Add Get-InfisicalCertificatePolicy cmdlet
Covers GET /api/v1/cert-manager/certificate-policies (List default with optional -Limit, -Offset) and GET /api/v1/cert-manager/certificate-policies/{certificatePolicyId} (ById). New InfisicalCertificatePolicy model surfaces subject, SANs, key usages, extended key usages, algorithms, and validity. Polymorphic string-or-array fields (allowed/required/keyAlgorithm) are normalized to arrays; sans is normalized whether the API returns an object or an array. Manifest, build expected list, and MAML help updated.
This commit is contained in:
GraceSolutions
@@ -0,0 +1,54 @@
|
||||
using System;
|
||||
using System.Management.Automation;
|
||||
using PSInfisicalAPI.Connections;
|
||||
using PSInfisicalAPI.Models;
|
||||
using PSInfisicalAPI.Pki;
|
||||
|
||||
namespace PSInfisicalAPI.Cmdlets
|
||||
{
|
||||
[Cmdlet(VerbsCommon.Get, "InfisicalCertificatePolicy", DefaultParameterSetName = "List")]
|
||||
[OutputType(typeof(InfisicalCertificatePolicy))]
|
||||
public sealed class GetInfisicalCertificatePolicyCmdlet : InfisicalCmdletBase
|
||||
{
|
||||
[Parameter(ParameterSetName = "ById", Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true)]
|
||||
[Alias("Id", "CertificatePolicyId")]
|
||||
public string PolicyId { get; set; }
|
||||
|
||||
[Parameter] public string ProjectId { get; set; }
|
||||
|
||||
[Parameter(ParameterSetName = "List")] public int? Limit { get; set; }
|
||||
|
||||
[Parameter(ParameterSetName = "List")] public int? Offset { get; set; }
|
||||
|
||||
protected override void ProcessRecord()
|
||||
{
|
||||
try
|
||||
{
|
||||
InfisicalConnection connection = InfisicalSessionManager.RequireCurrent();
|
||||
InfisicalPkiClient client = new InfisicalPkiClient(HttpClient, Logger);
|
||||
string resolvedProjectId = ResolveProjectId(connection, ProjectId);
|
||||
|
||||
if (string.Equals(ParameterSetName, "ById", StringComparison.Ordinal))
|
||||
{
|
||||
InfisicalCertificatePolicy policy = client.GetCertificatePolicy(connection, PolicyId, resolvedProjectId);
|
||||
if (policy != null)
|
||||
{
|
||||
WriteObject(policy);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
InfisicalCertificatePolicy[] all = client.ListCertificatePolicies(connection, resolvedProjectId, Limit, Offset);
|
||||
foreach (InfisicalCertificatePolicy policy in all)
|
||||
{
|
||||
WriteObject(policy);
|
||||
}
|
||||
}
|
||||
catch (Exception exception)
|
||||
{
|
||||
ThrowTerminatingForException("GetInfisicalCertificatePolicyCmdlet", "GetCertificatePolicy", exception);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -57,5 +57,8 @@ namespace PSInfisicalAPI.Endpoints
|
||||
|
||||
public const string ListCertificateProfiles = "ListCertificateProfiles";
|
||||
public const string GetCertificateProfile = "GetCertificateProfile";
|
||||
|
||||
public const string ListCertificatePolicies = "ListCertificatePolicies";
|
||||
public const string GetCertificatePolicy = "GetCertificatePolicy";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -662,6 +662,26 @@ namespace PSInfisicalAPI.Endpoints
|
||||
Template = "/api/v1/cert-manager/certificate-profiles/{certificateProfileId}",
|
||||
RequiresAuthorization = true
|
||||
});
|
||||
|
||||
Add(map, new InfisicalEndpointDefinition
|
||||
{
|
||||
Name = InfisicalEndpointNames.ListCertificatePolicies,
|
||||
Resource = "Pki",
|
||||
Version = "v1",
|
||||
Method = "GET",
|
||||
Template = "/api/v1/cert-manager/certificate-policies",
|
||||
RequiresAuthorization = true
|
||||
});
|
||||
|
||||
Add(map, new InfisicalEndpointDefinition
|
||||
{
|
||||
Name = InfisicalEndpointNames.GetCertificatePolicy,
|
||||
Resource = "Pki",
|
||||
Version = "v1",
|
||||
Method = "GET",
|
||||
Template = "/api/v1/cert-manager/certificate-policies/{certificatePolicyId}",
|
||||
RequiresAuthorization = true
|
||||
});
|
||||
}
|
||||
|
||||
public static InfisicalEndpointDefinition Get(string name)
|
||||
|
||||
@@ -0,0 +1,50 @@
|
||||
using System;
|
||||
|
||||
namespace PSInfisicalAPI.Models
|
||||
{
|
||||
public sealed class InfisicalCertificatePolicy
|
||||
{
|
||||
public string Id { get; set; }
|
||||
public string ProjectId { get; set; }
|
||||
public string Name { get; set; }
|
||||
public string Description { get; set; }
|
||||
public InfisicalCertificatePolicySubject Subject { get; set; }
|
||||
public InfisicalCertificatePolicySan[] Sans { get; set; }
|
||||
public InfisicalCertificatePolicyUsages KeyUsages { get; set; }
|
||||
public InfisicalCertificatePolicyUsages ExtendedKeyUsages { get; set; }
|
||||
public InfisicalCertificatePolicyAlgorithms Algorithms { get; set; }
|
||||
public InfisicalCertificatePolicyValidity Validity { get; set; }
|
||||
public DateTimeOffset? CreatedAtUtc { get; set; }
|
||||
public DateTimeOffset? UpdatedAtUtc { get; set; }
|
||||
}
|
||||
|
||||
public sealed class InfisicalCertificatePolicySubject
|
||||
{
|
||||
public string Type { get; set; }
|
||||
public string[] Allowed { get; set; }
|
||||
}
|
||||
|
||||
public sealed class InfisicalCertificatePolicySan
|
||||
{
|
||||
public string Type { get; set; }
|
||||
public string[] Allowed { get; set; }
|
||||
public string[] Required { get; set; }
|
||||
}
|
||||
|
||||
public sealed class InfisicalCertificatePolicyUsages
|
||||
{
|
||||
public string[] Allowed { get; set; }
|
||||
public string[] Required { get; set; }
|
||||
}
|
||||
|
||||
public sealed class InfisicalCertificatePolicyAlgorithms
|
||||
{
|
||||
public string Signature { get; set; }
|
||||
public string[] KeyAlgorithms { get; set; }
|
||||
}
|
||||
|
||||
public sealed class InfisicalCertificatePolicyValidity
|
||||
{
|
||||
public string Max { get; set; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,58 @@
|
||||
using System.Collections.Generic;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
|
||||
namespace PSInfisicalAPI.Pki
|
||||
{
|
||||
internal sealed class InfisicalCertificatePolicyResponseDto
|
||||
{
|
||||
[JsonProperty("id")] public string Id { get; set; }
|
||||
[JsonProperty("projectId")] public string ProjectId { get; set; }
|
||||
[JsonProperty("name")] public string Name { get; set; }
|
||||
[JsonProperty("description")] public string Description { get; set; }
|
||||
[JsonProperty("subject")] public InfisicalCertificatePolicySubjectDto Subject { get; set; }
|
||||
[JsonProperty("sans")] public JToken SansRaw { get; set; }
|
||||
[JsonProperty("keyUsages")] public InfisicalCertificatePolicyUsagesDto KeyUsages { get; set; }
|
||||
[JsonProperty("extendedKeyUsages")] public InfisicalCertificatePolicyUsagesDto ExtendedKeyUsages { get; set; }
|
||||
[JsonProperty("algorithms")] public InfisicalCertificatePolicyAlgorithmsDto Algorithms { get; set; }
|
||||
[JsonProperty("validity")] public InfisicalCertificatePolicyValidityDto Validity { get; set; }
|
||||
[JsonProperty("createdAt")] public string CreatedAt { get; set; }
|
||||
[JsonProperty("updatedAt")] public string UpdatedAt { get; set; }
|
||||
}
|
||||
|
||||
internal sealed class InfisicalCertificatePolicySubjectDto
|
||||
{
|
||||
[JsonProperty("type")] public string Type { get; set; }
|
||||
[JsonProperty("allowed")] public JToken AllowedRaw { get; set; }
|
||||
}
|
||||
|
||||
internal sealed class InfisicalCertificatePolicySanDto
|
||||
{
|
||||
[JsonProperty("type")] public string Type { get; set; }
|
||||
[JsonProperty("allowed")] public JToken AllowedRaw { get; set; }
|
||||
[JsonProperty("required")] public JToken RequiredRaw { get; set; }
|
||||
}
|
||||
|
||||
internal sealed class InfisicalCertificatePolicyUsagesDto
|
||||
{
|
||||
[JsonProperty("allowed")] public JToken AllowedRaw { get; set; }
|
||||
[JsonProperty("required")] public JToken RequiredRaw { get; set; }
|
||||
}
|
||||
|
||||
internal sealed class InfisicalCertificatePolicyAlgorithmsDto
|
||||
{
|
||||
[JsonProperty("signature")] public string Signature { get; set; }
|
||||
[JsonProperty("keyAlgorithm")] public JToken KeyAlgorithmRaw { get; set; }
|
||||
}
|
||||
|
||||
internal sealed class InfisicalCertificatePolicyValidityDto
|
||||
{
|
||||
[JsonProperty("max")] public string Max { get; set; }
|
||||
}
|
||||
|
||||
internal sealed class InfisicalCertificatePolicyListResponseDto
|
||||
{
|
||||
[JsonProperty("certificatePolicies")] public List<InfisicalCertificatePolicyResponseDto> CertificatePolicies { get; set; }
|
||||
[JsonProperty("totalCount")] public int? TotalCount { get; set; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,138 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Globalization;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using PSInfisicalAPI.Models;
|
||||
|
||||
namespace PSInfisicalAPI.Pki
|
||||
{
|
||||
internal static class InfisicalCertificatePolicyMapper
|
||||
{
|
||||
public static InfisicalCertificatePolicy Map(InfisicalCertificatePolicyResponseDto dto, string fallbackProjectId)
|
||||
{
|
||||
if (dto == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
return new InfisicalCertificatePolicy
|
||||
{
|
||||
Id = dto.Id,
|
||||
ProjectId = !string.IsNullOrEmpty(dto.ProjectId) ? dto.ProjectId : fallbackProjectId,
|
||||
Name = dto.Name,
|
||||
Description = dto.Description,
|
||||
Subject = MapSubject(dto.Subject),
|
||||
Sans = MapSans(dto.SansRaw),
|
||||
KeyUsages = MapUsages(dto.KeyUsages),
|
||||
ExtendedKeyUsages = MapUsages(dto.ExtendedKeyUsages),
|
||||
Algorithms = MapAlgorithms(dto.Algorithms),
|
||||
Validity = MapValidity(dto.Validity),
|
||||
CreatedAtUtc = ParseTimestamp(dto.CreatedAt),
|
||||
UpdatedAtUtc = ParseTimestamp(dto.UpdatedAt)
|
||||
};
|
||||
}
|
||||
|
||||
public static InfisicalCertificatePolicy[] MapMany(IEnumerable<InfisicalCertificatePolicyResponseDto> items, string fallbackProjectId)
|
||||
{
|
||||
if (items == null)
|
||||
{
|
||||
return Array.Empty<InfisicalCertificatePolicy>();
|
||||
}
|
||||
|
||||
List<InfisicalCertificatePolicy> results = new List<InfisicalCertificatePolicy>();
|
||||
foreach (InfisicalCertificatePolicyResponseDto dto in items)
|
||||
{
|
||||
InfisicalCertificatePolicy mapped = Map(dto, fallbackProjectId);
|
||||
if (mapped != null)
|
||||
{
|
||||
results.Add(mapped);
|
||||
}
|
||||
}
|
||||
|
||||
return results.ToArray();
|
||||
}
|
||||
|
||||
private static InfisicalCertificatePolicySubject MapSubject(InfisicalCertificatePolicySubjectDto dto)
|
||||
{
|
||||
if (dto == null) { return null; }
|
||||
return new InfisicalCertificatePolicySubject
|
||||
{
|
||||
Type = dto.Type,
|
||||
Allowed = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.AllowedRaw)
|
||||
};
|
||||
}
|
||||
|
||||
private static InfisicalCertificatePolicySan[] MapSans(JToken token)
|
||||
{
|
||||
if (token == null || token.Type == JTokenType.Null) { return null; }
|
||||
|
||||
List<InfisicalCertificatePolicySan> results = new List<InfisicalCertificatePolicySan>();
|
||||
if (token.Type == JTokenType.Array)
|
||||
{
|
||||
foreach (JToken child in (JArray)token)
|
||||
{
|
||||
InfisicalCertificatePolicySan mapped = MapSanObject(child);
|
||||
if (mapped != null) { results.Add(mapped); }
|
||||
