public/Remove-VPASEPVUser.ps1
|
<#
.Synopsis DELETE EPV USER CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO DELETE AN EPV USER .LINK https://vpasmodule.com/commands/Remove-VPASEPVUser .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER EPVUsername Query for the target EPVUser via Username .PARAMETER EPVUserID Query for the target EPVUser via UserID .PARAMETER Confirm Skip the confirmation prompt confirming the deletion/removal of an EPVUser .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $WhatIfSimulation = Remove-VPASEPVUser -EPVUsername {EPVUSERNAME VALUE} -WhatIf .EXAMPLE $DeleteEPVUserStatus = Remove-VPASEPVUser -EPVUsername {EPVUSERNAME VALUE} .EXAMPLE $DeleteEPVUserStatus = Remove-VPASEPVUser -EPVUserID {EPVUSERID VALUE} -Confirm .EXAMPLE $InputParameters = @{ EPVUsername = "TargetEPVUser" Confirm = $true|$false WhatIf = $true|$false HideWhatIfOutput = $true|$false } $DeleteEPVUserStatus = Remove-VPASEPVUser -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ EPVUserID = "22" Confirm = $true|$false WhatIf = $true|$false HideWhatIfOutput = $true|$false } $DeleteEPVUserStatus = Remove-VPASEPVUser -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Remove-VPASEPVUser{ [OutputType([bool],'System.Object')] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUsername (for example: vman)")] [String]$EPVUsername, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUserID (for example: 55)")] [String]$EPVUserID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$Confirm, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$HideWhatIfOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("EPVUsername","Confirm","WhatIf","HideWhatIfOutput") MandatoryKeys = @("EPVUsername") } set2 = @{ AcceptableKeys = @("EPVUserID","Confirm","WhatIf","HideWhatIfOutput") MandatoryKeys = @("EPVUserID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE EPV USERS" Write-VPASOutput -str $_ -type E return $false } try{ if($EPVUsername){ $LookupBy = "Username" $LookupVal = $EPVUsername } if($EPVUserID){ $LookupBy = "UserID" $LookupVal = $EPVUserID } if($LookupBy -eq "Username"){ Write-Verbose "INVOKING HELPER FUNCTION" $searchQuery = "$LookupVal" $UserID = Get-VPASEPVUserIDHelper -token $token -username $searchQuery } elseif($LookupBy -eq "UserID"){ Write-Verbose "SUPPLIED USERID: $LookupVal, SKIPPING HELPER FUNCTION" $UserID = $LookupVal } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Users/$UserID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Users/$UserID/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASEPVUserDetails -EPVUserID $UserID -token $token if($WhatIfInfo){ $WhatIfInfoenableUser = $WhatIfInfo.enableUser $WhatIfInfochangePassOnNextLogon = $WhatIfInfo.changePassOnNextLogon $WhatIfInfosuspended = $WhatIfInfo.suspended $WhatIfInfounAuthorizedInterfaces = $WhatIfInfo.unAuthorizedInterfaces $WhatIfInfoauthenticationMethod = $WhatIfInfo.authenticationMethod $WhatIfInfopasswordNeverExpires = $WhatIfInfo.passwordNeverExpires $WhatIfInfodistinguishedName = $WhatIfInfo.distinguishedName $WhatIfInfodescription = $WhatIfInfo.description $WhatIfInfobusinessAddress = $WhatIfInfo.businessAddress $WhatIfInfointernet = $WhatIfInfo.internet $WhatIfInfophones = $WhatIfInfo.phones $WhatIfInfopersonalDetails = $WhatIfInfo.personalDetails $WhatIfInfoid = $WhatIfInfo.id $WhatIfInfousername = $WhatIfInfo.username $WhatIfInfosource = $WhatIfInfo.source $WhatIfInfouserType = $WhatIfInfo.userType $WhatIfInfocomponentUser = $WhatIfInfo.componentUser $WhatIfInfogroupsMembership = $WhatIfInfo.groupsMembership $WhatIfInfovaultAuthorization = $WhatIfInfo.vaultAuthorization $WhatIfInfolocation = $WhatIfInfo.location if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING EPV USER WOULD BE DELETED:" -type S Write-VPASOutput -str "EnableUser : $WhatIfInfoenableUser" -type S Write-VPASOutput -str "ChangePassOnNextLogon : $WhatIfInfochangePassOnNextLogon" -type S Write-VPASOutput -str "Suspended : $WhatIfInfosuspended" -type S Write-VPASOutput -str "UnAuthorizedInterfaces : $WhatIfInfounAuthorizedInterfaces" -type S Write-VPASOutput -str "AuthenticationMethod : $WhatIfInfoauthenticationMethod" -type S Write-VPASOutput -str "PasswordNeverExpires : $WhatIfInfopasswordNeverExpires" -type S Write-VPASOutput -str "DistinguishedName : $WhatIfInfodistinguishedName" -type S Write-VPASOutput -str "Description : $WhatIfInfodescription" -type S Write-VPASOutput -str "BusinessAddress : $WhatIfInfobusinessAddress" -type S Write-VPASOutput -str "Internet : $WhatIfInfointernet" -type S Write-VPASOutput -str "Phones : $WhatIfInfophones" -type S Write-VPASOutput -str "PersonalDetails : $WhatIfInfopersonalDetails" -type S Write-VPASOutput -str "ID : $WhatIfInfoid" -type S Write-VPASOutput -str "Username : $WhatIfInfousername" -type S Write-VPASOutput -str "Source : $WhatIfInfosource" -type S Write-VPASOutput -str "UserType : $WhatIfInfouserType" -type S Write-VPASOutput -str "ComponentUser : $WhatIfInfocomponentUser" -type S Write-VPASOutput -str "GroupsMembership : $WhatIfInfogroupsMembership" -type S Write-VPASOutput -str "VaultAuthorization : $WhatIfInfovaultAuthorization" -type S Write-VPASOutput -str "location : $WhatIfInfolocation" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ EnableUser = $WhatIfInfoenableUser ChangePassOnNextLogon = $WhatIfInfochangePassOnNextLogon Suspended = $WhatIfInfosuspended UnAuthorizedInterfaces = $WhatIfInfounAuthorizedInterfaces AuthenticationMethod = $WhatIfInfoauthenticationMethod PasswordNeverExpires = $WhatIfInfopasswordNeverExpires DistinguishedName = $WhatIfInfodistinguishedName Description = $WhatIfInfodescription BusinessAddress = $WhatIfInfobusinessAddress Internet = $WhatIfInfointernet Phones = $WhatIfInfophones PersonalDetails = $WhatIfInfopersonalDetails ID = $WhatIfInfoid Username = $WhatIfInfousername Source = $WhatIfInfosource UserType = $WhatIfInfouserType ComponentUser = $WhatIfInfocomponentUser GroupsMembership = $WhatIfInfogroupsMembership VaultAuthorization = $WhatIfInfovaultAuthorization Location = $WhatIfInfolocation RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS EPV USER WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } else{ $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $false } } else{ Write-Verbose "MAKING API CALL TO CYBERARK" if($Confirm){ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "SUCCESSFULLY DELETED $LookupBy : $LookupVal" return $true } else{ Write-VPASOutput -str "ARE YOU SURE YOU WANT TO DELETE $LookupBy : $LookupVal (Y/N) [Y]: " -type C $confirmstr = Read-Host if([String]::IsNullOrEmpty($confirmstr)){ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "SUCCESSFULLY DELETED $LookupBy : $LookupVal" return $true } elseif($confirmstr -eq "Y" -or $confirmstr -eq "y"){ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "SUCCESSFULLY DELETED $LookupBy : $LookupVal" return $true } else{ $log = Write-VPASTextRecorder -inputval "$LookupBy : $LookupVal WILL NOT BE DELETED" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "$LookupBy : $LookupVal WILL NOT BE DELETED" -type E return $false } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO DELETE $LookupBy : $LookupVal" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |