public/Remove-VPASApplication.ps1
|
<#
.Synopsis DELETE APPLICATION ID CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION THIS FUNCTION DELETES AN APPLICATION ID FROM CYBERARK .LINK https://vpasmodule.com/commands/Remove-VPASApplication .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER AppID Unique ApplicationID (or Application Name) that will be used by the credential provider(s) to retrieve credentials .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $WhatIfSimulation = Remove-VPASApplication -AppID {APPLICATION ID VALUE} -WhatIf .EXAMPLE $DeleteApplicationStatus = Remove-VPASApplication -AppID {APPLICATION ID VALUE} .EXAMPLE $InputParameters = @{ AppID = "DeleteApplication" WhatIf = $true|$false HideOutput = $true|$false } $DeleteApplicationStatus = Remove-VPASApplication -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Remove-VPASApplication{ [OutputType([bool],'System.Object')] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target ApplicationID (for example: TestApplication1)")] [String]$AppID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$HideWhatIfOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("AppID","WhatIf","HideWhatIfOutput") MandatoryKeys = @("AppID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO REMOVE APPLICATION" Write-VPASOutput -str $_ -type E return $false } try{ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/WebServices/PIMServices.svc/Applications/$AppID/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASApplicationDetails -AppID $AppID -token $token if($WhatIfInfo){ $WhatIfHash = @{} $WhatIfInfoAppID = $WhatIfInfo.application.AppID $WhatIfInfoLocation = $WhatIfInfo.application.Location $WhatIfInfoDisabled = $WhatIfInfo.application.Disabled $WhatIfInfoDescription = $WhatIfInfo.application.Description $WhatIfInfoBusinessOwnerEmail = $WhatIfInfo.application.BusinessOwnerEmail $WhatIfInfoBusinessOwnerFName = $WhatIfInfo.application.BusinessOwnerFName $WhatIfInfoBusinessOwnerLName = $WhatIfInfo.application.BusinessOwnerLName $WhatIfInfoBusinessOwnerPhone = $WhatIfInfo.application.BusinessOwnerPhone #AFFECTED SAFES $WhatIfAffectedSafesCount = 0 $WhatIfAffectedSafes = @() $CheckSafes = Get-VPASAllSafes -token $token foreach($safe in $CheckSafes.value){ $CheckSafeName = $safe.safeName $CheckTargetGroup = Get-VPASSafeMemberSearch -safe $CheckSafeName -member $WhatIfInfoAppID -token $token 6> $null if($CheckTargetGroup){ $WhatIfAffectedSafesCount += 1 $WhatIfAffectedSafes += $CheckSafeName } } #AFFECTED ACCOUNTS $WhatIfAffectedAccountsCounter = 0 $WhatIfAffectedAccounts = @() foreach($safe in $WhatIfAffectedSafes){ $miniHash = @{} $AffectedAccounts = Get-VPASAccountDetails -safe $safe -token $token -HideWarning foreach($AffectedAcct in $AffectedAccounts.value){ $AffectedAcctSafe = $AffectedAcct.safeName if($AffectedAcctSafe -eq $safe){ $WhatIfAffectedAccountsCounter += 1 $miniHash = @{ SafeName = $AffectedAcct.safeName ID = $AffectedAcct.id Address = $AffectedAcct.address Username = $AffectedAcct.userName Name = $AffectedAcct.name } $WhatIfAffectedAccounts += $miniHash } } } if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING APPLICATION WOULD BE DELETED:" -type S Write-VPASOutput -str "AppID : $WhatIfInfoAppID" -type S Write-VPASOutput -str "Location : $WhatIfInfoLocation" -type S Write-VPASOutput -str "Disabled : $WhatIfInfoDisabled" -type S Write-VPASOutput -str "Description : $WhatIfInfoDescription" -type S Write-VPASOutput -str "BusinessOwnerEmail : $WhatIfInfoBusinessOwnerEmail" -type S Write-VPASOutput -str "BusinessOwnerFName : $WhatIfInfoBusinessOwnerFName" -type S Write-VPASOutput -str "BusinessOwnerLName : $WhatIfInfoBusinessOwnerLName" -type S Write-VPASOutput -str "BusinessOwnerPhone : $WhatIfInfoBusinessOwnerPhone" -type S Write-VPASOutput -str "NumberOfAffectedAccounts : $WhatIfAffectedAccountsCounter" -type S Write-VPASOutput -str "AffectedAccounts : $WhatIfAffectedAccounts" -type S Write-VPASOutput -str "NumberOfAffectedSafes : $WhatIfAffectedSafesCount" -type S Write-VPASOutput -str "AffectedSafes : $WhatIfAffectedSafes" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ AppID = $WhatIfInfoAppID Location = $WhatIfInfoLocation Disabled = $WhatIfInfoDisabled Description = $WhatIfInfoDescription BusinessOwnerEmail = $WhatIfInfoBusinessOwnerEmail BusinessOwnerFName = $WhatIfInfoBusinessOwnerFName BusinessOwnerLName = $WhatIfInfoBusinessOwnerLName BusinessOwnerPhone = $WhatIfInfoBusinessOwnerPhone RestURI = $uri NumberOfAffectedSafes = $WhatIfAffectedSafesCount AffectedSafes = $WhatIfAffectedSafes NumberOfAffectedAccounts = $WhatIfAffectedAccountsCounter AffectedAccounts = $WhatIfAffectedAccounts RestMethod = "DELETE" Disclaimer = "THIS APPLICATION WILL BE DELETED IF -WhatIf FLAG IS REMOVED" Disclaimer2 = "THIS CODE SIMULATION DOES NOT DIG INTO NESTED GROUPS...YET..." } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } } else{ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "$AppID DELETED FROM CYBERARK" $output = $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO DELETE $AppID, CONFIRM APPID EXISTS IN CYBERARK" Write-VPASOutput -str $_ -type E $output = $false } return $output } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |