Skip to content

Commit

Permalink
Add Find-VcCertificate search properties, add Remove-VdcCertificateAs…
Browse files Browse the repository at this point in the history
…sociation (#229)
  • Loading branch information
gdbarron authored Nov 21, 2023
1 parent eb777e7 commit 64c3ef2
Show file tree
Hide file tree
Showing 9 changed files with 289 additions and 80 deletions.
3 changes: 2 additions & 1 deletion VenafiPS/Private/Find-VcObject.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,8 @@ function Find-VcObject {
[string] $Name,

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,
[System.Collections.Generic.List[object]] $Filter,
# [System.Collections.ArrayList] $Filter,

[Parameter(ParameterSetName = 'All')]
[Parameter(ParameterSetName = 'Filter')]
Expand Down
20 changes: 14 additions & 6 deletions VenafiPS/Private/New-VcSearchQuery.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ function New-VcSearchQuery {
param(

[parameter()]
[System.Collections.ArrayList] $Filter,
[System.Collections.Generic.List[object]] $Filter,

[parameter()]
[psobject[]] $Order,
Expand Down Expand Up @@ -66,7 +66,7 @@ function New-VcSearchQuery {
[CmdletBinding()]
param (
[parameter()]
[psobject] $Filter
[System.Collections.Generic.List[object]] $Filter
)

$loopFilter = $Filter
Expand All @@ -80,9 +80,13 @@ function New-VcSearchQuery {
$loopFilter = @(, $loopFilter)
}

$operands = $loopFilter | ForEach-Object {
$thisItem = $_
if ( $thisItem.count -eq 3 -and -not ($thisItem | ForEach-Object { if ($_.GetType().Name -eq 'Object[]') { 'array' } })) {
$operands = foreach ($thisItem in $loopFilter) {
if ( $thisItem.count -eq 3 ) {

# handle nested expressions
if ( $thisItem[2] -is 'Object[]' -and $thisItem[2][1] -in $operators ) {
New-VaasExpression -Filter $thisItem
}

# vaas fields are case sensitive, get the proper case if we're aware of the field
$thisField = $thisItem[0]
Expand Down Expand Up @@ -137,7 +141,11 @@ function New-VcSearchQuery {
process {

if ( $Filter ) {
$thisFilter = @(, $Filter)
$thisFilter = $Filter
# if we have a basic filter of field, operator, value, force it to be a 1 item array intead of 3 items
if ( $Filter.Count -eq 3 -and -not ($Filter | Where-Object { $_ -isnot [string] })) {
$thisFilter = @(, $Filter)
}
$query.expression = New-VaasExpression -Filter $thisFilter
}

Expand Down
112 changes: 78 additions & 34 deletions VenafiPS/Public/Find-VcCertificate.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,49 @@ function Find-VcCertificate {
.DESCRIPTION
Find certificates based on various attributes.
.PARAMETER Name
Search for certificates with the name matching part or all of the value
.PARAMETER KeyLength
Search by certificate key length
.PARAMETER Serial
Search by serial number
.PARAMETER Fingerprint
Search by fingerprint
.PARAMETER IsSelfSigned
Search for only self signed certificates
.PARAMETER Status
Search by one or more certificate statuses. Valid values include ACTIVE, RETIRED, and DELETED.
.PARAMETER ExpireBefore
Search for certificates expiring before a certain date.
Use with -ExpireAfter for a defined start and end.
.PARAMETER ExpireAfter
Search for certificates expiring after a certain date.
Use with -ExpireBefore for a defined start and end.
.PARAMETER Version
Search by version type. Valid values include CURRENT and OLD.
.PARAMETER SanDns
Search for certificates with SAN DNS matching part or all of the value
.PARAMETER Filter
Array or multidimensional array of fields and values to filter on.
Each array should be of the format @(field, comparison operator, value).
To combine filters, use the format @('operator', @(field, comparison operator, value), @(field2, comparison operator2, value2)).
Nested filters are supported.
Field names and values are case sensitive.
Field names and values are case sensitive, but VenafiPS will try and convert to the proper case if able.
Available operators are:
Operator | Name | Description and Usage
-----------------------------------------------------------------
-----------------------------------------------------------------------------------
EQ Equal operator The search result is equal to the specified value. Valid for numeric or Boolean fields.
FIND Find operator The search result is based on the value of all or part of one or more strings. You can also use Regular Expressions (regex).
GT Greater than The search result has a higher numeric value than the specified value.
Expand All @@ -31,21 +65,6 @@ function Find-VcCertificate {
For each item in the array, you can provide a field name by itself; this will default to ascending.
You can also provide a hashtable with the field name as the key and either asc or desc as the value.
.PARAMETER Name
Certificate name to find via regex match
.PARAMETER KeyLength
Certificate key length
.PARAMETER Serial
Serial number
.PARAMETER Fingerprint
Fingerprint
.PARAMETER IsSelfSigned
Only find self signed certificates
.PARAMETER SavedSearchName
Find certificates based on a saved search, see https://docs.venafi.cloud/vaas/certificates/saving-certificate-filters
Expand Down Expand Up @@ -87,20 +106,25 @@ function Find-VcCertificate {
Find certificates matching all of part of the name
.EXAMPLE
Find-VcCertificate -Filter @('fingerprint', 'EQ', '075C43428E70BCF941039F54B8ED78DE4FACA87F')
Find-VcCertificate -Fingerprint '075C43428E70BCF941039F54B8ED78DE4FACA87F'
Find certificates matching a single value
.EXAMPLE
Find-VcCertificate -Filter ('and', @('validityEnd','GTE',(get-date)), @('validityEnd','LTE',(get-date).AddDays(30)))
Find-VcCertificate -ExpireAfter (get-date) -ExpireBefore (get-date).AddDays(30)
Find certificates matching multiple values. In this case, find all certificates expiring in the next 30 days.
.EXAMPLE
Find-VcCertificate -Filter ('and', @('validityEnd','GTE',(get-date)), @('validityEnd','LTE',(get-date).AddDays(30))) | Invoke-VcCertificateAction -Renew
Find-VcCertificate -ExpireAfter (get-date) -ExpireBefore (get-date).AddDays(30)| Invoke-VcCertificateAction -Renew
Find all certificates expiring in the next 30 days and renew them
.EXAMPLE
Find-VcCertificate -Filter @('subjectDN', 'FIND', 'www.barron.com')
Find via a filter instead of using built-in function properties
.EXAMPLE
Find-VcCertificate -ApplicatonDetail
Expand All @@ -112,28 +136,17 @@ function Find-VcCertificate {
Include user/team owner details, not just the ID.
This will make additional api calls and will increase the response time.
.LINK
https://api.venafi.cloud/webjars/swagger-ui/index.html?urls.primaryName=outagedetection-service#/Certificates/certificates_search_getByExpressionAsCsv
#>

[CmdletBinding(DefaultParameterSetName = 'All')]

param (

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[Parameter(ParameterSetName = 'All')]
[Parameter(ParameterSetName = 'Filter')]
[psobject[]] $Order,

[Parameter(ParameterSetName = 'All')]
[string] $Name,

[Parameter(ParameterSetName = 'All')]
[int] $KeyLength,
[int32] $KeyLength,

[Parameter(ParameterSetName = 'All')]
[string] $Serial,
Expand All @@ -144,6 +157,30 @@ function Find-VcCertificate {
[Parameter(ParameterSetName = 'All')]
[switch] $IsSelfSigned,

[Parameter(ParameterSetName = 'All')]
[ValidateSet('ACTIVE', 'RETIRED', 'DELETED')]
[string[]] $Status,

[Parameter(ParameterSetName = 'All')]
[datetime] $ExpireBefore,

[Parameter(ParameterSetName = 'All')]
[datetime] $ExpireAfter,

[Parameter(ParameterSetName = 'All')]
[ValidateSet('CURRENT', 'OLD')]
[string] $Version,

[Parameter(ParameterSetName = 'All')]
[string] $SanDns,

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[Parameter(ParameterSetName = 'All')]
[Parameter(ParameterSetName = 'Filter')]
[psobject[]] $Order,

[parameter(Mandatory, ParameterSetName = 'SavedSearch')]
[string] $SavedSearchName,

Expand Down Expand Up @@ -179,15 +216,22 @@ function Find-VcCertificate {
}

'All' {
$newFilter = [System.Collections.ArrayList]@('AND')
$newFilter = [System.Collections.Generic.List[object]]::new()
$newFilter.Add('AND')

switch ($PSBoundParameters.Keys) {
'Name' { $null = $newFilter.Add(@('certificateName', 'FIND', $Name)) }
'Status' { $null = $newFilter.Add(@('certificateStatus', 'EQ', $Status.ToUpper())) }
'KeyLength' { $null = $newFilter.Add(@('keyStrength', 'EQ', $KeyLength.ToString())) }
'Serial' { $null = $newFilter.Add(@('serialNumber', 'EQ', $Serial)) }
'Fingerprint' { $null = $newFilter.Add(@('fingerprint', 'EQ', $Fingerprint)) }
'IsSelfSigned' { $null = $newFilter.Add(@('selfSigned', 'EQ', $IsSelfSigned.IsPresent.ToString())) }
'Version' { $null = $newFilter.Add(@('versionType', 'EQ', $Version)) }
'Status' {
$null = $newFilter.Add(@('certificateStatus', 'MATCH', $Status.ToUpper()))
}
'ExpireBefore' { $null = $newFilter.Add(@('validityEnd', 'LTE', $ExpireBefore)) }
'ExpireAfter' { $null = $newFilter.Add(@('validityEnd', 'GTE', $ExpireAfter)) }
'SanDns' { $null = $newFilter.Add(@('subjectAlternativeNameDns', 'FIND', $SanDns)) }
}

if ( $newFilter.Count -gt 1 ) { $params.Filter = $newFilter }
Expand Down
17 changes: 9 additions & 8 deletions VenafiPS/Public/Find-VcCertificateInstance.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,6 @@ function Find-VcCertificateInstance {

param (

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[parameter()]
[psobject[]] $Order,

[Parameter(ParameterSetName = 'All')]
[string] $HostName,

Expand All @@ -65,6 +59,12 @@ function Find-VcCertificateInstance {
[ValidateSet('IN_USE', 'SUPERSEDED')]
[string] $Status,

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[parameter()]
[psobject[]] $Order,

[Parameter()]
[int] $First,

Expand All @@ -85,13 +85,14 @@ function Find-VcCertificateInstance {
$params.Filter = $Filter
}
else {
$newFilter = [System.Collections.ArrayList]@('AND')
$newFilter = [System.Collections.Generic.List[object]]::new()
$newFilter.Add('AND')

switch ($PSBoundParameters.Keys) {
'HostName' { $null = $newFilter.Add(@('hostname', 'FIND', $HostName)) }
'IpAddress' { $null = $newFilter.Add(@('ipAddress', 'EQ', $IpAddress.IPAddressToString)) }
'Port' { $null = $newFilter.Add(@('port', 'EQ', $Port.ToString())) }
'Status' { $null = $newFilter.Add(@('status', 'EQ', $Status.ToUpper())) }
'Status' { $null = $newFilter.Add(@('deploymentStatus', 'EQ', $Status.ToUpper())) }
}

if ( $newFilter.Count -gt 1 ) { $params.Filter = $newFilter }
Expand Down
15 changes: 8 additions & 7 deletions VenafiPS/Public/Find-VcCertificateRequest.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -39,19 +39,19 @@ function Find-VcCertificateRequest {

param (

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[parameter()]
[psobject[]] $Order,

[Parameter(ParameterSetName = 'All')]
[ValidateSet('ISSUED', 'FAILED')]
[string] $Status,

[Parameter(ParameterSetName = 'All')]
[int] $KeyLength,

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[parameter()]
[psobject[]] $Order,

[Parameter()]
[int] $First,

Expand All @@ -72,7 +72,8 @@ function Find-VcCertificateRequest {
$params.Filter = $Filter
}
else {
$newFilter = [System.Collections.ArrayList]@('AND')
$newFilter = [System.Collections.Generic.List[object]]::new()
$newFilter.Add('AND')

switch ($PSBoundParameters.Keys) {
'Status' { $null = $newFilter.Add(@('status', 'EQ', $Status.ToUpper())) }
Expand Down
15 changes: 8 additions & 7 deletions VenafiPS/Public/Find-VcLog.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -86,12 +86,6 @@ function Find-VcLog {

param (

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[parameter()]
[psobject[]] $Order,

[Parameter(ParameterSetName = 'All')]
[string] $Name,

Expand All @@ -101,6 +95,12 @@ function Find-VcLog {
[Parameter(ParameterSetName = 'All')]
[string] $Message,

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[parameter()]
[psobject[]] $Order,

[Parameter()]
[int] $First,

Expand All @@ -121,7 +121,8 @@ function Find-VcLog {
$params.Filter = $Filter
}
else {
$newFilter = [System.Collections.ArrayList]@('AND')
$newFilter = [System.Collections.Generic.List[object]]::new()
$newFilter.Add('AND')

switch ($PSBoundParameters.Keys) {
'Name' { $null = $newFilter.Add(@('activityName', 'FIND', $Name)) }
Expand Down
15 changes: 8 additions & 7 deletions VenafiPS/Public/Find-VcMachine.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,6 @@ function Find-VcMachine {

param (

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[Parameter()]
[psobject[]] $Order,

[Parameter(ParameterSetName = 'All')]
[string] $Name,

Expand All @@ -58,6 +52,12 @@ function Find-VcMachine {
[ValidateSet('DRAFT', 'VERIFIED', 'UNVERIFIED')]
[string] $Status,

[Parameter(Mandatory, ParameterSetName = 'Filter')]
[System.Collections.ArrayList] $Filter,

[Parameter()]
[psobject[]] $Order,

[Parameter()]
[int] $First,

Expand All @@ -78,7 +78,8 @@ function Find-VcMachine {
$params.Filter = $Filter
}
else {
$newFilter = [System.Collections.ArrayList]@('AND')
$newFilter = [System.Collections.Generic.List[object]]::new()
$newFilter.Add('AND')

switch ($PSBoundParameters.Keys) {
'Name' { $null = $newFilter.Add(@('machineName', 'FIND', $Name)) }
Expand Down
Loading

0 comments on commit 64c3ef2

Please sign in to comment.