public/Remove-VPASIdentityAdminSecurityQuestion.ps1
|
<#
.Synopsis DELETE SPECIFIC ADMIN SECURITY QUESTION IN IDENTITY CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO DELETE A SPECIFIC ADMIN SECURITY QUESTION IN IDENTITY .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER QuestionSearchQuery Search query to locate the target admin security question .PARAMETER QuestionID Unique target QuestionID mapping to the target admin security question Supply the QuestionID to skip any querying for target admin security question .PARAMETER Confirm Skip the confirmation prompt confirming the removal of the admin security question .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .EXAMPLE $WhatIfSimulation = Remove-VPASIdentityAdminSecurityQuestion -QuestionSearchQuery {QUESTIONSEARCHQUERY VALUE} -WhatIf .EXAMPLE $DeleteSecurityQuestion = Remove-VPASIdentityAdminSecurityQuestion -QuestionSearchQuery {QUESTIONSEARCHQUERY VALUE} .EXAMPLE $DeleteSecurityQuestion = Remove-VPASIdentityAdminSecurityQuestion -QuestionID {QUESTIONID VALUE} .OUTPUTS $true if successful $false if failed #> function Remove-VPASIdentityAdminSecurityQuestion{ [OutputType([bool],'System.Object')] [CmdletBinding()] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)] [String]$QuestionSearchQuery, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [String]$QuestionID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [Switch]$Confirm, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [hashtable]$token, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [Switch]$HideWhatIfOutput ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" try{ if($WhatIf){ $Confirm = $true } if(!$IdentityURL){ $log = Write-VPASTextRecorder -inputval "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY, TERMINATING API CALL" -type E return $false } if([String]::IsNullOrEmpty($QuestionID)){ Write-Verbose "NO QUESTION ID PASSED" Write-Verbose "INVOKING HELPER FUNCTION TO RETRIEVE QUESTION ID" $QuestionID = Get-VPASSecurityQuestionIDIdentityHelper -token $token -SecurityQuestion $QuestionSearchQuery if($QuestionID -eq -1){ $log = Write-VPASTextRecorder -inputval "MULTIPLE QUESTION ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "MULTIPLE QUESTION ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } elseif($QuestionID -eq -2){ $log = Write-VPASTextRecorder -inputval "NO QUESTION ENTRIES WERE RETURNED" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "NO QUESTION ENTRIES WERE RETURNED" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } else{ Write-Verbose "FOUND UNIQUE QUESTION ID" } } else{ Write-Verbose "QUESTION ID PASSED, SKIPPING HELPER FUNCTION" } $params = @{ Id = $QuestionID } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$IdentityURL/TenantConfig/DeleteAdminSecurityQuestion" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$IdentityURL/TenantConfig/DeleteAdminSecurityQuestion" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if(!$Confirm){ Write-VPASOutput -str "ARE YOU SURE YOU WANT TO DELETE THIS SECURITY QUESTION:" -type C $QuestionContext = Get-VPASIdentityAdminSecurityQuestion -token $token -QuestionID $QuestionID $outputQuestion = $QuestionContext.Question Write-VPASOutput -str "$outputQuestion [Y/N]: " -type Y $choice = Read-Host if($choice -eq 'y' -or $choice -eq 'Y'){ #DO NOTHING } else{ $log = Write-VPASTextRecorder -inputval "CANCELING OPERATION" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC return $false } } if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASIdentityAdminSecurityQuestion -QuestionID $QuestionID -token $token if(!$WhatIfInfo){ $log = Write-VPASTextRecorder -inputval "UNABLE TO FIND TARGET ADMIN SECURITY QUESTION IN IDENTITY" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 Write-VPASOutput "UNABLE TO FIND TARGET ADMIN SECURITY QUESTION IN IDENTITY...RETURNING FALSE" -type E Write-Verbose "UNABLE TO FIND TARGET ADMIN SECURITY QUESTION IN IDENTITY...RETURNING FALSE" return $false } $WhatIfUUID = $WhatIfInfo.Uuid $WhatIfCulture = $WhatIfInfo.Culture $WhatIfQuestion = $WhatIfInfo.Question if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING ADMIN SECURITY QUESTION WOULD BE DELETED:" -type S Write-VPASOutput -str "UUID : $WhatIfUUID" -type S Write-VPASOutput -str "Culture : $WhatIfCulture" -type S Write-VPASOutput -str "Question : $WhatIfQuestion" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ UUID = $WhatIfUUID Culture = $WhatIfCulture Question = $WhatIfQuestion RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS ADMIN SECURITY QUESTION WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } else{ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "PARSING DATA FROM CYBERARK" return $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO QUERY ADMIN SECURITY QUESTIONS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |