SecretManagement.PleasantPasswordServer.Extension/Public/Set-Secret.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
function Set-Secret
{
    param (

        [Parameter(Mandatory)]
        [string]
        $Name,

        [Parameter(Mandatory)]
        [object]
        $Secret,

        [Parameter(Mandatory)]
        [string]
        $VaultName,

        [Parameter()]
        [hashtable]
        $Metadata,

        [Parameter(Mandatory)]
        [hashtable]
        $AdditionalParameters
    )

    trap
    {
        Write-VaultError -ErrorRecord $_
    }

    $Token = Invoke-LoginToPleasant -AdditionalParameters $AdditionalParameters
    $headers = @{
        "Accept"        = "application/json"
        "Authorization" = "$Token"
    }

    $PasswordServerURL = [string]::Concat($AdditionalParameters.ServerURL, ":", $AdditionalParameters.Port)

    if($Metadata.FolderName -eq "Root")
    {
        $splat = @{
            Uri = "$PasswordServerURL/api/v5/rest/folders/root"
            Headers = $headers
            ContentType = 'application/json'
        }
        $FolderID = Invoke-RestMethod @splat
    }
    else
    {
        $Params = @{
            Method      = 'GET'
            Uri         = "$PasswordServerURL/api/v5/rest/folders/"
            Headers     = $headers
            ContentType = 'application/json'
        }

        $AllFolders = Invoke-RestMethod @Params
        $PPSStructure = Get-Children -Folder $AllFolders

        if($Metadata.FolderName.Split('/').Count -gt 2)
        {
            $Split = $Metadata.FolderName.Split('/')
            $Path1 = $Split[$Split.Length-2]
            $Path2 = $Split[$Split.Length-1]
            $FullPath = [string]::Concat($Path1, "/", $Path2)
        }
        else
        {
            $FullPath = $Metadata.FolderName
        }

        $FolderID = $PPSStructure | Where-Object {$_.Folder -eq $FullPath} | Select-Object -ExpandProperty FolderID
    }


    if ($Secret -is [System.Management.Automation.PSCredential])
    {
        $body_add = [ordered]@{
            "CustomUserFields"        = $Metadata.CustomUserFields
            "Tags"                    = $Metadata.Tags
            "Name"                    = $Name
            "UserName"                = $Secret.UserName
            "Password"                = $Secret.GetNetworkCredential().Password
            "Url"                     = $Metadata.Url
            "Notes"                   = $Metadata.Notes
            "GroupId"                 = $FolderID
            "Expires"                 = $Metadata.Expires
        }
    }

    if ($Secret -is [System.Security.SecureString])
    {
        $body_add = [ordered]@{
            "CustomUserFields"        = $Metadata.CustomUserFields
            "Tags"                    = $Metadata.Tags
            "Name"                    = $Name
            "UserName"                = ""
            "Password"                = ConvertFrom-SecureString -SecureString $Secret
            "Url"                     = $Metadata.Url
            "Notes"                   = $Metadata.Notes
            "GroupId"                 = $FolderID
            "Expires"                 = $Metadata.Expires
        }
    }

    if ($null -eq $body_add)
    {
        return $false
    }
    else
    {
        $splat = @{
            Uri             = "$PasswordServerURL/api/v5/rest/entries/"
            Method          = 'POST'
            Body            = (ConvertTo-Json $body_add)
            Headers         = $headers
            ContentType     = 'application/json'
            UseBasicParsing = $true
        }

        $Response = Invoke-WebRequest @splat

        if ($Response.StatusCode -eq 200)
        {
            return $true
        }
        else
        {
            return $false
        }
    }
}