ps/Modules/Alkami.DevOps.Installation/Public/Read-AppTierSecrets.ps1

function Read-AppTierSecrets {
<#
.SYNOPSIS
    Reads App Tier Secrets.
#>

    [CmdletBinding()]
    Param(
        [string]$secretUserName,
        [string]$secretPassword,
        [string]$secretFolder,
        [string]$secretDomain
    )

    $logLead  = (Get-LogLeadName);
    $hasCerts = $false

    # Create a temporary download folder for certificates
    $randomFolderName = [System.IO.Path]::GetRandomFileName().Split('.') | Select-Object -First 1
    $downloadFolder = Join-Path $PSScriptRoot $randomFolderName

    if (!([System.IO.Directory]::Exists($downloadFolder))) {
        Write-Verbose ("$logLead : Creating temporary download folder {0}" -f $downloadFolder)
        New-Item $downloadFolder -ItemType Directory -Force | Out-Null
    }

    # Pull Secrets
    Write-Output ("$logLead : Getting AppServer Secrets for Folder {0} using user {1}" -f $secretFolder, $secretUserName)
    $secrets = Get-SecretsForPod $secretUserName $secretPassword $secretDomain $secretFolder

    $savedCertificates = @()

    # Have to explicitly call GetEnumerator because of the way PS handles Dictionaries to HashTables
    foreach ($secret in $secrets.GetEnumerator()) {
        [System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null

        if ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::Certificate) {
            $cert = [Alkami.Ops.SecretServer.Model.Certificate]$secret.Value
            Save-CertificatesToDisk $cert ([ref]$savedCertificates) $downloadFolder
            $hasCerts = $true
        }
        elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::User) {
            Set-ServiceAccountValue ([Alkami.Ops.SecretServer.Model.User]$secret.Value)
        }
        elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::ConnectionString -and $masterConnectionString -eq "REPLACEME") {
            $secretConnectionString = ([Alkami.Ops.SecretServer.Model.ConnectionString]$secret.Value).RawConnectionString
            Write-Output ("$logLead : Setting master connection string to {0}" -f $secretConnectionString)
            $global:masterConnectionString = $secretConnectionString
        }
    }

    if ($hasCerts) {
        Read-AppTierCertificates $downloadFolder $savedCertificates
    }

    if (Test-Path $downloadFolder) {
        Write-Verbose ("$logLead : Removing temporary download folder {0}" -f $downloadFolder)
        Remove-Item $downloadFolder -Recurse -Force
    }
}

Set-Alias -name Load-AppTierSecrets -value Read-AppTierSecrets;
First full commit 2023-05-30 22:51:22 -07:00			`function Read-AppTierSecrets {`
			`<#`
			`.SYNOPSIS`
			`Reads App Tier Secrets.`
			`#>`

			`[CmdletBinding()]`
			`Param(`
			`[string]$secretUserName,`
			`[string]$secretPassword,`
			`[string]$secretFolder,`
			`[string]$secretDomain`
			`)`

			`$logLead = (Get-LogLeadName);`
			`$hasCerts = $false`

			`# Create a temporary download folder for certificates`
			`$randomFolderName = [System.IO.Path]::GetRandomFileName().Split('.') \| Select-Object -First 1`
			`$downloadFolder = Join-Path $PSScriptRoot $randomFolderName`

			`if (!([System.IO.Directory]::Exists($downloadFolder))) {`
			`Write-Verbose ("$logLead : Creating temporary download folder {0}" -f $downloadFolder)`
			`New-Item $downloadFolder -ItemType Directory -Force \| Out-Null`
			`}`

			`# Pull Secrets`
			`Write-Output ("$logLead : Getting AppServer Secrets for Folder {0} using user {1}" -f $secretFolder, $secretUserName)`
			`$secrets = Get-SecretsForPod $secretUserName $secretPassword $secretDomain $secretFolder`

			`$savedCertificates = @()`

			`# Have to explicitly call GetEnumerator because of the way PS handles Dictionaries to HashTables`
			`foreach ($secret in $secrets.GetEnumerator()) {`
			`[System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") \| Out-Null`

			`if ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::Certificate) {`
			`$cert = [Alkami.Ops.SecretServer.Model.Certificate]$secret.Value`
			`Save-CertificatesToDisk $cert ([ref]$savedCertificates) $downloadFolder`
			`$hasCerts = $true`
			`}`
			`elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::User) {`
			`Set-ServiceAccountValue ([Alkami.Ops.SecretServer.Model.User]$secret.Value)`
			`}`
			`elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::ConnectionString -and $masterConnectionString -eq "REPLACEME") {`
			`$secretConnectionString = ([Alkami.Ops.SecretServer.Model.ConnectionString]$secret.Value).RawConnectionString`
			`Write-Output ("$logLead : Setting master connection string to {0}" -f $secretConnectionString)`
			`$global:masterConnectionString = $secretConnectionString`
			`}`
			`}`

			`if ($hasCerts) {`
			`Read-AppTierCertificates $downloadFolder $savedCertificates`
			`}`

			`if (Test-Path $downloadFolder) {`
			`Write-Verbose ("$logLead : Removing temporary download folder {0}" -f $downloadFolder)`
			`Remove-Item $downloadFolder -Recurse -Force`
			`}`
			`}`

			`Set-Alias -name Load-AppTierSecrets -value Read-AppTierSecrets;`