├── .gitignore ├── CTU.ps1 ├── LICENSE ├── Logs ├── Bulk-permission-changes-2017-08-25-154935.txt └── Change-User-access-to-a-safe2017-08-25-154722.txt ├── README.md ├── Screenshots └── cyberark_demo.gif ├── Templates ├── .DS_Store ├── Bulk_permission_changes.csv └── Bulk_upload_passwords.csv ├── psCTU ├── .DS_Store ├── Functions │ └── Import-Excel.ps1 ├── Outputs │ ├── CTUHeaders.ps1 │ └── CTUMenus.ps1 └── psCTU.psm1 └── psPAS ├── .gitattributes ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Functions ├── AccountACL │ ├── Add-PASAccountACL.ps1 │ ├── Get-PASAccountACL.ps1 │ └── Remove-PASAccountACL.ps1 ├── AccountGroups │ ├── Add-PASAccountGroupMember.ps1 │ └── New-PASAccountGroup.ps1 ├── Accounts │ ├── Add-PASAccount.ps1 │ ├── Add-PASPendingAccount.ps1 │ ├── Get-PASAccount.ps1 │ ├── Get-PASAccountActivity.ps1 │ ├── Get-PASAccountCredentials.ps1 │ ├── Remove-PASAccount.ps1 │ ├── Set-PASAccount.ps1 │ ├── Start-PASCredChange.ps1 │ └── Start-PASCredVerify.ps1 ├── Applications │ ├── Add-PASApplication.ps1 │ ├── Add-PASApplicationAuthenticationMethod.ps1 │ ├── Get-PASApplication.ps1 │ ├── Get-PASApplicationAuthenticationMethods.ps1 │ ├── Get-PASApplications.ps1 │ ├── Remove-PASApplication.ps1 │ └── Remove-PASApplicationAuthenticationMethod.ps1 ├── Authentication │ ├── Add-PASPublicSSHKey.ps1 │ ├── Close-PASSAMLSession.ps1 │ ├── Close-PASSession.ps1 │ ├── Close-PASSharedSession.ps1 │ ├── Get-PASPublicSSHKey.ps1 │ ├── New-PASSAMLSession.ps1 │ ├── New-PASSession.ps1 │ ├── New-PASSharedSession.ps1 │ └── Remove-PASPublicSSHKey.ps1 ├── OnboardingRules │ ├── Get-PASOnboardingRule.ps1 │ ├── New-PASOnboardingRule.ps1 │ └── Remove-PASOnboardingRule.ps1 ├── PolicyACL │ ├── Add-PASPolicyACL.ps1 │ ├── Get-PASPolicyACL.ps1 │ └── Remove-PASPolicyACL.ps1 ├── SafeMembers │ ├── Add-PASSafeMember.ps1 │ ├── Get-PASSafeMembers.ps1 │ ├── Remove-PASSafeMember.ps1 │ └── Set-PASSafeMember.ps1 ├── Safes │ ├── Add-PASSafe.ps1 │ ├── Get-PASSafe.ps1 │ ├── Remove-PASSafe.ps1 │ └── Set-PASSafe.ps1 ├── ServerWebServices │ ├── Get-PASSafeShareLogo.ps1 │ ├── Get-PASServer.ps1 │ └── Get-PASServerWebService.ps1 └── User │ ├── Add-PASGroupMember.ps1 │ ├── Get-PASLoggedOnUser.ps1 │ ├── Get-PASUser.ps1 │ ├── New-PASUser.ps1 │ ├── Remove-PASUser.ps1 │ ├── Set-PASUser.ps1 │ └── Unblock-PASUser.ps1 ├── LICENSE.md ├── Private ├── Add-ObjectDetail.ps1 ├── Get-EscapedString.ps1 ├── Get-PASParameters.ps1 ├── Invoke-PASRestMethod.ps1 └── New-DynamicParam.ps1 ├── README.md ├── psPAS.Format.ps1xml ├── psPAS.psd1 └── psPAS.psm1 /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | Logs 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Ziyad Alshehri 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Logs/Bulk-permission-changes-2017-08-25-154935.txt: -------------------------------------------------------------------------------- 1 | 2017/08/25 15:49:36-[ERROR] Couldn't add user1 to API_test_safe1 2 | 2017/08/25 15:49:36-[SUCCESS] User user1 permissions were changed to Owner in API_test_safe1 3 | 2017/08/25 15:49:36-[SUCCESS] User user2 permissions were changed to User in API_test_safe1 4 | 2017/08/25 15:49:37-[SUCCESS] User user3 permissions were changed to Owner in API_test_safe1 5 | 2017/08/25 15:49:37-[SUCCESS] User user2 permissions were changed to User in API_test_safe2 6 | 2017/08/25 15:49:38-[INFO] User user3 does not exist in API_test_safe2, no need to remove access 7 | 2017/08/25 15:49:38-[SUCCESS] User user1 permissions were changed to User in API_test_safe2 8 | 2017/08/25 15:49:38-[SUCCESS] User user2 permissions were changed to Owner in API_test_safe2 9 | -------------------------------------------------------------------------------- /Logs/Change-User-access-to-a-safe2017-08-25-154722.txt: -------------------------------------------------------------------------------- 1 | 2017/08/25 15:47:23-[SUCCESS] User user1 permissions were changed to Owner in api_test_safe1 2 | -------------------------------------------------------------------------------- /Screenshots/cyberark_demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zshehri/CTU/3ddf4fb4df40f80ed0072b8da4d633e979518b3a/Screenshots/cyberark_demo.gif -------------------------------------------------------------------------------- /Templates/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zshehri/CTU/3ddf4fb4df40f80ed0072b8da4d633e979518b3a/Templates/.DS_Store -------------------------------------------------------------------------------- /Templates/Bulk_permission_changes.csv: -------------------------------------------------------------------------------- 1 | Safe,UserID,Action API_test_safe1,user1,Owner API_test_safe1,user2,User API_test_safe2,user1,Remove API_test_safe2,user2,Owner -------------------------------------------------------------------------------- /Templates/Bulk_upload_passwords.csv: -------------------------------------------------------------------------------- 1 | ObjectName,Safe,Address,Username,Password,PlatformID,DisableAutoMgmt,DisableAutoMgmtReason 2 | Operating System-WindowsDomainAccount-JG-joe-garcia.local-test.user0003,T-APP-CYBR-RESTAPI,joe-garcia.local,test.user0003,Cyberark1,WindowsDomainAccount-JG,Yes,Testing API Disable Auto Mgmt 3 | Operating System-WindowsDomainAccount-JG-joe-garcia.local-test.user0004,T-APP-CYBR-RESTAPI,joe-garcia.local,test.user0004,Cyberark1,WindowsDomainAccount-JG,No, 4 | -------------------------------------------------------------------------------- /psCTU/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zshehri/CTU/3ddf4fb4df40f80ed0072b8da4d633e979518b3a/psCTU/.DS_Store -------------------------------------------------------------------------------- /psCTU/Functions/Import-Excel.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS: 3 | Similar to Import-CSV but for Excel files 4 | 5 | .Description: 6 | The function takes an Excel file (xls,xlsx) and returns array of objects, where each property name, 7 | represented by first row of the Excel spreadsheet. 8 | 9 | Import-Excel [-FileName]:Path [-WorksheetName:"Name"] [-DisplayProgress:$true|$false] 10 | 11 | .INPUTS: 12 | -FileName – path to the Excel file. Since the code uses Excel Com-object, any format supported by local installation of Excel is compatible 13 | -WorksheetName – name of the spreadsheet to load. if not name declared, the first one will be loaded 14 | -DisplayProgress – switch $true or $false to display or not the progress of the load process 15 | 16 | .OUTPUTS: 17 | The function returns array of objects, where each property name, represented by first row of the Excel spreadsheet. 18 | Reference: https://podlisk.wordpress.com/2011/11/20/import-excel-spreadsheet-into-powershell/ 19 | 20 | .EXAMPLE: 21 | Usage examples: 22 | 23 | [PS] C:\>$reportLines = Import-Excel C:\Document\my-report.xls 24 | – will import the content of the first spreadsheet from the file, found at “C:\Document\my-report.xls” into $reportLines variable 25 | 26 | [PS] C:\>$users = Import-Excel C:\Document\users.xlsx -WorksheetName:"HQ" 27 | – will import the content of the first “HQ” spreadsheet from the “C:\Document\users.xlsx” file into $users variable 28 | #> 29 | 30 | function Import-Excel 31 | { 32 | param ( 33 | [string]$FileName, 34 | [string]$WorksheetName, 35 | [bool]$DisplayProgress = $true 36 | ) 37 | 38 | if ($FileName -eq "") { 39 | throw "Please provide path to the Excel file" 40 | Exit 41 | } 42 | 43 | if (-not (Test-Path $FileName)) { 44 | throw "Path '$FileName' does not exist." 45 | exit 46 | } 47 | 48 | $FileName = Resolve-Path $FileName 49 | $excel = New-Object -com "Excel.Application" 50 | $excel.Visible = $false 51 | $workbook = $excel.workbooks.open($FileName) 52 | 53 | if (-not $WorksheetName) { 54 | Write-Warning "Defaulting to the first worksheet in workbook." 55 | $sheet = $workbook.ActiveSheet 56 | } else { 57 | $sheet = $workbook.Sheets.Item($WorksheetName) 58 | } 59 | 60 | if (-not $sheet) 61 | { 62 | throw "Unable to open worksheet $WorksheetName" 63 | exit 64 | } 65 | 66 | $sheetName = $sheet.Name 67 | $columns = $sheet.UsedRange.Columns.Count 68 | $lines = $sheet.UsedRange.Rows.Count 69 | 70 | Write-Warning "Worksheet $sheetName contains $columns columns and $lines lines of data" 71 | 72 | $fields = @() 73 | 74 | for ($column = 1; $column -le $columns; $column ++) { 75 | $fieldName = $sheet.Cells.Item.Invoke(1, $column).Value2 76 | if ($fieldName -eq $null) { 77 | $fieldName = "Column" + $column.ToString() 78 | } 79 | $fields += $fieldName 80 | } 81 | 82 | $line = 2 83 | 84 | 85 | for ($line = 2; $line -le $lines; $line ++) { 86 | $values = New-Object object[] $columns 87 | for ($column = 1; $column -le $columns; $column++) { 88 | $values[$column - 1] = $sheet.Cells.Item.Invoke($line, $column).Value2 89 | } 90 | 91 | $row = New-Object psobject 92 | $fields | foreach-object -begin {$i = 0} -process { 93 | $row | Add-Member -MemberType noteproperty -Name $fields[$i] -Value $values[$i]; $i++ 94 | } 95 | $row 96 | $percents = [math]::round((($line/$lines) * 100), 0) 97 | if ($DisplayProgress) { 98 | Write-Progress -Activity:"Importing from Excel file $FileName" -Status:"Imported $line of total $lines lines ($percents%)" -PercentComplete:$percents 99 | } 100 | } 101 | $workbook.Close() 102 | $excel.Quit() 103 | } 104 | -------------------------------------------------------------------------------- /psCTU/Outputs/CTUHeaders.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | 3 | .SYNOPSIS 4 | CTU Headers 5 | 6 | .DESCRIPTION 7 | This function contains all headers that will be printed on screen when called 8 | 9 | .INPUTS 10 | None 11 | 12 | .OUTPUTS 13 | Prints CTU Headers 14 | 15 | #> 16 | function Show-CTUART 17 | { 18 | param ( 19 | [string] $Title = 'Main Menu' 20 | ) 21 | 22 | Write-Host " " 23 | Write-Host "=============================================" -ForegroundColor "Yellow" 24 | write-host @" 25 | 26 | _____ _ ___ _ 27 | / __ \ | | / _ \ | | 28 | | / \/_ _| |__ ___ _ __/ /_\ \_ __| | __ 29 | | | | | | | '_ \ / _ \ '__| _ | '__| |/ / 30 | | \__/\ |_| | |_) | __/ | | | | | | | < 31 | \____/\__, |_.__/ \___|_| \_| |_/_| |_|\_\ 32 | __/ | 33 | |___/ 34 | _____ _ _ 35 | |_ _| (_) | | 36 | | | ___ _ __ _ __ ___ _ _ __ __ _| | 37 | | |/ _ \ '__| '_ ` _ \| | '_ \ / _` | | 38 | | | __/ | | | | | | | | | | | (_| | | 39 | \_/\___|_| |_| |_| |_|_|_| |_|\__,_|_| 40 | 41 | 42 | _ _ _ _ _ _ _ 43 | | | | | | (_) (_) | 44 | | | | | |_ _| |_| |_ _ _ CTU v1.0 45 | | | | | __| | | | __| | | | 46 | | |_| | |_| | | | |_| |_| | > Website: 47 | \___/ \__|_|_|_|\__|\__, | github.com/ 48 | __/ | zshehri/CTU 49 | |___/ 50 | 51 | "@ 52 | Write-Host "=============================================" -ForegroundColor "Yellow" 53 | Write-Host " " 54 | 55 | # https://github.com/zshehri/CTU 56 | 57 | } 58 | 59 | function Show-CTUHeader 60 | { 61 | param ( 62 | [string] $Title = 'Main Menu' 63 | ) 64 | cls 65 | Write-Host " " 66 | Write-Host " CyberArk Terminal Utility v1.0" -ForegroundColor "Cyan" 67 | Write-Host " " 68 | Write-Host " " (Get-Date -Format g) -ForegroundColor "Cyan" 69 | Write-Host " " 70 | 71 | } 72 | -------------------------------------------------------------------------------- /psCTU/Outputs/CTUMenus.ps1: -------------------------------------------------------------------------------- 1 | function Show-MainMenu 2 | { 3 | <# 4 | .SYNOPSIS 5 | CTU MENU 6 | 7 | .DESCRIPTION 8 | This file contains all menus that will be printed on screen when called, including: 9 | - Main Menu 10 | - Safes Management Menu 11 | - Users Management Menu 12 | - Safe Permissions Management Menu 13 | - Vaulted Accounts Management Menu 14 | - Debug Information Screen 15 | 16 | Inputs will be handeled through the main code. 17 | 18 | .INPUTS 19 | None 20 | 21 | .OUTPUTS 22 | Prints CTU Options 23 | 24 | #> 25 | 26 | param ( 27 | [string] $Title = 'Main Menu' 28 | ) 29 | cls 30 | Show-CTUHeader 31 | Write-Host " " 32 | Write-Host "================ $Title ================" -ForegroundColor "Yellow" 33 | Write-Host " " 34 | Write-Host " " 35 | Write-Host "1: Manage Safes (Add, Modify, Remove)" 36 | Write-Host " " 37 | Write-Host "2: Manage Users (Add, Modify, Remove)" 38 | Write-Host " " 39 | Write-Host "3: Manage Safe Permissions (Vault Ownership)" 40 | Write-Host " " 41 | Write-Host "4: Manage Vaulted Accounts (List, Add, Modify, Remove)" 42 | Write-Host " " 43 | Write-Host "D: Show debug information (Session ID, current user, etc...)" 44 | Write-Host " " 45 | Write-Host "Q: Press 'Q' to quit and logoff" -ForegroundColor "Yellow" 46 | Write-Host " " 47 | 48 | } 49 | 50 | function Show-SafesMenu 51 | { 52 | param ( 53 | [string] $Title = 'Safes Managment' 54 | ) 55 | Write-Host " " 56 | Write-Host "================ $Title ================" -ForegroundColor "Yellow" 57 | Write-Host " " 58 | Write-Host " " 59 | Write-Host "1: Add a new safe" 60 | Write-Host " " 61 | Write-Host "2: Modify an existing safe" 62 | Write-Host " " 63 | Write-Host "3: Remove an existing safe" 64 | Write-Host " " 65 | Write-Host "Q: Press 'Q' to go back to main menu" -ForegroundColor "Yellow" 66 | Write-Host " " 67 | } 68 | 69 | function Show-UsersMenu 70 | { 71 | param ( 72 | [string] $Title = 'Users Managment' 73 | ) 74 | Write-Host " " 75 | Write-Host "================ $Title ================" -ForegroundColor "Yellow" 76 | Write-Host " " 77 | Write-Host " " 78 | Write-Host "1: Add a new user" 79 | Write-Host " " 80 | Write-Host "2: Remove a user" 81 | Write-Host " " 82 | Write-Host "3: Modify user information" 83 | Write-Host " " 84 | # Write-Host "4: List all users who have access to a safe" 85 | # Write-Host " " 86 | # Write-Host "5: Change user's role or permissions (selecting from .\Templates\defined_roles.csv)" 87 | # Write-Host " " 88 | # Write-Host "6: (Bulk Change) Import users permissions from an Excel file (.csv/.xls/.xlsx are supported)" -ForegroundColor "Green" 89 | # Write-Host " " 90 | Write-Host "Q: Press 'Q' to go back to main menu" -ForegroundColor "Yellow" 91 | Write-Host " " 92 | } 93 | 94 | function Show-PermissionsMenu 95 | { 96 | param ( 97 | [string] $Title = 'Safe Permissions Managment' 98 | ) 99 | Write-Host " " 100 | Write-Host "================ $Title ================" -ForegroundColor "Yellow" 101 | Write-Host " " 102 | Write-Host " " 103 | Write-Host "1: Assign owner to a safe" 104 | Write-Host " " 105 | Write-Host "2: Assign user to a safe" 106 | Write-Host " " 107 | Write-Host "3: Remove member from a safe" 108 | Write-Host " " 109 | Write-Host "4: List all users in a safe" 110 | Write-Host " " 111 | Write-Host "5: (Bulk Changes) Import users permissions from an Excel file (.csv/.xls/.xlsx are supported)" -ForegroundColor "Green" 112 | Write-Host " " 113 | Write-Host "Q: Press 'Q' to go back to main menu" -ForegroundColor "Yellow" 114 | Write-Host " " 115 | } 116 | 117 | function Show-AccountsMenu 118 | { 119 | param ( 120 | [string] $Title = 'Accounts Management' 121 | ) 122 | Write-Host " " 123 | Write-Host "================ $Title ================" -ForegroundColor "Yellow" 124 | Write-Host " " 125 | Write-Host " " 126 | Write-Host "1: Add Account to an existing safe" 127 | Write-Host " " 128 | Write-Host "2: Modify Account Information" 129 | Write-Host " " 130 | Write-Host "3: Remove Account from a safe" 131 | Write-Host " " 132 | Write-Host "4: List Account information in a safe" 133 | Write-Host " " 134 | Write-Host "5: List all Accounts in a safe" 135 | Write-Host " " 136 | Write-Host "6: (Bulk Changes) Upload Accounts from an Excel file (.csv/.xls/.xlsx are supported)" -ForegroundColor "Green" 137 | Write-Host " " 138 | Write-Host "Q: Press 'Q' to go back to main menu" -ForegroundColor "Yellow" 139 | Write-Host " " 140 | } 141 | -------------------------------------------------------------------------------- /psCTU/psCTU.psm1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | 4 | .DESCRIPTION 5 | 6 | .EXAMPLE 7 | 8 | .INPUTS 9 | 10 | .OUTPUTS 11 | 12 | .NOTES 13 | 14 | .LINK 15 | 16 | #> 17 | [CmdletBinding()] 18 | param() 19 | 20 | #Get function files 21 | Get-ChildItem $PSScriptRoot\ -Recurse -Filter "*.ps1" | 22 | 23 | ForEach-Object { 24 | 25 | Try{ 26 | 27 | #Dot Source each file 28 | . $_.fullname 29 | 30 | } 31 | 32 | Catch{ 33 | 34 | Write-Error "Failed to import function $($_.fullname)" 35 | 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /psPAS/.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /psPAS/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. 6 | 7 | ## Our Standards 8 | 9 | Examples of behavior that contributes to creating a positive environment include: 10 | 11 | * Using welcoming and inclusive language 12 | * Being respectful of differing viewpoints and experiences 13 | * Gracefully accepting constructive criticism 14 | * Focusing on what is best for the community 15 | * Showing empathy towards other community members 16 | 17 | Examples of unacceptable behavior by participants include: 18 | 19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances 20 | * Trolling, insulting/derogatory comments, and personal or political attacks 21 | * Public or private harassment 22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission 23 | * Other conduct which could reasonably be considered inappropriate in a professional setting 24 | 25 | ## Our Responsibilities 26 | 27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. 28 | 29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. 30 | 31 | ## Scope 32 | 33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 34 | 35 | ## Enforcement 36 | 37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at pspas@virtualreal.it. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. 38 | 39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. 40 | 41 | ## Attribution 42 | 43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] 44 | 45 | [homepage]: http://contributor-covenant.org 46 | [version]: http://contributor-covenant.org/version/1/4/ 47 | -------------------------------------------------------------------------------- /psPAS/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | All contributions welcomed and are appreciated. 4 | 5 | ## Module Conventions 6 | ### PowerShell Styleguide 7 | Use the standard *Verb*-*Noun* convention, and only use approved verbs. 8 | 9 | All Functions must have Comment Based Help. 10 | 11 | [K&R (One True Brace Style variant)](https://github.com/PoshCode/PowerShellPracticeAndStyle/issues/81) preffered. 12 | 13 | ### Module Structure 14 | The [Functions](Functions/) directory structure is based on the of the structure official CyberArk WebServices SDK documentation). 15 | Any code exposing documented methods of the API must exist in the folder relevant to the method area (user, group, safe etc.). 16 | 17 | Any helper functions, consumed by other functions of the module must exist in the [Private](Private/) directory. 18 | 19 | ## Contributing Code 20 | 21 | - Fork the repo. 22 | - Push your changes to your fork. 23 | - Write a [good commit message][commit] 24 | - Submit a pull request 25 | - Keep pull requests limited to a single issue 26 | - Discussion, or necessary changes may be needed before merging the contribution. 27 | 28 | [commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html 29 | -------------------------------------------------------------------------------- /psPAS/Functions/AccountACL/Add-PASAccountACL.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASAccountACL { 2 | <# 3 | .SYNOPSIS 4 | Adds a new privileged command rule to an account. 5 | 6 | .DESCRIPTION 7 | Adds a new privileged command rule to an account. 8 | 9 | .PARAMETER AccountPolicyId 10 | The PolicyID associated with account. 11 | 12 | .PARAMETER AccountAddress 13 | The address of the account whose privileged commands will be listed. 14 | 15 | .PARAMETER AccountUserName 16 | The name of the account’s user. 17 | 18 | .PARAMETER Command 19 | The Command 20 | 21 | .PARAMETER CommandGroup 22 | Boolean for Command Group 23 | 24 | .PARAMETER PermissionType 25 | Allow or Deny permission 26 | 27 | .PARAMETER Restrictions 28 | A restriction string 29 | 30 | .PARAMETER UserName 31 | The user this rule applies to 32 | 33 | .PARAMETER sessionToken 34 | Hashtable containing the session token returned from New-PASSession 35 | 36 | .PARAMETER WebSession 37 | WebRequestSession object returned from New-PASSession 38 | 39 | .PARAMETER BaseURI 40 | PVWA Web Address 41 | Do not include "/PasswordVault/" 42 | 43 | .PARAMETER PVWAAppName 44 | The name of the CyberArk PVWA Virtual Directory. 45 | Defaults to PasswordVault 46 | 47 | .EXAMPLE 48 | $token | Add-PASAccountACL -AccountPolicyID UNIXSSH -AccountAddress ServerA.domain.com -AccountUserName root ` 49 | -Command 'for /l %a in (0,0,0) do xyz' -CommandGroup $false -PermissionType Deny -UserName TestUser 50 | 51 | This will add a new Privileged Command Rule to root for user TestUser 52 | 53 | .INPUTS 54 | AccountPolicyId, AccountAddress, SessionToken, WebSession & 55 | BaseURI can be piped by property name. 56 | Results of GET-PASAccount can be piped into this function, but 57 | username/accountname values must be explicitly specified due to 58 | ambiguities in the propertynames. 59 | 60 | .OUTPUTS 61 | Outputs Object of Custom Type psPAS.CyberArk.Vault.ACL 62 | SessionToken, WebSession, BaseURI are passed through and 63 | contained in output object for inclusion in subsequent 64 | pipeline operations. 65 | Output format is defined via psPAS.Format.ps1xml. 66 | To force all output to be shown, pipe to Select-Object * 67 | 68 | .NOTES 69 | 70 | .LINK 71 | 72 | #> 73 | [CmdletBinding()] 74 | param( 75 | [parameter( 76 | Mandatory = $true, 77 | ValueFromPipelinebyPropertyName = $true 78 | )] 79 | [Alias("PolicyID")] 80 | [Alias("PlatformID")] 81 | [ValidateNotNullOrEmpty()] 82 | [string]$AccountPolicyId, 83 | 84 | [parameter( 85 | Mandatory = $true, 86 | ValueFromPipelinebyPropertyName = $true 87 | )] 88 | [Alias("Address")] 89 | [ValidateNotNullOrEmpty()] 90 | [string]$AccountAddress, 91 | 92 | [parameter( 93 | Mandatory = $true, 94 | ValueFromPipelinebyPropertyName = $false 95 | )] 96 | [ValidateNotNullOrEmpty()] 97 | [string]$AccountUserName, 98 | 99 | [parameter( 100 | Mandatory = $true, 101 | ValueFromPipelinebyPropertyName = $false 102 | )] 103 | [ValidateNotNullOrEmpty()] 104 | [string]$Command, 105 | 106 | [parameter( 107 | Mandatory = $true, 108 | ValueFromPipelinebyPropertyName = $false 109 | )] 110 | [boolean]$CommandGroup, 111 | 112 | [parameter( 113 | Mandatory = $true, 114 | ValueFromPipelinebyPropertyName = $false 115 | )] 116 | [ValidateSet("Allow", "Deny")] 117 | [string]$PermissionType, 118 | 119 | [parameter( 120 | Mandatory = $false, 121 | ValueFromPipelinebyPropertyName = $false 122 | )] 123 | [ValidateNotNullOrEmpty()] 124 | [string]$Restrictions, 125 | 126 | [parameter( 127 | Mandatory = $true, 128 | ValueFromPipelinebyPropertyName = $false 129 | )] 130 | [ValidateNotNullOrEmpty()] 131 | [string]$UserName, 132 | 133 | [parameter( 134 | Mandatory = $true, 135 | ValueFromPipelinebyPropertyName = $true 136 | )] 137 | [ValidateNotNullOrEmpty()] 138 | [hashtable]$sessionToken, 139 | 140 | [parameter( 141 | ValueFromPipelinebyPropertyName = $true 142 | )] 143 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 144 | 145 | [parameter( 146 | Mandatory = $true, 147 | ValueFromPipelinebyPropertyName = $true 148 | )] 149 | [string]$BaseURI, 150 | 151 | [parameter( 152 | Mandatory = $false, 153 | ValueFromPipelinebyPropertyName = $true 154 | )] 155 | [string]$PVWAAppName = "PasswordVault" 156 | 157 | ) 158 | 159 | BEGIN {}#begin 160 | 161 | PROCESS { 162 | 163 | #URL for request 164 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Account/$($AccountAddress | 165 | 166 | Get-EscapedString)|$($AccountUserName | 167 | 168 | Get-EscapedString)|$($AccountPolicyId | 169 | 170 | Get-EscapedString)/PrivilegedCommands" 171 | 172 | #Request body 173 | $Body = $PSBoundParameters | 174 | 175 | Get-PASParameters -ParametersToRemove AccountAddress, AccountUserName, AccountPolicyID | 176 | 177 | ConvertTo-Json 178 | 179 | #Send Request 180 | $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body -Headers $sessionToken -WebSession $WebSession 181 | 182 | }#process 183 | 184 | END { 185 | 186 | if($result) { 187 | 188 | $result.AddAccountPrivilegedCommandResult | 189 | 190 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.ACL -PropertyToAdd @{ 191 | 192 | "sessionToken" = $sessionToken 193 | "WebSession" = $WebSession 194 | "BaseURI" = $BaseURI 195 | "PVWAAppName" = $PVWAAppName 196 | 197 | } 198 | 199 | } 200 | 201 | }#end 202 | 203 | } -------------------------------------------------------------------------------- /psPAS/Functions/AccountACL/Get-PASAccountACL.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASAccountACL { 2 | <# 3 | .SYNOPSIS 4 | Lists privileged commands rule for an account 5 | 6 | .DESCRIPTION 7 | Gets list of all privileged commands associated with an account 8 | 9 | .PARAMETER AccountPolicyId 10 | The PolicyID associated with account. 11 | 12 | .PARAMETER AccountAddress 13 | The address of the account whose privileged commands will be listed. 14 | 15 | .PARAMETER AccountUserName 16 | The name of the account’s user. 17 | 18 | .PARAMETER sessionToken 19 | Hashtable containing the session token returned from New-PASSession 20 | 21 | .PARAMETER WebSession 22 | WebRequestSession object returned from New-PASSession 23 | 24 | .PARAMETER BaseURI 25 | PVWA Web Address 26 | Do not include "/PasswordVault/" 27 | 28 | .PARAMETER PVWAAppName 29 | The name of the CyberArk PVWA Virtual Directory. 30 | Defaults to PasswordVault 31 | 32 | .EXAMPLE 33 | $token | Get-PASAccount root | Get-PASAccountACL 34 | 35 | Returns Privileged Account Rules for the account root found by Get-PASAccount: 36 | 37 | PolicyId Command PermissionType UserName Type IsGroup 38 | -------- ------- -------------- -------- ---- ------- 39 | UNIXSSH ifconfig Allow TestUser Account False 40 | UNIXSSH for /l %a in (0,0,0) do start Deny TestUser Account False 41 | UNIXSSH for /l %a in (0,0,0) do xyz Allow TestUser Account False 42 | 43 | .INPUTS 44 | All parameters can be piped by property name 45 | Should accept pipeline objects from other *-PASAccount functions 46 | 47 | .OUTPUTS 48 | Outputs Object of Custom Type psPAS.CyberArk.Vault.ACL 49 | SessionToken, WebSession, BaseURI are passed through and 50 | contained in output object for inclusion in subsequent 51 | pipeline operations. 52 | Output format is defined via psPAS.Format.ps1xml. 53 | To force all output to be shown, pipe to Select-Object * 54 | 55 | .NOTES 56 | 57 | .LINK 58 | 59 | #> 60 | [CmdletBinding()] 61 | param( 62 | [parameter( 63 | Mandatory = $true, 64 | ValueFromPipelinebyPropertyName = $true 65 | )] 66 | [Alias("PolicyID")] 67 | [string]$AccountPolicyId, 68 | 69 | [parameter( 70 | Mandatory = $true, 71 | ValueFromPipelinebyPropertyName = $true 72 | )] 73 | [Alias("Address")] 74 | [ValidateNotNullOrEmpty()] 75 | [string]$AccountAddress, 76 | 77 | [parameter( 78 | Mandatory = $true, 79 | ValueFromPipelinebyPropertyName = $true 80 | )] 81 | [Alias("UserName")] 82 | [ValidateNotNullOrEmpty()] 83 | [string]$AccountUserName, 84 | 85 | [parameter( 86 | Mandatory = $true, 87 | ValueFromPipelinebyPropertyName = $true 88 | )] 89 | [ValidateNotNullOrEmpty()] 90 | [hashtable]$sessionToken, 91 | 92 | [parameter( 93 | ValueFromPipelinebyPropertyName = $true 94 | )] 95 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 96 | 97 | [parameter( 98 | Mandatory = $true, 99 | ValueFromPipelinebyPropertyName = $true 100 | )] 101 | [string]$BaseURI, 102 | 103 | [parameter( 104 | Mandatory = $false, 105 | ValueFromPipelinebyPropertyName = $true 106 | )] 107 | [string]$PVWAAppName = "PasswordVault" 108 | 109 | ) 110 | 111 | BEGIN {}#begin 112 | 113 | PROCESS { 114 | 115 | #Create URL for request 116 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Account/$($AccountAddress | 117 | 118 | Get-EscapedString)|$($AccountUserName | 119 | 120 | Get-EscapedString)|$($AccountPolicyId | 121 | 122 | Get-EscapedString)/PrivilegedCommands" 123 | 124 | #Send request to Web Service 125 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession #DevSkim: ignore DS104456 126 | 127 | }#process 128 | 129 | END { 130 | 131 | if($result) { 132 | 133 | $result.ListAccountPrivilegedCommandsResult | 134 | 135 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.ACL -PropertyToAdd @{ 136 | 137 | "sessionToken" = $sessionToken 138 | "WebSession" = $WebSession 139 | "BaseURI" = $BaseURI 140 | "PVWAAppName" = $PVWAAppName 141 | 142 | } 143 | 144 | } 145 | 146 | }#end 147 | 148 | } -------------------------------------------------------------------------------- /psPAS/Functions/AccountACL/Remove-PASAccountACL.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASAccountACL { 2 | <# 3 | .SYNOPSIS 4 | Deletes privileged commands rule from an account 5 | 6 | .DESCRIPTION 7 | Deletes privileged commands rule associated with account 8 | 9 | .PARAMETER AccountPolicyID 10 | ID of account from which the commands will be deleted 11 | 12 | .PARAMETER Id 13 | The ID of the command that will be deleted 14 | 15 | .PARAMETER sessionToken 16 | Hashtable containing the session token returned from New-PASSession 17 | 18 | .PARAMETER sessionToken 19 | Hashtable containing the session token returned from New-PASSession 20 | 21 | .PARAMETER WebSession 22 | WebRequestSession object returned from New-PASSession 23 | 24 | .PARAMETER BaseURI 25 | PVWA Web Address 26 | Do not include "/PasswordVault/" 27 | 28 | .PARAMETER PVWAAppName 29 | The name of the CyberArk PVWA Virtual Directory. 30 | Defaults to PasswordVault 31 | 32 | .EXAMPLE 33 | $token | Remove-PASAccountACL -AccountPolicyId UNIXSSH -AccountAddress machine -AccountUserName root -Id 12 34 | 35 | Removes matching Privileged Account Rule from the account root 36 | 37 | .EXAMPLE 38 | $token | Get-PASAccount root | Get-PASAccountACL | Where-Object{$_.Command -eq "ifconfig"} | Remove-PASAccountACL 39 | 40 | Removes matching Privileged Account Rule from account. 41 | 42 | .INPUTS 43 | All parameters can be piped by property name 44 | Should accept pipeline objects from Get-PASAccountACL function 45 | 46 | .OUTPUTS 47 | None 48 | 49 | .NOTES 50 | 51 | .LINK 52 | 53 | #> 54 | [CmdletBinding()] 55 | param( 56 | [parameter( 57 | Mandatory = $true, 58 | ValueFromPipelinebyPropertyName = $true 59 | )] 60 | [Alias("PolicyID")] 61 | [ValidateNotNullOrEmpty()] 62 | [string]$AccountPolicyId, 63 | 64 | [parameter( 65 | Mandatory = $true, 66 | ValueFromPipelinebyPropertyName = $true 67 | )] 68 | [ValidateNotNullOrEmpty()] 69 | [string]$AccountAddress, 70 | 71 | [parameter( 72 | Mandatory = $true, 73 | ValueFromPipelinebyPropertyName = $true 74 | )] 75 | [ValidateNotNullOrEmpty()] 76 | [string]$AccountUserName, 77 | 78 | [parameter( 79 | Mandatory = $true, 80 | ValueFromPipelinebyPropertyName = $true 81 | )] 82 | [string]$Id, 83 | 84 | [parameter( 85 | Mandatory = $true, 86 | ValueFromPipelinebyPropertyName = $true 87 | )] 88 | [ValidateNotNullOrEmpty()] 89 | [hashtable]$sessionToken, 90 | 91 | [parameter( 92 | ValueFromPipelinebyPropertyName = $true 93 | )] 94 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 95 | 96 | [parameter( 97 | Mandatory = $true, 98 | ValueFromPipelinebyPropertyName = $true 99 | )] 100 | [string]$BaseURI, 101 | 102 | [parameter( 103 | Mandatory = $false, 104 | ValueFromPipelinebyPropertyName = $true 105 | )] 106 | [string]$PVWAAppName = "PasswordVault" 107 | ) 108 | 109 | BEGIN {}#begin 110 | 111 | PROCESS { 112 | 113 | #URL for request 114 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Account/$($AccountAddress | 115 | 116 | Get-EscapedString)|$($AccountUserName | 117 | 118 | Get-EscapedString)|$($AccountPolicyId | 119 | 120 | Get-EscapedString)/PrivilegedCommands/$Id" 121 | 122 | #Request Body 123 | $Body = @{} 124 | 125 | #Send Request to Web Service 126 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Body $Body -Headers $sessionToken -WebSession $WebSession 127 | 128 | }#process 129 | 130 | END {}#end 131 | 132 | } -------------------------------------------------------------------------------- /psPAS/Functions/AccountGroups/Add-PASAccountGroupMember.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASAccountGroupMember{ 2 | <# 3 | .SYNOPSIS 4 | Adds an account as a member of an account group. 5 | 6 | .DESCRIPTION 7 | Adds an account as a member of an account group. 8 | The account can contain either password or SSH key. 9 | The account must be stored in the same safe as the account group. 10 | The following permissions are required on the safe where the account group will be created: 11 | - Add Accounts 12 | - Update Account Content 13 | - Update Account Properties 14 | 15 | .PARAMETER GroupID 16 | The unique ID of the account group 17 | 18 | .PARAMETER AccountID 19 | The ID of the account to add as a member 20 | 21 | .PARAMETER sessionToken 22 | Hashtable containing the session token returned from New-PASSession 23 | 24 | .PARAMETER WebSession 25 | WebRequestSession object returned from New-PASSession 26 | 27 | .PARAMETER BaseURI 28 | PVWA Web Address 29 | Do not include "/PasswordVault/" 30 | 31 | .PARAMETER PVWAAppName 32 | The name of the CyberArk PVWA Virtual Directory. 33 | Defaults to PasswordVault 34 | 35 | .EXAMPLE 36 | 37 | .INPUTS 38 | All parameters can be piped by property name 39 | 40 | .OUTPUTS 41 | Outputs Object of Custom Type psPAS.CyberArk.Vault.AccountGroup 42 | SessionToken, WebSession, BaseURI are passed through and 43 | contained in output object for inclusion in subsequent 44 | pipeline operations. 45 | Output format is defined via psPAS.Format.ps1xml. 46 | To force all output to be shown, pipe to Select-Object * 47 | 48 | .NOTES 49 | [Ambiguous documentation] YMMV 50 | 51 | .LINK 52 | 53 | #> 54 | [CmdletBinding()] 55 | param( 56 | [parameter( 57 | Mandatory=$true, 58 | ValueFromPipelinebyPropertyName=$true 59 | )] 60 | [ValidateNotNullOrEmpty()] 61 | [string]$GroupID, 62 | 63 | [parameter( 64 | Mandatory=$true, 65 | ValueFromPipelinebyPropertyName=$true 66 | )] 67 | [string]$AccountID, 68 | 69 | [parameter( 70 | Mandatory=$true, 71 | ValueFromPipelinebyPropertyName=$true 72 | )] 73 | [ValidateNotNullOrEmpty()] 74 | [hashtable]$sessionToken, 75 | 76 | [parameter( 77 | ValueFromPipelinebyPropertyName=$true 78 | )] 79 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 80 | 81 | [parameter( 82 | Mandatory=$true, 83 | ValueFromPipelinebyPropertyName=$true 84 | )] 85 | [string]$BaseURI<#, 86 | 87 | [parameter( 88 | Mandatory=$false, 89 | ValueFromPipelinebyPropertyName=$true 90 | )] 91 | [string]$PVWAAppName = "PasswordVault"#> 92 | ) 93 | 94 | BEGIN{}#begin 95 | 96 | PROCESS{ 97 | 98 | #Create URL for Request 99 | $URI = "$baseURI/API/AccountGroups/$($GroupID | 100 | 101 | Get-EscapedString)/Members" 102 | 103 | #Create body of request 104 | $body = $PSBoundParameters | 105 | 106 | Get-PASParameters -ParametersToRemove GroupID | 107 | 108 | ConvertTo-Json 109 | 110 | #send request to PAS web service 111 | $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 112 | 113 | }#process 114 | 115 | END{ 116 | 117 | if($result){ 118 | 119 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.AccountGroup -PropertyToAdd @{ 120 | 121 | "sessionToken" = $sessionToken 122 | "WebSession" = $WebSession 123 | "BaseURI" = $BaseURI 124 | #"PVWAAppName" = $PVWAAppName 125 | 126 | } 127 | 128 | } 129 | 130 | }#end 131 | 132 | } -------------------------------------------------------------------------------- /psPAS/Functions/AccountGroups/New-PASAccountGroup.ps1: -------------------------------------------------------------------------------- 1 | function New-PASAccountGroup{ 2 | <# 3 | .SYNOPSIS 4 | Adds a new account group to the Vault 5 | 6 | .DESCRIPTION 7 | Defines a new account group in the vault. 8 | The following permissions are required on the safe where the account group will be created: 9 | - Add Accounts 10 | - Update Account Content 11 | - Update Accouunt Properties 12 | -Create Folders 13 | 14 | .PARAMETER GroupName 15 | The name of the group to create 16 | 17 | .PARAMETER GroupPlatform 18 | The name of the platform for the group. 19 | The associated platform must be set to "PolicyType=Group" 20 | 21 | .PARAMETER Safe 22 | The Safe where the group will be cerated 23 | 24 | .PARAMETER sessionToken 25 | Hashtable containing the session token returned from New-PASSession 26 | 27 | .PARAMETER WebSession 28 | WebRequestSession object returned from New-PASSession 29 | 30 | .PARAMETER BaseURI 31 | PVWA Web Address 32 | Do not include "/PasswordVault/" 33 | 34 | .PARAMETER PVWAAppName 35 | The name of the CyberArk PVWA Virtual Directory. 36 | Defaults to PasswordVault 37 | 38 | .EXAMPLE 39 | 40 | .INPUTS 41 | All parameters can be piped by property name 42 | 43 | .OUTPUTS 44 | Outputs Object of Custom Type psPAS.CyberArk.Vault.AccountGroup 45 | SessionToken, WebSession, BaseURI are passed through and 46 | contained in output object for inclusion in subsequent 47 | pipeline operations. 48 | Output format is defined via psPAS.Format.ps1xml. 49 | To force all output to be shown, pipe to Select-Object * 50 | 51 | .NOTES 52 | [Ambiguous documentation] YMMV 53 | 54 | .LINK 55 | 56 | #> 57 | [CmdletBinding()] 58 | param( 59 | [parameter( 60 | Mandatory=$true, 61 | ValueFromPipelinebyPropertyName=$true 62 | )] 63 | [ValidateNotNullOrEmpty()] 64 | [string]$GroupName, 65 | 66 | [parameter( 67 | Mandatory=$true, 68 | ValueFromPipelinebyPropertyName=$true 69 | )] 70 | [string]$GroupPlatform, 71 | 72 | [parameter( 73 | Mandatory=$true, 74 | ValueFromPipelinebyPropertyName=$true 75 | )] 76 | [string]$Safe, 77 | 78 | [parameter( 79 | Mandatory=$true, 80 | ValueFromPipelinebyPropertyName=$true 81 | )] 82 | [ValidateNotNullOrEmpty()] 83 | [hashtable]$sessionToken, 84 | 85 | [parameter( 86 | ValueFromPipelinebyPropertyName=$true 87 | )] 88 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 89 | 90 | [parameter( 91 | Mandatory=$true, 92 | ValueFromPipelinebyPropertyName=$true 93 | )] 94 | [string]$BaseURI<#, 95 | 96 | [parameter( 97 | Mandatory=$false, 98 | ValueFromPipelinebyPropertyName=$true 99 | )] 100 | [string]$PVWAAppName = "PasswordVault"#> 101 | ) 102 | 103 | BEGIN{}#begin 104 | 105 | PROCESS{ 106 | 107 | #Create URL for Request 108 | $URI = "$baseURI/API/AccountGroups/" 109 | 110 | #Create body of request 111 | $body = $PSBoundParameters | Get-PASParameters | ConvertTo-Json 112 | 113 | #send request to PAS web service 114 | $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 115 | 116 | }#process 117 | 118 | END{ 119 | 120 | if($result){ 121 | 122 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.AccountGroup -PropertyToAdd @{ 123 | 124 | "sessionToken" = $sessionToken 125 | "WebSession" = $WebSession 126 | "BaseURI" = $BaseURI 127 | #"PVWAAppName" = $PVWAAppName 128 | 129 | } 130 | 131 | } 132 | 133 | }#end 134 | 135 | } -------------------------------------------------------------------------------- /psPAS/Functions/Accounts/Get-PASAccountActivity.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASAccountActivity { 2 | <# 3 | .SYNOPSIS 4 | Returns activities for an account. 5 | 6 | .DESCRIPTION 7 | Returns activities for a specific account identified by its AccountID. 8 | 9 | .PARAMETER AccountID 10 | The ID of the account whose activities will be retrieved. 11 | 12 | .PARAMETER sessionToken 13 | Hashtable containing the session token returned from New-PASSession 14 | 15 | .PARAMETER WebSession 16 | WebRequestSession object returned from New-PASSession 17 | 18 | .PARAMETER BaseURI 19 | PVWA Web Address 20 | Do not include "/PasswordVault/" 21 | 22 | .PARAMETER PVWAAppName 23 | The name of the CyberArk PVWA Virtual Directory. 24 | Defaults to PasswordVault 25 | 26 | .EXAMPLE 27 | $token | Get-PASAccount -Keywords root -Safe UNIXSafe | Get-PASAccountActivity 28 | 29 | Will return the account activity for the account output by Get-PASAccount: 30 | 31 | Time Activity UserName AccountName 32 | ---- -------- -------- ----------- 33 | 08/07/2017 13:05:46 Delete Privileged Command Administrator root 34 | 08/07/2017 13:02:54 Delete Privileged Command Administrator root 35 | 07/30/2017 10:49:32 Add Privileged Command Administrator root 36 | ... 37 | ... 38 | ... 39 | 40 | .INPUTS 41 | All parameters can be piped by property name 42 | Accepts pipeline input from Get-PASAccount 43 | 44 | .OUTPUTS 45 | Outputs Object of Custom Type psPAS.CyberArk.Vault.AccountActivity 46 | SessionToken, WebSession, BaseURI are passed through and 47 | contained in output object for inclusion in subsequent 48 | pipeline operations. 49 | 50 | Output format is defined via psPAS.Format.ps1xml. 51 | To force all output to be shown, pipe to Select-Object * 52 | 53 | .NOTES 54 | .LINK 55 | #> 56 | [CmdletBinding()] 57 | param( 58 | [parameter( 59 | Mandatory = $true, 60 | ValueFromPipelinebyPropertyName = $true 61 | )] 62 | [string]$AccountID, 63 | 64 | [parameter( 65 | Mandatory = $true, 66 | ValueFromPipelinebyPropertyName = $true 67 | )] 68 | [ValidateNotNullOrEmpty()] 69 | [hashtable]$sessionToken, 70 | 71 | [parameter(ValueFromPipelinebyPropertyName = $true)] 72 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 73 | 74 | [parameter( 75 | Mandatory = $true, 76 | ValueFromPipelinebyPropertyName = $true 77 | )] 78 | [string]$BaseURI, 79 | 80 | [parameter( 81 | Mandatory = $false, 82 | ValueFromPipelinebyPropertyName = $true 83 | )] 84 | [string]$PVWAAppName = "PasswordVault" 85 | 86 | ) 87 | 88 | BEGIN {}#begin 89 | 90 | PROCESS { 91 | 92 | #Create request URL 93 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Accounts/$($AccountID | 94 | 95 | Get-EscapedString)/Activities" 96 | 97 | #Send request to web service 98 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 99 | 100 | }#process 101 | 102 | END { 103 | 104 | If($result) { 105 | 106 | #Return Results 107 | $result.GetAccountActivitiesResult | 108 | 109 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.AccountActivity -PropertyToAdd @{ 110 | 111 | "sessionToken" = $sessionToken 112 | "WebSession" = $WebSession 113 | "BaseURI" = $BaseURI 114 | "PVWAAppName" = $PVWAAppName 115 | 116 | } 117 | 118 | } 119 | 120 | }#end 121 | 122 | } -------------------------------------------------------------------------------- /psPAS/Functions/Accounts/Get-PASAccountCredentials.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASAccountCredentials { 2 | <# 3 | .SYNOPSIS 4 | Returns password for an account. 5 | 6 | .DESCRIPTION 7 | Returns password for an account identified by its AccountID. 8 | Will not return SSH Keys. 9 | Cannot be used if a reason for password access must be specified. 10 | 11 | .PARAMETER AccountID 12 | The ID of the account whose password will be retrieved. 13 | 14 | .PARAMETER sessionToken 15 | Hashtable containing the session token returned from New-PASSession 16 | 17 | .PARAMETER WebSession 18 | WebRequestSession object returned from New-PASSession 19 | 20 | .PARAMETER BaseURI 21 | PVWA Web Address 22 | Do not include "/PasswordVault/" 23 | 24 | .PARAMETER PVWAAppName 25 | The name of the CyberArk PVWA Virtual Directory. 26 | Defaults to PasswordVault 27 | 28 | .EXAMPLE 29 | $token | Get-PASAccount -Keywords root -Safe Prod_Safe | Get-PASAccountCredentials 30 | 31 | Will return the password value of the account fond by Get-PASAccount: 32 | 33 | Password 34 | -------- 35 | Ra^D0MwM666*&U 36 | 37 | .INPUTS 38 | All parameters can be piped by property name 39 | Accepts pipeline input from other Get-PASAccount 40 | 41 | .OUTPUTS 42 | Outputs Object of Custom Type psPAS.CyberArk.Vault.Credential 43 | SessionToken, WebSession, BaseURI are passed through and 44 | contained in output object for inclusion in subsequent 45 | pipeline operations. 46 | 47 | Output format is defined via psPAS.Format.ps1xml. 48 | To force all output to be shown, pipe to Select-Object * 49 | .NOTES 50 | 51 | .LINK 52 | #> 53 | [CmdletBinding()] 54 | param( 55 | [parameter( 56 | Mandatory = $true, 57 | ValueFromPipelinebyPropertyName = $true 58 | )] 59 | [string]$AccountID, 60 | 61 | [parameter( 62 | Mandatory = $true, 63 | ValueFromPipelinebyPropertyName = $true 64 | )] 65 | [ValidateNotNullOrEmpty()] 66 | [hashtable]$sessionToken, 67 | 68 | [parameter( 69 | ValueFromPipelinebyPropertyName = $true 70 | )] 71 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 72 | 73 | [parameter( 74 | Mandatory = $true, 75 | ValueFromPipelinebyPropertyName = $true 76 | )] 77 | [string]$BaseURI, 78 | 79 | [parameter( 80 | Mandatory = $false, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [string]$PVWAAppName = "PasswordVault" 84 | 85 | ) 86 | 87 | BEGIN {}#begin 88 | 89 | PROCESS { 90 | 91 | #Create request URL 92 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Accounts/$($AccountID | 93 | 94 | Get-EscapedString)/Credentials" 95 | 96 | #Send request to web service 97 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 98 | 99 | }#process 100 | 101 | END { 102 | 103 | If($result) { 104 | 105 | [PSCustomObject] @{"Password" = $result} | 106 | 107 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Credential -PropertyToAdd @{ 108 | 109 | "sessionToken" = $sessionToken 110 | "WebSession" = $WebSession 111 | "BaseURI" = $BaseURI 112 | "PVWAAppName" = $PVWAAppName 113 | 114 | } 115 | 116 | } 117 | 118 | }#end 119 | 120 | } -------------------------------------------------------------------------------- /psPAS/Functions/Accounts/Remove-PASAccount.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASAccount { 2 | <# 3 | .SYNOPSIS 4 | Deletes an account 5 | 6 | .DESCRIPTION 7 | Deletes a specific account in the Vault. 8 | The user who runs this web service requires the "Delete Accounts" permission 9 | 10 | .PARAMETER AccountID 11 | The unique ID of the account to delete. 12 | This is retrieved by the Get-PASAccount function. 13 | 14 | .PARAMETER sessionToken 15 | Hashtable containing the session token returned from New-PASSession 16 | 17 | .PARAMETER WebSession 18 | WebRequestSession object returned from New-PASSession 19 | 20 | .PARAMETER BaseURI 21 | PVWA Web Address 22 | Do not include "/PasswordVault/" 23 | 24 | .PARAMETER PVWAAppName 25 | The name of the CyberArk PVWA Virtual Directory. 26 | Defaults to PasswordVault 27 | 28 | .EXAMPLE 29 | $token | Remove-PASAccount -AccountID 19_1 30 | 31 | Deletes the account with AccountID of 19_1 32 | 33 | .INPUTS 34 | All parameters can be piped by propertyname 35 | 36 | .OUTPUTS 37 | None 38 | 39 | .NOTES 40 | 41 | .LINK 42 | 43 | #> 44 | [CmdletBinding()] 45 | param( 46 | [parameter( 47 | Mandatory = $true, 48 | ValueFromPipelinebyPropertyName = $true 49 | )] 50 | [ValidateNotNullOrEmpty()] 51 | [string]$AccountID, 52 | 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [ValidateNotNullOrEmpty()] 58 | [hashtable]$sessionToken, 59 | 60 | [parameter( 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 64 | 65 | [parameter( 66 | Mandatory = $true, 67 | ValueFromPipelinebyPropertyName = $true 68 | )] 69 | [string]$BaseURI, 70 | 71 | [parameter( 72 | Mandatory = $false, 73 | ValueFromPipelinebyPropertyName = $true 74 | )] 75 | [string]$PVWAAppName = "PasswordVault" 76 | 77 | ) 78 | 79 | BEGIN {}#begin 80 | 81 | PROCESS { 82 | 83 | #Create URL for request 84 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Accounts/$AccountID" 85 | 86 | #Send request to webservice 87 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 88 | 89 | }#process 90 | 91 | END {}#end 92 | } -------------------------------------------------------------------------------- /psPAS/Functions/Accounts/Start-PASCredChange.ps1: -------------------------------------------------------------------------------- 1 | function Start-PASCredChange { 2 | <# 3 | .SYNOPSIS 4 | Initiates an immediate password change by the CPM to a new random password. 5 | 6 | .DESCRIPTION 7 | Flags a managed account credentials for an immediate CPM password change. 8 | The "Initiate CPM password management operations" permission is required. 9 | 10 | .PARAMETER AccountID 11 | The unique ID of the account to delete. 12 | This is retrieved by the Get-PASAccount function. 13 | 14 | .PARAMETER ImmediateChangeByCPM 15 | Yes/No value, dictating if the account will be scheduled for immediate change. 16 | Specify Yes to initiate a password change by CPM 17 | 18 | .PARAMETER ChangeCredsForGroup 19 | Yes/No value, dictating if all accounts that belong to the same group should 20 | have their passwords changed. 21 | This is only relevant for accounts that belong to an account group. 22 | Parameter will be ignored if account does not belong to a group. 23 | 24 | .PARAMETER sessionToken 25 | Hashtable containing the session token returned from New-PASSession 26 | 27 | .PARAMETER WebSession 28 | WebRequestSession object returned from New-PASSession 29 | 30 | .PARAMETER BaseURI 31 | PVWA Web Address 32 | Do not include "/PasswordVault/" 33 | 34 | .PARAMETER PVWAAppName 35 | The name of the CyberArk PVWA Virtual Directory. 36 | Defaults to PasswordVault 37 | 38 | .EXAMPLE 39 | $token | Start-PASCredChange -AccountID 21_3 -ImmediateChangeByCPM Yes 40 | 41 | Will mark account with ID of "21_3" for immediate password change by CPM 42 | 43 | .EXAMPLE 44 | $token | Get-PASAccount xAccount | Start-PASCredChange -ImmediateChangeByCPM Yes 45 | 46 | Will mark xAccount for immediate password change by CPM 47 | 48 | .INPUTS 49 | SessionToken, AccountID, WebSession & BaseURI can be piped by property name 50 | 51 | .OUTPUTS 52 | None 53 | 54 | .NOTES 55 | 56 | .LINK 57 | 58 | #> 59 | [CmdletBinding()] 60 | param( 61 | [parameter( 62 | Mandatory = $true, 63 | ValueFromPipelinebyPropertyName = $true 64 | )] 65 | [ValidateNotNullOrEmpty()] 66 | [string]$AccountID, 67 | 68 | [parameter( 69 | Mandatory = $false, 70 | ValueFromPipelinebyPropertyName = $false 71 | )] 72 | [ValidateSet('Yes', 'No')] 73 | [string]$ImmediateChangeByCPM, 74 | 75 | [parameter( 76 | Mandatory = $false, 77 | ValueFromPipelinebyPropertyName = $false 78 | )] 79 | [ValidateSet('Yes', 'No')] 80 | [string]$ChangeCredForGroup, 81 | 82 | [parameter( 83 | Mandatory = $true, 84 | ValueFromPipelinebyPropertyName = $true 85 | )] 86 | [ValidateNotNullOrEmpty()] 87 | [hashtable]$SessionToken, 88 | 89 | [parameter( 90 | ValueFromPipelinebyPropertyName = $true 91 | )] 92 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 93 | 94 | [parameter( 95 | Mandatory = $true, 96 | ValueFromPipelinebyPropertyName = $true 97 | )] 98 | [string]$BaseURI, 99 | 100 | [parameter( 101 | Mandatory = $false, 102 | ValueFromPipelinebyPropertyName = $true 103 | )] 104 | [string]$PVWAAppName = "PasswordVault" 105 | ) 106 | 107 | BEGIN { 108 | 109 | #Create empty hashtable to hold objects for header 110 | #CredChange header is non-standard 111 | $header = @{} 112 | 113 | }#begin 114 | 115 | PROCESS { 116 | 117 | #Create URL for request 118 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Accounts/$AccountID/ChangeCredentials" 119 | 120 | #Header is normally just session token 121 | $header = $SessionToken 122 | 123 | #Get parameters to include in request body 124 | $boundParameters = $PSBoundParameters | 125 | 126 | #ImmediateChangeByCPM must be sent in the request header 127 | #remove it from the body of the request 128 | Get-PASParameters -ParametersToRemove "ImmediateChangeByCPM" 129 | 130 | #add ImmediateChangeByCPM to header as key=value pair 131 | $header["ImmediateChangeByCPM"] = $ImmediateChangeByCPM 132 | 133 | #create request body 134 | $body = $boundParameters | ConvertTo-Json 135 | 136 | #send request to web service 137 | Invoke-PASRestMethod -Uri $URI -Method PUT -body $body -Headers $header -WebSession $WebSession 138 | 139 | 140 | }#process 141 | 142 | END {}#end 143 | 144 | } -------------------------------------------------------------------------------- /psPAS/Functions/Accounts/Start-PASCredVerify.ps1: -------------------------------------------------------------------------------- 1 | function Start-PASCredVerify { 2 | <# 3 | .SYNOPSIS 4 | Marks account for immediate verification by the CPM to a new random password. 5 | 6 | .DESCRIPTION 7 | Flags a managed account credentials for an immediate CPM password verification. 8 | The "Initiate CPM password management operations" permission is required. 9 | 10 | .PARAMETER AccountID 11 | The unique ID of the account to delete. 12 | This is retrieved by the Get-PASAccount function. 13 | 14 | .PARAMETER sessionToken 15 | Hashtable containing the session token returned from New-PASSession 16 | 17 | .PARAMETER WebSession 18 | WebRequestSession object returned from New-PASSession 19 | 20 | .PARAMETER BaseURI 21 | PVWA Web Address 22 | Do not include "/PasswordVault/" 23 | 24 | .PARAMETER PVWAAppName 25 | The name of the CyberArk PVWA Virtual Directory. 26 | Defaults to PasswordVault 27 | 28 | .EXAMPLE 29 | $token | Start-PASCredVerify -AccountID 19_1 30 | 31 | Will mark account with AccountID of 19_1 for Immediate CPM Verification 32 | 33 | .INPUTS 34 | SessionToken, AccountID, WebSession & BaseURI can be piped by property name 35 | 36 | .OUTPUTS 37 | None 38 | 39 | .NOTES 40 | 41 | .LINK 42 | 43 | #> 44 | [CmdletBinding()] 45 | param( 46 | [parameter( 47 | Mandatory = $true, 48 | ValueFromPipelinebyPropertyName = $true 49 | )] 50 | [ValidateNotNullOrEmpty()] 51 | [string]$AccountID, 52 | 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [ValidateNotNullOrEmpty()] 58 | [hashtable]$SessionToken, 59 | 60 | [parameter( 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 64 | 65 | [parameter( 66 | Mandatory = $true, 67 | ValueFromPipelinebyPropertyName = $true 68 | )] 69 | [string]$BaseURI, 70 | 71 | [parameter( 72 | Mandatory = $false, 73 | ValueFromPipelinebyPropertyName = $true 74 | )] 75 | [string]$PVWAAppName = "PasswordVault" 76 | ) 77 | 78 | BEGIN {}#begin 79 | 80 | PROCESS { 81 | 82 | #Create URL for request 83 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Accounts/$AccountID/VerifyCredentials" 84 | 85 | $body = @{} | ConvertTo-Json 86 | 87 | #send request to web service 88 | Invoke-PASRestMethod -Uri $URI -Method PUT -Body $body -Headers $SessionToken -WebSession $WebSession 89 | 90 | }#process 91 | 92 | END {}#end 93 | 94 | } -------------------------------------------------------------------------------- /psPAS/Functions/Applications/Add-PASApplication.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASApplication { 2 | <# 3 | .SYNOPSIS 4 | Adds a new application to the Vault 5 | 6 | .DESCRIPTION 7 | Adds a new application to the Vault. 8 | Manage Users permission is required. 9 | 10 | .PARAMETER AppID 11 | The application name. 12 | Must be fewer than 128 characters. 13 | Cannot include ampersand ("&") character. 14 | Can include "@" character, but any searches for applications cannot include 15 | this character. 16 | 17 | .PARAMETER Description 18 | Description of the application, no longer than 29 characters. 19 | 20 | .PARAMETER Location 21 | The location of the application in the vault hierarchy. 22 | Note: to insert a backslash in the location path, use a double backslash. 23 | 24 | .PARAMETER AccessPermittedFrom 25 | The start hour that access is permitted to the application. 26 | Valid values are 0-23. 27 | 28 | .PARAMETER AccessPermittedTo 29 | The end hour that access to the application is permitted. 30 | Valid values are 0-23. 31 | 32 | .PARAMETER ExpirationDate 33 | The date when the application expires. 34 | Must be in format mm-dd-yyyy 35 | 36 | .PARAMETER Disabled 37 | Boolean value, denoting if the application is disabled or not. 38 | 39 | .PARAMETER BusinessOwnerFName 40 | The first name of the business owner. 41 | Specify up to 29 characters. 42 | 43 | .PARAMETER BusinessOwnerLName 44 | The last name of the business owner. 45 | 46 | .PARAMETER BusinessOwnerEmail 47 | The email address of the business owner 48 | 49 | .PARAMETER BusinessOwnerPhone 50 | The phone number of the business owner. 51 | Specify up to 24 characters. 52 | 53 | .PARAMETER sessionToken 54 | Hashtable containing the session token returned from New-PASSession 55 | 56 | .PARAMETER WebSession 57 | WebRequestSession object returned from New-PASSession 58 | 59 | .PARAMETER BaseURI 60 | PVWA Web Address 61 | Do not include "/PasswordVault/" 62 | 63 | .PARAMETER PVWAAppName 64 | The name of the CyberArk PVWA Virtual Directory. 65 | Defaults to PasswordVault 66 | 67 | .EXAMPLE 68 | $token | Add-PASApplication -AppID NewApp -Description "A new application" -Location "\" ` 69 | -AccessPermittedFrom 9 -AccessPermittedTo 17 -BusinessOwnerEmail 'appowner@company.com' 70 | 71 | Will add a new application called "NewApp", in the root location, accessible from 9am to 5pm 72 | 73 | .INPUTS 74 | All parameters can be piped by property name 75 | 76 | .OUTPUTS 77 | None 78 | 79 | .NOTES 80 | 81 | .LINK 82 | #> 83 | [CmdletBinding()] 84 | param( 85 | [parameter( 86 | Mandatory = $true, 87 | ValueFromPipelinebyPropertyName = $true 88 | )] 89 | [ValidateNotNullOrEmpty()] 90 | [ValidateLength(1, 127)] 91 | [ValidateScript( {$_ -notmatch ".*(\&).*"})] 92 | [string]$AppID, 93 | 94 | [parameter( 95 | Mandatory = $false, 96 | ValueFromPipelinebyPropertyName = $true 97 | )] 98 | [ValidateLength(0, 29)] 99 | [string]$Description, 100 | 101 | [parameter( 102 | Mandatory = $true, 103 | ValueFromPipelinebyPropertyName = $true 104 | )] 105 | [string]$Location, 106 | 107 | [parameter( 108 | Mandatory = $false, 109 | ValueFromPipelinebyPropertyName = $true 110 | )] 111 | [ValidateRange(0, 23)] 112 | [int]$AccessPermittedFrom, 113 | 114 | [parameter( 115 | Mandatory = $false, 116 | ValueFromPipelinebyPropertyName = $true 117 | )] 118 | [ValidateRange(0, 23)] 119 | [int]$AccessPermittedTo, 120 | 121 | [parameter( 122 | Mandatory = $false, 123 | ValueFromPipelinebyPropertyName = $true 124 | )] 125 | [ValidateScript( {if($_ -match '^(0[1-9]|1[0-2])[-](0[1-9]|[12]\d|3[01])[-]\d{4}$') { 126 | $true 127 | } Else {Throw "$_ must match pattern MM-DD-YYYY"}})] 128 | [string]$ExpirationDate, 129 | 130 | [parameter( 131 | Mandatory = $false, 132 | ValueFromPipelinebyPropertyName = $true 133 | )] 134 | [boolean]$Disabled, 135 | 136 | [parameter( 137 | Mandatory = $false, 138 | ValueFromPipelinebyPropertyName = $true 139 | )] 140 | [ValidateLength(0, 29)] 141 | [string]$BusinessOwnerFName, 142 | 143 | [parameter( 144 | Mandatory = $false, 145 | ValueFromPipelinebyPropertyName = $true 146 | )] 147 | [string]$BusinessOwnerLName, 148 | 149 | [parameter( 150 | Mandatory = $false, 151 | ValueFromPipelinebyPropertyName = $true 152 | )] 153 | [string]$BusinessOwnerEmail, 154 | 155 | [parameter( 156 | Mandatory = $false, 157 | ValueFromPipelinebyPropertyName = $true 158 | )] 159 | [ValidateLength(0, 24)] 160 | [int]$BusinessOwnerPhone, 161 | 162 | [parameter( 163 | Mandatory = $true, 164 | ValueFromPipelinebyPropertyName = $true 165 | )] 166 | [ValidateNotNullOrEmpty()] 167 | [hashtable]$sessionToken, 168 | 169 | [parameter( 170 | ValueFromPipelinebyPropertyName = $true 171 | )] 172 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 173 | 174 | [parameter( 175 | Mandatory = $true, 176 | ValueFromPipelinebyPropertyName = $true 177 | )] 178 | [string]$BaseURI, 179 | 180 | [parameter( 181 | Mandatory = $false, 182 | ValueFromPipelinebyPropertyName = $true 183 | )] 184 | [string]$PVWAAppName = "PasswordVault" 185 | 186 | ) 187 | 188 | BEGIN {}#begin 189 | 190 | PROCESS { 191 | 192 | #WebService URL 193 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications" 194 | 195 | #Create Request Body 196 | $body = @{ 197 | "application" = $PSBoundParameters | Get-PASParameters 198 | 199 | } | ConvertTo-Json 200 | 201 | #Send Request 202 | Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 203 | 204 | }#process 205 | 206 | END {}#end 207 | } -------------------------------------------------------------------------------- /psPAS/Functions/Applications/Add-PASApplicationAuthenticationMethod.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASApplicationAuthenticationMethod { 2 | <# 3 | .SYNOPSIS 4 | Adds an authentication method to an application. 5 | 6 | .DESCRIPTION 7 | Adds a new authentication method to a specific application iin the vault. 8 | The "Manage Users" permission is required to be held by the user running the function. 9 | 10 | .PARAMETER AppID 11 | The name of the application for which a new authentication method is being added. 12 | 13 | .PARAMETER AuthType 14 | The tye of authentication. 15 | Valid Values are machineAddress, osUser, path, hashValue 16 | 17 | .PARAMETER AuthValue 18 | The content of the authentication. 19 | 20 | .PARAMETER IsFolder 21 | Boolean value denoting if path is a folder. 22 | Only relevant for "Path Authentication". 23 | 24 | .PARAMETER AllowInternalScripts 25 | Boolean value denoting if internal scripts are allowed. 26 | Only relevant for "Path Authentication". 27 | 28 | .PARAMETER Comment 29 | Note Property 30 | only relevant for hash authentication. 31 | 32 | .PARAMETER sessionToken 33 | Hashtable containing the session token returned from New-PASSession 34 | 35 | .PARAMETER WebSession 36 | WebRequestSession object returned from New-PASSession 37 | 38 | .PARAMETER BaseURI 39 | PVWA Web Address 40 | Do not include "/PasswordVault/" 41 | 42 | .PARAMETER PVWAAppName 43 | The name of the CyberArk PVWA Virtual Directory. 44 | Defaults to PasswordVault 45 | 46 | .EXAMPLE 47 | $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType machineAddress -AuthValue AppServer1.domain.com 48 | 49 | Adds a Machine Address application authentication mechanism to NewApp 50 | 51 | .EXAMPLE 52 | $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType osUser -AuthValue Domain\SomeUser 53 | 54 | Adds an osUSer application authentication mechanism to NewApp 55 | 56 | .EXAMPLE 57 | $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType path -AuthValue SomePath 58 | 59 | Adds path application authentication mechanism to NewApp 60 | 61 | .EXAMPLE 62 | $token | Add-PASApplicationAuthenticationMethod -AppID NewApp -AuthType certificateserialnumber -AuthValue 040000000000FA3DEFE9A9 -Comment "DEV Cert" 63 | 64 | Adds certificateserialnumber application authentication mechanism to NewApp 65 | 66 | .INPUTS 67 | All parameters can be piped by property name 68 | 69 | .OUTPUTS 70 | None 71 | 72 | .NOTES 73 | Function uses dynamicparameters. 74 | Dynamic Parameters IsFolder, AllowInternalScripts & Comment do 75 | not accept input from the pipeline. 76 | 77 | .LINK 78 | 79 | #> 80 | [CmdletBinding()] 81 | param( 82 | [parameter( 83 | Mandatory = $true, 84 | ValueFromPipelinebyPropertyName = $true 85 | )] 86 | [ValidateNotNullOrEmpty()] 87 | [string]$AppID, 88 | 89 | [parameter( 90 | Mandatory = $true, 91 | ValueFromPipelinebyPropertyName = $true 92 | )] 93 | [ValidateSet("path", "hash", "osUser", "machineAddress", "certificateserialnumber")] 94 | [string]$AuthType, 95 | 96 | [parameter( 97 | Mandatory = $true, 98 | ValueFromPipelinebyPropertyName = $true 99 | )] 100 | #[ValidateScript({<#[0-9a-fA-F]+CertSerialnumberValidation#>})] 101 | [string]$AuthValue, 102 | 103 | [parameter( 104 | Mandatory = $true, 105 | ValueFromPipelinebyPropertyName = $true 106 | )] 107 | [ValidateNotNullOrEmpty()] 108 | [hashtable]$sessionToken, 109 | 110 | [parameter( 111 | ValueFromPipelinebyPropertyName = $true 112 | )] 113 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 114 | 115 | [parameter( 116 | Mandatory = $true, 117 | ValueFromPipelinebyPropertyName = $true 118 | )] 119 | [string]$BaseURI, 120 | 121 | [parameter( 122 | Mandatory = $false, 123 | ValueFromPipelinebyPropertyName = $true 124 | )] 125 | [string]$PVWAAppName = "PasswordVault" 126 | ) 127 | 128 | DynamicParam { 129 | 130 | #Create a RuntimeDefinedParameterDictionary 131 | $Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary 132 | 133 | #Add dynamic parameters to $dictionary 134 | if($AuthType -eq "path") { 135 | 136 | #parameters only relevant to path authentication 137 | New-DynamicParam -Name IsFolder -DPDictionary $Dictionary -Type boolean 138 | New-DynamicParam -Name AllowInternalScripts -DPDictionary $Dictionary -Type boolean 139 | 140 | } 141 | 142 | if(($AuthType -eq "hash") -or ($AuthType -eq "certificateserialnumber")) { 143 | 144 | #add comment parmater 145 | New-DynamicParam -Name Comment -DPDictionary $Dictionary 146 | 147 | } 148 | 149 | #return RuntimeDefinedParameterDictionary 150 | $Dictionary 151 | 152 | } 153 | 154 | BEGIN {}#begin 155 | 156 | PROCESS { 157 | 158 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications/$($AppID | 159 | 160 | Get-EscapedString)/Authentications" 161 | 162 | $Body = @{ 163 | 164 | "authentication" = $PSBoundParameters | Get-PASParameters 165 | 166 | } | ConvertTo-Json 167 | 168 | Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 169 | 170 | }#process 171 | 172 | END {}#end 173 | 174 | } -------------------------------------------------------------------------------- /psPAS/Functions/Applications/Get-PASApplication.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASApplication { 2 | <# 3 | .SYNOPSIS 4 | Returns a specific application 5 | 6 | .DESCRIPTION 7 | returns information about a specific application. 8 | Audit Users vault permission is required. 9 | 10 | .PARAMETER AppID 11 | The name of the application 12 | 13 | .PARAMETER sessionToken 14 | Hashtable containing the session token returned from New-PASSession 15 | 16 | .PARAMETER WebSession 17 | WebRequestSession object returned from New-PASSession 18 | 19 | .PARAMETER BaseURI 20 | PVWA Web Address 21 | Do not include "/PasswordVault/" 22 | 23 | .PARAMETER PVWAAppName 24 | The name of the CyberArk PVWA Virtual Directory. 25 | Defaults to PasswordVault 26 | 27 | .EXAMPLE 28 | $token | Get-PASApplication newapp 29 | 30 | Gets details of the application "NewApp": 31 | 32 | AppID Description Location Disabled 33 | ----- ----------- -------- -------- 34 | NewApp A new application \ False 35 | 36 | .INPUTS 37 | All parameters can be piped by property name 38 | 39 | .OUTPUTS 40 | Outputs Object of Custom Type psPAS.CyberArk.Vault.Application 41 | SessionToken, WebSession, BaseURI are passed through and 42 | contained in output object for inclusion in subsequent 43 | pipeline operations. 44 | 45 | Output format is defined via psPAS.Format.ps1xml. 46 | To force all output to be shown, pipe to Select-Object * 47 | 48 | .NOTES 49 | 50 | .LINK 51 | 52 | #> 53 | [CmdletBinding()] 54 | param( 55 | [parameter( 56 | Mandatory = $true, 57 | ValueFromPipelinebyPropertyName = $true 58 | )] 59 | [string]$AppID, 60 | 61 | [parameter( 62 | Mandatory = $true, 63 | ValueFromPipelinebyPropertyName = $true 64 | )] 65 | [ValidateNotNullOrEmpty()] 66 | [hashtable]$sessionToken, 67 | 68 | [parameter( 69 | ValueFromPipelinebyPropertyName = $true 70 | )] 71 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 72 | 73 | [parameter( 74 | Mandatory = $true, 75 | ValueFromPipelinebyPropertyName = $true 76 | )] 77 | [string]$BaseURI, 78 | 79 | [parameter( 80 | Mandatory = $false, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [string]$PVWAAppName = "PasswordVault" 84 | ) 85 | 86 | BEGIN {}#begin 87 | 88 | PROCESS { 89 | 90 | #URL for Request 91 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications/$($AppID | 92 | 93 | Get-EscapedString)" 94 | 95 | #Send request to web service 96 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 97 | 98 | }#process 99 | 100 | END { 101 | 102 | if($result) { 103 | 104 | $result.application | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Application -PropertyToAdd @{ 105 | 106 | "sessionToken" = $sessionToken 107 | "WebSession" = $WebSession 108 | "BaseURI" = $BaseURI 109 | "PVWAAppName" = $PVWAAppName 110 | 111 | } 112 | 113 | } 114 | #return result 115 | 116 | }#end 117 | 118 | } -------------------------------------------------------------------------------- /psPAS/Functions/Applications/Get-PASApplicationAuthenticationMethods.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASApplicationAuthenticationMethods { 2 | <# 3 | .SYNOPSIS 4 | Returns information about all of the authentication methods of a specific application. 5 | 6 | .DESCRIPTION 7 | Returns information about all of the authentication methods of a specific application. 8 | The user authenticated to the vault running the command must have the "Audit Users" permission. 9 | 10 | .PARAMETER AppID 11 | The name of the application for which information about authentication methods will be returned. 12 | 13 | .PARAMETER sessionToken 14 | Hashtable containing the session token returned from New-PASSession 15 | 16 | .PARAMETER WebSession 17 | WebRequestSession object returned from New-PASSession 18 | 19 | .PARAMETER BaseURI 20 | PVWA Web Address 21 | Do not include "/PasswordVault/" 22 | 23 | .PARAMETER PVWAAppName 24 | The name of the CyberArk PVWA Virtual Directory. 25 | Defaults to PasswordVault 26 | 27 | .EXAMPLE 28 | $token | Get-PASApplicationAuthenticationMethods -AppID NewApp 29 | 30 | Gets all authentication methods of application NewApp 31 | 32 | .INPUTS 33 | All parameters can be piped by property name 34 | Should accept pipeline objects from other *-PASApplication* functions 35 | 36 | .OUTPUTS 37 | Outputs Object of Custom Type psPAS.CyberArk.Vault.Application 38 | SessionToken, WebSession, BaseURI are passed through and 39 | contained in output object for inclusion in subsequent 40 | pipeline operations. 41 | 42 | Output format is defined via psPAS.Format.ps1xml. 43 | To force all output to be shown, pipe to Select-Object * 44 | 45 | .NOTES 46 | 47 | .LINK 48 | 49 | #> 50 | [CmdletBinding()] 51 | param( 52 | [parameter( 53 | Mandatory = $true, 54 | ValueFromPipelinebyPropertyName = $true 55 | )] 56 | [string]$AppID, 57 | 58 | [parameter( 59 | Mandatory = $true, 60 | ValueFromPipelinebyPropertyName = $true 61 | )] 62 | [ValidateNotNullOrEmpty()] 63 | [hashtable]$sessionToken, 64 | 65 | [parameter( 66 | ValueFromPipelinebyPropertyName = $true 67 | )] 68 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 69 | 70 | [parameter( 71 | Mandatory = $true, 72 | ValueFromPipelinebyPropertyName = $true 73 | )] 74 | [string]$BaseURI, 75 | 76 | [parameter( 77 | Mandatory = $false, 78 | ValueFromPipelinebyPropertyName = $true 79 | )] 80 | [string]$PVWAAppName = "PasswordVault" 81 | ) 82 | 83 | BEGIN {}#begin 84 | 85 | PROCESS { 86 | 87 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications/$($AppID | 88 | 89 | Get-EscapedString)/Authentications" 90 | 91 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 92 | 93 | }#process 94 | 95 | END { 96 | 97 | if($result) { 98 | 99 | $result.authentication | Add-ObjectDetail -typename psPAS.CyberArk.Vault.ApplicationAuth -PropertyToAdd @{ 100 | 101 | "sessionToken" = $sessionToken 102 | "WebSession" = $WebSession 103 | "BaseURI" = $BaseURI 104 | "PVWAAppName" = $PVWAAppName 105 | 106 | } 107 | 108 | } 109 | 110 | }#end 111 | 112 | } -------------------------------------------------------------------------------- /psPAS/Functions/Applications/Get-PASApplications.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASApplications { 2 | <# 3 | .SYNOPSIS 4 | Returns list of all applications in Vault 5 | 6 | .DESCRIPTION 7 | Gets the List of all Application from the Vault. 8 | Results can be filtered by specifying additional parameters 9 | Audit Users permission is required. 10 | 11 | .PARAMETER AppID 12 | Application Name 13 | 14 | .PARAMETER Location 15 | Location of the application in the Vault hierarchy. 16 | Default=\ 17 | 18 | .PARAMETER IncludeSubLocations 19 | Will search be carried out in sublocations of specified location? 20 | Boolean 21 | 22 | .PARAMETER sessionToken 23 | Hashtable containing the session token returned from New-PASSession 24 | 25 | .PARAMETER WebSession 26 | WebRequestSession object returned from New-PASSession 27 | 28 | .PARAMETER BaseURI 29 | PVWA Web Address 30 | Do not include "/PasswordVault/" 31 | 32 | .PARAMETER PVWAAppName 33 | The name of the CyberArk PVWA Virtual Directory. 34 | Defaults to PasswordVault 35 | 36 | .EXAMPLE 37 | $token | Get-PASApplications 38 | 39 | Returns information on all defined applications 40 | 41 | .INPUTS 42 | All parameters can be piped by property name 43 | Should accept pipeline objects from other *-PASApplication* functions 44 | 45 | .OUTPUTS 46 | Outputs Object of Custom Type psPAS.CyberArk.Vault.Application 47 | SessionToken, WebSession, BaseURI are passed through and 48 | contained in output object for inclusion in subsequent 49 | pipeline operations. 50 | 51 | Output format is defined via psPAS.Format.ps1xml. 52 | To force all output to be shown, pipe to Select-Object * 53 | 54 | .NOTES 55 | 56 | .LINK 57 | 58 | #> 59 | [CmdletBinding()] 60 | param( 61 | [parameter( 62 | Mandatory = $false, 63 | ValueFromPipelinebyPropertyName = $true 64 | )] 65 | [ValidateNotNullOrEmpty()] 66 | [string]$AppID, 67 | 68 | [parameter( 69 | Mandatory = $false, 70 | ValueFromPipelinebyPropertyName = $true 71 | )] 72 | [ValidateNotNullOrEmpty()] 73 | [string]$Location, 74 | 75 | [parameter( 76 | Mandatory = $false, 77 | ValueFromPipelinebyPropertyName = $true 78 | )] 79 | [boolean]$IncludeSublocations, 80 | 81 | [parameter( 82 | Mandatory = $true, 83 | ValueFromPipelinebyPropertyName = $true 84 | )] 85 | [ValidateNotNullOrEmpty()] 86 | [hashtable]$sessionToken, 87 | 88 | [parameter( 89 | ValueFromPipelinebyPropertyName = $true 90 | )] 91 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 92 | 93 | [parameter( 94 | Mandatory = $true, 95 | ValueFromPipelinebyPropertyName = $true 96 | )] 97 | [string]$BaseURI, 98 | 99 | [parameter( 100 | Mandatory = $false, 101 | ValueFromPipelinebyPropertyName = $true 102 | )] 103 | [string]$PVWAAppName = "PasswordVault" 104 | ) 105 | 106 | BEGIN {}#begin 107 | 108 | PROCESS { 109 | 110 | #Get parameters for request string 111 | $boundParameters = $PSBoundParameters | Get-PASParameters 112 | 113 | #Create query string 114 | $query = ($boundParameters.keys | ForEach-Object { 115 | 116 | "$_=$($boundParameters[$_] | Get-EscapedString)" 117 | 118 | }) -join '&' 119 | 120 | #Create URL for request 121 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications?$query" 122 | 123 | #Send request to web service 124 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 125 | 126 | 127 | 128 | }#process 129 | 130 | END { 131 | 132 | if($result) { 133 | 134 | #Return results 135 | $result.application | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Application -PropertyToAdd @{ 136 | 137 | "sessionToken" = $sessionToken 138 | "WebSession" = $WebSession 139 | "BaseURI" = $BaseURI 140 | "PVWAAppName" = $PVWAAppName 141 | 142 | } 143 | 144 | } 145 | 146 | }#end 147 | 148 | } -------------------------------------------------------------------------------- /psPAS/Functions/Applications/Remove-PASApplication.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASApplication { 2 | <# 3 | .SYNOPSIS 4 | Deletes an application 5 | 6 | .DESCRIPTION 7 | Deletes a specific application. 8 | "Manage Users" permission is required to be held. 9 | 10 | .PARAMETER AppID 11 | The name of the application to delete. 12 | 13 | .PARAMETER sessionToken 14 | Hashtable containing the session token returned from New-PASSession 15 | 16 | .PARAMETER WebSession 17 | WebRequestSession object returned from New-PASSession 18 | 19 | .PARAMETER BaseURI 20 | PVWA Web Address 21 | Do not include "/PasswordVault/" 22 | 23 | .PARAMETER PVWAAppName 24 | The name of the CyberArk PVWA Virtual Directory. 25 | Defaults to PasswordVault 26 | 27 | .EXAMPLE 28 | $token | Remove-PASApplication -AppID NewApp 29 | 30 | Deletes application "NewApp" 31 | 32 | .INPUTS 33 | All parameters can be piped by property name 34 | Should accept pipeline objects from other *-PASApplication* functions 35 | 36 | .OUTPUTS 37 | None 38 | 39 | .NOTES 40 | 41 | .LINK 42 | #> 43 | [CmdletBinding()] 44 | param( 45 | [parameter( 46 | Mandatory = $true, 47 | ValueFromPipelinebyPropertyName = $true 48 | )] 49 | [ValidateNotNullOrEmpty()] 50 | [string]$AppID, 51 | 52 | [parameter( 53 | Mandatory = $true, 54 | ValueFromPipelinebyPropertyName = $true 55 | )] 56 | [ValidateNotNullOrEmpty()] 57 | [hashtable]$sessionToken, 58 | 59 | [parameter( 60 | ValueFromPipelinebyPropertyName = $true 61 | )] 62 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 63 | 64 | [parameter( 65 | Mandatory = $true, 66 | ValueFromPipelinebyPropertyName = $true 67 | )] 68 | [string]$BaseURI, 69 | 70 | [parameter( 71 | Mandatory = $false, 72 | ValueFromPipelinebyPropertyName = $true 73 | )] 74 | [string]$PVWAAppName = "PasswordVault" 75 | ) 76 | 77 | BEGIN {}#begin 78 | 79 | PROCESS { 80 | 81 | #Request URL 82 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications/$($AppID | 83 | 84 | Get-EscapedString)/" 85 | 86 | #Send Request 87 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 88 | 89 | }#process 90 | 91 | END {}#end 92 | 93 | } -------------------------------------------------------------------------------- /psPAS/Functions/Applications/Remove-PASApplicationAuthenticationMethod.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASApplicationAuthenticationMethod { 2 | <# 3 | .SYNOPSIS 4 | Deletes an authentication method from an application 5 | 6 | .DESCRIPTION 7 | Deletes a specific authentication method from a defined application. 8 | "Manage Users" permission is required. 9 | 10 | .PARAMETER AppID 11 | The ID of the application in which the authentication will be deleted. 12 | 13 | .PARAMETER AuthID 14 | The unique ID of the specific authentication. 15 | 16 | .PARAMETER sessionToken 17 | Hashtable containing the session token returned from New-PASSession 18 | 19 | .PARAMETER WebSession 20 | WebRequestSession object returned from New-PASSession 21 | 22 | .PARAMETER BaseURI 23 | PVWA Web Address 24 | Do not include "/PasswordVault/" 25 | 26 | .PARAMETER PVWAAppName 27 | The name of the CyberArk PVWA Virtual Directory. 28 | Defaults to PasswordVault 29 | 30 | .EXAMPLE 31 | $token | Remove-PASApplicationAuthenticationMethod -AppID NewApp -AuthID 1 32 | 33 | Deletes authentication method with ID of 1 from "NewApp" 34 | 35 | .EXAMPLE 36 | $token | Get-PASApplicationAuthenticationMethods -AppID NewApp | Remove-PASApplicationAuthenticationMethod 37 | 38 | Deletes all authentication methods from "NewApp" 39 | 40 | .INPUTS 41 | All parameters can be piped by property name 42 | Should accept pipeline objects from other *-PASApplication* functions 43 | 44 | .OUTPUTS 45 | None 46 | 47 | .NOTES 48 | 49 | .LINK 50 | #> 51 | [CmdletBinding()] 52 | param( 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [ValidateNotNullOrEmpty()] 58 | [string]$AppID, 59 | 60 | [parameter( 61 | Mandatory = $true, 62 | ValueFromPipelinebyPropertyName = $true 63 | )] 64 | [ValidateNotNullOrEmpty()] 65 | [string]$AuthID, 66 | 67 | [parameter( 68 | Mandatory = $true, 69 | ValueFromPipelinebyPropertyName = $true 70 | )] 71 | [ValidateNotNullOrEmpty()] 72 | [hashtable]$sessionToken, 73 | 74 | [parameter( 75 | ValueFromPipelinebyPropertyName = $true 76 | )] 77 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 78 | 79 | [parameter( 80 | Mandatory = $true, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [string]$BaseURI, 84 | 85 | [parameter( 86 | Mandatory = $false, 87 | ValueFromPipelinebyPropertyName = $true 88 | )] 89 | [string]$PVWAAppName = "PasswordVault" 90 | ) 91 | 92 | BEGIN {}#begin 93 | 94 | PROCESS { 95 | 96 | #request URL 97 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Applications/$($AppID | 98 | 99 | Get-EscapedString)/Authentications/$($AuthID | 100 | 101 | Get-EscapedString)" 102 | 103 | #Send Request 104 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 105 | 106 | }#process 107 | 108 | END {}#end 109 | 110 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/Add-PASPublicSSHKey.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASPublicSSHKey { 2 | <# 3 | .SYNOPSIS 4 | Adds an authorised public SSH key foraspecific user in the Vault. 5 | 6 | .DESCRIPTION 7 | Adding an authorised public SSH key to a vault user allows the user 8 | to authenticate to the Vault through PSMP using a corresponding private SSH key. 9 | 10 | The "Reset User Passwords" Permission is required in the vault to manage public SSH keys. 11 | The user account used to add the key MUST be in the same Vault Location or higher 12 | then the user whose public SSH keys are added. 13 | A user cannot manage their own public SSH keys. 14 | 15 | .PARAMETER UserName 16 | The username of the Vault user whose public SSH keys will be added 17 | A username cannot contain te follwing characters: "%", "&", "+" or ".". 18 | 19 | .PARAMETER PublicSSHKey 20 | The content of the public SSH key as it appears in the authorized_keys file. 21 | The key must not include new lines ('\n'). 22 | Do not include options such as "command", as they are not supported when 23 | authenticating through PSMP. 24 | This key can only include comments in English. 25 | 26 | .PARAMETER sessionToken 27 | Hashtable containing the session token returned from New-PASSession 28 | 29 | .PARAMETER WebSession 30 | WebRequestSession object returned from New-PASSession 31 | 32 | .PARAMETER BaseURI 33 | PVWA Web Address 34 | Do not include "/PasswordVault/" 35 | 36 | .PARAMETER PVWAAppName 37 | The name of the CyberArk PVWA Virtual Directory. 38 | Defaults to PasswordVault 39 | 40 | .EXAMPLE 41 | $token | Add-PASPublicSSHKey -UserName keyUser -PublicSSHKey AAAAB3NzaC1kc3MAAACBAJ3hB5SAF6mBXPlZlRoJEZi0KSIN+NU2iGiaXZXi9CDrgVxp6/andonandonandOON== 42 | 43 | Adds SSH Key to vault user keyUser 44 | 45 | .INPUTS 46 | All parameters can be piped by property name 47 | Should accept pipeline objects from other *-PASUser 48 | or *-PASPublicSSHKey functions 49 | 50 | .OUTPUTS 51 | Outputs Object of Custom Type psPAS.CyberArk.Vault.PASPublicSSHKey 52 | SessionToken, WebSession, BaseURI are passed through and 53 | contained in output object for inclusion in subsequent 54 | pipeline operations. 55 | 56 | Output format is defined via psPAS.Format.ps1xml. 57 | To force all output to be shown, pipe to Select-Object * 58 | 59 | .NOTES 60 | 61 | .LINK 62 | #> 63 | [CmdletBinding()] 64 | param( 65 | [parameter( 66 | Mandatory = $true, 67 | ValueFromPipelinebyPropertyName = $true 68 | )] 69 | [ValidateScript( {$_ -notmatch ".*(%|\&|\+|\.).*"})] 70 | [string]$UserName, 71 | 72 | [parameter( 73 | Mandatory = $true, 74 | ValueFromPipelinebyPropertyName = $true 75 | )] 76 | [ValidateScript( {$_ -notmatch "`n"})] 77 | [string]$PublicSSHKey, 78 | 79 | [parameter( 80 | Mandatory = $true, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [ValidateNotNullOrEmpty()] 84 | [hashtable]$SessionToken, 85 | 86 | [parameter(ValueFromPipelinebyPropertyName = $true)] 87 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 88 | 89 | [parameter( 90 | Mandatory = $true, 91 | ValueFromPipelinebyPropertyName = $true 92 | )] 93 | [string]$BaseURI, 94 | 95 | [parameter( 96 | Mandatory = $false, 97 | ValueFromPipelinebyPropertyName = $true 98 | )] 99 | [string]$PVWAAppName = "PasswordVault" 100 | ) 101 | 102 | BEGIN {}#begin 103 | 104 | PROCESS { 105 | 106 | #Create URL to endpoint for request 107 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users/$($UserName | 108 | 109 | Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys" 110 | 111 | #create request body 112 | $Body = @{ 113 | 114 | "PublicSSHKey" = $PublicSSHKey 115 | 116 | } | ConvertTo-Json 117 | 118 | #send request to webservice 119 | $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $SessionToken -WebSession $WebSession 120 | 121 | }#process 122 | 123 | END { 124 | if($result) { 125 | 126 | $result.AddUserAuthorizedKeyResult | 127 | 128 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.PublicSSHKey -PropertyToAdd @{ 129 | 130 | "UserName" = $UserName 131 | "sessionToken" = $sessionToken 132 | "WebSession" = $WebSession 133 | "BaseURI" = $BaseURI 134 | "PVWAAppName" = $PVWAAppName 135 | 136 | } 137 | 138 | } 139 | 140 | }#end 141 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/Close-PASSAMLSession.ps1: -------------------------------------------------------------------------------- 1 | function Close-PASSAMLSession { 2 | <# 3 | .SYNOPSIS 4 | Logoff from CyberArk Vault SAML Session. 5 | 6 | .DESCRIPTION 7 | Performs Vault Logoff from SAML session and removes the Vault session. 8 | 9 | .PARAMETER sessionToken 10 | Hashtable containing the session token returned from New-PASSAMLSession 11 | 12 | .PARAMETER WebSession 13 | WebRequestSession object returned from New-PASSession 14 | 15 | .PARAMETER BaseURI 16 | A string containing the base web address to send te request to. 17 | Pass the portion the PVWA HTTP address. 18 | Do not include "/PasswordVault/" 19 | 20 | .PARAMETER PVWAAppName 21 | The name of the CyberArk PVWA Virtual Directory. 22 | Defaults to PasswordVault 23 | 24 | .EXAMPLE 25 | $token | Close-PASSAMLSession 26 | 27 | Logs off from the SAML session related to the authorisation token 28 | 29 | .INPUTS 30 | 31 | .OUTPUTS 32 | 33 | .NOTES 34 | Not Tested nor confirmed as working. 35 | New-PASSAMLSession function needs to be fixed first. 36 | 37 | .LINK 38 | #> 39 | [CmdletBinding()] 40 | param( 41 | [parameter( 42 | Mandatory = $true, 43 | ValueFromPipelinebyPropertyName = $true 44 | )] 45 | [ValidateNotNullOrEmpty()] 46 | [hashtable]$sessionToken, 47 | 48 | [parameter( 49 | ValueFromPipelinebyPropertyName = $true 50 | )] 51 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 52 | 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [string]$BaseURI, 58 | 59 | [parameter( 60 | Mandatory = $false, 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [string]$PVWAAppName = "PasswordVault" 64 | ) 65 | 66 | BEGIN { 67 | 68 | }#begin 69 | 70 | PROCESS { 71 | 72 | #Construct URL for request 73 | $URI = "$baseURI/$PVWAAppName/WebServices/auth/SAML/SAMLAuthenticationService.svc/Logoff" 74 | 75 | $Body = @{} | ConvertTo-Json 76 | 77 | #Send Logon Request 78 | Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Header $sessionToken -WebSession $WebSession 79 | 80 | }#process 81 | 82 | END {}#end 83 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/Close-PASSession.ps1: -------------------------------------------------------------------------------- 1 | function Close-PASSession { 2 | <# 3 | .SYNOPSIS 4 | Logoff from CyberArk Vault. 5 | 6 | .DESCRIPTION 7 | Performs Logoff and removes the Vault session. 8 | 9 | .PARAMETER sessionToken 10 | Hashtable containing the session token returned from New-PASSession 11 | 12 | .PARAMETER WebSession 13 | WebRequestSession object returned from New-PASSession 14 | 15 | .PARAMETER BaseURI 16 | PVWA Web Address 17 | Do not include "/PasswordVault/" 18 | 19 | .PARAMETER PVWAAppName 20 | The name of the CyberArk PVWA Virtual Directory. 21 | Defaults to PasswordVault 22 | 23 | .EXAMPLE 24 | $token | Close-PASSession 25 | 26 | Logs off from the session related to the authorisation token. 27 | 28 | .INPUTS 29 | All Parameters accept piped values by propertyname 30 | 31 | .OUTPUTS 32 | None 33 | 34 | .NOTES 35 | 36 | .LINK 37 | #> 38 | [CmdletBinding()] 39 | param( 40 | [parameter( 41 | Mandatory = $true, 42 | ValueFromPipelinebyPropertyName = $true 43 | )] 44 | [ValidateNotNullOrEmpty()] 45 | [hashtable]$sessionToken, 46 | 47 | [parameter( 48 | ValueFromPipelinebyPropertyName = $true 49 | )] 50 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 51 | 52 | [parameter( 53 | Mandatory = $true, 54 | ValueFromPipelinebyPropertyName = $true 55 | )] 56 | [string]$BaseURI, 57 | 58 | [parameter( 59 | Mandatory = $false, 60 | ValueFromPipelinebyPropertyName = $true 61 | )] 62 | [string]$PVWAAppName = "PasswordVault" 63 | 64 | ) 65 | 66 | BEGIN {}#begin 67 | 68 | PROCESS { 69 | 70 | #Construct URL for request 71 | $URI = "$baseURI/$PVWAAppName/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logoff" 72 | 73 | #Send Logoff Request 74 | Invoke-PASRestMethod -Uri $URI -Method POST -Headers $sessionToken -WebSession $WebSession 75 | 76 | }#process 77 | 78 | END {}#end 79 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/Close-PASSharedSession.ps1: -------------------------------------------------------------------------------- 1 | function Close-PASSharedSession { 2 | <# 3 | .SYNOPSIS 4 | Logoff from CyberArk Vault shared user. 5 | 6 | .DESCRIPTION 7 | Performs Logoff and removes the Vault session. 8 | 9 | .PARAMETER sessionToken 10 | Hashtable containing the session token returned from New-PASSharedSession 11 | 12 | .PARAMETER WebSession 13 | WebRequestSession object returned from New-PASSession 14 | 15 | .PARAMETER BaseURI 16 | A string containing the base web address to send te request to. 17 | Pass the portion the PVWA HTTP address. 18 | Do not include "/PasswordVault/" 19 | 20 | .PARAMETER PVWAAppName 21 | The name of the CyberArk PVWA Virtual Directory. 22 | Defaults to PasswordVault 23 | 24 | .EXAMPLE 25 | $token | Close-PASSharedSession 26 | 27 | Logs off from the session related to the authorisation token. 28 | 29 | .INPUTS 30 | Valid CyberArk Authentication session token 31 | WebSession object 32 | URL string 33 | can all be piped in by property name 34 | 35 | .OUTPUTS 36 | None 37 | 38 | .NOTES 39 | 40 | .LINK 41 | #> 42 | [CmdletBinding()] 43 | param( 44 | [parameter( 45 | Mandatory = $true, 46 | ValueFromPipelinebyPropertyName = $true 47 | )] 48 | [ValidateNotNullOrEmpty()] 49 | [hashtable]$sessionToken, 50 | 51 | [parameter( 52 | ValueFromPipelinebyPropertyName = $true 53 | )] 54 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 55 | 56 | [parameter( 57 | Mandatory = $true, 58 | ValueFromPipelinebyPropertyName = $true 59 | )] 60 | [string]$BaseURI, 61 | 62 | [parameter( 63 | Mandatory = $false, 64 | ValueFromPipelinebyPropertyName = $true 65 | )] 66 | [string]$PVWAAppName = "PasswordVault" 67 | ) 68 | 69 | BEGIN { 70 | 71 | }#begin 72 | 73 | PROCESS { 74 | 75 | #Construct URL for request 76 | $URI = "$baseURI/$PVWAAppName/WebServices/auth/Shared/RestfulAuthenticationService.svc/Logoff" 77 | 78 | #Send Logon Request 79 | Invoke-PASRestMethod -Uri $URI -Method POST -Header $sessionToken -WebSession $WebSession 80 | 81 | }#process 82 | 83 | END {}#end 84 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/Get-PASPublicSSHKey.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASPublicSSHKey { 2 | <# 3 | .SYNOPSIS 4 | Retrieves a user's SSH Keys. 5 | 6 | .DESCRIPTION 7 | Retrieves all public SSH keys that are authorized for a specific user. 8 | The "Reset User Passwords" Vault permission is required to query public SSH Keys. 9 | The authenticated user who runs the function must be in the same Vault 10 | Location or higher as the user whose public SSH keys are retrieved. 11 | A user cannot manage their own public SSH keys. 12 | 13 | .PARAMETER UserName 14 | The username of the Vault user whose public SSH keys will be added 15 | A username cannot contain te follwing characters: "%", "&", "+" or ".". 16 | 17 | .PARAMETER sessionToken 18 | Hashtable containing the session token returned from New-PASSession 19 | 20 | .PARAMETER WebSession 21 | WebRequestSession object returned from New-PASSession 22 | 23 | .PARAMETER BaseURI 24 | PVWA Web Address 25 | Do not include "/PasswordVault/" 26 | 27 | .PARAMETER PVWAAppName 28 | The name of the CyberArk PVWA Virtual Directory. 29 | Defaults to PasswordVault 30 | 31 | .EXAMPLE 32 | $token | Get-PASPublicSSHKey -UserName user1 33 | 34 | Lists all SSH Keys for vault user - user1: 35 | 36 | UserName KeyID PublicSSHKey 37 | -------- ----- ------------ 38 | user1 415161FE8F2B408BB76BC244258C3697 ACABB3NzaC1kc3MAAACBAJ3hA............... 39 | user1 B6DCA4D54B2E93380F42DDCDB23EE52A AgreatNzaC1kc3MAAACBAJ3hB............... 40 | user1 D6374740D11A5F45992D80D80E97387A PHil0soPh3rkc3MAAACBAJ3hC............... 41 | 42 | .INPUTS 43 | All parameters can be piped by property name 44 | Accepts pipeline objects from *-PASUser functions 45 | 46 | .OUTPUTS 47 | Outputs Object of Custom Type psPAS.CyberArk.Vault.PASPublicSSHKey 48 | SessionToken, WebSession, BaseURI are passed through and 49 | contained in output object for inclusion in subsequent 50 | pipeline operations. 51 | 52 | Output format is defined via psPAS.Format.ps1xml. 53 | To force all output to be shown, pipe to Select-Object * 54 | 55 | .NOTES 56 | .LINK 57 | #> 58 | [CmdletBinding()] 59 | param( 60 | [parameter( 61 | Mandatory = $true, 62 | ValueFromPipelinebyPropertyName = $true 63 | )] 64 | [ValidateScript( {$_ -notmatch ".*(%|\&|\+|\.).*"})] 65 | [string]$UserName, 66 | 67 | [parameter( 68 | Mandatory = $true, 69 | ValueFromPipelinebyPropertyName = $true 70 | )] 71 | [ValidateNotNullOrEmpty()] 72 | [hashtable]$SessionToken, 73 | 74 | [parameter(ValueFromPipelinebyPropertyName = $true)] 75 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 76 | 77 | [parameter( 78 | Mandatory = $true, 79 | ValueFromPipelinebyPropertyName = $true 80 | )] 81 | [string]$BaseURI, 82 | 83 | [parameter( 84 | Mandatory = $false, 85 | ValueFromPipelinebyPropertyName = $true 86 | )] 87 | [string]$PVWAAppName = "PasswordVault" 88 | 89 | ) 90 | 91 | BEGIN {}#begin 92 | 93 | PROCESS { 94 | 95 | #Create URL for request 96 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users/$($UserName | 97 | 98 | Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys" 99 | 100 | #Send request to web service 101 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $SessionToken -WebSession $WebSession 102 | 103 | }#process 104 | 105 | END { 106 | 107 | if($result) { 108 | 109 | $result.GetUserAuthorizedKeysResult | 110 | 111 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.PublicSSHKey -PropertyToAdd @{ 112 | 113 | "UserName" = $UserName 114 | "sessionToken" = $sessionToken 115 | "WebSession" = $WebSession 116 | "BaseURI" = $BaseURI 117 | "PVWAAppName" = $PVWAAppName 118 | 119 | } 120 | 121 | } 122 | 123 | }#end 124 | 125 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/New-PASSAMLSession.ps1: -------------------------------------------------------------------------------- 1 | function New-PASSAMLSession { 2 | <# 3 | .SYNOPSIS 4 | Authenticates a user to CyberArk Vault..... well it should 5 | Development is ongoing whilst the correct format of the 6 | token to include in the header is determined. 7 | All tips appreciated. 8 | 9 | .DESCRIPTION 10 | [Currently fails to] Authenticate a user to a CyberArk Vault using SAML 11 | 12 | .Parameter Credential 13 | Valid Credential object 14 | 15 | .PARAMETER SessionVariable 16 | After successful execution of this function, and authentication to the Vault, a WebSession 17 | object, that contains information about the connection and the request, including cookies, 18 | will be created and passed back in the return object. 19 | This can be passed to subsequent requests to ensure websessions are persistant when the 20 | PAS Web Service exists accross PVWA servers behind a load balancer. 21 | 22 | .PARAMETER BaseURI 23 | A string containing the base web address to send te request to. 24 | Pass the portion the PVWA HTTP address. 25 | Do not include "/PasswordVault/" 26 | 27 | .PARAMETER PVWAAppName 28 | The name of the CyberArk PVWA Virtual Directory. 29 | Defaults to PasswordVault 30 | 31 | .EXAMPLE 32 | $token = New-PASSAMLSession -Credential $Creds -BaseURI https://PVWA.domain.com 33 | 34 | Gets authorisation token by authenticating to CyberArk via SAML 35 | 36 | .INPUTS 37 | A PSCredential Object can be piped to this function. 38 | 39 | .OUTPUTS 40 | CyberArk Session token; This token identifies the session with the vault, and 41 | is supplied to every other web service request in the same session. 42 | A WebSession object; This contains information about the connection and the request, 43 | including cookies. Can be supplied to other web service requests. 44 | baseURI; this is the URL provided as an input to this function, it can be piped to 45 | other functions from this return object. 46 | 47 | .NOTES 48 | 49 | .LINK 50 | #> 51 | [CmdletBinding()] 52 | param( 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [ValidateNotNullOrEmpty()] 58 | [PSCredential]$Credential, 59 | 60 | [parameter( 61 | Mandatory = $false 62 | )] 63 | [string]$SessionVariable = "PASSession", 64 | 65 | [parameter( 66 | Mandatory = $true, 67 | ValueFromPipeline = $false 68 | )] 69 | [string]$BaseURI, 70 | 71 | [parameter( 72 | Mandatory = $false, 73 | ValueFromPipeline = $false 74 | )] 75 | [string]$PVWAAppName = "PasswordVault" 76 | ) 77 | 78 | BEGIN { 79 | 80 | #Construct URL for request 81 | $URI = "$baseURI/$PVWAAppName/WebServices/auth/SAML/SAMLAuthenticationService.svc/Logon" 82 | 83 | }#begin 84 | 85 | PROCESS { 86 | 87 | #Create base64 encoded token for header 88 | $Token = [System.Text.Encoding]::UTF8.GetBytes("$($Credential.UserName):$($Credential.GetNetworkCredential().Password)") 89 | $EncodedToken = [System.Convert]::ToBase64String($Token) 90 | 91 | #add token to header 92 | $Header = @{"Authorization" = "Basic $EncodedToken"} 93 | 94 | #create empty body 95 | $Body = @{} | ConvertTo-Json 96 | 97 | #Send Logon Request 98 | $PASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Header $Header -SessionVariable $SessionVariable 99 | 100 | #Return Object 101 | [pscustomobject]@{ 102 | 103 | #Authentication Token 104 | "sessionToken" = @{"Authorization" = $PASSession | 105 | 106 | #Required for all subsequent Web Service Calls 107 | Select-Object -ExpandProperty CyberArkLogonResult 108 | } 109 | 110 | #WebSession Object 111 | "WebSession" = $PASSession | 112 | 113 | Select-Object -ExpandProperty WebSession 114 | 115 | #The Web Service URL the request was sent to 116 | "BaseURI" = $BaseURI 117 | 118 | #The PVWA App Name/Virtual Directory 119 | "PVWAAppName" = $PVWAAppName 120 | 121 | #Set default properties to display in output 122 | } | Add-ObjectDetail -DefaultProperties sessionToken, BaseURI 123 | 124 | }#process 125 | 126 | END {}#end 127 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/New-PASSession.ps1: -------------------------------------------------------------------------------- 1 | function New-PASSession { 2 | <# 3 | .SYNOPSIS 4 | Authenticates a user to CyberArk Vault. 5 | 6 | .DESCRIPTION 7 | Authenticates a user to a CyberArk Vault and returns a token and a webrequest session object 8 | that can be used in subsequent PAS Web Services calls. 9 | In addition, this method allows you to set a new password. 10 | Authenticate using CyberArk, LDAP or RADIUS authentication (From CyberArk version 9.7 up). 11 | For CyberArk version older than 9.7: 12 | Only CyberArk Authentication method is supported. 13 | newPassword Parameter is not supported. 14 | useRadiusAuthentication Parameter is not supported. 15 | connectionNumber Parameter is not supported. 16 | 17 | .PARAMETER Credential 18 | A Valid PSCredential object. 19 | 20 | .PARAMETER newPassword 21 | Optional parameter, enables you to change a CyberArk users password. 22 | Must be supplied as a SecureString (Not Plain Text). 23 | 24 | .PARAMETER useRadiusAuthentication 25 | Whether or not users will be authenticated via a RADIUS server. 26 | 27 | .PARAMETER connectionNumber 28 | In order to allow more than one connection for the same user simultaneously, each request 29 | should be sent with different 'connectionNumber'. 30 | Valid values: 1-100 31 | 32 | .PARAMETER SessionVariable 33 | After successful execution of this function, and authentication to the Vault, a WebSession 34 | object, that contains information about the connection and the request, including cookies, 35 | will be created and passed back in the return object. 36 | This can be passed to subsequent requests to ensure websessions are persistant when the 37 | PAS Web Service exists accross PVWA servers behind a load balancer. 38 | 39 | .PARAMETER BaseURI 40 | A string containing the base web address to send te request to. 41 | Pass the portion the PVWA HTTP address. 42 | Do not include "/PasswordVault/" 43 | 44 | .PARAMETER PVWAAppName 45 | The name of the CyberArk PVWA Virtual Directory. 46 | Defaults to PasswordVault 47 | 48 | .EXAMPLE 49 | Logon with credential and save auth token: 50 | 51 | $token = New-PASSession -Credential $cred -BaseURI https://PVWA 52 | 53 | Request would be sent to PVWA URL https://PVWA/PasswordVault/ 54 | 55 | .EXAMPLE 56 | Logon where PVWA Virtual Directory has non-default name: 57 | 58 | New-PASSession -Credential $cred -BaseURI https://PVWA -PVWAAppName PasswdVlt 59 | 60 | Request would be sent to PVWA URL https://PVWA/PasswdVlt/ 61 | 62 | .INPUTS 63 | A PSCredential Object can be piped to this function. 64 | 65 | .OUTPUTS 66 | CyberArk Session token; This token identifies the session with the vault, and 67 | is supplied to every other web service request in the same session. 68 | A WebSession object; This contains information about the connection and the request, 69 | including cookies. Can be supplied to other web service requests. 70 | baseURI; this is the URL provided as an input to this function, it can be piped to 71 | other functions from this return object. 72 | ConnectionNumber; the connectionNumber provided to this function. 73 | 74 | Output uses defined default properties. 75 | To force all output to be shown, pipe to Select-Object * 76 | 77 | .NOTES 78 | 79 | .LINK 80 | #> 81 | [CmdletBinding()] 82 | param( 83 | [parameter( 84 | Mandatory = $true, 85 | ValueFromPipelinebyPropertyName = $true 86 | )] 87 | [ValidateNotNullOrEmpty()] 88 | [PSCredential]$Credential, 89 | 90 | [Parameter( 91 | Mandatory = $false, 92 | ValueFromPipeline = $false 93 | )] 94 | [SecureString]$newPassword, 95 | 96 | [Parameter( 97 | Mandatory = $false, 98 | ValueFromPipeline = $false 99 | )] 100 | [bool]$useRadiusAuthentication, 101 | 102 | [Parameter( 103 | Mandatory = $false, 104 | ValueFromPipeline = $false 105 | )] 106 | [ValidateRange(1, 100)] 107 | [string]$connectionNumber, 108 | 109 | [parameter( 110 | Mandatory = $false, 111 | ValueFromPipeline = $false 112 | )] 113 | [string]$SessionVariable = "PASSession", 114 | 115 | [parameter( 116 | Mandatory = $true, 117 | ValueFromPipeline = $false 118 | )] 119 | [string]$BaseURI, 120 | 121 | [parameter( 122 | Mandatory = $false, 123 | ValueFromPipeline = $false 124 | )] 125 | [string]$PVWAAppName = "PasswordVault" 126 | ) 127 | 128 | BEGIN { 129 | 130 | #Construct URL for request 131 | $URI = "$baseURI/$PVWAAppName/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon" 132 | 133 | 134 | }#begin 135 | 136 | PROCESS { 137 | 138 | #Get request parameters 139 | $boundParameters = $PSBoundParameters | Get-PASParameters -ParametersToRemove Credential 140 | 141 | #Add user name form credential object 142 | $boundParameters["username"] = $($Credential.UserName) 143 | #Add decoded password value from credential object 144 | $boundParameters["password"] = $($Credential.GetNetworkCredential().Password) 145 | 146 | #deal with newPassword SecureString 147 | if($PSBoundParameters.ContainsKey("newPassword")) { 148 | 149 | #Create New Credential object 150 | $PwdUpdate = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $( 151 | 152 | #Assign Credential USerName and newPassword 153 | $Credential.UserName), $newPassword 154 | 155 | #Include decoded password in request 156 | $boundParameters["newPassword"] = $($PwdUpdate.GetNetworkCredential().Password) 157 | 158 | } 159 | 160 | #Construct Request Body 161 | $body = $boundParameters | ConvertTo-Json 162 | 163 | #Send Logon Request 164 | $PASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -SessionVariable $SessionVariable 165 | 166 | #Return Object 167 | [pscustomobject]@{ 168 | 169 | #Authentication Token 170 | "sessionToken" = @{"Authorization" = $PASSession | 171 | 172 | #Required for all subsequent Web Service Calls 173 | Select-Object -ExpandProperty CyberArkLogonResult 174 | } 175 | 176 | #WebSession Object 177 | "WebSession" = $PASSession | 178 | 179 | Select-Object -ExpandProperty WebSession 180 | 181 | #The Web Service URL the request was sent to 182 | "BaseURI" = $BaseURI 183 | 184 | #PVWA Application Name/Virtual Directory 185 | "PVWAAppName" = $PVWAAppName 186 | 187 | #The Connection Number 188 | "ConnectionNumber" = $connectionNumber 189 | 190 | #Set default properties to display in output 191 | } | Add-ObjectDetail -DefaultProperties sessionToken, BaseURI 192 | 193 | }#process 194 | 195 | END {}#end 196 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/New-PASSharedSession.ps1: -------------------------------------------------------------------------------- 1 | function New-PASSharedSession { 2 | <# 3 | .SYNOPSIS 4 | Authenticates a user to CyberArk Vault. 5 | 6 | .DESCRIPTION 7 | Authenticates a user to a CyberArk Vault using shared authentication. 8 | 9 | .PARAMETER SessionVariable 10 | After successfully execution of this function, and authentication to the Vault, a WebSession 11 | object, that contains information about the connection and the request, including cookies, 12 | will be created and passed back in the return object. 13 | This can be passed to subsequent requests to ensure websessions are persistant when the 14 | PAS Web Service exists accross PVWA servers behind a load balancer. 15 | 16 | .PARAMETER BaseURI 17 | A string containing the base web address to send te request to. 18 | Pass the portion the PVWA HTTP address. 19 | Do not include "/PasswordVault/" 20 | 21 | .PARAMETER PVWAAppName 22 | The name of the CyberArk PVWA Virtual Directory. 23 | Defaults to PasswordVault 24 | 25 | .EXAMPLE 26 | $token = New-PASSharedSession -BaseURI https://PVWA.domain.com 27 | 28 | Gets authorisation token by authenticating to a CyberArk Vault using shared authentication. 29 | 30 | .INPUTS 31 | A PSCredential Object can be piped to this function. 32 | 33 | .OUTPUTS 34 | CyberArk Session token; This token identifies the session with the vault, and 35 | is supplied to every other web service request in the same session. 36 | A WebSession object; This contains information about the connection and the request, 37 | including cookies. Can be supplied to other web service requests. 38 | baseURI; this is the URL provided as an input to this function, it can be piped to 39 | other functions from this return object. 40 | ConnectionNumber; the connectionNumber provided to this function. 41 | 42 | .NOTES 43 | 44 | .LINK 45 | #> 46 | [CmdletBinding()] 47 | param( 48 | [parameter( 49 | Mandatory = $false 50 | )] 51 | [string]$SessionVariable = "PASSession", 52 | 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipeline = $false 56 | )] 57 | [string]$BaseURI, 58 | 59 | [parameter( 60 | Mandatory = $false, 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [string]$PVWAAppName = "PasswordVault" 64 | ) 65 | 66 | BEGIN { 67 | 68 | #Construct URL for request 69 | $URI = "$baseURI/$PVWAAppName/WebServices/auth/Shared/RestfulAuthenticationService.svc/Logon" 70 | 71 | }#begin 72 | 73 | PROCESS { 74 | 75 | $Body = @{} | ConvertTo-Json 76 | 77 | #Send Logon Request 78 | $PASSession = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -SessionVariable $SessionVariable 79 | 80 | #Return Object 81 | [pscustomobject]@{ 82 | 83 | #Authentication Token 84 | "sessionToken" = @{"Authorization" = $PASSession | 85 | 86 | #Required for all subsequent Web Service Calls 87 | Select-Object -ExpandProperty LogonResult 88 | } 89 | 90 | #WebSession Object 91 | "WebSession" = $PASSession | 92 | 93 | Select-Object -ExpandProperty WebSession 94 | 95 | #The Web Service URL the request was sent to 96 | "BaseURI" = $BaseURI 97 | 98 | #PVWA App Name/Virtual Directory 99 | "PVWAAppName" = $PVWAAppName 100 | 101 | #Set default properties to display in output 102 | } | Add-ObjectDetail -DefaultProperties sessionToken, BaseURI 103 | 104 | }#process 105 | 106 | END {}#end 107 | } -------------------------------------------------------------------------------- /psPAS/Functions/Authentication/Remove-PASPublicSSHKey.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASPublicSSHKey { 2 | <# 3 | .SYNOPSIS 4 | Deletes a specific Public SSH Key from a specific vault user. 5 | 6 | .DESCRIPTION 7 | Deletes an authorized public SSH key for a specific user in the 8 | Vault, preventing them from authenticating to the Vault through PSMP 9 | using a corresponding private SSH key. 10 | "Reset Users Passwords" Vault permission is required. 11 | The authenticated user who runs this function must be in the same Vault 12 | Location or higher as the user whose public SSH keys are deleted. 13 | A user cannot manage their own public SSH keys. 14 | 15 | .PARAMETER UserName 16 | The username of the Vault user whose public SSH keys will be added 17 | A username cannot contain te follwing characters: "%", "&", "+" or ".". 18 | 19 | .PARAMETER KeyID 20 | The ID of the public SSH key to delete. 21 | 22 | .PARAMETER sessionToken 23 | Hashtable containing the session token returned from New-PASSession 24 | 25 | .PARAMETER WebSession 26 | WebRequestSession object returned from New-PASSession 27 | 28 | .PARAMETER BaseURI 29 | PVWA Web Address 30 | Do not include "/PasswordVault/" 31 | 32 | .PARAMETER PVWAAppName 33 | The name of the CyberArk PVWA Virtual Directory. 34 | Defaults to PasswordVault 35 | 36 | .EXAMPLE 37 | $token | Remove-PASPublicSSHKey -UserName Splitter -KeyID 415161FE8F2B408BB76BC244258C3697 38 | 39 | Deletes specified ssh key from vault user "Splitter" 40 | 41 | .INPUTS 42 | All parameter values can be passed via the pipeline by property name. 43 | 44 | .OUTPUTS 45 | TODO 46 | 47 | .NOTES 48 | 49 | .LINK 50 | #> 51 | [CmdletBinding()] 52 | param( 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [ValidateScript( {$_ -notmatch ".*(%|\&|\+|\.).*"})] 58 | [string]$UserName, 59 | 60 | [parameter( 61 | Mandatory = $true, 62 | ValueFromPipelinebyPropertyName = $true 63 | )] 64 | [string]$KeyID, 65 | 66 | [parameter( 67 | Mandatory = $true, 68 | ValueFromPipelinebyPropertyName = $true 69 | )] 70 | [ValidateNotNullOrEmpty()] 71 | [hashtable]$SessionToken, 72 | 73 | [parameter(ValueFromPipelinebyPropertyName = $true)] 74 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 75 | 76 | [parameter( 77 | Mandatory = $true, 78 | ValueFromPipelinebyPropertyName = $true 79 | )] 80 | [string]$BaseURI, 81 | 82 | [parameter( 83 | Mandatory = $false, 84 | ValueFromPipelinebyPropertyName = $true 85 | )] 86 | [string]$PVWAAppName = "PasswordVault" 87 | ) 88 | 89 | BEGIN {}#begin 90 | 91 | PROCESS { 92 | 93 | #Create URL string for request 94 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users/$($UserName | 95 | 96 | Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/$KeyID" 97 | 98 | #Send Request to web service 99 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $SessionToken -WebSession $WebSession 100 | 101 | }#process 102 | 103 | END {}#end 104 | } -------------------------------------------------------------------------------- /psPAS/Functions/OnboardingRules/Get-PASOnboardingRule.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASOnboardingRule { 2 | <# 3 | .SYNOPSIS 4 | Gets all automatic onboarding rules 5 | 6 | .DESCRIPTION 7 | Returns information on all defined on-boarding rules. 8 | Vault Admin membership required. 9 | 10 | .PARAMETER sessionToken 11 | Hashtable containing the session token returned from New-PASSession 12 | 13 | .PARAMETER WebSession 14 | WebRequestSession object returned from New-PASSession 15 | 16 | .PARAMETER BaseURI 17 | PVWA Web Address 18 | Do not include "/PasswordVault/" 19 | 20 | .PARAMETER PVWAAppName 21 | The name of the CyberArk PVWA Virtual Directory. 22 | Defaults to PasswordVault 23 | 24 | .EXAMPLE 25 | $token | Get-PASOnboardingRule 26 | 27 | List information on all On-boarding rules 28 | 29 | .INPUTS 30 | All parameters can be piped by property name 31 | 32 | .OUTPUTS 33 | Outputs Object of Custom Type psPAS.CyberArk.Vault.OnboardingRule 34 | SessionToken, WebSession, BaseURI are passed through and 35 | contained in output object for inclusion in subsequent 36 | pipeline operations. 37 | 38 | Output format is defined via psPAS.Format.ps1xml. 39 | To force all output to be shown, pipe to Select-Object * 40 | 41 | .NOTES 42 | Not Tested 43 | 44 | .LINK 45 | 46 | #> 47 | [CmdletBinding()] 48 | param( 49 | [parameter( 50 | Mandatory = $true, 51 | ValueFromPipelinebyPropertyName = $true 52 | )] 53 | [ValidateNotNullOrEmpty()] 54 | [hashtable]$sessionToken, 55 | 56 | [parameter( 57 | ValueFromPipelinebyPropertyName = $true 58 | )] 59 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 60 | 61 | [parameter( 62 | Mandatory = $true, 63 | ValueFromPipelinebyPropertyName = $true 64 | )] 65 | [string]$BaseURI<#, 66 | 67 | [parameter( 68 | Mandatory = $false, 69 | ValueFromPipelinebyPropertyName = $true 70 | )] 71 | [string]$PVWAAppName = "PasswordVault"#> 72 | ) 73 | 74 | BEGIN {}#begin 75 | 76 | PROCESS { 77 | 78 | #Create URL for request 79 | $URI = "$baseURI/$PVWAAppName/api/AutomaticOnboardingRules/" 80 | 81 | #send request to web service 82 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 83 | 84 | Write-Debug "Rules Found: $($result.Total)" 85 | 86 | }#process 87 | 88 | END { 89 | 90 | $result.AutomaticOnboardingRules | 91 | 92 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.OnboardingRule -PropertyToAdd @{ 93 | 94 | "sessionToken" = $sessionToken 95 | "WebSession" = $WebSession 96 | "BaseURI" = $BaseURI 97 | #"PVWAAppName" = $PVWAAppName 98 | 99 | } 100 | 101 | }#end 102 | 103 | } -------------------------------------------------------------------------------- /psPAS/Functions/OnboardingRules/New-PASOnboardingRule.ps1: -------------------------------------------------------------------------------- 1 | function New-PASOnboardingRule { 2 | <# 3 | .SYNOPSIS 4 | Adds a new on-boarding rule to the Vault 5 | 6 | .DESCRIPTION 7 | Adds a new on-boarding rule to the Vault, that filters discovered local privileged pending accounts. 8 | When a discovered pending account matches a rule, it will be automatically on-boarded to the safe that 9 | is defined in the rule and the password will be reconciled. 10 | 11 | This function must be run with a Vault Admin account. 12 | 13 | .PARAMETER DecisionPlatformId 14 | The ID of the platform that will be associated to the on-boarded account. 15 | 16 | .PARAMETER DecisionSafeName 17 | The name of the Safe where the on-boarded account will be stored. 18 | 19 | .PARAMETER IsAdminUIDFilter 20 | Whether or not only pending accounts whose UID is set to will be on-boarded 21 | automatically according to this rule. 22 | 23 | .PARAMETER MachineTypeFilter 24 | The Machine Type by which to filter. 25 | 26 | .PARAMETER SystemTypeFilter 27 | The System Type by which to filter. 28 | 29 | .PARAMETER UserNameFilter 30 | The name of the user by which to filter. 31 | 32 | .PARAMETER sessionToken 33 | Hashtable containing the session token returned from New-PASSession 34 | 35 | .PARAMETER WebSession 36 | WebRequestSession object returned from New-PASSession 37 | 38 | .PARAMETER BaseURI 39 | PVWA Web Address 40 | Do not include "/PasswordVault/" 41 | 42 | .PARAMETER PVWAAppName 43 | The name of the CyberArk PVWA Virtual Directory. 44 | Defaults to PasswordVault 45 | 46 | .EXAMPLE 47 | $token | New-PASOnboardingRule -DecisionPlatformId DecisionPlatform -DecisionSafeName DecisionSafe -SystemTypeFilter Windows 48 | 49 | Adds Onboarding Rule for Windows Accounts 50 | 51 | .INPUTS 52 | All parameters can be piped by property name 53 | 54 | .OUTPUTS 55 | Outputs Object of Custom Type psPAS.CyberArk.Vault.OnboardingRule 56 | SessionToken, WebSession, BaseURI are passed through and 57 | contained in output object for inclusion in subsequent 58 | pipeline operations. 59 | 60 | Output format is defined via psPAS.Format.ps1xml. 61 | To force all output to be shown, pipe to Select-Object * 62 | 63 | .NOTES 64 | Not Tested 65 | 66 | .LINK 67 | 68 | #> 69 | [CmdletBinding()] 70 | param( 71 | [parameter( 72 | Mandatory = $true, 73 | ValueFromPipelinebyPropertyName = $true 74 | )] 75 | [ValidateLength(1, 99)] 76 | [string]$DecisionPlatformId, 77 | 78 | [parameter( 79 | Mandatory = $true, 80 | ValueFromPipelinebyPropertyName = $true 81 | )] 82 | [ValidateLength(1, 28)] 83 | [string]$DecisionSafeName, 84 | 85 | [parameter( 86 | Mandatory = $false, 87 | ValueFromPipelinebyPropertyName = $true 88 | )] 89 | [ValidateSet("Yes", "No")] 90 | [String]$IsAdminUIDFilter, 91 | 92 | [parameter( 93 | Mandatory = $false, 94 | ValueFromPipelinebyPropertyName = $true 95 | )] 96 | [ValidateSet("Workstation", "Server")] 97 | [string]$MachineTypeFilter, 98 | 99 | [parameter( 100 | Mandatory = $true, 101 | ValueFromPipelinebyPropertyName = $true 102 | )] 103 | [ValidateSet("Windows", "Unix")] 104 | [string]$SystemTypeFilter, 105 | 106 | [parameter( 107 | Mandatory = $false, 108 | ValueFromPipelinebyPropertyName = $true 109 | )] 110 | [ValidateLength(0, 512)] 111 | [string]$UserNameFilter, 112 | 113 | [parameter( 114 | Mandatory = $true, 115 | ValueFromPipelinebyPropertyName = $true 116 | )] 117 | [ValidateNotNullOrEmpty()] 118 | [hashtable]$sessionToken, 119 | 120 | [parameter( 121 | ValueFromPipelinebyPropertyName = $true 122 | )] 123 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 124 | 125 | [parameter( 126 | Mandatory = $true, 127 | ValueFromPipelinebyPropertyName = $true 128 | )] 129 | [string]$BaseURI<#, 130 | 131 | [parameter( 132 | Mandatory = $false, 133 | ValueFromPipelinebyPropertyName = $true 134 | )] 135 | [string]$PVWAAppName = "PasswordVault"#> 136 | ) 137 | 138 | BEGIN {}#begin 139 | 140 | PROCESS { 141 | 142 | #Create URL for request 143 | $URI = "$baseURI/$PVWAAppName/api/AutomaticOnboardingRules" 144 | 145 | #create request body 146 | $body = $PSBoundParameters | Get-PASParameters | ConvertTo-Json 147 | 148 | #send request to web service 149 | $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 150 | 151 | }#process 152 | 153 | END { 154 | 155 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.OnboardingRule -PropertyToAdd @{ 156 | 157 | "sessionToken" = $sessionToken 158 | "WebSession" = $WebSession 159 | "BaseURI" = $BaseURI 160 | #"PVWAAppName" = $PVWAAppName 161 | 162 | } 163 | 164 | }#end 165 | 166 | } -------------------------------------------------------------------------------- /psPAS/Functions/OnboardingRules/Remove-PASOnboardingRule.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASOnboardingRule { 2 | <# 3 | .SYNOPSIS 4 | Deletes an automatic on-boarding rule 5 | 6 | 7 | .DESCRIPTION 8 | Deletes an automatic on-boarding rulefrom the Vault. 9 | Vault Admin membership required. 10 | 11 | .PARAMETER RuleID 12 | The unique ID of the rule to delete. 13 | 14 | .PARAMETER sessionToken 15 | Hashtable containing the session token returned from New-PASSession 16 | 17 | .PARAMETER WebSession 18 | WebRequestSession object returned from New-PASSession 19 | 20 | .PARAMETER BaseURI 21 | PVWA Web Address 22 | Do not include "/PasswordVault/" 23 | 24 | .PARAMETER PVWAAppName 25 | The name of the CyberArk PVWA Virtual Directory. 26 | Defaults to PasswordVault 27 | 28 | .EXAMPLE 29 | $token | Remove-PASOnboardingRule -RuleID 5 30 | 31 | Removes specified on-boarding rule. 32 | 33 | .INPUTS 34 | All parameters can be piped by property name 35 | 36 | .OUTPUTS 37 | None 38 | 39 | .NOTES 40 | 41 | .LINK 42 | 43 | #> 44 | [CmdletBinding()] 45 | param( 46 | [parameter( 47 | Mandatory = $true, 48 | ValueFromPipelinebyPropertyName = $true 49 | )] 50 | [string]$RuleID, 51 | 52 | [parameter( 53 | Mandatory = $true, 54 | ValueFromPipelinebyPropertyName = $true 55 | )] 56 | [ValidateNotNullOrEmpty()] 57 | [hashtable]$sessionToken, 58 | 59 | [parameter( 60 | ValueFromPipelinebyPropertyName = $true 61 | )] 62 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 63 | 64 | [parameter( 65 | Mandatory = $true, 66 | ValueFromPipelinebyPropertyName = $true 67 | )] 68 | [string]$BaseURI<#, 69 | 70 | [parameter( 71 | Mandatory = $false, 72 | ValueFromPipelinebyPropertyName = $true 73 | )] 74 | [string]$PVWAAppName = "PasswordVault"#> 75 | ) 76 | 77 | BEGIN {}#begin 78 | 79 | PROCESS { 80 | 81 | #Create URL for request 82 | $URI = "$baseURI/$PVWAAppName/api/AutomaticOnboardingRules/$($RuleID | 83 | 84 | Get-EscapedString)" 85 | 86 | #Send request to web service 87 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 88 | 89 | }#process 90 | 91 | END {}#end 92 | } -------------------------------------------------------------------------------- /psPAS/Functions/PolicyACL/Add-PASPolicyACL.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASPolicyACL { 2 | <# 3 | .SYNOPSIS 4 | Adds a new privileged command rule 5 | 6 | .DESCRIPTION 7 | Adds a new privileged command rule to a policy. 8 | 9 | .PARAMETER Command 10 | The Command to Add 11 | 12 | .PARAMETER CommandGroup 13 | Boolean to define if commandgroup 14 | 15 | .PARAMETER PermissionType 16 | Allow or Deny Permission 17 | 18 | .PARAMETER PolicyId 19 | String value of Policy ID 20 | 21 | .PARAMETER Restrictions 22 | A restrictions string 23 | 24 | .PARAMETER UserName 25 | The user this rule applies to. 26 | Specify "*" for all users 27 | 28 | .PARAMETER sessionToken 29 | Hashtable containing the session token returned from New-PASSession 30 | 31 | .PARAMETER WebSession 32 | WebRequestSession object returned from New-PASSession 33 | 34 | .PARAMETER BaseURI 35 | PVWA Web Address 36 | Do not include "/PasswordVault/" 37 | 38 | .PARAMETER PVWAAppName 39 | The name of the CyberArk PVWA Virtual Directory. 40 | Defaults to PasswordVault 41 | 42 | .EXAMPLE 43 | $token | Add-PASPolicyACL -Command "chmod" -CommandGroup $false -PermissionType Allow -PolicyId UNIXSSH -UserName user1 44 | 45 | Adds Rule to UNIXSSH platform 46 | 47 | .INPUTS 48 | All parameters can be piped by property name 49 | 50 | .OUTPUTS 51 | Outputs Object of Custom Type psPAS.CyberArk.Vault.ACL 52 | SessionToken, WebSession, BaseURI are passed through and 53 | contained in output object for inclusion in subsequent 54 | pipeline operations. 55 | 56 | Output format is defined via psPAS.Format.ps1xml. 57 | To force all output to be shown, pipe to Select-Object * 58 | 59 | .NOTES 60 | 61 | .LINK 62 | 63 | #> 64 | [CmdletBinding()] 65 | param( 66 | [parameter( 67 | Mandatory = $true, 68 | ValueFromPipelinebyPropertyName = $true 69 | )] 70 | [ValidateNotNullOrEmpty()] 71 | [string]$Command, 72 | 73 | [parameter( 74 | Mandatory = $true, 75 | ValueFromPipelinebyPropertyName = $true 76 | )] 77 | [boolean]$CommandGroup, 78 | 79 | [parameter( 80 | Mandatory = $true, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [ValidateSet("Allow", "Deny")] 84 | [string]$PermissionType, 85 | 86 | [parameter( 87 | Mandatory = $true, 88 | ValueFromPipelinebyPropertyName = $true 89 | )] 90 | [ValidateNotNullOrEmpty()] 91 | [string]$PolicyId, 92 | 93 | [parameter( 94 | Mandatory = $false, 95 | ValueFromPipelinebyPropertyName = $true 96 | )] 97 | [ValidateNotNullOrEmpty()] 98 | [string]$Restrictions, 99 | 100 | [parameter( 101 | Mandatory = $true, 102 | ValueFromPipelinebyPropertyName = $true 103 | )] 104 | [ValidateNotNullOrEmpty()] 105 | [string]$UserName, 106 | 107 | [parameter( 108 | Mandatory = $true, 109 | ValueFromPipelinebyPropertyName = $true 110 | )] 111 | [ValidateNotNullOrEmpty()] 112 | [hashtable]$sessionToken, 113 | 114 | [parameter( 115 | ValueFromPipelinebyPropertyName = $true 116 | )] 117 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 118 | 119 | [parameter( 120 | Mandatory = $true, 121 | ValueFromPipelinebyPropertyName = $true 122 | )] 123 | [string]$BaseURI, 124 | 125 | [parameter( 126 | Mandatory = $false, 127 | ValueFromPipelinebyPropertyName = $true 128 | )] 129 | [string]$PVWAAppName = "PasswordVault" 130 | ) 131 | 132 | BEGIN {}#begin 133 | 134 | PROCESS { 135 | 136 | #Create URL for request 137 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Policy/$($PolicyID | 138 | 139 | Get-EscapedString)/PrivilegedCommands" 140 | 141 | #Create request body 142 | $body = $PSBoundParameters | 143 | 144 | Get-PASParameters -ParametersToRemove PolicyId | 145 | 146 | ConvertTo-Json 147 | 148 | #Send request to web service 149 | $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body -Headers $sessionToken -WebSession $WebSession 150 | 151 | }#process 152 | 153 | END { 154 | 155 | if($result) { 156 | 157 | $result.AddPolicyPrivilegedCommandResult | 158 | 159 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.ACL -PropertyToAdd @{ 160 | 161 | "sessionToken" = $sessionToken 162 | "WebSession" = $WebSession 163 | "BaseURI" = $BaseURI 164 | "PVWAAppName" = $PVWAAppName 165 | 166 | } 167 | 168 | } 169 | 170 | }#end 171 | 172 | } -------------------------------------------------------------------------------- /psPAS/Functions/PolicyACL/Get-PASPolicyACL.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASPolicyACL { 2 | <# 3 | .SYNOPSIS 4 | Lists OPM Rules for a policy 5 | 6 | .DESCRIPTION 7 | Gets a list of the privileged commands (OPM Rules) 8 | associated with this policy 9 | 10 | .PARAMETER PolicyID 11 | The ID of the Policy for which the privileged commands will be listed. 12 | 13 | .PARAMETER sessionToken 14 | Hashtable containing the session token returned from New-PASSession 15 | 16 | .PARAMETER WebSession 17 | WebRequestSession object returned from New-PASSession 18 | 19 | .PARAMETER BaseURI 20 | PVWA Web Address 21 | Do not include "/PasswordVault/" 22 | 23 | .PARAMETER PVWAAppName 24 | The name of the CyberArk PVWA Virtual Directory. 25 | Defaults to PasswordVault 26 | 27 | .EXAMPLE 28 | $token | Get-PASPolicyACL -PolicyID unixssh 29 | 30 | Lists rules for UNIXSSH platform. 31 | 32 | .INPUTS 33 | All parameters can be piped by property name 34 | 35 | .OUTPUTS 36 | Outputs Object of Custom Type psPAS.CyberArk.Vault.ACL 37 | SessionToken, WebSession, BaseURI are passed through and 38 | contained in output object for inclusion in subsequent 39 | pipeline operations. 40 | 41 | Output format is defined via psPAS.Format.ps1xml. 42 | To force all output to be shown, pipe to Select-Object * 43 | 44 | .NOTES 45 | 46 | .LINK 47 | #> 48 | [CmdletBinding()] 49 | param( 50 | [parameter( 51 | Mandatory = $true, 52 | ValueFromPipelinebyPropertyName = $true 53 | )] 54 | [ValidateNotNullOrEmpty()] 55 | [string]$PolicyID, 56 | 57 | [parameter( 58 | Mandatory = $true, 59 | ValueFromPipelinebyPropertyName = $true 60 | )] 61 | [ValidateNotNullOrEmpty()] 62 | [hashtable]$sessionToken, 63 | 64 | [parameter( 65 | ValueFromPipelinebyPropertyName = $true 66 | )] 67 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 68 | 69 | [parameter( 70 | Mandatory = $true, 71 | ValueFromPipelinebyPropertyName = $true 72 | )] 73 | [string]$BaseURI, 74 | 75 | [parameter( 76 | Mandatory = $false, 77 | ValueFromPipelinebyPropertyName = $true 78 | )] 79 | [string]$PVWAAppName = "PasswordVault" 80 | 81 | ) 82 | 83 | BEGIN {}#begin 84 | 85 | PROCESS { 86 | 87 | #Create URL for request 88 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Policy/$($PolicyID | 89 | 90 | Get-EscapedString)/PrivilegedCommands" 91 | 92 | #Send Request to web service 93 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 94 | 95 | }#process 96 | 97 | END { 98 | 99 | if($result) { 100 | 101 | $result.ListPolicyPrivilegedCommandsResult | 102 | 103 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.ACL -PropertyToAdd @{ 104 | 105 | "sessionToken" = $sessionToken 106 | "WebSession" = $WebSession 107 | "BaseURI" = $BaseURI 108 | "PVWAAppName" = $PVWAAppName 109 | 110 | } 111 | 112 | } 113 | 114 | }#end 115 | 116 | } -------------------------------------------------------------------------------- /psPAS/Functions/PolicyACL/Remove-PASPolicyACL.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASPolicyACL { 2 | <# 3 | .SYNOPSIS 4 | Delete all privileged commands on policy 5 | 6 | .DESCRIPTION 7 | Deletes all privileged command rules associated with the policy 8 | 9 | .PARAMETER PolicyID 10 | String value of Policy ID 11 | 12 | .PARAMETER Id 13 | The Rule Id that will be deleted 14 | 15 | .PARAMETER sessionToken 16 | Hashtable containing the session token returned from New-PASSession 17 | 18 | .PARAMETER WebSession 19 | WebRequestSession object returned from New-PASSession 20 | 21 | .PARAMETER BaseURI 22 | PVWA Web Address 23 | Do not include "/PasswordVault/" 24 | 25 | .PARAMETER PVWAAppName 26 | The name of the CyberArk PVWA Virtual Directory. 27 | Defaults to PasswordVault 28 | 29 | .EXAMPLE 30 | $token | Remove-PASPolicyACL -PolicyID UNIXSSH -Id 13 31 | 32 | Deletes Rule with ID of 13 from UNIXSSH platform. 33 | 34 | .INPUTS 35 | All parameters can be piped by property name 36 | 37 | .OUTPUTS 38 | None 39 | 40 | .NOTES 41 | 42 | .LINK 43 | 44 | #> 45 | [CmdletBinding()] 46 | param( 47 | [parameter( 48 | Mandatory = $true, 49 | ValueFromPipelinebyPropertyName = $true 50 | )] 51 | [ValidateNotNullOrEmpty()] 52 | [string]$PolicyID, 53 | 54 | [parameter( 55 | Mandatory = $true, 56 | ValueFromPipelinebyPropertyName = $true 57 | )] 58 | [string]$Id, 59 | 60 | [parameter( 61 | Mandatory = $true, 62 | ValueFromPipelinebyPropertyName = $true 63 | )] 64 | [ValidateNotNullOrEmpty()] 65 | [hashtable]$sessionToken, 66 | 67 | [parameter( 68 | ValueFromPipelinebyPropertyName = $true 69 | )] 70 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 71 | 72 | [parameter( 73 | Mandatory = $true, 74 | ValueFromPipelinebyPropertyName = $true 75 | )] 76 | [string]$BaseURI, 77 | 78 | [parameter( 79 | Mandatory = $false, 80 | ValueFromPipelinebyPropertyName = $true 81 | )] 82 | [string]$PVWAAppName = "PasswordVault" 83 | 84 | ) 85 | 86 | BEGIN {}#begin 87 | 88 | PROCESS { 89 | 90 | #Create base URL for request 91 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Policy/$($PolicyID | 92 | 93 | Get-EscapedString)/PrivilegedCommands/$($Id | 94 | 95 | Get-EscapedString)" 96 | 97 | #send request to web service 98 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 99 | 100 | }#process 101 | 102 | END {}#end 103 | 104 | } -------------------------------------------------------------------------------- /psPAS/Functions/SafeMembers/Get-PASSafeMembers.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASSafeMembers { 2 | <# 3 | .SYNOPSIS 4 | Lists the members of a Safe 5 | 6 | .DESCRIPTION 7 | Lists the members of a Safe. 8 | View Safe Members permission is required. 9 | 10 | .PARAMETER SafeName 11 | The name of the safe to get the members of 12 | 13 | .PARAMETER sessionToken 14 | Hashtable containing the session token returned from New-PASSession 15 | 16 | .PARAMETER WebSession 17 | WebRequestSession object returned from New-PASSession 18 | 19 | .PARAMETER BaseURI 20 | PVWA Web Address 21 | Do not include "/PasswordVault/" 22 | 23 | .PARAMETER PVWAAppName 24 | The name of the CyberArk PVWA Virtual Directory. 25 | Defaults to PasswordVault 26 | 27 | .EXAMPLE 28 | $token | Get-PASSafeMembers -SafeName Target_Safe 29 | 30 | Lists all members with permissions on Target_Safe 31 | 32 | .INPUTS 33 | All parameters can be piped by property name 34 | Accepts pipeline input from *-PASSafe, or any function which 35 | contains SafeName in the output 36 | 37 | .OUTPUTS 38 | Outputs Object of Custom Type psPAS.CyberArk.Vault.SafeMember 39 | SessionToken, WebSession, BaseURI are passed through and 40 | contained in output object for inclusion in subsequent 41 | pipeline operations. 42 | 43 | Output format is defined via psPAS.Format.ps1xml. 44 | To force all output to be shown, pipe to Select-Object * 45 | 46 | .NOTES 47 | 48 | .LINK 49 | #> 50 | [CmdletBinding()] 51 | param( 52 | [parameter( 53 | Mandatory = $true, 54 | ValueFromPipelinebyPropertyName = $true 55 | )] 56 | [ValidateNotNullOrEmpty()] 57 | [string]$SafeName, 58 | 59 | [parameter( 60 | Mandatory = $true, 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [ValidateNotNullOrEmpty()] 64 | [hashtable]$sessionToken, 65 | 66 | [parameter( 67 | ValueFromPipelinebyPropertyName = $true 68 | )] 69 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 70 | 71 | [parameter( 72 | Mandatory = $true, 73 | ValueFromPipelinebyPropertyName = $true 74 | )] 75 | [string]$BaseURI, 76 | 77 | [parameter( 78 | Mandatory = $false, 79 | ValueFromPipelinebyPropertyName = $true 80 | )] 81 | [string]$PVWAAppName = "PasswordVault" 82 | ) 83 | 84 | BEGIN {}#begin 85 | 86 | PROCESS { 87 | 88 | #Create URL for request 89 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Safes/$($SafeName | 90 | 91 | Get-EscapedString)/Members" 92 | 93 | #Send request to webservice 94 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 95 | 96 | }#process 97 | 98 | END { 99 | 100 | #output 101 | $result.members | Select-Object UserName, @{Name = "Permissions"; "Expression" = { 102 | 103 | ($_.Permissions).psobject.properties |Where-Object {$_.Value -eq $true} | 104 | 105 | Select-Object -ExpandProperty Name } 106 | 107 | } | 108 | 109 | Add-ObjectDetail -typename psPAS.CyberArk.Vault.SafeMember -PropertyToAdd @{ 110 | 111 | "SafeName" = $SafeName 112 | "sessionToken" = $sessionToken 113 | "WebSession" = $WebSession 114 | "BaseURI" = $BaseURI 115 | "PVWAAppName" = $PVWAAppName 116 | 117 | } 118 | 119 | }#end 120 | 121 | } -------------------------------------------------------------------------------- /psPAS/Functions/SafeMembers/Remove-PASSafeMember.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASSafeMember { 2 | <# 3 | .SYNOPSIS 4 | Removes a member from a safe 5 | 6 | .DESCRIPTION 7 | Removes a specific member from a Safe. 8 | The user who runs this function requires the ManageSafeMembers 9 | permission. 10 | 11 | .PARAMETER SafeName 12 | The name of the safe from which to remove the member. 13 | 14 | .PARAMETER MemberName 15 | The name of the safe member to remove from the safes list of members. 16 | 17 | .PARAMETER sessionToken 18 | Hashtable containing the session token returned from New-PASSession 19 | 20 | .PARAMETER WebSession 21 | WebRequestSession object returned from New-PASSession 22 | 23 | .PARAMETER BaseURI 24 | PVWA Web Address 25 | Do not include "/PasswordVault/" 26 | 27 | .PARAMETER PVWAAppName 28 | The name of the CyberArk PVWA Virtual Directory. 29 | Defaults to PasswordVault 30 | 31 | .EXAMPLE 32 | $token | Remove-PASSafeMember -SafeName TargetSafe -MemberName TargetUser 33 | 34 | Removes TargetUser as safe member from TargetSafe 35 | 36 | .INPUTS 37 | All parameters can be piped by property name 38 | 39 | .OUTPUTS 40 | None 41 | 42 | .NOTES 43 | 44 | .LINK 45 | 46 | #> 47 | [CmdletBinding()] 48 | param( 49 | [parameter( 50 | Mandatory = $true, 51 | ValueFromPipelinebyPropertyName = $true 52 | )] 53 | [ValidateNotNullOrEmpty()] 54 | [string]$SafeName, 55 | 56 | [Alias("UserName")] 57 | [parameter( 58 | Mandatory = $true, 59 | ValueFromPipelinebyPropertyName = $true 60 | )] 61 | [ValidateNotNullOrEmpty()] 62 | [string]$MemberName, 63 | 64 | [parameter( 65 | Mandatory = $true, 66 | ValueFromPipelinebyPropertyName = $true 67 | )] 68 | [ValidateNotNullOrEmpty()] 69 | [hashtable]$SessionToken, 70 | 71 | [parameter( 72 | ValueFromPipelinebyPropertyName = $true 73 | )] 74 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 75 | 76 | [parameter( 77 | Mandatory = $true, 78 | ValueFromPipelinebyPropertyName = $true 79 | )] 80 | [string]$BaseURI, 81 | 82 | [parameter( 83 | Mandatory = $false, 84 | ValueFromPipelinebyPropertyName = $true 85 | )] 86 | [string]$PVWAAppName = "PasswordVault" 87 | ) 88 | 89 | BEGIN {}#begin 90 | 91 | PROCESS { 92 | 93 | #Create URL for request 94 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Safes/$($SafeName | 95 | 96 | Get-EscapedString)/Members/$($MemberName | 97 | 98 | Get-EscapedString)" 99 | 100 | #Send Delete request to web service 101 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 102 | 103 | }#process 104 | 105 | END {}#end 106 | 107 | } -------------------------------------------------------------------------------- /psPAS/Functions/Safes/Add-PASSafe.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASSafe { 2 | <# 3 | .SYNOPSIS 4 | Adds a new safe to the Vault 5 | 6 | .DESCRIPTION 7 | Adds a new safe to the Vault. 8 | The "Add Safes" permission is required in the vault. 9 | 10 | .PARAMETER SafeName 11 | The name of the safe to create. 12 | Max Length 28 characters. 13 | Cannot start with a space. 14 | Cannot contain: '\','/',':','*','<','>','"','.' or '|' 15 | 16 | .PARAMETER Description 17 | Description of the new safe. 18 | Max 100 characters. 19 | 20 | .PARAMETER OLACEnabled 21 | Boolean value, dictating whether or not to enable Object Level Access Control on the safe. 22 | 23 | .PARAMETER ManagingCPM 24 | The Name of the CPM user to manage the safe. 25 | Specify "" to prevent CPM management. 26 | 27 | .PARAMETER NumberOfVersionsRetention 28 | The number of retained versions of every password that is stored in the Safe. 29 | Max value = 999 30 | Specify either this parameter or NumberOfDaysRetention. 31 | 32 | .PARAMETER NumberOfDaysRetention 33 | The number of days for which password versions are saved in the Safe. 34 | Minimum Value: 1 35 | Maximum Value 3650 36 | Specify either this parameter or NumberOfVersionsRetention 37 | 38 | .PARAMETER sessionToken 39 | Hashtable containing the session token returned from New-PASSession 40 | 41 | .PARAMETER WebSession 42 | WebRequestSession object returned from New-PASSession 43 | 44 | .PARAMETER BaseURI 45 | PVWA Web Address 46 | Do not include "/PasswordVault/" 47 | 48 | .PARAMETER PVWAAppName 49 | The name of the CyberArk PVWA Virtual Directory. 50 | Defaults to PasswordVault 51 | 52 | .EXAMPLE 53 | $token | Add-PASSafe -SafeName Oracle -Description "Oracle Safe" -ManagingCPM PasswordManager -NumberOfVersionsRetention 7 54 | 55 | Creates a new safe named Oracle with a 7 version retention. 56 | 57 | .EXAMPLE 58 | $token | Add-PASSafe -SafeName Dev_Team -Description "Dev Safe" -ManagingCPM DEV_CPM -NumberOfDaysRetention 7 59 | 60 | Creates a new safe named Dev_Team, assigned to CPM DEV_CPM, with a 7 day retention period. 61 | 62 | .INPUTS 63 | All parameters can be piped by property name 64 | 65 | .OUTPUTS 66 | Outputs Object of Custom Type psPAS.CyberArk.Vault.Safe 67 | SessionToken, WebSession, BaseURI are passed through and 68 | contained in output object for inclusion in subsequent 69 | pipeline operations. 70 | 71 | Output format is defined via psPAS.Format.ps1xml. 72 | To force all output to be shown, pipe to Select-Object * 73 | 74 | .NOTES 75 | 76 | .LINK 77 | 78 | #> 79 | [CmdletBinding()] 80 | param( 81 | [parameter( 82 | Mandatory = $true, 83 | ValueFromPipelinebyPropertyName = $true 84 | )] 85 | [ValidateNotNullOrEmpty()] 86 | [ValidateScript( {$_ -notmatch ".*(\\|\/|:|\*|<|>|`"|\.|\||^\s).*"})] 87 | [ValidateLength(0, 28)] 88 | [string]$SafeName, 89 | 90 | [parameter( 91 | Mandatory = $false, 92 | ValueFromPipelinebyPropertyName = $true 93 | )] 94 | [ValidateLength(0, 100)] 95 | [string]$Description, 96 | 97 | [parameter( 98 | Mandatory = $false, 99 | ValueFromPipelinebyPropertyName = $true 100 | )] 101 | [boolean]$OLACEnabled, 102 | 103 | [parameter( 104 | Mandatory = $false, 105 | ValueFromPipelinebyPropertyName = $true 106 | )] 107 | [string]$ManagingCPM, 108 | 109 | [parameter( 110 | Mandatory = $true, 111 | ValueFromPipelinebyPropertyName = $true, 112 | ParameterSetName = "Versions" 113 | )] 114 | [ValidateRange(1, 999)] 115 | [int]$NumberOfVersionsRetention, 116 | 117 | [parameter( 118 | Mandatory = $true, 119 | ValueFromPipelinebyPropertyName = $true, 120 | ParameterSetName = "Days" 121 | )] 122 | [ValidateRange(1, 3650)] 123 | [int]$NumberOfDaysRetention, 124 | 125 | [parameter( 126 | Mandatory = $true, 127 | ValueFromPipelinebyPropertyName = $true 128 | )] 129 | [ValidateNotNullOrEmpty()] 130 | [hashtable]$sessionToken, 131 | 132 | [parameter( 133 | ValueFromPipelinebyPropertyName = $true 134 | )] 135 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 136 | 137 | [parameter( 138 | Mandatory = $true, 139 | ValueFromPipelinebyPropertyName = $true 140 | )] 141 | [string]$BaseURI, 142 | 143 | [parameter( 144 | Mandatory = $false, 145 | ValueFromPipelinebyPropertyName = $true 146 | )] 147 | [string]$PVWAAppName = "PasswordVault" 148 | ) 149 | 150 | BEGIN {}#begin 151 | 152 | PROCESS { 153 | 154 | #Create URL for request 155 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Safes" 156 | 157 | #create request body 158 | $body = @{ 159 | 160 | #add parameters to safe node 161 | "safe" = $PSBoundParameters | Get-PASParameters 162 | 163 | } | ConvertTo-Json 164 | 165 | #send request to web service 166 | $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 167 | 168 | }#process 169 | 170 | END { 171 | 172 | $result.AddSafeResult | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe -PropertyToAdd @{ 173 | 174 | "sessionToken" = $sessionToken 175 | "WebSession" = $WebSession 176 | "BaseURI" = $BaseURI 177 | "PVWAAppName" = $PVWAAppName 178 | 179 | } 180 | 181 | }#end 182 | 183 | } -------------------------------------------------------------------------------- /psPAS/Functions/Safes/Get-PASSafe.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASSafe { 2 | <# 3 | .SYNOPSIS 4 | Returns safe details from the vault. 5 | 6 | .DESCRIPTION 7 | Gets safe by SafeName, by search query string, or, by default will return all safes. 8 | 9 | .PARAMETER SafeName 10 | The name of a specific safe to get details of. 11 | 12 | .PARAMETER query 13 | Query String for safe search in the vault 14 | 15 | .PARAMETER FindAll 16 | Specify to find all safes. 17 | If SafeName or query are not specified, FindAll is the default behaviour. 18 | 19 | .PARAMETER sessionToken 20 | Hashtable containing the session token returned from New-PASSession 21 | 22 | .PARAMETER WebSession 23 | WebRequestSession object returned from New-PASSession 24 | 25 | .PARAMETER BaseURI 26 | PVWA Web Address 27 | Do not include "/PasswordVault/" 28 | 29 | .PARAMETER PVWAAppName 30 | The name of the CyberArk PVWA Virtual Directory. 31 | Defaults to PasswordVault 32 | 33 | .EXAMPLE 34 | $token | Get-PASSafe -SafeName SAFE1 35 | 36 | Returns details of "Safe1" 37 | 38 | .INPUTS 39 | SafeName, SessionToken, WebSession & BaseURI can be piped to the function by propertyname 40 | 41 | .OUTPUTS 42 | Outputs Object of Custom Type psPAS.CyberArk.Vault.Safe 43 | SessionToken, WebSession, BaseURI are passed through and 44 | contained in output object for inclusion in subsequent 45 | pipeline operations. 46 | 47 | Output format is defined via psPAS.Format.ps1xml. 48 | To force all output to be shown, pipe to Select-Object * 49 | 50 | .NOTES 51 | 52 | .LINK 53 | 54 | #> 55 | [CmdletBinding(DefaultParameterSetName = "byAll")] 56 | param( 57 | [parameter( 58 | Mandatory = $false, 59 | ValueFromPipelinebyPropertyName = $true, 60 | ParameterSetName = "byName" 61 | )] 62 | [ValidateNotNullOrEmpty()] 63 | [string]$SafeName, 64 | 65 | [parameter( 66 | Mandatory = $false, 67 | ValueFromPipelinebyPropertyName = $false, 68 | ParameterSetName = "byQuery" 69 | )] 70 | [string]$query, 71 | 72 | [parameter( 73 | Mandatory = $false, 74 | ValueFromPipelinebyPropertyName = $false, 75 | ParameterSetName = "byAll" 76 | )] 77 | [switch]$FindAll, 78 | 79 | [parameter( 80 | Mandatory = $true, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [ValidateNotNullOrEmpty()] 84 | [hashtable]$sessionToken, 85 | 86 | [parameter( 87 | ValueFromPipelinebyPropertyName = $true 88 | )] 89 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 90 | 91 | [parameter( 92 | Mandatory = $true, 93 | ValueFromPipelinebyPropertyName = $true 94 | )] 95 | [string]$BaseURI, 96 | 97 | [parameter( 98 | Mandatory = $false, 99 | ValueFromPipelinebyPropertyName = $true 100 | )] 101 | [string]$PVWAAppName = "PasswordVault" 102 | ) 103 | 104 | BEGIN {}#begin 105 | 106 | PROCESS { 107 | 108 | #Create base URL for request 109 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Safes" 110 | 111 | #If SafeName specified 112 | If($($PSCmdlet.ParameterSetName) -eq "byName") { 113 | 114 | $returnProperty = "GetSafeResult" 115 | 116 | #Build URL from base URL 117 | $URI = "$URI/$($SafeName | Get-EscapedString)" 118 | 119 | } 120 | 121 | #If search query specified 122 | ElseIf($($PSCmdlet.ParameterSetName) -eq "byQuery") { 123 | 124 | $returnProperty = "SearchSafesResult" 125 | 126 | #Get Parameters to include in request 127 | $boundParameters = $PSBoundParameters | Get-PASParameters 128 | 129 | #Create Query String, escaped for inclusion in request URL 130 | $queryString = ($boundParameters.keys | ForEach-Object { 131 | 132 | "$_=$($boundParameters[$_] | Get-EscapedString)" 133 | 134 | }) -join '&' 135 | 136 | #Build URL from base URL 137 | $URI = "$URI`?$queryString" 138 | 139 | } 140 | 141 | ElseIf($($PSCmdlet.ParameterSetName) -eq "byAll") { 142 | 143 | $returnProperty = "GetSafesResult" 144 | 145 | } 146 | 147 | #send request to web service 148 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 149 | 150 | }#process 151 | 152 | END { 153 | 154 | If($result) { 155 | 156 | $result.$returnProperty | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe -PropertyToAdd @{ 157 | 158 | "sessionToken" = $sessionToken 159 | "WebSession" = $WebSession 160 | "BaseURI" = $BaseURI 161 | "PVWAAppName" = $PVWAAppName 162 | 163 | } 164 | 165 | } 166 | 167 | }#end 168 | 169 | } -------------------------------------------------------------------------------- /psPAS/Functions/Safes/Remove-PASSafe.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASSafe { 2 | <# 3 | .SYNOPSIS 4 | Deletes a safe from the Vault 5 | 6 | 7 | .DESCRIPTION 8 | Deletes a safe from the Vault. 9 | The "Manage" Safe vault permission is required. 10 | 11 | .PARAMETER SafeName 12 | The name of the safe to delete. 13 | 14 | .PARAMETER sessionToken 15 | Hashtable containing the session token returned from New-PASSession 16 | 17 | .PARAMETER WebSession 18 | WebRequestSession object returned from New-PASSession 19 | 20 | .PARAMETER BaseURI 21 | PVWA Web Address 22 | Do not include "/PasswordVault/" 23 | 24 | .PARAMETER PVWAAppName 25 | The name of the CyberArk PVWA Virtual Directory. 26 | Defaults to PasswordVault 27 | 28 | .EXAMPLE 29 | $token | Remove-PASSafe -SafeName OLD_Safe 30 | 31 | Deletes "OLD_Safe" 32 | 33 | .INPUTS 34 | All parameters can be piped by property name 35 | 36 | .OUTPUTS 37 | None 38 | 39 | 40 | .NOTES 41 | 42 | .LINK 43 | 44 | #> 45 | [CmdletBinding()] 46 | param( 47 | [parameter( 48 | Mandatory = $true, 49 | ValueFromPipelinebyPropertyName = $true 50 | )] 51 | [ValidateNotNullOrEmpty()] 52 | [string]$SafeName, 53 | 54 | [parameter( 55 | Mandatory = $true, 56 | ValueFromPipelinebyPropertyName = $true 57 | )] 58 | [ValidateNotNullOrEmpty()] 59 | [hashtable]$sessionToken, 60 | 61 | [parameter( 62 | ValueFromPipelinebyPropertyName = $true 63 | )] 64 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 65 | 66 | [parameter( 67 | Mandatory = $true, 68 | ValueFromPipelinebyPropertyName = $true 69 | )] 70 | [string]$BaseURI, 71 | 72 | [parameter( 73 | Mandatory = $false, 74 | ValueFromPipelinebyPropertyName = $true 75 | )] 76 | [string]$PVWAAppName = "PasswordVault" 77 | ) 78 | 79 | BEGIN {}#begin 80 | 81 | PROCESS { 82 | 83 | #Create URL for request 84 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Safes/$($SafeName | 85 | 86 | Get-EscapedString)" 87 | 88 | #Send request to web service 89 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 90 | 91 | }#process 92 | 93 | END {}#end 94 | } -------------------------------------------------------------------------------- /psPAS/Functions/Safes/Set-PASSafe.ps1: -------------------------------------------------------------------------------- 1 | function Set-PASSafe { 2 | <# 3 | .SYNOPSIS 4 | Updates a safe in the Vault 5 | 6 | .DESCRIPTION 7 | Updates a single safe in the Vault. 8 | Manage Safe permission is required. 9 | 10 | .PARAMETER SafeName 11 | The name of the safe to update. 12 | Max Length 28 characters. 13 | Cannot start with a space. 14 | Cannot contain: '\','/',':','*','<','>','"','.' or '|' 15 | 16 | .PARAMETER Description 17 | Updated Description for safe. 18 | Max 100 characters. 19 | 20 | .PARAMETER OLACEnabled 21 | Boolean value, dictating whether or not to enable Object Level Access Control on the safe. 22 | 23 | .PARAMETER ManagingCPM 24 | The Name of the CPM user to manage the safe. 25 | Specify "" to prevent CPM management. 26 | 27 | .PARAMETER NumberOfVersionsRetention 28 | The number of retained versions of every password that is stored in the Safe. 29 | Max value = 999 30 | Specify either this parameter or NumberOfDaysRetention. 31 | 32 | .PARAMETER NumberOfDaysRetention 33 | The number of days for which password versions are saved in the Safe. 34 | Minimum Value: 1 35 | Maximum Value 3650 36 | Specify either this parameter or NumberOfVersionsRetention 37 | 38 | .PARAMETER sessionToken 39 | Hashtable containing the session token returned from New-PASSession 40 | 41 | .PARAMETER WebSession 42 | WebRequestSession object returned from New-PASSession 43 | 44 | .PARAMETER BaseURI 45 | PVWA Web Address 46 | Do not include "/PasswordVault/" 47 | 48 | .PARAMETER PVWAAppName 49 | The name of the CyberArk PVWA Virtual Directory. 50 | Defaults to PasswordVault 51 | 52 | .EXAMPLE 53 | $token | Set-PASSafe -SafeName SAFE -Description "New-Description" -NumberOfVersionsRetention 10 54 | 55 | Updates description and version retention on SAFE 56 | 57 | .INPUTS 58 | SafeName, SessionToken, WebSession & BaseURI can be piped to the function by propertyname 59 | 60 | .OUTPUTS 61 | Outputs Object of Custom Type psPAS.CyberArk.Vault.Safe 62 | SessionToken, WebSession, BaseURI are passed through and 63 | contained in output object for inclusion in subsequent 64 | pipeline operations. 65 | 66 | Output format is defined via psPAS.Format.ps1xml. 67 | To force all output to be shown, pipe to Select-Object * 68 | 69 | .NOTES 70 | 71 | .LINK 72 | #> 73 | [CmdletBinding(DefaultParameterSetName = "Update")] 74 | param( 75 | [Parameter( 76 | Mandatory = $true, 77 | ValueFromPipelinebyPropertyName = $true, 78 | ParameterSetName = "Update" 79 | )] 80 | [Parameter( 81 | Mandatory = $true, 82 | ValueFromPipelinebyPropertyName = $true, 83 | ParameterSetName = "Days" 84 | )] 85 | [Parameter( 86 | Mandatory = $true, 87 | ValueFromPipelinebyPropertyName = $true, 88 | ParameterSetName = "Versions" 89 | )] 90 | [ValidateNotNullOrEmpty()] 91 | [ValidateScript( {$_ -notmatch ".*(\\|\/|:|\*|<|>|`"|\.|\||^\s).*"})] 92 | [ValidateLength(0, 28)] 93 | [string]$SafeName, 94 | 95 | [parameter( 96 | Mandatory = $false, 97 | ValueFromPipelinebyPropertyName = $false 98 | )] 99 | [ValidateLength(0, 100)] 100 | [string]$Description, 101 | 102 | [parameter( 103 | Mandatory = $false, 104 | ValueFromPipelinebyPropertyName = $false 105 | )] 106 | [boolean]$OLACEnabled, 107 | 108 | [parameter( 109 | Mandatory = $false, 110 | ValueFromPipelinebyPropertyName = $false 111 | )] 112 | [string]$ManagingCPM, 113 | 114 | [parameter( 115 | Mandatory = $false, 116 | ValueFromPipelinebyPropertyName = $false, 117 | ParameterSetName = "Versions" 118 | )] 119 | [ValidateRange(1, 999)] 120 | [int]$NumberOfVersionsRetention, 121 | 122 | [parameter( 123 | Mandatory = $false, 124 | ValueFromPipelinebyPropertyName = $false, 125 | ParameterSetName = "Days" 126 | )] 127 | [ValidateRange(1, 3650)] 128 | [int]$NumberOfDaysRetention, 129 | 130 | [parameter( 131 | Mandatory = $true, 132 | ValueFromPipelinebyPropertyName = $true 133 | )] 134 | [ValidateNotNullOrEmpty()] 135 | [hashtable]$sessionToken, 136 | 137 | [parameter( 138 | ValueFromPipelinebyPropertyName = $true 139 | )] 140 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 141 | 142 | [parameter( 143 | Mandatory = $true, 144 | ValueFromPipelinebyPropertyName = $true 145 | )] 146 | [string]$BaseURI, 147 | 148 | [parameter( 149 | Mandatory = $false, 150 | ValueFromPipelinebyPropertyName = $true 151 | )] 152 | [string]$PVWAAppName = "PasswordVault" 153 | ) 154 | 155 | BEGIN {}#begin 156 | 157 | PROCESS { 158 | 159 | #Create URL for Request 160 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Safes/$($SafeName | 161 | 162 | Get-EscapedString)" 163 | 164 | #Create Request Body 165 | $body = @{ 166 | "safe" = $PSBoundParameters | Get-PASParameters 167 | 168 | } | ConvertTo-Json 169 | 170 | #Send request to web service 171 | $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body -Headers $sessionToken -WebSession $WebSession 172 | 173 | if($result) { 174 | 175 | $result.UpdateSafeResult | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Safe -PropertyToAdd @{ 176 | 177 | "sessionToken" = $sessionToken 178 | "WebSession" = $WebSession 179 | "BaseURI" = $BaseURI 180 | "PVWAAppName" = $PVWAAppName 181 | 182 | } 183 | 184 | } 185 | 186 | }#process 187 | 188 | END {}#end 189 | 190 | } -------------------------------------------------------------------------------- /psPAS/Functions/ServerWebServices/Get-PASSafeShareLogo.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASSafeShareLogo { 2 | <# 3 | .SYNOPSIS 4 | Returns details of configured SafeShare Logo 5 | 6 | .DESCRIPTION 7 | Gets configuration details of logo displayed in the SafeShare WebGUI 8 | 9 | .PARAMETER ImageType 10 | The requested logo type: Square or Watermark. 11 | 12 | .PARAMETER WebSession 13 | WebRequestSession object returned from New-PASSession 14 | 15 | .PARAMETER BaseURI 16 | PVWA Web Address 17 | Do not include "/PasswordVault/" 18 | 19 | .PARAMETER PVWAAppName 20 | The name of the CyberArk PVWA Virtual Directory. 21 | Defaults to PasswordVault 22 | 23 | .EXAMPLE 24 | $token | Get-PASSafeShareLogo -ImageType Square 25 | 26 | Retrieves Safe Share Logo 27 | 28 | .INPUTS 29 | WebSession & BaseURI can be piped to the function by propertyname 30 | 31 | .OUTPUTS 32 | 33 | .NOTES 34 | SafeShare no longer available from CyberArk 35 | 36 | .LINK 37 | 38 | #> 39 | [CmdletBinding()] 40 | param( 41 | [parameter( 42 | Mandatory = $true 43 | )] 44 | [ValidateSet("Square", "Watermark")] 45 | [String]$ImageType, 46 | 47 | [parameter( 48 | Mandatory = $false, 49 | ValueFromPipelinebyPropertyName = $true 50 | )] 51 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 52 | 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [string]$BaseURI, 58 | 59 | [parameter( 60 | Mandatory = $false, 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [string]$PVWAAppName = "PasswordVault" 64 | ) 65 | 66 | BEGIN {}#begin 67 | 68 | PROCESS { 69 | 70 | #Create URL for request 71 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Logo?type=$ImageType" 72 | 73 | #send request to web service 74 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -WebSession $WebSession 75 | 76 | }#process 77 | 78 | END {$result}#end 79 | } -------------------------------------------------------------------------------- /psPAS/Functions/ServerWebServices/Get-PASServer.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASServer { 2 | <# 3 | .SYNOPSIS 4 | Returns details of the Web Service Server 5 | 6 | .DESCRIPTION 7 | Returns information on Server. 8 | Returns the name of the Vault configured in the ServerDisplayName configuration parameter 9 | Appears to need Vault administrator rights 10 | 11 | .PARAMETER sessionToken 12 | Hashtable containing the session token returned from New-PASSession 13 | 14 | .PARAMETER WebSession 15 | WebRequestSession object returned from New-PASSession 16 | 17 | .PARAMETER BaseURI 18 | PVWA Web Address 19 | Do not include "/PasswordVault/" 20 | 21 | .PARAMETER PVWAAppName 22 | The name of the CyberArk PVWA Virtual Directory. 23 | Defaults to PasswordVault 24 | 25 | .EXAMPLE 26 | $token | Get-PASServer 27 | 28 | Displays CyberArk Server information 29 | 30 | .INPUTS 31 | WebSession & BaseURI can be piped to the function by propertyname 32 | 33 | .OUTPUTS 34 | Webservice Server Details 35 | ServerName, ExternalVersion, InternalVersion 36 | 37 | .NOTES 38 | 39 | .LINK 40 | 41 | #> 42 | [CmdletBinding()] 43 | param( 44 | [parameter( 45 | Mandatory = $true, 46 | ValueFromPipelinebyPropertyName = $true 47 | )] 48 | [ValidateNotNullOrEmpty()] 49 | [hashtable]$sessionToken, 50 | 51 | [parameter( 52 | Mandatory = $false, 53 | ValueFromPipelinebyPropertyName = $true 54 | )] 55 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 56 | 57 | [parameter( 58 | Mandatory = $true, 59 | ValueFromPipelinebyPropertyName = $true 60 | )] 61 | [string]$BaseURI, 62 | 63 | [parameter( 64 | Mandatory = $false, 65 | ValueFromPipelinebyPropertyName = $true 66 | )] 67 | [string]$PVWAAppName = "PasswordVault" 68 | ) 69 | 70 | BEGIN {}#begin 71 | 72 | PROCESS { 73 | 74 | #Create URL for request 75 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Server" 76 | 77 | #send request to web service 78 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 79 | 80 | }#process 81 | 82 | END {$result}#end 83 | } -------------------------------------------------------------------------------- /psPAS/Functions/ServerWebServices/Get-PASServerWebService.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASServerWebService { 2 | <# 3 | .SYNOPSIS 4 | Returns details of the Web Service 5 | 6 | .DESCRIPTION 7 | Returns information on Server web service. 8 | Returns the name of the Vault configured in the ServerDisplayName configuration parameter 9 | 10 | .PARAMETER WebSession 11 | WebRequestSession object returned from New-PASSession 12 | 13 | .PARAMETER BaseURI 14 | PVWA Web Address 15 | Do not include "/PasswordVault/" 16 | 17 | .PARAMETER PVWAAppName 18 | The name of the CyberArk PVWA Virtual Directory. 19 | Defaults to PasswordVault 20 | 21 | .EXAMPLE 22 | $token | Get-PASServerWebService 23 | 24 | Displays CyberArk Web Service Information 25 | 26 | .INPUTS 27 | WebSession & BaseURI can be piped to the function by propertyname 28 | 29 | .OUTPUTS 30 | Webservice Details 31 | ServerName, ServerID, ApplicationName & Available Authentication Methods 32 | 33 | .NOTES 34 | 35 | .LINK 36 | 37 | #> 38 | [CmdletBinding()] 39 | param( 40 | [parameter( 41 | Mandatory = $false, 42 | ValueFromPipelinebyPropertyName = $true 43 | )] 44 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 45 | 46 | [parameter( 47 | Mandatory = $true, 48 | ValueFromPipelinebyPropertyName = $true 49 | )] 50 | [string]$BaseURI, 51 | 52 | [parameter( 53 | Mandatory = $false, 54 | ValueFromPipelinebyPropertyName = $true 55 | )] 56 | [string]$PVWAAppName = "PasswordVault" 57 | ) 58 | 59 | BEGIN {}#begin 60 | 61 | PROCESS { 62 | 63 | #Create URL for request 64 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Verify" 65 | 66 | #send request to web service 67 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -WebSession $WebSession 68 | 69 | }#process 70 | 71 | END { 72 | 73 | if($result) { 74 | 75 | #return results 76 | $result | Select-Object ServerName, ServerId, ApplicationName , AuthenticationMethods 77 | 78 | } 79 | 80 | }#end 81 | } -------------------------------------------------------------------------------- /psPAS/Functions/User/Add-PASGroupMember.ps1: -------------------------------------------------------------------------------- 1 | function Add-PASGroupMember { 2 | <# 3 | .SYNOPSIS 4 | Adds a vault user as a group member 5 | 6 | .DESCRIPTION 7 | Adds an existing user to an existing group in the vault 8 | 9 | .PARAMETER GroupName 10 | The name of the user 11 | 12 | .PARAMETER UserName 13 | The name of the user 14 | 15 | .PARAMETER sessionToken 16 | Hashtable containing the session token returned from New-PASSession 17 | 18 | .PARAMETER WebSession 19 | WebRequestSession object returned from New-PASSession 20 | 21 | .PARAMETER BaseURI 22 | PVWA Web Address 23 | Do not include "/PasswordVault/" 24 | 25 | .PARAMETER PVWAAppName 26 | The name of the CyberArk PVWA Virtual Directory. 27 | Defaults to PasswordVault 28 | 29 | .EXAMPLE 30 | $token | Add-PASGroupMember -GroupName PVWAMonitor -UserName TargetUser 31 | 32 | Adds TargetUser to PVWAMonitor group 33 | 34 | .INPUTS 35 | All parameters can be piped by property name 36 | 37 | .OUTPUTS 38 | None 39 | 40 | .NOTES 41 | 42 | .LINK 43 | 44 | #> 45 | [CmdletBinding()] 46 | param( 47 | [parameter( 48 | Mandatory = $true, 49 | ValueFromPipelinebyPropertyName = $true 50 | )] 51 | [string]$GroupName, 52 | 53 | [parameter( 54 | Mandatory = $true, 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [string]$UserName, 58 | 59 | [parameter( 60 | Mandatory = $true, 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [ValidateNotNullOrEmpty()] 64 | [hashtable]$sessionToken, 65 | 66 | [parameter( 67 | ValueFromPipelinebyPropertyName = $true 68 | )] 69 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 70 | 71 | [parameter( 72 | Mandatory = $true, 73 | ValueFromPipelinebyPropertyName = $true 74 | )] 75 | [string]$BaseURI, 76 | 77 | [parameter( 78 | Mandatory = $false, 79 | ValueFromPipelinebyPropertyName = $true 80 | )] 81 | [string]$PVWAAppName = "PasswordVault" 82 | ) 83 | 84 | BEGIN {}#begin 85 | 86 | PROCESS { 87 | 88 | #Create URL for request 89 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Groups/$($GroupName | 90 | 91 | Get-EscapedString)/Users" 92 | 93 | #create request body 94 | $Body = $PSBoundParameters | 95 | 96 | Get-PASParameters -ParametersToRemove GroupName | 97 | 98 | ConvertTo-Json 99 | 100 | #send request to web service 101 | $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 102 | 103 | }#process 104 | 105 | END { 106 | if($result) { 107 | 108 | $result 109 | 110 | } 111 | }#end 112 | } -------------------------------------------------------------------------------- /psPAS/Functions/User/Get-PASLoggedOnUser.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASLoggedOnUser { 2 | <# 3 | .SYNOPSIS 4 | Returns details of the logged on user 5 | 6 | .DESCRIPTION 7 | Returns information on the user who is logged in. 8 | 9 | .PARAMETER sessionToken 10 | Hashtable containing the session token returned from New-PASSession 11 | 12 | .PARAMETER WebSession 13 | WebRequestSession object returned from New-PASSession 14 | 15 | .PARAMETER BaseURI 16 | PVWA Web Address 17 | Do not include "/PasswordVault/" 18 | 19 | .PARAMETER PVWAAppName 20 | The name of the CyberArk PVWA Virtual Directory. 21 | Defaults to PasswordVault 22 | 23 | .EXAMPLE 24 | $token | Get-PASLoggedOnUser 25 | 26 | Returns information on the user associated with the authorisation token. 27 | 28 | .INPUTS 29 | All parameters can be piped by property name 30 | 31 | .OUTPUTS 32 | Outputs Object of Custom Type psPAS.CyberArk.Vault.User 33 | SessionToken, WebSession, BaseURI are passed through and 34 | contained in output object for inclusion in subsequent 35 | pipeline operations. 36 | 37 | Output format is defined via psPAS.Format.ps1xml. 38 | To force all output to be shown, pipe to Select-Object * 39 | 40 | .NOTES 41 | 42 | .LINK 43 | 44 | #> 45 | [CmdletBinding()] 46 | param( 47 | [parameter( 48 | Mandatory = $true, 49 | ValueFromPipelinebyPropertyName = $true 50 | )] 51 | [ValidateNotNullOrEmpty()] 52 | [hashtable]$sessionToken, 53 | 54 | [parameter( 55 | ValueFromPipelinebyPropertyName = $true 56 | )] 57 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 58 | 59 | [parameter( 60 | Mandatory = $true, 61 | ValueFromPipelinebyPropertyName = $true 62 | )] 63 | [string]$BaseURI, 64 | 65 | [parameter( 66 | Mandatory = $false, 67 | ValueFromPipelinebyPropertyName = $true 68 | )] 69 | [string]$PVWAAppName = "PasswordVault" 70 | ) 71 | 72 | BEGIN {}#begin 73 | 74 | PROCESS { 75 | 76 | #Create URL for request 77 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/User" 78 | 79 | #send request to web service 80 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 81 | 82 | }#process 83 | 84 | END { 85 | 86 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.User -PropertyToAdd @{ 87 | 88 | "sessionToken" = $sessionToken 89 | "WebSession" = $WebSession 90 | "BaseURI" = $BaseURI 91 | "PVWAAppName" = $PVWAAppName 92 | 93 | } 94 | 95 | }#end 96 | 97 | } -------------------------------------------------------------------------------- /psPAS/Functions/User/Get-PASUser.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASUser { 2 | <# 3 | .SYNOPSIS 4 | Returns details of a user 5 | 6 | .DESCRIPTION 7 | Returns information on specific vault user. 8 | 9 | .PARAMETER UserName 10 | The user's name 11 | 12 | .PARAMETER sessionToken 13 | Hashtable containing the session token returned from New-PASSession 14 | 15 | .PARAMETER WebSession 16 | WebRequestSession object returned from New-PASSession 17 | 18 | .PARAMETER BaseURI 19 | PVWA Web Address 20 | Do not include "/PasswordVault/" 21 | 22 | .PARAMETER PVWAAppName 23 | The name of the CyberArk PVWA Virtual Directory. 24 | Defaults to PasswordVault 25 | 26 | .EXAMPLE 27 | $token | Get-PASUser Target_User 28 | 29 | Displays information on Target_User 30 | 31 | .INPUTS 32 | All parameters can be piped by property name 33 | 34 | .OUTPUTS 35 | Outputs Object of Custom Type psPAS.CyberArk.Vault.User 36 | SessionToken, WebSession, BaseURI are passed through and 37 | contained in output object for inclusion in subsequent 38 | pipeline operations. 39 | 40 | Output format is defined via psPAS.Format.ps1xml. 41 | To force all output to be shown, pipe to Select-Object * 42 | 43 | .NOTES 44 | 45 | .LINK 46 | 47 | #> 48 | [CmdletBinding()] 49 | param( 50 | [parameter( 51 | Mandatory = $true, 52 | ValueFromPipelinebyPropertyName = $true 53 | )] 54 | [string]$UserName, 55 | 56 | [parameter( 57 | Mandatory = $true, 58 | ValueFromPipelinebyPropertyName = $true 59 | )] 60 | [ValidateNotNullOrEmpty()] 61 | [hashtable]$sessionToken, 62 | 63 | [parameter( 64 | ValueFromPipelinebyPropertyName = $true 65 | )] 66 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 67 | 68 | [parameter( 69 | Mandatory = $true, 70 | ValueFromPipelinebyPropertyName = $true 71 | )] 72 | [string]$BaseURI, 73 | 74 | [parameter( 75 | Mandatory = $false, 76 | ValueFromPipelinebyPropertyName = $true 77 | )] 78 | [string]$PVWAAppName = "PasswordVault" 79 | ) 80 | 81 | BEGIN {}#begin 82 | 83 | PROCESS { 84 | 85 | #Create URL for request 86 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users/$($UserName | 87 | 88 | Get-EscapedString)" 89 | 90 | #send request to web service 91 | $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sessionToken -WebSession $WebSession 92 | 93 | }#process 94 | 95 | END { 96 | 97 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.User -PropertyToAdd @{ 98 | 99 | "sessionToken" = $sessionToken 100 | "WebSession" = $WebSession 101 | "BaseURI" = $BaseURI 102 | "PVWAAppName" = $PVWAAppName 103 | 104 | } 105 | 106 | }#end 107 | 108 | } -------------------------------------------------------------------------------- /psPAS/Functions/User/New-PASUser.ps1: -------------------------------------------------------------------------------- 1 | function New-PASUser { 2 | <# 3 | .SYNOPSIS 4 | Creates a new vault user 5 | 6 | .DESCRIPTION 7 | Adds a new user to the vault 8 | 9 | .PARAMETER UserName 10 | The name of the user to create in the vault 11 | 12 | .PARAMETER InitialPassword 13 | The password to set on the account, as a Secure String 14 | Must meet the password complexity requirements 15 | 16 | .PARAMETER Email 17 | The user's email address 18 | 19 | .PARAMETER FirstName 20 | The user's first name 21 | 22 | .PARAMETER LastName 23 | The user's last name 24 | 25 | .PARAMETER ChangePasswordOnTheNextLogon 26 | Whether or not user will be forced to change password on first logon 27 | 28 | .PARAMETER ExpiryDate 29 | Expiry Date to set on account. 30 | Default is Never 31 | Format: MM/dd/yyyy 32 | 33 | .PARAMETER UserTypeName 34 | The Type of User to create. 35 | EPVUser type will be created by default. 36 | 37 | .PARAMETER Disabled 38 | Whether or not the user will be created as a disbaled user 39 | Default is Enabled 40 | 41 | .PARAMETER Location 42 | The Vault Location where the user will be created 43 | Default location is "Root" 44 | 45 | .PARAMETER sessionToken 46 | Hashtable containing the session token returned from New-PASSession 47 | 48 | .PARAMETER WebSession 49 | WebRequestSession object returned from New-PASSession 50 | 51 | .PARAMETER BaseURI 52 | PVWA Web Address 53 | Do not include "/PasswordVault/" 54 | 55 | .PARAMETER PVWAAppName 56 | The name of the CyberArk PVWA Virtual Directory. 57 | Defaults to PasswordVault 58 | 59 | .EXAMPLE 60 | $token | New-PASUser -UserName NewUser -InitialPassword $securePWD 61 | 62 | Creates a Vault user named NewUser, with password set to securestring value from $securePWD 63 | 64 | .INPUTS 65 | All parameters can be piped by property name 66 | 67 | .OUTPUTS 68 | Outputs Object of Custom Type psPAS.CyberArk.Vault.User 69 | SessionToken, WebSession, BaseURI are passed through and 70 | contained in output object for inclusion in subsequent 71 | pipeline operations. 72 | 73 | Output format is defined via psPAS.Format.ps1xml. 74 | To force all output to be shown, pipe to Select-Object * 75 | 76 | .NOTES 77 | 78 | .LINK 79 | 80 | #> 81 | [CmdletBinding()] 82 | param( 83 | [parameter( 84 | Mandatory = $true, 85 | ValueFromPipelinebyPropertyName = $true 86 | )] 87 | [string]$UserName, 88 | 89 | [parameter( 90 | Mandatory = $true, 91 | ValueFromPipelinebyPropertyName = $true 92 | )] 93 | [securestring]$InitialPassword, 94 | 95 | [parameter( 96 | Mandatory = $false, 97 | ValueFromPipelinebyPropertyName = $true 98 | )] 99 | [string]$Email, 100 | 101 | [parameter( 102 | Mandatory = $false, 103 | ValueFromPipelinebyPropertyName = $true 104 | )] 105 | [string]$FirstName, 106 | 107 | [parameter( 108 | Mandatory = $false, 109 | ValueFromPipelinebyPropertyName = $true 110 | )] 111 | [string]$LastName, 112 | 113 | [parameter( 114 | Mandatory = $false, 115 | ValueFromPipelinebyPropertyName = $true 116 | )] 117 | [boolean]$ChangePasswordOnTheNextLogon, 118 | 119 | [parameter( 120 | Mandatory = $false, 121 | ValueFromPipelinebyPropertyName = $true 122 | )] 123 | [ValidateScript( { 124 | 125 | ($_ -match '^(((0[13578]|1[02])[/](0[1-9]|[12][0-9]|3[01])|(0[469]|11)[/](0[1-9]|[12][0-9]|30)|02[/](0[1-9]|1\d|2[0-8]))[/]\d{4}|02[/]29[/](\d{2}(0[48]|[2468][048]|[13579][26])|([02468][048]|[1359][26])00))$') 126 | 127 | })] 128 | [String]$ExpiryDate, 129 | 130 | [parameter( 131 | Mandatory = $false, 132 | ValueFromPipelinebyPropertyName = $true 133 | )] 134 | [string]$UserTypeName, 135 | 136 | [parameter( 137 | Mandatory = $false, 138 | ValueFromPipelinebyPropertyName = $true 139 | )] 140 | [boolean]$Disabled, 141 | 142 | [parameter( 143 | Mandatory = $false, 144 | ValueFromPipelinebyPropertyName = $true 145 | )] 146 | [string]$Location, 147 | 148 | [parameter( 149 | Mandatory = $true, 150 | ValueFromPipelinebyPropertyName = $true 151 | )] 152 | [ValidateNotNullOrEmpty()] 153 | [hashtable]$sessionToken, 154 | 155 | [parameter( 156 | ValueFromPipelinebyPropertyName = $true 157 | )] 158 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 159 | 160 | [parameter( 161 | Mandatory = $true, 162 | ValueFromPipelinebyPropertyName = $true 163 | )] 164 | [string]$BaseURI, 165 | 166 | [parameter( 167 | Mandatory = $false, 168 | ValueFromPipelinebyPropertyName = $true 169 | )] 170 | [string]$PVWAAppName = "PasswordVault" 171 | ) 172 | 173 | BEGIN {}#begin 174 | 175 | PROCESS { 176 | 177 | #Get request parameters 178 | $boundParameters = $PSBoundParameters | Get-PASParameters 179 | 180 | #deal with newPassword SecureString 181 | #Create New Credential object 182 | $InitialPwd = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $( 183 | 184 | #Assign UserName and initialPassword 185 | $UserName), $InitialPassword 186 | 187 | #Include decoded password in request 188 | $boundParameters["InitialPassword"] = $($InitialPwd.GetNetworkCredential().Password) 189 | 190 | #Construct Request Body 191 | $body = $boundParameters | ConvertTo-Json 192 | 193 | #Create URL for request 194 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users" 195 | 196 | #send request to web service 197 | $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Headers $sessionToken -WebSession $WebSession 198 | 199 | }#process 200 | 201 | END { 202 | 203 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.User -PropertyToAdd @{ 204 | 205 | "sessionToken" = $sessionToken 206 | "WebSession" = $WebSession 207 | "BaseURI" = $BaseURI 208 | "PVWAAppName" = $PVWAAppName 209 | 210 | } 211 | 212 | }#end 213 | 214 | } -------------------------------------------------------------------------------- /psPAS/Functions/User/Remove-PASUser.ps1: -------------------------------------------------------------------------------- 1 | function Remove-PASUser { 2 | <# 3 | .SYNOPSIS 4 | Deletes a vault user 5 | 6 | .DESCRIPTION 7 | Deletes an existing user from the vault 8 | 9 | .PARAMETER UserName 10 | The name of the user to delete from the vault 11 | 12 | .PARAMETER sessionToken 13 | Hashtable containing the session token returned from New-PASSession 14 | 15 | .PARAMETER WebSession 16 | WebRequestSession object returned from New-PASSession 17 | 18 | .PARAMETER BaseURI 19 | PVWA Web Address 20 | Do not include "/PasswordVault/" 21 | 22 | .PARAMETER PVWAAppName 23 | The name of the CyberArk PVWA Virtual Directory. 24 | Defaults to PasswordVault 25 | 26 | .EXAMPLE 27 | $token | Remove-PASUser This_User 28 | 29 | Deletes vault user "This_User" 30 | 31 | .INPUTS 32 | All parameters can be piped by property name 33 | 34 | .OUTPUTS 35 | None 36 | 37 | .NOTES 38 | 39 | .LINK 40 | 41 | #> 42 | [CmdletBinding()] 43 | param( 44 | [parameter( 45 | Mandatory = $true, 46 | ValueFromPipelinebyPropertyName = $true 47 | )] 48 | [string]$UserName, 49 | 50 | [parameter( 51 | Mandatory = $true, 52 | ValueFromPipelinebyPropertyName = $true 53 | )] 54 | [ValidateNotNullOrEmpty()] 55 | [hashtable]$sessionToken, 56 | 57 | [parameter( 58 | ValueFromPipelinebyPropertyName = $true 59 | )] 60 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 61 | 62 | [parameter( 63 | Mandatory = $true, 64 | ValueFromPipelinebyPropertyName = $true 65 | )] 66 | [string]$BaseURI, 67 | 68 | [parameter( 69 | Mandatory = $false, 70 | ValueFromPipelinebyPropertyName = $true 71 | )] 72 | [string]$PVWAAppName = "PasswordVault" 73 | ) 74 | 75 | BEGIN {}#begin 76 | 77 | PROCESS { 78 | 79 | #Create URL for request 80 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users/$($UserName | 81 | 82 | Get-EscapedString)" 83 | 84 | #send request to web service 85 | Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession 86 | 87 | }#process 88 | 89 | END {}#end 90 | } -------------------------------------------------------------------------------- /psPAS/Functions/User/Set-PASUser.ps1: -------------------------------------------------------------------------------- 1 | function Set-PASUser { 2 | <# 3 | .SYNOPSIS 4 | Updates a vault user 5 | 6 | .DESCRIPTION 7 | Updates an existing user in the vault 8 | 9 | .PARAMETER UserName 10 | The name of the user to update in the vault 11 | 12 | .PARAMETER NewPassword 13 | The password to set on the account. 14 | Must meet the password complexity requirements 15 | 16 | .PARAMETER Email 17 | The user's email address 18 | 19 | .PARAMETER FirstName 20 | The user's first name 21 | 22 | .PARAMETER LastName 23 | The user's last name 24 | 25 | .PARAMETER ChangePasswordOnTheNextLogon 26 | Whether or not user will be forced to change password on next logon 27 | 28 | .PARAMETER ExpiryDate 29 | Expiry Date to set on account. 30 | Format MM/dd/yyyy 31 | 32 | .PARAMETER UserTypeName 33 | The User Type 34 | 35 | .PARAMETER Disabled 36 | Whether or not the user will be enabled or disabled. 37 | 38 | .PARAMETER Location 39 | The Vault Location for the user 40 | 41 | .PARAMETER sessionToken 42 | Hashtable containing the session token returned from New-PASSession 43 | 44 | .PARAMETER WebSession 45 | WebRequestSession object returned from New-PASSession 46 | 47 | .PARAMETER BaseURI 48 | PVWA Web Address 49 | Do not include "/PasswordVault/" 50 | 51 | .PARAMETER PVWAAppName 52 | The name of the CyberArk PVWA Virtual Directory. 53 | Defaults to PasswordVault 54 | 55 | .EXAMPLE 56 | $token | set-pasuser -UserName Bill -Disabled $true 57 | 58 | Disables vault user Bill 59 | 60 | .INPUTS 61 | UserName, SessionToken, WebSession & BaseURI can be piped to the function by propertyname 62 | 63 | .OUTPUTS 64 | Outputs Object of Custom Type psPAS.CyberArk.Vault.User 65 | SessionToken, WebSession, BaseURI are passed through and 66 | contained in output object for inclusion in subsequent 67 | pipeline operations. 68 | 69 | Output format is defined via psPAS.Format.ps1xml. 70 | To force all output to be shown, pipe to Select-Object * 71 | 72 | .NOTES 73 | 74 | .LINK 75 | 76 | #> 77 | [CmdletBinding()] 78 | param( 79 | [parameter( 80 | Mandatory = $true, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [string]$UserName, 84 | 85 | [parameter( 86 | Mandatory = $false, 87 | ValueFromPipelinebyPropertyName = $false 88 | )] 89 | [securestring]$NewPassword, 90 | 91 | [parameter( 92 | Mandatory = $false, 93 | ValueFromPipelinebyPropertyName = $false 94 | )] 95 | [string]$Email, 96 | 97 | [parameter( 98 | Mandatory = $false, 99 | ValueFromPipelinebyPropertyName = $false 100 | )] 101 | [string]$FirstName, 102 | 103 | [parameter( 104 | Mandatory = $false, 105 | ValueFromPipelinebyPropertyName = $false 106 | )] 107 | [string]$LastName, 108 | 109 | [parameter( 110 | Mandatory = $false, 111 | ValueFromPipelinebyPropertyName = $false 112 | )] 113 | [boolean]$ChangePasswordOnTheNextLogon, 114 | 115 | [parameter( 116 | Mandatory = $false, 117 | ValueFromPipelinebyPropertyName = $false 118 | )] 119 | [ValidateScript( { 120 | 121 | ($_ -match '^(((0[13578]|1[02])[/](0[1-9]|[12][0-9]|3[01])|(0[469]|11)[/](0[1-9]|[12][0-9]|30)|02[/](0[1-9]|1\d|2[0-8]))[/]\d{4}|02[/]29[/](\d{2}(0[48]|[2468][048]|[13579][26])|([02468][048]|[1359][26])00))$') 122 | 123 | })] 124 | [string]$ExpiryDate, 125 | 126 | [parameter( 127 | Mandatory = $false, 128 | ValueFromPipelinebyPropertyName = $false 129 | )] 130 | [string]$UserTypeName, 131 | 132 | [parameter( 133 | Mandatory = $false, 134 | ValueFromPipelinebyPropertyName = $false 135 | )] 136 | [boolean]$Disabled, 137 | 138 | [parameter( 139 | Mandatory = $false, 140 | ValueFromPipelinebyPropertyName = $false 141 | )] 142 | [string]$Location, 143 | 144 | [parameter( 145 | Mandatory = $true, 146 | ValueFromPipelinebyPropertyName = $true 147 | )] 148 | [ValidateNotNullOrEmpty()] 149 | [hashtable]$sessionToken, 150 | 151 | [parameter( 152 | ValueFromPipelinebyPropertyName = $true 153 | )] 154 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 155 | 156 | [parameter( 157 | Mandatory = $true, 158 | ValueFromPipelinebyPropertyName = $true 159 | )] 160 | [string]$BaseURI, 161 | 162 | [parameter( 163 | Mandatory = $false, 164 | ValueFromPipelinebyPropertyName = $true 165 | )] 166 | [string]$PVWAAppName = "PasswordVault" 167 | ) 168 | 169 | BEGIN {}#begin 170 | 171 | PROCESS { 172 | 173 | #Get request parameters 174 | $boundParameters = $PSBoundParameters | Get-PASParameters -ParametersToRemove UserName 175 | 176 | #deal with newPassword SecureString 177 | If($PSBoundParameters.ContainsKey("NewPassword")) { 178 | 179 | #Create New Credential object 180 | $NewPwd = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $( 181 | 182 | #Assign UserName and newPassword 183 | $UserName), $NewPassword 184 | 185 | #Inclued decoded password in request 186 | $boundParameters["NewPassword"] = $($NewPwd.GetNetworkCredential().Password) 187 | 188 | } 189 | 190 | #Create URL for request 191 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users/$($UserName | 192 | 193 | Get-EscapedString)" 194 | 195 | #create request body 196 | $body = $boundParameters | ConvertTo-Json 197 | 198 | #send request to web service 199 | $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body -Headers $sessionToken -WebSession $WebSession 200 | 201 | }#process 202 | 203 | END { 204 | 205 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.User -PropertyToAdd @{ 206 | 207 | "sessionToken" = $sessionToken 208 | "WebSession" = $WebSession 209 | "BaseURI" = $BaseURI 210 | "PVWAAppName" = $PVWAAppName 211 | 212 | } 213 | 214 | }#end 215 | 216 | } -------------------------------------------------------------------------------- /psPAS/Functions/User/Unblock-PASUser.ps1: -------------------------------------------------------------------------------- 1 | function Unblock-PASUser { 2 | <# 3 | .SYNOPSIS 4 | Activates a suspended user 5 | 6 | .DESCRIPTION 7 | Activates an existing vault user who was suspended due to password 8 | failures. 9 | 10 | .PARAMETER UserName 11 | The user's name 12 | 13 | .PARAMETER Suspended 14 | Suspension status 15 | 16 | .PARAMETER sessionToken 17 | Hashtable containing the session token returned from New-PASSession 18 | 19 | .PARAMETER WebSession 20 | WebRequestSession object returned from New-PASSession 21 | 22 | .PARAMETER BaseURI 23 | PVWA Web Address 24 | Do not include "/PasswordVault/" 25 | 26 | .PARAMETER PVWAAppName 27 | The name of the CyberArk PVWA Virtual Directory. 28 | Defaults to PasswordVault 29 | 30 | .EXAMPLE 31 | $token | Unblock-PASUser -UserName MrFatFingers -Suspended $false 32 | 33 | Activates suspended vault user MrFatFingers 34 | 35 | .INPUTS 36 | UserName, SessionToken, WebSession & BaseURI can be piped to the function by propertyname 37 | 38 | .OUTPUTS 39 | Outputs Object of Custom Type psPAS.CyberArk.Vault.User 40 | SessionToken, WebSession, BaseURI are passed through and 41 | contained in output object for inclusion in subsequent 42 | pipeline operations. 43 | 44 | Output format is defined via psPAS.Format.ps1xml. 45 | To force all output to be shown, pipe to Select-Object * 46 | 47 | .NOTES 48 | 49 | .LINK 50 | 51 | #> 52 | [CmdletBinding()] 53 | param( 54 | [parameter( 55 | Mandatory = $true, 56 | ValueFromPipelinebyPropertyName = $true 57 | )] 58 | [string]$UserName, 59 | 60 | [parameter( 61 | Mandatory = $true, 62 | ValueFromPipelinebyPropertyName = $false 63 | )] 64 | [ValidateSet($false)] 65 | [boolean]$Suspended, 66 | 67 | [parameter( 68 | Mandatory = $true, 69 | ValueFromPipelinebyPropertyName = $true 70 | )] 71 | [ValidateNotNullOrEmpty()] 72 | [hashtable]$sessionToken, 73 | 74 | [parameter( 75 | ValueFromPipelinebyPropertyName = $true 76 | )] 77 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession, 78 | 79 | [parameter( 80 | Mandatory = $true, 81 | ValueFromPipelinebyPropertyName = $true 82 | )] 83 | [string]$BaseURI, 84 | 85 | [parameter( 86 | Mandatory = $false, 87 | ValueFromPipelinebyPropertyName = $true 88 | )] 89 | [string]$PVWAAppName = "PasswordVault" 90 | ) 91 | 92 | BEGIN {}#begin 93 | 94 | PROCESS { 95 | 96 | #Create URL for request 97 | $URI = "$baseURI/$PVWAAppName/WebServices/PIMServices.svc/Users/$($UserName | 98 | 99 | Get-EscapedString)" 100 | 101 | #request body 102 | $body = $PSBoundParameters | 103 | 104 | Get-PASParameters -ParametersToRemove UserName | 105 | 106 | ConvertTo-Json 107 | 108 | #send request to web service 109 | $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $body -Headers $sessionToken -WebSession $WebSession 110 | 111 | }#process 112 | 113 | END { 114 | 115 | $result | Add-ObjectDetail -typename psPAS.CyberArk.Vault.User -PropertyToAdd @{ 116 | 117 | "sessionToken" = $sessionToken 118 | "WebSession" = $WebSession 119 | "BaseURI" = $BaseURI 120 | "PVWAAppName" = $PVWAAppName 121 | 122 | } 123 | 124 | }#end 125 | 126 | } -------------------------------------------------------------------------------- /psPAS/LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Pete Maan 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /psPAS/Private/Add-ObjectDetail.ps1: -------------------------------------------------------------------------------- 1 | function Add-ObjectDetail 2 | { 3 | <# 4 | .SYNOPSIS 5 | Decorate an object with 6 | - A TypeName 7 | - New properties 8 | - Default parameters 9 | .DESCRIPTION 10 | Helper function to decorate an object with 11 | - A TypeName 12 | - New properties 13 | - Default parameters 14 | .PARAMETER InputObject 15 | Object to decorate. Accepts pipeline input. 16 | .PARAMETER TypeName 17 | Typename to insert. 18 | 19 | This will show up when you use Get-Member against the resulting object. 20 | 21 | .PARAMETER PropertyToAdd 22 | Add these noteproperties. 23 | 24 | Format is a hashtable with Key (Property Name) = Value (Property Value). 25 | Example to add a One and Date property: 26 | -PropertyToAdd @{ 27 | One = 1 28 | Date = (Get-Date) 29 | } 30 | .PARAMETER DefaultProperties 31 | Change the default properties that show up 32 | .PARAMETER Passthru 33 | Whether to pass the resulting object on. Defaults to true 34 | .EXAMPLE 35 | # 36 | # Create an object to work with 37 | $Object = [PSCustomObject]@{ 38 | First = 'Cookie' 39 | Last = 'Monster' 40 | Account = 'CMonster' 41 | } 42 | #Add a type name and a random property 43 | Add-ObjectDetail -InputObject $Object -TypeName 'ApplicationX.Account' -PropertyToAdd @{ AnotherProperty = 5 } 44 | # First Last Account AnotherProperty 45 | # ----- ---- ------- --------------- 46 | # Cookie Monster CMonster 5 47 | #Verify that get-member shows us the right type 48 | $Object | Get-Member 49 | # TypeName: ApplicationX.Account ... 50 | .EXAMPLE 51 | # 52 | # Create an object to work with 53 | $Object = [PSCustomObject]@{ 54 | First = 'Cookie' 55 | Last = 'Monster' 56 | Account = 'CMonster' 57 | } 58 | #Add a random property, set a default property set so we only see two props by default 59 | Add-ObjectDetail -InputObject $Object -PropertyToAdd @{ AnotherProperty = 5 } -DefaultProperties Account, AnotherProperty 60 | # Account AnotherProperty 61 | # ------- --------------- 62 | # CMonster 5 63 | #Verify that the other properties are around 64 | $Object | Select -Property * 65 | # First Last Account AnotherProperty 66 | # ----- ---- ------- --------------- 67 | # Cookie Monster CMonster 5 68 | .NOTES 69 | This breaks the 'do one thing' rule from certain perspectives... 70 | The goal is to decorate an object all in one shot 71 | 72 | This abstraction simplifies decorating an object, with a slight trade-off in performance. For example: 73 | 10,000 objects, add a property and typename: 74 | Add-ObjectDetail: ~4.6 seconds 75 | Add-Member + PSObject.TypeNames.Insert: ~3 seconds 76 | Initial code borrowed from Shay Levy: 77 | http://blogs.microsoft.co.il/scriptfanatic/2012/04/13/custom-objects-default-display-in-powershell-30/ 78 | 79 | .LINK 80 | http://ramblingcookiemonster.github.io/Decorating-Objects/ 81 | .FUNCTIONALITY 82 | PowerShell Language 83 | #> 84 | [CmdletBinding()] 85 | param( 86 | [Parameter( Mandatory = $true, 87 | Position=0, 88 | ValueFromPipeline=$true )] 89 | [ValidateNotNullOrEmpty()] 90 | [psobject[]]$InputObject, 91 | 92 | [Parameter( Mandatory = $false, 93 | Position=1)] 94 | [string]$TypeName, 95 | 96 | [Parameter( Mandatory = $false, 97 | Position=2)] 98 | [System.Collections.Hashtable]$PropertyToAdd, 99 | 100 | [Parameter( Mandatory = $false, 101 | Position=3)] 102 | [ValidateNotNullOrEmpty()] 103 | [Alias('dp')] 104 | [System.String[]]$DefaultProperties, 105 | 106 | [boolean]$Passthru = $True 107 | ) 108 | 109 | Begin 110 | { 111 | if($PSBoundParameters.ContainsKey('DefaultProperties')) 112 | { 113 | # define a subset of properties 114 | $ddps = New-Object System.Management.Automation.PSPropertySet DefaultDisplayPropertySet,$DefaultProperties 115 | $PSStandardMembers = [System.Management.Automation.PSMemberInfo[]]$ddps 116 | } 117 | } 118 | Process 119 | { 120 | foreach($Object in $InputObject) 121 | { 122 | switch ($PSBoundParameters.Keys) 123 | { 124 | 'PropertyToAdd' 125 | { 126 | foreach($Key in $PropertyToAdd.Keys) 127 | { 128 | #Add some noteproperties. Slightly faster than Add-Member. 129 | $Object.PSObject.Properties.Add( ( New-Object System.Management.Automation.PSNoteProperty($Key, $PropertyToAdd[$Key]) ) ) 130 | } 131 | } 132 | 'TypeName' 133 | { 134 | #Add specified type 135 | [void]$Object.PSObject.TypeNames.Insert(0,$TypeName) 136 | } 137 | 'DefaultProperties' 138 | { 139 | # Attach default display property set 140 | Add-Member -InputObject $Object -MemberType MemberSet -Name PSStandardMembers -Value $PSStandardMembers 141 | } 142 | } 143 | if($Passthru) 144 | { 145 | $Object 146 | } 147 | } 148 | } 149 | } -------------------------------------------------------------------------------- /psPAS/Private/Get-EscapedString.ps1: -------------------------------------------------------------------------------- 1 | function Get-EscapedString{ 2 | <# 3 | .SYNOPSIS 4 | Outputs escaped string value. 5 | 6 | .DESCRIPTION 7 | Wrapper for the System.Uri EscapeDataString method. 8 | When provided with an input string, an escaped string will be output. 9 | This can be used for forming URLs and query srings where spaces are not allowed. 10 | 11 | .PARAMETER inputString 12 | String to escape 13 | 14 | .EXAMPLE 15 | "Safe Name" | Get-EscapedString 16 | 17 | .INPUTS 18 | String Value 19 | 20 | .OUTPUTS 21 | Escaped String Value 22 | 23 | .NOTES 24 | 25 | .LINK 26 | 27 | #> 28 | [CmdletBinding()] 29 | param( 30 | [parameter( 31 | Mandatory=$true, 32 | ValueFromPipeline=$true 33 | )] 34 | [string]$inputString 35 | 36 | ) 37 | 38 | Begin{} 39 | 40 | Process{ 41 | 42 | #Output escaped string 43 | [System.Uri]::EscapeDataString($inputString) 44 | 45 | } 46 | 47 | End{} 48 | 49 | } -------------------------------------------------------------------------------- /psPAS/Private/Get-PASParameters.ps1: -------------------------------------------------------------------------------- 1 | function Get-PASParameters { 2 | <# 3 | .SYNOPSIS 4 | Removes defined parameter values from a passed $PSBoundParameters object 5 | 6 | .DESCRIPTION 7 | When passed a $PSBoundParameters hashtable, this function removes standard parameters 8 | (like Verbose/Confirm etc) and returns the passed object with only the non-standard 9 | parameters left in place. 10 | This enables the returned object to be used to cretae the required JSON object to pass 11 | to the CyberArk REST API. 12 | 13 | .PARAMETER Parameters 14 | This is the input object from which to remove the default set of parameters. 15 | It is intended to accept the $PSBoundParameters object from another function. 16 | 17 | .PARAMETER ParametersToRemove 18 | Accepts an array of any additional parameter keys which should be removed from the passed input 19 | object. Specifying additional parameter names/keys here means that the default value assigned 20 | to the BaseParameters parameter will remain unchanged. 21 | 22 | .PARAMETER BaseParameters 23 | This is the default list of paramter names/keys which will be removed from the passed object. 24 | Contains all standard parmaters associated with PowerShell advanced functions, as well as 25 | additional parameter names related to the CyberArk REST API but which are never included in a 26 | JSON object sent to the API (URL for instance). 27 | For normal operation, there is no need to pass anything for the BaseParameters parameter. 28 | The default value should be used. 29 | 30 | .EXAMPLE 31 | $PSBoundParameters | Get-PASParameters 32 | 33 | .EXAMPLE 34 | Get-PASParameters -Parameters $PSBoundParameters -ParametersToRemove param1,param2 35 | 36 | .INPUTS 37 | $PSBoundParameters object 38 | 39 | .OUTPUTS 40 | Hashtable/$PSBoundParameters object, with defined parameters removed. 41 | 42 | .NOTES 43 | 44 | .LINK 45 | 46 | #> 47 | [CmdletBinding()] 48 | param( 49 | [parameter(Position = 0, 50 | Mandatory = $true, 51 | ValueFromPipeline = $true 52 | )] 53 | [ValidateNotNullOrEmpty()] 54 | [Hashtable]$Parameters, 55 | [parameter(Mandatory = $false)] 56 | [array]$ParametersToRemove = @(), 57 | [parameter(Mandatory = $false)] 58 | [array]$BaseParameters = @("Debug", 59 | "ErrorAction", 60 | "ErrorVariable", 61 | "OutVariable", 62 | "OutBuffer", 63 | "PipelineVariable", 64 | "Verbose", 65 | "WarningAction", 66 | "WarningVariable", 67 | "WhatIf", 68 | "Confirm", 69 | "sessionToken", 70 | "BaseURI" 71 | "AccountID", 72 | "SessionVariable", 73 | "WebSession", 74 | "PVWAAppName") 75 | ) 76 | 77 | BEGIN { 78 | 79 | Write-Debug "Function: $($MyInvocation.InvocationName)" 80 | 81 | }#begin 82 | 83 | PROCESS { 84 | 85 | #Combine base parameters and any additional parameters to remove 86 | ($BaseParameters + $ParametersToRemove) | 87 | 88 | ForEach-Object { 89 | 90 | Write-Debug "Removing Parameter: $_" 91 | #remove specified parameters from passed values 92 | $Parameters.Remove($_) 93 | 94 | } 95 | 96 | }#process 97 | 98 | END { 99 | 100 | #Return Object 101 | $Parameters 102 | 103 | }#end 104 | } -------------------------------------------------------------------------------- /psPAS/Private/Invoke-PASRestMethod.ps1: -------------------------------------------------------------------------------- 1 | function Invoke-PASRestMethod{ 2 | <# 3 | .SYNOPSIS 4 | Wrapper for Invoke-WebRequest to call REST method via API 5 | 6 | .DESCRIPTION 7 | Sends requests to web services, and where appropriate returns structured data. 8 | Acts as wrapper for the Invoke-WebRequest CmdLet so that status codes can be 9 | queried and acted on. 10 | All requests are sent with ContentType=application/json. 11 | If the sessionVariable parameter is passed, the function will return a WebSession 12 | object to be used on subsequent calls to the web service. 13 | 14 | .PARAMETER Method 15 | The method for the REST Method. 16 | Only accepts GET, POST, PUT or DELETE 17 | 18 | .PARAMETER URI 19 | The address of the API or service to send the request to. 20 | 21 | .PARAMETER Body 22 | The body of the request to send to the API 23 | 24 | .PARAMETER Headers 25 | The header of the request to send to the API. 26 | 27 | .PARAMETER SessionVariable 28 | If passed, will be sent to invoke-webrequest which in turn will create a websession 29 | variable using the string value as the name. This variable will only exist in the current scope 30 | so will be returned as a WebSession property in the output object. 31 | Cannot be specified with WebSession 32 | 33 | .PARAMETER WebSession 34 | Accepts a WebRequestSession object containing session details 35 | Cannot be specified with SessionVariable 36 | 37 | .EXAMPLE 38 | 39 | .INPUTS 40 | 41 | .OUTPUTS 42 | Return data from the call to the REST API where content is returned 43 | Will additionally contain a WebSession property containing a WebRequestSession object if SessionVariable 44 | parameter was specified. 45 | 46 | .NOTES 47 | SessionVariable/WebSession functionality should be used where the API exists behind a load balancer 48 | to ensure session persistence. 49 | 50 | .LINK 51 | 52 | #> 53 | [CmdletBinding()] 54 | param 55 | ( 56 | [Parameter(Mandatory = $true)] 57 | [ValidateSet('GET','POST','PUT','DELETE')] 58 | [String]$Method, 59 | 60 | [Parameter(Mandatory = $true)] 61 | [String]$URI, 62 | 63 | [Parameter(Mandatory = $false)] 64 | [String]$Body, 65 | 66 | [Parameter(Mandatory = $false)] 67 | [hashtable]$Headers, 68 | 69 | [Parameter( 70 | Mandatory = $false, 71 | ParameterSetName="SessionVariable" 72 | )] 73 | [String]$SessionVariable, 74 | 75 | [Parameter( 76 | Mandatory = $false, 77 | ParameterSetName="WebSession" 78 | )] 79 | [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession 80 | ) 81 | 82 | Begin{ 83 | 84 | Write-Debug "Function: $($MyInvocation.InvocationName)" 85 | 86 | #Add ContentType for all function calls 87 | $PSBoundParameters.Add("ContentType",'application/json') 88 | 89 | #If Tls12 Security Protocol is available 90 | if(([Net.SecurityProtocolType].GetEnumNames() -contains "Tls12") -and 91 | 92 | #And Tls12 is not already in use 93 | (-not ([System.Net.ServicePointManager]::SecurityProtocol -match "Tls12"))){ 94 | 95 | Write-Verbose "Setting Security Protocol to TLS12" 96 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 97 | 98 | } 99 | 100 | Else{ 101 | 102 | Write-Debug "Security Protocol: $([System.Net.ServicePointManager]::SecurityProtocol)" 103 | 104 | } 105 | 106 | } 107 | 108 | Process{ 109 | 110 | Write-Debug $PSBoundParameters.GetEnumerator() 111 | 112 | try{ 113 | 114 | #make web request, splat PSBoundParameters 115 | $webResponse = Invoke-WebRequest @PSBoundParameters -ErrorAction Stop 116 | 117 | $StatusCode = $webResponse.StatusCode 118 | 119 | } 120 | 121 | catch { 122 | 123 | #Catch any errors, save response 124 | $StatusCode = $($_.Exception.Response).StatusCode.value__ 125 | 126 | Write-Debug $_ 127 | 128 | $response = $_ | ConvertFrom-Json 129 | 130 | } 131 | 132 | finally{ 133 | 134 | Write-Debug "Status code: $StatusCode" 135 | 136 | if( -not ($StatusCode -match "20*")) { 137 | 138 | #Non 20X Status Codes 139 | <# 140 | 400 - Bad Request 141 | 401 - Unauthorised 142 | 403 - Forbidden 143 | 409 - already exists (CONFLICT) 144 | 404 - not found 145 | 500 - server error 146 | #> 147 | 148 | Write-Error -Message "[$StatusCode] $($response.ErrorMessage)" -ErrorId $response.ErrorCode 149 | 150 | } 151 | 152 | else{ 153 | 154 | #status code is of type 20x 155 | #If there is a response from the web request 156 | if($webResponse){ 157 | 158 | <# 159 | 200 - OK 160 | 201 - Created 161 | 202 - Accepted 162 | 204 - No Content 163 | #> 164 | 165 | #If Response has content 166 | if($webResponse.content){ 167 | 168 | if(($webResponse.headers)["Content-Type"] -match "application/octet-stream"){ 169 | 170 | [System.Text.Encoding]::Ascii.GetString($($webResponse.content)) 171 | 172 | } 173 | 174 | Elseif(($webResponse.headers)["Content-Type"] -match "application/json"){ 175 | 176 | #Create Return Object from Returned JSON 177 | $PASResponse = ConvertFrom-Json -InputObject $webResponse.content 178 | 179 | #If Session Variable passed as argument 180 | If($PSBoundParameters.ContainsKey("SessionVariable")){ 181 | 182 | Write-verbose "SessionVariable Passed; Processing WebSession" 183 | 184 | #Add WebSession Object to Return Object 185 | $PASResponse | Add-ObjectDetail -PropertyToAdd @{ 186 | 187 | #WebSession is stored in sessionVariable variable in current scope 188 | "WebSession" = $(Get-Variable $(Get-Variable sessionVariable).Value).Value 189 | 190 | } -Passthru $false 191 | 192 | } 193 | 194 | #Return Object 195 | $PASResponse 196 | 197 | } 198 | 199 | } 200 | 201 | } 202 | 203 | } 204 | 205 | } 206 | 207 | } 208 | 209 | } -------------------------------------------------------------------------------- /psPAS/psPAS.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | 3 | # Script module or binary module file associated with this manifest. 4 | RootModule = 'psPAS.psm1' 5 | 6 | # Version number of this module. 7 | ModuleVersion = '0.0.6' 8 | 9 | # ID used to uniquely identify this module 10 | GUID = '11c880d2-1430-4bd2-b6e8-f324741b460b' 11 | 12 | # Author of this module 13 | Author = 'Pete Maan' 14 | 15 | # Company or vendor of this module 16 | # CompanyName = '' 17 | 18 | # Copyright statement for this module 19 | Copyright = '(c) 2017 Pete Maan. All rights reserved.' 20 | 21 | # Description of the functionality provided by this module 22 | Description = 'Module to expose CyberArk REST API/Web Service functions' 23 | 24 | # Minimum version of the Windows PowerShell engine required by this module 25 | PowerShellVersion = '3.0' 26 | 27 | # Name of the Windows PowerShell host required by this module 28 | # PowerShellHostName = '' 29 | 30 | # Minimum version of the Windows PowerShell host required by this module 31 | # PowerShellHostVersion = '' 32 | 33 | # Minimum version of Microsoft .NET Framework required by this module 34 | # DotNetFrameworkVersion = '' 35 | 36 | # Minimum version of the common language runtime (CLR) required by this module 37 | # CLRVersion = '' 38 | 39 | # Processor architecture (None, X86, Amd64) required by this module 40 | # ProcessorArchitecture = '' 41 | 42 | # Modules that must be imported into the global environment prior to importing this module 43 | # RequiredModules = @() 44 | 45 | # Assemblies that must be loaded prior to importing this module 46 | # RequiredAssemblies = @() 47 | 48 | # Script files (.ps1) that are run in the caller's environment prior to importing this module. 49 | # ScriptsToProcess = @() 50 | 51 | # Type files (.ps1xml) to be loaded when importing this module 52 | #TypesToProcess = @() 53 | 54 | # Format files (.ps1xml) to be loaded when importing this module 55 | FormatsToProcess = 'psPAS.Format.ps1xml' 56 | 57 | 58 | # Functions to export from this module 59 | FunctionsToExport = @( 60 | 'New-PASSession', 61 | 'Close-PASSession', 62 | 'Add-PASPublicSSHKey', 63 | 'Get-PASPublicSSHKey', 64 | 'Remove-PASPublicSSHKey', 65 | 'Add-PASAccount', 66 | 'Get-PASAccount', 67 | 'Remove-PASAccount', 68 | 'Start-PASCredChange', 69 | 'Set-PASAccount', 70 | 'Add-PASSafe', 71 | 'Set-PASSafe', 72 | 'Remove-PASSafe', 73 | 'Add-PASSafeMember', 74 | 'Set-PASSafeMember', 75 | 'Remove-PASSafeMember', 76 | 'Get-PASPolicyACL', 77 | 'Add-PASPolicyACL', 78 | 'Remove-PASPolicyACL', 79 | 'Get-PASAccountACL', 80 | 'Add-PASAccountACL', 81 | 'Remove-PASAccountACL', 82 | 'Get-PASApplications', 83 | 'Get-PASApplication', 84 | 'Add-PASApplication', 85 | 'Get-PASApplicationAuthenticationMethods', 86 | 'Add-PASApplicationAuthenticationMethod', 87 | 'Remove-PASApplication', 88 | 'Remove-PASApplicationAuthenticationMethod', 89 | 'Unblock-PASUser', 90 | 'Set-PASUser', 91 | 'Remove-PASUser', 92 | 'New-PASUser', 93 | 'Get-PASUser', 94 | 'Get-PASLoggedOnUser', 95 | 'Add-PASGroupMember', 96 | 'Get-PASAccountActivity', 97 | 'Get-PASAccountCredentials', 98 | 'Add-PASPendingAccount', 99 | 'Start-PASCredVerify', 100 | 'Get-PASSafe', 101 | 'Get-PASSafeMembers', 102 | 'Add-PASAccountGroupMember', 103 | 'New-PASAccountGroup', 104 | 'New-PASOnboardingRule', 105 | 'Get-PASOnboardingRule', 106 | 'Remove-PASOnboardingRule', 107 | 'Get-PASServer', 108 | 'Get-PASSafeShareLogo', 109 | 'Get-PASServerWebService', 110 | 'New-PASSAMLSession', 111 | 'ClosePASSAMLSession', 112 | 'New-PASSharedSession', 113 | 'Close-PASSharedSession' 114 | ) 115 | 116 | # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell. 117 | PrivateData = @{ 118 | 119 | PSData = @{ 120 | 121 | # Tags applied to this module. These help with module discovery in online galleries. 122 | Tags = @('CyberArk', 'REST API', 'REST', 'Web Service') 123 | 124 | # A URL to the license for this module. 125 | LicenseUri = 'https://github.com/pspete/psPAS/blob/master/LICENSE.md' 126 | 127 | # A URL to the main website for this project. 128 | ProjectUri = 'https://github.com/pspete/psPAS' 129 | 130 | # A URL to an icon representing this module. 131 | # IconUri = '' 132 | 133 | # ReleaseNotes of this module 134 | # ReleaseNotes = '' 135 | 136 | } # End of PSData hashtable 137 | 138 | } # End of PrivateData hashtable 139 | 140 | } -------------------------------------------------------------------------------- /psPAS/psPAS.psm1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | 4 | .DESCRIPTION 5 | 6 | .EXAMPLE 7 | 8 | .INPUTS 9 | 10 | .OUTPUTS 11 | 12 | .NOTES 13 | 14 | .LINK 15 | 16 | #> 17 | [CmdletBinding()] 18 | param() 19 | 20 | #Get function files 21 | Get-ChildItem $PSScriptRoot\ -Recurse -Filter "*.ps1" -Exclude "*.ps1xml" | 22 | 23 | ForEach-Object { 24 | 25 | Try{ 26 | 27 | #Dot Source each file 28 | . $_.fullname 29 | 30 | } 31 | 32 | Catch{ 33 | 34 | Write-Error "Failed to import function $($_.fullname)" 35 | 36 | } 37 | 38 | 39 | } --------------------------------------------------------------------------------