Public/New-VenafiTeam.ps1

<#
.SYNOPSIS
Create a new team

.DESCRIPTION
Create a new VaaS or TPP team

.PARAMETER Name
Team name

.PARAMETER Owner
1 or more owners for the team
For VaaS, this is the unique guid obtained from Get-VenafiIdentity.
For TPP, this is the identity ID property from Find-TppIdentity or Get-VenafiIdentity.

.PARAMETER Member
1 or more members for the team
For VaaS, this is the unique guid obtained from Get-VenafiIdentity.
For TPP, this is the identity ID property from Find-TppIdentity or Get-VenafiIdentity.

.PARAMETER Role
Team role, either 'System Admin', 'PKI Admin', 'Resource Owner' or 'Guest'. VaaS only.

.PARAMETER Policy
1 or more policy folder paths this team manages. TPP only.

.PARAMETER Product
1 or more product names, 'TLS', 'SSH', and/or 'Code Signing'. TPP only.

.PARAMETER Description
Team description or purpose. TPP only.

.PARAMETER VenafiSession
Session object created from New-VenafiSession method. The value defaults to the script session object $VenafiSession.

.EXAMPLE
New-VenafiTeam -Name 'My New Team' -Member 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Owner @('ca7ff555-88d2-4bfc-9efa-2630ac44c1f3', 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f4') -Role 'System Admin'

Create a new VaaS team

.EXAMPLE
New-VenafiTeam -Name 'My New Team' -Member 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Owner @('ca7ff555-88d2-4bfc-9efa-2630ac44c1f3', 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f4') -Role 'System Admin' -PassThru

id : a7d60730-a967-11ec-8832-4d051bf6d0b4
name : My New Team
systemRoles : {SYSTEM_ADMIN}
productRoles :
role : SYSTEM_ADMIN
members : {443de910-a6cc-11ec-ad22-018e33741844}
owners : {0a2adae0-b22b-11ea-91f3-ebd6dea5452e}
companyId : 09b24f81-b22b-11ea-91f3-ebd6dea5452e
userMatchingRules : {}
modificationDate : 3/21/2022 6:38:40 PM

Create a new VaaS team returning the new team

.EXAMPLE
New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS'

Create a new TPP team

.EXAMPLE
New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -Policy '\ved\policy\myfolder'

Create a new TPP team and assign it to a policy

.EXAMPLE
New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -Description 'One amazing team'

Create a new TPP team with optional description

.EXAMPLE
New-VenafiTeam -Name 'My New Team' -Member 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e6}' -Owner 'local:{803f332e-7576-4696-a5a2-8ac6be6b14e7}' -Product 'TLS' -PassThru

Name : My New Team
ID : local:{a6053090-e309-49d9-98a7-28cbe7896c27}
Path : \VED\Identity\My New Team
FullName : local:My New Team
IsGroup : True
Members : @{Name=sample-user; ID=local:{6baad36c-7cac-48c8-8e54-000cc22ad88f};
           Path=\VED\Identity\sample-user; FullName=local:sample-user; IsGroup=False}
Owners : @{Name=sample-owner; ID=local:{d1a76bc7-d3a6-431b-9bea-d2d8780ecd86};
           Path=\VED\Identity\sample-owner; FullName=local:sample-owner; IsGroup=False}

Create a new TPP team returning the new team

.LINK
https://api.venafi.cloud/webjars/swagger-ui/index.html#/Teams/create_1

.LINK
https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Teams.php
#>

function New-VenafiTeam {

    [CmdletBinding()]

    param (

        [Parameter(Mandatory)]
        [string] $Name,

        [Parameter(Mandatory)]
        [string[]] $Owner,

        [Parameter(Mandatory)]
        [string[]] $Member,

        [Parameter(Mandatory, ParameterSetName = 'VaaS')]
        [ValidateSet('System Admin', 'PKI Admin', 'Resource Owner', 'Guest')]
        [string] $Role,

        [Parameter(ParameterSetName = 'TPP')]
        [ValidateScript( {
                if ( $_ | Test-TppDnPath ) {
                    $true
                }
                else {
                    throw "'$_' is not a valid policy path"
                }
            })]
        [string[]] $Policy,

        [Parameter(Mandatory, ParameterSetName = 'TPP')]
        [ValidateSet('TLS', 'SSH', 'Code Signing')]
        [string[]] $Product,

        [Parameter(ParameterSetName = 'TPP')]
        [string] $Description,

        [Parameter()]
        [switch] $PassThru,

        [Parameter()]
        [VenafiSession] $VenafiSession = $script:VenafiSession
    )

    $VenafiSession.Validate($PSCmdlet.ParameterSetName)

    $params = @{
        VenafiSession = $VenafiSession
    }

    if ( $VenafiSession.Platform -eq 'VaaS' ) {

        $params.Method = 'Post'
        $params.UriLeaf = "teams"
        $params.Body = @{
            'name'              = $Name
            'role'              = $Role.Replace(' ', '_').ToUpper()
            'members'           = @($Member)
            'owners'            = @($Owner)
            'userMatchingRules' = @()
        }

        $response = Invoke-VenafiRestMethod @params
    }
    else {

        $members = foreach ($thisMember in $Member) {
            if ( $thisMember.StartsWith('local') ) {
                $memberIdentity = Get-VenafiIdentity -ID $thisMember -VenafiSession $VenafiSession
                @{
                    'PrefixedName'      = $memberIdentity.FullName
                    'PrefixedUniversal' = $memberIdentity.ID
                }
            }
            else {
                @{'PrefixedUniversal' = $thisMember }
            }
        }
        $owners = foreach ($thisOwner in $Owner) {
            if ( $thisOwner.StartsWith('local') ) {
                $ownerIdentity = Get-VenafiIdentity -ID $thisOwner -VenafiSession $VenafiSession
                @{
                    'PrefixedName'      = $ownerIdentity.FullName
                    'PrefixedUniversal' = $ownerIdentity.ID
                }
            }
            else {
                @{'PrefixedUniversal' = $thisOwner }
            }
        }
        $params.Method = 'Post'
        $params.UriLeaf = 'Teams/'
        $params.Body = @{
            'Name'     = @{'PrefixedName' = "local:$Name" }
            'Members'  = @($members)
            'Owners'   = @($owners)
            'Products' = @($Product)
        }

        if ( $Policy ) {
            $params.Body.Add('Assets', @($Policy))
        }

        if ( $Description ) {
            $params.Body.Add('Description', $Description)
        }

        $response = Invoke-VenafiRestMethod @params | Select-Object -ExpandProperty ID
    }

    if ( $PassThru ) {
        $response | Get-VenafiTeam -VenafiSession $VenafiSession
    }
}