New-CredentialStoreItem-Warn-If-CredentialStore-Doesnt-Exist #72

Closed
pinguinfuss wants to merge 6 commits from pinguinfuss:New-CredentialStoreItem-Warn-If-CredentialStore-Doesnt-Exist into master
2 changed files with 169 additions and 169 deletions

View File

@ -102,7 +102,7 @@ Describe "New-CredentialStoreItem" {
It "Missing CredentialStore should throw" { It "Missing CredentialStore should throw" {
{ {
New-CredentialStoreItem -Shared -Path '/tmp/missingStore.json' -RemoteHost 'notrelevant' New-CredentialStoreItem -Shared -Path '/tmp/missingStore.json' -RemoteHost 'notrelevant'
} | Should -Throw "Could not add anything into the given CredentialStore." } | Should -Throw "The given credential store (/tmp/missingStore.json) does not exist!"
} }
} }
Context "Testing pipeline paramter" { Context "Testing pipeline paramter" {

View File

@ -1,168 +1,168 @@
function New-CredentialStoreItem { function New-CredentialStoreItem {
<# <#
.SYNOPSIS .SYNOPSIS
Adds a credential store item containing host, user and password to the given store. Adds a credential store item containing host, user and password to the given store.
.DESCRIPTION .DESCRIPTION
The credentials are stored without any relations to it's further use. If you need to change an existing The credentials are stored without any relations to it's further use. If you need to change an existing
item please use Set-CredentialStoreItem. You need to decide afterwards, whether to use the credential for item please use Set-CredentialStoreItem. You need to decide afterwards, whether to use the credential for
a VIConnection, NetApp FAS or UCS Fabric Interconnect. a VIConnection, NetApp FAS or UCS Fabric Interconnect.
.PARAMETER Path .PARAMETER Path
Define the store in which you would like to add a new item. Define the store in which you would like to add a new item.
.PARAMETER RemoteHost .PARAMETER RemoteHost
The identifier or rather name for the given credentials. The identifier or rather name for the given credentials.
.PARAMETER Identifier .PARAMETER Identifier
Provide a custom identifier to the given remote host key. This enables you to store multiple credentials Provide a custom identifier to the given remote host key. This enables you to store multiple credentials
for a single remote host entry. For example ad/sys1, ftp/sys1, mssql/sys1 for a single remote host entry. For example ad/sys1, ftp/sys1, mssql/sys1
.PARAMETER Credential .PARAMETER Credential
You can provide credentials optionally as pre existing pscredential object. You can provide credentials optionally as pre existing pscredential object.
.PARAMETER Shared .PARAMETER Shared
Define the CredentialStore where you want to add the new item. Default is always personal but can be Define the CredentialStore where you want to add the new item. Default is always personal but can be
changed to shared, or even shared with custom path. changed to shared, or even shared with custom path.
.INPUTS .INPUTS
[None] [None]
.OUTPUTS .OUTPUTS
[None] [None]
.EXAMPLE .EXAMPLE
New-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" New-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local'
#> #>
[CmdletBinding(DefaultParameterSetName = 'Private')] [CmdletBinding(DefaultParameterSetName = 'Private')]
[Diagnostics.CodeAnalysis.SuppressMessageAttribute( [Diagnostics.CodeAnalysis.SuppressMessageAttribute(
'PSUseShouldProcessForStateChangingFunctions', 'PSUseShouldProcessForStateChangingFunctions',
'', '',
Justification = 'Adds data into an existing object/file' Justification = 'Adds data into an existing object/file'
)] )]
param ( param (
[Parameter(Mandatory = $true, ParameterSetName = 'Shared')] [Parameter(Mandatory = $true, ParameterSetName = 'Shared')]
[Parameter(Mandatory = $true, ParameterSetName = 'Private')] [Parameter(Mandatory = $true, ParameterSetName = 'Private')]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[string]$RemoteHost, [string]$RemoteHost,
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')] [Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[Parameter(Mandatory = $false, ParameterSetName = 'Private')] [Parameter(Mandatory = $false, ParameterSetName = 'Private')]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[string]$Identifier, [string]$Identifier,
[Parameter(Mandatory = $false, ValueFromPipeline = $true)] [Parameter(Mandatory = $false, ValueFromPipeline = $true)]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[PSCredential]$Credential, [PSCredential]$Credential,
[Parameter(Mandatory = $true, ParameterSetName = 'Shared')] [Parameter(Mandatory = $true, ParameterSetName = 'Shared')]
[switch]$Shared, [switch]$Shared,
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')] [Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[string]$Path [string]$Path
) )
begin { begin {
# Set the CredentialStore for private, shared or custom mode. # Set the CredentialStore for private, shared or custom mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName) Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq 'Private') { if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = Get-DefaultCredentialStorePath $Path = Get-DefaultCredentialStorePath
} }
elseif ($PSCmdlet.ParameterSetName -eq 'Shared') { elseif ($PSCmdlet.ParameterSetName -eq 'Shared') {
if (!($PSBoundParameters.ContainsKey('Path'))) { if (!($PSBoundParameters.ContainsKey('Path'))) {
$Path = Get-DefaultCredentialStorePath -Shared $Path = Get-DefaultCredentialStorePath -Shared
} }
} }
} }
process { process {
# Lets do a quick test on the given CredentialStore. # Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Shared -Path $Path)) { if (-not(Test-CredentialStore -Shared -Path $Path)) {
$MessageParams = @{ $MessageParams = @{
Exception = [System.IO.FileNotFoundException]::new( Exception = [System.IO.FileNotFoundException]::new(
'Could not add anything into the given CredentialStore.' 'The given credential store ({0}) does not exist!' -f $Path
) )
ErrorAction = "Stop" ErrorAction = 'Stop'
} }
Write-Error @MessageParams Write-Error @MessageParams
} }
$CSContent = Get-CredentialStore -Shared -Path $Path $CSContent = Get-CredentialStore -Shared -Path $Path
$CurrentDate = Get-Date -Format 'u' $CurrentDate = Get-Date -Format 'u'
if ($Identifier -ne "") { if ($Identifier -ne '') {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost $CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
} }
else { else {
$CredentialName = $RemoteHost $CredentialName = $RemoteHost
} }
if (-not($Credential)) { if (-not($Credential)) {
$Credential = Get-Credential -Message $CredentialName $Credential = Get-Credential -Message $CredentialName
} }
if ($Credential.UserName) { if ($Credential.UserName) {
if ($null -eq $CSContent.PfxCertificate) { if ($null -eq $CSContent.PfxCertificate) {
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint $Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
} }
else { else {
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
} }
if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) { if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) {
$MessageParams = @{ $MessageParams = @{
Message = 'The given host already exists. Nothing to do here.' Message = 'The given host already exists. Nothing to do here.'
} }
Write-Warning @MessageParams Write-Warning @MessageParams
} }
else { else {
$RSAKey = Get-RandomAESKey $RSAKey = Get-RandomAESKey
$CredentialHash = [ordered]@{ $CredentialHash = [ordered]@{
User = $Credential.UserName User = $Credential.UserName
Password = ConvertFrom-SecureString -SecureString $Credential.Password -Key $RSAKey Password = ConvertFrom-SecureString -SecureString $Credential.Password -Key $RSAKey
Created = $CurrentDate Created = $CurrentDate
LastChange = $null LastChange = $null
EncryptedKey = [Convert]::ToBase64String( EncryptedKey = [Convert]::ToBase64String(
$Cert.PublicKey.Key.Encrypt( $Cert.PublicKey.Key.Encrypt(
$RSAKey, $RSAKey,
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
) )
) )
} }
$MemberParams = @{ $MemberParams = @{
InputObject = $CSContent InputObject = $CSContent
Name = $CredentialName Name = $CredentialName
MemberType = 'NoteProperty' MemberType = 'NoteProperty'
Value = $CredentialHash Value = $CredentialHash
} }
Add-Member @MemberParams Add-Member @MemberParams
try { try {
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
} }
catch { catch {
$MessageParams = @{ $MessageParams = @{
Message = 'Could not add item into credential store!' Message = 'Could not add item into credential store!'
ErrorAction = 'Stop' ErrorAction = 'Stop'
} }
Write-Error @MessageParams Write-Error @MessageParams
} }
} }
} }
else { else {
$MessageParams = @{ $MessageParams = @{
Message = 'Please Provide at least a valid user!' Message = 'Please Provide at least a valid user!'
ErrorAction = 'Stop' ErrorAction = 'Stop'
} }
Write-Error @MessageParams Write-Error @MessageParams
} }
} }
end {} end {}
} }