-
-
Notifications
You must be signed in to change notification settings - Fork 92
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* ✨➕ ADD Identity User Authentication - Privilege Cloud Shared Services Authentication is via the CyberArk Identity Platform - Update adds ability to use the pspete `IdentityCommand` module to satisfy Identity MFA challenges and obtain required authentication token to use against Privileged Cloud Shared Services. - `New-PASSession` invokes the `New-IDSession` command from the `IdentityCommand` module to progress authentication to privilege cloud systems. * 🤡💚UPDATE New-PASSession.Tests Correctly mock the WebRequestSession returned from the GetWebRequest method of the of the New-IDSession object. * Update README.md Fix issue with links * 🚸⚡️⚗️ADD Find-SharedServicesURL Adds helper function which finds related shared services URLs using a privileged cloud tenant subdomain name. Updates logic in `New-PASSession` to make use of new helper function. - Removes `IdentitySubdomain` parameter as this is now automatically discovered. - Makes `PrivilegeCloudURL` mandatory for 'ISPSS-URL-IdentityUser' parameterset; if not specifying a subdomain, both identity & p cloud api urls must be provided (no discovery or assumptions will be made). Attempt at tidy up of p cloud/shaed services error handling (to be revisited no doubt) Update of tests and docs related to updates. * 👽️ ♻️ UPDATE New-PASSession Abstracts service user authentication flow to utilise `New-IDPlatformToken` from `IdentityCommand` module. ---------
- Loading branch information
Showing
14 changed files
with
1,089 additions
and
221 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| Describe $($PSCommandPath -Replace '.Tests.ps1') { | ||
|
|
||
| BeforeAll { | ||
| #Get Current Directory | ||
| $Here = Split-Path -Parent $PSCommandPath | ||
|
|
||
| #Assume ModuleName from Repository Root folder | ||
| $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf | ||
|
|
||
| #Resolve Path to Module Directory | ||
| $ModulePath = Resolve-Path "$Here\..\$ModuleName" | ||
|
|
||
| #Define Path to Module Manifest | ||
| $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" | ||
|
|
||
| if ( -not (Get-Module -Name $ModuleName -All)) { | ||
|
|
||
| Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop | ||
|
|
||
| } | ||
|
|
||
| } | ||
|
|
||
| InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { | ||
|
|
||
| Context 'General Operations' { | ||
|
|
||
| BeforeEach { | ||
|
|
||
| Mock Invoke-PASRestMethod -MockWith { | ||
|
|
||
| [pscustomobject]@{ | ||
| identity_user_portal = [pscustomobject]@{api = 'https://SubDomainABC.id.cyberark.cloud' } | ||
| pcloud = [pscustomobject]@{api = 'https://SomeSubDomain.privilegecloud.cyberark.cloud' } | ||
| } | ||
|
|
||
| } | ||
|
|
||
| } | ||
|
|
||
| It 'sends request to expected endpoint when subdomain provided' { | ||
| Find-SharedServicesURL -subdomain somedomain | ||
| Assert-MockCalled -CommandName Invoke-PASRestMethod -Times 1 -ParameterFilter { | ||
| $URI -eq 'https://platform-discovery.cyberark.cloud/api/v2/services/subdomain/somedomain' | ||
| } -Scope It -Exactly | ||
| } | ||
|
|
||
| It 'sends request to expected endpoint when url provided' { | ||
| Find-SharedServicesURL -url https://someotherdomain.cyberark.cloud | ||
| Assert-MockCalled -CommandName Invoke-PASRestMethod -Times 1 -ParameterFilter { | ||
| $URI -eq 'https://platform-discovery.cyberark.cloud/api/v2/services/subdomain/someotherdomain' | ||
| } -Scope It -Exactly | ||
| } | ||
|
|
||
| It 'uses expected method' { | ||
| Find-SharedServicesURL -url https://someotherdomain.cyberark.cloud | ||
| Assert-MockCalled -CommandName Invoke-PASRestMethod -Times 1 -ParameterFilter { | ||
| $Method -eq 'GET' | ||
| } -Scope It -Exactly | ||
| } | ||
|
|
||
| It 'outputs expected results' { | ||
| $results = Find-SharedServicesURL -url https://someotherdomain.cyberark.cloud | ||
| $results.pcloud.api | Should -Be 'https://SomeSubDomain.privilegecloud.cyberark.cloud' | ||
| $results.identity_user_portal.api | Should -Be 'https://SubDomainABC.id.cyberark.cloud' | ||
| } | ||
|
|
||
| It 'outputs filtered results when service is specified' { | ||
| Find-SharedServicesURL -subdomain somedomain -service pcloud | Should -Be 'https://SomeSubDomain.privilegecloud.cyberark.cloud' | ||
| } | ||
|
|
||
| It 'throws if specifed service detail is not included in results' { | ||
| { Find-SharedServicesURL -subdomain somedomain -service flows } | Should -Throw -ExpectedMessage 'URL for flows API not found' | ||
| } | ||
|
|
||
| } | ||
|
|
||
| } | ||
|
|
||
| } |
Oops, something went wrong.