functions/secrets/Start-SecretChangePassword.ps1

function Start-SecretChangePassword {
    <#
    .SYNOPSIS
    Start a current password change

    .DESCRIPTION
    Start a current password change

    .EXAMPLE
    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
    Start-TssSecretChangePassword -TssSession $session -Id 46

    Start a current password change operation on secret 46

    .LINK
    https://thycotic-ps.github.io/thycotic.secretserver/commands/Start-TssSecretChangePassword

    .LINK
    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secrets/Start-SecretChangePassword.ps1

    .NOTES
    Requires TssSession object returned by New-TssSession
    #>

    [CmdletBinding(SupportsShouldProcess)]
    param (
        # TssSession object created by New-TssSession for auth
        [Parameter(Mandatory, ValueFromPipeline, Position = 0)]
        [TssSession]
        $TssSession,

        # Secret Id
        [Parameter(Mandatory, ValueFromPipelineByPropertyName)]
        [Alias('SecretId')]
        [int[]]
        $Id,

        # Next Password Type, allowed Manual or Random
        [Parameter(Mandatory)]
        [ValidateSet('Manual', 'Random')]
        [string]
        $Type,

        # Manual Next Password to use
        [securestring]
        $NextPassword
    )
    begin {
        $tssParams = $PSBoundParameters
        $invokeParams = . $GetInvokeTssParams $TssSession
    }

    process {
        . $InternalEndpointUsed $PSCmdlet.MyInvocation
        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
        if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
            . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
            foreach ($secret in $Id) {
                $restResponse = $null
                $uri = $TssSession.ApiUrl.Replace('api/v1', 'internals'), 'secret-detail', $secret, 'change-password-now' -join '/'
                $invokeParams.Uri = $uri
                $invokeParams.Method = 'POST'

                $rpcBody = @{ data = @{ } }
                switch ($Type) {
                    'Manual' {
                        if ($tssParams.ContainsKey('NextPassword')) {
                            $rpcBody.data.Add('NextPassword', [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NextPassword)))
                            $rpcBody.data.Add('PasswordType', 1)
                        } else {
                            Write-Error '-NextPassword parameter must be provided when using PasswordType of [Manual]'
                            return
                        }
                    }
                    'Random' {
                        if ($tssParams.ContainsKey('NextPassword')) {
                            Write-Error '-NextPassword parameter cannot be used with PasswordType of [Random]'
                            return
                        } else {
                            $rpcBody.data.Add('NextPassword', $null)
                            $rpcBody.data.Add('PasswordType', 0)
                        }
                    }
                }
                $invokeParams.Body = $rpcBody | ConvertTo-Json

                if (-not $PSCmdlet.ShouldProcess("Secret ID: $secret", "$($invokeParamsOther.Method) $uri with:`t$($invokeParamsOther.Body)`n")) { return }
                Write-Verbose "$($invokeParamsOther.Method) $uri with:`t$($invokeParamsOther.Body)`n"
                try {
                    $restResponse = . $InvokeApi @invokeParams
                } catch {
                    $err = $_
                    . $ErrorHandling $err
                }

                if ($restResponse.success -eq $false) {
                    Write-Warning "Password Change not successful on Secret [$secret]"
                } else {
                    Write-Verbose "Password Change successfully started on Secret [$secret]"
                }
            }
        } else {
            Write-Warning 'No valid session found'
        }
    }
}