Functions/SafeMembers/Get-PASSafeMember.ps1

# .ExternalHelp psPAS-help.xml
function Get-PASSafeMember {
    [CmdletBinding(DefaultParameterSetName = 'Gen2')]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen2'
        )]
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen2-MemberFilter'
        )]
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen1-SafeMembers'
        )]
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen1-MemberPermissions'
        )]
        [ValidateNotNullOrEmpty()]
        [string]$SafeName,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen2-MemberFilter'
        )]
        [ValidateSet('user', 'group')]
        [string]$memberType,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen2-MemberFilter'
        )]
        [boolean]$membershipExpired,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen2-MemberFilter'
        )]
        [boolean]$includePredefinedUsers,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen2-MemberFilter'
        )]
        [string]$search,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen2-MemberFilter'
        )]
        [ValidateSet('asc', 'desc')]
        [string]$sort,

        [Alias('UserName')]
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true,
            ParameterSetName = 'Gen1-MemberPermissions'
        )]
        [ValidateNotNullOrEmpty()]
        [string]$MemberName,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $false,
            ParameterSetName = 'Gen2'
        )]
        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $false,
            ParameterSetName = 'Gen2-MemberFilter'
        )]
        [int]$TimeoutSec,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $false,
            ParameterSetName = 'Gen1-SafeMembers'
        )]
        [switch]$UseGen1API
    )

    BEGIN {

        $Request = @{ }
        $Method = 'GET'
        $Limit = 25   #default if you call the API with no value

    }#begin

    PROCESS {

        switch ($PSCmdlet.ParameterSetName) {

            ( { $PSItem -match '^Gen1-' } ) {

                #Create URL for Gen1 API requests
                $URI = "$Script:BaseURI/WebServices/PIMServices.svc/Safes/$($SafeName | Get-EscapedString)/Members"

            }

            ( { $PSItem -match '^Gen2' } ) {

                #Create URL for Gen1 API requests
                Assert-VersionRequirement -RequiredVersion 12.0

                #Create URL for Gen2 API requests
                $URI = "$Script:BaseURI/api/Safes/$($SafeName | Get-EscapedString)/Members"

            }

            'Gen1-MemberPermissions' {

                #check required version
                Assert-VersionRequirement -MaximumVersion 12.3

                #Create URL for member specific request
                $URI = "$URI/$($MemberName | Get-EscapedString)"
                #Send a PUT Request instead of GET
                $Method = 'PUT'
                #Send an empty body
                #Add to Request parameters for PUT Request
                $Request['Body'] = @{'member' = @{ } } | ConvertTo-Json

                break

            }

            'Gen2-MemberFilter' {

                Assert-VersionRequirement -RequiredVersion 12.1

                #Get Parameters to include in request
                $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove SafeName, memberType, membershipExpired, includePredefinedUsers, TimeoutSec
                $filterParameters = $PSBoundParameters | Get-PASParameter -ParametersToKeep memberType, membershipExpired, includePredefinedUsers
                $FilterString = $filterParameters | ConvertTo-FilterString

                If ($null -ne $FilterString) {

                    $boundParameters = $boundParameters + $FilterString

                }

                #Create Query String, escaped for inclusion in request URL
                $queryString = $boundParameters | ConvertTo-QueryString

                If ($null -ne $queryString) {

                    #Build URL from base URL
                    $URI = "$URI`?$queryString"

                }

                $Request['TimeoutSec'] = $TimeoutSec

                break

            }

        }

        #Build Request Parameters
        $Request['URI'] = $URI
        $Request['Method'] = $Method
        $Request['WebSession'] = $Script:WebSession

        #Send request to webservice
        $result = Invoke-PASRestMethod @Request

        If ($null -ne $result) {

            switch ($PSCmdlet.ParameterSetName) {

                'Gen1-MemberPermissions' {

                    #format output
                    $Output = $result.member | Select-Object MembershipExpirationDate,

                    @{Name = 'UserName'; 'Expression' = { $MemberName } },

                    @{Name = 'Permissions'; 'Expression' = {

                            $result.member.permissions | ConvertFrom-KeyValuePair }

                    }

                }

                'Gen1-SafeMembers' {

                    #output
                    $Output = $result.members | Select-Object UserName, Permissions

                }

                ( { $PSItem -match '^Gen1-' } ) {

                    #Format and add SafeName to Gen 1 Output
                    $Output = $Output | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe.Member -PropertyToAdd @{

                        'SafeName' = $SafeName

                    }

                    break

                }

                ( { $PSItem -match '^Gen2' } ) {

                    $Total = $result.Count

                    If ($Total -gt 0) {

                        $Members = [Collections.Generic.List[Object]]::New(($result.value))

                        For ( $Offset = $Limit ; $Offset -lt $Total ; $Offset += $Limit ) {

                            $Null = $Members.AddRange((Invoke-PASRestMethod -Uri "$URI`?limit=$Limit&OffSet=$Offset" -Method GET -WebSession $Script:WebSession -TimeoutSec $TimeoutSec).value)

                        }

                        $Output = $Members

                    }

                    ElseIf ($null -ne $result) {

                        $Output = $result.value

                    }

                    $Output = $Output |
                        Select-Object *, @{Name = 'UserName'; 'Expression' = { $PSItem.MemberName } } |
                        Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe.Member.Gen2

                    break

                }

            }

            $Output

        }

    }#process

    END { }#end

}