public/Add-VPASApplicationAuthentication.ps1

<#
.Synopsis
   ADD APPLICATION ID AUTHENTICATION METHOD
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO ADD AN AUTHENTICATION METHOD TO AN EXISTING APPLICATION ID
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER AppID
   Unique ApplicationID (or Application Name) that will be used by the credential provider(s) to retrieve credentials
.PARAMETER AuthType
   Define the type of the target authentication
   Possible values: Path, Hash, OSUser, machineAddress, certificateSerialNumber
.PARAMETER AuthValue
   Value to be added to the target AppID
.PARAMETER HideWarnings
   Suppress any warning output to the console
.PARAMETER IsFolder
   Define if the AuthValue is a folder if using an authentication type: path
.PARAMETER AllowInternalScripts
   Define if internal scripts have permission to pull credentials if using an authentication type: path
.EXAMPLE
   $AddApplicationAuthenticationStatus = Add-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType {AUTHTYPE VALUE} -AuthValue {AUTHVALUE VALUE}
.OUTPUTS
   $true if successful
   $false if failed
#>

function Add-VPASApplicationAuthentication{
    [OutputType([bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target AppID to add Authentication Method to (for example: TestAppID1)",Position=0)]
        [String]$AppID,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter Authentication Method type (Path, Hash, OSUser, Address, Certificate)",Position=1)]
        [ValidateSet('Path','Hash','OSUser','machineAddress','certificateSerialNumber')]
        [String]$AuthType,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter Authentication Method value",Position=2)]
        [String]$AuthValue,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        [Switch]$IsFolder,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)]
        [Switch]$AllowInternalScripts,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)]
        [hashtable]$token,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)]
        [Switch]$HideWarnings

    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    process{
        Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"
        Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"
        Write-Verbose "SUCCESSFULLY PARSED APPID VALUE"
        Write-Verbose "SUCCESSFULLY PARSED AUTHTYPE VALUE"
        Write-Verbose "SUCCESSFULLY PARSED AUTHVALUE"

        $AuthTrigger = 0

        Write-Verbose "SETTING APPLICATION AUTHENTICATION TYPE"
        $authtypelower = $AuthType.ToLower()
        if($authtypelower -eq "path"){
            $AuthTrigger = 1
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE PATH WAS SELECTED"
        }
        elseif($authtypelower -eq "hash"){
            $AuthTrigger = 2
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE HASH WAS SELECTED"
        }
        elseif($authtypelower -eq "osuser"){
            $AuthTrigger = 3
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE OSUSER WAS SELECTED"
        }
        elseif($authtypelower -eq "machineaddress"){
            $AuthTrigger = 4
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE MACHINE ADDRESS WAS SELECTED"
        }
        elseif($authtypelower -eq "certificateserialnumber"){
            $AuthTrigger = 5
            Write-Verbose "APPLICATION AUTHENTICATION OF TYPE CERTIFICATE SERIAL NUMBER WAS SELECTED"
        }

        if($AuthTrigger -eq 1){
            if(!$IsFolder){
                if(!$HideWarnings){
                    Write-VPASOutput -str "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M
                }
                Write-Verbose "ISFOLDER NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE"
                $isfolderflag = $false
            }
            elseif($IsFolder){
                Write-Verbose "ISFOLDER SPECIFIED, SETTING VALUE: TRUE"
                $isfolderflag = $true
            }

            if(!$AllowInternalScripts){
                Write-Verbose "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE"
                if(!$HideWarnings){
                    Write-VPASOutput -str "ALLOWINTERNALSCRIPTS NOT SPECIFIED, SETTING DEFAULT VALUE: FALSE" -type M
                }
                $allowinternalscriptsflag = $false
            }
            elseif($AllowInternalScripts){
                Write-Verbose "ALLOWINTERNALSCRIPTS SPECIFIED, SETTING VALUE: TRUE"
                $allowinternalscriptsflag = $true
            }

            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "path";
                    AuthValue = $AuthValue;
                    IsFolder = $isfolderflag;
                    AllowInternalScripts = $allowinternalscriptsflag;
                }
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json
        }
        if($AuthTrigger -eq 2){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "hash";
                    AuthValue = $AuthValue;
                    Comment = $comment
                }
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json
        }
        if($AuthTrigger -eq 3){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "osuser";
                    AuthValue = $AuthValue;
                }
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json
        }
        if($AuthTrigger -eq 4){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "machineAddress";
                    AuthValue = $AuthValue;
                }
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json
        }
        if($AuthTrigger -eq 5){
            Write-Verbose "SETTING PARAMETERS FOR API CALL"
            $params = @{
                authentication = @{
                    AuthType = "certificateserialnumber";
                    AuthValue = $AuthValue;
                    Comment = $comment;
                }
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json
        }

        try{

            Write-Verbose "MAKING API CALL TO CYBERARK"

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/"
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json"
            }
            Write-Verbose "PARSING DATA FROM CYBERARK"
            Write-Verbose "RETURNING TRUE"
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
            return $true
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO ADD APPLICATION AUTHENTICATION METHOD"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}