-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWallixAdminBastion.rdfx
81 lines (73 loc) · 3.03 KB
/
WallixAdminBastion.rdfx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<DynamicFolderExport>
<Name>Dynamic Folder Export</Name>
<Objects>
<DynamicFolderExportObject>
<Type>DynamicFolder</Type>
<Name>WallixAdminBastion</Name>
<Description>Imports targets from Wallix Admin Bastion</Description>
<CustomProperties>
<CustomProperty>
<Name>BastionFQDN</Name>
<Type>Text</Type>
<Value>TODO</Value>
</CustomProperty>
</CustomProperties>
<ScriptInterpreter>powershell</ScriptInterpreter>
<Script><![CDATA[# Define variables
$PrimaryUser = "$EffectiveUsername$" # Primary username
$PrimaryPassword = "$EffectivePassword$" # Primary password
$BastionFQDN = "$CustomProperty.BastionFQDN$" # Bastion fully qualified domain name
# Create credentials for API auth.
$pair = "$($PrimaryUser):$($PrimaryPassword)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
# Set headers for API auth.
$Headers = @{
Authorization = $basicAuthValue
}
# Get session rights from Wallix Bastion
$response = Invoke-WebRequest -Uri "https://$BastionFQDN/api/sessionrights" -Headers $Headers -Method Get -ContentType "application/json" -UseBasicParsing
# Convert session rights JSON to PowerShell object
$WallixSessionRights = $response.Content | ConvertFrom-Json
# Create an array to store authorization objects
$MyAuthorization = foreach ($WallixSessionRight in $WallixSessionRights) {
# Determine the target type based on service protocol
$TargetType = switch ($WallixSessionRight.service_protocol) {
"RDP" { "RemoteDesktopConnection" }
"APP" { "RemoteDesktopConnection" }
"SSH" { "TerminalConnection" }
}
# Determine the target name based on type (device or application)
$TargetName = switch ($WallixSessionRight.type) {
"device" { $WallixSessionRight.device }
"application" { $WallixSessionRight.application }
}
# Create a new target object for RoyalTS
[PSCustomObject]@{
"Type" = $TargetType
"Name" = $TargetName
"ComputerName" = $BastionFQDN
"Username" = "$($WallixSessionRight.account)@$($WallixSessionRight.domain)@$($TargetName):$($WallixSessionRight.service_protocol):$($WallixSessionRight.authorization):$($PrimaryUser)"
"Password" = $PrimaryPassword
"Description" = "$($WallixSessionRight.device_description)$($WallixSessionRight.application_description)"
"Path" = "$($WallixSessionRight.authorization)"
}
}
# Convert the MyAuthorization array to JSON
$MyAuthorizationJSON = $MyAuthorization| sort-object -property Path | ConvertTo-Json
# Construct the final JSON payload for RoyalTS
$rJSON = @"
{
"Objects": $MyAuthorizationJSON
}
"@
# Return the final RoyalJSON payload
$rJSON]]></Script>
<DynamicCredentialScriptInterpreter>json</DynamicCredentialScriptInterpreter>
<DynamicCredentialScript><![CDATA[{
"Username": "user",
"Password": "pass"
}]]></DynamicCredentialScript>
</DynamicFolderExportObject>
</Objects>
</DynamicFolderExport>