public/Get-VPASSafeMembers.ps1

<#
.Synopsis
   GET ALL SAFE MEMBERS IN A SAFE
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO RETRIEVE SAFE MEMBERS FROM A SPECIFIED SAFE AND SAFE PERMISSIONS
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER safe
   Target unique safe name
.PARAMETER IncludePredefinedMembers
   Specify to include predefined safe members in the output
   Predefined safe members are the members that get added by default to every safe (Master, Batch, Backup, etc)
.PARAMETER LimitSearchTo
   Specify if the query should include only Users or Groups
   Both Users and Groups are returned by default
   Possible values: "UsersOnly", "GroupsOnly"
.EXAMPLE
   $SafeMembersJSON = Get-VPASSafeMembers -safe {SAFE VALUE}
.EXAMPLE
   $SafeMembersJSON = Get-VPASSafeMembers -safe {SAFE VALUE} -IncludePredefinedMembers
.OUTPUTS
   JSON Object (SafeMembers) if successful
   $false if failed
#>

function Get-VPASSafeMembers{
    [OutputType('System.Object',[bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target Safe to query members from (for example: TestSafe1)",Position=0)]
        [String]$safe,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]
        [Switch]$IncludePredefinedMembers,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        [ValidateSet("UsersOnly","GroupsOnly")]
        [String]$LimitSearchTo,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        write-verbose "SUCCESSFULLY PARSED PVWA VALUE"
        write-verbose "SUCCESSFULLY PARSED TOKEN VALUE"
        write-verbose "SUCCESSFULLY PARSED SAFE VALUE"

        try{

            $outputreturn = @()
            Write-Verbose "MAKING API CALL TO CYBERARK"

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                if($IncludePredefinedMembers){
                    $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members?filter=includePredefinedUsers eq true"
                    if(![String]::IsNullOrEmpty($LimitSearchTo)){
                        if($LimitSearchTo -eq "UsersOnly"){
                            $uri += " AND memberType eq user"
                        }
                        elseif($LimitSearchTo -eq "GroupsOnly"){
                            $uri += " AND memberType eq group"
                        }
                    }
                }
                else{
                    $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members"
                    if(![String]::IsNullOrEmpty($LimitSearchTo)){
                        if($LimitSearchTo -eq "UsersOnly"){
                            $uri += "?filter=memberType eq user"
                        }
                        elseif($LimitSearchTo -eq "GroupsOnly"){
                            $uri += "?filter=memberType eq group"
                        }
                    }
                }
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                if($IncludePredefinedMembers){
                    $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members?filter=includePredefinedUsers eq true"
                    if(![String]::IsNullOrEmpty($LimitSearchTo)){
                        if($LimitSearchTo -eq "UsersOnly"){
                            $uri += " AND memberType eq user"
                        }
                        elseif($LimitSearchTo -eq "GroupsOnly"){
                            $uri += " AND memberType eq group"
                        }
                    }
                }
                else{
                    $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members"
                    if(![String]::IsNullOrEmpty($LimitSearchTo)){
                        if($LimitSearchTo -eq "UsersOnly"){
                            $uri += "?filter=memberType eq user"
                        }
                        elseif($LimitSearchTo -eq "GroupsOnly"){
                            $uri += "?filter=memberType eq group"
                        }
                    }
                }
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
            }
            $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY
            Write-Verbose "RETRIEVED DATA FROM API CALL"
            Write-Verbose "RETURNING OUTPUT"
            return $response
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO GET SAFE MEMBERS"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}