public/Add-VPASAllowedIP.ps1
|
<#
.Synopsis ADD ALLOWED IP CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO ADD AN ALLOWED IP FOR PRIVILEGE CLOUD SHARED SERVICES .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER AllowedValue Target value that will be whitelisted to allow cyberark cloud to communicate to CIDR ranges (/22 netmask or /32 netmask) can be utilized to add a range of IP addresses to the allowlist .EXAMPLE $AddAllowedIPJSON = Add-VPASAllowedIP -AllowedValue {ALLOWEDVALUE VALUE} .OUTPUTS JSON Object (Status) if successful $false if failed #> function Add-VPASAllowedIP{ [OutputType([bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter new AllowedValue (for example: 55.55.55.55/32)",Position=0)] [String]$AllowedValue, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED ALLOWEDVALUE VALUE: $AllowedValue" try{ Write-Verbose "RETRIEVING CURRENT ALLOWED VALUES" $CurrentValues = Get-VPASAllowedIPs $AllowedIPsArr = @() foreach($rec in $CurrentValues.customerPublicIPs){ $AllowedIPsArr += $rec Write-Verbose "ADDING $rec TO ALLOWED VALUES" } $AllowedIPsArr += $AllowedValue Write-Verbose "ADDING $AllowedValue TO ALLOWED VALUES" write-verbose "INITIALIZING API PARAMETERS" $params = @{ customerPublicIPs = $AllowedIPsArr } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/api/advanced-settings/ip-allowlist" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/api/advanced-settings/ip-allowlist" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "PUT" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "SUCCESSFULLY ADDED ALLOWED VALUE: $AllowedValue" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO ADD ALLOWED VALUE: $AllowedValue" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |