Public/Vaults/New-DSVault.ps1
|
function New-DSVault { <# .SYNOPSIS Creates a new vault. .DESCRIPTION Creates a new vault and add users, applications and roles to it if the respective list is supplied. .EXAMPLE $Vault = @{ Name = 'NewVault' Description = 'This is a description for the new vault.' IsAllowedOffline = $true Password = 'Pa$$w0rd!' AllowedUsernameList = @("User1") AllowedRolesList = @("Role1", "Role2") AllowedApplicationList = @("App1") } $response = New-DSVault @Vault #> [CmdletBinding()] PARAM ( [ValidateNotNullOrEmpty()] #Vault's name [string]$Name = $(throw "Vault name is null or empty. Please provide a valid vault name and try again."), #Vault's master password. Backend does not verify password complexity, so you should use New-DSPassword and choose a password in the list [string]$Password, #Vault's description [string]$Description = "", #Specify if the vault is allowed to be used while offline [bool]$IsAllowedOffline = $true, #Accept an array of strings containing usernames (not id) to add to the vault [string[]]$AllowedUsernameList = @(), #Accept an array of strings containing application names (not app id) to add to the vault [string[]]$AllowedApplicationList = @(), #Accept an array of strings containing user group's name (not id) to add to the vault [string[]]$AllowedRolesList = @() ) BEGIN { Write-Verbose "[New-DSVault] Beginning..." $URI = "$Script:DSBaseURI/api/security/repositories" if ([string]::IsNullOrWhiteSpace($Global:DSSessionToken)) { throw "Session invalid. Please call New-DSSession." } } PROCESS { try { #Generating ID for new vault $id = [guid]::NewGuid() #Getting users, applications and roles list $Application = if (($res = Invoke-DS -URI "$Script:DSBaseURI/api/security/application/users/list" -Method "GET").isSuccess) { $res.Body.data } else { $null } $Roles = if (($res = Invoke-DS "$Script:DSBaseURI/api/security/roles/basic" -Method "GET").isSuccess) { $res.Body.data } else { $null } #Setting new vault data $NewVault = @{ description = $Description hasPasswordChanged = if ($Password) { $true } else { $false } id = $id idString = $id.ToString() image = "" imageBytes = "" imageName = "" isAllowedOffline = $IsAllowedOffline isLocked = $false isPrivate = $false modifiedLoggedUserName = "" modifiedUserName = "" name = $Name repositorySettings = @{ quickAddEntries = @() masterPasswordHash = $null } selected = $false } #Encryp password, if need be if ($Password) { $EncryptedPassword = Protect-ResourceToHexString $Password $NewVault | Add-Member -NotePropertyName "password" -NotePropertyValue $EncryptedPassword $NewVault | Add-Member -NotePropertyName "passwordDisplayValue" -NotePropertyValue "●●●●●●" } $RequestParams = @{ URI = $URI Method = "PUT" Body = $NewVault | ConvertTo-Json } $res = Invoke-DS @RequestParams -Verbose if (!$res.isSuccess) { return $res } #If backend couldn't process vault for whatever reason, return here and do not proceed if ((0 -ne $AllowedUsernameList.Count) -and (!(Set-DSVaultUsers $id $AllowedUsernameList).isSuccess)) { Write-Warning "[New-DSVault] Users could not be added to vault." } if ((0 -ne $AllowedRolesList.Count) -and (!(Set-DSVaultRoles $id $AllowedRolesList).isSuccess)) { Write-Warning "[New-DSVault] Roles could not be added to vault." } if ((0 -ne $AllowedApplicationList.Count) -and (!(Set-DSVaultApplications $id $AllowedApplicationList).isSuccess)) { Write-Warning "[New-DSVault] Applications could not be added to vault." } return $res } catch { Write-Error $_.Exception.Message } } END { if ($res.isSuccess) { Write-Verbose "[New-DSVault] Completed successfully!" } else { Write-Verbose "[New-DSVault] Ended with errors..." } } } |