public/Add-VPASApplication.ps1
|
<#
.Synopsis ADD APPLICATION ID CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO ADD A NEW APPLICATION ID TO CYBERARK .LINK https://vpasmodule.com/commands/Add-VPASApplication .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER Description An explanation/details of the target resource Best practice states to leave informative descriptions to help identify the resource purpose .PARAMETER AppID Unique ApplicationID (or Application Name) that will be used by the credential provider(s) to retrieve credentials .PARAMETER Location Where the ApplicationID will reside in terms of the directory structure within CyberArk .PARAMETER AccessPermittedFrom Limiting when an ApplicationID can be used starting time .PARAMETER AccessPermittedTo Limiting when an ApplicationID can be used end time .PARAMETER ExpirationDate Limiting when an ApplicationID can be used expiration date .PARAMETER Disabled Create the new ApplicationID in a disabled state .PARAMETER BusinessOwnerFName ApplicationID owner FirstName .PARAMETER BusinessOwnerLName ApplicationID owner LastName .PARAMETER BusinessOwnerEmail ApplicationID onwer Email .PARAMETER BusinessOwnerPhone ApplicationID owner Phone .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $AddApplicationStatus = Add-VPASApplication -AppID {APPID VALUE} -Description {DESCRIPTION VALUE} .EXAMPLE $InputParameters = @{ AppID = "NewApplicationName" Description = "Description for the new application" AccessPermittedFrom = "9" AccessPermittedTo = "17" ExpirationDate = "03/12/2025" Disabled = $true|$false BusinessOwnerFName = "Vadim" BusinessOwnerLName = "Melamed" BusinessOwnerEmail = "vpasmodule@gmail.com" BusinessOwnerPhone = "123-456-7890" } $AddApplicationStatus = Add-VPASApplication -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Add-VPASApplication{ [OutputType([bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter name for new ApplicationID (for example: NewApp1)")] [String]$AppID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$Description, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$Location, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$AccessPermittedFrom, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$AccessPermittedTo, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$ExpirationDate, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$Disabled, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$BusinessOwnerFName, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$BusinessOwnerLName, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$BusinessOwnerEmail, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$BusinessOwnerPhone, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("AppID","Description","Location","AccessPermittedFrom","AccessPermittedTo","ExpirationDate","Disabled","BusinessOwnerFName","BusinessOwnerLName","BusinessOwnerEmail","BusinessOwnerPhone") MandatoryKeys = @("AppID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO CREATE APPLICATION" Write-VPASOutput -str $_ -type E return $false } #MISC SECTION $permissions = @{} $targetVal = @{"AppID"=$AppID} if([String]::IsNullOrEmpty($Description)){ Write-VPASOutput -str "NO DESCRIPTION FIELD SET, SKIPPING" -type M Write-Verbose "NO DESCRIPTION FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"Description"=$Description} } if([String]::IsNullOrEmpty($Location)){ Write-VPASOutput -str "NO LOCATION FIELD SET, USING DEFAULT" -type M $Location = "\" $targetVal += @{"Location"=$Location} Write-Verbose "NO LOCATION FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"Location"=$Location} } if([String]::IsNullOrEmpty($AccessPermittedFrom)){ Write-VPASOutput -str "NO ACCESSPERMITTEDFROM FIELD SET, SKIPPING" -type M Write-Verbose "NO ACCESS PERMITTED FROM FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"AccessPermittedFrom"=$AccessPermittedFrom} } if([String]::IsNullOrEmpty($AccessPermittedTo)){ Write-VPASOutput -str "NO ACCESSPERMITTEDTO FIELD SET, SKIPPING" -type M Write-Verbose "NO ACCESS PERMITTED TO FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"AccessPermittedTo"=$AccessPermittedTo} } if([String]::IsNullOrEmpty($ExpirationDate)){ Write-VPASOutput -str "NO EXPIRATIONDATE FIELD SET, SKIPPING" -type M Write-Verbose "NO EXPIRATION DATE FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"ExpirationDate"=$ExpirationDate} } if($Disabled){ $targetVal += @{"Disabled"=$true} } else{ $targetVal += @{"Disabled"=$false} } if([String]::IsNullOrEmpty($BusinessOwnerFName)){ Write-VPASOutput -str "NO BUSINESSOWNERFNAME FIELD SET, SKIPPING" -type M Write-Verbose "NO BUSINESS OWNER FIRST NAME FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"BusinessOwnerFName"=$BusinessOwnerFName} } if([String]::IsNullOrEmpty($BusinessOwnerLName)){ Write-VPASOutput -str "NO BUSINESSOWNERLNAME FIELD SET, SKIPPING" -type M Write-Verbose "NO BUSINESS OWNER LAST NAME FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"BusinessOwnerLName"=$BusinessOwnerLName} } if([String]::IsNullOrEmpty($BusinessOwnerEmail)){ Write-VPASOutput -str "NO BUSINESSOWNEREMAIL FIELD SET, SKIPPING" -type M Write-Verbose "NO BUSINESS OWNER EMAIL FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"BusinessOwnerEmail"=$BusinessOwnerEmail} } if([String]::IsNullOrEmpty($BusinessOwnerPhone)){ Write-VPASOutput -str "NO BUSINESSOWNERPHONE FIELD SET, SKIPPING" -type M Write-Verbose "NO BUSINESS OWNER PHONE FIELD SET, LEAVING FIELD BLANK" } else{ $targetVal += @{"BusinessOwnerPhone"=$BusinessOwnerPhone} } try{ Write-Verbose "MAKING API CALL TO CYBERARK" $params = @{ application = $targetVal } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/" } if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING TRUE" $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC return $true }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO ADD APPLICATION TO CYBERARK" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |