | ||
Get-ChildItem $fileAttachment | ||
} | ||
} | ||
} else { | ||
Write-Warning "No valid session found" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
BeforeDiscovery { | ||
$commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf | ||
. ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1')) | ||
} | ||
Describe "$commandName verify parameters" { | ||
BeforeDiscovery { | ||
[object[]]$knownParameters = 'TssSession', 'Id', 'Slug', 'Path', 'Comment', 'ForceCheckIn', 'TicketNumber', 'TicketSystemId' | ||
[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys | ||
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') | ||
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru | ||
} | ||
Context "Verify parameters" -Foreach @{currentParams = $currentParams} { | ||
It "$commandName should contain <_> parameter" -TestCases $knownParameters { | ||
$_ -in $currentParams | Should -Be $true | ||
} | ||
It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { | ||
$_ | Should -BeNullOrEmpty | ||
} | ||
} | ||
} |