public/Get-VPASDPAPolicyDetails.ps1
|
<#
.Synopsis GET DPA POLICY DETAILS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RETRIEVE POLICY DETAILS FROM DPA .LINK https://vpasmodule.com/commands/Get-VPASDPAPolicyDetails .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER PolicyID UniqueID of the target policy in DPA .PARAMETER PolicyName Unique name of the target policy in DPA .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $PolicyDetails = Get-VPASDPAPolicyDetails -PolicyID {POLICY ID VALUE} .EXAMPLE $PolicyDetails = Get-VPASDPAPolicyDetails -PolicyName {POLICY NAME VALUE} .EXAMPLE $InputParameters = @{ PolicyID = "lkjsdhf897-zxcv-asdf-7634-lksjd438754" } $PolicyDetails = Get-VPASDPAPolicyDetails -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ PolicyName = "Vman Access Policy" } $PolicyDetails = Get-VPASDPAPolicyDetails -InputParameters $InputParameters .OUTPUTS If successful: { "policyId": "lkjsdhf897-zxcv-asdf-7634-lksjd438754", "policyName": "Vman Access Policy", "status": "Enabled", "description": "", "providersData": { "OnPrem": { "fqdnRules": "", "logicalNames": null, "ipRules": "" } }, "startDate": null, "endDate": null, "userAccessRules": [ { "ruleName": "Test Rule", "userData": "@{roles=System.Object[]; groups=System.Object[]; users=System.Object[]}", "connectionInformation": "@{connectAs=; grantAccess=2; idleTime=15; daysOfWeek=System.Object[]; fullDays=True; hoursFrom=; hoursTo=; timeZone=America/Chicago}" } ], "updatedOn": null, "updatedBy": null, "createdOn": null, "createdBy": null } --- $false if failed #> function Get-VPASDPAPolicyDetails{ [OutputType('System.Collections.Hashtable',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique PolicyID of the target policy (for example: lkjsdhf897-zxcv-asdf-7634-lksjd438754)")] [String]$PolicyID, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Name of the target policy (for example: `"Vman Access Policy`")")] [String]$PolicyName, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("PolicyID") MandatoryKeys = @("PolicyID") } set2 = @{ AcceptableKeys = @("PolicyName") MandatoryKeys = @("PolicyName") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE DPA POLICY" Write-VPASOutput -str $_ -type E return $false } try{ if($SubDomain -eq "N/A"){ Write-VPASOutput -str "SelfHosted + PriviledgeCloud Standard solutions do not support this API Call, returning false" -type E $log = Write-VPASTextRecorder -inputval "SelfHosted + PrivilegeCloud Standard solutions do not support this API Call, returning false" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval $false -token $token -LogType RETURN return $false } if([String]::IsNullOrEmpty($PolicyID)){ Write-Verbose "NO POLICY ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE POLICY ID BASED ON SPECIFIED PARAMETERS" $PolicyID = Get-VPASDPAPolicyIDHelper -token $token -SearchQuery $PolicyName Write-Verbose "RETURNING POLICY ID" } else{ Write-Verbose "POLICY ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($PolicyID -eq -1){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND TARGET POLICY ID: $PolicyID" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND TARGET POLICY ID: $PolicyID" Write-VPASOutput -str "COULD NOT FIND TARGET POLICY ID: $PolicyID" -type E return $false } else{ write-verbose "MAKING API CALL TO CYBERARK" $uri = "https://$SubDomain.dpa.cyberark.cloud/api/access-policies/$PolicyID" Write-Verbose "CONSTRUCTING URI: $uri" $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "RETURNING POLICY DETAILS" return $response } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE DPA POLICY DETAILS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |