functions/secrets/Open-TssSecret.ps1

function Open-TssSecret {
    <#
    .SYNOPSIS
    Checkout a Secret
 
    .DESCRIPTION
    Checkout a Secret
 
    .EXAMPLE
    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
    Checkout-TssSecret -TssSession $session -Id 72 -TicketId 'N000354'
 
    Checkout Secret ID 72 providing ticket number required by Ticket Integration
 
    .EXAMPLE
    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
    Open-TssSecret -TssSession $session -Id 376
 
    Checkout Secret ID 376
 
    .EXAMPLE
    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
    Open-TssSecret -TssSession $session -Id 42 -Comment "CI process"
 
    Checkout Secret ID 42 providing a comment (Secret configured to checkout and require comment)
 
    .LINK
    https://thycotic-ps.github.io/thycotic.secretserver/commands/secrets/Open-TssSecret
 
    .LINK
    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secrets/Open-TssSecret.ps1
 
    .NOTES
    Requires TssSession object returned by New-TssSession
    #>

    [CmdletBinding(SupportsShouldProcess)]
    param (
        # TssSession object created by New-TssSession for authentication
        [Parameter(Mandatory,ValueFromPipeline,Position = 0)]
        [Thycotic.PowerShell.Authentication.Session]
        $TssSession,

        # Secret ID
        [Alias("SecretId")]
        [Parameter(ValueFromPipelineByPropertyName)]
        [int[]]
        $Id,

        # Comment to provide for restricted secret (Require Comment is enabled)
        [string]
        $Comment,

        # Associated ticket number (required for ticket integrations)
        [string]
        $TicketNumber,

        # Associated ticket system ID (required for ticket integrations)
        [int]
        $TicketSystemId
    )
    begin {
        $tssParams = $PSBoundParameters
        $invokeViewCommentParams = . $GetInvokeApiParams $TssSession
        $invokeCheckoutParams = . $GetInvokeApiParams $TssSession
    }
    process {
        Get-TssInvocation $PSCmdlet.MyInvocation
        if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
            Compare-TssVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
            foreach($secret in $Id) {
                # Checkout endpoint requires a pre-checkout comment be sent
                $restrictedBody = @{}
                switch ($tssParams.Keys) {
                    'Comment' { $restrictedBody.Add('comment',$Comment) }
                    'TicketNumber' { $restrictedBody.Add('ticketNumber', $TicketNumber) }
                    'TicketSystemId' { $restrictedBody.Add('ticketSystemId', $TicketSystemId) }
                }
                if ($restrictedBody.Count -gt 0) {
                    $uriViewComment = $TssSession.ApiUrl, 'secret-access-requests', 'secrets', $secret, 'view-comment' -join '/'

                    $invokeViewCommentParams.Body = $restrictedBody | ConvertTo-Json
                    $invokeViewCommentParams.Uri = $uriViewComment
                    $invokeViewCommentParams.Method = 'POST'

                    if ($PSCmdlet.ShouldProcess("Secret ID: $secret", "$($invokeViewCommentParams.Method) $uriViewComment with: `n$($invokeViewCommentParams.Body)`n")) {
                        Write-Verbose "Performing the operation $($invokeViewCommentParams.Method) $uriViewComment with:`n$($invokeViewCommentParams.Body)`n"
                        try {
                            $apiResponse = Invoke-TssApi @invokeViewCommentParams
                            . $ProcessResponse $apiResponse >$null
                        } catch {
                            Write-Warning "Issue adding view comment for Secret [$secret]"
                            $err = $_
                            . $ErrorHandling $err
                        }
                    }
                }
                # Secret Checkout
                $uriCheckout = $TssSession.ApiUrl, 'secrets', $secret, 'check-out' -join '/'
                $invokeCheckoutParams.Uri = $uriCheckout
                $invokeCheckoutParams.Method = 'POST'
                if ($PSCmdlet.ShouldProcess("Secret ID: $secret", "$($invokeCheckoutParams.Method) $uriCheckout")) {
                    Write-Verbose "Performing the operation $($invokeCheckoutParams.Method) $uriCheckout"
                    try {
                        $apiResponse = Invoke-TssApi @invokeCheckoutParams
                        . $ProcessResponse $apiResponse >$null
                    } catch {
                        Write-Warning "Issue checking out Secret [$secret]"
                        $err = $_
                        . $ErrorHandling $err
                    }
                }
            }
        } else {
            Write-Warning "No valid session found"
        }
    }
}