public/Remove-VPASAuthenticationMethod.ps1
|
<#
.Synopsis DELETE AUTHENTICATION METHOD CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO DELETE AUTHENTICATION METHOD INTO CYBERARK .LINK https://vpasmodule.com/commands/Remove-VPASAuthenticationMethod .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER AuthMethodSearch Search string to find the target AuthenticationMethod .PARAMETER AuthMethodID Unique ID that maps to the target AuthenticationMethod Supply AuthMethodID to skip any querying for target AuthenticationMethod .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $WhatIfSimulation = Remove-VPASAuthenticationMethod -AuthMethodID {AUTH METHOD ID VALUE} -WhatIf .EXAMPLE $DeleteAuthenticationMethodStatus = Remove-VPASAuthenticationMethod -AuthMethodID {AUTH METHOD ID VALUE} .EXAMPLE $InputParameters = @{ AuthMethodSearch = "saml" WhatIf = $true|$false HideOutput = $true|$false } $DeleteAuthenticationMethodStatus = Remove-VPASAuthenticationMethod -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ AuthMethodID = "samlv2" WhatIf = $true|$false HideOutput = $true|$false } $DeleteAuthenticationMethodStatus = Remove-VPASAuthenticationMethod -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Remove-VPASAuthenticationMethod{ [OutputType([bool],'System.Object')] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find target authentication method (for example: saml)")] [String]$AuthMethodSearch, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique authentication method ID of the target authentication method (for example: samlv3)")] [String]$AuthMethodID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$HideWhatIfOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("AuthMethodSearch","WhatIf","HideWhatIfOutput") MandatoryKeys = @("AuthMethodSearch") } set2 = @{ AcceptableKeys = @("AuthMethodID","WhatIf","HideWhatIfOutput") MandatoryKeys = @("AuthMethodID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO REMOVE AUTHENTICATION METHOD" Write-VPASOutput -str $_ -type E return $false } try{ if([String]::IsNullOrEmpty($AuthMethodID)){ Write-Verbose "NO AUTH METHOD ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE AUTH METHOD ID BASED ON SPECIFIED PARAMETERS" $AuthMethodID = Get-VPASAuthenticationMethodIDHelper -token $token -AuthenticationMethodSearch $AuthMethodSearch Write-Verbose "RETURNING AUTH METHOD ID" } else{ Write-Verbose "AUTH METHOD ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/Configuration/AuthenticationMethods/$AuthMethodID/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASAuthenticationMethods -token $token if(!$WhatIfInfo){ $log = Write-VPASTextRecorder -inputval "UNABLE TO QUERY AUTHENTICATION METHODS...RETURNING FALSE" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 Write-Verbose "UNABLE TO QUERY AUTHENTICATION METHODS...RETURNING FALSE" Write-VPASOutput "UNABLE TO QUERY AUTHENTICATION METHODS" -type E return $false } foreach($WhatIfMethod in $WhatIfInfo.Methods){ $WhatIfID = $WhatIfMethod.id $WhatIfDisplayName = $WhatIfMethod.displayName $WhatIfEnabled = $WhatIfMethod.enabled $WhatIfMobileEnabled = $WhatIfMethod.mobileEnabled $WhatIfLogoffURL = $WhatIfMethod.logoffUrl $WhatIfSecondFactorAuth = $WhatIfMethod.secondFactorAuth $WhatIfSignInLabel = $WhatIfMethod.signInLabel $WhatIfUsernameFieldLabel = $WhatIfMethod.usernameFieldLabel $WhatIfPasswordFieldLabel = $WhatIfMethod.passwordFieldLabel if($WhatIfID -eq $AuthMethodID){ if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING AUTHENTICATION METHOD WOULD BE DELETED:" -type S Write-VPASOutput -str "ID : $WhatIfID" -type S Write-VPASOutput -str "DisplayName : $WhatIfDisplayName" -type S Write-VPASOutput -str "Enabled : $WhatIfEnabled" -type S Write-VPASOutput -str "MobileEnabled : $WhatIfMobileEnabled" -type S Write-VPASOutput -str "LogoffURL : $WhatIfLogoffURL" -type S Write-VPASOutput -str "SecondFactorAuth : $WhatIfSecondFactorAuth" -type S Write-VPASOutput -str "SignInLabel : $WhatIfSignInLabel" -type S Write-VPASOutput -str "UsernameFieldLabel : $WhatIfUsernameFieldLabel" -type S Write-VPASOutput -str "PasswordFieldLabel : $WhatIfPasswordFieldLabel" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ ID = $WhatIfID DisplayName = $WhatIfDisplayName Enabled = $WhatIfEnabled MobileEnabled = $WhatIfMobileEnabled LogoffURL = $WhatIfLogoffURL SecondFactorAuth = $WhatIfSecondFactorAuth SignInLabel = $WhatIfSignInLabel UsernameFieldLabel = $WhatIfUsernameFieldLabel PasswordFieldLabel = $WhatIfPasswordFieldLabel RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS AUTHENTICATION METHOD WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } } $log = Write-VPASTextRecorder -inputval "UNABLE TO FIND TARGET AUTHENTICATION METHOD ID...RETURNING FALSE" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 Write-Verbose "UNABLE TO FIND TARGET AUTHENTICATION METHOD ID...RETURNING FALSE" Write-VPASOutput "UNABLE TO FIND TARGET AUTHENTICATION METHOD ID" -type E return $false } else{ write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "AUTHENTICATION METHOD ID HAS BEEN DELETED" Write-Verbose "RETURNING TRUE" return $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO DELETE AUTHENTICATION METHOD ID" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |