Public/Policies/Set-JCPolicy.ps1

function Set-JCPolicy {
    [CmdletBinding(DefaultParameterSetName = 'ByID')]
    param (
        [Parameter(Mandatory = $true,
            ParameterSetName = 'ByID',
            ValueFromPipelineByPropertyName = $true,
            HelpMessage = 'The ID of the existing JumpCloud Policy to modify')]
        [Alias("id")]
        [System.String]
        $PolicyID,
        [Parameter(Mandatory = $true,
            ParameterSetName = 'ByName',
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'The name of the existing JumpCloud Poliicy template to modify')]
        [Alias("name")]
        [System.String]
        $PolicyName,
        [Parameter(Mandatory = $false,
            HelpMessage = 'The new name to set on the existing JumpCloud Policy. If left unspecified, the cmdlet will not rename the existing policy.')]
        [System.String]
        $NewName,
        [Parameter(ValueFromPipelineByPropertyName = $true,
            HelpMessage = 'The values object either built manually or passed in through Get-JCPolicy')]
        [System.object[]]
        $Values
    )
    DynamicParam {

        if ($PSBoundParameters["PolicyID"]) {
            $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
            $ParameterAttribute.Mandatory = $false
            $ParameterAttribute.ParameterSetName = "ByID"
            # Get the policy by ID
            $foundPolicy = Get-JCPolicy -PolicyID $PolicyID
            if ([string]::IsNullOrEmpty($foundPolicy.ID)) {
                throw "Could not find policy by ID"
            }
            if (($foundPolicy.ID).count -gt 1) {
                throw "multiple policies with the same name were found, please specify a policy by ID"
            }

        } elseif ($PSBoundParameters["PolicyName"]) {
            $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
            $ParameterAttribute.Mandatory = $false
            $ParameterAttribute.ParameterSetName = "ByName"
            # Get the policy by Name
            $foundPolicy = Get-JCPolicy -Name $PolicyName
            if ([string]::IsNullOrEmpty($foundPolicy.ID)) {
                throw "Could not find policy by specified Name"
            }
            if (($foundPolicy.ID).count -gt 1) {
                throw "multiple policies with the same name were found, please specify a policy by ID"
            }
        }
        # If policy is identified, get the dynamic policy set
        if ($foundPolicy.id -And ($PSBoundParameters["PolicyName"] -OR $PSBoundParameters["PolicyID"])) {
            # Set the policy template object based on policy
            $templateObject = Get-JCPolicyTemplateConfigField -templateID $foundPolicy.Template.Id
            $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
            # Foreach key in the supplied config file:
            foreach ($key in $templateObject.objectMap) {
                # Set the dynamic parameters' name
                $ParamName_Filter = "$($key.configFieldName)"
                # Create the collection of attributes
                $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
                # If ValidateSet is specified in the config file, set the value here:
                # If the type of value is a bool, create a custom validateSet attribute here:
                $paramType = $($key.type)
                switch ($paramType) {
                    'boolean' {
                        $arrSet = @("true", "false")
                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
                        $AttributeCollection.Add($ValidateSetAttribute)
                    }
                    'multi' {
                        $paramType = 'string'
                        $arrSet = $key.validation.values
                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
                        $AttributeCollection.Add($ValidateSetAttribute)
                    }
                    'file' {
                        $paramType = 'string'
                    }
                    'listbox' {
                        $paramType = [system.string[]]
                    }
                    'table' {
                        $paramType = [system.object[]]
                    }
                    'exclude' {
                        Continue
                    }
                    Default {
                        $paramType = 'string'
                    }
                }
                # Set the help message
                if ([String]::isNullorEmpty($($key.help))) {
                    $ParameterAttribute.HelpMessage = "sets the value for the $($key.name) field"
                } else {
                    $ParameterAttribute.HelpMessage = "$($key.help)"
                }
                # Add the attributes to the attributes collection
                $AttributeCollection.Add($ParameterAttribute)
                # Add the param
                $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParamName_Filter, $paramType, $AttributeCollection)
                $RuntimeParameterDictionary.Add($ParamName_Filter, $RuntimeParameter)
                if ($ParamName_Filter -eq "customRegTable") {
                    $RegImport_RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
                    $RegImport_AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
                    $RegImport_ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
                    $RegImport_paramType = [System.IO.FileInfo]
                    $RegImport_ParameterAttribute.HelpMessage = 'A .reg file path that will be uploaded into the "Advanced: Custom Registry Keys" Windows Policy template.'
                    $RegImport_AttributeCollection.Add($RegImport_ParameterAttribute)
                    $RegImport_RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter('RegistryFile', $RegImport_paramType, $RegImport_AttributeCollection)
                    $RuntimeParameterDictionary.Add('RegistryFile', $RegImport_RuntimeParameter)
                }
                if ($ParamName_Filter -eq "customRegTable") {
                    $RegImport_RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
                    $RegImport_AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
                    $RegImport_ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
                    $RegImport_paramType = [Switch]
                    $RegImport_ParameterAttribute.HelpMessage = 'When specified along with the RegistryFile parameter, existing registry values will be overwritten'
                    $RegImport_AttributeCollection.Add($RegImport_ParameterAttribute)
                    $RegImport_RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter('RegistryOverwrite', $RegImport_paramType, $RegImport_AttributeCollection)
                    $RuntimeParameterDictionary.Add('RegistryOverwrite', $RegImport_RuntimeParameter)
                }
            }
            # Returns the dictionary
            return $RuntimeParameterDictionary
        }
    }
    begin {
        Write-Debug 'Verifying JCAPI Key'
        if ($JCAPIKEY.length -ne 40) {
            Connect-JCOnline
        }
    }
    process {
        # Get Existing Policy Data if not set through dynamic param
        if (([string]::IsNullOrEmpty($foundPolicy.ID)) -And ($policyID)) {
            # Get the policy by ID
            $foundPolicy = Get-JCPolicy -PolicyID $PolicyID
            if ([string]::IsNullOrEmpty($foundPolicy.ID)) {
                throw "Could not find policy by ID"
            }
            if (($foundPolicy.ID).count -gt 1) {
                throw "multiple policies with the same name were found, please specify a policy by ID"
            }
        }
        $templateObject = Get-JCPolicyTemplateConfigField -templateID $foundPolicy.Template.Id
        # First set the name from PSParamSet if set; else set from policy
        $policyNameFromProcess = if ($PSBoundParameters["NewName"]) {
            $NewName
        } else {
            $foundPolicy.name
        }
        $params = $PSBoundParameters
        $paramterSet = $params.keys
        $DynamicParamSet = $false
        $requiredSet = @('PolicyID', 'PolicyName', 'NewName' , 'Values')
        foreach ($parameter in $paramterSet) {
            $parameterComparison = Compare-Object -ReferenceObject $requiredSet -DifferenceObject $parameter
            if ($parameterComparison | Where-Object { $_.sideindicator -eq "=>" }) {
                $DynamicParamSet = $true
                break
            }
        }
        if ($DynamicParamSet) {
            # begin dynamic param set
            $newObject = New-Object System.Collections.ArrayList
            for ($i = 0; $i -lt $templateObject.objectMap.count; $i++) {
                # If one of the dynamicParam config fields are passed in and is found in the policy template, set the new value:
                if ($templateObject.objectMap[$i].configFieldName -in $params.keys) {
                    $keyName = $params.keys | Where-Object { $_ -eq $templateObject.objectMap[$i].configFieldName }
                    # write-host "Setting value from $($keyName)"
                    $keyValue = $params.$KeyName
                    switch ($templateObject.objectMap[$i].type) {
                        'multi' {
                            $templateObject.objectMap[$i].value = $(($templateObject.objectMap[$i].validation | Where-Object { $_.Values -eq $keyValue }).keys)
                        }
                        'file' {
                            $path = Test-Path -Path $keyValue
                            if ($path) {
                                # convert file path to base64 string
                                $templateObject.objectMap[$i].value = [convert]::ToBase64String((Get-Content -Path $keyValue -AsByteStream))
                            }
                            #TODO: else we should throw an error here that the file path was not valid
                        }
                        'listbox' {
                            if ($($keyValue).getType().name -eq 'String') {
                                # Given case for single string passed in as dynamic input, convert to a list
                                $listRows = New-Object System.Collections.ArrayList
                                foreach ($regItem in $keyValue) {
                                    $listRows.Add($regItem)
                                }
                                $templateObject.objectMap[$i].value = $listRows
                            } elseif ($($keyValue).getType().name -eq 'Object[]') {
                                # else if the object passed in is a list already, pass in list
                                $templateObject.objectMap[$i].value = $($keyValue)
                            }
                        }
                        'table' {
                            # For custom registry table, validate the object
                            if ($templateObject.objectMap[$i].configFieldName -eq "customRegTable") {
                                # get default value properties
                                $RegProperties = $templateObject.objectMap[$i].defaultValue | Get-Member -MemberType NoteProperty
                                # get passed in object properties
                                $ObjectProperties = if ($keyValue | Get-Member -MemberType NoteProperty) {
                                    # for lists get note properties
                                    ($keyValue | Get-Member -MemberType NoteProperty).Name
                                } else {
                                    # for single objects, get keys
                                    $keyValue.keys
                                }
                                $RegProperties | ForEach-Object {
                                    if ($_.Name -notin $ObjectProperties) {
                                        Throw "Custom Registry Tables require a `"$($_.Name)`" data string. The following data types were found: $($ObjectProperties)"
                                    }
                                }
                                # reg type validation
                                $validRegTypes = @('DWORD', 'expandString', 'multiString', 'QWORD', 'String')
                                $($keyValue).customRegType | ForEach-Object {
                                    if ($_ -notin $validRegTypes) {
                                        throw "Custom Registry Tables require the `"customRegType`" data string to be one of: $validRegTypes, found: $_"
                                    }
                                }
                            }
                            $regRows = New-Object System.Collections.ArrayList
                            foreach ($regItem in $keyValue) {
                                $regRows.Add($regItem) | Out-Null
                            }
                            $templateObject.objectMap[$i].value = $regRows
                        }
                        Default {
                            $templateObject.objectMap[$i].value = $($keyValue)
                        }
                    }
                    $newObject.Add($templateObject.objectMap[$i]) | Out-Null
                } elseif ('RegistryFile' -in $params.Keys) {
                    try {
                        $regKeys = Convert-RegToPSObject -regFilePath $($params.'RegistryFile')
                    } catch {
                        throw $_
                    }
                    # Set the registryFile as the customRegTable
                    if ('RegistryOverwrite' -in $params.Keys) {
                        $templateObject.objectMap[0].value = $regKeys
                        $newObject.Add($templateObject.objectMap[0]) | Out-Null
                    } else {
                        $registryList = New-Object System.Collections.ArrayList
                        $registryList += $foundPolicy.values.value
                        $registryList += $regKeys
                        $templateObject.objectMap[0].value += $registryList
                        $newObject.Add($templateObject.objectMap[0]) | Out-Null
                    }
                } else {
                    # Else if the dynamicParam for a config field is not specified, set the value from the defaultValue
                    $templateObject.objectMap[$i].value = ($foundPolicy.values | Where-Object { $_.configFieldID -eq $templateObject.objectMap[$i].configFieldID }).value
                    $newObject.Add($templateObject.objectMap[$i]) | Out-Null
                }
            }
            $updatedPolicyObject = $newObject | Select-Object configFieldID, configFieldName, value
            if ($registryFile) {
                try {
                    $regKeys = Convert-RegToPSObject -regFilePath $registryFile
                } catch {
                    throw $_
                }
                $updatedPolicyObject.value += $regKeys
                Write-Debug $updatedPolicyObject
            }
        } elseif ($values) {
            # begin value param set
            $updatedPolicyObject = New-Object System.Collections.ArrayList
            # Add each value into the object to set the policy
            foreach ($value in $values) {
                $updatedPolicyObject.add($value) | Out-Null
            }
            # If only one or a few of the config fields were set, add the remaining items from $foundPolicy.values
            $foundPolicy.values | ForEach-Object {
                if ($_.configFieldID -notin $updatedPolicyObject.configFieldID) {
                    $updatedPolicyObject.Add($_) | Out-Null
                }
            }
        } else {
            if (($templateObject.objectMap).count -gt 0) {
                # Begin user prompt
                $initialUserInput = Show-JCPolicyValues -policyObject $templateObject.objectMap -policyValues $foundPolicy.values
                # User selects edit all fields
                if ($initialUserInput.fieldSelection -eq 'A') {
                    for ($i = 0; $i -le $initialUserInput.fieldCount; $i++) {
                        $updatedPolicyObject = Set-JCPolicyConfigField -templateObject $templateObject.objectMap -fieldIndex $i -policyValues $foundPolicy.values
                    }
                    # Display policy values
                    # Show-JCPolicyValues -policyObject $updatedPolicyObject -ShowTable $true
                }
                # User selects edit individual field
                elseif ($initialUserInput.fieldSelection -ne 'C' -or $initialUserInput.fieldSelection -ne 'A') {
                    $updatedPolicyObject = Set-JCPolicyConfigField -templateObject $templateObject.objectMap -fieldIndex $initialUserInput.fieldSelection -policyValues $foundPolicy.values
                    # For set-jcpolicy, add the help & label options
                    $updatedPolicyObject | ForEach-Object {
                        if ($_.configFieldID -in $templateObject.objectMap.configFieldID) {
                            $_ | Add-Member -MemberType NoteProperty -Name "help" -Value $templateObject.objectMap[$templateObject.objectMap.configFieldID.IndexOf($($_.configFieldID))].help
                            $_ | Add-Member -MemberType NoteProperty -Name "label" -Value $templateObject.objectMap[$templateObject.objectMap.configFieldID.IndexOf($($_.configFieldID))].label
                        }
                    }
                    Do {
                        # Hide option to edit all fields
                        $userInput = Show-JCPolicyValues -policyObject $updatedPolicyObject -HideAll $true -policyValues $foundPolicy.values
                        $updatedPolicyObject = Set-JCPolicyConfigField -templateObject $templateObject.objectMap -fieldIndex $userInput.fieldSelection -policyValues $foundPolicy.values
                    } while ($userInput.fieldSelection -ne 'C')
                }
            }
        }
        if ($updatedPolicyObject) {
            $body = [PSCustomObject]@{
                name     = $policyNameFromProcess
                template = @{id = $foundPolicy.Template.Id }
                values   = @($updatedPolicyObject)
            } | ConvertTo-Json -Depth 99
        } else {
            $body = [PSCustomObject]@{
                name     = $policyNameFromProcess
                template = @{id = $foundPolicy.Template.Id }
            } | ConvertTo-Json -Depth 99
        }
        $headers = @{
            'x-api-key'    = $env:JCApiKey
            'x-org-id'     = $env:JCOrgId
            'content-type' = "application/json"
        }
        $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/v2/policies/$($foundPolicy.id)" -Method PUT -Headers $headers -ContentType 'application/json' -Body $body
        if ($response) {
            $response | Add-Member -MemberType NoteProperty -Name "templateID" -Value $response.template.id
        }
    }
    end {
        return $response | Select-Object -Property "name", "id", "templateID", "values", "template"
    }
}