I am working on building a powershell secretmanagement plugin to enable use with the console and passwordstate. I am trying to determine what the best way of testing of the API. Many rest servers have a basic url to test. With this functionality I could then perform pipeline automation with our corporate service tools and then leave the password policies to cycle the passwords automatically instead of manual human intervention when the api keys change on a periodic basis. I thought about this as a method. Is there a better way
[bool] isOnline() {
# TODO: Research PasswordState api health check functionality.
# Initialize result variable
[bool]$Result = $false
# Produces a URL like https://passwordstate.url/api/ with the command default being a single '/'
# InvokeApi attaches the apikey via header.
$Response = $this.InvokeApi($this.GetUri($this.Command.Default))
switch ($Response.HttpStatusCode) {
{$_ -in 200,201,204} { $Result = $true }
{$_ -in 400,401,403,404,500} { $Result = $false }
Default { $Result = $false }
}
return $Result
}
I have also thought about using this specific method of testing more towards each single password list itself.
[bool] isOnline() {
# TODO: Research PasswordState api health check functionality.
# Initialize result variable
[bool]$Result = $false
# Produces a URL like https://passwordstate.url/api/passwordlists/1
# This of course produces a noisy audit entry that i cannot omit
# with PreventAuditing=true and massively fills the logs for just an
# online connectivity check.
# InvokeApi attaches the apikey via header.
$Response = $this.InvokeApi($this.GetUri($this.Command.PasswordLists))
switch ($Response.HttpStatusCode) {
{$_ -in 200,201,204} { $Result = $true }
{$_ -in 400,401,403,404,500} { $Result = $false }
Default { $Result = $false }
}
return $Result
}
Is there a way to call one of the api methods to only check if the api key is valid? My use case is to fully depend on password state to manage our testing, backup and operations tasks credentials to passwordstate and have password policy and periodic cycling handled within passwordstate itself. as for the cycling of the api keys we determined this could potentially fall into audit scope and we would be required to have a api key change policy implemented. as of right now we CAN do this with either method above...but the first method seems like its never going to explain if they key is valid and could cause our internal pipeline to fail needlessly. the second method could be useful but will extensively increase our auditing log data needlessly. Any help is appreciated.
I am working on building a powershell secretmanagement plugin to enable use with the console and passwordstate. I am trying to determine what the best way of testing of the API. Many rest servers have a basic url to test. With this functionality I could then perform pipeline automation with our corporate service tools and then leave the password policies to cycle the passwords automatically instead of manual human intervention when the api keys change on a periodic basis. I thought about this as a method. Is there a better way [bool] isOnline() { # TODO: Research PasswordState api health check functionality. # Initialize result variable [bool]$Result = $false # Produces a URL like https://passwordstate.url/api/ with the command default being a single '/' # InvokeApi attaches the apikey via header. $Response = $this.InvokeApi($this.GetUri($this.Command.Default)) switch ($Response.HttpStatusCode) { {$_ -in 200,201,204} { $Result = $true } {$_ -in 400,401,403,404,500} { $Result = $false } Default { $Result = $false } } return $Result } I have also thought about using this specific method of testing more towards each single password list itself. [bool] isOnline() { # TODO: Research PasswordState api health check functionality. # Initialize result variable [bool]$Result = $false # Produces a URL like https://passwordstate.url/api/passwordlists/1 # This of course produces a noisy audit entry that i cannot omit # with PreventAuditing=true and massively fills the logs for just an # online connectivity check. # InvokeApi attaches the apikey via header. $Response = $this.InvokeApi($this.GetUri($this.Command.PasswordLists)) switch ($Response.HttpStatusCode) { {$_ -in 200,201,204} { $Result = $true } {$_ -in 400,401,403,404,500} { $Result = $false } Default { $Result = $false } } return $Result } Is there a way to call one of the api methods to only check if the api key is valid? My use case is to fully depend on password state to manage our testing, backup and operations tasks credentials to passwordstate and have password policy and periodic cycling handled within passwordstate itself. as for the cycling of the api keys we determined this could potentially fall into audit scope and we would be required to have a api key change policy implemented. as of right now we CAN do this with either method above...but the first method seems like its never going to explain if they key is valid and could cause our internal pipeline to fail needlessly. the second method could be useful but will extensively increase our auditing log data needlessly. Any help is appreciated.