public/Get-VPASIdentityRoleDetails.ps1
|
<#
.Synopsis RETRIEVE SPECIFIC ROLE DETAILS IN IDENTITY CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RETRIEVE SPECIFIC ROLE DETAILS IN IDENTITY .LINK https://vpasmodule.com/commands/Get-VPASIdentityRoleDetails .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER RoleName Unique RoleName in Identity to query for target RoleID .PARAMETER RoleID Target RoleID that maps the target Role in Identity Supply the RoleID to skip querying for the target Role .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $RoleDetailsArray = Get-VPASIdentityRoleDetails -Rolename {ROLENAME VALUE} .EXAMPLE $RoleDetailsArray = Get-VPASIdentityRoleDetails -RoleID {ROLEID VALUE} .EXAMPLE $InputParameters = @{ RoleName = "VPASModuleTestingRole" } $RoleDetailsArray = Get-VPASIdentityRoleDetails -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ RoleID = "jkahd786_sdfg_ghjf_4567_jdhfkj289743" } $RoleDetailsArray = Get-VPASIdentityRoleDetails -InputParameters $InputParameters .OUTPUTS If successful: { "_TableName": "roles", "Name": "NewRoleVpas", "ID": "jkahd786_sdfg_ghjf_4567_jdhfkj289743", "OrgPath": null, "Description": "New role for documentation purposes", "IsHidden": null, "RoleType": "PrincipalList", "OrgId": null, "ReadOnly": false, "DirectoryServiceUuid": "2798457982-ABCD-ABCDE-2345-895743ABCDE" } --- $false if failed #> function Get-VPASIdentityRoleDetails{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Role name of the target role (for example: VpasRole01)")] [String]$RoleName, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique RoleID of the target role (for example: 1234-abcde-5678-lmnop-0987hjkj98)")] [String]$RoleID, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("RoleName") MandatoryKeys = @("RoleName") } set2 = @{ AcceptableKeys = @("RoleID") MandatoryKeys = @("RoleID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE ROLE DETAILS" Write-VPASOutput -str $_ -type E return $false } try{ if(!$IdentityURL){ $log = Write-VPASTextRecorder -inputval "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY, TERMINATING API CALL" -type E return $false } Write-Verbose "CONSTRUCTING PARAMETERS" $params = @{ Script = "Select * from Role" } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$IdentityURL/Redrock/query" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$IdentityURL/Redrock/query" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD write-verbose "MAKING API CALL" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } $result = $response foreach($row in $result.Result.Results.Row){ if($row.Name -eq $RoleName -or $row.ID -eq $RoleID){ $log = Write-VPASTextRecorder -inputval $row -token $token -LogType RETURN Write-Verbose "FOUND TARGET ROLE...RETURNING ROLE DETAILS" return $row } } $log = Write-VPASTextRecorder -inputval "NO ROLES FOUND" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "NO ROLES FOUND" Write-VPASOutput -str "NO ROLES FOUND" -type E return $false }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO QUERY IDENTITY" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |