VpasModule

13.1.1

public/Remove-VPASLinkedAccount.ps1

                                <#

.Synopsis

   UNLINK AN ACCOUNT

   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com

.DESCRIPTION

   USE THIS FUNCTION TO UNLINK AN ACCOUNT (RECONCILE/LOGON/JUMP ACCOUNT)

.PARAMETER NoSSL

   If the environment is not set up for SSL, API calls will be made via HTTP not HTTPS (Not Recommended!)

.PARAMETER token

   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).

   If -token is not passed, function will use last known hashtable generated by New-VPASToken

.PARAMETER safe

   Safe name that will be used to query for the target account if no AcctID is passed

.PARAMETER username

   Username that will be used to query for the target account if no AcctID is passed

.PARAMETER platform

   PlatformID that will be used to query for the target account if no AcctID is passed

.PARAMETER address

   Address that will be used to query for the target account if no AcctID is passed

.PARAMETER AcctID

   Unique ID that maps to a single account, passing this variable will skip any query functions

.PARAMETER AccountType

   Define which type of account will be removed

   Possible values: LogonAcct, JumpAcct, ReconAcct

.EXAMPLE

   $UnlinkAcctActionStatus = Remove-VPASLinkedAccount -AccountType {ACCOUNTTYPE VALUE} -AcctID {ACCTID VALUE}

.OUTPUTS

   $true if successful

   $false if failed

#>

function Remove-VPASLinkedAccount{

    [OutputType([bool])]

    [CmdletBinding()]

    Param(

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter type of target link account (LogonAcct, JumpAcct, ReconAcct)",Position=0)]

        [ValidateSet('LogonAcct','JumpAcct','ReconAcct')]

        [String]$AccountType,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]

        [String]$safe,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]

        [String]$platform,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]

        [String]$username,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)]

        [String]$address,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)]

        [String]$AcctID,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)]

        [hashtable]$token,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)]

        [Switch]$NoSSL

    )

    Begin{

        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL = Get-VPASSession -token $token

    }

    Process{

        Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"

        Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"

        Write-Verbose "SUCCESSFULLY PARSED ACCOUNTTYPE VALUE: $AccountType"

        try{

            if([String]::IsNullOrEmpty($AcctID)){

                Write-Verbose "NO ACCTID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE ACCOUNT ID BASED ON SPECIFIED PARAMETERS"

                if($NoSSL){

                    $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address -NoSSL

                }

                else{

                    $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address

                }

                Write-Verbose "RETURNING ACCOUNT ID"

            }

            else{

                Write-Verbose "ACCTID SUPPLIED, SKIPPING HELPER FUNCTION"

            }

            if($AcctID -eq -1){

                Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS"

                Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E

                return $false

            }

            elseif($AcctID -eq -2){

                Write-Verbose "NO ACCOUNT FOUND"

                Write-VPASOutput -str "NO ACCOUNTS FOUND" -type E

                return $false

            }

            else{

                if($AccountType -eq "LogonAcct"){

                    $AccountTypeINT = "1"

                }

                elseif($AccountType -eq "JumpAcct"){

                    $AccountTypeINT = "2"

                }

                elseif($AccountType -eq "ReconAcct"){

                    $AccountTypeINT = "3"

                }

                Write-Verbose "SETTING URI"

                if($NoSSL){

                    Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"

                    $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/LinkAccount/" + $AccountTypeINT

                }

                else{

                    Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"

                    $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/LinkAccount/" + $AccountTypeINT

                }

                write-verbose "MAKING API CALL TO CYBERARK"

                if($sessionval){

                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval

                }

                else{

                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json"

                }

                Write-Verbose "ACCOUNT SUCCESSFULLY UNLINKED"

                Write-Verbose "RETURNING TRUE"

                return $true

            }

        }catch{

            Write-Verbose "UNABLE TO UNLINK $AccountType FROM $AcctID"

            Write-VPASOutput -str $_ -type E

            return $false

        }

    }

    End{

    }

}