functions/configurations/Set-TssConfigurationSecurity.ps1
|
function Set-TssConfigurationSecurity { <# .SYNOPSIS Set Security Configuration .DESCRIPTION Set Security Configuration .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssConfigurationSecurity -TssSession $session -ForceHttps Enable Force HTTPS .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssConfigurationSecurity -TssSession $session -ForceHttps:$false Disabling Force HTTPS .LINK https://thycotic-ps.github.io/thycotic.secretserver/commands/configurations/Set-TssConfigurationSecurity .LINK https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/configurations/Set-TssConfigurationSecurity.ps1 .NOTES Requires TssSession object returned by New-TssSession #> [cmdletbinding(SupportsShouldProcess)] param( # TssSession object created by New-TssSession for authentication [Parameter(Mandatory,ValueFromPipeline,Position = 0)] [Thycotic.PowerShell.Authentication.Session] $TssSession, # Apply TLS Certificate Chain Policy and Error Auditing [switch] $AuditTlsErrors, # Enable TLS Debugging and connection tracking [switch] $AuditTlsErrorsDebug, # Certificate chain policy options [string] $CertificatePolicyOption, # Client Certificate ID [string] $CertificateId, # Enable file restrictions [switch] $FileRestriction, # File extensions to restrict [string] $FileExtension, # Max file size in bytes [string] $FileMaxSize, # Max allowed by ASP.NET [switch] $FileMaxSizeSupported, # Enable frame blocking [switch] $FrameBlocking, # Enable FIPS compliance [switch] $Fips, # Enable Force HTTPS [switch] $ForceHttps, # Hide Version number [switch] $HideVersion, # Web Password Filler (WPF) requires full domain match [switch] $WpfRequireDomainMatch ) begin { $setParams = $PSBoundParameters $invokeParams = . $GetInvokeApiParams $TssSession } process { Get-TssInvocation $PSCmdlet.MyInvocation if ($setParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { Compare-TssVersion $TssSession '10.9.000064' $PSCmdlet.MyInvocation $uri = $TssSession.ApiUrl, 'configuration', 'security' -join '/' $invokeParams.Uri = $uri $invokeParams.Method = 'PATCH' $setBody = @{ data = @{ } } switch ($setParams.Keys) { 'AuditTlsErrors' { $auditTls = @{ dirty = $true value = [boolean]$AuditTls } $setBody.data.Add('auditTlsErrors',$auditTls) } 'AuditTlsErrorsDebug' { $auditTlsErrorDebug = @{ dirty = $true value = [boolean]$AuditTlsErrorsDebug } $setBody.data.Add('auditTlsErrorsDebug',$auditTlsErrorDebug) } 'CertificatePolicyOption' { $certOption = @{ dirty = $true value = $CertificatePolicyOption } $setBody.data.Add('certificateChainPolicyOptions',$certOption) } 'CertificateId' { $certId = @{ dirty = $true value = $CertificateId } $setBody.data.Add('clientCertificateIds',$certId) } 'FileRestriction' { $fileRestrict = @{ dirty = $true value = [boolean]$FileRestriction } $setBody.data.Add('enableFileRestrictions',$fileRestrict) if ($setParams.ContainsKey('FileExtension')) { $fileExt = @{ dirty = $true value = $FileExtension } $setBody.data.Add('fileExtensionRestrictions',$fileExt) } } 'FileMaxSize' { $maxFile = @{ dirty = $true value = $FileMaxSize } $setBody.data.Add('maximumFileSizeBytes',$maxFile) } 'FileMaxSizeSupported' { $maxSupported = @{ dirty = $true value = [boolean]$FileMaxSizeSupported } $setBody.data.Add('maximumFileSizeSupported',$maxSupported) } 'Fips' { $enableFips = @{ dirty = $true value = [boolean]$Fips } $setBody.data.Add('fipsEnabled',$enableFips) } 'ForceHttps' { $httpsEnforce = @{ dirty = $true value = [boolean]$ForceHttps } $setBody.data.Add('forceHttps',$httpsEnforce) } 'HideVersion' { $hideVer = @{ dirty = $true value = [boolean]$HideVersion } $setBody.data.Add('hideVersionNumber',$hideVer) } 'WpfRequireDomainMatch' { $wpfDomain = @{ dirty = $true value = [boolean]$WpfRequireDomainMatch } $setBody.data.Add('webPasswordFillerRequiresFullDomainMatch',$wpfDomain) } } $invokeParams.Body = $setBody | ConvertTo-Json -Depth 100 if ($PSCmdlet.ShouldProcess("Security Configuration", "$($invokeParams.Method) $($invokeParams.Uri) with:`n$($invokeParams.Body)`n")) { Write-Verbose "Performing the operation $($invokeParams.Method) $($invokeParams.Uri) with:`n$($invokeParams.Body)`n" try { $apiResponse = Invoke-TssApi @invokeParams $restResponse = . $ProcessResponse $apiResponse } catch { Write-Warning "Issue setting configuration" $err = $_ . $ErrorHandling $err } } if ($restResponse) { Write-Verbose "Setting updated successfully" } } else { Write-Warning "No valid session found" } } } |