Skip to content

Commit d73587e

Browse files
committed
manage secrets and certs
1 parent e0fcf7c commit d73587e

2 files changed

Lines changed: 535 additions & 0 deletions

File tree

Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
function Invoke-ExecManageAppCredentials {
2+
<#
3+
.FUNCTIONALITY
4+
Entrypoint
5+
.ROLE
6+
Tenant.Application.ReadWrite
7+
#>
8+
[CmdletBinding()]
9+
param($Request, $TriggerMetadata)
10+
11+
$TenantFilter = $Request.Body.tenantFilter
12+
$Action = $Request.Body.Action
13+
$AppType = $Request.Body.AppType # applications | servicePrincipals
14+
$CredentialType = $Request.Body.CredentialType # password | key
15+
$KeyId = $Request.Body.KeyId
16+
$AppId = $Request.Body.AppId
17+
$Id = $Request.Body.Id
18+
19+
$IdPath = if ($Id) { "/$Id" } else { "(appId='$AppId')" }
20+
$Uri = "https://graph.microsoft.com/beta/$AppType$IdPath"
21+
22+
try {
23+
$Results = switch ($Action) {
24+
'Remove' {
25+
if ($CredentialType -eq 'password') {
26+
$null = New-GraphPOSTRequest -Uri "$Uri/removePassword" -Body (@{ keyId = $KeyId } | ConvertTo-Json) -tenantid $TenantFilter
27+
@{ resultText = "Successfully removed password credential $KeyId"; state = 'success' }
28+
} else {
29+
# Certificates can't use removeKey without a proof JWT, so PATCH the array instead
30+
$Current = New-GraphGetRequest -Uri $Uri -tenantid $TenantFilter
31+
$Updated = @($Current.keyCredentials | Where-Object { $_.keyId -ne $KeyId })
32+
$null = New-GraphPOSTRequest -Uri $Uri -Type 'PATCH' -Body (@{ keyCredentials = $Updated } | ConvertTo-Json -Depth 10) -tenantid $TenantFilter
33+
@{ resultText = "Successfully removed key credential $KeyId"; state = 'success' }
34+
}
35+
}
36+
'Add' {
37+
# TODO: implement credential addition
38+
@{ resultText = 'Add not yet implemented'; state = 'info' }
39+
}
40+
}
41+
42+
return ([HttpResponseContext]@{
43+
StatusCode = [HttpStatusCode]::OK
44+
Body = @{ Results = $Results }
45+
})
46+
} catch {
47+
return ([HttpResponseContext]@{
48+
StatusCode = [HttpStatusCode]::InternalServerError
49+
Body = @{ Results = @{ resultText = "Failed to $Action credential: $($_.Exception.Message)"; state = 'error' } }
50+
})
51+
}
52+
}

0 commit comments

Comments
 (0)