public/Get-VPASSafeMembers.ps1
|
<#
.Synopsis GET ALL SAFE MEMBERS IN A SAFE CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RETRIEVE SAFE MEMBERS FROM A SPECIFIED SAFE AND SAFE PERMISSIONS .LINK https://vpasmodule.com/commands/Get-VPASSafeMembers .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER safe Target unique safe name .PARAMETER IncludePredefinedMembers Specify to include predefined safe members in the output Predefined safe members are the members that get added by default to every safe (Master, Batch, Backup, etc) .PARAMETER LimitSearchTo Specify if the query should include only Users or Groups Both Users and Groups are returned by default Possible values: "UsersOnly", "GroupsOnly" .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $SafeMembersJSON = Get-VPASSafeMembers -safe {SAFE VALUE} .EXAMPLE $SafeMembersJSON = Get-VPASSafeMembers -safe {SAFE VALUE} -IncludePredefinedMembers .EXAMPLE $InputParameters = @{ safe = "TargetSafeName" IncludePredefinedMembers = $true|$false LimitSearchTo = "UsersOnly"|"GroupsOnly" } $SafeMembersJSON = Get-VPASSafeMembers -InputParameters $InputParameters .OUTPUTS If successful: { "value": [ { "safeUrlId": "TestSafe", "safeName": "TestSafe", "safeNumber": 121, "memberId": "1d7864kjhg7-827364-kjsdhfj-1bc2-ab34c5d67efg", "memberName": "vadim@vman.com", "memberType": "User", "membershipExpirationDate": null, "isExpiredMembershipEnable": false, "isPredefinedUser": false, "isReadOnly": true, "permissions": "@{useAccounts=True; retrieveAccounts=True; listAccounts=True; addAccounts=True; updateAccountContent=True; updateAccountProperties=True; initiateCPMAccountManagementOperations=True; specifyNextAccountContent=True; renameAccounts=True;deleteAccounts=True; unlockAccounts=True; manageSafe=True; manageSafeMembers=True; backupSafe=True; viewAuditLog=True; viewSafeMembers=True; accessWithoutConfirmation=True; createFolders=True; deleteFolders=True; moveAccountsAndFolders=True; requestsAuthorizationLevel1=True; requestsAuthorizationLevel2=False}" }, { "safeUrlId": "TestSafe", "safeName": "TestSafe", "safeNumber": 121, "memberId": "78", "memberName": "SafeAccessgroup", "memberType": "Group", "membershipExpirationDate": null, "isExpiredMembershipEnable": false, "isPredefinedUser": false, "isReadOnly": false, "permissions": "@{useAccounts=False; retrieveAccounts=False; listAccounts=True; addAccounts=False; updateAccountContent=False; updateAccountProperties=False; initiateCPMAccountManagementOperations=False; specifyNextAccountContent=False; renameAccounts=False; deleteAccounts=False; unlockAccounts=True; manageSafe=False; manageSafeMembers=False; backupSafe=False; viewAuditLog=False; viewSafeMembers=False; accessWithoutConfirmation=False; createFolders=False; deleteFolders=False; moveAccountsAndFolders=False; requestsAuthorizationLevel1=False; requestsAuthorizationLevel2=False}" } ], "count": 2 } --- $false if failed #> function Get-VPASSafeMembers{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target Safe to query members from (for example: TestSafe1)")] [String]$safe, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$IncludePredefinedMembers, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [ValidateSet("UsersOnly","GroupsOnly")] [String]$LimitSearchTo, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("safe","IncludePredefinedMembers","LimitSearchTo") MandatoryKeys = @("safe") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE SAFE MEMBERS" Write-VPASOutput -str $_ -type E return $false } try{ $outputreturn = @() Write-Verbose "MAKING API CALL TO CYBERARK" if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" if($IncludePredefinedMembers){ $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members?filter=includePredefinedUsers eq true" if(![String]::IsNullOrEmpty($LimitSearchTo)){ if($LimitSearchTo -eq "UsersOnly"){ $uri += " AND memberType eq user" } elseif($LimitSearchTo -eq "GroupsOnly"){ $uri += " AND memberType eq group" } } } else{ $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members" if(![String]::IsNullOrEmpty($LimitSearchTo)){ if($LimitSearchTo -eq "UsersOnly"){ $uri += "?filter=memberType eq user" } elseif($LimitSearchTo -eq "GroupsOnly"){ $uri += "?filter=memberType eq group" } } } } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" if($IncludePredefinedMembers){ $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members?filter=includePredefinedUsers eq true" if(![String]::IsNullOrEmpty($LimitSearchTo)){ if($LimitSearchTo -eq "UsersOnly"){ $uri += " AND memberType eq user" } elseif($LimitSearchTo -eq "GroupsOnly"){ $uri += " AND memberType eq group" } } } else{ $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members" if(![String]::IsNullOrEmpty($LimitSearchTo)){ if($LimitSearchTo -eq "UsersOnly"){ $uri += "?filter=memberType eq user" } elseif($LimitSearchTo -eq "GroupsOnly"){ $uri += "?filter=memberType eq group" } } } } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "RETRIEVED DATA FROM API CALL" Write-Verbose "RETURNING OUTPUT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET SAFE MEMBERS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |