functions/secrets/Set-SecretField.ps1
|
function Set-SecretField { <# .SYNOPSIS Set value for a Secret Field .DESCRIPTION Set value for a Secret Field .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssSecretField -TssSession $session Id 42 -Slug notes -Value "Test test test" Set Notes field on Secret 42 to the value "Test test test" .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssSecretField -TssSession $session -Id 93 -Slug Machine -Value "server2" Sets secret 93's field, "Machine", to "server2" .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssSecretField -TssSession $session -Id 1455 -Slug Notes -Value "to be decommissioned" -Comment "updating notes field" Sets secret 1455's field, "Notes", to the provided value providing required comment .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssSecretField -TssSession $session -Id 113 -Slug Notes -Clear Sets secret 1455's field, "Notes", to an empty value .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssSecretField -TssSession $session -Id 42 -Slug attached-file -Path c:\files\attachment.txt Sets the attached-file field on Secret 42 to the attachment.txt (uploads the file to Secret Server) .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred $content = Get-Content c:\files\attachment.txt Set-TssSecretField -TssSession $session -Id 42 -Slug attached-file -Value $content -Filename 'attachment.txt' Sets the attached-file field on Secret 42 to the contents of the attachment.txt file, providing the appropriate filename desired .LINK https://thycotic-ps.github.io/thycotic.secretserver/commands/secrets/Set-TssSecretField .LINK https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secrets/Set-SecretField.ps1 .NOTES Requires TssSession object returned by New-TssSession #> [cmdletbinding(SupportsShouldProcess, DefaultParameterSetName = 'default')] param( # TssSession object created by New-TssSession for auth [Parameter(Mandatory, ValueFromPipeline, Position = 0)] [TssSession] $TssSession, # Folder Id to modify [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Alias('SecretId')] [int[]] $Id, # Field name (slug) of the secret [Parameter(Mandatory)] [Alias('Field')] [string] $Slug, # Value to set for the provided field [Parameter(ParameterSetName = 'reg')] [Parameter(ParameterSetName = 'raw')] $Value, # Clear/blank out the field value [Parameter(ParameterSetName = 'reg')] [switch] $Clear, # Filename to assign file contents provided from Value param to the field [Parameter(ParameterSetName = 'raw')] [string] $Filename, # Path of file to attach to field [Parameter(ParameterSetName = 'io')] [ValidateScript( { if (Test-Path $_ -PathType Container) { throw "Path [$_] is a directory, provide full file path" } else { $true } })] $Path, # Comment to provide for restricted secret (Require Comment is enabled) [Parameter(ParameterSetName = 'restricted')] [string] $Comment, # Force check-in of the Secret [Parameter(ParameterSetName = 'restricted')] [switch] $ForceCheckIn, # Associated Ticket Number [Parameter(ParameterSetName = 'restricted')] [int] $TicketNumber, # Associated Ticket System ID [Parameter(ParameterSetName = 'restricted')] [int] $TicketSystemId ) begin { $setParams = $PSBoundParameters $invokeParams = . $GetInvokeTssParams $TssSession $restrictedParamSet = . $ParameterSetParams $PSCmdlet.MyInvocation.MyCommand.Name 'restricted' $restrictedParams = @() foreach ($r in $restrictedParamSet) { if ($setParams.ContainsKey($r)) { $restrictedParams += $r } } } process { Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" if ($setParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation if ($setParams.ContainsKey('Clear') -and $setParams.ContainsKey('Value')) { Write-Warning 'Clear and Value provided, only one is supported' return } if ($setParams.ContainsKey('Filename') -and $setParams.ContainsKey('Path')) { Write-Warning 'Filename and Path provided, only one is supported' return } if ($setParams.ContainsKey('Filename') -and -not $setParams.ContainsKey('Value')) { Write-Warning 'Value must be provided when using Filename' return } foreach ($secret in $Id) { $fieldBody = @{} if ($setParams.ContainsKey('Clear')) { $fieldBody.Add('value', '') } if ($setParams.ContainsKey('Value') -and -not $setParams.ContainsKey('Filename')) { $fieldBody.Add('value', $Value) } if ($setParams.ContainsKey('Path')) { $pathFilename = Split-Path $Path -Leaf $fieldBody.Add('fileName', $pathFilename) $fileBinary = [IO.File]::ReadAllBytes($Path) $fieldBody.Add('fileAttachment', $fileBinary) } if ($setParams.ContainsKey('Filename') -and $setParams.ContainsKey('Value')) { $fieldBody.Add('fileName', $Filename) if ($Value -is [System.String]) { $fileBinary = [System.Text.Encoding]::UTF8.GetBytes($Value) $fieldBody.Add('fileAttachment', $fileBinary) } else { $fieldBody.Add('fileAttachment', $Value) } } if ($restrictedParams.Count -gt 0) { switch ($setParams.Keys) { 'Comment' { $fieldBody.Add('comment', $Comment) } 'ForceCheckIn' { $fieldBody.Add('forceCheckIn', [boolean]$ForceCheckIn) } 'TicketNumber' { $fieldBody.Add('ticketNumber', $TicketNumber) } 'TicketSystemId' { $fieldBody.Add('ticketSystemId', $TicketSystemId) } } } $uri = $TssSession.ApiUrl, 'secrets', $secret, 'fields', $Slug -join '/' $invokeParams.Uri = $uri $invokeParams.Method = 'PUT' $invokeParams.Body = $fieldBody | ConvertTo-Json -Depth 5 if ($PSCmdlet.ShouldProcess("SecretId: $secret", "$($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n")) { Write-Verbose "$($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n" try { $fieldResponse = . $InvokeApi @invokeParams } catch { Write-Warning "Issue setting field [$Slug] on secret [$secret]" $err = $_ . $ErrorHandling $err } if ($fieldResponse -eq $Value) { Write-Verbose "Secret [$secret] field $Slug updated successfully" } elseif ($setParams.ContainsKey('Clear') -and ($null -eq $fieldResponse)) { Write-Verbose "Secret [$secret] field $Slug cleared successfully" } else { Write-Verbose "Response for secret [$secret]: $fieldResponse" } } } } else { Write-Warning 'No valid session found' } } } |