Compare commits

..

9 Commits

Author SHA1 Message Date
f2b7910b15 Prepare release v1.1.1 (#78)
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
#### 📖 Summary

- updates changelog

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #78
2022-10-10 10:24:52 +02:00
0b5c9823e0 Adds changelog config for gitea changelog cli tool (#77)
All checks were successful
continuous-integration/drone/push Build is passing
#### 📖 Summary

- adds initial default config for changelog generation

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [ ] Tested via Drone.io pipeline
- [x] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #77
2022-10-10 10:10:18 +02:00
42fdb0a373 Fix Set-CredentialStoreItem (#76)
All checks were successful
continuous-integration/drone/push Build is passing
#### 📖 Summary

- Fix Set-CredentialStoreItem. Currently it doesn't warn if the user is trying to update a CredentialStoreItem, that does not exist.
- Also add a bit of documentation and UnitTests.
- Fix the quotation of Test-CredentialStoreItem.

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <ocram85@noreply.local>
Reviewed-on: #76
Reviewed-by: OCram85 <ocram85@noreply.local>
Co-authored-by: pinguinfuss <christian@heimdaheim.de>
Co-committed-by: pinguinfuss <christian@heimdaheim.de>
2022-10-10 10:05:08 +02:00
2bd250971b Fix optional module dependencies (#75)
All checks were successful
continuous-integration/drone/push Build is passing
#### 📖 Summary

- Fix the optional dependencies.
  - DataONTAP was never a PSGallery module, and we have to custom build that.
  - NetApp finally submitted NetApp.ONTAP into PSGallery, so we can depend on that.
- Updates UCS- and VMware-modules.

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [ ] Tested via Drone.io pipeline
- [ ] Custom test
- [x] No test plan

##### Details / Justification

Sadly, you have to run it. The module loader does not have a unit test.

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <ocram85@noreply.local>
Reviewed-on: #75
Reviewed-by: OCram85 <ocram85@noreply.local>
Co-authored-by: pinguinfuss <christian@heimdaheim.de>
Co-committed-by: pinguinfuss <christian@heimdaheim.de>
2022-10-10 10:00:42 +02:00
ac6a9d8202 prepare release 1.1.0 (#74)
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
#### 📖 Summary

- updates changelog

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #74
2022-09-21 09:39:56 +02:00
3d4f53ddc7 adds pinguinfuss contributed fix (#73)
All checks were successful
continuous-integration/drone/push Build is passing
#### 📖 Summary

- redo PR from @pinguinfuss
  - fix error message
  - fix string quotation

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

- just redo #72.
  - there was an issue caused by git config `core.autocrl` displaying / diffin the wrong line ending sequence

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #73
2022-09-20 15:01:05 +02:00
6fce8d6a8c Updates libressl files (#71)
All checks were successful
continuous-integration/drone/push Build is passing
#### 📖 Summary

- adds missing `vendor` files into build package.
- adds missing `openssl.conf` in build package.
- updates libressl / openssl to v3.5.3

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

-  See `v1.1.0-dev9` build
  - https://gitea.ocram85.com/OCram85/PSCredentialStore/releases/tag/v1.1.0-dev9
Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #71
2022-09-20 11:58:29 +02:00
ddb85d907f addChangelog (#70)
All checks were successful
continuous-integration/drone/push Build is passing
#### 📖 Summary

- adds CHANGELOG.md via DroneHelper

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #70
2022-07-28 15:15:52 +02:00
5bdb383627 updates Readme (#69)
All checks were successful
continuous-integration/drone/push Build is passing
#### 📖 Summary

- fix typos
- Updates several sections

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #69
2022-07-28 10:41:46 +02:00
28 changed files with 313 additions and 102 deletions

32
.changelog.yml Normal file
View File

@ -0,0 +1,32 @@
# The full repository name
repo: OCram85/PSCredentialStore
# Service type (gitea or github)
service: gitea
# Base URL for Gitea instance if using gitea service type (optional)
# Default: https://gitea.com
base-url: https://gitea.ocram85.com
# Changelog groups and which labeled PRs to add to each group
groups:
- name: ✨ FEATURES
labels:
- feature
- name: 📦 META
labels:
- meta
- name: 🐛 BUGFIXES
labels:
- bug
- name: 🛠️ ENHANCEMENTS
labels:
- enhancement
- name: 📚 DOCS
labels:
- docs
- name: 🔖 MISC
default: true
# regex indicating which labels to skip for the changelog
skip-labels: skip-changelog|backport\/.+

View File

@ -120,7 +120,7 @@ steps:
Install-Module -Name 'DroneHelper' -Repository 'PSGallery' -ErrorAction 'Stop' -AllowPrerelease -Force;
Import-Module -Name 'DroneHelper' -ErrorAction 'Stop';
Install-ModuleDependency;
New-BuildPackage -Verbose
New-BuildPackage -Verbose -AdditionalPath @('./src/Vendor', './src/openssl.conf')
}"
- name: GiteaRelease

1
.gitattributes vendored
View File

@ -21,4 +21,5 @@
# Vendor resources config
src/Vendor/libressl255/* filter=lfs diff=lfs merge=lfs -text
src/Vendor/libressl/* filter=lfs diff=lfs merge=lfs -text
*.pfx filter=lfs diff=lfs merge=lfs -text

41
CHANGELOG.md Normal file
View File

@ -0,0 +1,41 @@
# Changelog
<!-- insertMark -->
## [v1.1.1](https://gitea.ocram85.com/OCram85/PSCredentialStore/releases/tag/v1.1.1) - 2022-10-10
* 📦 META
* Adds changelog config for gitea changelog cli tool (#77)
* 🐛 BUGFIXES
* Fix Set-CredentialStoreItem (#76)
* Fix optional module dependencies (#75)
### Contributors
* [@OCram85](https://gitea.ocram85.com/OCram85)
* [@pinguinfuss](https://gitea.ocram85.com/pinguinfuss)
## `v1.1.0`
- (3d4f53d) adds pinguinfuss contributed fix (#73)
- (6fce8d6) Updates libressl files (#71)
- (ddb85d9) addChangelog (#70)
- (5bdb383) updates Readme (#69)
- (a95ba31) remove optional depenency helper (#68)
- (1e7dd78) adds CiscoUCSCentral connection type (#67)
- (b76668c) fix Test-CredentialStoreItem return (#66)
- (ae62ccc) switch to GNU AGPLv3 license (#64)
- (a66e824) adds community contribution for CiscoUCS connection fix (#63)
- (3d90d91) fix lint (PSScriptAnalyzer) issues (#62)
- (d0b7e53) adds DroneHelper (#61)
- (d4b00a5) Migrates to Pester5+ tests (#59)
- (e340466) update references (#60)
- (88743e9) fix pester verbosity config (#58)
- (c31ee79) Update issue templates (#57)
- (c45490a) Update issue templates (#56)
- (4abfec5) adds PR template (#55)
- (7708df9) Update pwsh style to latest community standards (#52)
## `v1.0.542`
- 🧙 pre migrated Gitea version

View File

@ -5,7 +5,10 @@
<p align="center">
<a href="https://gitea.ocram85.com/OCram85/PSCredentialStore/">
<img src="https://gitea.ocram85.com/OCram85/PSCredentialStore/raw/branch/master/assets/social-logo.png" alt="PSCredentialStore" />
<img
src="https://gitea.ocram85.com/OCram85/PSCredentialStore/raw/branch/master/assets/social-logo.png"
alt="PSCredentialStore"
>
</a>
</p>
@ -19,7 +22,10 @@
<p align="center">
<a href="https://drone.ocram85.com/OCram85/PSCredentialStore">
<img src="https://drone.ocram85.com/api/badges/OCram85/PSCredentialStore/status.svg" alt="Master Branch Build Status">
<img
src="https://drone.ocram85.com/api/badges/OCram85/PSCredentialStore/status.svg"
alt="Master Branch Build Status"
>
</a>
<!-- CodeCove disabled for self hosting git
<a href="https://codecov.io/gh/OCram85/PSCredentialStore">
@ -27,23 +33,30 @@
</a>
-->
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
<img src="https://img.shields.io/powershellgallery/v/PSCredentialStore.svg?style=plastic" alt="PowershellGallery Published Version">
<img
src="https://img.shields.io/powershellgallery/v/PSCredentialStore.svg?style=plastic"
alt="PowershellGallery Published Version"
>
</a>
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
<img src="https://img.shields.io/powershellgallery/vpre/PSCredentialStore.svg?label=latest%20preview&style=plastic" />
<img
src="https://img.shields.io/powershellgallery/vpre/PSCredentialStore.svg?label=latest%20preview&style=plastic"
>
</a>
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
<img src="https://img.shields.io/powershellgallery/dt/PSCredentialStore.svg?style=plastic" />
<img
src="https://img.shields.io/powershellgallery/dt/PSCredentialStore.svg?style=plastic"
>
</a>
</p>
## :key: General
The PSCredentialStore is a simple credential manager for `PSCredential` objects. It stores PSCredentials in a simple json
file. You can choose between a private and shared credential store. The private one exists in your profile and can
ony accessed by your account on the same machine. The shared store enables you to use different credentials for your
scripts without exposing them as plain text.
The PSCredentialStore is a simple credential manager for `PSCredential` objects. It stores PSCredentials in a simple
json file. You can choose between a private and shared credential store. The private one exists in your profile and
can ony accessed by your account on the same machine. The shared store enables you to use different credentials for
your scripts without exposing them as plain text.
PSCredentialStore was developed to simplify the delegation of complex powershell scripts. In this case you often
need to store credentials for non interactive usage like in scheduled tasks.
@ -51,10 +64,10 @@ need to store credentials for non interactive usage like in scheduled tasks.
Starting with version `1.0.0` PSCredential uses Pfx certificates fo encryption. You can use Pfx certificate files
or certificates stored in the certificate store.
For more details read the [about_PSCredentialStore](/docs/about_PSCredentialStore.md) page on gitea or via CLI with
For more details read the [about_PSCredentialStore](docs/about_PSCredentialStore.md) page on Gitea or via CLI with
`Get-Help about_PSCredentialStore`.
You can find the [reference](/docs/PSCredentialStore.md) in the /docs/ path as well.
You can find the full [reference](docs/Readme.md) in the */docs/* path as well.
## :vulcan_salute: Requirements
@ -63,24 +76,26 @@ You can find the [reference](/docs/PSCredentialStore.md) in the /docs/ path as w
## :bomb: About Security
>This section explains some security topics and the the design decisions we made to balance the usage and security needs.
> This section explains some security topics and the design decisions we made to balance the usage and security needs.
To be able to delegate `PSCredentials` objects we can't exclusively rely on the `SecureString` cmdlets. You can't
decrypt and reuse such credentials from a different user account or even machine. This is caused by automatically
generated encryption key which, is used create a `Secure String` based encrypted string.
generated encryption key, which is used create a `Secure String` based encrypted string.
In order to delegate a password, while still using the underlying security framework, we have to provide a custom
encryption key. This leads to the fact, that everyone who has access to the key could encrypt or decrypt your data.
So we decided to use the public and private keys from valid certificates as part of the custom encryption keys to encrypt your data.
So we decided to use the public and private keys from valid certificates as part of the custom encryption keys to
encrypt your data.
This means clearly: Everyone who has access to the `CredentialStore` needs also access to the certificate file to work with it.
This means clearly: Everyone who has access to the `CredentialStore` needs also access to the certificate file to
work with it.
Keep in mind you need to secure the access with your NTFS file permissions to avoid unwanted usage. Another option is
to import the certificate into your certification vaults of you operating system. In this case you can grand the
Keep in mind you need to secure the access with your NTFS file permissions to avoid unwanted usage. Another option
is to import the certificate into your certification vaults of you operating system. In this case you can grand the
permission to the certificates itself.
Here is s brief hierarchy description of the certificate location: *(First match wins)*
Here is a brief hierarchy description for the certificate lookup order: *(First match wins)*
| CredentialStore Type | Certificate Location |
| -------------------- | ---------------------- |
@ -95,9 +110,9 @@ Here is s brief hierarchy description of the certificate location: *(First match
### :artificial_satellite: PowerShellGallery.com (Recommended Way)
* Make sure you use PowerShell 5.1 or higher with `$PSVersionTable`.
* Use the builtin PackageManagement and install with: `Import-Module PowerShellGet; Install-Module 'PSCredentialStore' -Repository 'PSGallery'`
* Use the builtin PackageManagement + PowerShellGet module and install PSCredentialStore with: `Import-Module PowerShellGet; Install-Module 'PSCredentialStore' -Repository 'PSGallery'`
* Additionally use the `-AllowPrerelease` switch until we publish the final release!
* Done. Start exploring the Module with `Import-Module PSCredentialStore ; Get-Command -Module PSCredentialStore`
* Done. Start exploring the Module with `Import-Module PSCredentialStore; Get-Command -Module PSCredentialStore`
### :building_construction: Manual Way
@ -109,8 +124,9 @@ Here is s brief hierarchy description of the certificate location: *(First match
### :sparkles: Quick Start
**1.** First we need a blank credential store. You can decide between a *private* or *shared* store. The private
Credential Store can only be accessed with your profile on the machine you created it.
**1.** First we need a blank credential store. You can decide between a *private* or *shared* one.
> :bulb: Note: The private credential store can only be accessed with your profile on the machine you created it.
Starting with version `1.0.0` you can decide the storage type of your fresh created certificate. As default
PSCredentialStore creates a new pfx certificate file beside the credential store itself. Optionally you can provide
@ -126,11 +142,12 @@ New-CredentialStore -UseCertStore
# Shared credential store
New-CredentialStore -Shared
#Shared credential store in custom location
# Shared credential store in custom location
New-CredentialStore -Shared -Path 'C:\CredentialStore.json'
```
**2.** Now you can manage your credential store items:
```powershell
# This will prompt for credentials and stores it in a private store
New-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
@ -141,7 +158,7 @@ Invoke-Command -ComputerName 'dc01.myside.local' -Credential $DCCreds -ScripBloc
```
The credential store contains also a simple function to establish a connection with several systems or protocols.
If you have already installed the underlying framework / modules, you can connect these endpoints:
If you have already installed the underlying framework / modules, you can connect to these endpoint types:
* **CiscoUcs** - Establish a connection to a Cisco UCS fabric interconnect.
* Required Modules: [`Cisco.UCS.Core`, `Cisco.UCSManager`](https://software.cisco.com/download/release.html?i=!y&mdfid=286305108&softwareid=284574017&release=2.1.1)

View File

@ -66,7 +66,7 @@ function New-CSCertificate {
($PSVersionTable.PSEdition -eq 'Desktop' -and $PSVersionTable.PSVersion.Major -lt 6) -or
($IsWindows -eq $true)
) {
$openssl = Join-Path -Path $ModuleBase -ChildPath '/Vendor/libressl255/openssl.exe'
$openssl = Join-Path -Path $ModuleBase -ChildPath '/Vendor/libressl/openssl.exe'
}
$Env:OPENSSL_CONF = Join-Path $ModuleBase -ChildPath '/openssl.conf'

View File

@ -102,7 +102,7 @@ Describe "New-CredentialStoreItem" {
It "Missing CredentialStore should throw" {
{
New-CredentialStoreItem -Shared -Path '/tmp/missingStore.json' -RemoteHost 'notrelevant'
} | Should -Throw "Could not add anything into the given CredentialStore."
} | Should -Throw "The given credential store (/tmp/missingStore.json) does not exist!"
}
}
Context "Testing pipeline paramter" {

View File

@ -32,7 +32,7 @@ function New-CredentialStoreItem {
[None]
.EXAMPLE
New-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
New-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost esx01.myside.local'
#>
[CmdletBinding(DefaultParameterSetName = 'Private')]
@ -68,7 +68,7 @@ function New-CredentialStoreItem {
begin {
# Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath
}
@ -84,9 +84,9 @@ function New-CredentialStoreItem {
if (-not(Test-CredentialStore -Shared -Path $Path)) {
$MessageParams = @{
Exception = [System.IO.FileNotFoundException]::new(
'Could not add anything into the given CredentialStore.'
'The given credential store ({0}) does not exist!' -f $Path
)
ErrorAction = "Stop"
ErrorAction = 'Stop'
}
Write-Error @MessageParams
}
@ -95,8 +95,8 @@ function New-CredentialStoreItem {
$CurrentDate = Get-Date -Format 'u'
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
if ($Identifier -ne '') {
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost

View File

@ -0,0 +1,130 @@
[Diagnostics.CodeAnalysis.SuppressMessageAttribute(
'PSAvoidUsingConvertToSecureStringWithPlainText',
'',
Justification = 'just used in pester tests.'
)]
[Diagnostics.CodeAnalysis.SuppressMessageAttribute(
'PSProvideCommentHelp',
'',
Justification = 'no need in internal pester helpers.'
)]
param ()
BeforeAll {
$ManifestFile = (Get-Item -Path './src/*.psd1').FullName
Import-Module $ManifestFile -Force
$PrivateFunctions = (Get-ChildItem -Path './src/Private/*.ps1' | Where-Object {
$_.BaseName -notmatch '.Tests'
}
).FullName
foreach ( $func in $PrivateFunctions) {
. $func
}
# Backup existing credential stores
$VerbosePreference = 'Continue'
Write-Verbose -Message 'Backup private Credential Store...'
$CSPath = Get-DefaultCredentialStorePath
$BackupFile = '{0}.back' -f $CSPath
if (Test-Path -Path $CSPath) {
Move-Item -Path $CSPath -Destination $BackupFile
}
Write-Verbose -Message 'Backup shared CredentialStore...'
$CSShared = Get-DefaultCredentialStorePath -Shared
$BackupSharedFile = '{0}.back' -f $CSShared
if (Test-Path -Path $CSShared) {
Move-Item -Path $CSShared -Destination $BackupSharedFile
}
Write-Verbose -Message 'Remove old CredentialStore in Temp dir'
$CSTemp = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json'
if (Test-Path -Path $CSTemp) {
Remove-Item -Path $CSTemp
}
$VerbosePreference = 'SilentlyContinue'
}
Describe 'New-CredentialStoreItem' {
Context 'Private Credential Store tests' {
It 'Add entry to a private store.' {
# Create a fresh CredentialStore first
New-CredentialStore -Force
# Define the content of the CredentialStoreItem.
$RemoteHost = 'barfoo'
$UserName = 'MyUser'
$Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force
# Form the CredentialObject.
$creds = [PSCredential]::new($UserName, $Password)
# Create the CredentialStoreItem.
New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds
# Formulate an update to the CredentialStoreItem.
$ClearPassword = 'fooobaryadfafa'
$Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force
$creds = [PSCredential]::new($UserName, $Password)
{
Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds
} | Should -Not -Throw
# Control the content of the CredentialStore.
$content = Get-CredentialStoreItem -RemoteHost $RemoteHost
$content.GetNetworkCredential().Password | Should -Be $ClearPassword
}
}
Context 'Shared Credential Store tests' {
It 'Add entry to a shared store.' {
# Create a fresh CredentialStore first
$tmpCS = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json'
New-CredentialStore -Path $tmpCS -Force -Shared
# Define the content of the CredentialStoreItem.
$RemoteHost = 'barfoo'
$UserName = 'MyUser'
$Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force
# Form the CredentialObject.
$creds = [PSCredential]::new($UserName, $Password)
# Create the CredentialStoreItem.
New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared
# Formulate an update to the CredentialStoreItem.
$ClearPassword = 'fooobaryadfafa'
$Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force
$creds = [PSCredential]::new($UserName, $Password)
{
Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared
} | Should -Not -Throw
# Control the content of the CredentialStore.
$content = Get-CredentialStoreItem -RemoteHost $RemoteHost -Path $tmpCS -Shared
$content.GetNetworkCredential().Password | Should -Be $ClearPassword
}
}
}
AfterAll {
# Cleanup test stores and restore existing ones.
$VerbosePreference = 'Continue'
Write-Verbose -Message 'Restoring private CredentialStore'
If (Test-Path -Path $BackupFile) {
If (Test-Path -Path $CSPath) {
Remove-Item -Path $CSPath
Move-Item -Path $BackupFile -Destination $CSPath
}
}
Write-Verbose -Message 'Restoring shared CredentialStore'
If (Test-Path -Path $BackupSharedFile) {
If (Test-Path -Path $CSShared) {
Remove-Item -Path $CSShared
Move-Item -Path $BackupSharedFile -Destination $CSShared
}
}
$VerbosePreference = 'SilentlyContinue'
}

View File

@ -13,7 +13,7 @@ function Set-CredentialStoreItem {
Specify the host you for which you would like to change the credentials.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
Defaults to ''. Specify a string, which separates two CredentialStoreItems for the
same hostname.
.PARAMETER Shared
@ -30,10 +30,10 @@ function Set-CredentialStoreItem {
[None]
.EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local'
.EXAMPLE
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' -Identifier svc
#>
[CmdletBinding(DefaultParameterSetName = 'Private')]
@ -65,7 +65,7 @@ function Set-CredentialStoreItem {
begin {
# Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath
}
@ -77,32 +77,52 @@ function Set-CredentialStoreItem {
}
process {
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Shared -Path $Path)) {
# Define the default splatting.
$DefaultSplatting = @{
Path = $Path
}
# Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting
if ($PSBoundParameters.ContainsKey('Shared')) {
$DefaultSplatting.Add('Shared', $true)
}
else {
$DefaultSplatting.Add('Shared', $false)
}
# Now lets check the given CredentialStore.
if (-not(Test-CredentialStore @DefaultSplatting)) {
$MessageParams = @{
Message = 'Could not add anything into the given CredentailStore.'
Message = ('The given CredentialStore ({0}) does no exist.' -f $Path)
ErrorAction = 'Stop'
}
Write-Error @MessageParams
}
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Shared -Path $Path
$CSContent = Get-CredentialStore @DefaultSplatting
# Get a formatted current date for the last update time of the Item.
$CurrentDate = Get-Date -Format 'u'
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
# Check if the user supplied an identifier. If so, we need to mangle the CredentialName, as that's where
# the identifier is actually added.
if ($Identifier -ne '') {
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
}
# If the user didn't supply a CredentialObject, we need to prompt for it.
if (-not($Credential)) {
$Credential = Get-Credential -Message $CredentialName
}
if ($Credential.UserName) {
# If the username isn't empty, we ca go ahead and update the entry.
if ($null -ne $Credential.UserName -and -not [string]::IsNullOrWhiteSpace($Credential.UserName)) {
# Check if the path to the PfxCertificate is stored in the CredentialStore. If so load the certificate.
# If not, load try loading the certificate from the Filepath of the CredentialStore.
if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
}
@ -110,13 +130,17 @@ function Set-CredentialStoreItem {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
}
# Now locate the Item.
if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) {
# Get a random AES key for the entry.
$RSAKey = Get-RandomAESKey
$CSContent.$CredentialName.User = $Credential.UserName
$ConvertParams = @{
SecureString = $Credential.Password
Key = $RSAKey
}
# Now create a updated item containing the updated credentials.
$CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams
$CSContent.$CredentialName.LastChange = $CurrentDate
$CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String(
@ -125,10 +149,15 @@ function Set-CredentialStoreItem {
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
)
)
# Convert the CredentialStore back into JSON and save it to the file.
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
}
else {
Write-Warning -Message ('Unable to locate CredentialStoreItem for {0}' -f $CredentialName)
}
}
Else {
else {
$MessageParams = @{
Message = 'Please Provide at least a valid user!'
ErrorAction = 'Stop'

View File

@ -33,11 +33,11 @@ function Test-CredentialStoreItem {
[None]
.EXAMPLE
if (Test-CredentialStoreItem -RemoteHost "Default") {
Get-CredentialStoreItem -RemoteHost "Default"
if (Test-CredentialStoreItem -RemoteHost 'Default') {
Get-CredentialStoreItem -RemoteHost 'Default'
}
else {
Write-Warning ("The given Remote Host {0} does not exist in the credential Store!" -f $RemoteHost)
Write-Warning ('The given Remote Host {0} does not exist in the credential Store!' -f $RemoteHost)
}
#>
@ -45,7 +45,7 @@ function Test-CredentialStoreItem {
[OutputType([bool])]
param (
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[string]$Path = '{0}\PSCredentialStore\CredentialStore.json' -f $env:ProgramData,
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
@ -61,7 +61,7 @@ function Test-CredentialStoreItem {
begin {
# Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath
}
@ -73,8 +73,8 @@ function Test-CredentialStoreItem {
}
process {
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
if ($Identifier -ne '') {
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
}
else {
$CredentialName = $RemoteHost
@ -92,7 +92,7 @@ function Test-CredentialStoreItem {
}
else {
$MsgParams = @{
Message = "The given credential store ({0}) does not exist!" -f $Path
Message = 'The given credential store ({0}) does not exist!' -f $Path
}
Write-Warning @MsgParams
return $false

View File

@ -146,27 +146,27 @@
ExternalModuleDependencies = @(
@{
ModuleName = 'VMware.VimAutomation.Core'
ModuleVersion = '6.5.2.6234650'
ModuleVersion = '12.7.0.20091293'
},
@{
ModuleName = 'VMware.VimAutomation.Cis.Core'
ModuleVersion = '6.5.4.6983166'
ModuleVersion = '12.6.0.19601368'
},
@{
ModuleName = 'Cisco.UCS.Core'
ModuleVersion = '2.3.1.5'
ModuleName = 'Cisco.UCS.Common'
ModuleVersion = '3.0.1.2'
},
@{
ModuleName = 'Cisco.UCSManager'
ModuleVersion = '2.5.2.2'
ModuleVersion = '3.0.1.2'
},
@{
ModuleName = 'WinSCP'
ModuleVersion = '5.17.8.1'
},
@{
ModuleName = 'DataONTAP'
ModuleVersion = '9.7.1.1'
ModuleName = 'NetApp.ONTAP'
ModuleVersion = '9.10.1.2111'
}
)

BIN
src/Vendor/libressl/openssl.exe (Stored with Git LFS) vendored Normal file

Binary file not shown.

BIN
src/Vendor/libressl255/libcrypto-41.dll (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libcrypto-41.exp (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libcrypto-41.lib (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libcrypto-41.pdb (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libssl-43.dll (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libssl-43.exp (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libssl-43.lib (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libssl-43.pdb (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libtls-15.dll (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libtls-15.exp (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libtls-15.lib (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/libtls-15.pdb (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/ocspcheck.exe (Stored with Git LFS) vendored

Binary file not shown.

BIN
src/Vendor/libressl255/openssl.exe (Stored with Git LFS) vendored

Binary file not shown.