Functions/Accounts/Invoke-PASCPMOperation.ps1
# .ExternalHelp psPAS-help.xml function Invoke-PASCPMOperation { [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', 'ChangeCredsForGroup', Justification = "Parameter does not hold password")] [CmdletBinding(SupportsShouldProcess)] param( [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateNotNullOrEmpty()] [Alias("id")] [string]$AccountID, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "VerifyCredentials" )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "Verify" )] [switch]$VerifyTask, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "Password/Update" )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "SetNextPassword" )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "Change" )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "ChangeCredentials" )] [switch]$ChangeTask, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "Reconcile" )] [switch]$ReconcileTask, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "SetNextPassword" )] [boolean]$ChangeImmediately, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "SetNextPassword" )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "Password/Update" )] [securestring]$NewCredentials, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $false, ParameterSetName = "Change" )] [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "Password/Update" )] [boolean]$ChangeEntireGroup, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $false, ParameterSetName = "ChangeCredentials" )] [ValidateSet('Yes', 'No')] [string]$ImmediateChangeByCPM, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $false, ParameterSetName = "ChangeCredentials" )] [ValidateSet('Yes', 'No')] [string]$ChangeCredsForGroup, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = "VerifyCredentials" )] [Alias("UseClassicAPI")] [switch]$UseGen1API ) Begin { #Create hashtable for splatting $ThisRequest = @{ } $ThisRequest["WebSession"] = $Script:WebSession $ThisRequest["Method"] = "PUT" }#Begin Process { #Get parameters to include in request body $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove ImmediateChangeByCPM, AccountID, VerifyTask, ChangeTask, ReconcileTask switch ($PSCmdlet.ParameterSetName) { "ChangeCredentials" { #add ImmediateChangeByCPM to header as key=value pair $ThisRequest["WebSession"].Headers["ImmediateChangeByCPM"] = $ImmediateChangeByCPM #create request body $ThisRequest["Body"] = $boundParameters | ConvertTo-Json } "VerifyCredentials" { #Empty Body $ThisRequest["Body"] = @{ } | ConvertTo-Json } { $PSItem -match "Credentials$" } { $URI = "$Script:BaseURI/WebServices/PIMServices.svc" break } default { #Not using classic API #At least version 9.10 required to verify/change/reconcile Assert-VersionRequirement -RequiredVersion 9.10 $URI = "$Script:BaseURI/API" #verify/change/reconcile method $ThisRequest["Method"] = "POST" #deal with NewCredentials SecureString If ($PSBoundParameters.ContainsKey("NewCredentials")) { #Specifying next password value, or changing in the vault requires 10.1 or above Assert-VersionRequirement -RequiredVersion 10.1 #Include decoded password in request $boundParameters["NewCredentials"] = $(ConvertTo-InsecureString -SecureString $NewCredentials) } #create request body $ThisRequest["Body"] = $boundParameters | ConvertTo-Json } } #Use AccountID + ParameterSet name for required URI $ThisRequest["URI"] = "$URI/Accounts/$AccountID/$($PSCmdlet.ParameterSetName)" if ($PSCmdlet.ShouldProcess($AccountID, "Initiate CPM $($PSBoundParameters.Keys | Where-Object{$_ -like '*Task'})")) { #Send the request to the web service Invoke-PASRestMethod @ThisRequest } If ($ThisRequest["WebSession"].Headers.ContainsKey("ImmediateChangeByCPM")) { #Ensure ImmediateChangeByCPM is removed from WebSession Header $ThisRequest["WebSession"].Headers.Remove("ImmediateChangeByCPM") | Out-Null } }#Process End { }#End } |