OktaPosh

0.2.6

public/AuthorizationPolicy.ps1

                                # https://developer.okta.com/docs/reference/api/policy/

Set-StrictMode -Version Latest

function Get-OktaPolicy

{

    [CmdletBinding()]

    param (

        [Parameter(Mandatory)]

        [string] $AuthorizationServerId,

        [Parameter(Mandatory,ParameterSetName="ById",ValueFromPipeline,ValueFromPipelineByPropertyName)]

        [Alias("Id")]

        [string] $PolicyId,

        [Parameter(ParameterSetName="Query")]

        [string] $Query,

        [switch] $Json

    )

    process {

        if ($PolicyId) {

            Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$PolicyId" -Method GET -Json:$Json

        } else {

            Find-InResult -Query $Query -Result (Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies" -Method GET -Json:$Json)

        }

    }

}

function New-OktaPolicy

{

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSShouldProcess", "")]

    [CmdletBinding(SupportsShouldProcess)]

    param (

        [Parameter(Mandatory)]

        [string] $AuthorizationServerId,

        [Parameter(Mandatory)]

        [string] $Name,

        [string] $Description,

        [switch] $Inactive,

        [uint32] $Priority = 1,

        [string[]] $ClientIds

    )

    $body = @{

        type        = "OAUTH_AUTHORIZATION_POLICY"

        status      = ternary $Inactive "INACTIVE" "ACTIVE"

        name        = $Name

        description = ternary $Description $Description "Added by OktaPosh"

        priority    = $Priority

        conditions  = @{

            clients = @{

                include = @()

            }

        }

    }

    if ($ClientIds)

    {

        $body.conditions.clients.include += $ClientIds

    }

    else

    {

        $body.conditions.clients.include += "ALL_CLIENTS"

    }

    Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies" -Method POST -Body $body

}

function Remove-OktaPolicy

{

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSShouldProcess", "")]

    [CmdletBinding(SupportsShouldProcess)]

    param (

        [Parameter(Mandatory)]

        [string] $AuthorizationServerId,

        [Parameter(Mandatory,ValueFromPipeline,ValueFromPipelineByPropertyName)]

        [Alias("Id")]

        [string] $PolicyId

    )

    process {

        Set-StrictMode -Version Latest

        $policy = Get-OktaPolicy -AuthorizationServerId $AuthorizationServerId -PolicyId $PolicyId

        if ($policy) {

            if ($PSCmdlet.ShouldProcess($policy.Name,"Remove Policy")) {

                Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$PolicyId" -Method DELETE

            }

        } else {

            Write-Warning "Policy with id '$PolicyId' not found"

        }

    }

}

function Set-OktaPolicy {

    [CmdletBinding(SupportsShouldProcess)]

    param (

        [Parameter(Mandatory)]

        [string] $AuthorizationServerId,

        [PSCustomObject] $Policy

    )

    if ($PSCmdlet.ShouldProcess("$($Policy.Name)","Update Policy")) {

        Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$($Policy.id)" -Body $Policy -Method PUT

    }

}