-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsource_script.ps1
72 lines (60 loc) · 2.64 KB
/
source_script.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<#
.SYNOPSIS
Script to create and update a dynamic folder for RoyalTS apps that automatically pull targets from Wallix Admin Bastion API.
.DESCRIPTION
This script is designed to be used as a source script in a RoyalTS dynamic folder. It will query the Wallix Admin Bastion API for session rights and create a RoyalTS JSON payload for each target.
.AUTHOR
Pierre Martin (@d4hu).
.LICENSE
GPLv3
#>
# Define variables
$PrimaryUser = "$EffectiveUsername$" # Primary username
$PrimaryPassword = "$EffectivePassword$" # Primary password
$BastionFQDN = "$CustomField1$" # Bastion fully qualified domain name
# Create credentials for API auth.
$pair = "$($PrimaryUser):$($PrimaryPassword)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
# Set headers for API auth.
$Headers = @{
Authorization = $basicAuthValue
}
# Get session rights from Wallix Bastion
$response = Invoke-WebRequest -Uri "https://$BastionFQDN/api/sessionrights" -Headers $Headers -Method Get -ContentType "application/json" -UseBasicParsing
# