public/Remove-VPASApplicationAuthentication.ps1
|
<#
.Synopsis DELETE APPLICATION ID AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO DELETE AN EXISTING APPLICATION AUTHENTICATION METHOD .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER AppID Unique ApplicationID (or Application Name) that will be used by the credential provider(s) to retrieve credentials .PARAMETER AuthType Define the type of the target authentication Possible values: path, hash, osuser, machineaddress, certificateserialnumber .PARAMETER AuthValue Value to be removed from the target AppID .PARAMETER AuthID Unique ID that maps to the target application authentication Supply the AuthID to skip any querying for target application authentication .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .EXAMPLE $WhatIfSimulation = Remove-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType path -AuthValue {AUTHVALUE VALUE} -WhatIf .EXAMPLE $DeleteApplicationAuthenticationStatus = Remove-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType path -AuthValue {AUTHVALUE VALUE} .EXAMPLE $DeleteApplicationAuthenticationStatus = Remove-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType hash -AuthValue {AUTHVALUE VALUE} .EXAMPLE $DeleteApplicationAuthenticationStatus = Remove-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType osuser -AuthValue {AUTHVALUE VALUE} .EXAMPLE $DeleteApplicationAuthenticationStatus = Remove-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType machineaddress -AuthValue {AUTHVALUE VALUE} .EXAMPLE $DeleteApplicationAuthenticationStatus = Remove-VPASApplicationAuthentication -AppID {APPID VALUE} -AuthType certificateserialnumber -AuthValue {AUTHVALUE VALUE} .OUTPUTS $true if successful $false if failed #> function Remove-VPASApplicationAuthentication{ [OutputType([bool],'System.Object')] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target ApplicationID (for example: TestApplication1)",Position=0)] [String]$AppID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [ValidateSet('path','hash','osuser','machineaddress','certificateserialnumber')] [String]$AuthType, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [String]$AuthValue, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [String]$AuthID, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [hashtable]$token, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)] [Switch]$HideWhatIfOutput ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "PVWA VALUE SET" Write-Verbose "TOKEN VALUE SET" Write-Verbose "APPID VALUE SET: $AppID" if([String]::IsNullOrEmpty($AuthID)){ Write-Verbose "NO AUTH ID PROVIDED, INVOKING HELPER FUNCTION" if([String]::IsNullOrEmpty($AuthType)){ Write-VPASOutput -str "ENTER AuthType (path, hash, osuser, machineaddress, certificateserialnumber): " -type Y $AuthType = Read-Host if($AuthType -ne "path" -and $AuthType -ne "hash" -and $AuthType -ne "osuser" -and $AuthType -ne "machineaddress" -and $AuthType -ne "certificateserialnumber"){ $log = Write-VPASTextRecorder -inputval "INVALID AuthType" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "INVALID AuthType" -type E return $false } } if([String]::IsNullOrEmpty($AuthValue)){ Write-VPASOutput -str "ENTER AuthValue: " -type Y $AuthValue = Read-Host } $AuthID = Get-VPASApplicationAuthIDHelper -token $token -AppID $AppID -AuthType $AuthType -AuthValue $AuthValue Write-Verbose "HEPER FUNCTION RETURNED VALUE" if($AuthID -eq -1){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND TARGET AUTHENTICATION METHOD TO DELETE, CONFIRM $AppID, $AuthType, $AuthValue EXISTS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND TARGET AUTHENTICATION METHOD TO DELETE, CONFIRM $AppID, $AuthType, $AuthValue EXISTS" Write-VPASOutput -str "COULD NOT FIND TARGET AUTHENTICATION METHOD TO DELETE, CONFIRM $AppID, $AuthType, $AuthValue EXISTS" -type E return $false } else{ try{ write-verbose "FOUND UNIQUE AUTHID" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/$AuthID" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/$AuthID" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} $FoundWhatIf = $false Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASApplicationAuthentications -AppID $AppID -token $token foreach($WhatIfRec in $WhatIfInfo.authentication){ $WhatIfRecAllowInternalScripts = $WhatIfRec.AllowInternalScripts $WhatIfRecAppID = $WhatIfRec.AppID $WhatIfRecAuthType = $WhatIfRec.AuthType $WhatIfRecAuthValue = $WhatIfRec.AuthValue $WhatIfRecComment = $WhatIfRec.Comment $WhatIfRecIsFolder = $WhatIfRec.IsFolder $WhatIfRecIsauthID = $WhatIfRec.authID if($WhatIfRecIsauthID -eq $AuthID){ if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING APPLICATION AUTHENTICATION WOULD BE DELETED:" -type S Write-VPASOutput -str "AllowInternalScripts : $WhatIfRecAllowInternalScripts" -type S Write-VPASOutput -str "AppID : $WhatIfRecAppID" -type S Write-VPASOutput -str "AuthType : $WhatIfRecAuthType" -type S Write-VPASOutput -str "AuthValue : $WhatIfRecAuthValue" -type S Write-VPASOutput -str "Comment : $WhatIfRecComment" -type S Write-VPASOutput -str "IsFolder : $WhatIfRecIsFolder" -type S Write-VPASOutput -str "authID : $WhatIfRecIsauthID" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ AllowInternalScripts = $WhatIfRecAllowInternalScripts AppID = $WhatIfRecAppID AuthType = $WhatIfRecAuthType AuthValue = $WhatIfRecAuthValue Comment = $WhatIfRecComment IsFolder = $WhatIfRecIsFolder AuthID = $WhatIfRecIsauthID RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS APPLICATION AUTHENTICATION WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } } if(!$FoundWhatIf){ $log = Write-VPASTextRecorder -inputval "UNABLE TO FIND TARGET APPLICATION AUTHENTICATION" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 Write-VPASOutput -str "UNABLE TO FIND TARGET APPLICATION AUTHENTICATION" -type E return $false } } else{ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "AUTHID VALUE WAS DELETED SUCCESSFULLY" return $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str $_ -type E Write-Verbose "FAILED TO DELETE AUTHID VALUE" return $false } } } else{ Write-Verbose "AUTH ID PROVIDED, SKIPPING HELPER FUNCTION" try{ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/$AuthID" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/Authentications/$AuthID" } if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} $FoundWhatIf = $false Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASApplicationAuthentications -AppID $AppID -token $token foreach($WhatIfRec in $WhatIfInfo.authentication){ $WhatIfRecAllowInternalScripts = $WhatIfRec.AllowInternalScripts $WhatIfRecAppID = $WhatIfRec.AppID $WhatIfRecAuthType = $WhatIfRec.AuthType $WhatIfRecAuthValue = $WhatIfRec.AuthValue $WhatIfRecComment = $WhatIfRec.Comment $WhatIfRecIsFolder = $WhatIfRec.IsFolder $WhatIfRecIsauthID = $WhatIfRec.authID if($WhatIfRecIsauthID -eq $AuthID){ $FoundWhatIf = $true if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING APPLICATION AUTHENTICATION WOULD BE DELETED:" -type S Write-VPASOutput -str "AllowInternalScripts : $WhatIfRecAllowInternalScripts" -type S Write-VPASOutput -str "AppID : $WhatIfRecAppID" -type S Write-VPASOutput -str "AuthType : $WhatIfRecAuthType" -type S Write-VPASOutput -str "AuthValue : $WhatIfRecAuthValue" -type S Write-VPASOutput -str "Comment : $WhatIfRecComment" -type S Write-VPASOutput -str "IsFolder : $WhatIfRecIsFolder" -type S Write-VPASOutput -str "authID : $WhatIfRecIsauthID" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ AllowInternalScripts = $WhatIfRecAllowInternalScripts AppID = $WhatIfRecAppID AuthType = $WhatIfRecAuthType AuthValue = $WhatIfRecAuthValue Comment = $WhatIfRecComment IsFolder = $WhatIfRecIsFolder AuthID = $WhatIfRecIsauthID RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS APPLICATION AUTHENTICATION WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } } if(!$FoundWhatIf){ $log = Write-VPASTextRecorder -inputval "UNABLE TO FIND TARGET APPLICATION AUTHENTICATION" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 Write-VPASOutput -str "UNABLE TO FIND TARGET APPLICATION AUTHENTICATION" -type E return $false } } else{ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "AUTHID VALUE WAS DELETED SUCCESSFULLY" return $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str $_ -type E Write-Verbose "FAILED TO DELETE AUTHID VALUE" return $false } } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |