From 40a640473f1774080afd226be636d081166a1647 Mon Sep 17 00:00:00 2001 From: Greg Brownstein Date: Thu, 9 Mar 2023 17:05:20 +0000 Subject: [PATCH] Update manifest and docs to 5.4.1 --- CHANGELOG.md | 4 ++++ VenafiPS/VenafiPS.psd1 | 4 ++-- docs/changelog.md | 4 ++++ docs/functions/New-TppToken.md | 29 ++++++++++++++++++++++++--- docs/functions/New-VenafiSession.md | 31 ++++++++++++++++++++++++++--- 5 files changed, 64 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ffb70ea..c8b785f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 5.4.1 +- Add support for JWT token authentication in `New-VenafiSession` and `New-TppToken` + ## 5.4.0 - Add 'all' token scope with 2 values, 'core' and 'admin'. 'Core' is all scopes except for admin and 'admin' includes admin. Use as `New-VenafiSession -Scope @{'all'='core'}`. Not suggested for production environments - Add `-SkipCertificateCheck` to `New-VenafiSession` and `New-TppToken` to bypass certificate checking, useful in pre-production environments, connecting via IP, etc. If you aren't creating a new session, but providing a token directly to a function, the same functionality can be found by setting an environment variable `$env:VENAFIPS_SKIP_CERT_CHECK=1`. If vaulting your token, this value will also be vaulted in the metadata making it very easy to use `New-VenafiSession -VaultRefreshAccessToken $name` and connect to pre-prod environments with no certificate checking @@ -512,5 +515,6 @@ + diff --git a/VenafiPS/VenafiPS.psd1 b/VenafiPS/VenafiPS.psd1 index 5fb6c985..bf2600b4 100644 --- a/VenafiPS/VenafiPS.psd1 +++ b/VenafiPS/VenafiPS.psd1 @@ -3,7 +3,7 @@ # # Generated by: Venafi # -# Generated on: 02/22/2023 +# Generated on: 03/09/2023 # @{ @@ -12,7 +12,7 @@ RootModule = 'VenafiPS.psm1' # Version number of this module. -ModuleVersion = '5.4.0' +ModuleVersion = '5.4.1' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/docs/changelog.md b/docs/changelog.md index 6d75fb4f..29d24be6 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,6 @@ +## 5.4.1 +- Add support for JWT token authentication in `New-VenafiSession` and `New-TppToken` + ## 5.4.0 - Add 'all' token scope with 2 values, 'core' and 'admin'. 'Core' is all scopes except for admin and 'admin' includes admin. Use as `New-VenafiSession -Scope @{'all'='core'}`. Not suggested for production environments - Add `-SkipCertificateCheck` to `New-VenafiSession` and `New-TppToken` to bypass certificate checking, useful in pre-production environments, connecting via IP, etc. If you aren't creating a new session, but providing a token directly to a function, the same functionality can be found by setting an environment variable `$env:VENAFIPS_SKIP_CERT_CHECK=1`. If vaulting your token, this value will also be vaulted in the metadata making it very easy to use `New-VenafiSession -VaultRefreshAccessToken $name` and connect to pre-prod environments with no certificate checking @@ -512,5 +515,6 @@ + diff --git a/docs/functions/New-TppToken.md b/docs/functions/New-TppToken.md index 37e95914..84d4b6e7 100644 --- a/docs/functions/New-TppToken.md +++ b/docs/functions/New-TppToken.md @@ -17,6 +17,12 @@ New-TppToken -AuthServer -ClientId -RefreshToken ] ``` +### Jwt +``` +New-TppToken -AuthServer -ClientId -Scope -Jwt [-SkipCertificateCheck] + [-WhatIf] [-Confirm] [] +``` + ### Certificate ``` New-TppToken -AuthServer -ClientId -Scope -Certificate @@ -79,7 +85,7 @@ venafi.company.com ```yaml Type: String -Parameter Sets: Integrated, RefreshToken, Certificate, OAuth +Parameter Sets: Integrated, RefreshToken, Jwt, Certificate, OAuth Aliases: Server Required: True @@ -94,7 +100,7 @@ Applcation Id configured in Venafi for token-based authentication ```yaml Type: String -Parameter Sets: Integrated, RefreshToken, Certificate, OAuth +Parameter Sets: Integrated, RefreshToken, Jwt, Certificate, OAuth Aliases: Required: True @@ -116,7 +122,7 @@ Usage of the 'all' scope is not suggested for production. ```yaml Type: Hashtable -Parameter Sets: Integrated, Certificate, OAuth +Parameter Sets: Integrated, Jwt, Certificate, OAuth Aliases: Required: True @@ -156,6 +162,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Jwt +JSON web token. +Available in TPP v22.4 and later. +Ensure jwt mapping has been configured in VCC, Access Management-\>JWT Mappings. + +```yaml +Type: String +Parameter Sets: Jwt +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Certificate Certificate used to request API token. Certificate authentication must be configured for remote web sdk clients, https://docs.venafi.com/Docs/current/TopNav/Content/CA/t-CA-ConfiguringInTPPandIIS-tpp.php. diff --git a/docs/functions/New-VenafiSession.md b/docs/functions/New-VenafiSession.md index c9a01900..a3c0a149 100644 --- a/docs/functions/New-VenafiSession.md +++ b/docs/functions/New-VenafiSession.md @@ -35,6 +35,12 @@ New-VenafiSession -Server -AccessToken [-VaultAccessToke [-VaultMetadata] [-PassThru] [-SkipCertificateCheck] [] ``` +### TokenJwt +``` +New-VenafiSession -Server -ClientId -Scope -Jwt [-PassThru] + [-SkipCertificateCheck] [] +``` + ### TokenCertificate ``` New-VenafiSession -Server -ClientId -Scope -Certificate @@ -162,7 +168,7 @@ If just the server name is provided, https:// will be appended. ```yaml Type: String -Parameter Sets: KeyIntegrated, RefreshToken, AccessToken, TokenCertificate, TokenIntegrated, TokenOAuth, KeyCredential +Parameter Sets: KeyIntegrated, RefreshToken, AccessToken, TokenJwt, TokenCertificate, TokenIntegrated, TokenOAuth, KeyCredential Aliases: ServerUrl, Url Required: True @@ -217,7 +223,7 @@ Accept wildcard characters: False ```yaml Type: String -Parameter Sets: RefreshToken, TokenCertificate, TokenIntegrated, TokenOAuth +Parameter Sets: RefreshToken, TokenJwt, TokenCertificate, TokenIntegrated, TokenOAuth Aliases: Required: True @@ -251,7 +257,7 @@ Accept wildcard characters: False ```yaml Type: Hashtable -Parameter Sets: TokenCertificate, TokenIntegrated, TokenOAuth +Parameter Sets: TokenJwt, TokenCertificate, TokenIntegrated, TokenOAuth Aliases: Required: True @@ -307,6 +313,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Jwt +JSON web token. +Available in TPP v22.4 and later. +Ensure jwt mapping has been configured in VCC, Access Management-\>JWT Mappings. + +```yaml +Type: String +Parameter Sets: TokenJwt +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Certificate Certificate for token-based authentication @@ -519,6 +542,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable [https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-POST-AuthorizeCertificate.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-POST-AuthorizeCertificate.php) +[https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-POST-AuthorizeJwt.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-POST-AuthorizeJwt.php) + [https://github.com/PowerShell/SecretManagement](https://github.com/PowerShell/SecretManagement) [https://github.com/PowerShell/SecretStore](https://github.com/PowerShell/SecretStore)