functions/secrets/Set-SecretRpcPrivileged.ps1

function Set-SecretRpcPrivileged {
    <#
    .SYNOPSIS
    Set the Privileged Account for the RPC configuration on a Secret
 
    .DESCRIPTION
    Set the Privileged Account for the RPC configuration on a Secret
 
    .EXAMPLE
    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
    Set-TssSecretRpcPrivilegedAccount -TssSession $session -Id 46 -PrivilegedSecretId 276
 
    Set the RPC Privileged Account on Secret 46 to Secret 276
 
    .EXAMPLE
    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
    Set-TssSecretRpcPrivilegedAccount -TssSession $session -Id 56 -CredentialOnSecret
 
    Set the RPC Privileged Account on Secret 56 to use the Secret itself (Credentials on Secret)
 
    .LINK
    https://thycotic-ps.github.io/thycotic.secretserver/commands/Set-TssSecretRpcPrivilegedAccount
 
    .LINK
    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secrets/Set-SecretRpcPrivilegedAccount.ps1
 
    .NOTES
    Requires TssSession object returned by New-TssSession
    #>

    [cmdletbinding(SupportsShouldProcess)]
    param(
        # TssSession object created by New-TssSession for auth
        [Parameter(Mandatory, ValueFromPipeline, Position = 0)]
        [TssSession]
        $TssSession,

        # Folder Id to modify
        [Parameter(Mandatory, ValueFromPipelineByPropertyName)]
        [Alias('SecretId')]
        [int[]]
        $Id,

        # Set Privileged Account to Use Credential on Secret
        [Parameter(ParameterSetName = 'secret')]
        [switch]
        $CredentialOnSecret,

        # Set Privileged Account to specific Secret ID
        [Parameter(ParameterSetName = 'privileged')]
        [Alias('PrivilegedSecret')]
        [int]
        $PrivilegedSecretId
    )
    begin {
        $setParams = $PSBoundParameters
        $invokeParams = . $GetInvokeTssParams $TssSession
    }
    process {
        . $InternalEndpointUsed $PSCmdlet.MyInvocation
        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
        if ($setParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
            . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
            foreach ($secret in $Id) {
                $restResponse = $null
                $uri = $TssSession.ApiUrl.Replace('api/v1', 'internals'), 'secret-detail', $secret, 'rpc' -join '/'
                $invokeParams.Uri = $uri
                $invokeParams.Method = 'PUT'

                $setRpcPrivBody = @{ data = @{ } }

                if ($setParams.ContainsKey('CredentialOnSecret')) {
                    $changeUsing = @{
                        dirty = $true
                        value = 'Secret'
                    }
                    $privilegedAccount = @{
                        dirty = $true
                        value = $null
                    }
                    $setRpcPrivBody.data.Add('changePasswordUsing', $changeUsing)
                    $setRpcPrivBody.data.Add('privilegedAccountSecretId', $privilegedAccount)
                }
                if ($setParams.ContainsKey('PrivilegedSecretId')) {
                    $changeUsing = @{
                        dirty = $true
                        value = 'PrivilegedAccount'
                    }
                    $privilegedAccount = @{
                        dirty = $true
                        value = $PrivilegedSecretId
                    }
                    $setRpcPrivBody.data.Add('changePasswordUsing', $changeUsing)
                    $setRpcPrivBody.data.Add('privilegedAccountSecretId', $privilegedAccount)
                }

                $invokeParams.Body = $setRpcPrivBody | ConvertTo-Json

                if ($PSCmdlet.ShouldProcess("Secret Id: $secret", "$($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n")) {
                    Write-Verbose "Performing the operation $($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n"
                    try {
                        $restResponse = . $InvokeApi @invokeParams
                    } catch {
                        Write-Warning "Issue setting privileged account on Secret [$secret]"
                        $err = $_
                        . $ErrorHandling $err
                    }
                }
                if ($restResponse) {
                    if ($setParams.ContainsKey('PrivilegedSecretId') -and $restResponse.privilegedAccountSecretId.value -eq $PrivilegedSecretId) {
                        Write-Verbose "Secret [$secret] RPC Privileged Secret set to [$PrivilegedSecretId]"
                    }
                    if ($setParams.ContainsKey('CredentialOnSecret') -and $null -eq $restResponse.privilegedAccountSecretId.value) {
                        Write-Verbose "Secret [$secret] RPC Privileged Secret set to use Credentials on Secret"
                    }
                }
            }
        } else {
            Write-Warning 'No valid session found'
        }
    }
}