public/Confirm-VPASBulkFile.ps1
|
<#
.Synopsis VALIDATE CSV FILES FOR BULK OPERATIONS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO VALIDATE CSV FILES FOR BULK OPERATIONS .LINK https://vpasmodule.com/commands/Confirm-VPASBulkFile .PARAMETER CSVFile Location of the CSV file containing the target information .PARAMETER BulkOperation Which bulk operation the CSVFile should be tested against Possible values: BulkSafeCreation, BulkAccountCreation, BulkSafeMembers .PARAMETER ISPSS For saas environments The APIs for adding safe members introduced a new parameter for saas environments. Enable this flag for saas environments .PARAMETER HideOutput Suppress any output to the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $CSVFileValidate = Confirm-VPASBulkFile -BulkOperation {BULKOPERATION VALUE} -CSVFile {CSVFILE LOCATION} .EXAMPLE $InputParameters = @{ BulkOperation = "BulkSafeCreation"|"BulkAccountCreation"|"BulkSafeMembers" CSVFile = "C:\Temp\test.csv" ISPSS = $true|$false HideOutput = $true|$false } $CSVFileValidate = Confirm-VPASBulkFile -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Confirm-VPASBulkFile{ [OutputType([bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Testing CSV file against which BulkOperation (BulkSafeCreation, BulkAccountCreation, BulkSafeMembers)")] [ValidateSet('BulkSafeCreation','BulkAccountCreation','BulkSafeMembers')] [String]$BulkOperation, [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Location of CSV file (for example: C:\Temp\test.csv)")] [String]$CSVFile, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$ISPSS, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$HideOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters ) Begin{ $CommandName = $MyInvocation.MyCommand.Name } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("BulkOperation","CSVFile","ISPSS","HideOutput") MandatoryKeys = @("BulkOperation","CSVFile") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO CONFIRM BULK FILE USING VPAS" Write-VPASOutput -str $_ -type E return $false } if(!$HideOutput){ Write-VPASOutput "VALIDATE BULK CSV FILES UTILITY" -type G Write-VPASOutput "*Please note, this only checks syntax of a CSV file, it does NOT go into Cyberark to edit any values and does NOT validate SafeNames, PlatformIDs, SafeMembers, etc." -type C } Write-Verbose "SUCCESSFULLY PARSED BULKOPERATION VALUE: $BulkTemplate" Write-Verbose "SUCCESSFULLY PARSED CSVFILE LOCATION: $CSVFile" try{ $processrun = $true if(Test-Path -Path $CSVFile){ $inputFile = Import-Csv -Path $CSVFile } else{ write-verbose "$CSVFile DOES NOT EXIST, RETURNING FALSE" if(!$HideOutput){ Write-VPASOutput -str "$CSVFile DOES NOT EXIST, RETURNING FALSE" -type E } return $false } if($BulkOperation -eq "BulkSafeCreation"){ $counter = 1 foreach($line in $inputFile){ $errorflag = $false $errorstr = "" if(!$HideOutput){ Write-VPASOutput -str "ANALYZING LINE #$counter...................." -type Y } $SafeName = $line.SafeName $CPM = $line.CPM $VersionsRetention = $line.VersionsRetention $DaysRetention = $line.DaysRetention $OLAC = $line.OLAC $Description = $line.Description if([String]::IsNullOrEmpty($SafeName)){ $errorflag = $true $errorstr += "SafeName CAN NOT BE BLANK; " $processrun = $false } if(![String]::IsNullOrEmpty($VersionsRetention) -and ![String]::IsNullOrEmpty($DaysRetention)){ $errorflag = $true $errorstr += "EITHER VersionRetention OR DaysRetention CAN BE SPECIFIED, NOT BOTH; " $processrun = $false } else{ if(![String]::IsNullOrEmpty($VersionsRetention)){ try{ $inttest = [int]$VersionsRetention }catch{ $errorflag = $true $errorstr += "VersionRetention MUST BE AN INTEGER; " $processrun = $false } } elseif(![String]::IsNullOrEmpty($DaysRetention)){ try{ $inttest = [int]$DaysRetention }catch{ $errorflag = $true $errorstr += "DaysRetention MUST BE AN INTEGER; " $processrun = $false } } } if([String]::IsNullOrEmpty($OLAC)){ $errorflag = $true $errorstr += "OLAC MUST BE SPECIFIED AS EITHER True OR False; " $processrun = $false } else{ $OLAC = $OLAC.ToLower() if($OLAC -ne "true" -and $OLAC -ne "false"){ $errorflag = $true $errorstr += "OLAC MUST BE SPECIFIED AS EITHER True OR False; " $processrun = $false } } if(!