search

Venafi / VenafiPS

Powershell module to fully automate your Venafi TLS Protect Datacenter and Cloud platforms!
https://venafips.readthedocs.io/
Apache License 2.0
18 stars 7 forks source link

Test-TppIdentity rejects our ID provider name #200

Closed ccamacho1966 closed 1 year ago

ccamacho1966 commented 1 year ago

Environment

Operating System: Windows 10
VenafiPS version: 5.4.1
PowerShell version: 5.1.19041.2673
TPP version (if applicable): 22.4.0

Steps to reproduce

PS> $cert.Path
\VED\Policy\Certificates\etc\somecertificate

PS> $anIdentity

Name     : myname
ID       : AD+AD xyz.net:54000000000000000000000000079006
Path     : CN=My Name,OU=...redacted...
FullName : AD+AD xyz.net:myname
IsGroup  : False
*        :

PS> Set-TppAttribute -Path $cert.Path -Attribute @{"Custom ID field"="$($anIdentity.ID)"}

Test-TppIdentity : Cannot validate argument on parameter 'ID'. 'AD+AD xyz.net:54000000000000000000000000079006' is not a valid Prefixed
Universal Id format.  See https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-IdentityInformation.php.
At C:\Program Files\WindowsPowerShell\Modules\VenafiPS\5.4.1\Public\Set-TppAttribute.ps1:162 char:49
+ ... thisValue | Test-TppIdentity -ExistOnly -VenafiSession $VenafiSession ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (AD+AD uss.net:5...000000000079006:String) [Test-TppIdentity], ParameterBindingValidationExce
   ption
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Test-TppIdentity

Set-TppAttribute : The value 'AD+AD xyz.net:54000000000000000000000000079006' for field 'SNow Assigned To' encountered an error, value
is not a valid identity
At line:1 char:1
+ Set-TppAttribute -Path $cert.Path -Attribute @{"$($labelSnowAto)"="$( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-TppAttribute

PS> Test-TppIdentity -ID $anIdentity.ID

Test-TppIdentity : Cannot validate argument on parameter 'ID'. 'AD+AD xyz.net:54000000000000000000000000079006' is not a valid Prefixed
Universal Id format.  See https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-IdentityInformation.php.
At line:1 char:22
+ Test-TppIdentity -ID $anIdentity.ID
+                      ~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Test-TppIdentity], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Test-TppIdentity

Expected behavior

Happily accepting my horrible identity provider name "AD xyz.net" since it works fine (even if it is ugly).

ccamacho1966 commented 1 year ago

This can be made to work with -BypassValidation ... but that's a rather heavy hammer to use for a provider name that Venafi accepts as valid.

PS> Set-TppAttribute -Path $cert.Path -Attribute @{"Custom ID field"="$($anIdentity.ID)"} -BypassValidation

Test-TppIdentity : Cannot validate argument on parameter 'ID'. 'AD+AD xyz.net:54000000000000000000000000079006' is not a valid Prefixed
Universal Id format.  See https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-IdentityInformation.php.
At C:\Program Files\WindowsPowerShell\Modules\VenafiPS\5.4.1\Public\Set-TppAttribute.ps1:162 char:49
+ ... thisValue | Test-TppIdentity -ExistOnly -VenafiSession $VenafiSession ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (AD+AD xyz.net:5...000000000079006:String) [Test-TppIdentity], ParameterBindingValidationExce
   ption
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Test-TppIdentity
gdbarron commented 1 year ago

Is that a real AD/friendly name with a space in it? I didn't think that was permitted.

gdbarron commented 1 year ago

resolved by #206