SecretManagement.KeePass.Extension/Public/Test-SecretVault.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
function Test-SecretVault { [CmdletBinding()] param ( [Parameter(ValueFromPipelineByPropertyName,Mandatory)] [Alias('Vault')][Alias('Name')][string]$VaultName, #This intelligent default is here because if you call test-secretvault from other commands it doesn't populate like it does when called from SecretManagement [Parameter(ValueFromPipelineByPropertyName)] [Alias('VaultParameters')][hashtable]$AdditionalParameters = (get-secretvault $VaultName).VaultParameters ) if ($AdditionalParameters.Verbose) {$VerbosePreference = 'continue'} Write-PSFMessage -Level Verbose "SecretManagement: Testing Vault ${VaultName}" #TODO: Hash vault parameter settings and reset vault state if they change. May be a bug if user changes vault parameters in same session #Test if connection already open, no need to do further testing if so try { $DBConnection = (Get-Variable -Name "Vault_$VaultName" -Scope Script -ErrorAction Stop).Value if (-not $DBConnection.isOpen) { Write-PSFMessage -Level Error 'Connection closed, starting a new connection' return $false } if (Test-DBChanged $DBConnection) { $dbConnection.close() Write-PSFMessage -Level Error 'Database file on disk has changed, starting a new connection' return $false } Write-PSFMessage -Level Verbose "Vault ${VaultName}: Connection already open, using existing connection" return $dbConnection.isOpen } catch { Write-PSFMessage -Level Verbose "${VaultName}: $PSItem" } #Basic Sanity Checks if (-not $VaultName) { Write-PSFMessage -Level Error 'Keepass: You must specify a Vault Name to test' return $false } if (-not $AdditionalParameters.Path) { #TODO: Create a default vault if path isn't supplied #TODO: Add ThrowUser to throw outside of module scope Write-PSFMessage -Level Error 'You must specify the Path vault parameter as a path to your KeePass Database' return $false } if (-not (Test-Path $AdditionalParameters.Path)) { Write-PSFMessage -Level Error "Could not find the keepass database $($AdditionalParameters.Path). Please verify the file exists or re-register the vault" return $false } #3 Scenarios Supported: Master PW, Keyfile, PW + Keyfile $ConnectKPDBParams = @{ Path = $AdditionalParameters.Path KeyPath = $AdditionalParameters.KeyPath UseWindowsAccount = $AdditionalParameters.UseWindowsAccount UseMasterPassword = $AdditionalParameters.UseMasterPassword } [SecureString]$vaultMasterPassword = Get-Variable -Name "Vault_${VaultName}_MasterPassword" -ValueOnly -ErrorAction SilentlyContinue if ($vaultMasterPassword) { Write-PSFMessage -Level Verbose "Cached Master Password Found for $VaultName" $ConnectKPDBParams.MasterPassword = $vaultMasterPassword } try { $DBConnection = Connect-KeePassDatabase @ConnectKPDBParams } catch { Write-PSFMessage -Level Error $PSItem } if ($DBConnection.IsOpen) { Set-Variable -Name "Vault_$VaultName" -Scope Script -Value $DBConnection return $DBConnection.IsOpen } #If we get this far something went wrong Write-PSFMessage -Level Error "Unable to open connection to the database" return $false # if (-not $AdditionalParameters.Keypath -or $AdditionalParameters.UseMasterKey) { # } # if (-not (Get-KeePassDatabaseConfiguration -DatabaseProfileName $VaultName)) { # New-KeePassDatabaseConfiguration @KeePassDBConfigParams # Write-PSFMessage -Level Verbose "Vault ${VaultName}: A PoshKeePass database configuration was not found but was created." # return $true # } # try { # Get-KeePassEntry -DatabaseProfileName $VaultName -MasterKey $VaultMasterKey -Title '__SECRETMANAGEMENT__TESTSECRET_SHOULDNOTEXIST' -ErrorAction Stop # } catch { # Clear-Variable -Name "Vault_$VaultName" -Scope Script -ErrorAction SilentlyContinue # throw $PSItem # } } |