Update manifest and docs to 5.4.0

Venafi · Feb 22, 2023 · 48c3cd3 · 48c3cd3
1 parent 25b9736
commit 48c3cd3
Show file tree

Hide file tree

Showing 6 changed files with 101 additions and 35 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 5.4.0
+- Add 'all' token scope with 2 values, 'core' and 'admin'.  'Core' is all scopes except for admin and 'admin' includes admin.  Use as `New-VenafiSession -Scope @{'all'='core'}`.  Not suggested for production environments
+- Add `-SkipCertificateCheck` to `New-VenafiSession` and `New-TppToken` to bypass certificate checking, useful in pre-production environments, connecting via IP, etc.  If you aren't creating a new session, but providing a token directly to a function, the same functionality can be found by setting an environment variable `$env:VENAFIPS_SKIP_CERT_CHECK=1`.  If vaulting your token, this value will also be vaulted in the metadata making it very easy to use `New-VenafiSession -VaultRefreshAccessToken $name` and connect to pre-prod environments with no certificate checking
+- `New-VenafiSession -VaultMetadata` is now deprecated and metadata will be vaulted by default
+- Token scope is now vaulted in metadata and added to $VenafiSession when using `-VaultAccessTokenName` or `-VaultRefreshTokenName` of `New-VenafiSession`
+- Update `Write-VerboseWithSecret` to support secrets in delimited json
+- Fix TppObject ParentPath error when it contains certain characters, [#186](https://github.com/Venafi/VenafiPS/issues/186)
+- Fix object does not exist error with `Move-TppObject` in a try/catch, [#185](https://github.com/Venafi/VenafiPS/issues/185)
+
+
 ## 5.3.1
 - Fix `Get-TppClassAttribute -All` error when providing VenafiSession directly, [#182](https://github.com/Venafi/VenafiPS/issues/182)
 
@@ -501,5 +511,6 @@
 
 
 
+
 
 
diff --git a/VenafiPS/VenafiPS.psd1 b/VenafiPS/VenafiPS.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: Venafi
 #
-# Generated on: 01/22/2023
+# Generated on: 02/22/2023
 #
 
 @{
@@ -12,7 +12,7 @@
 RootModule = 'VenafiPS.psm1'
 
 # Version number of this module.
-ModuleVersion = '5.4'
+ModuleVersion = '5.4.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()

diff --git a/docs/changelog.md b/docs/changelog.md
@@ -1,3 +1,13 @@
+## 5.4.0
+- Add 'all' token scope with 2 values, 'core' and 'admin'.  'Core' is all scopes except for admin and 'admin' includes admin.  Use as `New-VenafiSession -Scope @{'all'='core'}`.  Not suggested for production environments
+- Add `-SkipCertificateCheck` to `New-VenafiSession` and `New-TppToken` to bypass certificate checking, useful in pre-production environments, connecting via IP, etc.  If you aren't creating a new session, but providing a token directly to a function, the same functionality can be found by setting an environment variable `$env:VENAFIPS_SKIP_CERT_CHECK=1`.  If vaulting your token, this value will also be vaulted in the metadata making it very easy to use `New-VenafiSession -VaultRefreshAccessToken $name` and connect to pre-prod environments with no certificate checking
+- `New-VenafiSession -VaultMetadata` is now deprecated and metadata will be vaulted by default
+- Token scope is now vaulted in metadata and added to $VenafiSession when using `-VaultAccessTokenName` or `-VaultRefreshTokenName` of `New-VenafiSession`
+- Update `Write-VerboseWithSecret` to support secrets in delimited json
+- Fix TppObject ParentPath error when it contains certain characters, [#186](https://github.com/Venafi/VenafiPS/issues/186)
+- Fix object does not exist error with `Move-TppObject` in a try/catch, [#185](https://github.com/Venafi/VenafiPS/issues/185)
+
+
 ## 5.3.1
 - Fix `Get-TppClassAttribute -All` error when providing VenafiSession directly, [#182](https://github.com/Venafi/VenafiPS/issues/182)
 
@@ -501,5 +511,6 @@
 
 
 
+
 
 
diff --git a/docs/functions/Invoke-VenafiRestMethod.md b/docs/functions/Invoke-VenafiRestMethod.md
@@ -8,14 +8,14 @@ Ability to execute REST API calls which don't exist in a dedicated function yet
 ### Session (Default)
 ```
 Invoke-VenafiRestMethod [-VenafiSession <PSObject>] [-Method <String>] [-UriRoot <String>] -UriLeaf <String>
- [-Header <Hashtable>] [-Body <Hashtable>] [-FullResponse] [<CommonParameters>]
+ [-Header <Hashtable>] [-Body <Hashtable>] [-FullResponse] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### URL
 ```
 Invoke-VenafiRestMethod -Server <String> [-UseDefaultCredential] [-Certificate <X509Certificate>]
  [-Method <String>] [-UriRoot <String>] -UriLeaf <String> [-Header <Hashtable>] [-Body <Hashtable>]
- [-FullResponse] [<CommonParameters>]
+ [-FullResponse] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -191,6 +191,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -SkipCertificateCheck
+{{ Fill SkipCertificateCheck Description }}
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 

diff --git a/docs/functions/New-TppToken.md b/docs/functions/New-TppToken.md
@@ -7,31 +7,31 @@ Get a new access token or refresh an existing one
 
 ### Integrated (Default)
 ```
-New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> [-State <String>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> [-State <String>]
+ [-SkipCertificateCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### RefreshToken
 ```
-New-TppToken -AuthServer <String> -ClientId <String> -RefreshToken <PSCredential> [-WhatIf] [-Confirm]
- [<CommonParameters>]
+New-TppToken -AuthServer <String> -ClientId <String> -RefreshToken <PSCredential> [-SkipCertificateCheck]
+ [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### Certificate
 ```
 New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> -Certificate <X509Certificate>
- [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-SkipCertificateCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### OAuth
 ```
 New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> -Credential <PSCredential>
- [-State <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-State <String>] [-SkipCertificateCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### RefreshSession
 ```
-New-TppToken -VenafiSession <VenafiSession> [-WhatIf] [-Confirm] [<CommonParameters>]
+New-TppToken [-SkipCertificateCheck] -VenafiSession <VenafiSession> [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -110,6 +110,9 @@ The key is the scope and the value is one or more privilege restrictions separat
 A privilege restriction of none or read, use a value of $null.
 Scopes include Agent, Certificate, Code Signing, Configuration, Restricted, Security, SSH, and statistics.
 See https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-OAuthScopePrivilegeMapping.php
+Using a scope of {'all'='core'} will set all scopes except for admin.
+Using a scope of {'all'='admin'} will set all scopes including admin.
+Usage of the 'all' scope is not suggested for production.
 
 ```yaml
 Type: Hashtable
@@ -185,6 +188,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -SkipCertificateCheck
+{{ Fill SkipCertificateCheck Description }}
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -VenafiSession
 VenafiSession object created from New-VenafiSession method.
 

diff --git a/docs/functions/New-VenafiSession.md b/docs/functions/New-VenafiSession.md
@@ -7,67 +7,70 @@ Create a new Venafi TPP or Venafi as a Service session
 
 ### KeyIntegrated (Default)
 ```
-New-VenafiSession -Server <String> [-PassThru] [<CommonParameters>]
+New-VenafiSession -Server <String> [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### VaultRefreshToken
 ```
 New-VenafiSession [-Server <String>] [-ClientId <String>] [-Scope <Hashtable>] -VaultRefreshTokenName <String>
- [-VaultMetadata] [-PassThru] [<CommonParameters>]
+ [-VaultMetadata] [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### VaultAccessToken
 ```
 New-VenafiSession [-Server <String>] [-Scope <Hashtable>] -VaultAccessTokenName <String> [-VaultMetadata]
- [-PassThru] [<CommonParameters>]
+ [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### RefreshToken
 ```
 New-VenafiSession -Server <String> -ClientId <String> -RefreshToken <PSCredential>
- [-VaultRefreshTokenName <String>] [-VaultMetadata] [-AuthServer <String>] [-PassThru] [<CommonParameters>]
+ [-VaultRefreshTokenName <String>] [-VaultMetadata] [-AuthServer <String>] [-PassThru] [-SkipCertificateCheck]
+ [<CommonParameters>]
 ```
 
 ### AccessToken
 ```
 New-VenafiSession -Server <String> -AccessToken <PSCredential> [-VaultAccessTokenName <String>]
- [-VaultMetadata] [-PassThru] [<CommonParameters>]
+ [-VaultMetadata] [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### TokenCertificate
 ```
 New-VenafiSession -Server <String> -ClientId <String> -Scope <Hashtable> -Certificate <X509Certificate>
  [-VaultAccessTokenName <String>] [-VaultRefreshTokenName <String>] [-VaultMetadata] [-AuthServer <String>]
- [-PassThru] [<CommonParameters>]
+ [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### TokenIntegrated
 ```
 New-VenafiSession -Server <String> -ClientId <String> -Scope <Hashtable> [-State <String>]
  [-VaultAccessTokenName <String>] [-VaultRefreshTokenName <String>] [-VaultMetadata] [-AuthServer <String>]
- [-PassThru] [<CommonParameters>]
+ [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### TokenOAuth
 ```
 New-VenafiSession -Server <String> -Credential <PSCredential> -ClientId <String> -Scope <Hashtable>
  [-State <String>] [-VaultAccessTokenName <String>] [-VaultRefreshTokenName <String>] [-VaultMetadata]
- [-AuthServer <String>] [-PassThru] [<CommonParameters>]
+ [-AuthServer <String>] [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ### KeyCredential
 ```
-New-VenafiSession -Server <String> -Credential <PSCredential> [-PassThru] [<CommonParameters>]
+New-VenafiSession -Server <String> -Credential <PSCredential> [-PassThru] [-SkipCertificateCheck]
+ [<CommonParameters>]
 ```
 
 ### Vaas
 ```
-New-VenafiSession -VaasKey <PSCredential> [-VaultVaasKeyName <String>] [-PassThru] [<CommonParameters>]
+New-VenafiSession -VaasKey <PSCredential> [-VaultVaasKeyName <String>] [-PassThru] [-SkipCertificateCheck]
+ [<CommonParameters>]
 ```
 
 ### VaultVaasKey
 ```
-New-VenafiSession -VaultVaasKeyName <String> [-PassThru] [<CommonParameters>]
+New-VenafiSession -VaultVaasKeyName <String> [-PassThru] [-SkipCertificateCheck] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -140,17 +143,11 @@ Create session using a refresh token and store the newly created refresh token i
 
