settings.psm1
|
<# Copyright (c) 2026 One Identity LLC. All rights reserved. #> <# .SYNOPSIS Get Safeguard appliance settings via the Web API. .DESCRIPTION Get the settings managed by the appliance service of a Safeguard appliance. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER SettingName A string containing the name of the appliance setting. .PARAMETER Fields An array of the setting property names to return. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardApplianceSetting -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Get-SafeguardApplianceSetting -SettingName "Backup Retention Number" -Fields Name,Category,DefaultValue #> function Get-SafeguardApplianceSetting { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$false, Position=0)] [string]$SettingName, [Parameter(Mandatory=$false)] [string[]]$Fields ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } $local:Parameters = $null if ($Fields) { $local:Parameters = @{ fields = ($Fields -join ",")} } if ($PSBoundParameters.ContainsKey("SettingName")) { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Appliance GET "Settings/$SettingName" -Parameters $local:Parameters } else { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Appliance GET "Settings" -Parameters $local:Parameters } } <# .SYNOPSIS Set a Safeguard appliance setting via the Web API. .DESCRIPTION Set the value of a setting managed by the appliance service of a Safeguard appliance. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER SettingName A string containing the name of the appliance setting. .PARAMETER Value A string containing the new value for the setting. .PARAMETER SettingObject An object containing an existing appliance setting object with the new value set. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Set-SafeguardApplianceSetting -AccessToken $token -Appliance 10.5.32.54 -SettingObject $obj -Insecure .EXAMPLE Set-SafeguardApplianceSetting -SettingName "Minimum Process Log Level" -Value "Debug" #> function Set-SafeguardApplianceSetting { [CmdletBinding(DefaultParameterSetName="Attributes")] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(ParameterSetName="Attributes", Mandatory=$true, Position=0)] [string]$SettingName, [Parameter(ParameterSetName="Attributes", Mandatory=$true, Position=1)] [AllowEmptyString()] [string]$Value, [Parameter(ParameterSetName="Object",Mandatory=$true, Position=0)] [object]$SettingObject ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if (-not ($PsCmdlet.ParameterSetName -eq "Object")) { $SettingObject = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Appliance GET "Settings/$SettingName") if ($PSBoundParameters.ContainsKey("Value")) { $SettingObject.Value = $Value } } $SettingName = $SettingObject.Name Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Appliance PUT "Settings/$SettingName" -Body $SettingObject } <# .SYNOPSIS Get the Safeguard core settings via the Web API. .DESCRIPTION Get the settings managed by the core service of a Safeguard appliance. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER SettingName A string containing the name of the core setting. .PARAMETER Fields An array of the setting property names to return. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardCoreSetting -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Get-SafeguardCoreSetting -SettingName "Inform User of Bad Password" -Fields Name,Category,DefaultValue #> function Get-SafeguardCoreSetting { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$false, Position=0)] [string]$SettingName, [Parameter(Mandatory=$false)] [string[]]$Fields ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } $local:Parameters = $null if ($Fields) { $local:Parameters = @{ fields = ($Fields -join ",")} } if ($PSBoundParameters.ContainsKey("SettingName")) { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "Settings/$SettingName" -Parameters $local:Parameters } else { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "Settings" -Parameters $local:Parameters } } <# .SYNOPSIS Set a Safeguard core setting via the Web API. .DESCRIPTION Set the value of a setting managed by the core service of a Safeguard appliance. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER SettingName A string containing the name of the core setting. .PARAMETER Value A string containing the new value for the setting. .PARAMETER SettingObject An object containing an existing core setting object with the new value set. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Set-SafeguardCoreSetting -AccessToken $token -Appliance 10.5.32.54 -SettingObject $obj -Insecure .EXAMPLE Set-SafeguardCoreSetting -SettingName "Trusted Servers" -Value "10.5.32.55,test.server" #> function Set-SafeguardCoreSetting { [CmdletBinding(DefaultParameterSetName="Attributes")] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(ParameterSetName="Attributes", Mandatory=$true, Position=0)] [string]$SettingName, [Parameter(ParameterSetName="Attributes", Mandatory=$true, Position=1)] [AllowEmptyString()] [string]$Value, [Parameter(ParameterSetName="Object",Mandatory=$true, Position=0)] [object]$SettingObject ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if (-not ($PsCmdlet.ParameterSetName -eq "Object")) { $SettingObject = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "Settings/$SettingName") if ($PSBoundParameters.ContainsKey("Value")) { $SettingObject.Value = $Value } } $SettingName = $SettingObject.Name Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "Settings/$SettingName" -Body $SettingObject } <# .SYNOPSIS Get the Message of the Day from Safeguard via the Web API. .DESCRIPTION Get the daily message (Message of the Day) configured on the Safeguard appliance. This message is displayed to users after login. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardDailyMessage -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Get-SafeguardDailyMessage #> function Get-SafeguardDailyMessage { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "DailyMessage" } <# .SYNOPSIS Set the Message of the Day in Safeguard via the Web API. .DESCRIPTION Update the daily message (Message of the Day) on the Safeguard appliance. You can pass individual attributes or a full message object retrieved from Get-SafeguardDailyMessage. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER Message A string containing the message text. .PARAMETER Subject A string containing the message subject line. .PARAMETER UseRss Whether to use an RSS feed for the daily message. .PARAMETER Address The RSS feed URL when UseRss is enabled. .PARAMETER MessageObject An object containing the full daily message configuration. Use Get-SafeguardDailyMessage to retrieve the current object, modify it, and pass it to this parameter. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Set-SafeguardDailyMessage -Message "System maintenance tonight at 10 PM" .EXAMPLE Set-SafeguardDailyMessage -Message "Check the feed" -UseRss $true -Address "https://rss.example.com/feed" .EXAMPLE $msg = Get-SafeguardDailyMessage $msg.Message = "Updated message" Set-SafeguardDailyMessage -MessageObject $msg #> function Set-SafeguardDailyMessage { [CmdletBinding(DefaultParameterSetName="Attributes")] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(ParameterSetName="Attributes",Mandatory=$false,Position=0)] [string]$Message, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$Subject, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [bool]$UseRss, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$Address, [Parameter(ParameterSetName="Object",Mandatory=$true,Position=0)] [object]$MessageObject ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if ($PsCmdlet.ParameterSetName -eq "Object") { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "DailyMessage" -Body $MessageObject } else { $local:Body = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "DailyMessage") if ($PSBoundParameters.ContainsKey("Message")) { $local:Body.Message = $Message } if ($PSBoundParameters.ContainsKey("Subject")) { $local:Body.Subject = $Subject } if ($PSBoundParameters.ContainsKey("UseRss")) { $local:Body.UseRss = $UseRss } if ($PSBoundParameters.ContainsKey("Address")) { $local:Body.Address = $Address } Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "DailyMessage" -Body $local:Body } } <# .SYNOPSIS Get the login message from Safeguard via the Web API. .DESCRIPTION Get the login message (login banner) configured on the Safeguard appliance. This message is displayed on the login page before authentication. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardLoginMessage -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Get-SafeguardLoginMessage #> function Get-SafeguardLoginMessage { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "LoginMessage" } <# .SYNOPSIS Set the login message in Safeguard via the Web API. .DESCRIPTION Update the login message (login banner) on the Safeguard appliance. You can pass a simple message string or a full message object retrieved from Get-SafeguardLoginMessage. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER Message A string containing the login message text. .PARAMETER MessageObject An object containing the full login message configuration. Use Get-SafeguardLoginMessage to retrieve the current object, modify it, and pass it to this parameter. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Set-SafeguardLoginMessage -Message "Authorized users only. All access is monitored." .EXAMPLE $msg = Get-SafeguardLoginMessage $msg.Message = "Updated banner" Set-SafeguardLoginMessage -MessageObject $msg #> function Set-SafeguardLoginMessage { [CmdletBinding(DefaultParameterSetName="Attributes")] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(ParameterSetName="Attributes",Mandatory=$true,Position=0)] [string]$Message, [Parameter(ParameterSetName="Object",Mandatory=$true,Position=0)] [object]$MessageObject ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if ($PsCmdlet.ParameterSetName -eq "Object") { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "LoginMessage" -Body $MessageObject } else { $local:Body = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "LoginMessage") $local:Body.Message = $Message Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "LoginMessage" -Body $local:Body } } <# .SYNOPSIS Get the user password rule from Safeguard via the Web API. .DESCRIPTION Get the password rule that governs Safeguard user passwords. This is the appliance-wide password policy for local Safeguard user accounts (not managed asset account passwords, which are controlled by account password rules under asset partitions). .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardUserPasswordRule .EXAMPLE Get-SafeguardUserPasswordRule -Appliance 10.5.32.54 -Insecure #> function Get-SafeguardUserPasswordRule { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "UserPasswordRule" } <# .SYNOPSIS Set the user password rule in Safeguard via the Web API. .DESCRIPTION Update the password rule that governs Safeguard user passwords. You can pass individual attributes to modify specific settings, or pass a full rule object retrieved from Get-SafeguardUserPasswordRule. When using individual attributes, the current rule is fetched, your changes are merged, and the result is saved. To clear nullable properties (such as MaxConsecutive* fields), use the -RuleObject parameter with the desired values set to null. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER Name A string containing the name of the password rule (max 255 characters). .PARAMETER Description A string containing the description of the password rule. .PARAMETER MinCharacters An integer for the minimum password length (min 3, max 255). .PARAMETER MaxCharacters An integer for the maximum password length (min 3, max 255). .PARAMETER AllowUppercase A boolean for whether to allow uppercase characters. .PARAMETER MinUppercase An integer for the minimum number of uppercase characters. .PARAMETER MaxConsecutiveUppercase An integer for the maximum number of consecutive uppercase characters. .PARAMETER InvalidUppercaseChars A string array of uppercase characters that may not be used. .PARAMETER AllowLowercase A boolean for whether to allow lowercase characters. .PARAMETER MinLowercase An integer for the minimum number of lowercase characters. .PARAMETER MaxConsecutiveLowercase An integer for the maximum number of consecutive lowercase characters. .PARAMETER InvalidLowercaseChars A string containing invalid lowercase characters. Each character is split into individual array elements. .PARAMETER AllowNumeric A boolean for whether to allow numeric characters. .PARAMETER MinNumeric An integer for the minimum number of numeric characters. .PARAMETER MaxConsecutiveNumeric An integer for the maximum number of consecutive numeric characters. .PARAMETER InvalidNumericChars A string containing invalid numeric characters. Each character is split into individual array elements. .PARAMETER AllowSymbols A boolean for whether to allow non-alphanumeric (symbol) characters. .PARAMETER MinSymbols An integer for the minimum number of symbol characters. .PARAMETER MaxConsecutiveSymbols An integer for the maximum number of consecutive symbol characters. .PARAMETER InvalidSymbolChars A string containing symbol characters to exclude. Mutually exclusive with AllowedSymbolChars. .PARAMETER AllowedSymbolChars A string containing the only symbol characters to allow. Mutually exclusive with InvalidSymbolChars. .PARAMETER AllowedFirstCharType The type of character allowed as the first character (All, AlphaNumeric, or Alphabetic). .PARAMETER AllowedLastCharType The type of character allowed as the last character (All, AlphaNumeric, or Alphabetic). .PARAMETER MaxConsecutiveAlpha An integer for the maximum number of consecutive alphabetic characters. .PARAMETER MaxConsecutiveAlphanumeric An integer for the maximum number of consecutive alphanumeric characters. .PARAMETER RepeatedCharRestriction The repeated character restriction (NotSpecified, NoConsecutiveRepeatedCharacters, NoRepeatedCharacters, AllowRepeatedCharacters). .PARAMETER RuleObject An object containing the full user password rule. Use Get-SafeguardUserPasswordRule to retrieve the current object, modify it, and pass it to this parameter. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Set-SafeguardUserPasswordRule -MinCharacters 14 -MaxCharacters 64 .EXAMPLE $rule = Get-SafeguardUserPasswordRule $rule.MinCharacters = 16 Set-SafeguardUserPasswordRule -RuleObject $rule #> function Set-SafeguardUserPasswordRule { [CmdletBinding(DefaultParameterSetName="Attributes")] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$Name, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$Description, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MinCharacters, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MaxCharacters, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [bool]$AllowUppercase, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MinUppercase, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MaxConsecutiveUppercase, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string[]]$InvalidUppercaseChars, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [bool]$AllowLowercase, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MinLowercase, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MaxConsecutiveLowercase, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$InvalidLowercaseChars, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [bool]$AllowNumeric, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MinNumeric, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MaxConsecutiveNumeric, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$InvalidNumericChars, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [bool]$AllowSymbols, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MinSymbols, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MaxConsecutiveSymbols, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$InvalidSymbolChars, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [string]$AllowedSymbolChars, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [ValidateSet("All", "AlphaNumeric", "Alphabetic", IgnoreCase=$true)] [string]$AllowedFirstCharType, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [ValidateSet("All", "AlphaNumeric", "Alphabetic", IgnoreCase=$true)] [string]$AllowedLastCharType, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MaxConsecutiveAlpha, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [int]$MaxConsecutiveAlphanumeric, [Parameter(ParameterSetName="Attributes",Mandatory=$false)] [ValidateSet("NotSpecified", "NoConsecutiveRepeatedCharacters", "NoRepeatedCharacters", "AllowRepeatedCharacters", IgnoreCase=$true)] [string]$RepeatedCharRestriction, [Parameter(ParameterSetName="Object",Mandatory=$true,Position=0)] [object]$RuleObject ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if ($PsCmdlet.ParameterSetName -eq "Object") { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "UserPasswordRule" -Body $RuleObject } else { if ($PSBoundParameters.ContainsKey("InvalidSymbolChars") -and $PSBoundParameters.ContainsKey("AllowedSymbolChars")) { throw "InvalidSymbolChars and AllowedSymbolChars are mutually exclusive." } $local:RuleObj = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "UserPasswordRule") if ($PSBoundParameters.ContainsKey("Name")) { $local:RuleObj.Name = $Name } if ($PSBoundParameters.ContainsKey("Description")) { $local:RuleObj.Description = $Description } if ($PSBoundParameters.ContainsKey("MinCharacters")) { $local:RuleObj.MinCharacters = $MinCharacters } if ($PSBoundParameters.ContainsKey("MaxCharacters")) { $local:RuleObj.MaxCharacters = $MaxCharacters } if ($PSBoundParameters.ContainsKey("AllowUppercase")) { $local:RuleObj.AllowUppercaseCharacters = $AllowUppercase } if ($PSBoundParameters.ContainsKey("MinUppercase")) { $local:RuleObj.MinUppercaseCharacters = $MinUppercase } if ($PSBoundParameters.ContainsKey("MaxConsecutiveUppercase")) { $local:RuleObj.MaxConsecutiveUppercaseCharacters = $MaxConsecutiveUppercase } if ($PSBoundParameters.ContainsKey("InvalidUppercaseChars")) { $local:RuleObj.InvalidUppercaseCharacters = $InvalidUppercaseChars } if ($PSBoundParameters.ContainsKey("AllowLowercase")) { $local:RuleObj.AllowLowercaseCharacters = $AllowLowercase } if ($PSBoundParameters.ContainsKey("MinLowercase")) { $local:RuleObj.MinLowercaseCharacters = $MinLowercase } if ($PSBoundParameters.ContainsKey("MaxConsecutiveLowercase")) { $local:RuleObj.MaxConsecutiveLowercaseCharacters = $MaxConsecutiveLowercase } if ($PSBoundParameters.ContainsKey("InvalidLowercaseChars")) { $local:RuleObj.InvalidLowercaseCharacters = [string[]]($InvalidLowercaseChars -split "(?<=.)(?=.)") } if ($PSBoundParameters.ContainsKey("AllowNumeric")) { $local:RuleObj.AllowNumericCharacters = $AllowNumeric } if ($PSBoundParameters.ContainsKey("MinNumeric")) { $local:RuleObj.MinNumericCharacters = $MinNumeric } if ($PSBoundParameters.ContainsKey("MaxConsecutiveNumeric")) { $local:RuleObj.MaxConsecutiveNumericCharacters = $MaxConsecutiveNumeric } if ($PSBoundParameters.ContainsKey("InvalidNumericChars")) { $local:RuleObj.InvalidNumericCharacters = [string[]]($InvalidNumericChars -split "(?<=.)(?=.)") } if ($PSBoundParameters.ContainsKey("AllowSymbols")) { $local:RuleObj.AllowNonAlphaNumericCharacters = $AllowSymbols } if ($PSBoundParameters.ContainsKey("MinSymbols")) { $local:RuleObj.MinNonAlphaNumericCharacters = $MinSymbols } if ($PSBoundParameters.ContainsKey("MaxConsecutiveSymbols")) { $local:RuleObj.MaxConsecutiveNonAlphaNumericCharacters = $MaxConsecutiveSymbols } if ($PSBoundParameters.ContainsKey("InvalidSymbolChars")) { $local:RuleObj.InvalidNonAlphaNumericCharacters = [string[]]($InvalidSymbolChars -split "(?<=.)(?=.)") $local:RuleObj.NonAlphaNumericRestrictionType = "Exclude" } if ($PSBoundParameters.ContainsKey("AllowedSymbolChars")) { $local:RuleObj.AllowedNonAlphaNumericCharacters = [string[]]($AllowedSymbolChars -split "(?<=.)(?=.)") $local:RuleObj.NonAlphaNumericRestrictionType = "Include" } if ($PSBoundParameters.ContainsKey("AllowedFirstCharType")) { $local:RuleObj.AllowedFirstCharacterType = $AllowedFirstCharType } if ($PSBoundParameters.ContainsKey("AllowedLastCharType")) { $local:RuleObj.AllowedLastCharacterType = $AllowedLastCharType } if ($PSBoundParameters.ContainsKey("MaxConsecutiveAlpha")) { $local:RuleObj.MaxConsecutiveAlphabeticCharacters = $MaxConsecutiveAlpha } if ($PSBoundParameters.ContainsKey("MaxConsecutiveAlphanumeric")) { $local:RuleObj.MaxConsecutiveAlphaNumericCharacters = $MaxConsecutiveAlphanumeric } if ($PSBoundParameters.ContainsKey("RepeatedCharRestriction")) { $local:RuleObj.RepeatedCharacterRestriction = $RepeatedCharRestriction } Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "UserPasswordRule" -Body $local:RuleObj } } <# .SYNOPSIS Generate a random password using the Safeguard user password rule via the Web API. .DESCRIPTION Generate a random password that complies with the current user password rule configured on the Safeguard appliance. Optionally pass a custom rule object to generate a password using different constraints without modifying the saved rule. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER RuleObject An optional UserPasswordRule object to use for generation instead of the currently saved rule. Retrieve with Get-SafeguardUserPasswordRule. .INPUTS None. .OUTPUTS A string containing the generated password. .EXAMPLE New-SafeguardUserPassword .EXAMPLE $rule = Get-SafeguardUserPasswordRule $rule.MinCharacters = 20 New-SafeguardUserPassword -RuleObject $rule #> function New-SafeguardUserPassword { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$false)] [object]$RuleObject ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if (-not $RuleObject) { $RuleObject = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "UserPasswordRule") } Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core POST "UserPasswordRule/GeneratePassword" -Body $RuleObject } <# .SYNOPSIS Validate a password against the Safeguard user password rule via the Web API. .DESCRIPTION Test whether a proposed password meets the requirements of the user password rule configured on the Safeguard appliance. Returns $true if the password is valid, or $false if it does not meet the rule requirements. Other errors (authentication failures, network errors) are thrown as exceptions. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER Password A SecureString containing the password to validate. .INPUTS None. .OUTPUTS A boolean indicating whether the password is valid. .EXAMPLE Test-SafeguardUserPassword -Password (ConvertTo-SecureString "MyP@ssw0rd123" -AsPlainText -Force) .EXAMPLE Test-SafeguardUserPassword -Password (Read-Host "Password" -AsSecureString) #> function Test-SafeguardUserPassword { [CmdletBinding()] [OutputType([bool])] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true,Position=0)] [SecureString]$Password ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } $local:PasswordPlainText = [System.Net.NetworkCredential]::new("", $Password).Password try { $null = Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core ` POST "UserPasswordRule/ValidatePassword" -JsonBody (ConvertTo-Json $local:PasswordPlainText) $true } catch { if ($_.Exception.HttpStatusCode -eq 400 -and $_.Exception.ErrorCode -eq 60247) { $false } else { throw } } } |