public/Get-VPASSQLAccounts.ps1
<#
.Synopsis GET SQL ACCOUNTS CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO OUTPUT ALL ACCOUNTS INTO AN SQL TABLE .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .EXAMPLE $SQLAccounts = Get-VPASSQLAccounts .OUTPUTS $true if successful $false if failed #> function Get-VPASSQLAccounts{ [OutputType([bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ $curUser = $env:UserName $ConfigFile = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\SQL\SQLConfigFile.txt" try{ if(Test-Path -Path $ConfigFile){ Write-Verbose "FOUND SQL CONFIG FILE...PARSING DATA" } else{ Write-Verbose "FAILED TO FIND SQL CONFIG FILE...RERUN VSetSQLConnectionDetails" Write-VPASOutput -str "FAILED TO FIND SQL CONFIG FILE...RERUN VSetSQLConnectionDetails" -type E return $false } }catch{ Write-Verbose "FAILED TO FIND SQL CONFIG FILE...RERUN VSetSQLConnectionDetails" Write-VPASOutput -str "FAILED TO FIND SQL CONFIG FILE...RERUN VSetSQLConnectionDetails" -type E return $false } Write-Verbose "PARSING FILE CONTENTS" $SQLServerTemp = "" $SQLDatabaseTemp = "" $SQLUsernameTemp = "" $AAMTemp = "" $AppIDTemp = "" $FolderTemp = "" $SafeIDTemp = "" $ObjectNameTemp = "" $AIMServerTemp = "" $PasswordSDKTemp = "" $SQLPasswordTemp = "" $CertificateTPTemp = "" $AllLines = Get-Content -Path $ConfigFile foreach($line in $AllLines){ if($line -match "SQLServer="){ $SQLServerTemp = $line } if($line -match "SQLDatabase="){ $SQLDatabaseTemp = $line } if($line -match "SQLUsername="){ $SQLUsernameTemp = $line } if($line -match "AAM="){ $AAMTemp = $line } if($line -match "AppID="){ $AppIDTemp = $line } if($line -match "Folder="){ $FolderTemp = $line } if($line -match "SafeID="){ $SafeIDTemp = $line } if($line -match "ObjectName="){ $ObjectNameTemp = $line } if($line -match "AIMServer="){ $AIMServerTemp = $line } if($line -match "PasswordSDK="){ $PasswordSDKTemp = $line } if($line -match "SQLPassword="){ $SQLPasswordTemp = $line } if($line -match "CERTIFICATETP="){ $CertificateTPTemp = $line } } $AAMSplit = $AAMTemp -split "=" $AAM = $AAMSplit[1] Write-Verbose "AAM = $AAM" $SQLServerSplit = $SQLServerTemp -split "=" $SQLServer = $SQLServerSplit[1] Write-Verbose "SQLServer = $SQLServer" $SQLDatabaseSplit = $SQLDatabaseTemp -split "=" $SQLDatabase = $SQLDatabaseSplit[1] Write-Verbose "SQLDatabase = $SQLDatabase" $SQLUsernameSplit = $SQLUsernameTemp -split "=" $SQLUsername = $SQLUsernameSplit[1] Write-Verbose "SQLUsername = $SQLUsername" if($AAM -eq "CCP"){ #CCP $AppIDSplit = $AppIDTemp -split "=" $AppID = $AppIDSplit[1] Write-Verbose "AppID = $AppID" $FolderSplit = $FolderTemp -split "=" $Folder = $FolderSplit[1] Write-Verbose "Folder = $Folder" $SafeIDSplit = $SafeIDTemp -split "=" $SafeID = $SafeIDSplit[1] Write-Verbose "SafeID = $SafeID" $ObjectNameSplit = $ObjectNameTemp -split "=" $ObjectName = $ObjectNameSplit[1] Write-Verbose "ObjectName = $ObjectName" $AIMServerSplit = $AIMServerTemp -split "=" $AIMServer = $AIMServerSplit[1] Write-Verbose "AIMServer = $AIMServer" if([String]::IsNullOrEmpty($CertificateTPTemp)){ #DO NOTHING } else{ $CertificateTPSplit = $CertificateTPTemp -split "=" $CertificateTP = $CertificateTPSplit[1] Write-Verbose "CertificateTP = $CertificateTP" } try{ if($NoSSL){ $uri = "http://$AIMServer/AIMWebService/api/accounts?AppID=$AppID&Safe=$SafeID&Folder=$Folder&Object=$ObjectName" Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" } else{ $uri = "https://$AIMServer/AIMWebService/api/accounts?AppID=$AppID&Safe=$SafeID&Folder=$Folder&Object=$ObjectName" Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" } if([String]::IsNullOrEmpty($CertificateTP)){ $CCPResult = Invoke-RestMethod -Uri $uri } else{ $CCPResult = Invoke-RestMethod -Uri $uri -CertificateThumbprint $CertificateTP } $Secret = $CCPResult.Content if($Secret){ write-verbose "SECRET RETRIEVED SUCCESSFULLY" } else{ Write-VPASOutput -str "FAILED TO RETRIEVE SQL SECRET...PLEASE CONFIRM SQLConfigFile ($ConfigFile) CONTENT AND CCP FUNCTIONALITY" -type E return $false } }catch{ Write-VPASOutput -str "FAILED TO RETRIEVE SQL SECRET...PLEASE CONFIRM SQLConfigFile ($ConfigFile) CONTENT AND CCP FUNCTIONALITY" -type E Write-VPASOutput -str $_ -type E return $false } } elseif($AAM -eq "CP"){ #CP $AppIDSplit = $AppIDTemp -split "=" $AppID = $AppIDSplit[1] Write-Verbose "AppID = $AppID" $FolderSplit = $FolderTemp -split "=" $Folder = $FolderSplit[1] Write-Verbose "Folder = $Folder" $SafeIDSplit = $SafeIDTemp -split "=" $SafeID = $SafeIDSplit[1] Write-Verbose "SafeID = $SafeID" $ObjectNameSplit = $ObjectNameTemp -split "=" $ObjectName = $ObjectNameSplit[1] Write-Verbose "ObjectName = $ObjectName" $PasswordSDKSplit = $PasswordSDKTemp -split "=" $PasswordSDK = $PasswordSDKSplit[1] Write-Verbose "PasswordSDK = $PasswordSDK" try{ $Secret = & "$PasswordSDK" GetPassword /p AppDescs.AppID=$AppID /p Query="Safe=$SafeID;Folder=$Folder;Object=$ObjectName" /o Password if($Secret){ write-verbose "RETRIEVED SECRET SUCCESSFULLY" } else{ Write-VPASOutput -str "FAILED TO RETRIEVE SQL SECRET...PLEASE CONFIRM SQLConfigFile ($ConfigFile) CONTENT AND CP FUNCTIONALITY" -type E return $false } }catch{ Write-VPASOutput -str "FAILED TO RETRIEVE SQL SECRET...PLEASE CONFIRM SQLConfigFile ($ConfigFile) CONTENT AND CP FUNCTIONALITY" -type E Write-VPASOutput -str $_ -type E return $false } } else{ #NONE $SQLPasswordSplit = $SQLPasswordTemp -split "=" $SQLPassword = $SQLPasswordSplit[1] $SecureString = ConvertTo-SecureString -String $SQLPassword $Pointer = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureString) $Secret = [Runtime.InteropServices.Marshal]::PtrToStringAuto($Pointer) } try{ import-module sqlserver -ErrorAction Stop }catch{ Write-VPASOutput -str "FAILED TO LOAD SQLServer MODULE..." -type E Write-VPASOutput -str $_ -type E Write-VPASOutput -str "FAILED TO FIND SQLServer MODULE IN THE FOLLOWING DIRECTORIES:" -type E $str = $env:PSModulePath -split ";" foreach($strsplit in $str){ Write-VPASOutput -str $strsplit -type E } Write-VPASOutput -str "DOWNLOAD THE MODULE BY TYPING IN 'Install-Module -Name SqlServer' THEN RERUN VSetSQLConnectionDetails" -type E Write-VPASOutput -str "YOU CAN ALSO VIEW THIS LINK FOR MORE INFORMATION: 'https://www.powershellgallery.com/packages/SqlServer/21.1.18256'" -type E Write-VPASOutput -str "PROCESS TERMINATED" -type E return $false } try{ $output = @() $result = Invoke-Sqlcmd -ServerInstance $SQLServer -Database $SQLDatabase -Query "SELECT DB_NAME()" -Username $SQLUsername -Password $Secret if($result.Column1 -eq $SQLDatabase){ write-verbose "SQL CONNECTIVITY SUCCESSFUL" } else{ Write-VPASOutput -str "FAILED TO CONNECT TO SQL DATABASE...PLEASE CONFIRM SQLConfigFile ($ConfigFile) CONTENT" -type E return $false } }catch{ Write-VPASOutput -str "FAILED TO CONNECT TO SQL DATABASE...PLEASE CONFIRM SQLConfigFile ($ConfigFile) CONTENT" -type E Write-VPASOutput -str $_ -type E return $false } #DROP $TableName = "Vpas_Account_Inventory" try{ $query = "DROP TABLE $TableName" $result = Invoke-Sqlcmd -ServerInstance $SQLServer -Database $SQLDatabase -Query $query -Username $SQLUsername -Password $Secret -ErrorAction Stop Write-Verbose "$TableName DELETED SUCCESSFULLY" }catch{ Write-Verbose "$TableName DOES NOT EXIST" } #CREATE try{ $query = "CREATE TABLE $TableName ( AcctID varchar(255), AcctName varchar(255), AcctAddress varchar(255), AcctUserName varchar(255), AcctPlatformID varchar(255), AcctSafeName varchar(255), AcctSecretType varchar(255), AcctAutomaticManagement varchar(255), AcctManualManagementReason varchar(255), AcctStatus varchar(255), AcctLastModifiedTime varchar(255), AcctCreationTime varchar(255), AcctOptionalProp varchar(4255) ); " $result = Invoke-Sqlcmd -ServerInstance $SQLServer -Database $SQLDatabase -Query $query -Username $SQLUsername -Password $Secret Write-Verbose "$TableName CREATED SUCCESSFULLY" }catch{ Write-Verbose "FAILED TO CREATE $TableName" Write-VPASOutput -str "FAILED TO CREATE $TableName" -type E Write-VPASOutput -str $_ -type E } #START QUERYING $AllAccounts = Get-VPASAllAccounts -token $token foreach($acct in $AllAccounts.value){ $AcctID = $acct.id $AcctName = $acct.name $AcctAddress = $acct.address $AcctUserName = $acct.username $AcctPlatformID = $acct.platformId $AcctSafeName = $acct.safeName $AcctSecretType = $acct.secretType $AcctAutomaticManagement = $acct.secretManagement.automaticManagementEnabled $AcctManualManagementReason = $acct.secretManagement.manualManagementReason $AcctStatus = $acct.secretManagement.status $AcctLastModifiedTime = $acct.secretManagement.lastModifiedTime $AcctCreationTime = $acct.createdTime $AcctOptionalProp = "" $props = $acct.platformAccountProperties $keys = $($props | Get-Member -MemberType *Property).Name foreach($key in $keys){ $val = $acct.platformAccountProperties.$key $AcctOptionalProp += "$key=$val;" } if([String]::IsNullOrEmpty($AcctID)){$AcctID = "NULL"} if([String]::IsNullOrEmpty($AcctName)){$AcctName = "NULL"} if([String]::IsNullOrEmpty($AcctAddress)){$AcctAddress = "NULL"} if([String]::IsNullOrEmpty($AcctUserName)){$AcctUserName = "NULL"} if([String]::IsNullOrEmpty($AcctPlatformID)){$AcctPlatformID = "NULL"} if([String]::IsNullOrEmpty($AcctSafeName)){$AcctSafeName = "NULL"} if([String]::IsNullOrEmpty($AcctSecretType)){$AcctSecretType = "NULL"} if([String]::IsNullOrEmpty($AcctAutomaticManagement)){$AcctAutomaticManagement = "NULL"} if([String]::IsNullOrEmpty($AcctManualManagementReason)){$AcctManualManagementReason = "NULL"} if([String]::IsNullOrEmpty($AcctStatus)){$AcctStatus = "NO STATUS"} if([String]::IsNullOrEmpty($AcctLastModifiedTime)){$AcctLastModifiedTime = "NULL"} if([String]::IsNullOrEmpty($AcctCreationTime)){$AcctCreationTime = "NULL"} if([String]::IsNullOrEmpty($AcctOptionalProp)){$AcctOptionalProp = "NULL"} $AcctID = $AcctID -replace "'","''" $AcctName = $AcctName -replace "'","''" $AcctAddress = $AcctAddress -replace "'","''" $AcctUserName = $AcctUserName -replace "'","''" $AcctPlatformID = $AcctPlatformID -replace "'","''" $AcctSafeName = $AcctSafeName -replace "'","''" $AcctSecretType = $AcctSecretType -replace "'","''" $AcctAutomaticManagement = $AcctAutomaticManagement -replace "'","''" $AcctManualManagementReason = $AcctManualManagementReason -replace "'","''" $AcctStatus = $AcctStatus -replace "'","''" $AcctLastModifiedTime = $AcctLastModifiedTime -replace "'","''" $AcctCreationTime = $AcctCreationTime -replace "'","''" $AcctOptionalProp = $AcctOptionalProp -replace "'","''" try{ $query = "INSERT INTO $TableName ( AcctID, AcctName, AcctAddress, AcctUserName, AcctPlatformID, AcctSafeName, AcctSecretType, AcctAutomaticManagement, AcctManualManagementReason, AcctStatus, AcctLastModifiedTime, AcctCreationTime, AcctOptionalProp ) VALUES ( '$AcctID','$AcctName','$AcctAddress','$AcctUserName','$AcctPlatformID','$AcctSafeName','$AcctSecretType','$AcctAutomaticManagement','$AcctManualManagementReason','$AcctStatus','$AcctLastModifiedTime','$AcctCreationTime','$AcctOptionalProp' );" $UpdateRec = Invoke-Sqlcmd -ServerInstance $SQLServer -Database $SQLDatabase -Query $query -Username $SQLUsername -Password $Secret Write-Verbose "ADDED RECORD INTO $TableName FOR ACCOUNTID: $AcctID || ACCOUNT NAME: $AcctName" }catch{ Write-Verbose "FAILED TO ADD RECORD INTO $TableName FOR ACCOUNTID: $AcctID || ACCOUNT NAME: $AcctName" Write-VPASOutput -str "FAILED TO ADD RECORD INTO $TableName FOR ACCOUNTID: $AcctID || ACCOUNT NAME: $AcctName" -type E Write-VPASOutput -str $_ -type E } } return $true } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |