public/Get-VPASAccountDetails.ps1

<#
.Synopsis
   GET ACCOUNT DETAILS
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO GET DETAILS OF AN ACCOUNT IN CYBERARK
.LINK
   https://vpasmodule.com/commands/Get-VPASAccountDetails
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER safe
   Safe name that will be used to query for the target account if no AcctID is passed
.PARAMETER username
   Username that will be used to query for the target account if no AcctID is passed
.PARAMETER platform
   PlatformID that will be used to query for the target account if no AcctID is passed
.PARAMETER address
   Address that will be used to query for the target account if no AcctID is passed
.PARAMETER AcctID
   Unique ID that maps to a single account, passing this variable will skip any query functions
.PARAMETER ExactMatch
   Returns accounts that match search query exactly (not a wildcard search)
.PARAMETER HideWarning
   Hide any warning outputs from the console during the API session
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.PARAMETER SavedFilter
   Returns accounts based on a prebuilt search query
   Possible values: "Regular", "Recently", "New", "Link", "Deleted", "PolicyFailures", "AccessedByUsers", "ModifiedByUsers", "ModifiedByCPM", "DisabledPasswordByUser", "DisabledPasswordByCPM", "ScheduledForChange", "ScheduledForVerify", "ScheduledForReconcile", "SuccessfullyReconciled", "FailedChange", "FailedVerify", "FailedReconcile", "LockedOrNew", "Locked", "Favorites"
.EXAMPLE
   $AccountDetailsJSON = Get-VPASAccountDetails -safe {SAFE VALUE} -username {USERNAME VALUE}
.EXAMPLE
   $AccountDetailsJSON = Get-VPASAccountDetails -AcctID {ACCTID VALUE}
.EXAMPLE
   $InputParameters = @{
        AcctID = 3_12
   }
   $AccountDetailsJSON = Get-VPASAccountDetails -InputParameters $InputParameters
.EXAMPLE
   $InputParameters = @{
        safe = "TargetSafeName"
        platform = "TargetPlatformID"
        username = "TargetUsername"
        address = "TargetAddress"
        ExactMatch = $true|$false
        HideWarning = $true|$false
        SavedFilter = "Regular"|"Recently"|"New"|"Link"|"Deleted"|"PolicyFailures"|"AccessedByUsers"|"ModifiedByUsers"|"ModifiedByCPM"|"DisabledPasswordByUser"|"DisabledPasswordByCPM"|"ScheduledForChange"|"ScheduledForVerify"|"ScheduledForReconcile"|"SuccessfullyReconciled"|"FailedChange"|"FailedVerify"|"FailedReconcile"|"LockedOrNew"|"Locked"|"Favorites"
   }
   $AccountDetailsJSON = Get-VPASAccountDetails -InputParameters $InputParameters
.OUTPUTS
   If successful:
   {
        "categoryModificationTime": 1715701023,
        "platformId": "VPASDualControl",
        "safeName": "VPASRequestSafe",
        "id": "120_3",
        "name": "Operating System-VPASDualControl-vman.com-DomainAdmin01",
        "address": "vman.com",
        "userName": "DomainAdmin011",
        "secretType": "password",
        "secretManagement": {
                                 "automaticManagementEnabled": true,
                                 "lastModifiedTime": 1715222718
                             },
        "createdTime": 1715222718
   }
   ---
   $false if failed
#>

function Get-VPASAccountDetails{
    [OutputType('System.Object','System.Collections.Hashtable',[bool])]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$safe,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$platform,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$username,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$address,

        [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique AccountID that references the target account (for example: 3_12)")]
        [String]$AcctID,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Switch]$ExactMatch,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Switch]$HideWarning,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('Regular','Recently','New','Link','Deleted','PolicyFailures','AccessedByUsers','ModifiedByUsers','ModifiedByCPM','DisabledPasswordByUser','DisabledPasswordByCPM','ScheduledForChange','ScheduledForVerify','ScheduledForReconcile','SuccessfullyReconciled','FailedChange','FailedVerify','FailedReconcile','LockedOrNew','Locked','Favorites')]
        [String]$SavedFilter
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("safe","platform","username","address","ExactMatch","HideWarning","SavedFilter")
                        MandatoryKeys = @()
                    }
                    set2 = @{
                        AcceptableKeys = @("AcctID")
                        MandatoryKeys = @("AcctID")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO GET ACCOUNT DETAILS"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{
            if(![String]::IsNullOrEmpty($SavedFilter)){
                Write-Verbose "SELECTED SAVED FILTER"
                $searchQuery = $SavedFilter
                Write-verbose "MAKING API CALL TO CYBERARK"

                if($NoSSL){
                    Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                    $uri = "http://$PVWA/PasswordVault/api/Accounts?limit=1000&savedFilter=$searchQuery"
                }
                else{
                    Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                    $uri = "https://$PVWA/PasswordVault/api/Accounts?limit=1000&savedFilter=$searchQuery"
                }
                $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

                $output = @{
                    count = 0
                    value = ""
                }

                if($sessionval){
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
                }
                else{
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
                }
                $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY

                $output.count = $response.count
                $output.value = $response.value
                $nextlink = $response.nextLink
                while(![String]::IsNullOrEmpty($nextlink)){
                    if($NoSSL){
                        Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                        $uri = "http://$PVWA/PasswordVault/$nextlink"
                    }
                    else{
                        Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                        $uri = "https://$PVWA/PasswordVault/$nextlink"
                    }
                    $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                    $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

                    if($sessionval){
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
                    }
                    else{
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
                    }
                    $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN

                    $output.count += $response.count
                    $output.value += $response.value
                    $nextlink = $response.nextLink
                }

                $result = $output
                Write-Verbose "PARSING DATA FROM CYBERARK"

                $counter = $result.count
                #-------------------------------------
                Write-Verbose "RETURNING ALL DATA FOR ACCOUNTS"
                $outputlog = $response
                return $result
            }
            else{
                if([String]::IsNullOrEmpty($AcctID)){
                    Write-Verbose "NO ACCTID SUPPLIED"
                    Write-Verbose "BUILDING SEARCH QUERY"
                    $searchQuery = "$safe $platform $username $address"
                    Write-verbose "MAKING API CALL TO CYBERARK"

                    if($NoSSL){
                        Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                        $uri = "http://$PVWA/PasswordVault/api/Accounts?limit=1000&search=$searchQuery"
                    }
                    else{
                        Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                        $uri = "https://$PVWA/PasswordVault/api/Accounts?limit=1000&search=$searchQuery"
                    }
                    $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                    $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

                    $output = @{
                        count = 0
                        value = ""
                    }

                    if($sessionval){
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
                    }
                    else{
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
                    }
                    $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY

                    $output.count = $response.count
                    $output.value = $response.value
                    $nextlink = $response.nextLink
                    while(![String]::IsNullOrEmpty($nextlink)){
                        if($NoSSL){
                            Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                            $uri = "http://$PVWA/PasswordVault/$nextlink"
                        }
                        else{
                            Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                            $uri = "https://$PVWA/PasswordVault/$nextlink"
                        }
                        $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                        $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

                        if($sessionval){
                            $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
                        }
                        else{
                            $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
                        }
                        $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN

                        $output.count += $response.count
                        $output.value += $response.value
                        $nextlink = $response.nextLink
                    }

                    if($ExactMatch){
                        Write-Verbose "PARSING DATA FROM CYBERARK"
                        $newoutput = @{}
                        $arr = @()
                        $newcount = 0
                        foreach($rec in $output.value){
                            $curMatch = $true
                            $recSafeName = $rec.safeName
                            $recPlatform = $rec.platformId
                            $recAddress = $rec.address
                            $recUsername = $rec.userName

                            if(![String]::IsNullOrEmpty($safe)){ if($safe -ne $recSafeName){ $curMatch = $false }}
                            if(![String]::IsNullOrEmpty($platform)){ if($platform -ne $recPlatform){ $curMatch = $false }}
                            if(![String]::IsNullOrEmpty($address)){ if($address -ne $recAddress){ $curMatch = $false }}
                            if(![String]::IsNullOrEmpty($username)){ if($username -ne $recUsername){ $curMatch = $false }}

                            if($curMatch){
                                $newcount += 1
                                $arr += $rec
                            }
                        }
                        $newoutput = @{
                            count = $newcount
                            value = $arr
                        }
                        $result = $newoutput
                    }
                    else{
                        $result = $output
                        Write-Verbose "PARSING DATA FROM CYBERARK"
                    }

                    $counter = $result.count
                    if($counter -gt 1){
                        if(!$HideWarning){
                            Write-VPASOutput -str "MULTIPLE ENTRIES FOUND, ADD MORE SEARCH FIELDS TO NARROW DOWN RESULTS" -type M
                        }
                        Write-Verbose "MULTIPLE RECORDS WERE RETURNED, ADD MORE SEARCH FIELDS TO NARROW DOWN RESULTS"
                    }
                    elseif($counter -eq 0){
                        Write-Verbose "NO ACCOUNTS FOUND WITH SPECIFIED PARAMETERS"
                        if(!$HideWarning){
                            Write-VPASOutput -str "NO ACCOUNTS FOUND" -type M
                        }
                        $log = Write-VPASTextRecorder -inputval "NO ACCOUNTS FOUND" -token $token -LogType MISC
                        $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                        return $false
                    }
                    #-------------------------------------
                    Write-Verbose "RETURNING ALL DATA FOR ACCOUNTS"
                    $outputlog = $response
                    return $result
                }
                else{
                    Write-Verbose "ACCTID SUPPLIED, SKIPPING SEARCH QUERY"
                    if($NoSSL){
                        Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                        $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID"
                    }
                    else{
                        Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                        $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID"
                    }
                    $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                    $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

                    if($sessionval){
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
                    }
                    else{
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
                    }
                    $outputlog = $response
                    $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN
                    return $response
                }
            }

        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "COULD NOT GET ACCOUNT DETAILS"
            if(!$HideWarning){
                Write-VPASOutput -str $_ -type E
            }
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}