-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Search-SecretPermission - closes #186
- Loading branch information
Showing
6 changed files
with
330 additions
and
0 deletions.
There are no files selected for viewing
55 changes: 55 additions & 0 deletions
55
docs/collections/_abouttopics/about_tsssecretpermission.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
category: secret-permissions | ||
title: "TssSecretPermission" | ||
last_modified_at: 2021-05-29T00:00:00-00:00 | ||
--- | ||
|
||
# TOPIC | ||
This help topic describes the TssSecretPerimssions class in the Thycotic.SecretServer module | ||
|
||
# CLASS | ||
TssSecretPerimssion | ||
|
||
# INHERITANCE | ||
None | ||
|
||
# DESCRIPTION | ||
The TssSecretPerimssion class represents the SecretPermission object returned by Secret Server endpoint GET /secret-permissions | ||
|
||
# CONSTRUCTORS | ||
new() | ||
|
||
# PROPERTIES | ||
GroupId: integer (int32) | ||
Group ID | ||
|
||
GroupName: string | ||
Group name | ||
|
||
Id: integer (int32) | ||
Secret permission ID | ||
|
||
KnownAs: string | ||
KnownAs | ||
|
||
SecretAccessRoleId: integer (int32) | ||
Granted role ID | ||
|
||
SecretAccessRoleName: string | ||
Granted role name | ||
|
||
SecretId: integer (int32) | ||
Secret ID | ||
|
||
UserId: integer (int32) | ||
User ID | ||
|
||
Username: string | ||
User name | ||
|
||
# METHODS | ||
|
||
# RELATED LINKS: | ||
Search-TssSecretPermission | ||
Get-TssSecretPermission | ||
New-TssSecretPermission |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
src/classes/secret-permissions/TssSecretPermission.class.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
class TssSecretPermission { | ||
[int] | ||
$GroupId | ||
|
||
[string] | ||
$GroupName | ||
|
||
[int] | ||
$Id | ||
|
||
[string] | ||
$KnownAs | ||
|
||
[int] | ||
$SecretAccessRoleId | ||
|
||
[string] | ||
$SecretAccessRoleName | ||
|
||
[int] | ||
$SecretId | ||
|
||
[int] | ||
$UserId | ||
|
||
[string] | ||
$Username | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
TOPIC | ||
This help topic describes the TssSecretPerimssions class in the Thycotic.SecretServer module | ||
|
||
CLASS | ||
TssSecretPerimssion | ||
|
||
INHERITANCE | ||
None | ||
|
||
DESCRIPTION | ||
The TssSecretPerimssion class represents the SecretPermission object returned by Secret Server endpoint GET /secret-permissions | ||
|
||
CONSTRUCTORS | ||
new() | ||
|
||
PROPERTIES | ||
GroupId: integer (int32) | ||
Group ID | ||
|
||
GroupName: string | ||
Group name | ||
|
||
Id: integer (int32) | ||
Secret permission ID | ||
|
||
KnownAs: string | ||
KnownAs | ||
|
||
SecretAccessRoleId: integer (int32) | ||
Granted role ID | ||
|
||
SecretAccessRoleName: string | ||
Granted role name | ||
|
||
SecretId: integer (int32) | ||
Secret ID | ||
|
||
UserId: integer (int32) | ||
User ID | ||
|
||
Username: string | ||
User name | ||
|
||
METHODS | ||
|
||
RELATED LINKS: | ||
Search-TssSecretPermission | ||
Get-TssSecretPermission | ||
New-TssSecretPermission |
126 changes: 126 additions & 0 deletions
126
src/functions/secret-permissions/Search-SecretPermission.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
function Search-SecretPermission { | ||
<# | ||
.SYNOPSIS | ||
Search Secret Permissions | ||
.DESCRIPTION | ||
Search Secret Permissions | ||
.LINK | ||
https://thycotic-ps.github.io/thycotic.secretserver/commands/Search-TssSecretPermission | ||
.LINK | ||
https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secret-permissions/Search-SecretPermission.ps1 | ||
.EXAMPLE | ||
$session = New-TssSession -SecretServer https://alpha -Credential $ssCred | ||
Search-TssSecretPermission -TssSession $session -SecretId 42 | ||
Get list of permissions for Secret ID 42 | ||
.NOTES | ||
Requires TssSession object returned by New-TssSession | ||
#> | ||
[CmdletBinding()] | ||
[OutputType('TssSecretPerimssion')] | ||
param ( | ||
# TssSession object created by New-TssSession for auth | ||
[Parameter(Mandatory, ValueFromPipeline, Position = 0)] | ||
[TssSession] | ||
$TssSession, | ||
|
||
[Parameter(ParameterSetName = 'filter', ValueFromPipelineByPropertyName)] | ||
# Domain Name | ||
[string] | ||
$DomainName, | ||
|
||
[Parameter(ParameterSetName = 'filter', ValueFromPipelineByPropertyName)] | ||
# Group ID | ||
[int] | ||
$GroupId, | ||
|
||
[Parameter(ParameterSetName = 'filter', ValueFromPipelineByPropertyName)] | ||
# Group Name | ||
[string] | ||
$GroupName, | ||
|
||
[Parameter(ParameterSetName = 'filter', ValueFromPipelineByPropertyName)] | ||
# Secret ID | ||
[int] | ||
$SecretId, | ||
|
||
[Parameter(ParameterSetName = 'filter', ValueFromPipelineByPropertyName)] | ||
# User ID | ||
[int] | ||
$UserId, | ||
|
||
[Parameter(ParameterSetName = 'filter', ValueFromPipelineByPropertyName)] | ||
# Username | ||
[string] | ||
$Username, | ||
|
||
# Sort by specific property, default Id | ||
[string] | ||
$SortBy = 'Id' | ||
) | ||
begin { | ||
$tssParams = $PSBoundParameters | ||
$invokeParams = . $GetInvokeTssParams $TssSession | ||
|
||
$filterParamSet = . $ParameterSetParams $PSCmdlet.MyInvocation.MyCommand.Name 'filter' | ||
$filterParams = @() | ||
foreach ($f in $filterParamSet) { | ||
if ($tssParams.ContainsKey($f)) { | ||
$filterParams += $r | ||
} | ||
} | ||
} | ||
process { | ||
if ($filterParams.Count -eq 0) { | ||
Write-Error 'At least one filter parameter is required' | ||
return | ||
} | ||
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" | ||
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { | ||
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation | ||
$restResponse = $null | ||
$uri = $TssSession.ApiUrl, 'secret-permissions' -join '/' | ||
$uri = $uri, "sortBy[0].direction=asc&sortBy[0].name=$SortBy&take=$($TssSession.Take)" -join '?' | ||
$invokeParams.Method = 'GET' | ||
|
||
$filters = @() | ||
switch ($tssParams.Keys) { | ||
'DomainName' { $filters += "filter.domainName=$DomainName" } | ||
'GroupId' { $filters += "filter.groupId=$GroupId" } | ||
'GroupName' { $filters += "filter.groupName=$GroupName" } | ||
'SecretId' { $filters += "filter.secretId=$SecretId" } | ||
'UserId' { $filters += "filter.userId=$UserId" } | ||
'Username' { $filters += "filter.username=$Username" } | ||
} | ||
if ($filters) { | ||
$uriFilter = $filters -join '&' | ||
Write-Verbose "Filters: $uriFilter" | ||
$uri = $uri, $uriFilter -join '&' | ||
} | ||
$invokeParams.Uri = $uri | ||
|
||
Write-Verbose "Performing the operation $($invokeParams.Method) $uri" | ||
try { | ||
$restResponse = . $InvokeApi @invokeParams | ||
} catch { | ||
Write-Warning 'Issue on search request' | ||
$err = $_ | ||
. $ErrorHandling $err | ||
} | ||
|
||
if ($restResponse.records.Count -le 0 -and $restResponse.records.Length -eq 0) { | ||
Write-Warning 'No SecretPermission found' | ||
} | ||
if ($restResponse.records) { | ||
[TssSecretPermission[]]$restResponse.records | ||
} | ||
} else { | ||
Write-Warning 'No valid session found' | ||
} | ||
} | ||
} |
24 changes: 24 additions & 0 deletions
24
tests/secret-permissions/Search-SecertPermission.Tests.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
BeforeDiscovery { | ||
$commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf | ||
} | ||
Describe "$commandName verify parameters" { | ||
BeforeDiscovery { | ||
[object[]]$knownParameters = 'TssSession', 'DomainName', 'GroupId', 'GroupName', 'SecretId', 'UserId', 'Username', 'SortBy' | ||
[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys | ||
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') | ||
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru | ||
} | ||
Context "Verify parameters" -Foreach @{currentParams = $currentParams } { | ||
It "$commandName should contain <_> parameter" -TestCases $knownParameters { | ||
$_ -in $currentParams | Should -Be $true | ||
} | ||
It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { | ||
$_ | Should -BeNullOrEmpty | ||
} | ||
} | ||
Context "Command specific details" { | ||
It "$commandName should set OutputType to TssSecretPermission" -TestCases $commandDetails { | ||
$_.OutputType.Name | Should -Be 'TssSecretPermission' | ||
} | ||
} | ||
} |