functions/configurations/Set-TssConfigurationGeneral.ps1
|
function Set-TssConfigurationGeneral { <# .SYNOPSIS Set general configuration .DESCRIPTION Set general configuration .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssConfigurationGeneral -TssSession $session -EnablePersonalFolders:$false Disable Personal Folders .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssConfigurationGeneral -TssSession $session -TimeZone (Get-TimeZone).Id Set Secret Server Time Zone to the current user's Windows' default TimeZone. .LINK https://thycotic-ps.github.io/thycotic.secretserver/commands/configurations/Set-TssConfigurationGeneral .LINK https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/configurations/Set-TssConfigurationGeneral.ps1 .NOTES Requires TssSession object returned by New-TssSession #> [cmdletbinding(SupportsShouldProcess, DefaultParameterSetName = 'all')] param( # TssSession object created by New-TssSession for authentication [Parameter(Mandatory,ValueFromPipeline,Position = 0)] [Thycotic.PowerShell.Authentication.Session] $TssSession, # Enable Personal Folders [Parameter(ParameterSetName = 'folders')] [switch] $EnablePersonalFolders, # Personal Folder Name [Parameter(ParameterSetName = 'folders')] [switch] $PersonalFolderName, # Personal Folder Name Format (DisplayName, UsernameAndDomain) [Parameter(ParameterSetName = 'folders')] [Thycotic.PowerShell.Enums.PersonalFolderNameOption] $PersonalFolderFormat, # Personal Folder warning message [Parameter(ParameterSetName = 'folders')] [string] $PersonalFolderWarning, # Personal Folder Require View Permission [Parameter(ParameterSetName = 'folders')] [switch] $PersonalFolderRequireView, # Show Personal Folder warning message [Parameter(ParameterSetName = 'folders')] [switch] $PersonalFolderEnableWarning, # Allow duplicate secret names [Parameter(ParameterSetName = 'permissions')] [switch] $AllowDuplicationSecretName, # Allow View Rights on Secret to read Next Password for RPC [Parameter(ParameterSetName = 'permissions')] [switch] $AllowViewNextPassword, # Default permissions to apply when Secret is created (InheritsPermissions, CopyFromFolder, OnlyAllowCreator) [Parameter(ParameterSetName = 'permissions')] [Thycotic.PowerShell.Enums.SecretPermissionType] $DefaultSecretPermission, # Allow approval for access from email [Parameter(ParameterSetName = 'permissions')] [switch] $EnableApprovalFromEmail, # Force Secret approval type (RequireApprovalForEditors, RequireApprovalForOwnersAndEditors) [Parameter(ParameterSetName = 'permissions')] [Thycotic.PowerShell.Enums.SecretApprovalType] $ApprovalType, # Default language for all users (English, French, German, Japanese, Korean, Portuguese) [Parameter(ParameterSetName = 'userexperience')] [Thycotic.PowerShell.Enums.ApplicationLanguage] $ApplicationLanguage, # Default date format (tab through to see validate set options) [Parameter(ParameterSetName = 'userexperience')] [ValidateSet('dd/MM/yyyy','yyyy. MM. dd.','dd.MM.yy','d/MM/yyyy','d.M.yyyy', 'yyyy/M/d','dd.MM.yyyy','yyyy.MM.dd.','d.MM.yyyy','dd/MM/yy','d-M-yyyy', 'yy.MM.dd','M/d/yyyy','yyyy-MM-dd','yyyy/MM/dd','d. M. yyyy','dd/MM yyyy', 'yyyy.MM.dd','dd-MM-yy','MM/dd/yyyy','dd-MM-yyyy','d/M/yyyy')] [string] $DateFormat, # Default Role ID assigned to new Users [Parameter(ParameterSetName = 'userexperience')] [int] $DefaultRoleId, # Default time format (tab through to see validate set options) [Parameter(ParameterSetName = 'userexperience')] [ValidateSet('tt h:mm','h:mm:ss tt','H.mm','HH:mm','hh:mm:ss tt','H:mm', 'HH:mm:ss','hh:mm tt','h:mm.tt','tt hh:mm','H:mm:ss','h:mm tt','HH.mm')] [string] $TimeFormat, # Force Inactivity Timeout [Parameter(ParameterSetName = 'userexperience')] [switch] $ForceInactivityTimeout, # Inactivity Timeout in Minutes [Parameter(ParameterSetName = 'userexperience')] [ValidateRange(1,1440)] [int] $InactivityTimeout, # Require folder for Secrets [Parameter(ParameterSetName = 'userexperience')] [switch] $RequireFolderForSecret, # Restrict all recent Passwords on a Secret from being reused [Parameter(ParameterSetName = 'userexperience')] [switch] $PasswordHistoryAll, # Number of recent passwords on a Secret that cannot be reused [Parameter(ParameterSetName = 'userexperience')] [int] $PasswordHistory, # Number of minutes a Secret can be viewed after entering a comment (without being reprompted) [Parameter(ParameterSetName = 'userexperience')] [ValidateRange(1,1440)] [int] $SecretViewInterval, # Set Secret Servers default Time Zone (you can use Get-TimeZone -ListAvailable to see the possible IDs for your system) [Parameter(ParameterSetName = 'userexperience')] [string] $TimeZone ) begin { $setParams = $PSBoundParameters $invokeParams = . $GetInvokeApiParams $TssSession $folderParamSet = . $ParameterSetParams $PSCmdlet.MyInvocation.MyCommand.Name 'folders' $folderParams = @() foreach ($f in $folderParamSet) { if ($setParams.ContainsKey($f)) { $folderParams += $f } } $permParamSet = . $ParameterSetParams $PSCmdlet.MyInvocation.MyCommand.Name 'permissions' $permParams = @() foreach ($p in $permParamSet) { if ($setParams.ContainsKey($p)) { $permParams += $p } } $uxParamSet = . $ParameterSetParams $PSCmdlet.MyInvocation.MyCommand.Name 'userexperience' $uxParams = @() foreach ($ux in $uxParamSet) { if ($setParams.ContainsKey($ux)) { $uxParams += $ux } } } process { Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" if ($setParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { . $CheckVersion $TssSession '10.9.0000' $PSCmdlet.MyInvocation $uri = $TssSession.ApiUrl, 'configuration', 'general' -join '/' $invokeParams.Uri = $uri $invokeParams.Method = 'PATCH' $setBody = @{ data = @{} } if ($folderParams.Count -gt 0) { $folderSettings = @{} switch ($setParams.Keys) { 'EnablePersonalFolders' { $enablePersonal = @{ dirty = $true value = [boolean]$EnablePersonalFolders } $folderSettings.Add('enablePersonalFolders',$enablePersonal) } 'PersonalFolderName' { $personalName = @{ dirty = $true value = [boolean]$PersonalFolderName } $folderSettings.Add('personalFolderName',$personalName) } 'PersonalFolderFormat' { $personalFormat = @{ dirty = $true value = [string]$PersonalFolderFormat } $folderSettings.Add('PersonalFolderNameOption',$personalFormat) } 'PersonalFolderWarning' { $personalWarning = @{ dirty = $true value = $PersonalFolderWarning } $folderSettings.Add('personalFolderWarning',$personalWarning) } 'PersonalFolderRequireView' { $personalRequireView = @{ dirty = $true value = [boolean]$PersonalFolderRequireView } $folderSettings.Add('requireViewFolderPermission',$personalRequireView) } 'PersonalFolderEnableWarning' { $enableWarning = @{ dirty = $true value = [boolean]$PersonalFolderEnableWarning } $folderSettings.Add('showPersonalFolderWarning',$enableWarning) } } $setBody.data.Add('folders',$folderSettings) } if ($permParams.Count -gt 0) { $permSettings = @{} switch($setParams.Keys) { 'AllowDuplicationSecretName' { $allowDuplication = @{ dirty = $true value = [boolean]$AllowDuplicationSecretName } $permSettings.Add('allowDuplicationSecretName',$allowDuplication) } 'AllowViewNextPassword' { $allowViewNext = @{ dirty = $true value = [boolean]$AllowViewNextPassword } $permSettings.Add('allowViewUserToRetrieveAutoChangeNextPassword',$allowViewNext) } 'DefaultSecretPermission' { $defaultPermission = @{ dirty = $true value = [string]$DefaultSecretPermission } $permSettings.Add('defaultSecretPermissions',$defaultPermission) } 'EnableApprovalFromEmail' { $enableApproval = @{ dirty = $true value = [boolean]$EnableApprovalFromEmail } $permSettings.Add('enableApprovalFromEmail',$enableApproval) } 'ApprovalType' { $approvalType = @{ dirty = $true value = [string]$ApprovalType } $permSettings.Add('forceSecretApproval',$approvalType) } } $setBody.data.Add('permissionOptions',$permSettings) } if ($uxParams.Count -gt 0) { $uxSettings = @{} switch ($setParams.Keys) { 'ApplicationLanguage' { $defaultLanguage = @{ dirty = $true value = $ApplicationLanguage } $uxSettings.Add('applicationLanguage',$defaultLanguage) } 'DateFormat' { $dateOptionId = switch ($DateFormat) { 'dd/MM/yyyy' { 1 } 'yyyy. MM. dd.' { 2 } 'dd.MM.yy' { 3 } 'd/MM/yyyy' { 4 } 'd.M.yyyy' { 5 } 'yyyy/M/d' { 6 } 'dd.MM.yyyy' { 7 } 'yyyy.MM.dd.' { 8 } 'd.MM.yyyy' { 9 } 'dd/MM/yy' { 10 } 'd-M-yyyy' { 11 } 'yy.MM.dd' { 12 } 'M/d/yyyy' { 13 } 'yyyy-MM-dd' { 14 } 'yyyy/MM/dd' { 15 } 'd. M. yyyy' { 16 } 'dd/MM yyyy' { 17 } 'yyyy.MM.dd' { 18 } 'dd-MM-yy' { 19 } 'MM/dd/yyyy' { 20 } 'dd-MM-yyyy' { 21 } 'd/M/yyyy' { 22 } } $defaultDateFormat = @{ dirty = $true value = $dateOptionId } $uxSettings.Add('defaultDateFormat',$defaultDateFormat) } 'DefaultRoleId' { $defaultRole = @{ dirty = $true value = $DefaultRoleId } $uxSettings.Add('defaultNewUserRoleId',$defaultRole) } 'TimeFormat' { $timeOptionId = switch ($TimeFormat) { 'tt h:mm' { 1 } 'h:mm:ss tt' { 2 } 'H.mm' { 3 } 'HH:mm' { 4 } 'hh:mm:ss tt' { 5 } 'H:mm' { 6 } 'HH:mm:ss' { 7 } 'hh:mm tt' { 8 } 'h:mm.tt' { 9 } 'tt hh:mm' { 10 } 'H:mm:ss' { 11 } 'h:mm tt' { 12 } 'HH.mm' { 13 } } $defaultTime = @{ dirty = $true value = $timeOptionId } $uxSettings.Add('defaultTimeFormat',$defaultTime) } 'ForceInactivityTimeout' { $forceTimeout = @{ dirty = $true value = [boolean]$ForceInactivityTimeout } $uxSettings.Add('forceInactivityTimeout',$forceTimeout) } 'InactivityTimeout' { $forceTimeout = @{ dirty = $true value = $InactivityTimeout } $uxSettings.Add('forceInactivityTimeoutMinutes',$forceTimeout) # not sure why this property or argument exists but setting it the same just in case $uiTimeout = @{ dirty = $true value = $InactivityTimeout } $uxSettings.Add('uiInactivitySleepMinutes',$uiTimeout) } 'RequireFolderForSecret' { $requireFolder = @{ dirty = $true value = [boolean]$RequireFolderForSecret } $uxSettings.Add('requireFolderForSecret',$requireFolder) } 'PasswordHistoryAll' { $passwordHistory = @{ dirty = $true value = [boolean]$PasswordHistoryAll } $uxSettings.Add('secretPasswordHistoryRestrictionAll',$passwordHistory) } 'PasswordHistory' { $passwordHistoryCount = @{ dirty = $true value = $PasswordHistory } $uxSettings.Add('secretPasswordHistoryRestrictionCount',$passwordHistoryCount) } 'SecretViewInterval' { $viewInterval = @{ dirty = $true value = $SecretViewInterval } $uxSettings.Add('secretViewIntervalMinutes',$viewInterval) } 'TimeZone' { try { $validTimeZoneId = [System.TimeZoneInfo]::FindSystemTimeZoneById($TimeZone).Id } catch { Write-Warning "TimeZone provided [$TimeZone] is not found to be a valid TimeZone ID" return } $zone = @{ dirty = $true value = [string]$validTimeZoneId } $uxSettings.Add('serverTimeZoneId',$zone) } } $setBody.data.Add('userExperience',$uxSettings) } $invokeParams.Body = $setBody | ConvertTo-Json -Depth 100 if ($PSCmdlet.ShouldProcess("Configuration", "$($invokeParams.Method) $($invokeParams.Uri) with:`n$($invokeParams.Body)`n")) { Write-Verbose "Performing the operation $($invokeParams.Method) $($invokeParams.Uri) with:`n$($invokeParams.Body)`n" try { $apiResponse = Invoke-TssApi @invokeParams $restResponse = . $ProcessResponse $apiResponse } catch { Write-Warning "Issue setting configuration" $err = $_ . $ErrorHandling $err } } if ($restResponse) { Write-Verbose "Setting updated successfully" } } else { Write-Warning "No valid session found" } } } |