feat!(certificates): expose full /certificates/search filter surface on Get/Search-InfisicalCertificate #6
@@ -40,7 +40,6 @@
|
||||
'Get-InfisicalCertificateProfile',
|
||||
'Get-InfisicalCertificatePolicy',
|
||||
'Get-InfisicalCertificate',
|
||||
'Search-InfisicalCertificate',
|
||||
'Request-InfisicalCertificate',
|
||||
'ConvertTo-InfisicalCertificate',
|
||||
'Install-InfisicalCertificate',
|
||||
|
||||
@@ -1060,7 +1060,7 @@ $GetInfisicalCertificateAuthorityResult = Get-InfisicalCertificateAuthority @Get
|
||||
<maml:alertSet>
|
||||
<maml:title>Notes</maml:title>
|
||||
<maml:alert>
|
||||
<maml:para>For advanced filtering (validity window, key algorithm, extended key usage, etc.) use Search-InfisicalCertificate instead. Single mode returns metadata only; to obtain certificate and chain PEM material use ConvertTo-InfisicalCertificate or Export-InfisicalCertificate. Accepts pipeline input by property name on -SerialNumber.</maml:para>
|
||||
<maml:para>Single mode returns metadata only; to obtain certificate and chain PEM material use ConvertTo-InfisicalCertificate or Export-InfisicalCertificate. Accepts pipeline input by property name on -SerialNumber.</maml:para>
|
||||
</maml:alert>
|
||||
</maml:alertSet>
|
||||
<command:examples>
|
||||
@@ -1219,50 +1219,6 @@ $GetInfisicalCertificatePolicyResult = Get-InfisicalCertificatePolicy @GetInfisi
|
||||
</command:examples>
|
||||
</command:command>
|
||||
|
||||
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
|
||||
<command:details>
|
||||
<command:name>Search-InfisicalCertificate</command:name>
|
||||
<maml:description><maml:para>Searches Infisical certificates with advanced filters and automatic paging.</maml:para></maml:description>
|
||||
<command:verb>Search</command:verb>
|
||||
<command:noun>InfisicalCertificate</command:noun>
|
||||
</command:details>
|
||||
<maml:description>
|
||||
<maml:para>Performs a server-side search across certificates with filters for friendly name, common name, free-text search, status, CA/profile/application/enrollment scope, key/signature algorithm, source, and validity window (-NotBeforeFrom/-NotBeforeTo/-NotAfterFrom/-NotAfterTo). Results are paged automatically unless -NoAutoPage is supplied. -ProjectId is required.</maml:para>
|
||||
</maml:description>
|
||||
<maml:alertSet>
|
||||
<maml:title>Notes</maml:title>
|
||||
<maml:alert>
|
||||
<maml:para>Use -SortBy together with -SortOrder ('asc'/'desc') to control result ordering. Pair with Get-InfisicalCertificate or Export-InfisicalCertificate to drill into specific hits.</maml:para>
|
||||
</maml:alert>
|
||||
</maml:alertSet>
|
||||
<command:examples>
|
||||
<command:example>
|
||||
<maml:title>EXAMPLE 1</maml:title>
|
||||
<dev:code>Search-InfisicalCertificate -Search $env:COMPUTERNAME -Status 'active'</dev:code>
|
||||
<dev:remarks><maml:para>Finds active certificates whose searchable fields contain the local hostname.</maml:para></dev:remarks>
|
||||
</command:example>
|
||||
<command:example>
|
||||
<maml:title>EXAMPLE 2</maml:title>
|
||||
<dev:code>$GetInfisicalCertificateAuthorityListResult = Get-InfisicalCertificateAuthority | Where-Object { $_.FriendlyName -eq 'Issuing CA - Platform' }
|
||||
|
||||
$SearchInfisicalCertificateParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
|
||||
$SearchInfisicalCertificateParameters.ProjectId = $ProjectId
|
||||
$SearchInfisicalCertificateParameters.CommonName = $env:COMPUTERNAME
|
||||
$SearchInfisicalCertificateParameters.Status = 'active'
|
||||
$SearchInfisicalCertificateParameters.CaId = @($GetInfisicalCertificateAuthorityListResult.Id)
|
||||
$SearchInfisicalCertificateParameters.KeyAlgorithm = @('RSA')
|
||||
$SearchInfisicalCertificateParameters.NotAfterTo = (Get-Date).AddDays(30)
|
||||
$SearchInfisicalCertificateParameters.SortBy = 'notAfter'
|
||||
$SearchInfisicalCertificateParameters.SortOrder = 'asc'
|
||||
$SearchInfisicalCertificateParameters.Limit = 100
|
||||
$SearchInfisicalCertificateParameters.Verbose = $True
|
||||
|
||||
$SearchInfisicalCertificateResult = Search-InfisicalCertificate @SearchInfisicalCertificateParameters</dev:code>
|
||||
<dev:remarks><maml:para>Searches for RSA certificates from a specific CA, scoped to the local hostname, that expire within the next 30 days, sorted soonest-first.</maml:para></dev:remarks>
|
||||
</command:example>
|
||||
</command:examples>
|
||||
</command:command>
|
||||
|
||||
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
|
||||
<command:details>
|
||||
<command:name>Request-InfisicalCertificate</command:name>
|
||||
|
||||
@@ -90,7 +90,6 @@ The module exports 37 cmdlets. Discovery cmdlets (`Get-Infisical*`) use a `List`
|
||||
| `Get-InfisicalCertificateAuthority` | Lists or retrieves Infisical internal Certificate Authorities. |
|
||||
| `Get-InfisicalPkiSubscriber` | Lists or retrieves Infisical PKI subscribers in a project. |
|
||||
| `Get-InfisicalCertificate` | Lists or retrieves Infisical certificates in a project, with optional filters and automatic paging. |
|
||||
| `Search-InfisicalCertificate` | Searches Infisical certificates with advanced filters and automatic paging. |
|
||||
| `Request-InfisicalCertificate` | Requests a new Infisical certificate (local CSR + sign) or reuses a still-valid existing one. |
|
||||
| `ConvertTo-InfisicalCertificate` | Materializes an X509Certificate2 from an Infisical certificate record, bundle, or serial number. |
|
||||
| `Install-InfisicalCertificate` | Installs an Infisical certificate (and optional chain) into a Windows certificate store. |
|
||||
|
||||
@@ -134,7 +134,6 @@ function Write-Manifest {
|
||||
'Get-InfisicalCertificateProfile',
|
||||
'Get-InfisicalCertificatePolicy',
|
||||
'Get-InfisicalCertificate',
|
||||
'Search-InfisicalCertificate',
|
||||
'Request-InfisicalCertificate',
|
||||
'ConvertTo-InfisicalCertificate',
|
||||
'Install-InfisicalCertificate',
|
||||
@@ -210,7 +209,7 @@ if (`$cmds.Count -eq 0) {
|
||||
throw "No cmdlets were exported by the PSInfisicalAPI module."
|
||||
}
|
||||
|
||||
`$expectedCmds = @('Connect-Infisical','Disconnect-Infisical','Get-InfisicalSecret','New-InfisicalSecret','Update-InfisicalSecret','Remove-InfisicalSecret','Copy-InfisicalSecret','ConvertTo-InfisicalSecretDictionary','Export-InfisicalSecrets','Get-InfisicalProject','New-InfisicalProject','Update-InfisicalProject','Remove-InfisicalProject','Get-InfisicalEnvironment','New-InfisicalEnvironment','Update-InfisicalEnvironment','Remove-InfisicalEnvironment','Get-InfisicalFolder','New-InfisicalFolder','Update-InfisicalFolder','Remove-InfisicalFolder','Get-InfisicalTag','New-InfisicalTag','Update-InfisicalTag','Remove-InfisicalTag','Get-InfisicalCertificateAuthority','Get-InfisicalPkiSubscriber','Get-InfisicalCertificateProfile','Get-InfisicalCertificatePolicy','Get-InfisicalCertificate','Search-InfisicalCertificate','Request-InfisicalCertificate','ConvertTo-InfisicalCertificate','Install-InfisicalCertificate','Uninstall-InfisicalCertificate','Export-InfisicalCertificate','Get-InfisicalCertificateApplication','Get-InfisicalCertificateApplicationEnrollment','New-InfisicalScepDynamicChallenge','Get-InfisicalScepMdmProfile','Export-InfisicalScepMdmProfile','Write-InfisicalScepMdmProfileToWmi')
|
||||
`$expectedCmds = @('Connect-Infisical','Disconnect-Infisical','Get-InfisicalSecret','New-InfisicalSecret','Update-InfisicalSecret','Remove-InfisicalSecret','Copy-InfisicalSecret','ConvertTo-InfisicalSecretDictionary','Export-InfisicalSecrets','Get-InfisicalProject','New-InfisicalProject','Update-InfisicalProject','Remove-InfisicalProject','Get-InfisicalEnvironment','New-InfisicalEnvironment','Update-InfisicalEnvironment','Remove-InfisicalEnvironment','Get-InfisicalFolder','New-InfisicalFolder','Update-InfisicalFolder','Remove-InfisicalFolder','Get-InfisicalTag','New-InfisicalTag','Update-InfisicalTag','Remove-InfisicalTag','Get-InfisicalCertificateAuthority','Get-InfisicalPkiSubscriber','Get-InfisicalCertificateProfile','Get-InfisicalCertificatePolicy','Get-InfisicalCertificate','Request-InfisicalCertificate','ConvertTo-InfisicalCertificate','Install-InfisicalCertificate','Uninstall-InfisicalCertificate','Export-InfisicalCertificate','Get-InfisicalCertificateApplication','Get-InfisicalCertificateApplicationEnrollment','New-InfisicalScepDynamicChallenge','Get-InfisicalScepMdmProfile','Export-InfisicalScepMdmProfile','Write-InfisicalScepMdmProfileToWmi')
|
||||
foreach (`$expected in `$expectedCmds) {
|
||||
if (-not (Get-Command -Name `$expected -Module PSInfisicalAPI -ErrorAction SilentlyContinue)) {
|
||||
throw "Cmdlet not found: `$expected"
|
||||
|
||||
@@ -1,140 +0,0 @@
|
||||
using System;
|
||||
using System.Collections;
|
||||
using System.Collections.Generic;
|
||||
using System.Management.Automation;
|
||||
using PSInfisicalAPI.Connections;
|
||||
using PSInfisicalAPI.Models;
|
||||
using PSInfisicalAPI.Pki;
|
||||
|
||||
namespace PSInfisicalAPI.Cmdlets
|
||||
{
|
||||
[Cmdlet(VerbsCommon.Search, "InfisicalCertificate")]
|
||||
[OutputType(typeof(InfisicalCertificate))]
|
||||
public sealed class SearchInfisicalCertificateCmdlet : InfisicalCmdletBase
|
||||
{
|
||||
[Parameter(Mandatory = true)] public string ProjectId { get; set; }
|
||||
[Parameter] public string FriendlyName { get; set; }
|
||||
[Parameter] public string CommonName { get; set; }
|
||||
[Parameter] public string Search { get; set; }
|
||||
[Parameter] public string Status { get; set; }
|
||||
[Parameter] public string[] CaId { get; set; }
|
||||
[Parameter] public string[] ProfileId { get; set; }
|
||||
[Parameter] public string ApplicationId { get; set; }
|
||||
[Parameter] public string[] ApplicationIds { get; set; }
|
||||
[Parameter] public string[] EnrollmentType { get; set; }
|
||||
[Parameter] public string ExtendedKeyUsage { get; set; }
|
||||
[Parameter] public string[] KeyAlgorithm { get; set; }
|
||||
[Parameter] public string SignatureAlgorithm { get; set; }
|
||||
[Parameter] public int[] KeySize { get; set; }
|
||||
[Parameter] public string[] Source { get; set; }
|
||||
[Parameter] public DateTimeOffset? FromDate { get; set; }
|
||||
[Parameter] public DateTimeOffset? ToDate { get; set; }
|
||||
[Parameter] public DateTimeOffset? NotAfterFrom { get; set; }
|
||||
[Parameter] public DateTimeOffset? NotAfterTo { get; set; }
|
||||
[Parameter] public DateTimeOffset? NotBeforeFrom { get; set; }
|
||||
[Parameter] public DateTimeOffset? NotBeforeTo { get; set; }
|
||||
[Parameter] public Hashtable Metadata { get; set; }
|
||||
[Parameter] public SwitchParameter ForPkiSync { get; set; }
|
||||
|
||||
[Parameter]
|
||||
[ValidateSet("notAfter", "notBefore", "createdAt", "commonName", "keyAlgorithm", "status")]
|
||||
public string SortBy { get; set; }
|
||||
|
||||
[Parameter] [ValidateSet("asc", "desc")] public string SortOrder { get; set; }
|
||||
[Parameter] public int? Limit { get; set; }
|
||||
[Parameter] public int? Offset { get; set; }
|
||||
[Parameter] public SwitchParameter NoAutoPage { get; set; }
|
||||
|
||||
protected override void ProcessRecord()
|
||||
{
|
||||
try
|
||||
{
|
||||
InfisicalConnection connection = InfisicalSessionManager.RequireCurrent();
|
||||
InfisicalPkiClient client = new InfisicalPkiClient(HttpClient, Logger);
|
||||
|
||||
InfisicalCertificateSearchQuery query = BuildQuery(ProjectId);
|
||||
int requestedLimit = query.Limit ?? 100;
|
||||
query.Limit = requestedLimit;
|
||||
query.Offset = query.Offset ?? 0;
|
||||
|
||||
int emitted = 0;
|
||||
while (true)
|
||||
{
|
||||
InfisicalCertificateSearchResult page = client.SearchCertificates(connection, query);
|
||||
if (page == null || page.Certificates == null || page.Certificates.Length == 0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
foreach (InfisicalCertificate cert in page.Certificates)
|
||||
{
|
||||
WriteObject(cert);
|
||||
emitted++;
|
||||
}
|
||||
|
||||
if (NoAutoPage.IsPresent || page.Certificates.Length < requestedLimit)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
if (page.TotalCount > 0 && emitted >= page.TotalCount)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
query.Offset = (query.Offset ?? 0) + page.Certificates.Length;
|
||||
}
|
||||
}
|
||||
catch (Exception exception)
|
||||
{
|
||||
ThrowTerminatingForException("SearchInfisicalCertificateCmdlet", "SearchCertificates", exception);
|
||||
}
|
||||
}
|
||||
|
||||
private InfisicalCertificateSearchQuery BuildQuery(string projectId)
|
||||
{
|
||||
return new InfisicalCertificateSearchQuery
|
||||
{
|
||||
ProjectId = projectId,
|
||||
FriendlyName = FriendlyName,
|
||||
CommonName = CommonName,
|
||||
Search = Search,
|
||||
Status = Status,
|
||||
CaIds = CaId,
|
||||
ProfileIds = ProfileId,
|
||||
ApplicationId = ApplicationId,
|
||||
ApplicationIds = ApplicationIds,
|
||||
EnrollmentTypes = EnrollmentType,
|
||||
ExtendedKeyUsage = ExtendedKeyUsage,
|
||||
KeyAlgorithm = KeyAlgorithm,
|
||||
SignatureAlgorithm = SignatureAlgorithm,
|
||||
KeySizes = KeySize,
|
||||
Source = Source,
|
||||
FromDate = FromDate,
|
||||
ToDate = ToDate,
|
||||
NotAfterFrom = NotAfterFrom,
|
||||
NotAfterTo = NotAfterTo,
|
||||
NotBeforeFrom = NotBeforeFrom,
|
||||
NotBeforeTo = NotBeforeTo,
|
||||
Metadata = ToStringDictionary(Metadata),
|
||||
ForPkiSync = ForPkiSync.IsPresent ? (bool?)true : null,
|
||||
SortBy = SortBy,
|
||||
SortOrder = SortOrder,
|
||||
Limit = Limit,
|
||||
Offset = Offset
|
||||
};
|
||||
}
|
||||
|
||||
private static Dictionary<string, string> ToStringDictionary(Hashtable hashtable)
|
||||
{
|
||||
if (hashtable == null) { return null; }
|
||||
Dictionary<string, string> result = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
|
||||
foreach (DictionaryEntry entry in hashtable)
|
||||
{
|
||||
if (entry.Key == null) { continue; }
|
||||
result[entry.Key.ToString()] = entry.Value != null ? entry.Value.ToString() : null;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user