public/Add-VPASAccountToAccountGroup.ps1
|
<#
.Synopsis ADD ACCOUNT TO ACCOUNT GROUP CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO ADD ACCOUNT TO ACCOUNT GROUP .LINK https://vpasmodule.com/commands/Add-VPASAccountToAccountGroup .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER safe Safe name that will be used to query for the target account if no AcctID is passed .PARAMETER username Username that will be used to query for the target account if no AcctID is passed .PARAMETER platform PlatformID that will be used to query for the target account if no AcctID is passed .PARAMETER address Address that will be used to query for the target account if no AcctID is passed .PARAMETER AcctID Unique ID that maps to a single account, passing this variable will skip any query functions .PARAMETER GroupName Unique target GroupName that will be used to query for the GroupID if no GroupID is passed An account group is set of accounts that will have the same password synced across the entire group .PARAMETER GroupID Unique ID that maps to the target AccountGroup Supply GroupID to skip any querying for target AccountGroup .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -GroupID {GROUPID VALUE} -AcctID {ACCTID VALUE} .EXAMPLE $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -GroupID {GROUPID VALUE} -safe {SAFE VALUE} -platform {PLATFORM VALUE} -username {USERNAME VALUE} -address {ADDRESS VALUE} .EXAMPLE $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -GroupName {GROUPNAME VALUE} -AcctID {ACCTID VALUE} .EXAMPLE $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -GroupName {GROUPNAME VALUE} -safe {SAFE VALUE} -platform {PLATFORM VALUE} -username {USERNAME VALUE} -address {ADDRESS VALUE} .EXAMPLE $InputParameters = @{ GroupID = "35_12" AcctID = "35_214" } $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ GroupName = "TargetGroupName" AcctID = "35_214" } $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ GroupID = "35_12" safe = "TargetAcctSafe" address = "TargetAcctAddress" platform = "TargetAcctPlatformID" username = "TargetAcctUsername" } $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ GroupName = "TargetGroupName" safe = "TargetAcctSafe" address = "TargetAcctAddress" platform = "TargetAcctPlatformID" username = "TargetAcctUsername" } $AddAccountToAccountGroupStatus = Add-VPASAccountToAccountGroup -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Add-VPASAccountToAccountGroup{ [OutputType([bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique GroupID of the target account group (for example: 35_12)")] [Parameter(Mandatory=$true,ParameterSetName='Set3',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique GroupID of the target account group (for example: 35_12)")] [String]$GroupID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique Safename where the target account group lives (for example: VmanTestSafe)")] [Parameter(Mandatory=$true,ParameterSetName='Set4',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique Safename where the target account group lives (for example: VmanTestSafe)")] [String]$safe, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$platform, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$username, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [String]$address, [Parameter(Mandatory=$true,ParameterSetName='Set3',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique AccountID of the target account (for example: 22_123)")] [Parameter(Mandatory=$true,ParameterSetName='Set4',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique AccountID of the target account (for example: 22_123)")] [String]$AcctID, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique group name of the target account group (for example: VmanAccountgroup1)")] [Parameter(Mandatory=$true,ParameterSetName='Set4',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique group name of the target account group (for example: VmanAccountgroup1)")] [String]$GroupName, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("GroupID","safe","platform","username","address") MandatoryKeys = @("GroupID") } set2 = @{ AcceptableKeys = @("GroupName","safe","platform","username","address") MandatoryKeys = @("GroupName","safe") } set3 = @{ AcceptableKeys = @("GroupID","AcctID") MandatoryKeys = @("GroupID","AcctID") } set4 = @{ AcceptableKeys = @("GroupName","AcctID","safe") MandatoryKeys = @("GroupName","AcctID","safe") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO ADD ACCOUNT TO ACCOUNT GROUP" Write-VPASOutput -str $_ -type E return $false } try{ $params = @{} if([String]::IsNullOrEmpty($AcctID)){ Write-Verbose "NO ACCTID SUPPLIED, INVOKING ACCTID HELPER" $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address write-verbose "ADDING ACCTID: $AcctID TO API PARAMETERS" $params += @{AccountID = "$AcctID"} } else{ Write-Verbose "ACCTID SUPPLIED, SKIPPING ACCOUNTID HELPER" Write-Verbose "ADDING ACCTID: $AcctID TO API PARAMETERS" $params+= @{AccountID = "$AcctID"} } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if([String]::IsNullOrEmpty($GroupID)){ write-verbose "NO GROUPID PASSED, INVOKING GROUPID HELPER" if([String]::IsNullOrEmpty($safe) -or [String]::IsNullOrEmpty($GroupName)){ write-verbose "IF NO GROUPID IS PASSED, SAFE AND GROUPNAME MUST BE PASSED...RETURNING FALSE" Write-VPASOutput -str "IF NO GROUPID IS PASSED, SAFE AND GROUPNAME MUST BE PASSED" -type E } else{ $GroupID = Get-VPASAccountGroupIDHelper -token $token -safe $safe -GroupName $GroupName } } else{ Write-Verbose "GROUPID SUPPLIED...SKIPPING GROUPID HELPER" } if(!$GroupID){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND UNIQUE GROUPID" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC write-verbose "COULD NOT FIND UNIQUE GROUPID...RETURNING FALSE" Write-VPASOutput -str "COULD NOT FIND UNIQUE GROUPID...RETURNING FALSE" -type E return $false } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/AccountGroups/$GroupID/Members" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/AccountGroups/$GroupID/Members" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } Write-Verbose "RETURNING TRUE" $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC return $true }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO ADD ACCTID: $AcctID TO ACCOUNT GROUPID: $GroupID" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |