public/Get-VPASAllAccountRequests.ps1
|
<#
.Synopsis GET ALL ACCOUNT REQUESTS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RETRIEVE ALL ACCOUNT REQUESTS MADE BY USER .LINK https://vpasmodule.com/commands/Get-VPASAllAccountRequests .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER IncludeExpiredRequests Switch if to include account requests that have already expired .PARAMETER OnlyPendingRequests Switch if to only return account requests that are still pending an approval .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $AllAccountRequestsJSON = Get-VPASAllAccountRequests -IncludeExpiredRequests .EXAMPLE $InputParameters = @{ IncludeExpiredRequests = $true|$false OnlyPendingRequests = $true|$false } $AllAccountRequestsJSON = Get-VPASAllAccountRequests -InputParameters $InputParameters .OUTPUTS If successful: { "MyRequests": [ { "RequestID": "VPASRequestSafe_20", "SafeName": "VPASRequestSafe", "RequestorUserName": "vadim@vman.com", "RequestorReason": "(ConnectionClient=PSM-RDP) Testing Account Request", "UserReason": "Testing Account Request", "CreationDate": 1724125545, "Operation": "Connect to VPASDualControl-DomainAdmin011-vman.com", "ExpirationDate": 1726717545, "OperationType": 4, "AccessType": "ManyTimes", "ConfirmationsLeft": 1, "AccessFrom": 1724158800, "AccessTo": 1724173200, "Status": 1, "StatusTitle": "Waiting: 1 more user(s) must confirm the request", "InvalidRequestReason": 0, "CurrentConfirmationLevel": 1, "RequiredConfirmersCountLevel2": 1, "TicketingSystemProperties": "@{Name=; Number=; Status=}", "AdditionalInfo": "", "AccountDetails": "@{AccountID=120_3; Properties=}", "Confirmers": "" } ], "Total": 1 } --- $false if failed #> function Get-VPASAllAccountRequests{ [OutputType('System.Collections.Hashtable',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [switch]$IncludeExpiredRequests, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [switch]$OnlyPendingRequests, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("IncludeExpiredRequests","OnlyPendingRequests") MandatoryKeys = @() } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE ACCOUNT REQUESTS" Write-VPASOutput -str $_ -type E return $false } try{ write-verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/MyRequests?" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/MyRequests?" } if($IncludeExpiredRequests){ $uri += "expired=$true&" } if($OnlyPendingRequests){ $uri += "onlywaiting=$true&" } $uri = $uri.Substring(0,($uri.Length-1)) $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE ACCOUNT REQUESTS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |