79 lines
2.5 KiB
PowerShell
79 lines
2.5 KiB
PowerShell
function Update-SftpPassword {
|
|
<#
|
|
.SYNOPSIS
|
|
Updates the password of an Alkami SFTP user.
|
|
|
|
.DESCRIPTION
|
|
Updates the password of an Alkami SFTP user by updating the Secrets Manager entry for the user.
|
|
|
|
.PARAMETER Username
|
|
[string] The username of the user to update. Casing must be an exact match.
|
|
|
|
.PARAMETER Password
|
|
[string] The new password of the user. If not provided, one will be generated.
|
|
|
|
.PARAMETER ProfileName
|
|
[string] The AWS profile to use during user modification. If not provided, will default to 'temp-prod'.
|
|
|
|
.PARAMETER Region
|
|
[string] The AWS region to use during user modification. If not provided, will default to 'us-east-1'.
|
|
|
|
.EXAMPLE
|
|
Update-SftpPassword -Username "TestUser-sftp"
|
|
|
|
.EXAMPLE
|
|
Update-SftpPassword -Username "TestUser-sftp" -Password "1nsecure-ShouldHaveUsedGenerated!"
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
[OutputType([PSObject])]
|
|
param (
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateNotNullOrEmpty()]
|
|
[string] $Username,
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[ValidateNotNullOrEmpty()]
|
|
[string] $Password = $null,
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[ValidateSet('temp-qa', 'temp-prod')]
|
|
[string] $ProfileName = 'temp-prod',
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[ValidateScript({ $_ -in (Get-SupportedAwsRegions) })]
|
|
[string] $Region = 'us-east-1'
|
|
)
|
|
|
|
$logLead = (Get-LogLeadName)
|
|
|
|
Import-AWSModule
|
|
|
|
if ( $false -eq $PSBoundParameters.ContainsKey( 'Password' ) ) {
|
|
|
|
Write-Verbose "$logLead : Generating password for user."
|
|
$Password = New-SecurePassword -PasswordLength 15 -ProfileName $ProfileName -Region $Region
|
|
}
|
|
|
|
$passwordHash = New-SftpPasswordHash -Password $Password
|
|
|
|
if ( $null -eq $passwordHash ) {
|
|
|
|
Write-Error "$logLead : Unable to generate password hash for SFTP user."
|
|
return $null
|
|
}
|
|
|
|
$secretObject = Get-SECSecretValue -SecretId $Username -ProfileName $ProfileName -Region $Region
|
|
if ( $null -eq $secretObject ) {
|
|
|
|
Write-Error "$logLead : Unable to retrieve secret for user [$Username] using profile [$ProfileName] and region [$Region]."
|
|
return $null
|
|
}
|
|
|
|
$secret = ConvertFrom-Json $secretObject.SecretString
|
|
$secret.Password = $passwordHash
|
|
Update-SECSecret -SecretId $Username -SecretString (ConvertTo-Json $secret) -ProfileName $ProfileName -Region $Region | Out-Null
|
|
|
|
return New-Object -TypeName PSObject -Property @{ Username = $Username ; Password = $Password }
|
|
}
|