Functions/Private/Get-EdgegridCredentials.ps1

function Get-EdgegridCredentials {
    [CmdletBinding()]
    Param(
        [Parameter()]
        [string]
        $EdgeRCFile,

        [Parameter()]
        [string]
        $Section,

        [Parameter()]
        [string]
        $AccountSwitchKey
    )

    ## Assign defaults if values not provided
    if ($EdgeRCFile -eq '') {
        $EdgeRCFile = '~/.edgerc'
    }
    else {
        ## If EdgeRCFile is provided we use that, regardless of other auth types being available
        $Mode = 'edgerc'
    }
    if ($Section -eq '') {
        $Section = 'default'
    }


    #----------------------------------------------------------------------------------------------
    # 1. Set up auth object
    #----------------------------------------------------------------------------------------------

    ## Instantiate auth object
    $Credentials = [PSCustomObject] @{
        Host         = $null
        ClientToken  = $null
        AccessToken  = $null
        ClientSecret = $null
        AccountKey   = $null
    }

    #----------------------------------------------------------------------------------------------
    # 2. Check for environment variables
    #----------------------------------------------------------------------------------------------

    ## 'default' section is implicit. Otherwise env variable starts with section prefix
    if ($Mode -ne 'edgerc') {
        if ($Section.ToLower() -eq 'default') {
            $EnvPrefix = 'AKAMAI'
        }
        else {
            $EnvPrefix = "AKAMAI_$Section".ToUpper()
        }

        if (Test-Path "env:\$EnvPrefix`_HOST") {
            $Credentials.Host = (Get-Item -Path "env:\$EnvPrefix`_HOST").Value
        }
        if (Test-Path "env:\$EnvPrefix`_CLIENT_TOKEN") {
            $Credentials.ClientToken = (Get-Item -Path "env:\$EnvPrefix`_CLIENT_TOKEN").Value
        }
        if (Test-Path "env:\$EnvPrefix`_ACCESS_TOKEN") {
            $Credentials.AccessToken = (Get-Item -Path "env:\$EnvPrefix`_ACCESS_TOKEN").Value
        }
        if (Test-Path "env:\$EnvPrefix`_CLIENT_SECRET") {
            $Credentials.ClientSecret = (Get-Item -Path "env:\$EnvPrefix`_CLIENT_SECRET").Value
        }
        if (Test-Path "env:\$EnvPrefix`_ACCOUNT_KEY") {
            $Credentials.AccountKey = (Get-Item -Path "env:\$EnvPrefix`_ACCOUNT_KEY").Value
        }

        ## Explicit ASK wins over env variable
        if ($AccountSwitchKey) {
            $Credentials.AccountKey = $AccountSwitchKey
        }

        ## Remove ASK if value is "none"
        if ($AccountSwitchKey -eq "none") {
            $Credentials.AccountKey = $null
        }

        ## Check essential elements and return
        if ($null -ne $Credentials.Host -and $null -ne $Credentials.ClientToken -and $null -ne $Credentials.AccessToken -and $null -ne $Credentials.ClientSecret) {
            ## Env creds valid
            Write-Debug "Obtained credentials from environment variables in section '$Section'"
            return $Credentials
        }
    }

    #----------------------------------------------------------------------------------------------
    # 3. Read from .edgerc file
    #----------------------------------------------------------------------------------------------

    # Get credentials from EdgeRC
    if (Test-Path $EdgeRCFile) {
        $EdgeRCContent = Get-Content $EdgeRCFile -Raw
        $SectionPattern = "(?s)(\[$Section\].*?)(\[|$)"
        $SectionMatch = $EdgeRCContent | Select-String -Pattern $SectionPattern

        if ($SectionMatch -and $SectionMatch.Matches[0].Groups[1].Value) {
            $SectionContent = $SectionMatch.Matches[0].Groups[1].Value

            $HostMatch = $SectionContent | Select-String -Pattern "\r?\nhost[ ]*=[ ]*([^\s#]+)"
            if ($HostMatch) {
                $Credentials.host = $HostMatch.Matches[0].Groups[1].Value
            }
            $ClientTokenMatch = $SectionContent | Select-String -Pattern "\r?\nclient_token[ ]*=[ ]*([^\s#]+)"
            if ($ClientTokenMatch) {
                $Credentials.ClientToken = $ClientTokenMatch.Matches[0].Groups[1].Value
            }
            $AccessTokenMatch = $SectionContent | Select-String -Pattern "\r?\naccess_token[ ]*=[ ]*([^\s#]+)"
            if ($AccessTokenMatch) {
                $Credentials.AccessToken = $AccessTokenMatch.Matches[0].Groups[1].Value
            }
            $ClientSecretMatch = $SectionContent | Select-String -Pattern "\r?\nclient_secret[ ]*=[ ]*([^\s#]+)"
            if ($ClientSecretMatch) {
                $Credentials.ClientSecret = $ClientSecretMatch.Matches[0].Groups[1].Value
            }
            $AccountKeyMatch = $SectionContent | Select-String -Pattern "\r?\naccount_key[ ]*=[ ]*([^\s#]+)"
            if ($AccountKeyMatch) {
                $Credentials.AccountKey = $AccountKeyMatch.Matches[0].Groups[1].Value
            }
        }
        else {
            throw "Error: Section '$Section' not found in edgerc file '$EdgeRCFile'"
        }

        ## Explicit ASK wins over edgerc file entry
        if ($AccountSwitchKey) {
            $Credentials.AccountKey = $AccountSwitchKey
        }

        ## Remove ASK if value is "none"
        if ($AccountSwitchKey -eq "none") {
            $Credentials.AccountKey = $null
        }

        ## Check essential elements and return
        if ($null -ne $Credentials.host -and $null -ne $Credentials.ClientToken -and $null -ne $Credentials.AccessToken -and $null -ne $Credentials.ClientSecret) {
            Write-Debug "Obtained credentials from edgerc file '$EdgeRCFile' in section '$Section'"
            return $Credentials
        }
    }

    #----------------------------------------------------------------------------------------------
    # 4. Panic!
    #----------------------------------------------------------------------------------------------

    ## Under normal circumstances you should not get this far...
    throw "Error: Credentials could not be loaded from either; session, environment variables or edgerc file '$EdgeRCFile'"

}