Public/kubernetes-protection.ps1

function Edit-FalconContainerAwsAccount {
<#
.SYNOPSIS
Modify Falcon Container Security AWS accounts
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.PARAMETER Region
AWS cloud region
.PARAMETER Id
AWS account identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconContainerAwsAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:patch',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:patch',Position=1)]
        [string]$Region,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:patch',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=2)]
        [ValidatePattern('^\d{12}$')]
        [Alias('Ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('ids','region') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) {
            $PSBoundParameters['Id'] = @($List | Select-Object -Unique)
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Edit-FalconContainerAzureAccount {
<#
.SYNOPSIS
Modify the client identifier for a Falcon Container Security Azure account
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.PARAMETER ClientId
Azure client identifier
.PARAMETER Id
Azure tenant identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconContainerAzureAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/service-principal/azure/v1:patch',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/service-principal/azure/v1:patch',Mandatory,
            Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('client_id')]
        [string]$ClientId,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/service-principal/azure/v1:patch',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=2)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [string]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('id','client_id') }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function Get-FalconContainerAwsAccount {
<#
.SYNOPSIS
Search for Falcon Container Security AWS accounts
.DESCRIPTION
Requires 'Kubernetes Protection: Read'.
.PARAMETER Id
AWS account identifier
.PARAMETER Status
Filter by account status
.PARAMETER Limit
Maximum number of results per request
.PARAMETER Offset
Position to begin retrieving results
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconContainerAwsAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:get',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:get',
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^\d{12}$')]
        [Alias('Ids')]
        [string[]]$Id,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:get',Position=2)]
        [ValidateSet('provisioned','operational',IgnoreCase=$false)]
        [string]$Status,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:get',Position=3)]
        [int32]$Limit,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:get')]
        [int32]$Offset,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:get')]
        [switch]$All,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:get')]
        [switch]$Total
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('ids','offset','limit','status') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) { $PSBoundParameters['Id'] = @($List | Select-Object -Unique) }
        Invoke-Falcon @Param -Inputs $PSBoundParameters
    }
}
function Get-FalconContainerAzureAccount {
<#
.SYNOPSIS
Search for Falcon Container Security Azure accounts
.DESCRIPTION
Requires 'Kubernetes Protection: Read'.
.PARAMETER Id
Azure tenant identifier
.PARAMETER SubscriptionId
Azure subscription identifier
.PARAMETER Status
Filter by account status
.PARAMETER IsHorizonAcct
Filter by whether an account originates from Horizon or not
.PARAMETER Limit
Maximum number of results per request
.PARAMETER Offset
Position to begin retrieving results
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconContainerAzureAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get',
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('ids')]
        [string[]]$Id,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get',Position=2)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('subscription_id')]
        [string[]]$SubscriptionId,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get',Position=3)]
        [ValidateSet('operational','provisioned',IgnoreCase=$false)]
        [string]$Status,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get',Position=4)]
        [Alias('is_horizon_acct')]
        [boolean]$IsHorizonAcct,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get',Position=5)]
        [int]$Limit,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get')]
        [int]$Offset,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get')]
        [switch]$All,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:get')]
        [switch]$Total
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('ids','status','limit','is_horizon_acct','offset','subscription_id') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) { $PSBoundParameters['Id'] = @($List | Select-Object -Unique) }
        Invoke-Falcon @Param -Inputs $PSBoundParameters
    }
}
function Get-FalconContainerCloud {
<#
.SYNOPSIS
Return Falcon Container Security cloud provider locations
.DESCRIPTION
Requires 'Kubernetes Protection: Read'.
.PARAMETER Cloud
Cloud provider
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconContainerCloud
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/cloud-locations/v1:get',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/cloud-locations/v1:get',
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidateSet('aws','azure','gcp',IgnoreCase=$false)]
        [Alias('clouds')]
        [string[]]$Cloud
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('clouds') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process {
        if ($Cloud) { @($Cloud).foreach{ $List.Add($_) }}
    }
    end {
        if ($List) {
            $PSBoundParameters['Cloud'] = @($List | Select-Object -Unique)
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Get-FalconContainerCluster {
<#
.SYNOPSIS
Search for Falcon Container Security clusters
.DESCRIPTION
Requires 'Kubernetes Protection: Read'.
.PARAMETER Id
Cluster account identifier
.PARAMETER Location
Cloud provider location
.PARAMETER ClusterName
Cluster name
.PARAMETER ClusterService
Cluster service
.PARAMETER Limit
Maximum number of results per request
.PARAMETER Offset
Position to begin retrieving results
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconContainerCluster
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get',
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [Alias('account_ids','Ids')]
        [string[]]$Id,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get',Position=2)]
        [Alias('Locations')]
        [string[]]$Location,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get',Position=3)]
        [Alias('cluster_names','ClusterNames')]
        [string[]]$ClusterName,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get',Position=4)]
        [ValidateSet('eks',IgnoreCase=$false)]
        [Alias('cluster_service')]
        [string]$ClusterService,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get',Position=5)]
        [int32]$Limit,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get')]
        [int32]$Offset,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get')]
        [switch]$All,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/kubernetes/clusters/v1:get')]
        [switch]$Total
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{
                Query = @('limit','cluster_names','account_ids','offset','cluster_service','locations')
            }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) { $PSBoundParameters['Id'] = @($List | Select-Object -Unique) }
        Invoke-Falcon @Param -Inputs $PSBoundParameters
    }
}
function Invoke-FalconContainerScan {
<#
.SYNOPSIS
Initiate a Falcon Container Security scan
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.PARAMETER ScanType
Scan type
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Invoke-FalconContainerScan
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/scan/trigger/v1:post',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/scan/trigger/v1:post',Mandatory,
           Position=1)]
        [ValidateSet('dry-run','full','cluster-refresh',IgnoreCase=$false)]
        [Alias('scan-type')]
        [string]$ScanType
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('scan_type') }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function New-FalconContainerAwsAccount {
<#
.SYNOPSIS
Provision Falcon Container Security AWS accounts
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.PARAMETER Region
AWS cloud region
.PARAMETER Id
AWS account identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/New-FalconContainerAwsAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:post',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:post',Mandatory,
           Position=1)]
        [string]$Region,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=2)]
        [ValidatePattern('^\d{12}$')]
        [Alias('account_id')]
        [string]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Body = @{ resources = @('account_id','region') }}
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function New-FalconContainerAzureAccount {
<#
.SYNOPSIS
Provision Falcon Container Security Azure accounts
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.PARAMETER SubscriptionId
Azure subscription identifier
.PARAMETER TenantId
Azure tenant identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/New-FalconContainerAzureAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:post',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:post',Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('subscription_id')]
        [string]$SubscriptionId,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:post',Position=2)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('tenant_id')]
        [string]$TenantId
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Body = @{ resources = @('subscription_id','tenant_id') }}
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function New-FalconContainerKey {
<#
.SYNOPSIS
Regenerate the API key for Falcon Container Security Docker registry integrations
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.LINK
https://github.com/crowdstrike/psfalcon/wiki/New-FalconContainerKey
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/integration/api-key/v1:post',
        SupportsShouldProcess)]
    param()
    process { Invoke-Falcon -Endpoint $PSCmdlet.ParameterSetName }
}
function Receive-FalconContainerYaml {
<#
.SYNOPSIS
Download a sample Helm values.yaml file
.DESCRIPTION
Requires 'Kubernetes Protection: Read'.
.PARAMETER Path
Destination path
.PARAMETER ClusterName
Cluster name
.PARAMETER Force
Overwrite an existing file when present
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Receive-FalconContainerYaml
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/integration/agent/v1:get',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/integration/agent/v1:get',Mandatory,
           Position=1)]
        [string]$Path,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/integration/agent/v1:get',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=2)]
        [Alias('cluster_name')]
        [string]$ClusterName,
        [Parameter(ParameterSetName='/kubernetes-protection/entities/integration/agent/v1:get')]
        [switch]$Force
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Headers = @{ Accept = 'application/yaml' }
            Format = @{
                Query = @('cluster_name')
                Outfile = 'path'
            }
        }
    }
    process {
        $PSBoundParameters.Path = Assert-Extension $PSBoundParameters.Path 'yaml'
        $OutPath = Test-OutFile $PSBoundParameters.Path
        if ($OutPath.Category -eq 'ObjectNotFound') {
            Write-Error @OutPath
        } elseif ($PSBoundParameters.Path) {
            if ($OutPath.Category -eq 'WriteError' -and !$Force) {
                Write-Error @OutPath
            } else {
                Invoke-Falcon @Param -Inputs $PSBoundParameters
            }
        }}
}
function Remove-FalconContainerAwsAccount {
<#
.SYNOPSIS
Remove Falcon Container Security AWS accounts
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.PARAMETER Id
AWS account identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Remove-FalconContainerAwsAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:delete',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/aws/v1:delete',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^\d{12}$')]
        [Alias('Ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('ids') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) {
            $PSBoundParameters['Id'] = @($List | Select-Object -Unique)
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Remove-FalconContainerAzureAccount {
<#
.SYNOPSIS
Remove Falcon Container Security Azure accounts
.DESCRIPTION
Requires 'Kubernetes Protection: Write'.
.PARAMETER Id
Azure subscription identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Remove-FalconContainerAzureAccount
#>

    [CmdletBinding(DefaultParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:delete',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/kubernetes-protection/entities/accounts/azure/v1:delete',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('ids') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) {
            $PSBoundParameters['Id'] = @($List | Select-Object -Unique)
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}