VaultServer

1.0.1

Public/Get-VaultAccessorLookup.ps1

                                <#

    .SYNOPSIS

        This function uses the Vault Server REST API to return a list of Vault Token Accessors and associated

        information. (This function differes from the Get-VaultTokenAccessors function in that it provides

        additional information besides a simple list of Accessors).

    .DESCRIPTION

        See .SYNOPSIS

    .NOTES

    .PARAMETER VaultServerBaseUri

        This parameter is MANDATORY.

        This parameter takes a string that represents a Uri referencing the location of the Vault Server

        on your network. Example: "https://vaultserver.zero.lab:8200/v1"

    .PARAMETER VaultAuthToken

        This parameter is MANDATORY.

        This parameter takes a string that represents a Token for a Vault User that has permission to

        lookup Token Accessors using the Vault Server REST API.

    .EXAMPLE

        # Open an elevated PowerShell Session, import the module, and -

        PS C:\Users\zeroadmin> Get-VaultAccessorLookup -VaultServerBaseUri "https://vaultserver.zero.lab:8200/v1" -VaultAuthToken '434f37ca-89ae-9073-8783-087c268fd46f'

#>

function Get-VaultAccessorLookup {

    [CmdletBinding()]

    Param(

        [Parameter(Mandatory=$True)]

        [string]$VaultServerBaseUri, # Should be something like "http://192.168.2.12:8200/v1"

        [Parameter(Mandatory=$True)]

        [string]$VaultAuthToken # Should be something like 'myroot' or '434f37ca-89ae-9073-8783-087c268fd46f'

    )

    if (!$PSVersionTable.Platform -or $PSVersionTable.Platform -eq "Win32NT") {

        [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"

    }

    # Make sure $VaultServerBaseUri is a valid Url

    try {

        $UriObject = [uri]$VaultServerBaseUri

    }

    catch {

        Write-Error $_

        $global:FunctionResult = "1"

        return

    }

    if (![bool]$($UriObject.Scheme -match "http")) {

        Write-Error "'$VaultServerBaseUri' does not appear to be a URL! Halting!"

        $global:FunctionResult = "1"

        return

    }

    try {

        $VaultAuthTokenAccessors = Get-VaultTokenAccessors -VaultServerBaseUri $VaultServerBaseUri -VaultAuthToken $VaultAuthToken -ErrorAction Stop

        if (!$VaultAuthTokenAccessors) {throw "The Get-VaultTokenAccessors function failed! Halting!"}

    }

    catch {

        Write-Error $_

        $global:FunctionResult = "1"

        return

    }

    foreach ($accessor in $VaultAuthTokenAccessors) {

        $jsonRequest = @"

{

    "accessor": "$accessor"

}

"@

        try {

            # Validate JSON

            $JsonRequestAsSingleLineString = $jsonRequest | ConvertFrom-Json -EA Stop | ConvertTo-Json -Compress -EA Stop

        }

        catch {

            Write-Error "There was a problem with the JSON! Halting!"

        }

        $IWRSplatParams = @{

            Uri         = "$VaultServerBaseUri/auth/token/lookup-accessor"

            Headers     = @{"X-Vault-Token" = "$VaultAuthToken"}

            Body        = $JsonRequestAsSingleLineString

            Method      = "Post"

        }

        $(Invoke-RestMethod @IWRSplatParams).data

    }

}