functions/secrets/Set-SecretSecurity.ps1
function Set-SecretSecurity { <# .SYNOPSIS Set Secret general security options .DESCRIPTION Set Secret general security options .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssSecretSecurity -TssSession $session -Id 42 DOING something .LINK https://thycotic-ps.github.io/thycotic.secretserver/commands/Set-TssSecretSecurity .LINK https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secrets/Set-SecretSecurity.ps1 .NOTES Requires TssSession object returned by New-TssSession #> [cmdletbinding(SupportsShouldProcess)] param( # TssSession object created by New-TssSession for auth [Parameter(Mandatory, ValueFromPipeline, Position = 0)] [TssSession] $TssSession, # Folder Id to modify [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Alias('SecretId')] [int[]] $Id, # DoubleLock to associate to the secret [int] $DoubleLockId, # Hide the launcher password from non-owners (Viewing Password Requires Edit in UI) [switch] $HideLauncherPassword, # Enable proxy on the Secret [switch] $ProxyEnabled, # Require comment to view the Secret [switch] $RequiresComment, # Enable Session Recording for the Secret [switch] $SessionRecordingEnabled, # Require Web Launcher to be incognito mode for the Secret [switch] $WebLauncherRequiresIncognitoMode ) begin { $setParams = $PSBoundParameters $invokeParams = . $GetInvokeTssParams $TssSession } process { Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" if ($setParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation foreach ($secret in $Id) { $restResponse = $null $uri = $TssSession.ApiUrl, 'secrets', $secret, 'security-general' -join '/' $invokeParams.Uri = $uri $invokeParams.Method = 'PATCH' $setBody = @{ data = @{ } } $whatIfProcessing = 0 switch ($setParams.Keys) { 'DoubleLockId' { if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret", "Setting DoubleLockID to $($DoubleLockId)")) { $whatIfProcessing++ } $setBody.data.doubleLockId = @{ dirty = $true value = $DoubleLockId } $setBody.data.enableDoubleLock = @{ dirty = $true value = $true } } 'HideLauncherPassword' { if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret", "Setting [Viewing Password Requires Edit] to $HideLauncherPassword")) { $whatIfProcessing++ } $setBody.data.hideLauncherPassword = @{ dirty = $true value = [boolean]$HideLauncherPassword } } 'ProxyEnabled' { if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret", "Setting ProxyEnabled to $ProxyEnabled")) { $whatIfProcessing++ } $setBody.data.proxyEnabled = @{ dirty = $true value = [boolean]$ProxyEnabled } } 'RequiresComment' { if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret", "Setting RequiresComment to $RequiresComment")) { $whatIfProcessing++ } $setBody.data.requiresComment = @{ dirty = $true value = [boolean]$RequiresComment } } 'SessionRecordingEnabled' { if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret", "Setting SessionRecordingEnabled to $SessionRecordingEnabled")) { $whatIfProcessing++ } $setBody.data.sessionRecordingEnabled = @{ dirty = $true value = [boolean]$SessionRecordingEnabled } } 'WebLauncherRequiresIncognitoMode' { if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret", "Setting WebLauncherRequiresIncognitoMode to $WebLauncherRequiresIncognitoMode")) { $whatIfProcessing++ } $setBody.data.webLauncherRequiresIncognitoMode = @{ dirty = $true value = $WebLauncherRequiresIncognitoMode } } } $invokeParams.Body = $setBody | ConvertTo-Json if ($PSCmdlet.ShouldProcess("Secret ID: $secret", "$($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n")) { Write-Verbose "Performing the operation $($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n" try { $restResponse = . $InvokeApi @invokeParams } catch { Write-Warning "Issue setting property on Secret [$secret]" $err = $_ . $ErrorHandling $err } } if ($restResponse) { if ($setParams.ContainsKey('DoubleLockId') -and $restResponse.doublelockId.value -eq $DoubleLockId) { Write-Verbose "DoubleLock ID on Secret [$secret] set to $DoubleLockId" } if ($setParams.ContainsKey('HideLauncherPassword') -and $restResponse.hideLauncherPassword.value -eq $HideLauncherPassword) { Write-Verbose "Viewing Password Requires Edit [HideLauncherPassword] on Secret [$secret] set to $HideLauncherPassword" } if ($setParams.ContainsKey('ProxyEnabled') -and $restResponse.proxyEnabled.value -eq $ProxyEnabled) { Write-Verbose "Proxy on Secret [$secret] set to $ProxyEnabled" } if ($setParams.ContainsKey('RequiresComment') -and $restResponse.requiresComment.value -eq $RequiresComment) { Write-Verbose "Require comment on Secret [$secret] set to $RequiresComment" } if ($setParams.ContainsKey('SessionRecordingEnabled') -and $restResponse.sessionRecordingEnabled.value -eq $SessionRecordingEnabled) { Write-Verbose "Session Recording on Secret [$secret] set to $SessionRecordingEnabled" } if ($setParams.ContainsKey('WebLauncherRequiresIncognitoMode') -and $restResponse.webLauncherRequiresIncognitoMode.value -eq $WebLauncherRequiresIncognitoMode) { Write-Verbose "Web Launcher requires Incognito Mode on Secret [$secret] set to $WebLauncherRequiresIncognitoMode" } } } } else { Write-Warning 'No valid session found' } } } |