Skip to content

Commit

Permalink
Merge pull request #13 from gdbarron/get-cert-count
Browse files Browse the repository at this point in the history 
Move to Invoke-WebRequest, add -CountOnly option to Find-TppCertificate
  • Loading branch information
@gdbarron
gdbarron authored Jun 24, 2021
2 parents e07ce7d + 544983d commit 1ff8b12
Show file tree
Hide file tree
Showing 10 changed files with 191 additions and 107 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
## 3.1.0
- Add `-CountOnly` to `Find-TppCertificate` to return the number of certificates found based on the filters provided, [#12](https://github.com/gdbarron/VenafiPS/issues/12)
- Move from `Invoke-RestMethod` to `Invoke-WebRequest` in `Invoke-VenafiRestMethod` so we get response headers, to be used with `-CountOnly` above. `Invoke-VenafiRestMethod` has a new parameter, `-FullResponse`, to retrieve the complete response, not just content value.
- Add `New-HttpQueryString` private function to support HEAD api calls which require a query string and not body.
- Fix `Test-TppIdentityFormat` which was failing when the identity guid was surrounded with curly braces
- Replace `-Limit` parameter and standardize on `-First`

## 3.0.3
- Fix [#10](https://github.com/gdbarron/VenafiPS/issues/10), Get-VenafiCertificate not recognizing session.

Expand Down
36 changes: 36 additions & 0 deletions VenafiPS/Private/New-HttpQueryString.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<#
.SYNOPSIS
Generate http query string
.LINK
https://powershellmagazine.com/2019/06/14/pstip-a-better-way-to-generate-http-query-strings-in-powershell/
#>
function New-HttpQueryString
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[String]
$Uri,

[Parameter(Mandatory = $true)]
[Hashtable]
$QueryParameter
)
# Add System.Web
Add-Type -AssemblyName System.Web

# Create a http name value collection from an empty string
$nvCollection = [System.Web.HttpUtility]::ParseQueryString([String]::Empty)

foreach ($key in $QueryParameter.Keys)
{
$nvCollection.Add($key, $QueryParameter.$key)
}

# Build the uri
$uriRequest = [System.UriBuilder]$uri
$uriRequest.Query = $nvCollection.ToString()

return $uriRequest.Uri.OriginalString
}
2 changes: 1 addition & 1 deletion VenafiPS/Private/Test-TppIdentityFormat.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ function Test-TppIdentityFormat {
process {

if ( $Type -eq 'Universal' ) {
$Identity -match '^(AD|LDAP)+.+:\w{32}$' -or $Identity -match '^local:\w{8}-\w{4}-\w{4}-\w{4}-\w{12}$'
$Identity -match '^(AD|LDAP)+.+:\w{32}$' -or $Identity -match '^local:\{?\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\}?$'
} else {
#TODO
}
Expand Down
82 changes: 43 additions & 39 deletions VenafiPS/Public/Find-TppCertificate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ Find certificates based on various attributes
.DESCRIPTION
Find certificates based on various attributes
.PARAMETER InputObject
TppObject of type 'Policy' which represents a starting path
.PARAMETER Path
Starting path to search from
Expand All @@ -17,7 +14,7 @@ Guid which represents a starting path
.PARAMETER Recursive
Search recursively starting from the search path.
.PARAMETER Limit
.PARAMETER First
Limit how many items are returned. Default is 0 for no limit.
It is definitely recommended to filter on another property when searching with no limit.
Expand Down Expand Up @@ -132,25 +129,28 @@ Only include certificates with validation enabled or disabled
.PARAMETER ValidationState
Find certificates with a validation state of Blank, Success, or Failure
.PARAMETER CountOnly
Return the count of certificates found from the query as opposed to the certificates themselves
.PARAMETER VenafiSession
Session object created from New-VenafiSession method. The value defaults to the script session object $VenafiSession.
.INPUTS
InputObject, Path, Guid
Path, Guid
.OUTPUTS
TppObject
TppObject, Int when CountOnly provided
.EXAMPLE
Find-TppCertificate -ExpireBefore "2018-01-01"
Find all certificates expiring before a certain date
.EXAMPLE
Find-TppCertificate -ExpireBefore "2018-01-01" -Limit 5
Find-TppCertificate -ExpireBefore "2018-01-01" -First 5
Find 5 certificates expiring before a certain date
.EXAMPLE
Find-TppCertificate -ExpireBefore "2018-01-01" -Limit 5 -Offset 2
Find-TppCertificate -ExpireBefore "2018-01-01" -First 5 -Offset 2
Find 5 certificates expiring before a certain date, starting at the 3rd certificate found.
.EXAMPLE
Expand All @@ -166,7 +166,7 @@ Find-TppCertificate -Path '\VED\Policy\My Policy' -Recursive
Find all certificates in a specific path and all subfolders
.EXAMPLE
Find-TppCertificate -ExpireBefore "2018-01-01" -Limit 5 | Get-TppCertificateDetail
Find-TppCertificate -ExpireBefore "2018-01-01" -First 5 | Get-TppCertificateDetail
Get detailed certificate info on the first 5 certificates expiring before a certain date
.EXAMPLE
Expand Down Expand Up @@ -195,22 +195,13 @@ function Find-TppCertificate {

param (

[Parameter(Mandatory, ParameterSetName = 'ByObject', ValueFromPipeline)]
[ValidateScript( {
if ( $_.TypeName -eq 'Policy' ) {
$true
} else {
throw ("You provided an InputObject of type '{0}', but must be of type 'Policy'." -f $_.TypeName)
}
})]
[TppObject] $InputObject,

[Parameter(Mandatory, ParameterSetName = 'ByPath', ValueFromPipeline)]
[Parameter(Mandatory, ParameterSetName = 'ByPath', ValueFromPipeline, ValueFromPipelineByPropertyName)]
[ValidateNotNullOrEmpty()]
[ValidateScript( {
if ( $_ | Test-TppDnPath -AllowRoot ) {
$true
} else {
}
else {
throw "'$_' is not a valid DN path"
}
})]
Expand All @@ -221,13 +212,13 @@ function Find-TppCertificate {
[ValidateNotNullOrEmpty()]
[guid] $Guid,

[Parameter(ParameterSetName = 'ByObject')]
[Parameter(ParameterSetName = 'ByPath')]
[Parameter(ParameterSetName = 'ByGuid')]
[Switch] $Recursive,

[Parameter()]
[int] $Limit = 0,
[Alias('Limit')]
[int] $First = 0,

[Parameter()]
[int] $Offset,
Expand Down Expand Up @@ -356,6 +347,9 @@ function Find-TppCertificate {
[ValidateSet('Blank', 'Success', 'Failure')]
[String[]] $ValidationState,

[Parameter()]
[Switch] $CountOnly,

[Parameter()]
[VenafiSession] $VenafiSession = $script:VenafiSession
)
Expand All @@ -365,13 +359,18 @@ function Find-TppCertificate {

$params = @{
VenafiSession = $VenafiSession
Method = 'Get'
UriLeaf = 'certificates/'
Body = @{
Limit = $Limit
Method = 'Get'
UriLeaf = 'certificates/'
Body = @{
Limit = $First
}
}

if ( $CountOnly.IsPresent ) {
$params.Method = 'Head'
$params['FullResponse'] = $true
}

switch ($PSBoundParameters.Keys) {
'CreatedDate' {
$params.Body.Add( 'CreatedOn', ($CreatedDate | ConvertTo-UtcIso8601) )
Expand Down Expand Up @@ -489,31 +488,36 @@ function Find-TppCertificate {

process {

if ( $PSBoundParameters.ContainsKey('InputObject') ) {
$thisPath = $InputObject.Path
} elseif ( $PSBoundParameters.ContainsKey('Path') ) {
if ( $PSBoundParameters.ContainsKey('Path') ) {
$thisPath = $Path
} elseif ( $PSBoundParameters.ContainsKey('Guid') ) {
}
elseif ( $PSBoundParameters.ContainsKey('Guid') ) {
# guid provided, get path
$thisPath = $Guid | ConvertTo-TppPath -VenafiSession $VenafiSession
}

if ( $thisPath ) {
if ( $PSBoundParameters.ContainsKey('Recursive') ) {
if ( $Recursive.IsPresent ) {
$params.Body.ParentDnRecursive = $thisPath
} else {
}
else {
$params.Body.ParentDn = $thisPath
}
}

$response = Invoke-TppRestMethod @params

$response.Certificates.ForEach{
[TppObject] @{
Name = $_.Name
TypeName = $_.SchemaClass
Path = $_.DN
Guid = [guid] $_.Guid
if ( $CountOnly.IsPresent ) {
$response.Headers.'X-Record-Count'
}
else {
$response.Certificates.ForEach{
[TppObject] @{
Name = $_.Name
TypeName = $_.SchemaClass
Path = $_.DN
Guid = [guid] $_.Guid
}
}
}
}
Expand Down
9 changes: 5 additions & 4 deletions VenafiPS/Public/Find-TppIdentity.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ You can specify individual identity types to search for or all
.PARAMETER Name
The individual identity, group identity, or distribution group name to search for
.PARAMETER Limit
Limit how many items are returned, the default is 500, but is limited by the provider.
.PARAMETER First
First how many items are returned, the default is 500, but is limited by the provider.
.PARAMETER IncludeUsers
Include user identity type in search
Expand Down Expand Up @@ -64,7 +64,8 @@ function Find-TppIdentity {
[String[]] $Name,

[Parameter(ParameterSetName = 'Find')]
[int] $Limit = 500,
[Alias('Limit')]
[int] $First = 500,

[Parameter(ParameterSetName = 'Find')]
[Switch] $IncludeUsers,
Expand Down Expand Up @@ -110,7 +111,7 @@ function Find-TppIdentity {
UriLeaf = 'Identity/Browse'
Body = @{
Filter = 'placeholder'
Limit = $Limit
Limit = $First
IdentityType = $identityType
}
}
Expand Down
29 changes: 18 additions & 11 deletions VenafiPS/Public/Get-TppPermission.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,8 @@ function Get-TppPermission {
[ValidateScript( {
if ( $_ | Test-TppDnPath ) {
$true
} else {
}
else {
throw "'$_' is not a valid DN path"
}
})]
Expand All @@ -114,7 +115,8 @@ function Get-TppPermission {
[ValidateScript( {
if ( $_ | Test-TppIdentityFormat ) {
$true
} else {
}
else {
throw "'$_' is not a valid Identity format. See https://docs.venafi.com/Docs/20.4SDK/TopNav/Content/SDK/WebSDK/r-SDK-IdentityInformation.php."
}
})]
Expand All @@ -138,8 +140,8 @@ function Get-TppPermission {

$params = @{
VenafiSession = $VenafiSession
Method = 'Get'
UriLeaf = 'placeholder'
Method = 'Get'
UriLeaf = 'placeholder'
}
}

Expand Down Expand Up @@ -181,8 +183,9 @@ function Get-TppPermission {
try {
# get list of identities permissioned to this object
$identities = Invoke-TppRestMethod @params
} catch {
Write-Error ("Couldn't obtain list of permissions for {0}. $_" -f $thisTppObject.Path)
}
catch {
Write-Error ('Couldn''t obtain list of permissions for {0}. {1}' -f $thisTppObject.Path, $_ | Out-String)
continue
}

Expand All @@ -200,7 +203,8 @@ function Get-TppPermission {
# format of local is local:universalId
$type, $id = $thisId.Split(':')
$params.UriLeaf += "/local/$id"
} else {
}
else {
# external source, eg. AD, LDAP
# format is type+name:universalId
$type, $name, $id = $thisId -Split { $_ -in '+', ':' }
Expand Down Expand Up @@ -233,14 +237,15 @@ function Get-TppPermission {
}

$attribParams = @{
IdentityId = $thisReturnObject.IdentityId
IdentityId = $thisReturnObject.IdentityId
VenafiSession = $VenafiSession
}
try {
$attribResponse = Get-TppIdentityAttribute @attribParams
$thisReturnObject.IdentityPath = $attribResponse.Attributes.FullName
$thisReturnObject.IdentityName = $attribResponse.Attributes.Name
} catch {
}
catch {
Write-Error "Couldn't obtain identity attributes for $($attribParams.IdentityId). $_"
}

Expand All @@ -264,15 +269,17 @@ function Get-TppPermission {
ExplicitPermissions = [TppPermission] $response.ExplicitPermissions
ImplicitPermissions = [TppPermission] $response.ImplicitPermissions
}
} else {
}
else {
$thisReturnObject | Add-Member @{
EffectivePermissions = [TppPermission] $response.EffectivePermissions
}
}

$thisReturnObject
}
} catch {
}
catch {
Write-Error ('Couldn''t obtain permission set for path {0}, identity {1}. {2}' -f $thisTppObject.Path, $thisId, $_)
}
}
Expand Down
Loading

0 comments on commit 1ff8b12

Please sign in to comment.