$errorflag){ if(!$HideOutput){ Write-VPASOutput -str "PASS!" -type G } } else{ if(!$HideOutput){ Write-VPASOutput -str "FAIL ( $errorstr)" -type E } } $counter+=1 } } elseif($BulkOperation -eq "BulkAccountCreation"){ $counter = 1 foreach($line in $inputFile){ $errorflag = $false $errorstr = "" if(!$HideOutput){ Write-VPASOutput -str "ANALYZING LINE #$counter...................." -type Y } $SafeName = $line.SafeName $PlatformID = $line.PlatformID $Username = $line.Username $Address = $line.Address $Customname = $line.CustomName $SecretType = $line.SecretType $SecretValue = $line.SecretValue $AutomaticManagementEnabled = $line.AutomaticManagementEnabled $extrapass1Safe = $line.extrapass1Safe $extrapass1Username = $line.extrapass1Username $extrapass1Name = $line.extrapass1Name $extrapass1Folder = $line.extrapass1Folder $extrapass3Safe = $line.extrapass3Safe $extrapass3Username = $line.extrapass3Username $extrapass3Name = $line.extrapass3Name $extrapass3Folder = $line.extrapass3Folder $CPMAction = $line.CPMAction $PlatformAccountProperties = $line.PlatformAccountProperties if([String]::IsNullOrEmpty($SafeName)){ $errorflag = $true $errorstr += "SafeName CAN NOT BE BLANK; " $processrun = $false } if([String]::IsNullOrEmpty($PlatformID)){ $errorflag = $true $errorstr += "PlatformID CAN NOT BE BLANK; " $processrun = $false } if([String]::IsNullOrEmpty($Username)){ $errorflag = $true $errorstr += "Username CAN NOT BE BLANK; " $processrun = $false } if([String]::IsNullOrEmpty($Address)){ $errorflag = $true $errorstr += "Address CAN NOT BE BLANK; " $processrun = $false } if(![String]::IsNullOrEmpty($SecretType)){ $SecretType = $SecretType.ToLower() if($SecretType -ne "password" -and $SecretType -ne "key"){ $errorflag = $true $errorstr += "SecretType CAN ONLY BE EITHER Password OR Key; " $processrun = $false } } if(![String]::IsNullOrEmpty($AutomaticManagementEnabled)){ $AutomaticManagementEnabled = $AutomaticManagementEnabled.ToLower() if($AutomaticManagementEnabled -ne "true" -and $AutomaticManagementEnabled -ne "false"){ $errorflag = $true $errorstr += "AutomaticManagementEnabled CAN ONLY BE EITHER True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($extrapass1Safe) -or ![String]::IsNullOrEmpty($extrapass1Username) -or ![String]::IsNullOrEmpty($extrapass1Name) -or ![String]::IsNullOrEmpty($extrapass1Folder)){ if([String]::IsNullOrEmpty($extrapass1Safe) -or [String]::IsNullOrEmpty($extrapass1Username) -or [String]::IsNullOrEmpty($extrapass1Name) -or [String]::IsNullOrEmpty($extrapass1Folder)){ $errorflag = $true $errorstr += "IF PASSING LOGON ACCOUNT ALL 4 FIELDS MUST BE SUPPLIED extrapass1Safe, extrapass1Username, extrapass1Name, extrapass1Folder; " $processrun = $false } } if(![String]::IsNullOrEmpty($extrapass3Safe) -or ![String]::IsNullOrEmpty($extrapass3Username) -or ![String]::IsNullOrEmpty($extrapass3Name) -or ![String]::IsNullOrEmpty($extrapass3Folder)){ if([String]::IsNullOrEmpty($extrapass3Safe) -or [String]::IsNullOrEmpty($extrapass3Username) -or [String]::IsNullOrEmpty($extrapass3Name) -or [String]::IsNullOrEmpty($extrapass3Folder)){ $errorflag = $true $errorstr += "IF PASSING RECONCILE ACCOUNT ALL 4 FIELDS MUST BE SUPPLIED extrapass3Safe, extrapass3Username, extrapass3Name, extrapass3Folder; " $processrun = $false } } if(![String]::IsNullOrEmpty($CPMAction)){ $CPMAction = $CPMAction.ToLower() if($CPMAction -ne "verify" -and $CPMAction -ne "change" -and $CPMAction -ne "reconcile"){ $errorflag = $true $errorstr += "CPMAction CAN ONLY BE EITHER Verify, Change, OR Reconcile; " $processrun = $false } } if(![String]::IsNullOrEmpty($PlatformAccountProperties)){ $PlatformAccountPropertiesSplit = $PlatformAccountProperties -split "," $PlatformPropCount = $PlatformAccountPropertiesSplit.count if($PlatformPropCount % 2 -ne 0){ $errorflag = $true $errorstr += "PlatformAccountProperties MUST BE PASSED IN A STRING COMMA SEPARATED FORMAT PropertyName,PropertyValue; " $processrun = $false } } if(!