62 lines
2.5 KiB
PowerShell
62 lines
2.5 KiB
PowerShell
function Read-AppTierSecrets {
|
|
<#
|
|
.SYNOPSIS
|
|
Reads App Tier Secrets.
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
Param(
|
|
[string]$secretUserName,
|
|
[string]$secretPassword,
|
|
[string]$secretFolder,
|
|
[string]$secretDomain
|
|
)
|
|
|
|
$logLead = (Get-LogLeadName);
|
|
$hasCerts = $false
|
|
|
|
# Create a temporary download folder for certificates
|
|
$randomFolderName = [System.IO.Path]::GetRandomFileName().Split('.') | Select-Object -First 1
|
|
$downloadFolder = Join-Path $PSScriptRoot $randomFolderName
|
|
|
|
if (!([System.IO.Directory]::Exists($downloadFolder))) {
|
|
Write-Verbose ("$logLead : Creating temporary download folder {0}" -f $downloadFolder)
|
|
New-Item $downloadFolder -ItemType Directory -Force | Out-Null
|
|
}
|
|
|
|
# Pull Secrets
|
|
Write-Output ("$logLead : Getting AppServer Secrets for Folder {0} using user {1}" -f $secretFolder, $secretUserName)
|
|
$secrets = Get-SecretsForPod $secretUserName $secretPassword $secretDomain $secretFolder
|
|
|
|
$savedCertificates = @()
|
|
|
|
# Have to explicitly call GetEnumerator because of the way PS handles Dictionaries to HashTables
|
|
foreach ($secret in $secrets.GetEnumerator()) {
|
|
[System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null
|
|
|
|
if ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::Certificate) {
|
|
$cert = [Alkami.Ops.SecretServer.Model.Certificate]$secret.Value
|
|
Save-CertificatesToDisk $cert ([ref]$savedCertificates) $downloadFolder
|
|
$hasCerts = $true
|
|
}
|
|
elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::User) {
|
|
Set-ServiceAccountValue ([Alkami.Ops.SecretServer.Model.User]$secret.Value)
|
|
}
|
|
elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::ConnectionString -and $masterConnectionString -eq "REPLACEME") {
|
|
$secretConnectionString = ([Alkami.Ops.SecretServer.Model.ConnectionString]$secret.Value).RawConnectionString
|
|
Write-Output ("$logLead : Setting master connection string to {0}" -f $secretConnectionString)
|
|
$global:masterConnectionString = $secretConnectionString
|
|
}
|
|
}
|
|
|
|
if ($hasCerts) {
|
|
Read-AppTierCertificates $downloadFolder $savedCertificates
|
|
}
|
|
|
|
if (Test-Path $downloadFolder) {
|
|
Write-Verbose ("$logLead : Removing temporary download folder {0}" -f $downloadFolder)
|
|
Remove-Item $downloadFolder -Recurse -Force
|
|
}
|
|
}
|
|
|
|
Set-Alias -name Load-AppTierSecrets -value Read-AppTierSecrets; |