OktaPosh

0.3.1

public/ConvertTo-OktaAuthorizationYaml.ps1

                                function ConvertTo-OktaAuthorizationYaml

{

    [CmdletBinding()]

    param (

        [Parameter(Mandatory)]

        [ValidateScript({Test-Path $_ -PathType Container})]

        [string] $OutputFolder

    )

    Set-StrictMode -Version Latest

  try {

      Push-Location $OutputFolder

      if (!(Test-Path authorizationServer.json)) {

        Write-Warning "'$(Join-Path $OutputFolder authorizationServer.json)' was not found. Use Export-OktaAuthorizationServer to populate $OutputFolder"

        return

      }

      $auth = Get-Content authorizationServer.json -raw | ConvertFrom-Json

      $claims = ternary (Test-Path claims.json) (ConvertFrom-Json (Get-Content claims.json -raw)) $null

      $scopes = ternary (Test-Path scopes.json) (ConvertFrom-Json (Get-Content scopes.json -raw)) $null

      $policies = ternary (Test-Path policies.json) (ConvertFrom-Json (Get-Content policies.json -raw)) $null

      @"

authServer:

  name: $($auth.name)

  status: $($auth.status)

  audiences: $(($auth.audiences | Sort-Object) -join ", ")

  policies:

"@

    if ($policies) {

    foreach ($p in $policies | Where-Object system -eq $false) {

      @"

    - name: $($p.name)

      status: $($p.status)

      clients:

"@

        if ($p.conditions.clients.include -and $p.conditions.clients.include[0] -eq 'ALL_CLIENTS') {

          "        - ALL_CLIENTS"

        } else {

          foreach ($clientId in @($p.conditions.clients.include)) {

            "        - $((Get-OktaApplication -Id $clientId).label)"

          }

        }

        "      rules:"

        $rf = "rules_$($p.name).json"

        if (Test-Path $rf) {

          $rules = ConvertFrom-Json (Get-Content $rf -raw)

          Write-Verbose "Processing $rf"

          foreach ($r in $rules | Where-Object system -eq $false) {

              @"

        - name: $($r.name)

          status: $($r.status)

          conditions:

            people:

              users:

                include: $(($r.conditions.people.users.include | Sort-Object) -join ', ')

                exclude: $(($r.conditions.people.users.exclude | Sort-Object) -join ', ')

              groups:

                include: $(($r.conditions.people.groups.include | Sort-Object) -join ', ')

                exclude: $(($r.conditions.people.groups.exclude | Sort-Object) -join ', ')

              grantTypes:

                include: $(($r.conditions.grantTypes.include | Sort-Object) -join ', ')

              scopes:

                include: $(($r.conditions.scopes.include | Sort-Object) -join ', ')

          actions:

            token:

              accessTokenLifetimeMinutes: $($r.actions.token.accessTokenLifetimeMinutes)

              refreshTokenLifetimeMinutes: $($r.actions.token.refreshTokenLifetimeMinutes)

              refreshTokenWindowMinutes: $($r.actions.token.refreshTokenWindowMinutes)

"@

          }

            }

    }

    }

    "  claims:"

    foreach ($c in $claims | Where-Object valueType -ne 'SYSTEM' | Sort-Object -Property name ) {

      @"

    - name: $($c.name)

      status: $($c.status)

      claimType: $($c.claimType)

      valueType: $($c.valueType)

      value: '$($c.value)'

      conditions:

        scopes:

"@

      foreach ($s in $c.conditions.scopes | Sort-Object -Property name) {

        @"

          $s

"@

      }

  }

  "  scopes:"

    if ($scopes) {

      foreach ($s in $scopes | Where-Object system -eq $false | Sort-Object -Property name) {

        @"

    - name: $($s.name)

"@

    }

  }

  } catch {

      Write-Error "Error: $_`n$($_.ScriptStackTrace)"

  } finally {

      Pop-Location

  }

}