cbrand/ps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c34cead304
ps/Modules/Alkami.DevOps.SqlReports/Public/Get-ReportUserCredentialsFromSecretServer.ps1
jcolebrand c34cead304 First full commit
2023-05-30 22:51:22 -07:00

76 lines
2.6 KiB
PowerShell
Raw Blame History

function Get-ReportUserCredentialsFromSecretServer () {
<#
.SYNOPSIS
Gets the username and password of a report user secret from Secret Server.
.PARAMETER secretUserName
Username of the user to authenticate with on Secret Server.
.PARAMETER secretPassword
Password of the user to authenticate with on Secret Server.
.PARAMETER environmentName
The environment name of the report user to retrieve (e.g. "12")
.PARAMETER environmentType
The environment type of the report user to retrieve (e.g. "Production")
.OUTPUTS
Either an object containing the username and password of the reports user or null.
.EXAMPLE
Get-ReportUserCredentialsFromSecretServer -secretUserName "BobBarker" -secretPassword "PIR123!" -environmentName "12" -environmentType "Production"
Password Username
-------- --------
ExamplePwd ExampleUser
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[String]$secretUserName,
[Parameter(Mandatory=$true)]
[String]$secretPassword,
[Parameter(Mandatory=$true)]
[String]$environmentName,
[Parameter(Mandatory=$true)]
[String]$environmentType
)
$loglead = (Get-LogLeadName)
# Note: If the bootstrap scripts are modified to pass in a credential object, this won't be necessary.
$secretCredential = New-Object System.Management.Automation.PSCredential ( $secretUserName , (Get-SecureString $secretPassword))
$folderName = "ReportUsers"
$result = $null
# Determine the name of the secret based on environment type.
# Only production (for now) has separate secrets per-environment.
$secretName = $null
if($environmentType -eq "Production") {
# Extract the major pod from the name.
$dotSearch = $environmentName.IndexOf(".")
if($dotSearch -ge 0) {
$environmentName = $environmentName.Substring(0, $dotSearch)
}
$secretName = "$environmentType-$environmentName-ReportUser"
} else {
$secretName = "$environmentType-ReportUser"
}
Write-Verbose "$loglead : Searching for secret '$secretName' in folder '$folderName'"
$resultCredential = ( Get-UserCredentialsFromSecretServer $secretCredential $folderName $secretName )
# Note: If the bootstrap scripts are modified to accept credential results, this won't be necessary.
if ( $null -ne $resultCredential ) {
$result = New-Object PSObject -Property @{
'Username' = $resultCredential.UserName
'Password' = (Get-PasswordFromCredential $resultCredential)
}
}
return $result
}
Reference in New Issue View Git Blame Copy Permalink