public/Set-VPASAuditSafeTest.ps1

<#
.Synopsis
   CONFIGURE AUDIT SAFE TESTS
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO CONFIGURE AUDIT TESTS FOR SAFES
.PARAMETER SafeNamingConvention
   Define which safe to pull for the audit based on a search query
.PARAMETER AmtMembers
   Define how many safe members will be included in the audit
.PARAMETER CPMName
   Define the correct CPM that should be attached to every safe in the audit
.PARAMETER IgnoreInternalSafes
   Define if the internal safes should be included in the audit
   Internal safes such as System, VaultInternal, NotificationEngine, component safes, etc
.EXAMPLE
   $SetAuditSafeTests = Set-VPASAuditSafeTest
.EXAMPLE
   $SetAuditSafeTests = Set-VPASAuditSafeTest -SafeNamingConvention {SAFE NAMING CONVENTION VALUE} -AmtMembers {AMOUNT MEMBERS VALUE} -CPMName {CPMNAME VALUE} -IgnoreInternalSafes
.OUTPUTS
   $true if successful
   $false if failed
#>

function Set-VPASAuditSafeTest{
    [OutputType([bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)]
        [String]$SafeNamingConvention,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]
        [Int]$AmtMembers,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        [String]$CPMName,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        [Switch]$IgnoreInternalSafes

    )

    Begin{

    }
    Process{
        $curUser = $env:UserName
        $ConfigFilePath = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits"
        $ConfigFile = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits\AuditSafeTestConfigs.txt"

        Write-Verbose "CONSTRUCTING FILEPATHS FOR AuditSafeTestConfigs"

        #FILE CREATION
        try{
            if(Test-Path -Path $ConfigFilePath){
                #DO NOTHING
                Write-Verbose "AuditSafeTestConfigs DIRECTORY EXISTS"
            }
            else{
                Write-Verbose "AuditSafeTestConfigs DIRECTORY DOES NOT EXIST...CREATING NOW"
                $MakeDirectory = New-Item -Path $ConfigFilePath -ItemType Directory
                Write-Verbose "DIRECTORY CREATED"
            }

            if(Test-Path -Path $ConfigFile){

                if(!$SkipConfirmation){
                    Write-VPASOutput -str "AuditSafeTest CONFIG FILE ALREADY EXISTS...OVERWRITE (Y/N) [Y]: " -type Y
                    $choice = Read-Host
                    if([String]::IsNullOrEmpty($choice)){$choice = "Y"}
                }
                else{
                    Write-Verbose "SKIPPING CONFIRMATION FLAG PASSED...ENTERING Y"
                    $choice = "Y"
                }

                if($choice -eq "Y" -or $choice -eq "y"){
                    Write-Output '<#SafeAuditTestConfigs#>' | Set-Content $ConfigFile
                    Write-Verbose "AuditSafeTestConfigs CREATED"
                }
                else{
                    Write-VPASOutput -str "EXITING UTILITY" -type E
                    return $false
                }
            }
            else{
                Write-Output '<#SafeAuditTestConfigs#>' | Set-Content $ConfigFile
                Write-Verbose "AuditSafeTestConfigs CREATED"
            }
        }catch{
            Write-VPASOutput -str "ERROR CREATING AuditSafeTestConfigs" -type E
            Write-VPASOutput -str $_ -type E
            return $false
        }

        #POPULATE FILE
        try{
            #SET NAMING CONVENTION
            if([String]::IsNullOrEmpty($SafeNamingConvention)){
                Write-VPASOutput -str "ENTER SAFE NAMING CONVENTION (OR LEAVE BLANK IF SEARCHING ALL SAFES): " -type Y
                $SafeNamingConvention = read-host
            }

            if($SafeNamingConvention -match "="){
                Write-Verbose "INVALID CHARACTER IN SAFE NAME: '='"
                Write-Verbose "RETURNING FALSE"
                Write-VPASOutput -str "SAFE CAN NOT CONTAIN '=' CHARACTER...EXITING UTILITY" -type E
                return $false
            }

            if(![String]::IsNullOrEmpty($SafeNamingConvention)){
                Write-Output "SafeNamingConvention=$SafeNamingConvention" | Add-Content $ConfigFile
                Write-Verbose "SafeNamingConvention: $SafeNamingConvention ADDED TO $ConfigFile"
            }
            else{
                Write-Output "SafeNamingConvention= " | Add-Content $ConfigFile
                Write-Verbose "SafeNamingConvention ADDED TO $ConfigFile AS NULL"
            }


            #SET AMT MEMBERS
            if(!$AmtMembers){
                Write-VPASOutput -str "ENTER THE AMOUNT OF SAFE MEMBERS THAT WILL BE AUDITED (OR LEAVE BLANK IF NOT AUDITING SAFE MEMBERS): " -type Y
                $AmtMembersTemp = read-host
                try{
                    $AmtMembers = [Int]$AmtMembersTemp
                }catch{
                    $AmtMembers = 0
                    Write-Verbose "AMOUNT OF SAFE MEMBERS MUST BE OF TYPE INT...DEFAULTING TO 0 SAFE MEMBERS"
                    Write-VPASOutput -str "AMOUNT OF SAFE MEMBERS MUST BE OF TYPE INT...DEFAULTING TO 0 SAFE MEMBERS" -type M
                }
                Write-Output "NumberOfSafeMembers=$AmtMembers" | Add-Content $ConfigFile
                Write-Verbose "NumberOfSafeMembers: $AmtMembers ADDED TO $ConfigFile"
            }


            #SET MEMBER NAMES AND PERMISSIONS
            $count = 0
            while($count -lt $AmtMembers){
                $displaystr = $count + 1
                $minioutput = @{}
                $testval = ""
                $testperms = ""
                Write-VPASOutput -str "ENTER SAFE MEMBER NAME #$displaystr : " -type Y
                $testval = read-host
                if(![String]::IsNullOrEmpty($testval)){
                    Write-Output "SafeMember=$testval" | Add-Content $ConfigFile
                    Write-Verbose "SafeMember: $testval ADDED TO $ConfigFile"

                    #SET PERMISSIONS
                    $AllPerms = @("UseAccounts","RetrieveAccounts","ListAccounts","AddAccounts","UpdateAccountContent","UpdateAccountProperties","InitiateCPMAccountManagementOperations","SpecifyNextAccountContent","RenameAccounts","DeleteAccounts","UnlockAccounts","ManageSafe","ManageSafeMembers","BackupSafe","ViewAuditLog","ViewSafeMembers","AccessWithoutConfirmation","CreateFolders","DeleteFolders","MoveAccountsAndFolders","RequestsAuthorizationLevel1","RequestsAuthorizationLevel2")
                    $minicount = 1
                    foreach($perm in $AllPerms){
                        Write-VPASOutput -str "($minicount/22) DOES $testval REQUIRE $perm PERMISSION (Y/N) [Y]: " -type Y
                        $result = read-host
                        if([String]::IsNullOrEmpty($result)){ $result = "Y" }

                        if($result -eq "y" -or $result -eq "Y"){
                            $testperms += $perm + ";"
                        }
                        $minicount += 1
                    }
                    $count += 1
                    Write-Output "Permissions=$testperms" | Add-Content $ConfigFile
                    Write-Verbose "Permissions: $testperms ADDED TO $ConfigFile"
                }
            }


            #SET CPM NAME
            if([String]::IsNullOrEmpty($CPMName)){
                Write-VPASOutput -str "ENTER CORRECT CPM USER (LEAVE BLANK IF NOT AUDITING CPM): " -type Y
                $CPMName = read-host
            }

            if($CPMName -match "="){
                Write-Verbose "INVALID CHARACTER IN CPM USER: '='"
                Write-Verbose "DEFAULTING TO NULL"
                Write-VPASOutput -str "INVALID CHARACTER IN CPM USER '='...DEFAULTING TO NULL" -type M
                $CPMName = ""
            }

            if(![String]::IsNullOrEmpty($CPMName)){
                Write-Output "CPMName=$CPMName" | Add-Content $ConfigFile
                Write-Verbose "CPMName: $CPMName ADDED TO $ConfigFile"
            }
            else{
                Write-Output "CPMName=NULL" | Add-Content $ConfigFile
                Write-Verbose "CPMName ADDED TO $ConfigFile AS NULL"
            }


            #SET TO IGNORE PREBUILT SAFES
            if($IgnoreInternalSafes){
                Write-VPASOutput -str "THE FOLLOWING SAFES WILL BE IGNORED: AccountsFeedADAccounts;AccountsFeedDiscoveryLogs;Notification Engine;PasswordManager;PasswordManager_Pending;PSM;PSMRecordings;PSMUniversalConnectors;PVWAPublicData;PVWAReports;PVWATicketingSystem;VaultInternal;System;" -type M
                Write-VPASOutput -str "ENTER MORE SAFES HERE TO ADD TO THE IGNORE LIST (comma separated): " -type Y
                $addIgnoreSafes = Read-Host
                $addIgnoreSafes = $addIgnoreSafes -replace ",",";"
                $addIgnoreSafes = $addIgnoreSafes -replace "; ",";"

                #$addIgnoreSafes = ""
                if([String]::IsNullOrEmpty($addIgnoreSafes)){
                    Write-Output "IgnoreSafes=AccountsFeedADAccounts;AccountsFeedDiscoveryLogs;Notification Engine;PasswordManager;PasswordManager_Pending;PSM;PSMRecordings;PSMUniversalConnectors;PVWAPublicData;PVWAReports;PVWATicketingSystem;VaultInternal;System;" | Add-Content $ConfigFile
                    Write-Verbose "IgnoreSafes: AccountsFeedADAccounts;AccountsFeedDiscoveryLogs;Notification Engine;PasswordManager;PasswordManager_Pending;PSM;PSMRecordings;PSMUniversalConnectors;PVWAPublicData;PVWAReports;PVWATicketingSystem;VaultInternal;System; ADDED TO $ConfigFile"
                }
                else{
                    Write-Output "IgnoreSafes=AccountsFeedADAccounts;AccountsFeedDiscoveryLogs;Notification Engine;PasswordManager;PasswordManager_Pending;PSM;PSMRecordings;PSMUniversalConnectors;PVWAPublicData;PVWAReports;PVWATicketingSystem;VaultInternal;System;$addIgnoreSafes" | Add-Content $ConfigFile
                    Write-Verbose "IgnoreSafes: AccountsFeedADAccounts;AccountsFeedDiscoveryLogs;Notification Engine;PasswordManager;PasswordManager_Pending;PSM;PSMRecordings;PSMUniversalConnectors;PVWAPublicData;PVWAReports;PVWATicketingSystem;VaultInternal;System;$addIgnoreSafes ADDED TO $ConfigFile"
                }
            }
            else{
                Write-Output "IgnoreSafes=NULL;" | Add-Content $ConfigFile
                Write-Verbose "IgnoreSafes ADDED TO $ConfigFile AS NULL"
            }
        }catch{
            Write-VPASOutput -str "ERROR POPULATING AuditTestConfigs" -type E
            Write-VPASOutput -str $_ -type E
            return $false
        }

        Write-VPASOutput -str "AuditSafeTestConfigs HAS BEEN CREATED: $ConfigFile" -type C
    }
    End{

    }
}