public/Remove-VPASIdentityAdminSecurityQuestion.ps1

<#
.Synopsis
   DELETE SPECIFIC ADMIN SECURITY QUESTION IN IDENTITY
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO DELETE A SPECIFIC ADMIN SECURITY QUESTION IN IDENTITY
.LINK
   https://vpasmodule.com/commands/Remove-VPASIdentityAdminSecurityQuestion
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER QuestionSearchQuery
   Search query to locate the target admin security question
.PARAMETER QuestionID
   Unique target QuestionID mapping to the target admin security question
   Supply the QuestionID to skip any querying for target admin security question
.PARAMETER Confirm
   Skip the confirmation prompt confirming the removal of the admin security question
.PARAMETER WhatIf
   Run code simulation to see what is affected by running the command as well as any possible implications
   This is a code simulation flag, meaning the command will NOT actually run
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.PARAMETER HideWhatIfOutput
   Suppress any code simulation output from the console
.EXAMPLE
   $WhatIfSimulation = Remove-VPASIdentityAdminSecurityQuestion -QuestionSearchQuery {QUESTIONSEARCHQUERY VALUE} -WhatIf
.EXAMPLE
   $DeleteSecurityQuestion = Remove-VPASIdentityAdminSecurityQuestion -QuestionSearchQuery {QUESTIONSEARCHQUERY VALUE}
.EXAMPLE
   $DeleteSecurityQuestion = Remove-VPASIdentityAdminSecurityQuestion -QuestionID {QUESTIONID VALUE}
.EXAMPLE
   $InputParameters = @{
        QuestionSearchQuery = "query to find a question"
        Confirm = $true|$false
        WhatIf = $true|$false
        HideWhatIfOutput = $true|$false
   }
   $DeleteSecurityQuestion = Remove-VPASIdentityAdminSecurityQuestion -InputParameters $InputParameters
.EXAMPLE
   $InputParameters = @{
        QuestionID = "1234-abcd-7890-poiuy-7628jhg"
        Confirm = $true|$false
        WhatIf = $true|$false
        HideWhatIfOutput = $true|$false
   }
   $DeleteSecurityQuestion = Remove-VPASIdentityAdminSecurityQuestion -InputParameters $InputParameters
.OUTPUTS
   $true if successful
   ---
   $false if failed
#>

function Remove-VPASIdentityAdminSecurityQuestion{
    [OutputType([bool],'System.Object')]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(

        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find the target admin security question (for example: `"query to find a question`")")]
        [String]$QuestionSearchQuery,

        [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique ID to find the target admin security question (for example: 1234-abcd-7890-poiuy-7628jhg)")]
        [String]$QuestionID,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [Switch]$Confirm,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [Switch]$WhatIf,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [Switch]$HideWhatIfOutput,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("QuestionSearchQuery","Confirm","WhatIf","HideWhatIfOutput")
                        MandatoryKeys = @("QuestionSearchQuery")
                    }
                    set2 = @{
                        AcceptableKeys = @("QuestionID","Confirm","WhatIf","HideWhatIfOutput")
                        MandatoryKeys = @("QuestionID")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO RETRIEVE SECURITY QUESTIONS"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{
            if($WhatIf){
                $Confirm = $true
            }
            if(!$IdentityURL){
                $log = Write-VPASTextRecorder -inputval "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-VPASOutput -str "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY, TERMINATING API CALL" -type E
                return $false
            }

            if([String]::IsNullOrEmpty($QuestionID)){
                Write-Verbose "NO QUESTION ID PASSED"
                Write-Verbose "INVOKING HELPER FUNCTION TO RETRIEVE QUESTION ID"

                $QuestionID = Get-VPASSecurityQuestionIDIdentityHelper -token $token -SecurityQuestion $QuestionSearchQuery

                if($QuestionID -eq -1){
                    $log = Write-VPASTextRecorder -inputval "MULTIPLE QUESTION ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-VPASOutput -str "MULTIPLE QUESTION ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -type E
                    Write-VPASOutput -str "RETURNING FALSE" -type E
                    return $false
                }
                elseif($QuestionID -eq -2){
                    $log = Write-VPASTextRecorder -inputval "NO QUESTION ENTRIES WERE RETURNED" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-VPASOutput -str "NO QUESTION ENTRIES WERE RETURNED" -type E
                    Write-VPASOutput -str "RETURNING FALSE" -type E
                    return $false
                }
                else{
                    Write-Verbose "FOUND UNIQUE QUESTION ID"
                }
            }
            else{
                Write-Verbose "QUESTION ID PASSED, SKIPPING HELPER FUNCTION"
            }


            $params = @{
                Id = $QuestionID
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$IdentityURL/TenantConfig/DeleteAdminSecurityQuestion"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$IdentityURL/TenantConfig/DeleteAdminSecurityQuestion"
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

            if(!$Confirm){
                Write-VPASOutput -str "ARE YOU SURE YOU WANT TO DELETE THIS SECURITY QUESTION:" -type C
                $QuestionContext = Get-VPASIdentityAdminSecurityQuestion -token $token -QuestionID $QuestionID
                $outputQuestion = $QuestionContext.Question
                Write-VPASOutput -str "$outputQuestion [Y/N]: " -type Y
                $choice = Read-Host

                if($choice -eq 'y' -or $choice -eq 'Y'){
                    #DO NOTHING
                }
                else{
                    $log = Write-VPASTextRecorder -inputval "CANCELING OPERATION" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    return $false
                }
            }

            if($WhatIf){
                $log = Write-VPASTextRecorder -token $token -LogType WHATIF1
                $WhatIfHash = @{}
                Write-Verbose "INITIATING COMMAND SIMULATION"

                $WhatIfInfo = Get-VPASIdentityAdminSecurityQuestion -QuestionID $QuestionID -token $token

                if(!$WhatIfInfo){
                    $log = Write-VPASTextRecorder -inputval "UNABLE TO FIND TARGET ADMIN SECURITY QUESTION IN IDENTITY" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -token $token -LogType WHATIF2
                    Write-VPASOutput "UNABLE TO FIND TARGET ADMIN SECURITY QUESTION IN IDENTITY...RETURNING FALSE" -type E
                    Write-Verbose "UNABLE TO FIND TARGET ADMIN SECURITY QUESTION IN IDENTITY...RETURNING FALSE"
                    return $false
                }

                $WhatIfUUID = $WhatIfInfo.Uuid
                $WhatIfCulture = $WhatIfInfo.Culture
                $WhatIfQuestion = $WhatIfInfo.Question

                if(!$HideWhatIfOutput){
                    Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S
                    Write-VPASOutput -str "THE FOLLOWING ADMIN SECURITY QUESTION WOULD BE DELETED:" -type S
                    Write-VPASOutput -str "UUID : $WhatIfUUID" -type S
                    Write-VPASOutput -str "Culture : $WhatIfCulture" -type S
                    Write-VPASOutput -str "Question : $WhatIfQuestion" -type S
                    Write-VPASOutput -str "---" -type S
                    Write-VPASOutput -str "URI : $uri" -type S
                    Write-VPASOutput -str "METHOD : DELETE" -type S
                    Write-VPASOutput -str " " -type S
                    Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S
                }
                $WhatIfHash = @{
                    WhatIf = @{
                        UUID = $WhatIfUUID
                        Culture = $WhatIfCulture
                        Question = $WhatIfQuestion
                        RestURI = $uri
                        RestMethod = "DELETE"
                        Disclaimer = "THIS ADMIN SECURITY QUESTION WILL BE DELETED IF -WhatIf FLAG IS REMOVED"
                    }
                }
                $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json
                $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY
                $log = Write-VPASTextRecorder -token $token -LogType WHATIF2
                return $WhatIfJSON
            }
            else{
                if($sessionval){
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval
                }
                else{
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json"
                }
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
                Write-Verbose "PARSING DATA FROM CYBERARK"
                return $true
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO QUERY ADMIN SECURITY QUESTIONS"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}