Skip to content

Commit

Permalink
Get-TssSecretAttachment - closes #44
Browse files Browse the repository at this point in the history
  • Loading branch information
@wsmelton
wsmelton committed Mar 5, 2021
1 parent a45e11f commit 47a7b45
Show file tree
Hide file tree
Showing 2 changed files with 151 additions and 0 deletions.
131 changes: 131 additions & 0 deletions src/functions/secrets/Get-SecretAttachment.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
function Get-SecretAttachment {
<#
.SYNOPSIS
Get a Secret attachment
.DESCRIPTION
Get a Secret attachment with the filename in order to write it out to disk. Combining the use of two public functions to write the attachment out to the given filename in the Secret.
The filename of an attachment is in Get-TssSecret output (items)
The content of the file is in Get-TssSecretField.
.EXAMPLE
$session = New-TssSession -SecretServer https://alpha -Credential $ssCred
Get-TssSecretAttachment -TssSession $session -Id 35 -Slug attached-file -Path 'c:\thycotic'
Get the Secert ID 35's field Attached File (using slug name attached-file), writing the file to c:\thycotic directory using the filename stored on that Secret
.LINK
https://thycotic-ps.github.io/thycotic.secretserver/commands/Get-TssSecretAttachment
.NOTES
Requires TssSession object returned by New-TssSession
#>
[CmdletBinding()]
param (
# TssSession object created by New-TssSession for auth
[Parameter(Mandatory,ValueFromPipeline,Position = 0)]
[TssSession]
$TssSession,

# Secret ID
[Parameter(Mandatory,ValueFromPipelineByPropertyName)]
[Alias("SecretId")]
[int[]]
$Id,

# Field name
[Parameter(Mandatory,ValueFromPipelineByPropertyName)]
[Alias('FieldName')]
[string]
$Slug,

# Write contents to a file (for file attachments and SSH public/private keys)
[Parameter(Mandatory)]
[ValidateScript({Test-Path $_ -PathType Container})]
[string]
$Path,

# Comment to provide for restricted secret (Require Comment is enabled)
[Parameter(ParameterSetName = 'restricted')]
[string]
$Comment,

# Check in the secret if it is checked out
[Parameter(ParameterSetName = 'restricted')]
[switch]
$ForceCheckIn,

# Associated ticket number (required for ticket integrations)
[Parameter(ParameterSetName = 'restricted')]
[string]
$TicketNumber,

# Associated ticket system ID (required for ticket integrations)
[Parameter(ParameterSetName = 'restricted')]
[int]
$TicketSystemId
)
begin {
$tssParams = $PSBoundParameters

$restrictedParamSet = . $ParameterSetParams 'Get-TssSecretAttachment' 'restricted'
$restrictedParams = @()
foreach ($r in $restrictedParamSet) {
if ($tssParams.ContainsKey($r)) {
$restrictedParams += $r
}
}
}

process {
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
foreach ($secret in $Id) {
$currentSecret = $null

$getSecretParams = @{
TssSession = $TssSession
Id = $secret
}
if ($restrictedParams.Count -gt 0) {
$getSecretParams.Add('Comment',$Comment)
$getSecretParams.Add('ForceCheckIn',$ForceCheckIn)
$getSecretParams.Add('TicketNumber',$TicketNumber)
$getSecretParams.Add('TicketSystemId',$TicketSystemId)
}
$currentSecret = Get-TssSecret @getSecretParams
$currentSecretFileItem = $currentSecret.Items.Where({$_.Slug -eq $Slug})

if ($currentSecretFileItem.IsFile) {
$attachmentFilename = $currentSecretFileItem.Filename
} else {
Write-Warning "Secert [$secret] and slug [$slug] is not found to be a file field"
continue
}

$fileAttachment = [IO.Path]::Combine($Path, $attachmentFilename)
$getSecretFieldParams = @{
TssSession = $TssSession
Id = $secret
Slug = $Slug
OutFile = $fileAttachment
}
if ($restrictedParams.Count -gt 0) {
$getSecretFieldParams.Add('Comment',$Comment)
$getSecretFieldParams.Add('ForceCheckIn',$ForceCheckIn)
$getSecretFieldParams.Add('TicketNumber',$TicketNumber)
$getSecretFieldParams.Add('TicketSystemId',$TicketSystemId)
}
Get-TssSecretField @getSecretFieldParams

if (Test-Path $fileAttachment) {
Write-Verbose "Secret [$secret] file [$attachmentFilename] successfully written to the path [$fileAttachment]"
Get-ChildItem $fileAttachment
}
}
} else {
Write-Warning "No valid session found"
}
}
}
20 changes: 20 additions & 0 deletions tests/secrets/Get-TssSecretAttachment.Tests.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
BeforeDiscovery {
$commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
. ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1'))
}
Describe "$commandName verify parameters" {
BeforeDiscovery {
[object[]]$knownParameters = 'TssSession', 'Id', 'Slug', 'Path', 'Comment', 'ForceCheckIn', 'TicketNumber', 'TicketSystemId'
[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
}
Context "Verify parameters" -Foreach @{currentParams = $currentParams} {
It "$commandName should contain <_> parameter" -TestCases $knownParameters {
$_ -in $currentParams | Should -Be $true
}
It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
$_ | Should -BeNullOrEmpty
}
}
}

0 comments on commit 47a7b45

Please sign in to comment.