public/Enable-VPASEPVUser.ps1
|
<#
.Synopsis ENABLE OR ACTIVATE EPV USER CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO ENABLE AN EPV USER IF DISABLED OR ACTIVATE A SUSPENDED EPV USER .LINK https://vpasmodule.com/commands/Enable-VPASEPVUser .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER EPVUsername Query for the target EPVUser via Username .PARAMETER EPVUserID Query for the target EPVUser via UserID .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .PARAMETER Action Select to either Enable target EPVUser or Activate target EPVUser Enabling a user will allow the user to authenticate in, Activating a user will clear out any authentication failures and unsuspend the user if suspended Possible values: Enable, Activate .EXAMPLE $EnableEPVUserStatus = Enable-VPASEPVUser -EPVUsername {EPVUSERNAME VALUE} -Action Enable .EXAMPLE $EnableEPVUserStatus = Enable-VPASEPVUser -EPVUserID {EPVUSERID VALUE} -Action Activate .EXAMPLE $InputParameters = @{ EPVUsername = "targetEPVUsername" Action = "Enable"|"Activate" } $EnableEPVUserStatus = Enable-VPASEPVUser -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ EPVUserID = "55" Action = "Enable"|"Activate" } $EnableEPVUserStatus = Enable-VPASEPVUser -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Enable-VPASEPVUser{ [OutputType([bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUsername (for example: vman)")] [String]$EPVUsername, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUserID (for example: 55)")] [String]$EPVUserID, [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Action to take on EPVUser either Enable (allow user to log in) or Activate (clear out authentication failures)")] [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Action to take on EPVUser either Enable (allow user to log in) or Activate (clear out authentication failures)")] [ValidateSet('Enable','Activate')] [String]$Action, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("EPVUsername","Action") MandatoryKeys = @("EPVUsername","Action") } set2 = @{ AcceptableKeys = @("EPVUserID","Action") MandatoryKeys = @("EPVUserID","Action") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO ENABLE EPV USER" Write-VPASOutput -str $_ -type E return $false } try{ if($EPVUsername){ $LookupBy = "Username" $LookupVal = $EPVUsername } if($EPVUserID){ $LookupBy = "UserID" $LookupVal = $EPVUserID } if($LookupBy -eq "Username"){ Write-Verbose "INVOKING HELPER FUNCTION" $searchQuery = "$LookupVal" $UserID = Get-VPASEPVUserIDHelper -token $token -username $searchQuery } elseif($LookupBy -eq "UserID"){ Write-Verbose "SUPPLIED USERID: $LookupVal, SKIPPING HELPER FUNCTION" $UserID = $LookupVal } if($Action -eq "Enable"){ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Users/$UserID/enable/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Users/$UserID/enable/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD Write-Verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "SUCCESSFULLY ENABLED $LookupBy : $LookupVal" return $true } elseif($Action -eq "Activate"){ $UserIDint = [int]$UserID write-verbose "CONVERTED USERID FROM TYPE STRING TO TYPE INT" $params = @{ id = $UserIDint } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json Write-Verbose "SUCCESSFULLY SETUP PARAMETERS FOR API CALL" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Users/$UserID/Activate" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Users/$UserID/Activate" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD Write-Verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "SUCCESSFULLY ACTIVATED $LookupBy = $LookupVal" return $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO DISABLE $LookupBy : $LookupVal" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |