adds item related functions

This commit is contained in:
OCram85 2017-07-27 15:35:31 +02:00
parent 571566b618
commit 7416c2e5d3
5 changed files with 545 additions and 0 deletions

View File

@ -0,0 +1,109 @@
function Get-CredentialStoreItem {
<#
.SYNOPSIS
Returns the Credential from a given remote host item.
.DESCRIPTION
Return the credential as PSCredential object.
.PARAMETER RemoteHost
Specify the host, for which you would like to change the credentials.
.PARAMETER Identifier
Provide a custom identifier to the given remote host key. This enables you to store multiple credentials
for a single remote host entry. For example ad/sys1, ftp/sys1, mssql/sys1
.PARAMETER Path
Define a custom path to a shared CredentialStore.
.PARAMETER Shared
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
.INPUTS
[None]
.OUTPUTS
[System.Management.Automation.PSCredential]
.EXAMPLE
$myCreds = Get-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
.NOTES
File Name : Get-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding(DefaultParameterSetName = "Private")]
[OutputType([System.Management.Automation.PSCredential])]
param(
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[ValidateNotNullOrEmpty()]
[string]$RemoteHost,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[ValidateNotNullOrEmpty()]
[string]$Identifier,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[switch]$Shared
)
# First set a constand path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
}
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
}
if (Test-CredentialStore -Path $Path) {
$CS = Get-CredentialStore -Path $Path
$CSMembers = Get-Member -InputObject $CS
# Let`s first check if the given remote host exists as object property
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
if ($CS.Type -eq "Private") {
$CSItem = [ordered]@{
User = $CS.$CredentialName.User
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password
}
}
else {
$Key = Get-ChallengeFile
$CSItem = [ordered]@{
User = $CS.$CredentialName.User
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password -Key $Key
}
}
New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $CSItem.User, $CSItem.Password
}
else {
$MsgParams = @{
ErrorAction = "Stop"
Message = "Could not find credentials for the given remote host: {0}" -f $RemoteHost
}
Write-Error @MsgParams
}
}
else {
$MsgParams = @{
ErrorAction = "Stop"
Message = "The given credential store ({0}) does not exist!" -f $Path
}
Write-Error @MsgParams
}
}

View File

@ -0,0 +1,135 @@
function New-CredentialStoreItem {
<#
.SYNOPSIS
Adds a credential store item containing host, user and password to the given store.
.DESCRIPTION
The credentials are stored without any relations to it's further use. If you need to change an existing
item please use Set-CredentialStoreItem. You need to decide afterwards, whether to use the credential for
a VIConnection, NetApp FAS or UCS Fabric Interconnect.
.PARAMETER Path
Define the store in which you would like to add a new item.
.PARAMETER RemoteHost
The identifier or rather name for the given credentials.
.PARAMETER Identifier
Provide a custom identifier to the given remote host key. This enables you to store multiple credentials
for a single remote host entry. For example ad/sys1, ftp/sys1, mssql/sys1
.PARAMETER Credential
You can provide credentials optionally as pre existing pscredential object.
.INPUTS
[None]
.OUTPUTS
[None]
.EXAMPLE
New-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
.NOTES
File Name : New-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding(DefaultParameterSetName = "Private")]
param(
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[ValidateNotNullOrEmpty()]
[string]$RemoteHost,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[ValidateNotNullOrEmpty()]
[string]$Identifier,
[Parameter(Mandatory = $false)]
[ValidateNotNullOrEmpty()]
[pscredential]$Credential,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[switch]$Shared
)
# First set a constand path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
}
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Path $Path)) {
$MessageParams = @{
Message = "Could not add anything into the given CredentailStore."
ErrorAction = "Stop"
}
Write-Error @MessageParams
}
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Path $Path
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
}
if (-not($Credential)) {
$Credential = Get-Credential -Message $CredentialName
}
if ($Credential.UserName) {
if ($CSContent.Type -eq "Shared") {
$Key = Get-ChallengeFile
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password -Key $Key
}
else {
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password
}
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
$MessageParams = @{
Message = "The given host already exists. Nothing to do here."
}
Write-Warning @MessageParams
}
else {
$CredentialHash = [ordered]@{
User = $Credential.UserName
Password = $encypted
Creation = $CurrentDate
}
Add-Member -InputObject $CSContent -Name $CredentialName -MemberType NoteProperty -Value $CredentialHash
try {
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
}
catch [System.Exception] {
$MessageParams = @{
Message = "Couldn't add item into credential store!"
ErrorAction = "Stop"
}
Write-Error @MessageParams
}
}
}
else {
$MessageParams = @{
Message = "Please Provide at least a valid user!"
ErrorAction = "Stop"
}
Write-Error @MessageParams
}
}

View File

@ -0,0 +1,94 @@
function Remove-CredentialStoreItem {
<#
.SYNOPSIS
Remove the given credentials from the credential store.
.DESCRIPTION
Use this CMDLet to completely remove an credential store item.
.PARAMETER Path
Define the store in which your given host entry already exists.
.PARAMETER RemoteHost
Specify the host you for which you would like to change the credentials.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
same hostname.
.PARAMETER Shared
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
.INPUTS
[None]
.OUTPUTS
[None]
.EXAMPLE
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
.NOTES
File Name : Remove-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding(DefaultParameterSetName = "Private")]
param(
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[string]$RemoteHost,
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Identifier,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[switch]$Shared
)
# First set a constand path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
}
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Path $Path)) {
$MessageParams = @{
Message = "Could not add anything into the given CredentailStore."
ErrorAction = "Stop"
}
Write-Error @MessageParams
}
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Path $Path
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
}
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
# We need to use the .NET Method because there is no easier way in PowerShell.
$CSContent.PSObject.Properties.Remove($CredentialName)
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
}
else {
$MessageParams = @{
Message = "The given CredentailStoreItem does not exist."
}
Write-Warning @MessageParams
}
}

View File

@ -0,0 +1,114 @@
function Set-CredentialStoreItem {
<#
.SYNOPSIS
Changes the credentials for the given remote host in the store.
.DESCRIPTION
.PARAMETER Path
Define the store in which your given host entry already exists.
.PARAMETER RemoteHost
Specify the host you for which you would like to change the credentials.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
same hostname.
.PARAMETER Shared
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
.INPUTS
[None]
.OUTPUTS
[None]
.EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
.NOTES
File Name : Set-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding(DefaultParameterSetName = "Private")]
param(
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[string]$RemoteHost,
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Identifier,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[switch]$Shared
)
# First set a constant path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
}
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Path $Path)) {
$MessageParams = @{
Message = "Could not add anything into the given CredentailStore."
ErrorAction = "Stop"
}
Write-Error @MessageParams
}
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Path $Path
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
}
$Creds = Get-Credential -Message $CredentialName
if ($Creds.UserName) {
if ($CSContent.Type -eq "Shared") {
$Key = Get-ChallengeFile
$encypted = ConvertFrom-SecureString -SecureString $Creds.Password -Key $Key
}
else {
$encypted = ConvertFrom-SecureString -SecureString $Creds.Password
}
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
$CSContent.$CredentialName.User = $Creds.UserName
$CSContent.$CredentialName.Password = $encypted
$CSContent.$CredentialName.Creation = $CurrentDate
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
}
else {
$MessageParams = @{
Message = "The given CredentailStoreItem does not exist."
}
Write-Warning @MessageParams
}
}
Else {
$MessageParams = @{
Message = "Please Provide at least a valid user!"
ErrorAction = "Stop"
}
Write-Error @MessageParams
}
}

View File

@ -0,0 +1,93 @@
function Test-CredentialStoreItem() {
<#
.SYNOPSIS
Checks if the given RemoteHost identifier combination exists in the credential store.
.DESCRIPTION
Use this cmdlet for basic checks with a single item. Check the item first with this function before
you try to interact with it.
.PARAMETER Path
Define a custom credential store you try to read from. Without the `-Path` parameter
`Test-CredentialStoreItem` tries to read from the default private store.
.PARAMETER RemoteHost
Specify the host, for which you would like to change the credentials.
.PARAMETER Identifier
Adds an optional identifier to the given RemoteHost. Makes it possible to store multiple credentials
for a single host.
.PARAMETER Shared
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
.INPUTS
[None]
.OUTPUTS
[None]
.EXAMPLE
If (Test-CredentialStoreItem -RemoteHost "Default") {
Get-CredentialStoreItem -RemoteHost "Default"
}
Else {
Write-Warning ("The given Remote Host {0} does not exist in the credential Store!" -f $RemoteHost)
}
.NOTES
File Name : Test-CredentialStoreItem.ps1
Author : Marco Blessing - marco.blessing@googlemail.com
Requires :
.LINK
https://github.com/OCram85/PSCredentialStore
#>
[CmdletBinding(DefaultParameterSetName = "Private")]
[OutputType([Boolean])]
param(
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]$RemoteHost,
[Parameter(Mandatory = $false)]
[ValidateNotNullOrEmpty()]
[string]$Identifier,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[switch]$Shared
)
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
}
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
}
if (Test-CredentialStore -Path $Path) {
$CS = Get-CredentialStore -Path $Path
$CSMembers = Get-Member -InputObject $CS
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
return $true
}
else {
return $false
}
}
else {
$MsgParams = @{
ErrorAction = "Stop"
Message = "The given credential store ({0}) does not exist!" -f $Path
}
Write-Error @MsgParams
}
}