Update manifest and docs to 5.5.0

Venafi · May 5, 2023 · c3248a1 · c3248a1
1 parent 5616138
commit c3248a1
Show file tree

Hide file tree

Showing 9 changed files with 423 additions and 72 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 5.5.0
+- Add `Set-TppAttribute -NoOverwrite` to allow additions to an attribute list.  [#189](https://github.com/Venafi/VenafiPS/issues/189)
+- Add `Get-TppAttribute -NoLookup` for the remote cases where a built-in attribute and custom field have the same name.  The default will be to look for a custom field.  Use `-NoLookup` to override.  [#192](https://github.com/Venafi/VenafiPS/issues/192)
+- Add ability to export the chain on VaaS with `Export-VenafiCertificate`
+- Add ability to export a certificate to a file on VaaS with `Export-VenafiCertificate`
+- Fix certain characters in friendly name causing `Test-TppIdentityFormat` to fail, [#205](https://github.com/Venafi/VenafiPS/issues/205)
+- Add ability to set specific permission with `Set-TppPermission` and not just an entire permissions object, [#197](https://github.com/Venafi/VenafiPS/issues/197)
+- Enhance pipeline support for `Set-TppPermission`
+- Fix failure removing a custom field value with `Set-TppAttribute`, [#199](https://github.com/Venafi/VenafiPS/issues/199)
+- Fix `ConvertTo-TppFullPath` appending '\ved\policy' incorrectly on non-Windows environments
+
 ## 5.4.1
 - Add support for JWT token authentication in `New-VenafiSession` and `New-TppToken`
 
@@ -516,5 +527,6 @@
 
 
 
+
 
 
diff --git a/VenafiPS/VenafiPS.psd1 b/VenafiPS/VenafiPS.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: Venafi
 #
-# Generated on: 03/09/2023
+# Generated on: 05/05/2023
 #
 
 @{
@@ -12,7 +12,7 @@
 RootModule = 'VenafiPS.psm1'
 
 # Version number of this module.
-ModuleVersion = '5.5'
+ModuleVersion = '5.5.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()

diff --git a/docs/changelog.md b/docs/changelog.md
@@ -1,3 +1,14 @@
+## 5.5.0
+- Add `Set-TppAttribute -NoOverwrite` to allow additions to an attribute list.  [#189](https://github.com/Venafi/VenafiPS/issues/189)
+- Add `Get-TppAttribute -NoLookup` for the remote cases where a built-in attribute and custom field have the same name.  The default will be to look for a custom field.  Use `-NoLookup` to override.  [#192](https://github.com/Venafi/VenafiPS/issues/192)
+- Add ability to export the chain on VaaS with `Export-VenafiCertificate`
+- Add ability to export a certificate to a file on VaaS with `Export-VenafiCertificate`
+- Fix certain characters in friendly name causing `Test-TppIdentityFormat` to fail, [#205](https://github.com/Venafi/VenafiPS/issues/205)
+- Add ability to set specific permission with `Set-TppPermission` and not just an entire permissions object, [#197](https://github.com/Venafi/VenafiPS/issues/197)
+- Enhance pipeline support for `Set-TppPermission`
+- Fix failure removing a custom field value with `Set-TppAttribute`, [#199](https://github.com/Venafi/VenafiPS/issues/199)
+- Fix `ConvertTo-TppFullPath` appending '\ved\policy' incorrectly on non-Windows environments
+
 ## 5.4.1
 - Add support for JWT token authentication in `New-VenafiSession` and `New-TppToken`
 
@@ -516,5 +527,6 @@
 
 
 
+
 
 
diff --git a/docs/functions/Export-VenafiCertificate.md b/docs/functions/Export-VenafiCertificate.md
@@ -5,17 +5,16 @@ Get certificate data
 
 ## SYNTAX
 
-### All (Default)
+### VaasChain
 ```
-Export-VenafiCertificate -CertificateId <String> -Format <String> [-VenafiSession <PSObject>]
- [<CommonParameters>]
+Export-VenafiCertificate -CertificateId <String> -VaasFormat <String> [-OutPath <String>] [-IncludeChain]
+ [-RootFirst] [-VenafiSession <PSObject>] [<CommonParameters>]
 ```
 
-### Tpp
+### Vaas
 ```
-Export-VenafiCertificate -CertificateId <String> -Format <String> [-OutPath <String>] [-IncludeChain]
- [-FriendlyName <String>] [-IncludePrivateKey] [-PrivateKeyPassword <SecureString>] [-VenafiSession <PSObject>]
- [<CommonParameters>]
+Export-VenafiCertificate -CertificateId <String> -VaasFormat <String> [-OutPath <String>]
+ [-VenafiSession <PSObject>] [<CommonParameters>]
 ```
 
 ### TppJks
@@ -25,39 +24,51 @@ Export-VenafiCertificate -CertificateId <String> [-IncludeChain] -FriendlyName <
  [<CommonParameters>]
 ```
 
+### Tpp
+```
+Export-VenafiCertificate -CertificateId <String> -TppFormat <String> [-OutPath <String>] [-IncludeChain]
+ [-FriendlyName <String>] [-PrivateKeyPassword <SecureString>] [-VenafiSession <PSObject>] [<CommonParameters>]
+```
+
 ## DESCRIPTION
 Get certificate data from either Venafi as a Service or TPP.
 
 ## EXAMPLES
 
 ### EXAMPLE 1
 ```
-$certId | Export-VenafiCertificate -Format PEM
+$certId | Export-VenafiCertificate -VaasFormat PEM
 Get certificate data from Venafi as a Service
 ```
 
 ### EXAMPLE 2
 ```
-$cert | Export-VenafiCertificate -Format 'PKCS #7' -OutPath 'c:\temp'
-Get certificate data and save to a file, TPP
+$cert | Export-VenafiCertificate -TppFormat 'PKCS #7' -OutPath 'c:\temp'
+Get certificate data and save to a file
 ```
 
 ### EXAMPLE 3
 ```
-$cert | Export-VenafiCertificate -Format 'PKCS #7' -IncludeChain
+$cert | Export-VenafiCertificate -TppFormat 'PKCS #7' -IncludeChain
 Get one or more certificates with the certificate chain included, TPP
 ```
 
 ### EXAMPLE 4
 ```
-$cert | Export-VenafiCertificate -Format 'PKCS #12' -PrivateKeyPassword $cred.password
-Get one or more certificates with private key included, TPP
+$cert | Export-VenafiCertificate -VaasFormat PEM -IncludeChain -RootFirst
+Get one or more certificates with the certificate chain included and the root first in the chain, VaaS
 ```
 
 ### EXAMPLE 5
 ```
+$cert | Export-VenafiCertificate -TppFormat 'PKCS #12' -PrivateKeyPassword $cred.password
+Get one or more certificates with private key included, TPP
+```
+
+### EXAMPLE 6
+```
 $cert | Export-VenafiCertificate -FriendlyName 'MyFriendlyName' -KeystorePassword $cred.password
-Get certificates in JKS format, TPP
+Get certificates in JKS format, TPP.  -TppFormat not needed since we know its JKS via -KeystorePassword.
 ```
 
 ## PARAMETERS
@@ -79,14 +90,27 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
-### -Format
-Certificate format.
-For Venafi as a Service, you can provide either PEM, DER, or JKS.
-For TPP, you can provide Base64, Base64 (PKCS#8), DER, JKS, PKCS #7, or PKCS #12.
+### -TppFormat
+Certificate format, either Base64, Base64 (PKCS#8), DER, PKCS #7, or PKCS #12.
+
+```yaml
+Type: String
+Parameter Sets: Tpp
+Aliases: Format
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -VaasFormat
+Certificate format, either DER or PEM
 
 ```yaml
 Type: String
-Parameter Sets: All, Tpp
+Parameter Sets: VaasChain, Vaas
 Aliases:
 
 Required: True
@@ -98,12 +122,11 @@ Accept wildcard characters: False
 
 ### -OutPath
 Folder path to save the certificate to. 
-The name of the file will be determined automatically. 
-TPP Only...for now.
+The name of the file will be determined automatically.
 
 ```yaml
 Type: String
-Parameter Sets: Tpp
+Parameter Sets: VaasChain, Vaas, Tpp
 Aliases:
 
 Required: False
@@ -115,12 +138,23 @@ Accept wildcard characters: False
 
 ### -IncludeChain
 Include the certificate chain with the exported certificate. 
-Not supported with DER format. 
-TPP Only.
+Not supported with DER format.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: VaasChain
+Aliases:
+
+Required: True
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
 
 ```yaml
 Type: SwitchParameter
-Parameter Sets: Tpp, TppJks
+Parameter Sets: TppJks, Tpp
 Aliases:
 
 Required: False
@@ -130,24 +164,27 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -FriendlyName
-Label or alias to use. 
-Permitted with Base64 and PKCS #12 formats. 
-Required when Format is JKS. 
-TPP Only.
+### -RootFirst
+Use with -IncludeChain for VaaS to return the root first instead of the end entity first
 
 ```yaml
-Type: String
-Parameter Sets: Tpp
+Type: SwitchParameter
+Parameter Sets: VaasChain
 Aliases:
 
 Required: False
 Position: Named
-Default value: None
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -FriendlyName
+Label or alias to use. 
+Permitted with Base64 and PKCS #12 formats. 
+Required when exporting JKS. 
+TPP Only.
+
 ```yaml
 Type: String
 Parameter Sets: TppJks
@@ -160,19 +197,14 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -IncludePrivateKey
-DEPRECATED.
-Provide a value for -PrivateKeyPassword. 
-TPP only.
-
 ```yaml
-Type: SwitchParameter
+Type: String
 Parameter Sets: Tpp
 Aliases:
 
 Required: False
 Position: Named
-Default value: False
+Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
@@ -191,7 +223,7 @@ You must adhere to the following rules:
 
 ```yaml
 Type: SecureString
-Parameter Sets: Tpp, TppJks
+Parameter Sets: TppJks, Tpp
 Aliases: SecurePassword
 
 Required: False

diff --git a/docs/functions/Get-TppAttribute.md b/docs/functions/Get-TppAttribute.md
@@ -7,13 +7,14 @@ Get object attributes as well as policy attributes
 
 ### Attribute (Default)
 ```
-Get-TppAttribute -Path <String> -Attribute <String[]> [-Class <String>] [-VenafiSession <PSObject>]
+Get-TppAttribute -Path <String> -Attribute <String[]> [-Class <String>] [-NoLookup] [-VenafiSession <PSObject>]
  [<CommonParameters>]
 ```
 
 ### All
 ```
-Get-TppAttribute -Path <String> [-Class <String>] [-All] [-VenafiSession <PSObject>] [<CommonParameters>]
+Get-TppAttribute -Path <String> [-Class <String>] [-All] [-NoLookup] [-VenafiSession <PSObject>]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -76,6 +77,20 @@ You can specify either the guid or custom field label name.
 
 ### EXAMPLE 4
 ```
+Get-TppAttribute -Path '\VED\Policy\mydevice\myapp' -Attribute 'Certificate' -NoLookup
+```
+
+Name                        : myapp
+Path                        : \VED\Policy\mydevice\myapp
+TypeName                    : Adaptable App
+Guid                        : b7a7221b-e038-41d9-9d49-d7f45c1ca128
+Attribute                   : {@{Name=Certificate; PolicyPath=; Value=\VED\Policy\mycert; Locked=False; Overridden=False}}
+Certificate                 : \VED\Policy\mycert
+
+Retrieve an attribute value without custom value lookup
+
+### EXAMPLE 5
+```
 Get-TppAttribute -Path '\VED\Policy\certificates\test.gdb.com' -All
 ```
 
@@ -97,7 +112,7 @@ Driver Name                           : appx509certificate
 
 Retrieve all attributes applicable to this object
 
-### EXAMPLE 5
+### EXAMPLE 6
 ```
 Get-TppAttribute -Path 'Certificates' -Class 'X509 Certificate' -Attribute 'State'
 ```
@@ -113,7 +128,7 @@ State     : UT
 Retrieve a policy attribute value for the specified policy folder and class.
 \ved\policy will be prepended to the path.
 
-### EXAMPLE 6
+### EXAMPLE 7
 ```
 Get-TppAttribute -Path '\VED\Policy\certificates' -Class 'X509 Certificate' -All
 ```
@@ -205,6 +220,25 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -NoLookup
+Default functionality is to perform lookup of attributes names to see if they are custom fields or not.
+If they are, pass along the guid instead of name required by the api for custom fields.
+To override this behavior and use the attribute name as is, add -NoLookup.
+Useful if on the off chance you have a custom field with the same name as a built-in attribute.
+Can also be used with -All and the output will contain guids instead of looked up names.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -VenafiSession
 Authentication for the function.
 The value defaults to the script session object $VenafiSession created by New-VenafiSession.

diff --git a/docs/functions/New-TppToken.md b/docs/functions/New-TppToken.md
@@ -116,8 +116,10 @@ The key is the scope and the value is one or more privilege restrictions separat
 A privilege restriction of none or read, use a value of $null.
 Scopes include Agent, Certificate, Code Signing, Configuration, Restricted, Security, SSH, and statistics.
 See https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-OAuthScopePrivilegeMapping.php
-Using a scope of {'all'='core'} will set all scopes except for admin.
+Using a scope of {'all'='core'} will set all scopes except for codesignclient and admin.
+Using a scope of {'all'='core-cs'} will set all scopes inclduing codesignclient except for admin.
 Using a scope of {'all'='admin'} will set all scopes including admin.
+Using a scope of {'all'='admin-cs'} will set all scopes including admin.
 Usage of the 'all' scope is not suggested for production.
 
 ```yaml

diff --git a/docs/functions/New-VenafiSession.md b/docs/functions/New-VenafiSession.md
@@ -239,8 +239,10 @@ The key is the scope and the value is one or more privilege restrictions separat
 Scopes include Agent, Certificate, Code Signing, Configuration, Restricted, Security, SSH, and statistics.
 For no privilege restriction or read access, use a value of $null.
 For a scope to privilege mapping, see https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-OAuthScopePrivilegeMapping.php
-Using a scope of {'all'='core'} will set all scopes except for admin.
+Using a scope of {'all'='core'} will set all scopes except for codesignclient and admin.
+Using a scope of {'all'='core-cs'} will set all scopes inclduing codesignclient except for admin.
 Using a scope of {'all'='admin'} will set all scopes including admin.
+Using a scope of {'all'='admin-cs'} will set all scopes including admin.
 Usage of the 'all' scope is not suggested for production.
 
 ```yaml