public/Remove-VPASSafeMember.ps1

<#
.Synopsis
   DELETE SAFE MEMBER
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO DELETE A SAFE MEMBER FROM A SAFE IN CYBERARK
.LINK
   https://vpasmodule.com/commands/Remove-VPASSafeMember
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER safe
   Target unique safe name
.PARAMETER member
   Target unique safe member
.PARAMETER WhatIf
   Run code simulation to see what is affected by running the command as well as any possible implications
   This is a code simulation flag, meaning the command will NOT actually run
.PARAMETER HideWhatIfOutput
   Suppress any code simulation output from the console
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.EXAMPLE
   $WhatIfSimulation = Remove-VPASSafeMember -safe {SAFE NAME} -member {MEMBER VALUE} -WhatIf
.EXAMPLE
   $DeleteSafeMemberStatus = Remove-VPASSafeMember -safe {SAFE VALUE} -member {MEMBER VALUE}
.EXAMPLE
   $InputParameters = @{
        safe = "TargetSafe"
        member = "DeleteSafeMember"
        WhatIf = $true|$false
        HideOutput = $true|$false
   }
   $DeleteSafeMemberStatus = Remove-VPASSafeMember -InputParameters $InputParameters
.OUTPUTS
   $true if successful
   ---
   $false if failed
#>

function Remove-VPASSafeMember{
    [OutputType([bool],'System.Object')]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(

        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target SafeName (for example: TestSafe1)")]
        [String]$safe,

        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target SafeMember (for example: 'Vault Admins')")]
        [String]$member,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Switch]$WhatIf,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Switch]$HideWhatIfOutput,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token

    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("safe","member","WhatIf","HideWhatIfOutput")
                        MandatoryKeys = @("safe","member")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO REMOVE SAFE MEMBER"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{

            write-verbose "MAKING API CALL TO DELETE SAFE MEMBER"
            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members/$member/"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members/$member/"
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD

            if($WhatIf){
                $log = Write-VPASTextRecorder -token $token -LogType WHATIF1
                $WhatIfHash = @{}
                Write-Verbose "INITIATING COMMAND SIMULATION"

                $WhatIfInfo = Get-VPASSafeMemberSearch -safe $safe -member $member -token $token

                if(!$WhatIfInfo){
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -token $token -LogType WHATIF2
                    return $false
                }
                else{
                    $WhatIfInfoSafeUrlId = $WhatIfInfo.safeUrlId
                    $WhatIfInfoSafeName = $WhatIfInfo.safeName
                    $WhatIfInfoSafeNumber = $WhatIfInfo.safeNumber
                    $WhatIfInfoMemberId = $WhatIfInfo.memberId
                    $WhatIfInfoMemberName = $WhatIfInfo.memberName
                    $WhatIfInfoMemberType = $WhatIfInfo.memberType
                    $WhatIfInfoMembershipExpirationDate = $WhatIfInfo.membershipExpirationDate
                    $WhatIfInfoIsExpiredMembershipEnable = $WhatIfInfo.isExpiredMembershipEnable
                    $WhatIfInfoIsPredefinedUser = $WhatIfInfo.isPredefinedUser
                    $WhatIfInfoIsReadOnly = $WhatIfInfo.isReadOnly
                    $WhatIfInfoPermissions = $WhatIfInfo.permissions

                    $WhatIfCounter = 0
                    $WhatIfAccountsAffected = @()

                    $AffectedAccounts = Get-VPASAccountDetails -safe $safe -token $token -HideWarning

                    foreach($AffectedAcct in $AffectedAccounts.value){
                        $AffectedAcctSafe = $AffectedAcct.safeName
                        if($AffectedAcctSafe -eq $WhatIfInfoSafeName){
                            $WhatIfCounter += 1
                            $WhatIfAccountsAffectedHash = @{
                                SafeName = $AffectedAcct.safeName
                                ID = $AffectedAcct.id
                                Address = $AffectedAcct.address
                                Username = $AffectedAcct.userName
                                Name = $AffectedAcct.name
                            }
                            $WhatIfAccountsAffected += $WhatIfAccountsAffectedHash
                        }
                    }

                    if(!$HideWhatIfOutput){
                        Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S
                        Write-VPASOutput -str "THE FOLLOWING SAFE MEMBER WOULD BE DELETED:" -type S
                        Write-VPASOutput -str "SafeUrlId : $WhatIfInfoSafeUrlId" -type S
                        Write-VPASOutput -str "SafeName : $WhatIfInfoSafeName" -type S
                        Write-VPASOutput -str "SafeNumber : $WhatIfInfoSafeNumber" -type S
                        Write-VPASOutput -str "MemberID : $WhatIfInfoMemberId" -type S
                        Write-VPASOutput -str "MemberName : $WhatIfInfoMemberName" -type S
                        Write-VPASOutput -str "MemberType : $WhatIfInfoMemberType" -type S
                        Write-VPASOutput -str "MembershipExpirationDate : $WhatIfInfoMembershipExpirationDate" -type S
                        Write-VPASOutput -str "IsExpiredMembershipEnable : $WhatIfInfoIsExpiredMembershipEnable" -type S
                        Write-VPASOutput -str "IsPredefinedUser : $WhatIfInfoIsPredefinedUser" -type S
                        Write-VPASOutput -str "IsReadOnly : $WhatIfInfoIsReadOnly" -type S
                        Write-VPASOutput -str "Permissions : $WhatIfInfoPermissions" -type S
                        Write-VPASOutput -str "NumberOfAffectedAccounts : $WhatIfCounter" -type S
                        Write-VPASOutput -str "AffectedAccounts : $WhatIfAccountsAffected" -type S
                        Write-VPASOutput -str "---" -type S
                        Write-VPASOutput -str "URI : $uri" -type S
                        Write-VPASOutput -str "METHOD : DELETE" -type S
                        Write-VPASOutput -str " " -type S
                        Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S
                    }

                    $WhatIfHash = @{
                        WhatIf = @{
                            SafeUrlId = $WhatIfInfoSafeUrlId
                            SafeName = $WhatIfInfoSafeName
                            SafeNumber = $WhatIfInfoSafeNumber
                            MemberID = $WhatIfInfoMemberID
                            MemberName = $WhatIfInfoMemberName
                            MemberType = $WhatIfInfoMemberType
                            MembershipExpirationDate = $WhatIfInfoMembershipExpirationDate
                            IsExpiredMembershipEnable = $WhatIfInfoIsExpiredMembershipEnable
                            IsPredefinedUser = $WhatIfInfoIsPredefinedUser
                            IsReadOnly = $WhatIfInfoIsReadOnly
                            Permissions = $WhatIfInfoPermissions
                            RestURI = $uri
                            NumberOfAffectedAccounts = $WhatIfCounter
                            AffectedAccounts = $WhatIfAccountsAffected
                            RestMethod = "DELETE"
                            Disclaimer = "THIS SAFE MEMBER WILL BE DELETED IF -WhatIf FLAG IS REMOVED"
                        }
                    }
                    $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json
                    $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY
                    $log = Write-VPASTextRecorder -token $token -LogType WHATIF2
                    return $WhatIfJSON
                }
            }
            else{
                if($sessionval){
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval
                }
                else{
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json"
                }
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
                Write-Verbose "API CALL MADE SUCCESSFULLY"
                Write-Verbose "SAFE MEMBER WAS DELETED, RETURNING TRUE"
                return $true
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO DELETE SAFE MEMBER"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}