From d04fb3e0517ce082c67ca7944d7a5d0427a316ea Mon Sep 17 00:00:00 2001 From: Greg Brownstein Date: Thu, 12 May 2022 20:08:29 +0000 Subject: [PATCH] Update manifest and docs to 4.3.0 --- CHANGELOG.md | 12 ++ VenafiPS/VenafiPS.psd1 | 4 +- docs/changelog.md | 12 ++ docs/functions/Get-TppAttribute.md | 176 +++++++++++++++--------- docs/functions/Import-TppCertificate.md | 2 +- docs/functions/New-TppCertificate.md | 107 +++++++------- docs/functions/New-VenafiTeam.md | 40 +++++- docs/functions/Remove-TppClient.md | 22 ++- docs/functions/Search-TppHistory.md | 18 ++- 9 files changed, 252 insertions(+), 141 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19a8be1e..c24a13c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## 4.3.0 +- Add new output format for `Get-TppAttribute` using the parameter `-New`. Attributes will now be provided as object properties as opposed to individual objects for each property, which made it difficult to retrieve the value itself. This new format is available for all ways of using the function including attribute, effective attribute, and policy retrieval. This new format will become the default in the future. +- Add `Get-TppAttribute -PolicyClass -All` to retrieve all policy attributes at once +- Add `New-TppCertificate -WorkToDoTimeout` to override the global setting for a CA to issue/renew certificate +- Add support for api limitation of 5k clients at a time when calling `Remove-TppClient` +- Add support for VaaS user matching rules with `New-VenafiTeam` +- Add setting common name, if not provided, as the object name in `New-TppCertificate`, [#110](https://github.com/Venafi/VenafiPS/issues/110) +- Fix syntax error when using `New-TppCertificate -Csr`, [#111](https://github.com/Venafi/VenafiPS/issues/111) +- `-Guid` has been deprecated from `Get-TppAttribute` + + ## 4.2.4 - Add `Search-TppHistory` to find historical items by attribute value and their associated current item - Fix `Move-TppObject` not appending object name when moving multiple objects to a new folder and passed via pipeline @@ -359,3 +370,4 @@ + diff --git a/VenafiPS/VenafiPS.psd1 b/VenafiPS/VenafiPS.psd1 index 452f818b..970b4e1e 100644 --- a/VenafiPS/VenafiPS.psd1 +++ b/VenafiPS/VenafiPS.psd1 @@ -3,7 +3,7 @@ # # Generated by: Venafi # -# Generated on: 04/29/2022 +# Generated on: 05/12/2022 # @{ @@ -12,7 +12,7 @@ RootModule = 'VenafiPS.psm1' # Version number of this module. -ModuleVersion = '4.3' +ModuleVersion = '4.3.0' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/docs/changelog.md b/docs/changelog.md index 83538c5d..f20490eb 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,14 @@ +## 4.3.0 +- Add new output format for `Get-TppAttribute` using the parameter `-New`. Attributes will now be provided as object properties as opposed to individual objects for each property, which made it difficult to retrieve the value itself. This new format is available for all ways of using the function including attribute, effective attribute, and policy retrieval. This new format will become the default in the future. +- Add `Get-TppAttribute -PolicyClass -All` to retrieve all policy attributes at once +- Add `New-TppCertificate -WorkToDoTimeout` to override the global setting for a CA to issue/renew certificate +- Add support for api limitation of 5k clients at a time when calling `Remove-TppClient` +- Add support for VaaS user matching rules with `New-VenafiTeam` +- Add setting common name, if not provided, as the object name in `New-TppCertificate`, [#110](https://github.com/Venafi/VenafiPS/issues/110) +- Fix syntax error when using `New-TppCertificate -Csr`, [#111](https://github.com/Venafi/VenafiPS/issues/111) +- `-Guid` has been deprecated from `Get-TppAttribute` + + ## 4.2.4 - Add `Search-TppHistory` to find historical items by attribute value and their associated current item - Fix `Move-TppObject` not appending object name when moving multiple objects to a new folder and passed via pipeline @@ -359,3 +370,4 @@ + diff --git a/docs/functions/Get-TppAttribute.md b/docs/functions/Get-TppAttribute.md index c6773632..9025950e 100644 --- a/docs/functions/Get-TppAttribute.md +++ b/docs/functions/Get-TppAttribute.md @@ -7,37 +7,31 @@ Get object attributes as well as policies (policy attributes) ### ByPath (Default) ``` -Get-TppAttribute -Path [-Attribute ] [-AsValue] [-VenafiSession ] +Get-TppAttribute -Path [-Attribute ] [-AsValue] [-New] [-VenafiSession ] + [] +``` + +### AllPolicyPath +``` +Get-TppAttribute -Path [-All] [-Policy] -PolicyClass [-New] [-VenafiSession ] [] ``` ### PolicyPath ``` -Get-TppAttribute -Path -Attribute [-Policy] -ClassName [-AsValue] +Get-TppAttribute -Path -Attribute [-Policy] -PolicyClass [-AsValue] [-New] [-VenafiSession ] [] ``` ### AllEffectivePath ``` -Get-TppAttribute -Path [-All] [-AsValue] [-VenafiSession ] [] +Get-TppAttribute -Path [-All] [-New] [-VenafiSession ] [] ``` ### EffectiveByPath ``` -Get-TppAttribute -Path -Attribute [-Effective] [-AsValue] [-VenafiSession ] - [] -``` - -### ByGuid -``` -Get-TppAttribute -Guid [-Attribute ] [-AsValue] [-VenafiSession ] - [] -``` - -### EffectiveByGuid -``` -Get-TppAttribute -Guid -Attribute [-Effective] [-AsValue] [-VenafiSession ] - [] +Get-TppAttribute -Path -Attribute [-Effective] [-AsValue] [-New] + [-VenafiSession ] [] ``` ## DESCRIPTION @@ -52,34 +46,95 @@ For more info on policies and how they are different than attributes, see https: ### EXAMPLE 1 ``` -Get-TppAttribute -Path '\VED\Policy\My Folder\myapp.company.com' -Retrieve all values for an object, excluding values assigned by policy +Get-TppAttribute -Path '\VED\Policy\certificates\test.gdb.com' -New ``` +Name : test.gdb.com +Path : \ved\policy\certificates\test.gdb.com +TypeName : X509 Server Certificate +Guid : b7a7221b-e038-41d9-9d49-d7f45c1ca128 +Certificate Vault Id : @{Value=442493; CustomFieldName=; PolicyPath=} +Consumers : @{Value=System.Object\[\]; CustomFieldName=; PolicyPath=} +Created By : @{Value=WebAdmin; CustomFieldName=; PolicyPath=} + +Retrieve all values for an object, excluding values assigned by policy + ### EXAMPLE 2 ``` -Get-TppAttribute -Path '\VED\Policy\My Folder\myapp.company.com' -AttributeName 'driver name' -Retrieve the value for a specific attribute +Get-TppAttribute -Path '\VED\Policy\certificates\test.gdb.com' -Attribute 'Driver Name' -New ``` +Name : test.gdb.com +Path : \ved\policy\certificates\test.gdb.com +TypeName : X509 Server Certificate +Guid : b7a7221b-e038-41d9-9d49-d7f45c1ca128 +Driver Name : @{Value=appx509certificate; CustomFieldName=; PolicyPath=} + +Retrieve the value for a specific attribute + ### EXAMPLE 3 ``` -Get-TppAttribute -Path '\VED\Policy\My Folder\myapp.company.com' -AttributeName 'Contact' -Effective -Retrieve the effective value for a specific attribute +Get-TppAttribute -Path '\VED\Policy\certificates\test.gdb.com' -AttributeName 'State' -Effective -New ``` +Name : test.gdb.com +Path : \ved\policy\certificates\test.gdb.com +TypeName : X509 Server Certificate +Guid : b7a7221b-e038-41d9-9d49-d7f45c1ca128 +State : @{Value=UT; CustomFieldName=; PolicyPath=\VED\Policy\Certificates} + +Retrieve the effective (policy applied) value for a specific attribute. +This not only returns the value, but also the path where the policy is applied. + ### EXAMPLE 4 ``` -Get-TppAttribute -Path '\VED\Policy\My Folder\myapp.company.com' -All -Retrieve all effective values for an object +Get-TppAttribute -Path '\VED\Policy\certificates\test.gdb.com' -All -New ``` +Name : test.gdb.com +Path : \ved\policy\certificates\test.gdb.com +TypeName : X509 Server Certificate +Guid : b7a7221b-e038-41d9-9d49-d7f45c1ca128 +Certificate Vault Id : @{Value=442493; CustomFieldName=; PolicyPath=} +City : @{Value=Salt Lake City; CustomFieldName=; PolicyPath=\VED\Policy\Certificates} +Consumers : @{Value=System.Object\[\]; CustomFieldName=; PolicyPath=} +Created By : @{Value=WebAdmin; CustomFieldName=; PolicyPath=} +State : @{Value=UT; CustomFieldName=; PolicyPath=\VED\Policy\Certificates} + +Retrieve all effective values for an object + ### EXAMPLE 5 ``` -Get-TppAttribute -Path '\VED\Policy\My Folder' -Policy -Class 'X509 Certificate' -AttributeName 'Contact' -Retrieve the policy attribute value for the specified policy folder +Get-TppAttribute -Path '\VED\Policy\certificates' -PolicyClass 'X509 Certificate' -AttributeName 'State' -New ``` +Name : certificates +Path : \ved\policy\certificates +TypeName : Policy +Guid : a91fc152-a9fb-4b49-a7ca-7014b14d73eb +PolicyClassName : x509 certificate +State : UT + +Retrieve specific policy attribute values for the specified policy folder and class + +### EXAMPLE 6 +``` +Get-TppAttribute -Path '\VED\Policy\certificates' -PolicyClass 'X509 Certificate' -All -New +``` + +Name : certificates +Path : \ved\policy\certificates +TypeName : Policy +Guid : a91fc152-a9fb-4b49-a7ca-7014b14d73eb +PolicyClassName : x509 certificate +City : Salt Lake City +Country : US +Management Type : Enrollment +Organization : Venafi, Inc. +State : UT + +Retrieve all policy attribute values for the specified policy folder and class + ## PARAMETERS ### -Path @@ -88,7 +143,7 @@ Just providing DN will return all attributes. ```yaml Type: String -Parameter Sets: ByPath, PolicyPath, AllEffectivePath, EffectiveByPath +Parameter Sets: (All) Aliases: DN Required: True @@ -98,29 +153,12 @@ Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ``` -### -Guid -To be deprecated; use -Path instead. -Object Guid. -Just providing Guid will return all attributes. - -```yaml -Type: Guid -Parameter Sets: ByGuid, EffectiveByGuid -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -Attribute Only retrieve the value/values for this attribute ```yaml Type: String[] -Parameter Sets: ByPath, ByGuid +Parameter Sets: ByPath Aliases: Required: False @@ -132,7 +170,7 @@ Accept wildcard characters: False ```yaml Type: String[] -Parameter Sets: PolicyPath, EffectiveByPath, EffectiveByGuid +Parameter Sets: PolicyPath, EffectiveByPath Aliases: Required: True @@ -148,7 +186,7 @@ This is not applicable to policies, only objects. ```yaml Type: SwitchParameter -Parameter Sets: EffectiveByPath, EffectiveByGuid +Parameter Sets: EffectiveByPath Aliases: EffectivePolicy Required: True @@ -166,7 +204,7 @@ Note, expect this to take longer than usual given the number of api calls. ```yaml Type: SwitchParameter -Parameter Sets: AllEffectivePath +Parameter Sets: AllPolicyPath, AllEffectivePath Aliases: Required: True @@ -177,29 +215,30 @@ Accept wildcard characters: False ``` ### -Policy -Get policies (aka policy attributes) instead of object attributes +Deprecated. +To retrieve policy attributes, just provide -PolicyClass. ```yaml Type: SwitchParameter -Parameter Sets: PolicyPath +Parameter Sets: AllPolicyPath, PolicyPath Aliases: -Required: True +Required: False Position: Named Default value: False Accept pipeline input: False Accept wildcard characters: False ``` -### -ClassName -Required when getting policy attributes. +### -PolicyClass +Get policies (aka policy attributes) instead of object attributes. Provide the class name to retrieve the value for. If unsure of the class name, add the value through the TPP UI and go to Support-\>Policy Attributes to find it. ```yaml Type: String -Parameter Sets: PolicyPath -Aliases: +Parameter Sets: AllPolicyPath, PolicyPath +Aliases: ClassName Required: True Position: Named @@ -209,7 +248,23 @@ Accept wildcard characters: False ``` ### -AsValue -{{ Fill AsValue Description }} +Deprecated. +No longer required with -New format. + +```yaml +Type: SwitchParameter +Parameter Sets: ByPath, PolicyPath, EffectiveByPath +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -New +New output format which returns 1 object with multiple properties instead of an object per property ```yaml Type: SwitchParameter @@ -249,12 +304,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### Path ## OUTPUTS -### PSCustomObject with properties: -### - Name -### - Value -### - PolicyPath (only applicable with -All) -### - IsCustomField (not applicable to policies) -### - CustomName (not applicable to policies) +### PSCustomObject ## NOTES ## RELATED LINKS diff --git a/docs/functions/Import-TppCertificate.md b/docs/functions/Import-TppCertificate.md index 62e1e16f..f0c7c44a 100644 --- a/docs/functions/Import-TppCertificate.md +++ b/docs/functions/Import-TppCertificate.md @@ -180,7 +180,7 @@ By using this parameter, this function will import, but use newest. Only import the certificate when no Certificate object exists with a past, present, or current version of the imported certificate. If a match is found between the Certificate object and imported certificate, activate the certificate with the most current 'Valid From' date. Archive the unused certificate, even if it is the imported certificate, to the History tab. -See https://github.com/Venafi/VenafiPS/issues/88#issuecomment-600134145 for a flowchart of the reconciliation algorithm. +See https://docs.venafi.com/Docs/currentSDK/TopNav/Content/CA/c-CA-Import-ReconciliationRules-tpp.php for a flowchart of the reconciliation algorithm. ```yaml Type: SwitchParameter diff --git a/docs/functions/New-TppCertificate.md b/docs/functions/New-TppCertificate.md index 79566285..e7c86a9a 100644 --- a/docs/functions/New-TppCertificate.md +++ b/docs/functions/New-TppCertificate.md @@ -10,7 +10,8 @@ Enrolls or provisions a new certificate New-TppCertificate -Path -Name [-CommonName ] [-Csr ] [-CertificateType ] [-CertificateAuthorityPath ] [-CertificateAuthorityAttribute ] [-ManagementType ] [-SubjectAltName ] [-CustomField ] [-NoWorkToDo] - [-Device ] [-PassThru] [-VenafiSession ] [-WhatIf] [-Confirm] [] + [-Device ] [-WorkToDoTimeout ] [-PassThru] [-VenafiSession ] [-WhatIf] + [-Confirm] [] ``` ### ByNameWithDevice @@ -18,64 +19,56 @@ New-TppCertificate -Path -Name [-CommonName ] [-Csr -Name [-CommonName ] [-Csr ] [-CertificateType ] [-CertificateAuthorityPath ] [-CertificateAuthorityAttribute ] [-ManagementType ] [-SubjectAltName ] [-CustomField ] [-NoWorkToDo] - -Device [-Application ] [-PassThru] [-VenafiSession ] [-WhatIf] - [-Confirm] [] -``` - -### BySubjectWithDevice -``` -New-TppCertificate -Path -CommonName [-Csr ] [-CertificateType ] - [-CertificateAuthorityPath ] [-CertificateAuthorityAttribute ] - [-ManagementType ] [-SubjectAltName ] [-CustomField ] [-NoWorkToDo] - -Device [-Application ] [-PassThru] [-VenafiSession ] [-WhatIf] - [-Confirm] [] -``` - -### BySubject -``` -New-TppCertificate -Path -CommonName [-Csr ] [-CertificateType ] - [-CertificateAuthorityPath ] [-CertificateAuthorityAttribute ] - [-ManagementType ] [-SubjectAltName ] [-CustomField ] [-NoWorkToDo] - [-Device ] [-PassThru] [-VenafiSession ] [-WhatIf] [-Confirm] [] + -Device [-Application ] [-WorkToDoTimeout ] [-PassThru] + [-VenafiSession ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Enrolls or provisions a new certificate +Enrolls or provisions a new certificate. +Prior to TPP 22.1, this function is asynchronous and will always return success. +Beginning with 22.1, you can control this behavior. +See https://docs.venafi.com/Docs/currentSDK/TopNav/Content/SDK/WebSDK/r-SDK-Certificates-API-settings.php. ## EXAMPLES ### EXAMPLE 1 ``` -New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' -CertificateAuthorityDN '\ved\policy\CA Templates\my template' -Create certificate by name +New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' +Create certificate by name. A CA template policy must be defined. ``` ### EXAMPLE 2 ``` -New-TppCertificate -Path '\ved\policy\folder' -CertificateAuthorityDN '\ved\policy\CA Templates\my template' -Csr '-----BEGIN CERTIFICATE REQUEST-----\nMIIDJDCCAgwCAQAw...-----END CERTIFICATE REQUEST-----' -Create certificate using a CSR +New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' -CertificateAuthorityPath '\ved\policy\CA Templates\my template' +Create certificate by name with specific CA template ``` ### EXAMPLE 3 ``` -New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' -CertificateAuthorityDN '\ved\policy\CA Templates\my template' -CustomField @{''=''} -Create certificate and update custom fields +New-TppCertificate -Path '\ved\policy\folder' -CertificateAuthorityPath '\ved\policy\CA Templates\my template' -Csr '-----BEGIN CERTIFICATE REQUEST-----\nMIIDJDCCAgwCAQAw...-----END CERTIFICATE REQUEST-----' +Create certificate using a CSR ``` ### EXAMPLE 4 ``` -New-TppCertificate -Path '\ved\policy\folder' -CommonName 'mycert.com' -CertificateAuthorityDN '\ved\policy\CA Templates\my template' -PassThru -Create certificate using common name. Return the created object. +New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' -CertificateAuthorityPath '\ved\policy\CA Templates\my template' -CustomField @{''=''} +Create certificate and update custom fields ``` ### EXAMPLE 5 ``` -New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' -CertificateAuthorityDN '\ved\policy\CA Templates\my template' -SubjectAltName @{'Email'='me@x.com'},@{'IPAddress'='1.2.3.4'} -Create certificate including subject alternate names +New-TppCertificate -Path '\ved\policy\folder' -CommonName 'mycert.com' -CertificateAuthorityPath '\ved\policy\CA Templates\my template' -PassThru +Create certificate using common name. Return the created object. ``` ### EXAMPLE 6 ``` +New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' -CertificateAuthorityPath '\ved\policy\CA Templates\my template' -SubjectAltName @{'Email'='me@x.com'},@{'IPAddress'='1.2.3.4'} +Create certificate including subject alternate names +``` + +### EXAMPLE 7 +``` New-TppCertificate -Path '\ved\policy\folder' -Name 'mycert.com' -Device @{'PolicyDN'=$DevicePath; 'ObjectName'='MyDevice'; 'Host'='1.2.3.4'} -Application @{'DeviceName'='MyDevice'; 'ObjectName'='BasicApp'; 'DriverName'='appbasic'} Create a new certificate with associated device and app objects ``` @@ -84,7 +77,6 @@ Create a new certificate with associated device and app objects ### -Path The folder DN path for the new certificate. -If the value is missing, use the system default ```yaml Type: String @@ -99,12 +91,12 @@ Accept wildcard characters: False ``` ### -Name -Name of the certifcate. -If not provided, the name will be the same as the subject. +Name of the certifcate object. +If CommonName isn't provided, this value will be used. ```yaml Type: String -Parameter Sets: ByName, ByNameWithDevice +Parameter Sets: (All) Aliases: Required: True @@ -116,11 +108,11 @@ Accept wildcard characters: False ### -CommonName Subject Common Name. -If Name isn't provided, CommonName will be used. +If CommonName isn't provided, Name will be used. ```yaml Type: String -Parameter Sets: ByName, ByNameWithDevice +Parameter Sets: (All) Aliases: Subject Required: False @@ -130,18 +122,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -```yaml -Type: String -Parameter Sets: BySubjectWithDevice, BySubject -Aliases: Subject - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -Csr The PKCS#10 Certificate Signing Request (CSR). If this value is provided, any Subject DN fields and the KeyBitSize in the request are ignored. @@ -159,8 +139,8 @@ Accept wildcard characters: False ``` ### -CertificateType -Type of certificate to be created. -No value provided will default to X.509 Server Certificate. +Type of certificate to be created. +The default is X.509 Server Certificate. ```yaml Type: String @@ -175,7 +155,8 @@ Accept wildcard characters: False ``` ### -CertificateAuthorityPath -{{ Fill CertificateAuthorityPath Description }} +The path of the Certificate Authority Template object for enrolling the certificate. +If the value is missing, it is expected a policy has been applied to Path. ```yaml Type: String @@ -285,7 +266,7 @@ If provisioning applications as well, those should be provided with the Applicat ```yaml Type: Hashtable[] -Parameter Sets: ByName, BySubject +Parameter Sets: ByName Aliases: Required: False @@ -297,7 +278,7 @@ Accept wildcard characters: False ```yaml Type: Hashtable[] -Parameter Sets: ByNameWithDevice, BySubjectWithDevice +Parameter Sets: ByNameWithDevice Aliases: Required: True @@ -316,7 +297,7 @@ See the example. ```yaml Type: Hashtable[] -Parameter Sets: ByNameWithDevice, BySubjectWithDevice +Parameter Sets: ByNameWithDevice Aliases: Required: False @@ -326,6 +307,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -WorkToDoTimeout +Introduced in 22.1, this controls the wait time, in seconds, for a CA to issue/renew a certificate. +Providing this will override the global setting. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: 0 +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -PassThru Return a TppObject representing the newly created certificate. If devices and/or applications were created, a 'Device' property will be available as well. diff --git a/docs/functions/New-VenafiTeam.md b/docs/functions/New-VenafiTeam.md index cd5d2343..69ce1d58 100644 --- a/docs/functions/New-VenafiTeam.md +++ b/docs/functions/New-VenafiTeam.md @@ -7,8 +7,9 @@ Create a new team ### VaaS ``` -New-VenafiTeam -Name -Owner -Member -Role [-PassThru] - [-VenafiSession ] [] +New-VenafiTeam -Name -Owner -Member -Role + [-UserMatchingRule ] [-PassThru] [-VenafiSession ] + [] ``` ### TPP @@ -31,6 +32,13 @@ Create a new VaaS team ### EXAMPLE 2 ``` +New-VenafiTeam -Name 'My New Team' -Member 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Owner @('ca7ff555-88d2-4bfc-9efa-2630ac44c1f3', 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f4') -Role 'System Admin' -UserMatchingRule @('MyClaim', 'CONTAINS', 'Group') +``` + +Create a new VaaS team with user matching rule + +### EXAMPLE 3 +``` New-VenafiTeam -Name 'My New Team' -Member 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Owner @('ca7ff555-88d2-4bfc-9efa-2630ac44c1f3', 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f4') -Role 'System Admin' -PassThru ``` @@ -47,28 +55,28 @@ modificationDate : 3/21/2022 6:38:40 PM Create a new VaaS team returning the new team -### EXAMPLE 3 +### EXAMPLE 4 ``` New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' ``` Create a new TPP team -### EXAMPLE 4 +### EXAMPLE 5 ``` New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -Policy '\ved\policy\myfolder' ``` Create a new TPP team and assign it to a policy -### EXAMPLE 5 +### EXAMPLE 6 ``` New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -Description 'One amazing team' ``` Create a new TPP team with optional description -### EXAMPLE 6 +### EXAMPLE 7 ``` New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -PassThru ``` @@ -152,6 +160,24 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -UserMatchingRule +If SSO is enabled, build your team membership rules to organize your users into teams automatically. +If more than 1 rule is configured, they must all be met for a user to meet the criteria. +Each rule should be of the format @('claim name', 'operator', 'value') +where operator can be equals, not_equals, contains, not_contains, starts_with, or ends_with. + +```yaml +Type: System.Collections.Generic.List`1[System.Array] +Parameter Sets: VaaS +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Policy 1 or more policy folder paths this team manages. TPP only. @@ -248,3 +274,5 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable [https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Teams.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Teams.php) +[https://docs.venafi.cloud/vcs-platform/creating-new-teams/](https://docs.venafi.cloud/vcs-platform/creating-new-teams/) + diff --git a/docs/functions/Remove-TppClient.md b/docs/functions/Remove-TppClient.md index 3550e4b4..d42cd50d 100644 --- a/docs/functions/Remove-TppClient.md +++ b/docs/functions/Remove-TppClient.md @@ -6,7 +6,7 @@ Remove registered client agents ## SYNTAX ``` -Remove-TppClient [-ClientId] [-RemoveAssociatedDevices] [[-VenafiSession] ] [-WhatIf] +Remove-TppClient [-ClientID] [-RemoveAssociatedDevice] [[-VenafiSession] ] [-WhatIf] [-Confirm] [] ``` @@ -18,13 +18,19 @@ Provide an array of client IDs to remove a large list at once. ### EXAMPLE 1 ``` -Remove-TppClient -ClientId 1234 -Remove a client +Remove-TppClient -ClientId 1234, 5678 +Remove clients +``` + +### EXAMPLE 2 +``` +Remove-TppClient -ClientId 1234, 5678 -RemoveAssociatedDevice +Remove clients and associated devices ``` ## PARAMETERS -### -ClientId +### -ClientID Unique id for one or more clients ```yaml @@ -39,13 +45,15 @@ Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ``` -### -RemoveAssociatedDevices -{{ Fill RemoveAssociatedDevices Description }} +### -RemoveAssociatedDevice +For a registered Agent, delete the associated Device objects, and only certificates that belong to the associated device. +Delete any related Discovery information. +Preserve unrelated device, certificate, and Discovery information in other locations of the Policy tree and Secret Store. ```yaml Type: SwitchParameter Parameter Sets: (All) -Aliases: +Aliases: RemoveAssociatedDevices Required: False Position: Named diff --git a/docs/functions/Search-TppHistory.md b/docs/functions/Search-TppHistory.md index 4a35213a..3ad2b5d5 100644 --- a/docs/functions/Search-TppHistory.md +++ b/docs/functions/Search-TppHistory.md @@ -20,15 +20,23 @@ Be sure to use PowerShell Core, v7 or greater, to take advantage. ### EXAMPLE 1 ``` Search-TppHistory -Attribute @{'ValidTo' = (Get-Date)} -Find historical items that are still active ``` +Name : test.gdb.com +TypeName : X509 Server Certificate +Path : \VED\Policy\Certificates\test.gdb.com +History : {@{AIACAIssuerURL=System.Object\[\]; AIAKeyIdentifier=F2E970BA11A64D616E78592911D7CC; C=US; + CDPURI=0::False; EnhancedKeyUsage=Server Authentication(1.3.6.1.5.5.7.3.1).........}} + +Find historical items that are still active + ### EXAMPLE 2 ``` Search-TppHistory -Attribute @{'ValidTo' = (Get-Date)} -Path '\ved\policy\certs' -Find historical items that are still active and the current item starts with a specific path ``` +Find historical items that are still active and the current item starts with a specific path + ## PARAMETERS ### -Path @@ -91,11 +99,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### None ## OUTPUTS -### PSCustomObject with the following properties: -### Name -### TypeName -### Path -### History +### PSCustomObject ## NOTES ## RELATED LINKS