$errorflag){ if(!$HideOutput){ Write-VPASOutput -str "PASS!" -type G } } else{ if(!$HideOutput){ Write-VPASOutput -str "FAIL ( $errorstr)" -type E } } $counter+=1 } } elseif($BulkOperation -eq "BulkSafeMembers"){ $counter = 1 foreach($line in $inputFile){ $requestlvl = 0 $errorflag = $false $errorstr = "" if(!$HideOutput){ Write-VPASOutput -str "ANALYZING LINE #$counter...................." -type Y } $SafeName = $line.SafeName $SafeMember = $line.SafeMember $SearchIn = $line.SearchIn if($ISPSS){ $MemberType = $line.MemberType } $UseAccounts = $line.UseAccounts $RetrieveAccounts = $line.RetrieveAccounts $ListAccounts = $line.ListAccounts $AddAccounts = $line.AddAccounts $UpdateAccountContent = $line.UpdateAccountContent $UpdateAccountProperties = $line.UpdateAccountProperties $InitiateCPMAccountManagementOperations = $line.InitiateCPMAccountManagementOperations $SpecifyNextAccountContent = $line.SpecifyNextAccountContent $RenameAccounts = $line.RenameAccounts $DeleteAccounts = $line.DeleteAccounts $UnlockAccounts = $line.UnlockAccounts $ManageSafe = $line.ManageSafe $ManageSafeMembers = $line.ManageSafeMembers $BackupSafe = $line.BackupSafe $ViewAuditLog = $line.ViewAuditLog $ViewSafeMembers = $line.ViewSafeMembers $AccessWithoutConfirmation = $line.AccessWithoutConfirmation $CreateFolders = $line.CreateFolders $DeleteFolders = $line.DeleteFolders $MoveAccountsAndFolders = $line.MoveAccountsAndFolders $RequestsAuthorizationLevel1 = $line.RequestsAuthorizationLevel1 $RequestsAuthorizationLevel2 = $line.RequestsAuthorizationLevel2 if([String]::IsNullOrEmpty($SafeName)){ $errorflag = $true $errorstr += "SafeName CAN NOT BE BLANK; " $processrun = $false } if([String]::IsNullOrEmpty($SafeMember)){ $errorflag = $true $errorstr += "SafeMember CAN NOT BE BLANK; " $processrun = $false } if([String]::IsNullOrEmpty($SearchIn)){ $errorflag = $true $errorstr += "SearchIn CAN NOT BE BLANK; " $processrun = $false } if($ISPSS){ if([String]::IsNullOrEmpty($MemberType)){ $errorflag = $true $errorstr += "MemberType CAN NOT BE BLANK; " $processrun = $false } else{ $MemberType = $MemberType.ToLower() if($MemberType -ne "user" -and $MemberType -ne "group" -and $MemberType -ne "role"){ $errorflag = $true $errorstr += "MemberType HAS TO BE EITHER USER, GROUP, OR ROLE; " $processrun = $false } } } if(![String]::IsNullOrEmpty($UseAccounts)){ $teststr = $UseAccounts.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "UseAccounts CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($RetrieveAccounts)){ $teststr = $RetrieveAccounts.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "RetrieveAccounts CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($ListAccounts)){ $teststr = $ListAccounts.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "ListAccounts CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($AddAccounts)){ $teststr = $AddAccounts.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "AddAccounts CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($UpdateAccountContent)){ $teststr = $UpdateAccountContent.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "UpdateAccountContent CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($UpdateAccountProperties)){ $teststr = $UpdateAccountProperties.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "UpdateAccountProperties CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($InitiateCPMAccountManagementOperations)){ $teststr = $InitiateCPMAccountManagementOperations.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "InitiateCPMAccountManagementOperations CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($SpecifyNextAccountContent)){ $teststr = $SpecifyNextAccountContent.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "SpecifyNextAccountContent CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($RenameAccounts)){ $teststr = $RenameAccounts.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "RenameAccounts CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($DeleteAccounts)){ $teststr = $DeleteAccounts.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "DeleteAccounts CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($UnlockAccounts)){ $teststr = $UnlockAccounts.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "UnlockAccounts CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($ManageSafe)){ $teststr = $ManageSafe.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "ManageSafe CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($ManageSafeMembers)){ $teststr = $ManageSafeMembers.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "ManageSafeMembers CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($BackupSafe)){ $teststr = $BackupSafe.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "BackupSafe CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($ViewAuditLog)){ $teststr = $ViewAuditLog.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "ViewAuditLog CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($ViewSafeMembers)){ $teststr = $ViewSafeMembers.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "ViewSafeMembers CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($AccessWithoutConfirmation)){ $teststr = $AccessWithoutConfirmation.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "AccessWithoutConfirmation CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($CreateFolders)){ $teststr = $CreateFolders.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "CreateFolders CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($DeleteFolders)){ $teststr = $DeleteFolders.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "DeleteFolders CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($MoveAccountsAndFolders)){ $teststr = $MoveAccountsAndFolders.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "MoveAccountsAndFolders CAN ONLY BE True OR False; " $processrun = $false } } if(![String]::IsNullOrEmpty($RequestsAuthorizationLevel1)){ $teststr = $RequestsAuthorizationLevel1.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "RequestsAuthorizationLevel1 CAN ONLY BE True OR False; " $processrun = $false } else{ if($teststr -eq "true"){ $requestlvl += 1 } } } if(![String]::IsNullOrEmpty($RequestsAuthorizationLevel2)){ $teststr = $RequestsAuthorizationLevel2.ToLower() if($teststr -ne "true" -and $teststr -ne "false"){ $errorflag = $true $errorstr += "RequestsAuthorizationLevel2 CAN ONLY BE True OR False; " $processrun = $false } else{ if($teststr -eq "true"){ $requestlvl += 1 } } } if($requestlvl -ge 2){ $errorflag = $true $errorstr += "EITHER RequestsAuthorizationLevel1 OR RequestsAuthorizationLevel2 CAN BE SELECTED...NOT BOTH; " $processrun = $false } if(!$errorflag){ if(!$HideOutput){ Write-VPASOutput -str "PASS!" -type G } } else{ if(!$HideOutput){ Write-VPASOutput -str "FAIL ( $errorstr)" -type E } } $counter+=1 } } if($processrun){ if(!$HideOutput){ Write-VPASOutput -str "NO ERRORS WERE DETECTED" -type G } return $true } else{ if(!$HideOutput){ Write-VPASOutput -str "SOME ERRORS WERE DETECTED" -type E } return $false } }catch{ Write-Verbose "FAILED TO OPEN CSV FILE: $CSVFile" Write-VPASOutput -str "FAILED TO OPEN CSV FILE: $CSVFile" -type E Write-VPASOutput -str "$_" -type E return $false } } End{ } } |