public/Update-VPASSafe.ps1
|
<#
.Synopsis UPDATE SAFE CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO UPDATE SAFE VALUES IN CYBERARK .LINK https://vpasmodule.com/commands/Update-VPASSafe .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER safe Target unique safe name .PARAMETER field Specify which field will be updated Possible values: SafeName, Description, OLACEnabled, ManagingCPM, NumberOfVersionsRetention, NumberOfDaysRetention .PARAMETER fieldval Target value to update the target field with .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $UpdateSafeJSON = Update-VPASSafe -safe {SAFE VALUE} -field {FIELD VALUE} -fieldval {FIELDVAL VALUE} .EXAMPLE $InputParameters = @{ safe = "TargetSafeName" field = "SafeName"|"Description"|"ManagingCPM"|"NumberOfVersionsRetention"|"NumberOfDaysRetention" fieldval = "New description as an example" } $UpdateSafeJSON = Update-VPASSafe -InputParameters $InputParameters .OUTPUTS If successful: { "safeUrlId": "NewSafeVpas", "safeName": "NewSafeVpas", "safeNumber": 133, "description": "Updated description for documentation", "location": "\\", "creator": { "id": "8c904dd3-b9f1-4e02-b4b0-1234", "name": "vman@cyberark.cloud.1234" }, "olacEnabled": false, "managingCPM": "ISPSSConnector", "numberOfVersionsRetention": null, "numberOfDaysRetention": 7, "autoPurgeEnabled": false, "creationTime": 1723779203, "lastModificationTime": 1723869537064880 } --- $false if failed #> function Update-VPASSafe{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target Safe to update (for example: TestSafe1)")] [String]$safe, [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter which field to update (SafeName, Description, ManagingCPM, NumberOfVersionsRetention, NumberOfDaysRetention)")] [ValidateSet('SafeName','Description','ManagingCPM','NumberOfVersionsRetention','NumberOfDaysRetention')] [String]$field, [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Value to update the safe with")] [String]$fieldval, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("safe","field","fieldval") MandatoryKeys = @("safe","field","fieldval") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO UPDATE SAFE" Write-VPASOutput -str $_ -type E return $false } #MISC SECTION if([String]::IsNullOrEmpty($field)){ Write-VPASOutput -str "FIELD VALUE CAN NOT BE NULL, POSSIBLE VALUES: safename, description, olacenabled, managingcpm, numberofversionretention, numberofdaysretention" -type E return $false } else{ $fieldlower = $field.ToLower() $trigger = 0 if($fieldlower -eq "safename"){ $trigger = 1 Write-Verbose "EDITING SAFE NAME" } elseif($fieldlower -eq "description"){ $trigger = 2 Write-Verbose "EDITING DESCRIPTION" } elseif($fieldlower -eq "olacenabled"){ $trigger = 3 Write-Verbose "EDITING OLAC ENABLED" } elseif($fieldlower -eq "managingcpm"){ $trigger = 4 Write-Verbose "EDITING MANAGING CPM" } elseif($fieldlower -eq "numberofversionsretention"){ $trigger = 5 Write-Verbose "EDITING NUMBER OF VERSIONS RETENTION" } elseif($fieldlower -eq "numberofdaysretention"){ $trigger = 6 Write-Verbose "EDITING NUMBER OF DAYS RETENTION" } else{ Write-Verbose "INVALID VALUE FOR FIELD" return $false } } Write-Verbose "RETRIEVING CURRENT SAFE DETAILS" $curParams = Get-VPASSafeDetails -token $token -safe $safe if(!$curParams){ $log = Write-VPASTextRecorder -inputval "COULD NOT RETRIEVE CURRENT SAFE DETAILS FOR: $safe" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC return $false } $curSafeName = $curParams.safeName $curLocation = $curParams.location $curOLAC = $curParams.olacEnabled $curDescription = $curParams.description $curCPM = $curParams.managingCPM $curVersions = $curParams.numberOfVersionsRetention $curDays = $curParams.numberOfDaysRetention $params = @{ safeName = $curSafeName location = $curLocation olacEnabled = $curOLAC description = $curDescription managingCPM = $curCPM numberOfVersionsRetention = $curVersions numberOfDaysRetention = $curDays } if([String]::IsNullOrWhiteSpace($fieldval)){ $fieldval = "" } if($trigger -eq 1){ Write-Verbose "ADDING NEW SAFE NAME VALUE TO PARAMETERS" $params.safeName = $fieldval } elseif($trigger -eq 2){ Write-Verbose "ADDING NEW SAFE DESCRIPTION TO PARAMETERS" $params.description = $fieldval } elseif($trigger -eq 3){ Write-Verbose "ADDING NEW SAFE OLACE NABLED TO PARAMETERS" $params.olacEnabled = $fieldval } elseif($trigger -eq 4){ Write-Verbose "ADDING NEW SAFE MANAGING CPM TO PARAMETERS" $params.ManagingCPM = $fieldval } elseif($trigger -eq 5){ Write-Verbose "ADDING NEW SAFE NUMBER OF VERSIONS RETENTION TO PARAMETERS" $params.NumberOfVersionsRetention = $fieldval $params.Remove('numberOfDaysRetention') } elseif($trigger -eq 6){ Write-Verbose "ADDING NEW SAFE NUMBER OF DAYS RETENTION TO PARAMETERS" $params.NumberOfDaysRetention = $fieldval $params.Remove('numberOfVersionsRetention') } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json try{ Write-Verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Safes/$safe" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Safes/$safe" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "PUT" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" } $outputlog = $response $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO UPDATE SAFE" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |