Functions/SafeMembers/Get-PASSafeMember.ps1
# .ExternalHelp psPAS-help.xml function Get-PASSafeMember { [CmdletBinding(DefaultParameterSetName = 'Gen2')] param( [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2' )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberPermissions' )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberFilter' )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen1-SafeMembers' )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen1-MemberPermissions' )] [ValidateNotNullOrEmpty()] [string]$SafeName, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberFilter' )] [ValidateSet('user', 'group')] [string]$memberType, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberFilter' )] [boolean]$membershipExpired, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberFilter' )] [boolean]$includePredefinedUsers, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberFilter' )] [string]$search, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberFilter' )] [ValidateSet('asc', 'desc')] [string]$sort, [Alias('UserName')] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberPermissions' )] [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen1-MemberPermissions' )] [ValidateNotNullOrEmpty()] [string]$MemberName, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2-MemberPermissions' )] [ValidateNotNullOrEmpty()] [Boolean]$useCache, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $false, ParameterSetName = 'Gen2' )] [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $false, ParameterSetName = 'Gen2-MemberFilter' )] [int]$TimeoutSec, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen1-MemberPermissions' )] [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $false, ParameterSetName = 'Gen1-SafeMembers' )] [switch]$UseGen1API ) BEGIN { $Request = @{ } $Method = 'GET' $Limit = 25 #default if you call the API with no value }#begin PROCESS { switch ($PSCmdlet.ParameterSetName) { ( { $PSItem -match '^Gen1-' } ) { #Create URL for Gen1 API requests $URI = "$($psPASSession.BaseURI)/WebServices/PIMServices.svc/Safes/$($SafeName | Get-EscapedString)/Members" } ( { $PSItem -match '^Gen2' } ) { #Create URL for Gen1 API requests Assert-VersionRequirement -RequiredVersion 12.0 #Create URL for Gen2 API requests $URI = "$($psPASSession.BaseURI)/api/Safes/$($SafeName | Get-EscapedString)/Members" } 'Gen2-MemberPermissions' { #check required version Assert-VersionRequirement -RequiredVersion 12.2 #Create URL for member specific request $URI = "$URI/$($MemberName | Get-EscapedString)/" $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToKeep useCache #Create Query String, escaped for inclusion in request URL $queryString = $boundParameters | ConvertTo-QueryString If ($null -ne $queryString) { #Build URL from base URL $URI = "$URI`?$queryString" } break } 'Gen1-MemberPermissions' { #check required version Assert-VersionRequirement -MaximumVersion 12.3 #Create URL for member specific request $URI = "$URI/$($MemberName | Get-EscapedString)/" #Send a PUT Request instead of GET $Method = 'PUT' #Send an empty body #Add to Request parameters for PUT Request $Request['Body'] = @{'member' = @{ } } | ConvertTo-Json break } 'Gen2-MemberFilter' { Assert-VersionRequirement -RequiredVersion 12.1 #Parameter to include as filter value in url $Parameters = [Collections.Generic.List[Object]]::New(@('memberType', 'membershipExpired', 'includePredefinedUsers')) #Get Parameters to include in request $filterParameters = $PSBoundParameters | Get-PASParameter -ParametersToKeep $Parameters $Parameters.AddRange(@('SafeName', 'TimeoutSec')) $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove $Parameters $FilterString = $filterParameters | ConvertTo-FilterString If ($null -ne $FilterString) { $boundParameters = $boundParameters + $FilterString } #Create Query String, escaped for inclusion in request URL $queryString = $boundParameters | ConvertTo-QueryString If ($null -ne $queryString) { #Build URL from base URL $URI = "$URI`?$queryString" } $Request['TimeoutSec'] = $TimeoutSec break } } #Build Request Parameters $Request['URI'] = $URI $Request['Method'] = $Method $Request['WebSession'] = $psPASSession.WebSession #Send request to webservice $result = Invoke-PASRestMethod @Request If ($null -ne $result) { switch ($PSCmdlet.ParameterSetName) { 'Gen1-MemberPermissions' { #format output $Output = $result.member | Select-Object MembershipExpirationDate, @{Name = 'UserName'; 'Expression' = { $MemberName } }, @{Name = 'Permissions'; 'Expression' = { $result.member.permissions | ConvertFrom-KeyValuePair } } } 'Gen1-SafeMembers' { #output $Output = $result.members | Select-Object UserName, Permissions } ( { $PSItem -match '^Gen1-' } ) { #Format and add SafeName to Gen 1 Output $Output = $Output | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe.Member -PropertyToAdd @{ 'SafeName' = $SafeName } break } ( { $PSItem -match '^Gen2' } ) { If ($null -ne $result) { switch ($PSCmdlet.ParameterSetName) { 'Gen2-MemberPermissions' { $Output = $result break } default { $Total = $result.Count If ($Total -gt 0) { #Set memberlist as output collection $Members = [Collections.Generic.List[Object]]::New(($result.value)) #Split Request URL into baseURI & any query string value $URLString = $URI.Split('?') $URI = $URLString[0] $queryString = $URLString[1] For ( $Offset = $Limit ; $Offset -lt $Total ; $Offset += $Limit ) { #While more members to return, create nextLink query value $nextLink = "limit=$Limit&OffSet=$Offset" if ($null -ne $queryString) { #If original request contained a queryString, concatenate with nextLink value. $nextLink = "$queryString&$nextLink" } #Request nextLink. Add memberlist to output collection. $Null = $Members.AddRange((Invoke-PASRestMethod -Uri "$URI`?$nextLink" -Method GET -TimeoutSec $TimeoutSec).value) } $Output = $Members } } } } $Output = $Output | Select-Object *, @{Name = 'UserName'; 'Expression' = { $PSItem.MemberName } } | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe.Member.Gen2 break } } $Output } }#process END { }#end } |