313 does not honour api alias value as issuingtemplate variable (#314)

Venafi · Dec 13, 2024 · 3cd8b03 · 3cd8b03
1 parent eec8edc
commit 3cd8b03
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 24 deletions.
diff --git a/RELEASE.md b/RELEASE.md
@@ -1,11 +1,2 @@
-- Add `Set-VcCertificateRequest` to approve requests.  Optionally, use `-Wait` for the certificate to be issued and certificate details to be available.
-- Add `Initialize-PSSodium -Force` to force installation of the module if it doesn't exist.  This is used by the new parameters `Export-VcCertificate -Force`, `Import-VcCertificate -Force`, `New-VcMachine -Force`, `New-VcMachineCommonKeystore -Force`, and `New-VcMachineIis -Force`.
-- Update `New-VcCertificate` to retrieve default validity date from the issuing template instead of a set 90 days
-- Fix `Find-VdcCertificate -CountOnly` error [#309](https://github.com/Venafi/VenafiPS/issues/309)
-- Updates to better facilitate moving certificates/keys between environments.
-  - Update `Export-VcCertificate -PKCS12` to allow exporting to base64 in addition to a file.
-  - Add standard names for Format in return objects in TLSPC and TLSPDC.
-  - Add PrivateKeyPasswordCredential in return objects to keep from having to provide again further down the pipeline
-- Add `Invoke-VcGraphQL` for queries and mutations.  This isn't used for too much as of now, but the framework is here for when it's needed.
-- Update `Get-VcData` to use `Invoke-VcGraphQL` for Application and Team id and names.  Quite often we are just converting names into IDs so graphql should give us a performance bump as opposed to the REST api.
-- Deprecated `Add-VcCertificateAssociation`
+- Update `New-VcCertificate -IssuingTemplate` to allow an alias to be provided, [#313](https://github.com/Venafi/VenafiPS/issues/313).  `-IssuingTemplate` is now also optional if the application only has 1 associated template.
+- Add `Set-VcCertificateRequest -RejectReason` to specify a reason for rejection.  The default is 'Rejection processed by VenafiPS'.
diff --git a/VenafiPS/Private/Get-VcData.ps1 b/VenafiPS/Private/Get-VcData.ps1
@@ -157,7 +157,7 @@ function Get-VcData {
         }
 
         if ( $FailOnNotFound -and -not $returnObject ) {
-            throw "'$InputObject' of type $Type not found"
+            throw "$Type '$InputObject' not found"
         }
 
         switch ($PSCmdlet.ParameterSetName) {

diff --git a/VenafiPS/Public/New-VcCertificate.ps1 b/VenafiPS/Public/New-VcCertificate.ps1
@@ -7,11 +7,12 @@ function New-VcCertificate {
     Create certificate request from automated secure keypair details or CSR
 
     .PARAMETER Application
-    Application name (wildcards supported) or id to associate this certificate.
+    Application name or id to associate this certificate with.
 
     .PARAMETER IssuingTemplate
-    Issuing template name (wildcards supported) or id to use.
-    The template must be available with the selected Application.
+    Issuing template id, name, or alias.
+    The template must be associated with the provided Application.
+    If the application has only one template, this parameter is optional.
 
     .PARAMETER Csr
     CSR in PKCS#10 format which conforms to the rules of the issuing template
@@ -70,6 +71,11 @@ function New-VcCertificate {
 
     Create certificate
 
+    .EXAMPLE
+    New-VcCertificate -Application 'MyApp' -CommonName 'app.mycert.com'
+
+    Create certificate with the template associated with the application
+
     .EXAMPLE
     New-VcCertificate -Application 'MyApp' -IssuingTemplate 'MSCA - 1 year' -CommonName 'app.mycert.com' -SanIP '1.2.3.4'
 
@@ -103,7 +109,7 @@ function New-VcCertificate {
         [Parameter(Mandatory)]
         [String] $Application,
 
-        [Parameter(Mandatory)]
+        [Parameter()]
         [String] $IssuingTemplate,
 
         [Parameter(ParameterSetName = 'Csr', Mandatory)]
@@ -175,14 +181,37 @@ function New-VcCertificate {
         Test-VenafiSession $PSCmdlet.MyInvocation
 
         # validation
-        $thisApp = Get-VcApplication -Application $Application
-        if ( -not $thisApp ) {
-            throw "Application $Application does not exist"
+        $thisApp = Get-VcData -Type Application -InputObject $Application -Object -FailOnNotFound
+
+        if ( $thisApp.issuingTemplate.Count -eq 0 ) {
+            throw 'No templates associated with this application'
         }
 
-        $thisTemplate = Get-VcIssuingTemplate -IssuingTemplate $IssuingTemplate
-        if ( -not $thisTemplate ) {
-            throw "Issuing template $IssuingTemplate does not exist"
+        if ( -not $IssuingTemplate ) {
+            # issuing template not provided, see if the app has one
+            switch ($thisApp.issuingTemplate.Count) {
+                1 {
+                    # there is only one template, use it
+                    $thisTemplate = Get-VcData -Type IssuingTemplate -InputObject $thisApp.issuingTemplate[0].issuingTemplateId -Object
+                    break
+                }
+
+                Default {
+                    throw 'IssuingTemplate is required when the application has more than 1 template associated'
+                }
+            }
+        }
+        else {
+            # template provided, check if name or alias or id
+            if ( $IssuingTemplate -in $thisApp.issuingTemplate.name ) {
+                # name is an alias, get template
+                $templateId = $thisApp.issuingTemplate | Where-Object { $_.name -eq $IssuingTemplate } | Select-Object -ExpandProperty issuingTemplateId
+                $thisTemplate = Get-VcData -Type IssuingTemplate -InputObject $templateId -Object
+            }
+            else {
+                # lookup provided value, name or id
+                $thisTemplate = Get-VcData -Type IssuingTemplate -InputObject $IssuingTemplate -Object -FailOnNotFound
+            }
         }
 
         if ( $ValidUntil ) {

diff --git a/VenafiPS/Public/Set-VcCertificateRequest.ps1 b/VenafiPS/Public/Set-VcCertificateRequest.ps1
@@ -7,12 +7,16 @@
     Update details of existing applications.
     Additional properties will be available in the future.
 
-    .PARAMETER CertificateRequestId
+    .PARAMETER ID
     The certificate request id to process.
 
     .PARAMETER Approve
     Provide the switch to approve a request
 
+    .PARAMETER RejectReason
+    In the case of rejection, provide a reason.
+    The default will be 'reject'.
+
     .PARAMETER Wait
     Wait for the certificate request to either be issued or fail.
     Depending on the speed of your CA, this could take some time.
@@ -42,6 +46,11 @@
 
     Reject a request
 
+    .EXAMPLE
+    Set-VcCertificateRequest -ID 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Approve:$false -RejectReason 'not needed'
+
+    Reject a request with a specific reason
+
     .EXAMPLE
     Set-VcCertificateRequest -ID 'ca7ff555-88d2-4bfc-9efa-2630ac44c1f2' -Approve -Wait
 
@@ -71,6 +80,9 @@
         [Parameter(Mandatory, ParameterSetName = 'Approval')]
         [switch] $Approve,
 
+        [Parameter(ParameterSetName = 'Approval')]
+        [string] $RejectReason = 'Rejection processed by VenafiPS',
+
         [Parameter(ParameterSetName = 'Approval')]
         [switch] $Wait,
 
@@ -96,11 +108,15 @@
                 UriLeaf = 'certificaterequests/{0}/approval/{1}' -f $ID, $decision
             }
 
+            if ( -not $Approval ) {
+                $params.Body = @{'reason' = $RejectReason }
+            }
+
             if ( $PSCmdlet.ShouldProcess($ID, "$decision certificate request") ) {
                 $response = Invoke-VenafiRestMethod @params
             }
 
-            if ( $Wait ) {
+            if ( $Approve -and $Wait ) {
                 Write-Verbose 'Request approved, waiting for a status of either issued or failed'
                 do {
                     Start-Sleep -Seconds 1
@@ -110,6 +126,7 @@
                     $response.status -in 'ISSUED', 'FAILED'
                 )
             }
+
             if ( $PassThru ) {
                 $response
             }