public/Remove-VPASDPAStrongAccount.ps1
|
<#
.Synopsis DELETE DPA STRONG ACCOUNT CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO DELETE A STRONG ACCOUNT FROM DPA .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER StrongAccountID UniqueID of the target strong account in DPA .PARAMETER StrongAccountName Unique name of the target strong account in DPA .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .EXAMPLE $DeleteStrongAccount = Remove-VPASDPAStrongAccount -StrongAccountID {STRONG ACCOUNT ID VALUE} .EXAMPLE $DeleteStrongAccount = Remove-VPASDPAStrongAccount -StrongAccountName {STRONG ACCOUNT NAME VALUE} -WhatIf .OUTPUTS $true if successful $false if failed #> function Remove-VPASDPAStrongAccount{ [OutputType([bool],'System.Object')] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [String]$StrongAccountID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [String]$StrongAccountName, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [Switch]$HideWhatIfOutput, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED SUBDOMAIN VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" try{ if($SubDomain -eq "N/A"){ Write-VPASOutput -str "SelfHosted + PriviledgeCloud Standard solutions do not support this API Call, returning false" -type E $log = Write-VPASTextRecorder -inputval "SelfHosted + PrivilegeCloud Standard solutions do not support this API Call, returning false" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval $false -token $token -LogType RETURN return $false } if([String]::IsNullOrEmpty($StrongAccountID)){ Write-Verbose "NO STRONG ACCOUNT ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE STRONG ACCOUNT ID BASED ON SPECIFIED PARAMETERS" $StrongAccountID = Get-VPASDPAStrongAccountIDHelper -token $token -SearchQuery $StrongAccountName Write-Verbose "RETURNING STRONG ACCOUNT ID" } else{ Write-Verbose "STRONG ACCOUNT ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($StrongAccountID -eq -1){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND TARGET STRONG ACCOUNT ID: $StrongAccountID" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND TARGET STRONG ACCOUNT ID: $StrongAccountID" Write-VPASOutput -str "COULD NOT FIND TARGET STRONG ACCOUNT ID: $StrongAccountID" -type E return $false } else{ write-verbose "MAKING API CALL TO CYBERARK" $uri = "https://$SubDomain.dpa.cyberark.cloud/api/secrets/public/v1/$StrongAccountID" Write-Verbose "CONSTRUCTING URI: $uri" $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASDPAStrongAccountDetails -StrongAccountID $StrongAccountID -token $token $WhatIfsecretid = $WhatIfInfo.secret_id $WhatIftenantid = $WhatIfInfo.tenant_id $WhatIfsecrettype = $WhatIfInfo.secret_type $WhatIfisactive = $WhatIfInfo.is_active $WhatIfisrotatable = $WhatIfInfo.is_rotatable $WhatIfcreationtime = $WhatIfInfo.creation_time $WhatIflastmodified = $WhatIfInfo.last_modified $WhatIfsecretname = $WhatIfInfo.secret_name $WhatIfsecretdetailscertFileName = $WhatIfInfo.secret_details.certFileName $WhatIfsecretdetailsaccountdomain = $WhatIfInfo.secret_details.account_domain $WhatIfsecretsecretdata = $WhatIfInfo.secret.secret_data $WhatIfsecrettenantencrypted = $WhatIfInfo.secret.tenant_encrypted if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING STRONG ACCOUNT WOULD BE DELETED:" -type S Write-VPASOutput -str "SecretID : $WhatIfsecretid" -type S Write-VPASOutput -str "TenantID : $WhatIftenantid" -type S Write-VPASOutput -str "SecretType : $WhatIfsecrettype" -type S Write-VPASOutput -str "IsActive : $WhatIfisactive" -type S Write-VPASOutput -str "IsRotatable : $WhatIfisrotatable" -type S Write-VPASOutput -str "CreationTime : $WhatIfcreationtime" -type S Write-VPASOutput -str "LastModified : $WhatIflastmodified" -type S Write-VPASOutput -str "SecretName : $WhatIfsecretname" -type S Write-VPASOutput -str "CertFileName : $WhatIfsecretdetailscertFileName" -type S Write-VPASOutput -str "AccountDomain : $WhatIfsecretdetailsaccountdomain" -type S Write-VPASOutput -str "Data : $WhatIfsecretsecretdata" -type S Write-VPASOutput -str "TenantEncrypted : $WhatIfsecrettenantencrypted" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ SecretID = $WhatIfsecretid TenantID = $WhatIftenantid SecretType = $WhatIfsecrettype IsActive = $WhatIfisactive IsRotatable = $WhatIfisrotatable CreationTime = $WhatIfcreationtime LastModified = $WhatIflastmodified SecretName = $WhatIfsecretname CertFileName = $WhatIfsecretdetailscertFileName AccountDomain = $WhatIfsecretdetailsaccountdomain Data = $WhatIfsecretsecretdata TenantEncrypted = $WhatIfsecrettenantencrypted RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS STRONG ACCOUNT WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } else{ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "SUCCESSFULLY DELETED DPA STRONG ACCOUNT: $StrongAccountID" Write-Verbose "RETURNING TRUE" return $true } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE DPA STRONG ACCOUNT DETAILS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |