public/Remove-VPASDPAPolicy.ps1
|
<#
.Synopsis DELETE DPA POLICY CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO DELETE A POLICY FROM DPA .LINK https://vpasmodule.com/commands/Remove-VPASDPAPolicy .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER PolicyID UniqueID of the target policy in DPA .PARAMETER PolicyName Unique name of the target policy in DPA .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $DeletePolicy = Remove-VPASDPAPolicy -PolicyID {POLICY ID VALUE} .EXAMPLE $DeletePolicy = Remove-VPASDPAPolicy -PolicyName {POLICY NAME VALUE} -WhatIf .EXAMPLE $InputParameters = @{ PolicyID = "jakhdkja8792-jhgf-8769-b9ae-akhdjks879" WhatIf = $true|$false HideOutput = $true|$false } $DeletePolicy = Remove-VPASDPAPolicy -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ PolicyName = "Vman Access Policy" WhatIf = $true|$false HideOutput = $true|$false } $DeletePolicy = Remove-VPASDPAPolicy -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Remove-VPASDPAPolicy{ [OutputType([bool],'System.Object')] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique PolicyID of the target policy (for example: jakhdkja8792-jhgf-8769-b9ae-akhdjks879)")] [String]$PolicyID, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Policy name of the target policy (for example: `"Vman Access Policy`")")] [String]$PolicyName, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$HideWhatIfOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("PolicyID","WhatIf","HideWhatIfOutput") MandatoryKeys = @("PolicyID") } set2 = @{ AcceptableKeys = @("PolicyName","WhatIf","HideWhatIfOutput") MandatoryKeys = @("PolicyName") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO REMOVE POLICY" Write-VPASOutput -str $_ -type E return $false } try{ if($SubDomain -eq "N/A"){ Write-VPASOutput -str "SelfHosted + PriviledgeCloud Standard solutions do not support this API Call, returning false" -type E $log = Write-VPASTextRecorder -inputval "SelfHosted + PrivilegeCloud Standard solutions do not support this API Call, returning false" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval $false -token $token -LogType RETURN return $false } if([String]::IsNullOrEmpty($PolicyID)){ Write-Verbose "NO POLICY ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE POLICY ID BASED ON SPECIFIED PARAMETERS" $PolicyID = Get-VPASDPAPolicyIDHelper -token $token -SearchQuery $PolicyName Write-Verbose "RETURNING POLICY ID" } else{ Write-Verbose "POLICY ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($PolicyID -eq -1){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND TARGET POLICY ID: $PolicyID" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND TARGET POLICY ID: $PolicyID" Write-VPASOutput -str "COULD NOT FIND TARGET POLICY ID: $PolicyID" -type E return $false } else{ write-verbose "MAKING API CALL TO CYBERARK" $uri = "https://$SubDomain.dpa.cyberark.cloud/api/access-policies/$PolicyID" Write-Verbose "CONSTRUCTING URI: $uri" $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASDPAPolicyDetails -PolicyID $PolicyID -token $token $WhatIfPolicyID = $WhatIfInfo.policyId $WhatIfPolicyName = $WhatIfInfo.policyName $WhatIfStatus = $WhatIfInfo.status $WhatIfDescription = $WhatIfInfo.description $WhatIfStartDate = $WhatIfInfo.startDate $WhatIfEndDate = $WhatIfInfo.endDate $WhatIfProviderData = $WhatIfInfo.providersData $WhatIfUserAccessRules = $WhatIfInfo.userAccessRules if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING POLICY WOULD BE DELETED:" -type S Write-VPASOutput -str "PolicyID : $WhatIfPolicyID" -type S Write-VPASOutput -str "PolicyName : $WhatIfPolicyName" -type S Write-VPASOutput -str "Status : $WhatIfStatus" -type S Write-VPASOutput -str "Description : $WhatIfDescription" -type S Write-VPASOutput -str "StartDate : $WhatIfStartDate" -type S Write-VPASOutput -str "EndDate : $WhatIfEndDate" -type S Write-VPASOutput -str "ProviderData : $WhatIfProviderData" -type S Write-VPASOutput -str "UserAccessRules : $WhatIfUserAccessRules" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ PolicyID = $WhatIfPolicyID PolicyName = $WhatIfPolicyName Status = $WhatIfStatus Description = $WhatIfDescription StartDate = $WhatIfStartDate EndDate = $WhatIfEndDate ProviderData = $WhatIfProviderData UserAccessRules = $WhatIfUserAccessRules RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS POLICY WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } else{ if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "SUCCESSFULLY DELETED DPA POLICY: $PolicyID" Write-Verbose "RETURNING TRUE" return $true } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO DELETE DPA POLICY" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |