search

Venafi / VenafiPS

Powershell module to fully automate your Venafi TLS Protect Datacenter and Cloud platforms!
https://venafips.readthedocs.io/
Apache License 2.0
17 stars 8 forks source link

Add batching functionality to Invoke-VcCertificateAction #273

Closed vertigo-one closed 2 months ago

vertigo-one commented 3 months ago

Adds Batching of API calls for Invoke-VcCertificateAction when retiring, recovering, validating, or deleting certificates. The default batch size is 1000 certificates and is customizable with the new -BatchSize parameter.

Piping or supplying more certificates than the batch size to Invoke-VcCertificateAction will result in multiple separate API calls to VCP to perform the chosen action with the maximum number of certs in the API call equal to the chosen batch size. Previously, retiring, validating, recovering, or deleting a large number of certificates would result in the API call timing out after a minute due to invoke-webrequest/invoke-restmethod defaults.

Added new private function Select-VenBatch that separates incoming pipeline objects into batches of [System.Collections.Generic.List[<T>]] objects. Currently supports string, int, guid, and pscustomobject list types and can be expanded later.

gdbarron commented 2 months ago

As coded it feels a bit heavy handed. Maybe just put a for loop around the switch and choose 1000 items at a time?

for ($i = 0; $i -lt $allCerts.Count; $i += 1000) {

            Write-Verbose "Processing certificates $i to $($i + 999)"
            $certsPaged = $allCerts[$i..($i + 999)]

            switch ($PSCmdLet.ParameterSetName) {
                'Retire' {
                    $params.UriLeaf = "certificates/retirement"
                    $params.Body = @{"certificateIds" = $certsPaged }

           ....
           }
}