public/Remove-VPASAccountRequest.ps1

<#
.Synopsis
   DELETE AN ACCOUNT REQUEST IN CYBERARK
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO DELETE AN EXISTING ACCOUNT REQUEST IN CYBERARK
.LINK
   https://vpasmodule.com/commands/Remove-VPASAccountRequest
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER RequestedSafe
   Safe name that will be used to query for the target account if no AcctID is passed
.PARAMETER RequestedUsername
   Username that will be used to query for the target account if no AcctID is passed
.PARAMETER RequestedPlatform
   PlatformID that will be used to query for the target account if no AcctID is passed
.PARAMETER RequestedAddress
   Address that will be used to query for the target account if no AcctID is passed
.PARAMETER RequestedAcctID
   Unique ID that maps to a single account, passing this variable will skip query functions to find target account
.PARAMETER RequestedReason
   Reason that will be used to query and find the target account request
.PARAMETER requestID
   Unique ID that maps to a single account request, passing this variable will skip any query functions
.PARAMETER WhatIf
   Run code simulation to see what is affected by running the command as well as any possible implications
   This is a code simulation flag, meaning the command will NOT actually run
.PARAMETER HideWhatIfOutput
   Suppress any code simulation output from the console
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.EXAMPLE
   $WhatIfSimulation = Remove-VPASAccountRequest -RequestedAcctID {ACCTID VALUE} -requestID {REQUESTID VALUE} -WhatIf
.EXAMPLE
   $DeleteAccountRequestStatus = Remove-VPASAccountRequest -RequestedUsername {USERNAME VALUE} -RequestedReason {REASON VALUE}
.EXAMPLE
   $InputParameters = @{
        RequestedSafe = "TargetSafeName"
        RequestedPlatform = "TargetPlatformID"
        RequestedUsername = "TargetUsername"
        RequestedAddress = "TargetAddress"
        RequestedReason = "TargetRequestReason"
        WhatIf = $true|$false
        HideWhatIfOutput = $true|$false
   }
   $DeleteAccountRequestStatus = Remove-VPASAccountRequest -InputParameters $InputParameters
.EXAMPLE
   $InputParameters = @{
        RequestedAcctID = "22_103"
        RequestedReason = "TargetRequestReason"
        WhatIf = $true|$false
        HideWhatIfOutput = $true|$false
   }
   $DeleteAccountRequestStatus = Remove-VPASAccountRequest -InputParameters $InputParameters
.EXAMPLE
   $InputParameters = @{
        requestID = "22_123"
        WhatIf = $true|$false
        HideOutput = $true|$false
   }
   $DeleteAccountRequestStatus = Remove-VPASAccountRequest -InputParameters $InputParameters
.OUTPUTS
   $true if successful
   ---
   $false if failed
#>

function Remove-VPASAccountRequest{
    [OutputType([bool],'System.Object')]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(
        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$RequestedSafe,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$RequestedPlatform,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$RequestedUsername,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [String]$RequestedAddress,

        [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique AccountID of the target account (for example: 22_123)")]
        [String]$RequestedAcctID,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [String]$RequestedReason,

        [Parameter(Mandatory=$true,ParameterSetName='Set3',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique RequestID of the target request (for example: 22_123)")]
        [String]$requestID,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set3',ValueFromPipelineByPropertyName=$true)]
        [Switch]$WhatIf,

        [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)]
        [Parameter(Mandatory=$false,ParameterSetName='Set3',ValueFromPipelineByPropertyName=$true)]
        [Switch]$HideWhatIfOutput,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("RequestedSafe","RequestedPlatform","RequestedUsername","RequestedAddress","RequestedReason","WhatIf","HideWhatIfOutput")
                        MandatoryKeys = @()
                    }
                    set2 = @{
                        AcceptableKeys = @("RequestedAcctID","RequestedReason","WhatIf","HideWhatIfOutput")
                        MandatoryKeys = @("RequestedAcctID")
                    }
                    set3 = @{
                        AcceptableKeys = @("requestID","WhatIf","HideWhatIfOutput")
                        MandatoryKeys = @("requestID")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO RETRIEVE ACCOUNT REQUEST"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{
                if([String]::IsNullOrEmpty($requestID)){
                    Write-Verbose "NO REQUEST ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE ACCOUNT REQUEST ID BASED ON SPECIFIED PARAMETERS"
                    [String[]]$requestID = Get-VPASAccountRequestIDHelper -AcctID $RequestedAcctID -token $token -UserReason $RequestedReason -Safe $RequestedSafe -Username $RequestedUsername -Address $RequestedAddress -Platform $RequestedPlatform
                }
                $reqCount = $requestID.count
                if($reqCount -eq 0 -or $reqCount -gt 1){
                    $log = Write-VPASTextRecorder -inputval "COULD NOT FIND UNIQUE ACCOUNT REQUEST ENTRY, INCLUDE MORE SEARCH PARAMETERS" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT REQUEST ENTRY, INCLUDE MORE SEARCH PARAMETERS"
                    Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT REQUEST ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E
                    return $false
                }
                else{
                    if($NoSSL){
                        Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                        $uri = "http://$PVWA/PasswordVault/API/myrequests/$requestID"
                    }
                    else{
                        Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                        $uri = "https://$PVWA/PasswordVault/API/myrequests/$requestID"
                    }
                    $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                    $log = Write-VPASTextRecorder -inputval "DELETE" -token $token -LogType METHOD

                    if($WhatIf){
                        $log = Write-VPASTextRecorder -token $token -LogType WHATIF1

                        $WhatIfHash = @{}
                        Write-Verbose "INITIATING COMMAND SIMULATION"
                        $WhatIfInfo = Get-VPASAccountRequestDetails -requestID "$requestID"
                        $WhatIfPlatformID = $WhatIfInfo."$requestID".AccountDetails.Properties.PlatformName
                        $WhatIfSafeName = $WhatIfInfo."$requestID".AccountDetails.Properties.Safe
                        $WhatIfID = $WhatIfInfo."$requestID".AccountDetails.AccountID
                        $WhatIfName = $WhatIfInfo."$requestID".AccountDetails.Properties.Name
                        $WhatIfAddress = $WhatIfInfo."$requestID".AccountDetails.Properties.Address
                        $WhatIfUsername = $WhatIfInfo."$requestID".AccountDetails.Properties.UserName
                        $WhatIfReason = $WhatIfInfo."$requestID".RequestorReason

                        if(!$HideWhatIfOutput){
                            Write-VPASOutput -str "============ BEGIN COMMAND SIMULATION ============" -type S
                            Write-VPASOutput -str "THE FOLLOWING ACCOUNT REQUEST WOULD BE DELETED:" -type S
                            Write-VPASOutput -str "RequestedPlatformID : $WhatIfPlatformID" -type S
                            Write-VPASOutput -str "RequestedSafeName : $WhatIfSafeName" -type S
                            Write-VPASOutput -str "RequestedAccountID : $WhatIfID" -type S
                            Write-VPASOutput -str "RequestedObjectName : $WhatIfName" -type S
                            Write-VPASOutput -str "RequestedAddress : $WhatIfAddress" -type S
                            Write-VPASOutput -str "RequestedUserName : $WhatIfUsername" -type S
                            Write-VPASOutput -str "RequestID : $requestID" -type S
                            Write-VPASOutput -str "RequestReason : $WhatIfReason" -type S
                            Write-VPASOutput -str "---" -type S
                            Write-VPASOutput -str "URI : $uri" -type S
                            Write-VPASOutput -str "METHOD : DELETE" -type S
                            Write-VPASOutput -str " " -type S
                            Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S
                        }
                        $WhatIfHash = @{
                            WhatIf = @{
                                PlatformID = $WhatIfPlatformID
                                SafeName = $WhatIfSafeName
                                AccountID = $WhatIfID
                                ObjectName = $WhatIfName
                                Address = $WhatIfAddress
                                UserName = $WhatIfUsername
                                RequestID = $requestID
                                RequestReason = $RequestedReason
                                RestURI = $uri
                                RestMethod = "DELETE"
                                Disclaimer = "THIS ACCOUNT REQUEST WILL BE DELETED IF -WhatIf FLAG IS REMOVED"
                            }
                        }
                        $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json
                        $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY
                        $log = Write-VPASTextRecorder -token $token -LogType WHATIF2
                        return $WhatIfJSON
                    }
                    else{
                        if($sessionval){
                            $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json" -WebSession $sessionval
                        }
                        else{
                            $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method DELETE -ContentType "application/json"
                        }
                        $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
                        Write-Verbose "ACCOUNT REQUEST WAS SUCCESSFULLY DELETED FROM CYBERARK"
                        return $true
                    }
                }
            Write-Verbose "FAILED TO RETRIEVE ACCOUNT REQUEST DETAILS"
            Write-Verbose "RETURNING FALSE"
            return $false
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO RETRIEVE ACCOUNT REQUEST DETAILS"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}