}
|
||||
}
|
||||
else if (token.Type == JTokenType.Object)
|
||||
{
|
||||
InfisicalCertificatePolicySan mapped = MapSanObject(token);
|
||||
if (mapped != null) { results.Add(mapped); }
|
||||
}
|
||||
|
||||
return results.Count > 0 ? results.ToArray() : null;
|
||||
}
|
||||
|
||||
private static InfisicalCertificatePolicySan MapSanObject(JToken token)
|
||||
{
|
||||
if (token == null || token.Type != JTokenType.Object) { return null; }
|
||||
InfisicalCertificatePolicySanDto dto = token.ToObject<InfisicalCertificatePolicySanDto>();
|
||||
if (dto == null) { return null; }
|
||||
return new InfisicalCertificatePolicySan
|
||||
{
|
||||
Type = dto.Type,
|
||||
Allowed = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.AllowedRaw),
|
||||
Required = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.RequiredRaw)
|
||||
};
|
||||
}
|
||||
|
||||
private static InfisicalCertificatePolicyUsages MapUsages(InfisicalCertificatePolicyUsagesDto dto)
|
||||
{
|
||||
if (dto == null) { return null; }
|
||||
return new InfisicalCertificatePolicyUsages
|
||||
{
|
||||
Allowed = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.AllowedRaw),
|
||||
Required = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.RequiredRaw)
|
||||
};
|
||||
}
|
||||
|
||||
private static InfisicalCertificatePolicyAlgorithms MapAlgorithms(InfisicalCertificatePolicyAlgorithmsDto dto)
|
||||
{
|
||||
if (dto == null) { return null; }
|
||||
return new InfisicalCertificatePolicyAlgorithms
|
||||
{
|
||||
Signature = dto.Signature,
|
||||
KeyAlgorithms = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.KeyAlgorithmRaw)
|
||||
};
|
||||
}
|
||||
|
||||
private static InfisicalCertificatePolicyValidity MapValidity(InfisicalCertificatePolicyValidityDto dto)
|
||||
{
|
||||
if (dto == null) { return null; }
|
||||
return new InfisicalCertificatePolicyValidity { Max = dto.Max };
|
||||
}
|
||||
|
||||
private static DateTimeOffset? ParseTimestamp(string value)
|
||||
{
|
||||
if (string.IsNullOrEmpty(value)) { return null; }
|
||||
DateTimeOffset parsed;
|
||||
if (DateTimeOffset.TryParse(value, CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal | DateTimeStyles.AdjustToUniversal, out parsed))
|
||||
{
|
||||
return parsed;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -427,6 +427,94 @@ namespace PSInfisicalAPI.Pki
|
||||
return obj.ToObject<InfisicalCertificateProfileResponseDto>();
|
||||
}
|
||||
|
||||
public InfisicalCertificatePolicy[] ListCertificatePolicies(InfisicalConnection connection, string projectId, int? limit, int? offset)
|
||||
{
|
||||
if (connection == null) { throw new ArgumentNullException(nameof(connection)); }
|
||||
string resolvedProjectId = FirstNonEmpty(projectId, connection.ProjectId);
|
||||
if (string.IsNullOrEmpty(resolvedProjectId)) { throw new InfisicalConfigurationException("ProjectId is required."); }
|
||||
|
||||
List<KeyValuePair<string, string>> query = new List<KeyValuePair<string, string>>
|
||||
{
|
||||
new KeyValuePair<string, string>("projectId", resolvedProjectId)
|
||||
};
|
||||
if (limit.HasValue) { query.Add(new KeyValuePair<string, string>("limit", limit.Value.ToString(CultureInfo.InvariantCulture))); }
|
||||
if (offset.HasValue) { query.Add(new KeyValuePair<string, string>("offset", offset.Value.ToString(CultureInfo.InvariantCulture))); }
|
||||
|
||||
try
|
||||
{
|
||||
_logger.Information(Component, "Attempting to list Infisical certificate policies. Please Wait...");
|
||||
InfisicalHttpResponse response = _invoker.InvokeWithCandidateFallback(connection, InfisicalEndpointNames.ListCertificatePolicies, "ListCertificatePolicies", null, query, null);
|
||||
string body = response.Body;
|
||||
response.Clear();
|
||||
|
||||
List<InfisicalCertificatePolicyResponseDto> source = ParseCertificatePolicyListBody(body);
|
||||
InfisicalCertificatePolicy[] mapped = InfisicalCertificatePolicyMapper.MapMany(source, resolvedProjectId);
|
||||
_logger.Information(Component, "Infisical certificate policy list retrieval was successful.");
|
||||
return mapped;
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
_logger.Error(Component, "Infisical certificate policy list retrieval failed.");
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
public InfisicalCertificatePolicy GetCertificatePolicy(InfisicalConnection connection, string certificatePolicyId, string projectId)
|
||||
{
|
||||
if (connection == null) { throw new ArgumentNullException(nameof(connection)); }
|
||||
if (string.IsNullOrEmpty(certificatePolicyId)) { throw new InfisicalConfigurationException("CertificatePolicyId is required."); }
|
||||
|
||||
Dictionary<string, string> pathParameters = new Dictionary<string, string> { { "certificatePolicyId", certificatePolicyId } };
|
||||
List<KeyValuePair<string, string>> query = null;
|
||||
if (!string.IsNullOrEmpty(projectId))
|
||||
{
|
||||
query = new List<KeyValuePair<string, string>> { new KeyValuePair<string, string>("projectId", projectId) };
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
_logger.Information(Component, string.Concat("Attempting to retrieve Infisical certificate policy '", certificatePolicyId, "'. Please Wait..."));
|
||||
InfisicalHttpResponse response = _invoker.InvokeWithCandidateFallback(connection, InfisicalEndpointNames.GetCertificatePolicy, "GetCertificatePolicy", pathParameters, query, null);
|
||||
string body = response.Body;
|
||||
response.Clear();
|
||||
|
||||
InfisicalCertificatePolicyResponseDto inner = ParseCertificatePolicySingleBody(body);
|
||||
string fallbackProjectId = !string.IsNullOrEmpty(projectId) ? projectId : connection.ProjectId;
|
||||
InfisicalCertificatePolicy mapped = InfisicalCertificatePolicyMapper.Map(inner, fallbackProjectId);
|
||||
_logger.Information(Component, "Infisical certificate policy retrieval was successful.");
|
||||
return mapped;
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
_logger.Error(Component, "Infisical certificate policy retrieval failed.");
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
private List<InfisicalCertificatePolicyResponseDto> ParseCertificatePolicyListBody(string body)
|
||||
{
|
||||
if (string.IsNullOrEmpty(body)) { return null; }
|
||||
JToken token = JToken.Parse(body);
|
||||
if (token.Type == JTokenType.Array)
|
||||
{
|
||||
return token.ToObject<List<InfisicalCertificatePolicyResponseDto>>();
|
||||
}
|
||||
|
||||
InfisicalCertificatePolicyListResponseDto wrapper = token.ToObject<InfisicalCertificatePolicyListResponseDto>();
|
||||
return wrapper != null ? wrapper.CertificatePolicies : null;
|
||||
}
|
||||
|
||||
private InfisicalCertificatePolicyResponseDto ParseCertificatePolicySingleBody(string body)
|
||||
{
|
||||
if (string.IsNullOrEmpty(body)) { return null; }
|
||||
JToken token = JToken.Parse(body);
|
||||
if (token.Type != JTokenType.Object) { return null; }
|
||||
JObject obj = (JObject)token;
|
||||
|
||||
if (obj["certificatePolicy"] is JObject inner) { return inner.ToObject<InfisicalCertificatePolicyResponseDto>(); }
|
||||
return obj.ToObject<InfisicalCertificatePolicyResponseDto>();
|
||||
}
|
||||
|
||||
public InfisicalCertificateBundle GetCertificateBundle(InfisicalConnection connection, string serialNumber)
|
||||
{
|
||||
if (connection == null) { throw new ArgumentNullException(nameof(connection)); }
|
||||
|
||||
Reference in New Issue
Block a user