Public/New-VenafiTeam.ps1

function New-VenafiTeam {
    <#
    .SYNOPSIS
    Create a new team

    .DESCRIPTION
    Create a new VaaS or TPP team

    .PARAMETER Name
    Team name

    .PARAMETER Owner
    1 or more owners for the team
    For VaaS, this is the unique guid obtained from Get-VenafiIdentity.
    For TPP, this is the identity ID property from Find-TppIdentity or Get-VenafiIdentity.

    .PARAMETER Member
    1 or more members for the team
    For VaaS, this is the unique guid obtained from Get-VenafiIdentity.
    For TPP, this is the identity ID property from Find-TppIdentity or Get-VenafiIdentity.

    .PARAMETER Role
    Team role, either 'System Admin', 'PKI Admin', 'Resource Owner' or 'Guest'. VaaS only.

    .PARAMETER UserMatchingRule
    If SSO is enabled, build your team membership rules to organize your users into teams automatically.
    If more than 1 rule is configured, they must all be met for a user to meet the criteria.
    Each rule should be of the format @('claim name', 'operator', 'value')
    where operator can be equals, not_equals, contains, not_contains, starts_with, or ends_with.

    .PARAMETER Policy
    1 or more policy folder paths this team manages. TPP only.

    .PARAMETER Product
    1 or more product names, 'TLS', 'SSH', and/or 'Code Signing'. TPP only.

    .PARAMETER Description
    Team description or purpose. TPP only.

    .PARAMETER VenafiSession
    Authentication for the function.
    The value defaults to the script session object $VenafiSession created by New-VenafiSession.
    A TPP token or VaaS key can also provided.
    If providing a TPP token, an environment variable named TPP_SERVER must also be set.

    .EXAMPLE
    New-VenafiTeam -Name 'My New Team' -Member 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Owner @('ca7ff555-88d2-4bfc-9efa-2630ac44c1f3', 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f4') -Role 'System Admin'

    Create a new VaaS team

    .EXAMPLE
    New-VenafiTeam -Name 'My New Team' -Member 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Owner @('ca7ff555-88d2-4bfc-9efa-2630ac44c1f3', 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f4') -Role 'System Admin' -UserMatchingRule @('MyClaim', 'CONTAINS', 'Group')

    Create a new VaaS team with user matching rule

    .EXAMPLE
    New-VenafiTeam -Name 'My New Team' -Member 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Owner @('ca7ff555-88d2-4bfc-9efa-2630ac44c1f3', 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f4') -Role 'System Admin' -PassThru

    id : a7d60730-a967-11ec-8832-4d051bf6d0b4
    name : My New Team
    systemRoles : {SYSTEM_ADMIN}
    productRoles :
    role : SYSTEM_ADMIN
    members : {443de910-a6cc-11ec-ad22-018e33741844}
    owners : {0a2adae0-b22b-11ea-91f3-ebd6dea5452e}
    companyId : 09b24f81-b22b-11ea-91f3-ebd6dea5452e
    userMatchingRules : {}
    modificationDate : 3/21/2022 6:38:40 PM

    Create a new VaaS team returning the new team

    .EXAMPLE
    New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS'

    Create a new TPP team

    .EXAMPLE
    New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -Policy '\ved\policy\myfolder'

    Create a new TPP team and assign it to a policy

    .EXAMPLE
    New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -Description 'One amazing team'

    Create a new TPP team with optional description

    .EXAMPLE
    New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -PassThru

    Name : My New Team
    ID : local:{a6053090-e309-49d9-98a7-28cbe7896c27}
    Path : \VED\Identity\My New Team
    FullName : local:My New Team
    IsGroup : True
    Members : @{Name=sample-user; ID=local:{6baad36c-7cac-48c8-8e54-000cc22ad88f};
               Path=\VED\Identity\sample-user; FullName=local:sample-user; IsGroup=False}
    Owners : @{Name=sample-owner; ID=local:{d1a76bc7-d3a6-431b-9bea-d2d8780ecd86};
               Path=\VED\Identity\sample-owner; FullName=local:sample-owner; IsGroup=False}

    Create a new TPP team returning the new team

    .LINK
    https://api.venafi.cloud/webjars/swagger-ui/index.html#/Teams/create_1

    .LINK
    https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Teams.php

    .LINK
    https://docs.venafi.cloud/vcs-platform/creating-new-teams/
    #>


    [CmdletBinding()]

    param (

        [Parameter(Mandatory)]
        [string] $Name,

        [Parameter(Mandatory)]
        [string[]] $Owner,

        [Parameter(Mandatory)]
        [string[]] $Member,

        [Parameter(Mandatory, ParameterSetName = 'VaaS')]
        [ValidateSet('System Admin', 'PKI Admin', 'Resource Owner', 'Guest')]
        [string] $Role,

        [Parameter(ParameterSetName = 'VaaS')]
        [System.Collections.Generic.List[array]] $UserMatchingRule,

        [Parameter(ParameterSetName = 'TPP')]
        [ValidateScript( {
                if ( $_ | Test-TppDnPath ) {
                    $true
                } else {
                    throw "'$_' is not a valid policy path"
                }
            })]
        [string[]] $Policy,

        [Parameter(Mandatory, ParameterSetName = 'TPP')]
        [ValidateSet('TLS', 'SSH', 'Code Signing')]
        [string[]] $Product,

        [Parameter(ParameterSetName = 'TPP')]
        [string] $Description,

        [Parameter()]
        [switch] $PassThru,

        [Parameter()]
        [psobject] $VenafiSession = $script:VenafiSession
    )

    begin {
        $platform = Test-VenafiSession -VenafiSession $VenafiSession -Platform $PSCmdlet.ParameterSetName -PassThru
    }

    process {

        $params = @{
            VenafiSession = $VenafiSession
        }

        if ( $platform -eq 'VaaS' ) {

            $rules = foreach ($rule in $UserMatchingRule) {

                if ( $rule.Count -ne 3 ) {
                    throw 'Each rule must contain a claim name, operator, and value'
                }

                if ( $rule[1].ToUpper() -notin 'EQUALS', 'NOT_EQUALS', 'CONTAINS', 'NOT_CONTAINS', 'STARTS_WITH', 'ENDS_WITH') {
                    throw 'Valid values for operator are EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH'
                }

                @{
                    'claimName' = $rule[0]
                    'operator'  = $rule[1].ToUpper()
                    'value'     = $rule[2]
                }
            }

            $params.Method = 'Post'
            $params.UriLeaf = "teams"
            $params.Body = @{
                'name'              = $Name
                'role'              = $Role.Replace(' ', '_').ToUpper()
                'members'           = @($Member)
                'owners'            = @($Owner)
                'userMatchingRules' = @($rules)
            }

            $response = Invoke-VenafiRestMethod @params

        } else {

            $members = foreach ($thisMember in $Member) {
                if ( $thisMember.StartsWith('local') ) {
                    $memberIdentity = Get-VenafiIdentity -ID $thisMember -VenafiSession $VenafiSession
                    @{
                        'PrefixedName'      = $memberIdentity.FullName
                        'PrefixedUniversal' = $memberIdentity.ID
                    }
                } else {
                    @{'PrefixedUniversal' = $thisMember }
                }
            }
            $owners = foreach ($thisOwner in $Owner) {
                if ( $thisOwner.StartsWith('local') ) {
                    $ownerIdentity = Get-VenafiIdentity -ID $thisOwner -VenafiSession $VenafiSession
                    @{
                        'PrefixedName'      = $ownerIdentity.FullName
                        'PrefixedUniversal' = $ownerIdentity.ID
                    }
                } else {
                    @{'PrefixedUniversal' = $thisOwner }
                }
            }
            $params.Method = 'Post'
            $params.UriLeaf = 'Teams/'
            $params.Body = @{
                'Name'     = @{'PrefixedName' = "local:$Name" }
                'Members'  = @($members)
                'Owners'   = @($owners)
                'Products' = @($Product)
            }

            if ( $Policy ) {
                $params.Body.Add('Assets', @($Policy))
            }

            if ( $Description ) {
                $params.Body.Add('Description', $Description)
            }

            $response = Invoke-VenafiRestMethod @params | Select-Object -ExpandProperty ID
        }

        if ( $PassThru ) {
            $response | Get-VenafiTeam -VenafiSession $VenafiSession
        }
    }
}