VaultServer

1.0.1

Public/Get-VaultTokenAccessors.ps1

                                <#

    .SYNOPSIS

        This function uses the Vault Server REST API to return a list of Vault Token Accessors.

    .DESCRIPTION

        See .SYNOPSIS

    .NOTES

    .PARAMETER VaultServerBaseUri

        This parameter is MANDATORY.

        This parameter takes a string that represents a Uri referencing the location of the Vault Server

        on your network. Example: "https://vaultserver.zero.lab:8200/v1"

    .PARAMETER VaultAuthToken

        This parameter is MANDATORY.

        This parameter takes a string that represents a Token for a Vault User that has permission to

        lookup Token Accessors using the Vault Server REST API.

    .EXAMPLE

        # Open an elevated PowerShell Session, import the module, and -

        PS C:\Users\zeroadmin> Get-VaultTokenAccessors -VaultServerBaseUri "https://vaultserver.zero.lab:8200/v1" -VaultAuthToken '434f37ca-89ae-9073-8783-087c268fd46f'

#>

function Get-VaultTokenAccessors {

    [CmdletBinding()]

    Param(

        [Parameter(Mandatory=$True)]

        [string]$VaultServerBaseUri, # Should be something like "http://192.168.2.12:8200/v1"

        [Parameter(Mandatory=$True)]

        [string]$VaultAuthToken # Should be something like 'myroot' or '434f37ca-89ae-9073-8783-087c268fd46f'

    )

    if ($PSVersionTable.Platform -eq "Unix" -or $PSVersionTable.OS -match "Darwin" -and $env:SudoPwdPrompt) {

        if (GetElevation) {

            Write-Error "You should not be running the VaultServer Module as root! Halting!"

            $global:FunctionResult = "1"

            return

        }

        RemoveMySudoPwd

        NewCronToAddSudoPwd

        $env:SudoPwdPrompt = $False

    }

    if (!$PSVersionTable.Platform -or $PSVersionTable.Platform -eq "Win32NT") {

        [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"

        if (!$(GetElevation)) {

            Write-Error "The $($MyInvocation.MyCommand.Name) function must be run from an elevated PowerShell session! Halting!"

            $global:FunctionResult = "1"

            return

        }

    }

    # Make sure $VaultServerBaseUri is a valid Url

    try {

        $UriObject = [uri]$VaultServerBaseUri

    }

    catch {

        Write-Error $_

        $global:FunctionResult = "1"

        return

    }

    if (![bool]$($UriObject.Scheme -match "http")) {

        Write-Error "'$VaultServerBaseUri' does not appear to be a URL! Halting!"

        $global:FunctionResult = "1"

        return

    }

    $IWRSplatParams = @{

        Uri         = "$VaultServerBaseUri/auth/token/accessors"

        Headers     = @{"X-Vault-Token" = "$VaultAuthToken"}

        Body        = @{"list" = "true"}

        Method      = "Get"

    }

    $(Invoke-RestMethod @IWRSplatParams).data.keys

}