public/Get-VPASIdentityAdminSecurityQuestion.ps1
|
<#
.Synopsis GET SPECIFIC ADMIN SECURITY QUESTION IN IDENTITY CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RETRIEVE A SPECIFIC ADMIN SECURITY QUESTION IN IDENTITY .LINK https://vpasmodule.com/commands/Get-VPASIdentityAdminSecurityQuestion .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER QuestionSearchQuery Search query to locate the target admin security question .PARAMETER QuestionID Unique target QuestionID mapping to the target admin security question Supply the QuestionID to skip any querying for target admin security question .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $AdminSecurityQuestion = Get-VPASIdentityAdminSecurityQuestion -QuestionSearchQuery {QUESTIONSEARCHQUERY VALUE} .EXAMPLE $AdminSecurityQuestion = Get-VPASIdentityAdminSecurityQuestion -QuestionID {QUESTIONID VALUE} .EXAMPLE $InputParameters = @{ QuestionSearchQuery = "favorite color" } $AdminSecurityQuestion = Get-VPASIdentityAdminSecurityQuestion -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ QuestionID = "a_7892jhksdf-wefw-hgdfgh-6465-sjkldfh8497" } $AdminSecurityQuestion = Get-VPASIdentityAdminSecurityQuestion -InputParameters $InputParameters .OUTPUTS If successful: { "Uuid": "a_7892jhksdf-wefw-hgdfgh-6465-sjkldfh8497", "Culture": "all", "Question": "What is your favorite color?" } --- $false if failed #> function Get-VPASIdentityAdminSecurityQuestion{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find the target admin security question (for example: favorite color)")] [String]$QuestionSearchQuery, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique QuestionID of the target admin security question (for example: a_7892jhksdf-wefw-hgdfgh-6465-sjkldfh8497)")] [String]$QuestionID, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("QuestionSearchQuery") MandatoryKeys = @("QuestionSearchQuery") } set2 = @{ AcceptableKeys = @("QuestionID") MandatoryKeys = @("QuestionID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE SECURITY QUESTIONS" Write-VPASOutput -str $_ -type E return $false } try{ if(!$IdentityURL){ $log = Write-VPASTextRecorder -inputval "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY, TERMINATING API CALL" -type E return $false } if([String]::IsNullOrEmpty($QuestionID)){ Write-Verbose "NO QUESTION ID PASSED" Write-Verbose "INVOKING HELPER FUNCTION TO RETRIEVE QUESTION ID" $QuestionID = Get-VPASSecurityQuestionIDIdentityHelper -token $token -SecurityQuestion $QuestionSearchQuery if($QuestionID -eq -1){ $log = Write-VPASTextRecorder -inputval "MULTIPLE ENTRIES WERE RETURNED, ADD MORE TO SEARCH QUERY TO NARROW RESULTS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "MULTIPLE QUESTION ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } elseif($QuestionID -eq -2){ Write-VPASOutput -str "NO QUESTION ENTRIES WERE RETURNED" -type E Write-VPASOutput -str "RETURNING FALSE" -type E $log = Write-VPASTextRecorder -inputval "COULD NOT FIND TARGET ENTRY" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC return $false } else{ Write-Verbose "FOUND UNIQUE QUESTION ID" } } else{ Write-Verbose "QUESTION ID PASSED, SKIPPING HELPER FUNCTION" } $params = @{ Id = $QuestionID } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$IdentityURL/TenantConfig/GetAdminSecurityQuestion" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$IdentityURL/TenantConfig/GetAdminSecurityQuestion" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } if($response.success){ Write-Verbose "PARSING DATA FROM CYBERARK" $outputlog = $response.Result $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN return $response.Result } else{ $errmessage = $response.Message Write-Verbose "UNABLE TO FIND TARGET ADMIN SECURITY QUESTION" $log = Write-VPASTextRecorder -inputval "$errmessage" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "$errmessage" -type E return $false } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO QUERY ADMIN SECURITY QUESTIONS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |