Public/user-management.ps1

function Add-FalconRole {
<#
.SYNOPSIS
Assign roles to users
.DESCRIPTION
Requires 'User Management: Write'.
.PARAMETER UserId
User identifier
.PARAMETER Cid
Customer identifier
.PARAMETER Id
User role
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Add-FalconRole
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/entities/user-role-actions/v1:post',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/user-role-actions/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('uuid','user_uuid')]
        [string]$UserId,
        [Parameter(ParameterSetName='/user-management/entities/user-role-actions/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,Position=2)]
        [string]$Cid,
        [Parameter(ParameterSetName='/user-management/entities/user-role-actions/v1:post',Mandatory,Position=3)]
        [Alias('role_ids','Ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Body = @{ root = @('cid','uuid','action','role_ids') }}
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) {
            $PSBoundParameters['role_ids'] = @($List | Select-Object -Unique)
            $PSBoundParameters['uuid'] = $PSBoundParameters.UserId
            $PSBoundParameters['action'] = 'grant'
            [void]$PSBoundParameters.Remove('Id')
            [void]$PSBoundParameters.Remove('UserId')
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Edit-FalconUser {
<#
.SYNOPSIS
Modify the name of a user
.DESCRIPTION
Requires 'User Management: Write'.
.PARAMETER FirstName
First name
.PARAMETER LastName
Last name
.PARAMETER Id
User identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconUser
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/entities/users/v1:patch',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/users/v1:patch',Position=1)]
        [Alias('first_name')]
        [string]$FirstName,
        [Parameter(ParameterSetName='/user-management/entities/users/v1:patch',Position=2)]
        [Alias('last_name')]
        [string]$LastName,
        [Parameter(ParameterSetName='/user-management/entities/users/v1:patch',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=3)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('user_uuid','uuid')]
        [string]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{
                Query = @('user_uuid')
                Body = @{ root = @('first_name','last_name') }
            }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function Get-FalconRole {
<#
.SYNOPSIS
Search for user roles and assignments
.DESCRIPTION
Requires 'User Management: Read'.
.PARAMETER Id
Role identifier
.PARAMETER UserId
User identifier
.PARAMETER Cid
Customer identifier
.PARAMETER Detailed
Retrieve detailed information
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconRole
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/queries/roles/v1:get',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/roles/v1:get',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [Alias('ids','roles')]
        [string[]]$Id,
        [Parameter(ParameterSetName='/user-management/queries/roles/v1:get',Position=1)]
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Position=2)]
        [Parameter(ParameterSetName='/user-management/entities/roles/v1:get',Position=2)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [string]$Cid,
        [Parameter(ParameterSetName='/user-management/queries/roles/v1:get',Position=2)]
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Mandatory,Position=1)]
        [Alias('user_uuid','uuid')]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [string]$UserId,
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Position=3)]
        [string]$Filter,
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Position=4)]
        [ValidateSet('cid|asc','cid|desc','role_name|asc','role_name|desc','type|asc','type|desc',
            IgnoreCase=$false)]
        [string]$Sort,
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Position=5)]
        [ValidateRange(1,500)]
        [int]$Limit,
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Position=6)]
        [string]$Offset,
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Position=7)]
        [Alias('direct_only')]
        [boolean]$DirectOnly,
        [Parameter(ParameterSetName='/user-management/combined/user-roles/v1:get',Mandatory)]
        [switch]$Detailed
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('sort','filter','user_uuid','limit','cid','direct_only','offset','ids') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process {
        if ($Id) {
            @($Id).foreach{
                if ($_ -match '^\w{8}-\w{4}-\w{4}-\w{4}-\w{12}$') {
                    Get-FalconRole -UserId $_
                } elseif ($_ -match '^[a-fA-F0-9]{32}$') {
                    Get-FalconRole -Cid $_
                } else {
                    if ($_ -notmatch '^\w+') {
                        Write-Error "'$_' is not a valid user role."
                    } else {
                        $List.Add($_)
                    }
                }
            }
        } else {
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
    end {
        if ($List) {
            $PSBoundParameters['Id'] = @($List | Select-Object -Unique)
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Get-FalconUser {
<#
.SYNOPSIS
Search for users
.DESCRIPTION
Requires 'User Management: Read'.
.PARAMETER Id
User identifier
.PARAMETER Filter
Falcon Query Language expression to limit results
.PARAMETER Offset
Position to begin retrieving results
.PARAMETER Sort
Property and direction to sort results
.PARAMETER Limit
Maximum number of results per request
.PARAMETER Username
Username
.PARAMETER Include
Include additional properties
.PARAMETER Detailed
Retrieve detailed information
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconUser
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/queries/users/v1:get',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/users/GET/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('ids','uuid')]
        [string[]]$Id,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get',Position=1)]
        [string]$Filter,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get',Position=2)]
        [ValidateSet('first_name|asc','first_name|desc','last_name|asc','last_name|desc','name|asc','name|desc',
            'uid|asc','uid|desc',IgnoreCase=$false)]
        [string]$Sort,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get',Position=3)]
        [ValidateRange(1,500)]
        [int]$Limit,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get',Position=4)]
        [int]$Offset,
        [Parameter(ParameterSetName='Username',Mandatory)]
        [ValidateScript({
            if ((Test-RegexValue $_) -eq 'email') { $true } else { throw "'$_' is not a valid email address." }
        })]
        [Alias('uid','Usernames')]
        [string[]]$Username,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get')]
        [Parameter(ParameterSetName='/user-management/entities/users/GET/v1:post')]
        [Parameter(ParameterSetName='Username')]
        [ValidateSet('roles',IgnoreCase=$false)]
        [string[]]$Include,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get')]
        [Parameter(ParameterSetName='Username')]
        [switch]$Detailed,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get')]
        [switch]$All,
        [Parameter(ParameterSetName='/user-management/queries/users/v1:get')]
        [switch]$Total
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{
                Body = @{ root = @('ids') }
                Query = @('filter','sort','limit','offset','uid')
            }
            Max = 100
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($Username) {
            # Re-submit 'Username' values as filtered searches
            $Username = @($Username | Select-Object -Unique)
            for ($i = 0; $i -lt ($Username | Measure-Object).Count; $i += 20) {
                [string]$Filter = ($Username[$i..($i + 19)] | ForEach-Object { "uid:*'$_'" }) -join ','
                if ($Filter) {
                    $Search = @{ Filter = $Filter }
                    if ($Include) { $Search['Include'] = $Include }
                    if ($Detailed) { $Search['Detailed'] = $Detailed }
                    & $MyInvocation.MyCommand.Name @Search
                }
            }
        } else {
            if ($IdList) { $PSBoundParameters['Id'] = @($List | Select-Object -Unique) }
            if ($Include) {
                $Request = Invoke-Falcon @Param -Inputs $PSBoundParameters
                if ($Request -and !$Request.uuid) {
                    $Request = @($Request).foreach{ ,[PSCustomObject]@{ uuid = $_ }}
                }
                if ($Include -contains 'roles') {
                    @($Request).foreach{ Set-Property $_ roles @(Get-FalconRole -UserId $_.uuid) }
                }
                $Request
            } else {
                Invoke-Falcon @Param -Inputs $PSBoundParameters
            }
        }
    }
}
function Invoke-FalconUserAction {
<#
.SYNOPSIS
Perform an action on a user
.DESCRIPTION
Requires 'User Management: Write'.
.PARAMETER Name
Action name
.PARAMETER Id
User identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Invoke-FalconUserAction
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/entities/user-actions/v1:post',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/user-actions/v1:post',Mandatory,Position=1)]
        [ValidateSet('reset_password','reset_2fa',IgnoreCase=$false)]
        [Alias('action_name')]
        [string]$Name,
        [Parameter(ParameterSetName='/user-management/entities/user-actions/v1:post',Mandatory,Position=2)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Body = @{ root = @('ids','action') }}
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) {
            $PSBoundParameters['Id'] = @($List | Select-Object -Unique)
            $PSBoundParameters['Action'] = @{ action_name = $PSBoundParameters.Name }
            [void]$PSBoundParameters.Remove('Name')
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function New-FalconUser {
<#
.SYNOPSIS
Create a user
.DESCRIPTION
Requires 'User Management: Write'.
.PARAMETER Username
Username
.PARAMETER Firstname
First name
.PARAMETER Lastname
Last name
.PARAMETER Password
Password. If left unspecified, the user will be emailed a link to set their password.
.PARAMETER Cid
Customer identifier
.PARAMETER ValidateOnly
Validate if user is allowed but do not create them
.LINK
https://github.com/crowdstrike/psfalcon/wiki/New-FalconUser
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/entities/users/v1:post',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/users/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidateScript({
            if ((Test-RegexValue $_) -eq 'email') { $true } else { throw "'$_' is not a valid email address." }
        })]
        [Alias('uid')]
        [string]$Username,
        [Parameter(ParameterSetName='/user-management/entities/users/v1:post',ValueFromPipelineByPropertyName,
            Position=2)]
        [Alias('first_name')]
        [string]$FirstName,
        [Parameter(ParameterSetName='/user-management/entities/users/v1:post',ValueFromPipelineByPropertyName,
            Position=3)]
        [Alias('last_name')]
        [string]$LastName,
        [Parameter(ParameterSetName='/user-management/entities/users/v1:post',ValueFromPipelineByPropertyName,
            Position=4)]
        [ValidatePattern('^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$ %^&*-]).{12,}$')]
        [string]$Password,
        [Parameter(ParameterSetName='/user-management/entities/users/v1:post',ValueFromPipelineByPropertyName,
            Position=5)]
        [string]$Cid,
        [Parameter(ParameterSetName='/user-management/entities/users/v1:post',ValueFromPipelineByPropertyName,
            Position=6)]
        [Alias('validate_only')]
        [boolean]$ValidateOnly
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{
                Query = @('validate_only')
                Body = @{ root = @('first_name','uid','last_name','cid','password') }
            }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function Remove-FalconRole {
<#
.SYNOPSIS
Remove roles from a user
.DESCRIPTION
Requires 'User Management: Write'.
.PARAMETER UserId
User identifier
.PARAMETER Cid
Customer identifier
.PARAMETER Id
User role
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Remove-FalconRole
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/entities/user-role-actions/v1:post',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/user-role-actions/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('uuid','user_uuid')]
        [string]$UserId,
        [Parameter(ParameterSetName='/user-management/entities/user-role-actions/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,Position=2)]
        [string]$Cid,
        [Parameter(ParameterSetName='/user-management/entities/user-role-actions/v1:post',Mandatory,Position=3)]
        [Alias('role_ids','Ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Body = @{ root = @('cid','uuid','action','role_ids') }}
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) {
            $PSBoundParameters['role_ids'] = @($List | Select-Object -Unique)
            $PSBoundParameters['uuid'] = $PSBoundParameters.UserId
            $PSBoundParameters['action'] = 'revoke'
            [void]$PSBoundParameters.Remove('Id')
            [void]$PSBoundParameters.Remove('UserId')
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Remove-FalconUser {
<#
.SYNOPSIS
Remove a user
.DESCRIPTION
Requires 'User Management: Write'.
.PARAMETER Id
User identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Remove-FalconUser
#>

    [CmdletBinding(DefaultParameterSetName='/user-management/entities/users/v1:delete',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/user-management/entities/users/v1:delete',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$')]
        [Alias('user_uuid','uuid')]
        [string]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('user_uuid') }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
@('Add-FalconRole','Get-FalconRole','Remove-FalconRole').foreach{
    Register-ArgumentCompleter -CommandName $_ -ParameterName 'Id' -ScriptBlock { Get-FalconRole -EA 0 }
}