M8: CHANGELOG + DesignSpec for 2026.06.03.2136 (CRUD + auth provider expansion); refresh published manifest/binary

2026-06-03 17:38:45 -04:00
parent d9822aab7a
commit 09c3d5c68b
4 changed files with 96 additions and 14 deletions
@@ -6,6 +6,19 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) loos

 ## Unreleased

+## 2026.06.03.2136
+
+- Build produced from commit d9822aab7a4a.
+- **Resource CRUD expansion**: Added full Get/New/Update/Remove cmdlet families for Projects, Environments, Folders, and Tags (20 new cmdlets):
+  - Projects: `Get-InfisicalProjects`, `Get-InfisicalProject`, `New-InfisicalProject`, `Update-InfisicalProject`, `Remove-InfisicalProject`.
+  - Environments: `Get-InfisicalEnvironments`, `Get-InfisicalEnvironment`, `New-InfisicalEnvironment`, `Update-InfisicalEnvironment`, `Remove-InfisicalEnvironment`.
+  - Folders: `Get-InfisicalFolders`, `Get-InfisicalFolder`, `New-InfisicalFolder`, `Update-InfisicalFolder`, `Remove-InfisicalFolder`.
+  - Tags: `Get-InfisicalTags`, `Get-InfisicalTag`, `New-InfisicalTag`, `Update-InfisicalTag`, `Remove-InfisicalTag`.
+- **Secret mutation cmdlets**: Added `New-InfisicalSecret`, `Update-InfisicalSecret`, and `Remove-InfisicalSecret`; extended `InfisicalSecretsClient` with corresponding create/update/delete operations.
+- **Additional auth providers**: `Connect-Infisical` now supports JWT (`-Jwt -IdentityId`), OIDC (`-Jwt -IdentityId`), LDAP (`-Username -Password`), Azure (`-Jwt -IdentityId`), and GCP IAM (`-Jwt -IdentityId`) via dedicated parameter sets. Common identity-login flow is centralized in `IdentityLoginExecutor`.
+- Endpoint registry expanded with login routes (`/api/v1/auth/{jwt|oidc|ldap|azure|gcp}-auth/login`) and CRUD routes for projects (v2), environments, folders, tags, and secret mutations.
+- Test suite expanded to 139 passing tests, including mapper round-trips for projects/environments/folders/tags, secret mutation DTO shapes, and request-body validation for each new auth provider.
+
 ## 2026.06.03.0131

 - Build produced from commit 7be0b7b42008.
@@ -1,6 +1,6 @@
@{
    RootModule           = 'PSInfisicalAPI.psm1'
-    ModuleVersion        = '2026.06.03.0131'
+    ModuleVersion        = '2026.06.03.2136'
    GUID                 = 'b8a2f3d4-7c51-4d2f-9e6a-1f0c8b3d4e51'
    Author               = 'Grace Solutions'
    CompanyName          = 'Grace Solutions'
@@ -14,8 +14,31 @@
        'Disconnect-Infisical',
        'Get-InfisicalSecrets',
        'Get-InfisicalSecret',
+        'New-InfisicalSecret',
+        'Update-InfisicalSecret',
+        'Remove-InfisicalSecret',
        'ConvertTo-InfisicalSecretDictionary',
-        'Export-InfisicalSecrets'
+        'Export-InfisicalSecrets',
+        'Get-InfisicalProjects',
+        'Get-InfisicalProject',
+        'New-InfisicalProject',
+        'Update-InfisicalProject',
+        'Remove-InfisicalProject',
+        'Get-InfisicalEnvironments',
+        'Get-InfisicalEnvironment',
+        'New-InfisicalEnvironment',
+        'Update-InfisicalEnvironment',
+        'Remove-InfisicalEnvironment',
+        'Get-InfisicalFolders',
+        'Get-InfisicalFolder',
+        'New-InfisicalFolder',
+        'Update-InfisicalFolder',
+        'Remove-InfisicalFolder',
+        'Get-InfisicalTags',
+        'Get-InfisicalTag',
+        'New-InfisicalTag',
+        'Update-InfisicalTag',
+        'Remove-InfisicalTag'
    )
    AliasesToExport      = @()
    VariablesToExport    = @()
@@ -27,7 +50,7 @@
            LicenseUri   = 'https://www.gnu.org/licenses/agpl-3.0.html'
            ProjectUri   = 'https://prod.git.gracesolution.info/gsadmin/PSInfisicalAPI'
            ReleaseNotes = 'See CHANGELOG.md in the project repository for release history.'
-            CommitHash   = '7be0b7b42008'
+            CommitHash   = 'd9822aab7a4a'
        }
    }
 }
@@ -6,15 +6,38 @@

 The goal is to establish a strong, reusable, secure framework first, then initially implement secret retrieval and export workflows.

-Initial public cmdlets:
+Public cmdlets:

 ```powershell
 Connect-Infisical
 Disconnect-Infisical
 Get-InfisicalSecrets
 Get-InfisicalSecret
+New-InfisicalSecret
+Update-InfisicalSecret
+Remove-InfisicalSecret
 ConvertTo-InfisicalSecretDictionary
 Export-InfisicalSecrets
+Get-InfisicalProjects
+Get-InfisicalProject
+New-InfisicalProject
+Update-InfisicalProject
+Remove-InfisicalProject
+Get-InfisicalEnvironments
+Get-InfisicalEnvironment
+New-InfisicalEnvironment
+Update-InfisicalEnvironment
+Remove-InfisicalEnvironment
+Get-InfisicalFolders
+Get-InfisicalFolder
+New-InfisicalFolder
+Update-InfisicalFolder
+Remove-InfisicalFolder
+Get-InfisicalTags
+Get-InfisicalTag
+New-InfisicalTag
+Update-InfisicalTag
+Remove-InfisicalTag
 ```

 Infisical’s public API is REST-based and provides programmatic access for managing secrets and related resources. Current Infisical documentation shows the list-secrets endpoint under `/api/v4/secrets`, the single-secret retrieval endpoint under `/api/v4/secrets/{secretName}`, and Universal Auth login under `/api/v1/auth/universal-auth/login`. The implementation must centralize API endpoint definitions because Infisical uses different API versions across resource families. ([Infisical Blog][1])
@@ -198,8 +221,31 @@ Example shape:
        'Disconnect-Infisical',
        'Get-InfisicalSecrets',
        'Get-InfisicalSecret',
+        'New-InfisicalSecret',
+        'Update-InfisicalSecret',
+        'Remove-InfisicalSecret',
        'ConvertTo-InfisicalSecretDictionary',
-        'Export-InfisicalSecrets'
+        'Export-InfisicalSecrets',
+        'Get-InfisicalProjects',
+        'Get-InfisicalProject',
+        'New-InfisicalProject',
+        'Update-InfisicalProject',
+        'Remove-InfisicalProject',
+        'Get-InfisicalEnvironments',
+        'Get-InfisicalEnvironment',
+        'New-InfisicalEnvironment',
+        'Update-InfisicalEnvironment',
+        'Remove-InfisicalEnvironment',
+        'Get-InfisicalFolders',
+        'Get-InfisicalFolder',
+        'New-InfisicalFolder',
+        'Update-InfisicalFolder',
+        'Remove-InfisicalFolder',
+        'Get-InfisicalTags',
+        'Get-InfisicalTag',
+        'New-InfisicalTag',
+        'Update-InfisicalTag',
+        'Remove-InfisicalTag'
    )
    AliasesToExport = @()
    PrivateData = @{
@@ -698,29 +744,29 @@ Internal implementation must still use proper typed path handling.

 # 12. Authentication Design

-## 12.1 Supported Initial Auth Types
+## 12.1 Supported Auth Types

-Initial implementation:
+Currently implemented:

 ```text
 Universal Auth
 Token Auth
+JWT Auth
+OIDC Auth
+LDAP Auth
+Azure Auth
+GCP IAM Auth
 ```

-Infisical documents identity authentication modes such as Universal Auth and Token Auth for API access, and API interaction requires an access token. ([Infisical Blog][3])
+Each implemented provider is exposed as a dedicated `Connect-Infisical` parameter set. Identity-based providers (JWT, OIDC, Azure, GCP IAM) share a common login flow via `IdentityLoginExecutor` and POST to `/api/v1/auth/{provider}-auth/login`. Infisical documents identity authentication modes such as Universal Auth and Token Auth for API access, and API interaction requires an access token. ([Infisical Blog][3])

 ## 12.2 Future Auth Types

 Design must allow future support for:

 ```text
-AWS Auth
-Azure Auth
-GCP Auth
+AWS IAM Auth
 Kubernetes Auth
-OIDC Auth
-JWT Auth
-LDAP Auth
 TLS Certificate Auth
 Alibaba Cloud Auth
 OCI Auth