search

PowerShell / Modules

MIT License
112 stars 25 forks source link

[SecretsManagement][Design] SecretInformation interface needed #48

Closed Jaykul closed 4 years ago

Jaykul commented 4 years ago

Summary of the new feature/enhancement

As a user of SecretsManagement In order to reliably reason about and code against the output of Get-SecretInfo It must contain the secret name in a consistent place It must contain the secret type in a consistent place It must contain the registered vault name It should contain the vault module name

In other words, the object returned from Get-SecretInfo needs more structure. At the very least, it's critical that they all have a "Name" which can be passed to Get-Secret, but in order to guarantee looking up the correct secret, they should also have the registered vaultName on them (and Get-Secret needs to support those parameters as ValueFromPipelineByPropertyName). Additionally, the type of secret they are is important, so that users can programmatically search for specific types of secrets.

Proposed technical implementation details

Get-SecretInfo and GetSecretInfo should have a return type based on a new class or interface. That is, the SecretsManagement module should define SecretInformation and require that returned objects be based on that type. For example:

namespace Microsoft.PowerShell.SecretsManagement
{
    public class SecretInformation
    {
        public string ModuleName { get; }
        public string VaultName { get; }
        public string Name { get; }
        public SupportedTypes Type { get; }

        public SecretInformation(string moduleName, string vaultName, string name, SupportedTypes type)
        {
            if (string.IsNullOrEmpty(moduleName))
            {
                throw new ArgumentNullException("moduleName");
            }
            if (string.IsNullOrEmpty(vaultName))
            {
                throw new ArgumentNullException("vaultName");
            }
            if (string.IsNullOrEmpty(name))
            {
                throw new ArgumentNullException("name");
            }

            ModuleName = moduleName;
            VaultName = vaultName;
            Name = name;
            Type = type;
        }
    }
}

Of course, if implementers write their own classes derived from this, they should include format files for them.

NOTE: the "VaultName" and "ModuleName" could be added as a NoteProperty by the SecretsManagement module, but I'm not sure it's worth implementing that way.

PaulHigin commented 4 years ago

Added SecretInformation class used to return information from Get-SecretInfo.