V3 Refactor #169
V3 Refactor #169
Conversation
Bumps [idna](https://github.com/kjd/idna) from 2.8 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v2.8...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.24.1 to 1.26.19. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.24.1...1.26.19) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
…oling-Scripts/urllib3-1.26.19 Bump urllib3 from 1.24.1 to 1.26.19 in /examples/Python Tooling Scripts
…oling-Scripts/idna-3.7 Bump idna from 2.8 to 3.7 in /examples/Python Tooling Scripts
|
@Celerium this is an impressive contribution. Thank you! Will attempt to review. |
| ## Enforcement | ||
|
|
||
| Instances of abusive, harassing, or otherwise unacceptable behavior may be | ||
| reported by contacting the project team at {{ email }}. All |
There was a problem hiding this comment.
Looks like an email address is desired here, thoughts?
There was a problem hiding this comment.
Ya there are a few placeholder items throughout this commit that I couldn't populate as I didn't know if this proposed change would be accepted plus what item to use in its place.
There was a problem hiding this comment.
OK. Just noting them for now.
.github/SECURITY.md
Outdated
|
|
||
| The "ITGlueAPI" team and community take all security bugs in "ITGlueAPI" seriously. Thank you for improving the security of "ITGlueAPI". We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. | ||
|
|
||
| Report security bugs by emailing the lead maintainer at [[email protected]]([email protected]) and include the word "SECURITY" in the subject line.. |
There was a problem hiding this comment.
Another email address placeholder and bonus period at end of line
There was a problem hiding this comment.
oops, that'll be an easy fix, and ya another placeholder from a canned security readme
|
|
||
| Discuss how someone should disclose a vulnerability to "ITGlueAPI", in tl;dr ( or ELI5 ) language. Then expand on this with "How To Disclose a vulnerability in detail". Please give detailed steps on how to disclose the vulnerability. Keep these OWASP guidelines in mind ( <https://www.owasp.org/index.php/Vulnerability_Disclosure_Cheat_Sheet> ) when creating your disclosure policy. Below are some recommendations for security disclosures: | ||
|
|
||
| - "ITGlueAPI" security contact { [[email protected]]([email protected]) } |
There was a problem hiding this comment.
Another email address placeholder for consideration
|
Thanks for this massive contribution, @Celerium! I'll attempt to review it this week. |
There was a problem hiding this comment.
While we are possibly introducing some slightly breaking changes in this PR, might I suggest updating the ApiKey parameter from a string to [System.Security.SecureString] to allow piping directly a secure string object for the API key directly to the function.
This would help to prevent possible capture by logging, and a few additional benefits as well. Please let me know if there are any thoughts, thx.
| Add-ITGlueAPIKey -ApiKey (ConvertTo-SecureString 'some_api_key' -AsPlainText) | |
| Will use the seucre string entered into the [ -ApiKey ] parameter | |
| .EXAMPLE | |
| (ConvertTo-SecureString '12345' -AsPlainText) | Add-ITGlueAPIKey | |
| Will use the secure string passed into it as its API key | |
| .NOTES | |
| N/A | |
| .LINK | |
| https://itglue.github.io/ITGlue-PowerShellWrapper/site/Internal/Add-ITGlueAPIKey.html | |
| .LINK | |
| https://github.com/itglue/powershellwrapper | |
| #> | |
| [CmdletBinding()] | |
| [Alias('Set-ITGlueAPIKey')] | |
| Param ( | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true)] | |
| [AllowEmptyString()] | |
| [Alias('Api_Key')] | |
| [securestring]$ApiKey | |
| ) | |
| begin {} | |
| process{ | |
| Set-Variable -Name 'ITGlue_API_Key' -Value $ApiKey -Option ReadOnly -Scope Global -Force | |
| } |
|
Hi everyone I just wanted to check in and see if this is something that would like to be done. Is there anything I can help with or better explain? I would also like to throw out that if this isn't something that interests the community I will not take offense if you say thank you but we're good and close it. |
|
@Celerium Once again, I thank you for your contribution. I wonder if it would be better to open a new PR for each independent change you'd like to make. Keeping each change separate will help with review, community discussion, and keeping a clean commit history. This PR is difficult to review because it is such a significant overhaul, and I haven't had the time yet to parse through it all. @adrianwells, thoughts on this? |
Quite a bit got over with this but I've overhauled the ITGlueAPI module. I did this simply because this module got me into writing API wrappers/other PowerShell projects and I wanted to give back to the community as a way of saying thank you.
I have tested every function and the majority of their associated parameters/parameter sets and have not run across any issues yet. With that being said there are a lot of changes and I easily could have missed some things. I have also supplied some generic test scripts in the "examples" folder to help perform general tests when it comes to creating, updating, & deleting data in ITGlue. I labeled this as v3 because while I did my best with backward compatibility, the amount of changes in this PR could cause some breaking changes.
I have working examples for all the changes in my branch over at my repo. This should help with any of the GitHub pages & Azure DevOps pipeline questions. Adjustments will need to be made accordingly if this PR is accepted as GitHub Pages, Azure DevOps, and ReadMe links are dependent on these resources and their specific web URLs.
I am not married to any of the proposed changes I am suggesting and encourage any conversations on anything that could be adjusted.
Issues this PR should resolve
Interesting discovery
OTP Passwords
#138 (This endpoint showed up a while ago but disappears off and on randomly from their documentation page. ITGlue might be trying to support this but as of 2024-10-07 it is no longer on their developer page again.)
Changes
Pester Tests
GitHub Pages
Azure DevOps (Pipelines)
Other changes
Get-ITGlueUser -ID 8675309$Invoke_ITGlueRequest_Parameters= Information about the API call$Get_ITGlueUser_Parameters= Information about the parameters users$Get_ITGlueUser_ParametersQuery= Information about the query filters used8675309,123456 |Get-ITGlueUser