 ### EXAMPLE 11
 ```
-New-VenafiSession -Server venafitpp.mycompany.com -RefreshToken $refreshCred -ClientId MyApp -VaultRefreshTokenName TppRefresh -VaultMetadata
-Create session using a refresh token, store the newly created refresh token in the vault, and store the server and clientid with the secret
-```
-
-### EXAMPLE 12
-```
 New-VenafiSession -VaasKey $cred
 Create session against Venafi as a Service
 ```
 
-### EXAMPLE 13
+### EXAMPLE 12
 ```
 New-VenafiSession -VaultVaasKeyName vaas-key
 Create session against Venafi as a Service with a key stored in a vault
@@ -236,6 +233,9 @@ The key is the scope and the value is one or more privilege restrictions separat
 Scopes include Agent, Certificate, Code Signing, Configuration, Restricted, Security, SSH, and statistics.
 For no privilege restriction or read access, use a value of $null.
 For a scope to privilege mapping, see https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-OAuthScopePrivilegeMapping.php
+Using a scope of {'all'='core'} will set all scopes except for admin.
+Using a scope of {'all'='admin'} will set all scopes including admin.
+Usage of the 'all' scope is not suggested for production.
 
 ```yaml
 Type: Hashtable
@@ -327,7 +327,6 @@ Name of the SecretManagement vault entry for the access token; the name of the v
 This value can be provided standalone or with credentials. 
 First time use requires it to be provided with credentials to retrieve the access token to populate the vault.
 With subsequent uses, it can be provided standalone and the access token will be retrieved without the need for credentials.
-See -VaultMetadata to store server and clientid with the token.
 
 ```yaml
 Type: String
@@ -359,7 +358,6 @@ This value can be provided standalone or with credentials.
 Each time this is used, a new access and refresh token will be obtained.
 First time use requires it to be provided with credentials to retrieve the refresh token and populate the vault.
 With subsequent uses, it can be provided standalone and the refresh token will be retrieved without the need for credentials.
-See -VaultMetadata to store server and clientid with the token.
 
 ```yaml
 Type: String
@@ -386,10 +384,7 @@ Accept wildcard characters: False
 ```
 
 ### -VaultMetadata
-When a token vault entry, access or refresh, is created with -VaultAccessTokenName or -VaultRefreshTokenName, store the server and clientid with it so this doesn't need to be provided each time.
-Once used, the server and clientid will continue to be stored with updated vault entries regardless if -VaultMetadata was provided again.
-To clear the metadata, reauthenticate with this function with a credential and without providing -VaultMetadata.
-To use this parameter, the SecretManagement vault must support it.
+{{ Fill VaultMetadata Description }}
 
 ```yaml
 Type: SwitchParameter
@@ -482,6 +477,22 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -SkipCertificateCheck
+Bypass certificate validation when connecting to the server.
+This can be helpful for pre-prod environments where ssl isn't setup on the website or you are connecting via IP.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).