public/Add-VPASSafe.ps1
|
<#
.Synopsis CREATE SAFE CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO CREATE A SAFE IN CYBERARK .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER Description An explanation/details of the target resource Best practice states to leave informative descriptions to help identify the resource purpose .PARAMETER safe Target unique safe name .PARAMETER HideWarnings Suppress any warning output to the console .PARAMETER passwordManager Define which CPM will be assigned to the safe A blank value or not passing a CPM will NOT assign a CPM to the safe .PARAMETER numberOfVersionsRetention Define how many versions of passwords will be kept in an accounts history .PARAMETER numberOfDaysRetention Define how many days worth of passwords will be kept in an accounts history .PARAMETER OLACEnabled Define if to turn on OLAC (Object Level Access Control) for the safe .EXAMPLE $CreateSafeJSON = Add-VPASSafe -safe {SAFE VALUE} -passwordManager {PASSWORDMANAGER VALUE} -OLACENabled -Description {DESCRIPTION VALUE} .OUTPUTS JSON Object (Safe) if successful $false if failed #> function Add-VPASSafe{ [OutputType('System.Object',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Name of new safe (for example: TestSafe1)",Position=0)] [String]$safe, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [String]$passwordManager, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [Int]$numberOfVersionsRetention, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [Int]$numberOfDaysRetention, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$OLACEnabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [String]$Description, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [Switch]$HideWarnings, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED SAFE VALUE" #MISC SECTION $params = @{} $params += @{ SafeName = $safe Description = $Description } if([String]::IsNullOrEmpty($passwordManager)){ Write-Verbose "NO CPM USER SPECIFIED, SAFE WILL BE CREATED WITH NO CPM USER ATTACHED" if(!$HideWarnings){ Write-VPASOutput -str "NO CPM USER SPECIFIED, SAFE WILL BE CREATED WITH NO CPM USER ATTACHED" -type M } } else{ $params += @{ ManagingCPM = $passwordManager } } if(!$numberOfVersionsRetention){ Write-Verbose "NO VERSION RETENTION SPECIFIED, SAFE WILL BE CREATED WITH DEFAULT VALUE OF 5 VERSIONS" if(!$HideWarnings){ Write-VPASOutput -str "NO VERSION RETENTION SPECIFIED" -type M } } else{ $params += @{ NumberOfVersionsRetention = $numberOfVersionsRetention } } if(!$numberOfDaysRetention){ Write-Verbose "NO DAYS RETENTION SPECIFIED, SAFE WILL BE CREATED WITH DEFAULT VALUE OF 7 DAYS" if(!$HideWarnings){ Write-VPASOutput -str "NO DAYS RETENTION SPECIFIED, SAFE WILL BE CREATED WITH DEFAULT VALUE OF 7 DAYS" -type M } if(!$numberOfVersionsRetention){ $numberOfDaysRetention = 7 $params += @{ NumberofDaysRetention = $numberOfDaysRetention } } } else{ $params += @{ NumberofDaysRetention = $numberOfDaysRetention } } if(!$OLACEnabled){ Write-Verbose "NO OLAC SPECIFIED, SAFE WILL BE CREATED WITH DEFAULT VALUE OF false" if(!$HideWarnings){ Write-VPASOutput -str "NO OLAC SPECIFIED, SAFE WILL BE CREATED WITH DEFAULT VALUE OF OLAC SET TO FALSE" -type M } $OLACEnabledstr = "false" $params += @{ OLACEnabled = $OLACEnabledstr } } else{ $OLACEnabledstr = "true" $params += @{ OLACEnabled = $OLACEnabledstr } } try{ Write-Verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/Safes" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/Safes" } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO CREATE SAFE IN CYBERARK" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |