public/Add-VPASAllowedIP.ps1

<#
.Synopsis
   ADD ALLOWED IP
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO ADD AN ALLOWED IP FOR PRIVILEGE CLOUD SHARED SERVICES
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER AllowedValue
   Target value that will be whitelisted to allow cyberark cloud to communicate to
   CIDR ranges (/22 netmask or /32 netmask) can be utilized to add a range of IP addresses to the allowlist
.EXAMPLE
   $AddAllowedIPJSON = Add-VPASAllowedIP -AllowedValue {ALLOWEDVALUE VALUE}
.OUTPUTS
   If successful:
   {
        "taskId": "f9e4a8b3-b09e-40d2-9ece-e31b1234jhgb",
        "status": "IN_PROGRESS",
        "params": {
                       "createdAt": "Fri Aug 16 03:27:42 GMT 2024",
                       "candidatePublicIPs": [
                                                  "1.2.3.4/32",
                                                  "5.6.7.8/32"
                                              ]
                   }
   }
   ---
   $false if failed
#>

function Add-VPASAllowedIP{
    [OutputType([bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter new AllowedValue (for example: 55.55.55.55/32)",Position=0)]
        [String]$AllowedValue,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"
        Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"
        Write-Verbose "SUCCESSFULLY PARSED ALLOWEDVALUE VALUE: $AllowedValue"

        try{
            Write-Verbose "RETRIEVING CURRENT ALLOWED VALUES"
            $CurrentValues = Get-VPASAllowedIPs
            $AllowedIPsArr = @()
            foreach($rec in $CurrentValues.customerPublicIPs){
                $AllowedIPsArr += $rec
                Write-Verbose "ADDING $rec TO ALLOWED VALUES"
            }
            $AllowedIPsArr += $AllowedValue
            Write-Verbose "ADDING $AllowedValue TO ALLOWED VALUES"

            write-verbose "INITIALIZING API PARAMETERS"
            $params = @{
                customerPublicIPs = $AllowedIPsArr
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/api/advanced-settings/ip-allowlist"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/api/advanced-settings/ip-allowlist"
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "PUT" -token $token -LogType METHOD

            write-verbose "MAKING API CALL TO CYBERARK"

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json"
            }
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
            Write-Verbose "SUCCESSFULLY ADDED ALLOWED VALUE: $AllowedValue"
            return $response
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO ADD ALLOWED VALUE: $AllowedValue"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}