diff --git a/VenafiPS/Private/Find-VcObject.ps1 b/VenafiPS/Private/Find-VcObject.ps1 index 9f46e256..96c6496b 100644 --- a/VenafiPS/Private/Find-VcObject.ps1 +++ b/VenafiPS/Private/Find-VcObject.ps1 @@ -79,7 +79,7 @@ function Find-VcObject { https://github.com/Venafi/VenafiPS/blob/main/VenafiPS/Public/Find-VcObject.ps1 #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = 'All')] param ( @@ -87,15 +87,19 @@ function Find-VcObject { [ValidateSet('Certificate', 'ActivityLog', 'Machine', 'MachineIdentity', 'CertificateRequest', 'CertificateInstance')] [string] $Type, - [Parameter()] + [Parameter(ParameterSetName = 'All')] [string] $Name, - [Parameter()] + [Parameter(Mandatory, ParameterSetName = 'Filter')] [System.Collections.ArrayList] $Filter, - [parameter()] + [Parameter(ParameterSetName = 'All')] + [Parameter(ParameterSetName = 'Filter')] [psobject[]] $Order, + [parameter(Mandatory, ParameterSetName = 'SavedSearch')] + [string] $SavedSearchName, + [Parameter()] [int] $First, @@ -105,12 +109,6 @@ function Find-VcObject { Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' - $queryParams = @{ - Filter = $Filter - Order = $Order - First = $First - } - $objectData = @{ 'Certificate' = @{ 'uriroot' = 'outagedetection/v1' @@ -171,16 +169,34 @@ function Find-VcObject { } } + $queryParams = @{ + Filter = $Filter + Order = $Order + First = $First + } + if ($Name) { - $queryParams.Filter = @($objectData.$Type.name, 'find', $Name) + $queryParams.Filter = @($objectData.$Type.name, 'FIND', $Name) } $body = New-VcSearchQuery @queryParams + if ( $PSBoundParameters.ContainsKey('SavedSearchName') ) { + # get saved search data and update payload + $thisSavedSearch = Invoke-VenafiRestMethod -UriRoot 'outagedetection/v1' -UriLeaf 'savedsearches' | Select-Object -ExpandProperty savedSearchInfo | Where-Object { $_.name -eq $SavedSearchName } + if ( $thisSavedSearch ) { + $body.expression = $thisSavedSearch.searchDetails.expression + $body.ordering = $thisSavedSearch.searchDetails.ordering + } + else { + throw "The saved search name $SavedSearchName could not be found" + } + } + $params = @{ - Method = 'Post' - Body = $body - Header = @{'Accept' = 'application/json' } + Method = 'Post' + Body = $body + Header = @{'Accept' = 'application/json' } } $params.UriRoot = $objectData.$Type.uriroot diff --git a/VenafiPS/Private/New-VcSearchQuery.ps1 b/VenafiPS/Private/New-VcSearchQuery.ps1 index 9bfcf5c4..c7f12b4e 100644 --- a/VenafiPS/Private/New-VcSearchQuery.ps1 +++ b/VenafiPS/Private/New-VcSearchQuery.ps1 @@ -145,8 +145,9 @@ function New-VcSearchQuery { if ( $Order ) { $query.ordering.Add('orders', @()) - @($Order) | ForEach-Object { - $thisOrder = $_ + # @($Order) | ForEach-Object { + foreach ($thisOrder in $Order) { + # $thisOrder = $_ switch ($thisOrder.GetType().Name) { 'String' { $thisOrderCased = $vaasFields | Where-Object { $_.ToLower() -eq $thisOrder.ToLower() } @@ -158,18 +159,15 @@ function New-VcSearchQuery { } 'HashTable' { - $thisOrder.GetEnumerator() | ForEach-Object { - - if ( $_.Value -notin 'asc', 'desc' ) { - throw ('Invalid order direction, {0}. Provide either ''asc'' or ''desc''' -f $_.Value) - } + if ( $thisOrder.Values[0] -notin 'asc', 'desc' ) { + throw ('Invalid order direction, {0}. Provide either ''asc'' or ''desc''' -f $thisOrder.Values[0]) + } - $thisOrderCased = $vaasFields | Where-Object { $_.ToLower() -eq $_.Key.ToLower() } + $thisOrderCased = $vaasFields | Where-Object { $_.ToLower() -eq $thisOrder.Keys[0].ToLower() } - $query.ordering.orders += @{ - 'field' = if ($thisOrderCased) { $thisOrderCased } else { $_.Key } - 'direction' = $_.Value.ToUpper() - } + $query.ordering.orders += @{ + 'field' = if ($thisOrderCased) { $thisOrderCased } else { $thisOrder.Keys[0] } + 'direction' = $thisOrder.Values[0].ToUpper() } } diff --git a/VenafiPS/Public/Find-VcCertificate.ps1 b/VenafiPS/Public/Find-VcCertificate.ps1 index cb68e9a4..c03245de 100644 --- a/VenafiPS/Public/Find-VcCertificate.ps1 +++ b/VenafiPS/Public/Find-VcCertificate.ps1 @@ -5,7 +5,6 @@ function Find-VcCertificate { .DESCRIPTION Find certificates based on various attributes. - If -First not provided, the default return is 1000 records. .PARAMETER Filter Array or multidimensional array of fields and values to filter on. @@ -47,24 +46,24 @@ function Find-VcCertificate { Find first 1000 certificates .EXAMPLE - Find-VcCertificate | Get-VcCertificate + Find-VcCertificate -First 500 - Get detailed certificate info + Find the first 500 certificates .EXAMPLE - Find-VcCertificate -First 500 + Find-VcCertificate -Name 'mycert.company.com' - Find the first 500 certificates + Find certificates matching all of part of the name .EXAMPLE Find-VcCertificate -Filter @('fingerprint', 'EQ', '075C43428E70BCF941039F54B8ED78DE4FACA87F') - Find TLSPC certificates matching a single value + Find certificates matching a single value .EXAMPLE Find-VcCertificate -Filter ('and', @('validityEnd','GTE',(get-date)), @('validityEnd','LTE',(get-date).AddDays(30))) - Find TLSPC certificates matching multiple values. In this case, find all certificates expiring in the next 30 days. + Find certificates matching multiple values. In this case, find all certificates expiring in the next 30 days. .EXAMPLE Find-VcCertificate -Filter ('and', @('validityEnd','GTE',(get-date)), @('validityEnd','LTE',(get-date).AddDays(30))) | Invoke-VcCertificateAction -Renew @@ -72,9 +71,15 @@ function Find-VcCertificate { Find all certificates expiring in the next 30 days and renew them .EXAMPLE - Find-VcCertificate -IncludeVaasOwner + Find-VcCertificate -ApplicatonDetail - Include user/team owner information. + Include application details, not just the ID. + This will make additional api calls and will increase the response time. + + .EXAMPLE + Find-VcCertificate -OwnerDetail + + Include user/team owner details, not just the ID. This will make additional api calls and will increase the response time. .LINK @@ -82,21 +87,28 @@ function Find-VcCertificate { #> - [CmdletBinding(DefaultParameterSetName = 'TLSPC')] + [CmdletBinding(DefaultParameterSetName = 'All')] param ( - [Parameter(ParameterSetName = 'TLSPC')] + [Parameter(Mandatory, ParameterSetName = 'Filter')] [System.Collections.ArrayList] $Filter, - [parameter(ParameterSetName = 'TLSPC')] + [Parameter(ParameterSetName = 'All')] + [Parameter(ParameterSetName = 'Filter')] [psobject[]] $Order, - [parameter(Mandatory, ParameterSetName = 'VaasSavedSearch')] + [Parameter(ParameterSetName = 'All')] + [string] $Name, + + [parameter(Mandatory, ParameterSetName = 'SavedSearch')] [string] $SavedSearchName, [Parameter()] - [switch] $IncludeVaasOwner, + [switch] $ApplicationDetail, + + [Parameter()] + [switch] $OwnerDetail, [Parameter()] [int] $First, @@ -105,155 +117,118 @@ function Find-VcCertificate { [psobject] $VenafiSession ) - begin { - Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' + Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' - $toRetrieveCount = if ($PSBoundParameters.ContainsKey('First') ) { - $First - } - else { - 1000 # default to max page size allowed - } + $apps = [System.Collections.Generic.List[object]]::new() + $appOwners = [System.Collections.Generic.List[object]]::new() + + $params = @{ + Type = 'Certificate' + First = $First + } + + if ( $Order ) { $params.Order = $Order } - $queryParams = @{ - Filter = $Filter - Order = $Order - First = $toRetrieveCount + switch ($PSCmdlet.ParameterSetName) { + 'Filter' { + $params.Filter = $Filter } - $body = New-VcSearchQuery @queryParams + 'All' { + $newFilter = [System.Collections.ArrayList]@('AND') - if ( $PSBoundParameters.ContainsKey('SavedSearchName') ) { - # get saved search data and update payload - $thisSavedSearch = Invoke-VenafiRestMethod -UriRoot 'outagedetection/v1' -UriLeaf 'savedsearches' | Select-Object -ExpandProperty savedSearchInfo | Where-Object { $_.name -eq $SavedSearchName } - if ( $thisSavedSearch ) { - $body.expression = $thisSavedSearch.searchDetails.expression - $body.ordering = $thisSavedSearch.searchDetails.ordering + switch ($PSBoundParameters.Keys) { + 'Name' { $null = $newFilter.Add(@('certificateName', 'FIND', $Name)) } + 'Status' { $null = $newFilter.Add(@('certificateStatus', 'EQ', $Status.ToUpper())) } } - else { - throw "The saved search name $SavedSearchName does not exist" - } - } - $params = @{ - Method = 'Post' - UriRoot = 'outagedetection/v1' - UriLeaf = 'certificatesearch?ownershipTree=true' - Body = $body - # ensure we get json back otherwise we might get csv - Header = @{'Accept' = 'application/json' } + if ( $newFilter.Count -gt 1 ) { $params.Filter = $newFilter } } - $apps = [System.Collections.Generic.List[object]]::new() - $appOwners = [System.Collections.Generic.List[object]]::new() - + 'SavedSearch' { + $params.SavedSearchName = $SavedSearchName + } } - process { - - do { - - $response = Invoke-VenafiRestMethod @params - $response.certificates | Select-Object @{ - 'n' = 'certificateId' - 'e' = { - $_.Id - } - }, - @{ - 'n' = 'application' - 'e' = { - foreach ($thisAppId in $_.applicationIds) { - $thisApp = $apps | Where-Object { $_.applicationId -eq $thisAppId } - if ( -not $thisApp ) { - $thisApp = $thisAppId | Get-VcApplication | Select-Object -Property * -ExcludeProperty ownerIdsAndTypes, ownership - $apps.Add($thisApp) - } - $thisApp + $response = Find-VcObject @params + + $response | Select-Object *, + @{ + 'n' = 'application' + 'e' = { + if ( $ApplicationDetail ) { + foreach ($thisAppId in $_.applicationIds) { + $thisApp = $apps | Where-Object { $_.applicationId -eq $thisAppId } + if ( -not $thisApp ) { + $thisApp = Get-VcApplication -ID $thisAppId | Select-Object -Property * -ExcludeProperty ownerIdsAndTypes, ownership + $apps.Add($thisApp) } + $thisApp } - }, - @{ - 'n' = 'owner' - 'e' = { - if ( $IncludeVaasOwner ) { - - # this scriptblock requires ?ownershipTree=true be part of the url - foreach ( $thisOwner in $_.ownership.owningContainers.owningUsers ) { - $thisOwnerDetail = $appOwners | Where-Object { $_.id -eq $thisOwner } - if ( -not $thisOwnerDetail ) { - $thisOwnerDetail = Get-VcIdentity -ID $thisOwner | Select-Object firstName, lastName, emailAddress, - @{ - 'n' = 'status' - 'e' = { $_.userStatus } - }, - @{ - 'n' = 'role' - 'e' = { $_.systemRoles } - }, - @{ - 'n' = 'type' - 'e' = { 'USER' } - }, - @{ - 'n' = 'userId' - 'e' = { $_.id } - } - - $appOwners.Add($thisOwnerDetail) - - } - $thisOwnerDetail + } + else { + $_.applicationIds + } + } + }, + @{ + 'n' = 'owner' + 'e' = { + if ( $OwnerDetail ) { + + # this scriptblock requires ?ownershipTree=true be part of the url + foreach ( $thisOwner in $_.ownership.owningContainers.owningUsers ) { + $thisOwnerDetail = $appOwners | Where-Object { $_.id -eq $thisOwner } + if ( -not $thisOwnerDetail ) { + $thisOwnerDetail = Get-VcIdentity -ID $thisOwner | Select-Object firstName, lastName, emailAddress, + @{ + 'n' = 'status' + 'e' = { $_.userStatus } + }, + @{ + 'n' = 'role' + 'e' = { $_.systemRoles } + }, + @{ + 'n' = 'type' + 'e' = { 'USER' } + }, + @{ + 'n' = 'userId' + 'e' = { $_.id } } - foreach ($thisOwner in $_.ownership.owningContainers.owningTeams) { - $thisOwnerDetail = $appOwners | Where-Object { $_.id -eq $thisOwner } - if ( -not $thisOwnerDetail ) { - $thisOwnerDetail = Get-VcTeam -ID $thisOwner | Select-Object name, role, members, - @{ - 'n' = 'type' - 'e' = { 'TEAM' } - }, - @{ - 'n' = 'teamId' - 'e' = { $_.id } - } - - $appOwners.Add($thisOwnerDetail) - } - $thisOwnerDetail - } - } - else { - $_.ownership.owningContainers | Select-Object owningUsers, owningTeams + $appOwners.Add($thisOwnerDetail) + } + $thisOwnerDetail } - }, - @{ - 'n' = 'instance' - 'e' = { $_.instances } - }, - * -ExcludeProperty Id, applicationIds, instances, totalInstanceCount, ownership - $body.paging.pageNumber += 1 - - # if ( -not $PSCmdlet.PagingParameters.IncludeTotalCount ) { - $toRetrieveCount -= $response.'count' + foreach ($thisOwner in $_.ownership.owningContainers.owningTeams) { + $thisOwnerDetail = $appOwners | Where-Object { $_.id -eq $thisOwner } + if ( -not $thisOwnerDetail ) { + $thisOwnerDetail = Get-VcTeam -ID $thisOwner | Select-Object name, role, members, + @{ + 'n' = 'type' + 'e' = { 'TEAM' } + }, + @{ + 'n' = 'teamId' + 'e' = { $_.id } + } - if ( $toRetrieveCount -le 0 ) { - break + $appOwners.Add($thisOwnerDetail) + } + $thisOwnerDetail + } } - - if ( $toRetrieveCount -lt $body.paging.pageSize ) { - # if what's left to retrieve is less than the page size - # adjust to just retrieve the remaining amount - $body.paging.pageSize = $toRetrieveCount + else { + $_.ownership.owningContainers | Select-Object owningUsers, owningTeams } - # } - - } until ( - $response.'count' -eq 0 -or $response.'count' -lt $body.paging.pageSize - ) - - } + } + }, + @{ + 'n' = 'instance' + 'e' = { $_.instances } + } -ExcludeProperty applicationIds, instances, totalInstanceCount, ownership } \ No newline at end of file diff --git a/VenafiPS/Public/Find-VcCertificateInstance.ps1 b/VenafiPS/Public/Find-VcCertificateInstance.ps1 index b1fa2b63..463f2638 100644 --- a/VenafiPS/Public/Find-VcCertificateInstance.ps1 +++ b/VenafiPS/Public/Find-VcCertificateInstance.ps1 @@ -72,14 +72,17 @@ function Find-VcCertificateInstance { [psobject] $VenafiSession ) + Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' + $params = @{ Type = 'CertificateInstance' First = $First } + if ( $Order ) { $params.Order = $Order } + if ( $PSCmdlet.ParameterSetName -eq 'Filter' ) { $params.Filter = $Filter - if ( $Order ) { $params.Order = $Order } } else { $newFilter = [System.Collections.ArrayList]@('AND') diff --git a/VenafiPS/Public/Find-VcCertificateRequest.ps1 b/VenafiPS/Public/Find-VcCertificateRequest.ps1 index 58d6eda9..6d60cefb 100644 --- a/VenafiPS/Public/Find-VcCertificateRequest.ps1 +++ b/VenafiPS/Public/Find-VcCertificateRequest.ps1 @@ -59,14 +59,17 @@ function Find-VcCertificateRequest { [psobject] $VenafiSession ) + Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' + $params = @{ Type = 'CertificateRequest' First = $First } + if ( $Order ) { $params.Order = $Order } + if ( $PSCmdlet.ParameterSetName -eq 'Filter' ) { $params.Filter = $Filter - if ( $Order ) { $params.Order = $Order } } else { $newFilter = [System.Collections.ArrayList]@('AND') diff --git a/VenafiPS/Public/Find-VcLog.ps1 b/VenafiPS/Public/Find-VcLog.ps1 index 0f336175..ccb48374 100644 --- a/VenafiPS/Public/Find-VcLog.ps1 +++ b/VenafiPS/Public/Find-VcLog.ps1 @@ -108,14 +108,17 @@ function Find-VcLog { [psobject] $VenafiSession ) + Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' + $params = @{ Type = 'ActivityLog' First = $First } + if ( $Order ) { $params.Order = $Order } + if ( $PSCmdlet.ParameterSetName -eq 'Filter' ) { $params.Filter = $Filter - if ( $Order ) { $params.Order = $Order } } else { $newFilter = [System.Collections.ArrayList]@('AND') diff --git a/VenafiPS/Public/Find-VcMachine.ps1 b/VenafiPS/Public/Find-VcMachine.ps1 index 8d6cdc40..cc6895b7 100644 --- a/VenafiPS/Public/Find-VcMachine.ps1 +++ b/VenafiPS/Public/Find-VcMachine.ps1 @@ -45,7 +45,7 @@ function Find-VcMachine { [Parameter(Mandatory, ParameterSetName = 'Filter')] [System.Collections.ArrayList] $Filter, - [parameter()] + [Parameter()] [psobject[]] $Order, [Parameter(ParameterSetName = 'All')] @@ -65,14 +65,17 @@ function Find-VcMachine { [psobject] $VenafiSession ) + Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' + $params = @{ Type = 'Machine' First = $First } + if ( $Order ) { $params.Order = $Order } + if ( $PSCmdlet.ParameterSetName -eq 'Filter' ) { $params.Filter = $Filter - if ( $Order ) { $params.Order = $Order } } else { $newFilter = [System.Collections.ArrayList]@('AND') diff --git a/VenafiPS/Public/Find-VcMachineIdentity.ps1 b/VenafiPS/Public/Find-VcMachineIdentity.ps1 index 3ec74e0c..d36b4ebf 100644 --- a/VenafiPS/Public/Find-VcMachineIdentity.ps1 +++ b/VenafiPS/Public/Find-VcMachineIdentity.ps1 @@ -53,14 +53,17 @@ function Find-VcMachineIdentity { [psobject] $VenafiSession ) + Test-VenafiSession -VenafiSession $VenafiSession -Platform 'VC' + $params = @{ Type = 'MachineIdentity' First = $First } + if ( $Order ) { $params.Order = $Order } + if ( $PSCmdlet.ParameterSetName -eq 'Filter' ) { $params.Filter = $Filter - if ( $Order ) { $params.Order = $Order } } else { $newFilter = [System.Collections.ArrayList]@('AND')