Devolutions.Server

2021.5.0

Public/Vaults/Update-DSVault.ps1

                                function Update-DSVault {

    <#

        .SYNOPSIS

        Updates a vault.

        .DESCRIPTION

        Updates a vault using the supplied parameters. If name is present, it cannot be null nor empty. Backend does not verify password complexity, so use New-DSPassword to generate a strong password with house policy.

        .EXAMPLE

        $UpdatedVault = @{

                VaultID                = "36120922-539d-4550-8567-fc4f21d77352"

                Name                   = "Test"

                Description            = "Test"

                IsAllowedOffline       = $false

                Password               = 'Pa$$w0rd!'

                AllowedUsersList       = @("User1")

                AllowedRolesList       = @("Role1")

                AllowedApplicationList = @("App1")

            }

            Update-DSVault @NewVault -Verbose

    #>

    [CmdletBinding()]

    PARAM (

        [ValidateNotNullOrEmpty()]

        #Vault's ID to update

        [guid]$VaultID = $(throw "Vault ID is null or empty. Please provide a valid vault ID and try again."),

        #Vault's name

        [string]$Name,

        #Vault's master password. Backend does not verify password complexity, so you should use New-DSPassword and choose a password in the list

        [string]$Password,

        #Vault's description

        [string]$Description = "",

        #Specify if the vault is allowed to be used while offline

        [bool]$IsAllowedOffline = $true,

        #Accept an array of strings containing usernames (not id) to add to the vault

        [string[]]$AllowedUsernameList = @(),

        #Accept an array of strings containing application names (not app id) to add to the vault

        [string[]]$AllowedApplicationList = @(),

        #Accept an array of strings containing user group's name (not id) to add to the vault

        [string[]]$AllowedRolesList = @()

    )

    BEGIN {

        Write-Verbose "[Update-DSVault] Beginning..."

        if ([string]::IsNullOrWhiteSpace($Global:DSSessionToken)) {

            throw "Session invalid. Please call New-DSSession."

        }

    }

    PROCESS {

        try {

            if (!($res = Get-DSVault $VaultID).isSuccess) {

                throw "Vault could not be found. Make sure you are using a valid vault ID or try creating a new one instead (New-DSVault)."

            }

            $VaultCtx = $res.Body.data

            if ("Name" -in $PSBoundParameters.Keys) {

                if ([string]::IsNullOrWhiteSpace($Name)) {

                    throw "You cannot update the vault's name with a null or empty value. Please provide a valid name for the vault or remove the field."

                }

            }

            $NewVault = @{

                description            = $Description

                hasPasswordChanged     = if ($Password) { $true } else { $false }

                id                     = $VaultID

                idString               = $VaultID.ToString()

                image                  = ""

                imageBytes             = ""

                imageName              = ""

                isAllowedOffline       = if ("IsAllowedOffline" -in $PSBoundParameters.Keys) { 

                    $IsAllowedOffline 

                }

                else { 

                    if ("isAllowedOffline" -in $VaultCtx.PSObject.Properties.Name) { $false } else { $true }

                }

                isLocked               = $false

                isPrivate              = $false

                modifiedLoggedUserName = ""

                modifiedUserName       = ""

                name                   = $Name

                repositorySettings     = @{

                    quickAddEntries    = @()

                    masterPasswordHash = ""

                }

                selected               = $false

            }

            if (![string]::IsNullOrWhiteSpace($VaultCtx.repositorySettings.masterPasswordHash) -or (![string]::IsNullOrWhiteSpace($Password))) {

                if (![string]::IsNullOrWhiteSpace($VaultCtx.repositorySettings.masterPasswordHash) -and ([string]::IsNullOrWhiteSpace($Password))) {

                    $NewVault.repositorySettings.masterPasswordHash = $VaultCtx.repositorySettings.masterPasswordHash

                }

                else {

                    $EncryptedPassword = Protect-ResourceToHexString $Password

                    $NewVault += @{"password" = $EncryptedPassword }

                    $NewVault.repositorySettings.masterPasswordHash = ""

                }

                $NewVault += @{"passwordDisplayValue" = "●●●●●●" }

            }

            if ((0 -ne $AllowedUsernameList.Count) -and (!(Set-DSVaultUsers $VaultID $AllowedUsernameList -Update).isSuccess)) { Write-Warning "[New-DSVault] Users could not be added to vault." }

            if ((0 -ne $AllowedRolesList.Count) -and (!(Set-DSVaultRoles $VaultID $AllowedRolesList -Update).isSuccess)) { Write-Warning "[New-DSVault] Roles could not be added to vault." }

            if ((0 -ne $AllowedApplicationList.Count) -and (!(Set-DSVaultApplications $VaultID $AllowedApplicationList -Update).isSuccess)) { Write-Warning "[New-DSVault] Applications could not be added to vault." }

            $RequestParams = @{

                URI    = "$Script:DSBaseURI/api/security/repositories"

                Method = "PUT"

                Body   = ConvertTo-Json $NewVault

            }

            $res = Invoke-DS @RequestParams -Verbose

            return $res

        }

        catch {

            Write-Error $_.Exception.Message

        }

    }

    END {

        if ($res.isSuccess) {

            Write-Verbose "[Update-DSVault] Completed successfully!"

        }

        else {

            Write-Verbose "[Update-DSVault] Ended with errors..."

        }

    }

}