From 553fb6188bb88e5d9d225f06e79512e67a008e11 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 7 Sep 2023 22:37:31 -0400 Subject: [PATCH 1/7] Fix output object --- DuoSecurity/Public/Accounts API/New-DuoAccount.ps1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/DuoSecurity/Public/Accounts API/New-DuoAccount.ps1 b/DuoSecurity/Public/Accounts API/New-DuoAccount.ps1 index d7d0ea6..1800774 100644 --- a/DuoSecurity/Public/Accounts API/New-DuoAccount.ps1 +++ b/DuoSecurity/Public/Accounts API/New-DuoAccount.ps1 @@ -36,6 +36,11 @@ function New-DuoAccount { } if ($PSCmdlet.ShouldProcess($Name)) { - Invoke-DuoRequest @DuoRequest + $Response = Invoke-DuoRequest @DuoRequest + if ($Response.stat -eq 'OK') { + $Response.response + } else { + $Response + } } } From 8fd0aaa0f7c7f8094668c22cde3c8f1e592810d5 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 7 Sep 2023 22:37:58 -0400 Subject: [PATCH 2/7] Add pipeline support --- DuoSecurity/Public/Accounts API/Select-DuoAccount.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DuoSecurity/Public/Accounts API/Select-DuoAccount.ps1 b/DuoSecurity/Public/Accounts API/Select-DuoAccount.ps1 index bff7359..404bdf8 100644 --- a/DuoSecurity/Public/Accounts API/Select-DuoAccount.ps1 +++ b/DuoSecurity/Public/Accounts API/Select-DuoAccount.ps1 @@ -26,7 +26,8 @@ function Select-DuoAccount { #> [CmdletBinding()] Param( - [Parameter(Mandatory = $true, ParameterSetName = 'AccountId')] + [Parameter(ValueFromPipelineByPropertyName = $true, Mandatory = $true, ParameterSetName = 'AccountId')] + [Alias('account_id')] [string]$AccountId, [Parameter(Mandatory = $true, ParameterSetName = 'AccountName')] From 0b048d730947e00c230dcd623fbd165c98c9deed Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 7 Sep 2023 22:38:10 -0400 Subject: [PATCH 3/7] Bugfix --- DuoSecurity/Public/Accounts API/Set-DuoAccountEdition.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DuoSecurity/Public/Accounts API/Set-DuoAccountEdition.ps1 b/DuoSecurity/Public/Accounts API/Set-DuoAccountEdition.ps1 index 79a8f99..b6e6855 100644 --- a/DuoSecurity/Public/Accounts API/Set-DuoAccountEdition.ps1 +++ b/DuoSecurity/Public/Accounts API/Set-DuoAccountEdition.ps1 @@ -37,7 +37,7 @@ function Set-DuoAccountEdition { Select-DuoAccount -AccountId $AccountId -Quiet $DuoRequest = @{ - Method = 'GET' + Method = 'POST' Path = '/admin/v1/billing/edition' Params = @{ edition = $Edition } } From 3bb8c4a010184b6ea050d831bb315d3a0cb0463f Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Tue, 2 Jan 2024 14:03:46 -0700 Subject: [PATCH 4/7] Update-DuoPolicies --- .../REST Handler/Invoke-DuoRequest.ps1 | 11 ++- .../Admin API/Policies/Get-DuoPolicies.ps1 | 13 ++-- .../Admin API/Policies/Update-DuoPolicies.ps1 | 68 +++++++++++++++++++ 3 files changed, 85 insertions(+), 7 deletions(-) create mode 100644 DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 diff --git a/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 b/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 index 6c17c98..db9f017 100644 --- a/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 +++ b/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 @@ -127,7 +127,8 @@ function Invoke-DuoRequest { (Get-Sha512HexDigest -String $Body) (Get-Sha512HexDigest -String $AdditionalHeaderString) ) - } else { + } + else { $SignatureParts = @( $XDuoDate $Method.ToUpper() @@ -149,7 +150,8 @@ function Invoke-DuoRequest { if ($SignatureVersion -eq 5) { $HashLib = New-Object System.Security.Cryptography.HMACSHA512 - } else { + } + else { $HashLib = New-Object System.Security.Cryptography.HMACSHA1 } $HashLib.Key = $KeyBytes @@ -173,6 +175,11 @@ function Invoke-DuoRequest { $Body = $Request Write-Verbose $Request } + if ($Method -eq 'PUT') { + $Headers.'Content-Type' = 'application/json' + Write-Verbose $Body + } + if ($NoAuth) { $Headers = @{} diff --git a/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 b/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 index 0a88cf0..13bd9f6 100644 --- a/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 +++ b/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 @@ -29,7 +29,8 @@ function Get-DuoPolicies { process { if ($PolicyKey) { $Path = '/admin/v2/policies/{0}' -f $PolicyKey - } else { + } + else { $Path = '/admin/v2/policies' } @@ -39,17 +40,19 @@ function Get-DuoPolicies { SignatureVersion = 5 } - if ($EndpointKey) { + if ($PolicyKey) { $Request = Invoke-DuoRequest @DuoRequest if ($Request.stat -ne 'OK') { $Request - } else { + } + else { $Request.response } - } else { + } + else { Invoke-DuoPaginatedRequest -DuoRequest $DuoRequest } } } -Set-Alias -Name Get-DuoEndpoint -Value Get-DuoEndpoints +Set-Alias -Name Get-DuoPolicy -Value Get-DuoPolicies diff --git a/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 b/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 new file mode 100644 index 0000000..b3885c9 --- /dev/null +++ b/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 @@ -0,0 +1,68 @@ +function Update-DuoPolicies { + <# + .SYNOPSIS + Update policy + + .DESCRIPTION + Update policy section data for all policies or a set of specified policy_key values. Requires "Grant write resource" API permission. + + .PARAMETER policies_to_update + The list of policies to update. + + Key/Value + edit_all_policies + Is true if the changes should be applied to all policies (default). Otherwise false. + + edit_list + An array of policy keys to apply the changes to. Ignored if edit_all_policies is true. + + .PARAMETER policy_changes Required + The list of changes to apply to the policies specified in policies_to_update. + + Key/Value + sections + The list of policy sections to be updated, with associated keys/values for each section. See Policy Section Data for all sections and their keys/values. + + sections_to_delete + An array of section names to remove from the specified policies. Note that sections cannot be removed from the global policy. + + .EXAMPLE + Update-DuoPolicies -policy_changes @{sections = @{authentication_methods = @{blocked_auth_list = @('webauthn-roaming', 'webauthn-platform')}};sections_to_delete = @()} + + .LINK + https://duo.com/docs/adminapi#update-policies + + .NOTES + General notes + #> + [CmdletBinding(SupportsShouldProcess)] + Param( + [Parameter()] + [hashtable]$policies_to_update = @{edit_all_policies = $true }, + + [Parameter(mandatory = $true)] + [hashtable]$policy_changes + ) + + $Params = @{} + if ($policies_to_update) { $Params.policies_to_update = $policies_to_update } + if ($policy_changes) { $Params.policy_changes = $policy_changes } + + $DuoRequest = @{ + Method = 'PUT' + Path = '/admin/v2/policies/update' + SignatureVersion = 5 + Body = $Params | ConvertTo-Json -Depth 10 -Compress + } + if ($PSCmdlet.ShouldProcess($policies_to_update)) { + $Request = Invoke-DuoRequest @DuoRequest + if ($Request.stat -ne 'OK') { + $Request + } + else { + $Request.response + } + } +} + +Set-Alias -Name Update-DuoPolicy -Value Update-DuoPolicies \ No newline at end of file From e7544aeb7aee077762c7a3b4352806300d2d80f8 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Tue, 2 Jan 2024 14:16:47 -0700 Subject: [PATCH 5/7] formatting --- DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 | 1 - DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 b/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 index db9f017..7e51b2e 100644 --- a/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 +++ b/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 @@ -180,7 +180,6 @@ function Invoke-DuoRequest { Write-Verbose $Body } - if ($NoAuth) { $Headers = @{} } diff --git a/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 b/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 index b3885c9..98b378a 100644 --- a/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 +++ b/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 @@ -16,7 +16,7 @@ function Update-DuoPolicies { edit_list An array of policy keys to apply the changes to. Ignored if edit_all_policies is true. - .PARAMETER policy_changes Required + .PARAMETER policy_changes The list of changes to apply to the policies specified in policies_to_update. Key/Value From 09ff79e1c0af8cc8f1cffc00e39c4ddd83e14eb0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 8 Jan 2024 07:21:47 -0500 Subject: [PATCH 6/7] formatting --- .../Private/REST Handler/Invoke-DuoRequest.ps1 | 6 ++---- .../Public/Admin API/Policies/Get-DuoPolicies.ps1 | 9 +++------ .../Admin API/Policies/Update-DuoPolicies.ps1 | 13 ++++++------- 3 files changed, 11 insertions(+), 17 deletions(-) diff --git a/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 b/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 index 7e51b2e..461f716 100644 --- a/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 +++ b/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 @@ -127,8 +127,7 @@ function Invoke-DuoRequest { (Get-Sha512HexDigest -String $Body) (Get-Sha512HexDigest -String $AdditionalHeaderString) ) - } - else { + } else { $SignatureParts = @( $XDuoDate $Method.ToUpper() @@ -150,8 +149,7 @@ function Invoke-DuoRequest { if ($SignatureVersion -eq 5) { $HashLib = New-Object System.Security.Cryptography.HMACSHA512 - } - else { + } else { $HashLib = New-Object System.Security.Cryptography.HMACSHA1 } $HashLib.Key = $KeyBytes diff --git a/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 b/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 index 13bd9f6..0eca8b4 100644 --- a/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 +++ b/DuoSecurity/Public/Admin API/Policies/Get-DuoPolicies.ps1 @@ -29,8 +29,7 @@ function Get-DuoPolicies { process { if ($PolicyKey) { $Path = '/admin/v2/policies/{0}' -f $PolicyKey - } - else { + } else { $Path = '/admin/v2/policies' } @@ -44,12 +43,10 @@ function Get-DuoPolicies { $Request = Invoke-DuoRequest @DuoRequest if ($Request.stat -ne 'OK') { $Request - } - else { + } else { $Request.response } - } - else { + } else { Invoke-DuoPaginatedRequest -DuoRequest $DuoRequest } } diff --git a/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 b/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 index 98b378a..f917f45 100644 --- a/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 +++ b/DuoSecurity/Public/Admin API/Policies/Update-DuoPolicies.ps1 @@ -10,22 +10,22 @@ function Update-DuoPolicies { The list of policies to update. Key/Value - edit_all_policies + edit_all_policies Is true if the changes should be applied to all policies (default). Otherwise false. - edit_list + edit_list An array of policy keys to apply the changes to. Ignored if edit_all_policies is true. .PARAMETER policy_changes The list of changes to apply to the policies specified in policies_to_update. Key/Value - sections + sections The list of policy sections to be updated, with associated keys/values for each section. See Policy Section Data for all sections and their keys/values. - sections_to_delete + sections_to_delete An array of section names to remove from the specified policies. Note that sections cannot be removed from the global policy. - + .EXAMPLE Update-DuoPolicies -policy_changes @{sections = @{authentication_methods = @{blocked_auth_list = @('webauthn-roaming', 'webauthn-platform')}};sections_to_delete = @()} @@ -58,8 +58,7 @@ function Update-DuoPolicies { $Request = Invoke-DuoRequest @DuoRequest if ($Request.stat -ne 'OK') { $Request - } - else { + } else { $Request.response } } From 3299b280655d7fda62d5521b66d9a09d26b68fe1 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 8 Jan 2024 07:23:12 -0500 Subject: [PATCH 7/7] Update .gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 0c02585..701743e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ test.ps1 -Output \ No newline at end of file +Output +Tests \ No newline at end of file