policies.psm1
|
# Helper function Resolve-SafeguardPolicyAssetId { Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true,Position=0)] [object]$Asset ) $ErrorActionPreference = "Stop" if (-not ($Asset -as [int])) { $local:Assets = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET PolicyAssets ` -Parameters @{ filter = "Name ieq '$Asset'" }) if (-not $local:Assets) { $local:Assets = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET PolicyAssets ` -Parameters @{ filter = "NetworkAddress ieq '$Asset'" }) } if (-not $local:Assets) { throw "Unable to find policy asset matching '$Asset'" } if ($local:Assets.Count -ne 1) { throw "Found $($local:Assets.Count) policy assets matching '$Asset'" } $local:Assets[0].Id } else { $Asset } } function Resolve-SafeguardPolicyAccountId { Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$false)] [int]$AssetId, [Parameter(Mandatory=$true,Position=0)] [object]$Account ) $ErrorActionPreference = "Stop" if (-not ($Account -as [int])) { if ($PSBoundParameters.ContainsKey("AssetId")) { $local:RelativeUrl = "PolicyAssets/$AssetId/Accounts" } else { $local:RelativeUrl = "PolicyAccounts" } $local:Accounts = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET $local:RelativeUrl ` -Parameters @{ filter = "Name ieq '$Account'" }) if (-not $local:Accounts) { throw "Unable to find policy account matching '$Account'" } if ($local:Accounts.Count -ne 1) { throw "Found $($local:Accounts.Count) policy accounts matching '$Account'" } $local:Accounts[0].Id } else { $Account } } <# .SYNOPSIS Get assets and directories managed by Safeguard for which policy can be created via the Web API. .DESCRIPTION Policy assets are those that may be used by policy administrators to create entitlements and access policies to grant privileged access to Safeguard users. Policy assets include both assets and directories. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER AssetToGet An integer containing the ID of the asset or directory to get or a string containing the name. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardPolicyAsset -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Get-SafeguardPolicyAsset "example.domain" #> function Get-SafeguardPolicyAsset { Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$false,Position=0)] [object]$AssetToGet ) $ErrorActionPreference = "Stop" if ($PSBoundParameters.ContainsKey("AssetToGet")) { $local:AssetId = Resolve-SafeguardPolicyAssetId -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $AssetToGet Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "PolicyAssets/$($local:AssetId)" } else { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET PolicyAssets } } <# .SYNOPSIS Search for a policy asset in Safeguard via the Web API. .DESCRIPTION Search for a policy asset in Safeguard for any string fields containing the SearchString. Policy assets are those that may be used by policy administrators to create entitlements and access policies to grant privileged access to Safeguard users. Policy assets include both assets and directories. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER SearchString A string to search for in the policy asset. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Find-SafeguardPolicyAsset -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Find-SafeguardPolicyAsset "HP-UX" #> function Find-SafeguardPolicyAsset { Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true,Position=0)] [string]$SearchString ) $ErrorActionPreference = "Stop" Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET PolicyAssets ` -Parameters @{ q = $SearchString } } <# .SYNOPSIS Get accounts from assets and directories managed by Safeguard for which policy can be created via the Web API. .DESCRIPTION Policy accounts are those that may be used by policy administrators to create entitlements and access policies to grant privileged access to Safeguard users. Policy assets include both assets and directories. Policy accounts contain both asset accounts and directory accounts. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER AssetToGet An integer containing the ID of the asset or directory to get or a string containing the name. .PARAMETER AccountToGet An integer containing the ID of the account to get or a string containing the name. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardPolicyAccount -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Get-SafeguardPolicyAccount "example.domain" "Administrator" .EXAMPLE Get-SafeguardPolicyAccount "aix232lc.my.domain" "dbadmin" #> function Get-SafeguardPolicyAccount { Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$false,Position=0)] [object]$AssetToGet, [Parameter(Mandatory=$false,Position=1)] [object]$AccountToGet ) $ErrorActionPreference = "Stop" if ($PSBoundParameters.ContainsKey("AssetToGet")) { $local:AssetId = (Resolve-SafeguardPolicyAssetId -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $AssetToGet) if ($PSBoundParameters.ContainsKey("AccountToGet")) { $local:AccountId = (Resolve-SafeguardPolicyAccountId -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure -AssetId $local:AssetId $AccountToGet) Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "PolicyAccounts/$($local:AccountId)" } else { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "PolicyAssets/$($local:AssetId)/Accounts" } } else { if ($PSBoundParameters.ContainsKey("AccountToGet")) { $local:AccountId = (Resolve-SafeguardPolicyAccountId -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $AccountToGet) Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "PolicyAccounts/$($local:AccountId)" } else { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET PolicyAccounts } } } <# .SYNOPSIS Search for a policy account in Safeguard via the Web API. .DESCRIPTION Search for a policy account in Safeguard for any string fields containing the SearchString. Policy accounts are those that may be used by policy administrators to create entitlements and access policies to grant privileged access to Safeguard users. Policy assets include both assets and directories. Policy accounts contain both asset accounts and directory accounts. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER SearchString A string to search for in the policy account. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Find-SafeguardPolicyAccount -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Find-SafeguardPolicyAccount "root" #> function Find-SafeguardPolicyAccount { Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true,Position=0)] [string]$SearchString ) $ErrorActionPreference = "Stop" Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET PolicyAccounts ` -Parameters @{ q = $SearchString } } |