NewRelicPS.Configuration.SyntheticSecureCredential.psm1

<#
.Synopsis
  Idempotently applies New Relic synthetic secure credential configurations
.Description
  Idempotently applies New Relic synthetic secure credential configurations.
.Example
  Set-SyntheticSecureCredential -AdminAPIKey $AdminAPIKey -DefinedSytheticSecureCredentials $Config.SyntheticSecureCredentials
  Uses New Relic APIs to update synthetic secure credentials to match the configuration defined in $Config.SyntheticSecureCredentials. Any existing secure credentials that are not defined will be removed.
.Parameter AdminAPIAPIKey
  Must be an admin user's API Key, not an account-level REST API Key. See more here: https://docs.newrelic.com/docs/apis/get-started/intro-apis/types-new-relic-api-keys
.Parameter DefinedSyntheticSecureCredentials
  An array of secure credential objects which define the desired configuration state for New Relic synthetic secure credentials.
#>

Function Set-NRSyntheticSecureCredentialConfiguration {
  [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSShouldProcess", '', Justification = "All CMDLets being called have ShouldProcess in place and the preference is passed to them." )]
  [CMDLetBinding(SupportsShouldProcess = $true)]
  Param (
    [Parameter (Mandatory = $true)]
    [string] $AdminAPIKey,
    [array] $DefinedSyntheticSecureCredentials
  )

  # Iterate over each defined secure credential
  [System.Collections.ArrayList]$existingSecureCredentials = @(Get-NRSyntheticSecureCredential -APIKey $AdminAPIKey)
  Write-Verbose "There are currently $($DefinedSyntheticSecureCredentials.count) defined Synthetic secure credentials and $($existingSecureCredentials.key.count) existing Synthetic secure credentials."
  Foreach ($secureCredential in $DefinedSyntheticSecureCredentials) {
    $existingSecureCredential = $existingSecureCredentials | Where-Object {$_.key -eq $secureCredential.key}
    $Params = @{
      APIKey = $AdminAPIKey
      Key = $secureCredential.Key.TOUPPER()
      Value = $secureCredential.Value
      Description = $secureCredential.Description
    }

    If ($existingSecureCredential) {
      # The secure credentials API does not return the secret value so there is no way to check it. Therefore, update existing keys on each run.
      Write-Verbose "Updating secure credential $($secureCredential.key.ToUpper())"
      Update-NRSyntheticSecureCredential @Params -Whatif:$WhatIfPreference | Out-Null

      # Any extra existing secure credentials that are not defined will be removed later
      $existingSecureCredentials.Remove($existingSecureCredential)
    }

    # Otherwise, create secure credential
    Else {
      Write-Verbose "Creating secure credential $($secureCredential.Key.ToUpper())"
      New-NRSyntheticSecureCredential @Params -Whatif:$WhatIfPreference | Out-Null
    }
  }

  # Check for existing secure credentials not in the definition and remove them
  # Note that the Synthetic API returns an object with empty properties rather than null when no secure credentials exist so check using the key property
  If ($existingSecureCredentials.key) {
    Write-Verbose "Removing secure credential(s) $($existingSecureCredentials.Key.ToUpper() -join (','))"
    $existingSecureCredentials.Key | Remove-NRSyntheticSecureCredential $AdminAPIKey  -Whatif:$WhatIfPreference | Out-Null
  }
}