-
Notifications
You must be signed in to change notification settings - Fork 0
/
grant.ps1
103 lines (96 loc) · 3.94 KB
/
grant.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#####################################################
# HelloID-Conn-Prov-Target-MyDMS-Entitlement-Grant
#
# Version: 1.0.0
#####################################################
# Initialize default value's
$config = $configuration | ConvertFrom-Json
$p = $person | ConvertFrom-Json
$aRef = $AccountReference | ConvertFrom-Json
$pRef = $permissionReference | ConvertFrom-Json
$success = $false
$auditLogs = [System.Collections.Generic.List[PSCustomObject]]::new()
# Enable TLS1.2
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Tls12
# Set debug logging
switch ($($config.IsDebug)) {
$true { $VerbosePreference = 'Continue' }
$false { $VerbosePreference = 'SilentlyContinue' }
}
#region functions
function Resolve-HTTPError {
[CmdletBinding()]
param (
[Parameter(Mandatory,
ValueFromPipeline
)]
[object]$ErrorObject
)
process {
$httpErrorObj = [PSCustomObject]@{
FullyQualifiedErrorId = $ErrorObject.FullyQualifiedErrorId
MyCommand = $ErrorObject.InvocationInfo.MyCommand
RequestUri = $ErrorObject.TargetObject.RequestUri
ScriptStackTrace = $ErrorObject.ScriptStackTrace
ErrorMessage = ''
}
if ($ErrorObject.Exception.GetType().FullName -eq 'Microsoft.PowerShell.Commands.HttpResponseException') {
$httpErrorObj.ErrorMessage = $ErrorObject.ErrorDetails.Message
} elseif ($ErrorObject.Exception.GetType().FullName -eq 'System.Net.WebException') {
$httpErrorObj.ErrorMessage = [System.IO.StreamReader]::new($ErrorObject.Exception.Response.GetResponseStream()).ReadToEnd()
}
Write-Output $httpErrorObj
}
}
#endregion
try {
# Add an auditMessage showing what will happen during enforcement
if ($dryRun -eq $true) {
$auditLogs.Add([PSCustomObject]@{
Message = "Grant MyDMS entitlement: [$($pRef.DisplayName)] to: [$($p.DisplayName)], will be executed during enforcement"
})
}
# Initalize Authorization Headers
$pair = "$($config.UserName):$($config.Password)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
if (-not($dryRun -eq $true)) {
Write-Verbose "Granting MyDMS entitlement: [$($pRef.DisplayName)] to: [$($p.DisplayName)]"
$connection = @{
Method = 'PUT'
Uri = $config.BaseUrl + "/user?id=$($aRef)&groupId=$($pRef.id)"
ContentType = 'application/json'
Headers = $Headers
}
$AccountResponse = Invoke-RestMethod @connection -Verbose:$false
$success = $true
$auditLogs.Add([PSCustomObject]@{
Message = "Grant MyDMS entitlement: [$($pRef.DisplayName)] to: [$($p.DisplayName)] was successful."
IsError = $false
})
}
} catch {
$success = $false
$ex = $PSItem
if ($($ex.Exception.GetType().FullName -eq 'Microsoft.PowerShell.Commands.HttpResponseException') -or
$($ex.Exception.GetType().FullName -eq 'System.Net.WebException')) {
$errorObj = Resolve-HTTPError -ErrorObject $ex
$errorMessage = "Could not grant MyDMS entitlement: [$($pRef.DisplayName)] to: [$($p.DisplayName)]. Error: $($errorObj.ErrorMessage)"
} else {
$errorMessage = "Could not grant MyDMS entitlement: [$($pRef.DisplayName)] to: [$($p.DisplayName)]. Error: $($ex.Exception.Message)"
}
Write-Verbose $errorMessage
$auditLogs.Add([PSCustomObject]@{
Message = $errorMessage
IsError = $true
})
} finally {
$result = [PSCustomObject]@{
Success = $success
Auditlogs = $auditLogs
}
Write-Output $result | ConvertTo-Json -Depth 10
}