public/Remove-VPASSafeMember.ps1
|
<#
.Synopsis DELETE SAFE MEMBER CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO DELETE A SAFE MEMBER FROM A SAFE IN CYBERARK .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER safe Target unique safe name .PARAMETER member Target unique safe member .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .EXAMPLE $WhatIfSimulation = Remove-VPASSafeMember -safe {SAFE NAME} -member {MEMBER VALUE} -WhatIf .EXAMPLE $DeleteSafeMemberStatus = Remove-VPASSafeMember -safe {SAFE VALUE} -member {MEMBER VALUE} .OUTPUTS $true if successful --- $false if failed #> function Remove-VPASSafeMember{ [OutputType([bool],'System.Object')] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target SafeName (for example: TestSafe1)",Position=0)] [String]$safe, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target SafeMember (for example: 'Vault Admins')",Position=1)] [String]$member, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [hashtable]$token, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$HideWhatIfOutput ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED SAFE VALUE" Write-Verbose "SUCCESSFULLY PARSED MEMBER VALUE" try{ write-verbose "MAKING API CALL TO DELETE SAFE MEMBER" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members/$member/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members/$member/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASSafeMemberSearch -safe $safe -member $member -token $token if(!$WhatIfInfo){ $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $false } else{ $WhatIfInfoSafeUrlId = $WhatIfInfo.safeUrlId $WhatIfInfoSafeName = $WhatIfInfo.safeName $WhatIfInfoSafeNumber = $WhatIfInfo.safeNumber $WhatIfInfoMemberId = $WhatIfInfo.memberId $WhatIfInfoMemberName = $WhatIfInfo.memberName $WhatIfInfoMemberType = $WhatIfInfo.memberType $WhatIfInfoMembershipExpirationDate = $WhatIfInfo.membershipExpirationDate $WhatIfInfoIsExpiredMembershipEnable = $WhatIfInfo.isExpiredMembershipEnable $WhatIfInfoIsPredefinedUser = $WhatIfInfo.isPredefinedUser $WhatIfInfoIsReadOnly = $WhatIfInfo.isReadOnly $WhatIfInfoPermissions = $WhatIfInfo.permissions $WhatIfCounter = 0 $WhatIfAccountsAffected = @() $AffectedAccounts = Get-VPASAccountDetails -safe $safe -token $token -HideWarning foreach($AffectedAcct in $AffectedAccounts.value){ $AffectedAcctSafe = $AffectedAcct.safeName if($AffectedAcctSafe -eq $WhatIfInfoSafeName){ $WhatIfCounter += 1 $WhatIfAccountsAffectedHash = @{ SafeName = $AffectedAcct.safeName ID = $AffectedAcct.id Address = $AffectedAcct.address Username = $AffectedAcct.userName Name = $AffectedAcct.name } $WhatIfAccountsAffected += $WhatIfAccountsAffectedHash } } if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING SAFE MEMBER WOULD BE DELETED:" -type S Write-VPASOutput -str "SafeUrlId : $WhatIfInfoSafeUrlId" -type S Write-VPASOutput -str "SafeName : $WhatIfInfoSafeName" -type S Write-VPASOutput -str "SafeNumber : $WhatIfInfoSafeNumber" -type S Write-VPASOutput -str "MemberID : $WhatIfInfoMemberId" -type S Write-VPASOutput -str "MemberName : $WhatIfInfoMemberName" -type S Write-VPASOutput -str "MemberType : $WhatIfInfoMemberType" -type S Write-VPASOutput -str "MembershipExpirationDate : $WhatIfInfoMembershipExpirationDate" -type S Write-VPASOutput -str "IsExpiredMembershipEnable : $WhatIfInfoIsExpiredMembershipEnable" -type S Write-VPASOutput -str "IsPredefinedUser : $WhatIfInfoIsPredefinedUser" -type S Write-VPASOutput -str "IsReadOnly : $WhatIfInfoIsReadOnly" -type S Write-VPASOutput -str "Permissions : $WhatIfInfoPermissions" -type S Write-VPASOutput -str "NumberOfAffectedAccounts : $WhatIfCounter" -type S Write-VPASOutput -str "AffectedAccounts : $WhatIfAccountsAffected" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ SafeUrlId = $WhatIfInfoSafeUrlId SafeName = $WhatIfInfoSafeName SafeNumber = $WhatIfInfoSafeNumber MemberID = $WhatIfInfoMemberID MemberName = $WhatIfInfoMemberName MemberType = $WhatIfInfoMemberType MembershipExpirationDate = $WhatIfInfoMembershipExpirationDate IsExpiredMembershipEnable = $WhatIfInfoIsExpiredMembershipEnable IsPredefinedUser = $WhatIfInfoIsPredefinedUser IsReadOnly = $WhatIfInfoIsReadOnly Permissions = $WhatIfInfoPermissions RestURI = $uri NumberOfAffectedAccounts = $WhatIfCounter AffectedAccounts = $WhatIfAccountsAffected RestMethod = "DELETE" Disclaimer = "THIS SAFE MEMBER WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } } else{ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "API CALL MADE SUCCESSFULLY" Write-Verbose "SAFE MEMBER WAS DELETED, RETURNING TRUE" return $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO DELETE SAFE MEMBER" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |