src/ServiceAccounts/Add-PSWizServiceAccount.ps1
function Add-PSWizServiceAccount { <# .SYNOPSIS Creates a new service account in the Wiz platform. .DESCRIPTION The Add-PSWizServiceAccount function creates a new service account in the Wiz platform's API. It requires specifying the name, scopes, assigned project ID, type, and expiration date of the service account. .PARAMETER Name Specifies the name of the service account to be created. This parameter is mandatory. .PARAMETER Scopes Specifies the scopes assigned to the service account. This parameter is mandatory and should be an array of scope strings. .PARAMETER AssignedProjectId Specifies the project ID to which the service account is assigned. This parameter is mandatory. .PARAMETER Type Specifies the type of the service account. Valid values: 'THIRD_PARTY', 'SENSOR', 'KUBERNETES_ADMISSION_CONTROLLER', 'BROKER', 'FIRST_PARTY', 'KUBERNETES_CONNECTOR', 'INTEGRATION', 'OUTPOST' This parameter is mandatory. .PARAMETER ExpiresAt Specifies the expiration date and time for the service account. This parameter is mandatory and should be a datetime object. .EXAMPLE Add-PSWizServiceAccount -Name "ServiceAccount1" -Scopes "scope1", "scope2" -AssignedProjectId "project123" -Type "THIRD_PARTY" -ExpiresAt (Get-Date).AddMonths(6) This example creates a new service account named "ServiceAccount1" with specified scopes, assigned project ID, type, and an expiration date six months from the current date. .OUTPUTS PSCustomObject The function returns the details of the created service account. If there are errors, the function returns the error messages. .NOTES The function constructs a GraphQL query from a local file named createServiceAccount.graphql located in the .\graphql\ directory. Authentication details ($Script:Access_Token and $Script:Data_Center) must be available in the script scope. PowerShell 5.0 or higher is required. .LINK https://docs.microsoft.com/powershell/module/microsoft.powershell.utility/invoke-restmethod #> [CmdletBinding()] param ( [Parameter(Mandatory)] $Name, [Parameter(Mandatory)] $Scopes, [Parameter(Mandatory)] $AssignedProjectId, [Parameter(Mandatory)] [ValidateSet('THIRD_PARTY', 'SENSOR', 'KUBERNETES_ADMISSION_CONTROLLER', 'BROKER', 'FIRST_PARTY', 'KUBERNETES_CONNECTOR', 'INTEGRATION', 'OUTPOST')] $Type, [Parameter(Mandatory)] [datetime] $ExpiresAt ) $queryPath = $(Split-Path -Path $Script:MyInvocation.MyCommand.Path -Parent) $Query = [PSCustomObject]@{ operationName = "createServiceAccount" query = $(Get-Content "$($queryPath)\graphql\createServiceAccount.graphql" -Raw) variables = @{ name = $Name scopes = @($Scopes) assignedProjectIds = @($AssignedProjectId) type = $Type expiresAt = $ExpiresAt } } | ConvertTo-Json -Compress $response = Invoke-RestMethod -Uri "https://api.$($Script:Data_Center).app.wiz.io/graphql" -Headers @{Authorization = "Bearer $($Script:Access_Token)" } -Method Post -Body $Query -ContentType 'application/json' if ($response.errors) { $response.errors } else { $response.data.createServiceAccount } } |