Functions/Applications/Add-PASApplicationAuthenticationMethod.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
function Add-PASApplicationAuthenticationMethod {
    <#
.SYNOPSIS
Adds an authentication method to an application.
 
.DESCRIPTION
Adds a new authentication method to a specific application iin the vault.
The "Manage Users" permission is required to be held by the user running the function.
 
.PARAMETER AppID
The name of the application for which a new authentication method is being added.
 
.PARAMETER AuthType
The tye of authentication.
Valid Values are machineAddress, osUser, path, hashValue
 
.PARAMETER AuthValue
The content of the authentication.
 
.PARAMETER IsFolder
Boolean value denoting if path is a folder.
Only relevant for "Path Authentication".
 
.PARAMETER AllowInternalScripts
Boolean value denoting if internal scripts are allowed.
Only relevant for "Path Authentication".
 
.PARAMETER Comment
Note Property
only relevant for hash authentication.
 
.EXAMPLE
Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType machineAddress -AuthValue AppServer1.domain.com
 
Adds a Machine Address application authentication mechanism to NewApp
 
.EXAMPLE
Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType osUser -AuthValue Domain\SomeUser
 
Adds an osUSer application authentication mechanism to NewApp
 
.EXAMPLE
Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType path -AuthValue SomePath
 
Adds path application authentication mechanism to NewApp
 
.EXAMPLE
Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType certificateserialnumber -AuthValue 040000000000FA3DEFE9A9 -Comment "DEV Cert"
 
Adds certificateserialnumber application authentication mechanism to NewApp
 
.INPUTS
All parameters can be piped by property name
 
.OUTPUTS
None
 
.NOTES
Function uses dynamicparameters.
Dynamic Parameters IsFolder, AllowInternalScripts & Comment do
not accept input from the pipeline.
 
.LINK
https://pspas.pspete.dev/commands/Add-PASApplicationAuthenticationMethod
#>

    [CmdletBinding()]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$AppID,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateSet("path", "hash", "osUser", "machineAddress", "certificateserialnumber")]
        [string]$AuthType,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        #[ValidateScript({<#[0-9a-fA-F]+CertSerialnumberValidation#>})]
        [string]$AuthValue
    )

    DynamicParam {

        #Create a RuntimeDefinedParameterDictionary
        $Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary

        #Add dynamic parameters to $dictionary
        if ($AuthType -eq "path") {

            #parameters only relevant to path authentication
            New-DynamicParam -Name IsFolder -DPDictionary $Dictionary -Type boolean
            New-DynamicParam -Name AllowInternalScripts -DPDictionary $Dictionary -Type boolean

        }

        if (($AuthType -eq "hash") -or ($AuthType -eq "certificateserialnumber")) {

            #add comment parmater
            New-DynamicParam -Name Comment -DPDictionary $Dictionary

        }

        #return RuntimeDefinedParameterDictionary
        $Dictionary

    }

    BEGIN { }#begin

    PROCESS {

        $URI = "$Script:BaseURI/WebServices/PIMServices.svc/Applications/$($AppID |
 
            Get-EscapedString)/Authentications"


        $Body = @{

            "authentication" = $PSBoundParameters | Get-PASParameter

        } | ConvertTo-Json

        Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -WebSession $Script:WebSession

    }#process

    END { }#end

}