public/Update-VPASAccountFields.ps1
|
<#
.Synopsis UPDATE ACCOUNT FIELDS CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO UPDATE AN ACCOUNT FIELD FOR AN ACCOUNT IN CYBERARK .EXAMPLE $UpdateAccountFieldsJSON = Update-VPASAccountFields -safe {SAFE VALUE} -username {USERNAME VALUE} -action {ACTION VALUE} -field {FIELD VALUE} -fieldval {FIELDVAL VALUE} .OUTPUTS JSON Object (AccountDetails) if successful $false if failed #> function Update-VPASAccountFields{ [OutputType('System.Object',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [String]$safe, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [String]$platform, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [String]$username, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [String]$address, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=4)] [ValidateSet('Add','Remove','Replace')] [String]$action, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=5)] [ValidateSet('Name','Address','PlatformID','Username','Status','StatusReason','RemoteMachines','AccessRestrictedToRemoteMachines')] [String]$field, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=6)] [String]$fieldval, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)] [String]$AcctID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)] [hashtable]$token, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)] [Switch]$NoSSL ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL = Get-VPASSession -token $token } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED ACTION VALUE" Write-Verbose "SUCCESSFULLY PARSED FIELD VALUE" Write-Verbose "SUCCESSFULLY PARSED FIELDVAL VALUE" Write-Verbose "PARSING TARGET FIELD" $fieldlower = $field.ToLower() if($fieldlower -eq "name"){ $triggeractionfield = 1 Write-Verbose "NAME FIELD SELECTED" } elseif($fieldlower -eq "address"){ $triggeractionfield = 2 Write-Verbose "ADDRESS FIELD SELECTED" } elseif($fieldlower -eq "platformid"){ $triggeractionfield = 3 Write-Verbose "PLATFORMID FIELD SELECTED" } elseif($fieldlower -eq "username"){ $triggeractionfield = 4 Write-Verbose "USERNAME FIELD SELECTED" } elseif($fieldlower -eq "status"){ Write-Verbose "STATUS FIELD SELECTED" $triggeractionfield = 5 $fieldvaltemp = $fieldval.ToLower() if($fieldvaltemp -eq "true" -or $fieldvaltemp -eq "false"){ Write-Verbose "ACCEPTABLE VALUE FOR STATUS FIELD" } else{ Write-Verbose "FIELDVAL CAN ONLY BE true OR false FOR EDITING status FIELD" Write-VPASOutput -str "FIELDVAL CAN ONLY BE true OR false FOR EDITING status FIELD" -type E return $false } } elseif($fieldlower -eq "statusreason"){ $triggeractionfield = 6 Write-Verbose "STATUS REASON FIELD SELECTED" } elseif($fieldlower -eq "remotemachines"){ $triggeractionfield = 7 Write-Verbose "REMOTE MACHINES FIELD SELECTED" } elseif($fieldlower -eq "accessrestrictedtoremotemachines"){ Write-Verbose "ACCESS RESTRICTED TO REMOTE MACHINES FIELD SELECTED" $triggeractionfield = 8 $fieldvaltemp = $fieldval.ToLower() if($fieldvaltemp -eq "true" -or $fieldvaltemp -eq "false"){ Write-Verbose "ACCEPTABLE FIELDVAL VALUE FOR EDITING ACCESS RESTRICTED TO REMOTE MACHINES FIELD" } else{ Write-Verbose "FIELDVAL CAN ONLY BE true OR false FOR EDITING AccessRestrictedToRemoteMachines FIELD" Write-VPASOutput -str "FIELDVAL CAN ONLY BE true OR false FOR EDITING AccessRestrictedToRemoteMachines FIELD" -type E return $false } } Write-Verbose "PARSING ACTION VALUE" $fieldvalflag = 0 $actionlower = $action.ToLower() if($actionlower -eq "add"){ Write-Verbose "ADD ACTION SELECTED" $triggeraction = 1 $fieldvalflag = 1 } elseif($actionlower -eq "replace"){ Write-Verbose "REPLACE ACTION SELECTED" $triggeraction = 2 $fieldvalflag = 1 } elseif($actionlower -eq "remove"){ Write-Verbose "REMOVE ACTION SELECTED" $triggeraction = 3 } if([String]::IsNullOrEmpty($AcctID)){ Write-Verbose "NO ACCTID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE ACCOUNT ID BASED ON SPECIFIED PARAMETERS" if($NoSSL){ $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address -NoSSL } else{ $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address } Write-Verbose "RETURNING ACCOUNT ID" } else{ Write-Verbose "ACCTID SUPPLIED, SKIPPING HELPER FUNCTION" } if($AcctID -eq -1){ Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E return $false } elseif($AcctID -eq -2){ Write-Verbose "NO ACCOUNT FOUND" Write-VPASOutput -str "NO ACCOUNTS FOUND" -type E return $false } else{ #PATH Write-Verbose "PARSING PATH VALUE FOR API CALL" if($triggeractionfield -eq 1){ $path = "/name" } elseif($triggeractionfield -eq 2){ $path = "/address" } elseif($triggeractionfield -eq 3){ $path = "/platformid" } elseif($triggeractionfield -eq 4){ $path = "/username" } elseif($triggeractionfield -eq 5){ $path = "/secretmanagement/automaticmanagementenabled" } elseif($triggeractionfield -eq 6){ $path = "/secretmanagement/manualmanagementreason" } elseif($triggeractionfield -eq 7){ $path = "/remotemachinesaccess/remotemachines" } elseif($triggeractionfield -eq 8){ $path = "/remotemachinesaccess/accessrestrictedtoremotemachines" } Write-Verbose "PATH VALUE SET FOR API CALL" if($fieldvalflag -eq 1){$value = $fieldval} #OP try{ Write-Verbose "MAKING API CALL TO CYBERARK" if($triggeraction -eq 1){ $op = "add" $params = '[{ "op": "'+$op+'","path": "'+$path+'","value": "'+$value+'"}]' if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID" } if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PATCH -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PATCH -Body $params -ContentType "application/json" } Write-Verbose "RETURNING JSON OBJECT" return $response } elseif($triggeraction -eq 2){ $op = "replace" $params = '[{ "op": "'+$op+'","path": "'+$path+'","value": "'+$value+'"}]' if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID" } if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PATCH -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PATCH -Body $params -ContentType "application/json" } Write-Verbose "RETURNING JSON OBJECT" return $response } elseif($triggeraction -eq 3){ $op = "remove" $params = '[{ "op": "'+$op+'","path": "'+$path+'"}]' if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID" } if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PATCH -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PATCH -Body $params -ContentType "application/json" } Write-Verbose "RETURNING JSON OBJECT" return $response } }catch{ Write-Verbose "UNABLE TO UPDATE ACCOUNT FIELD" Write-VPASOutput -str $_ -type E return $false } } } End{ } } |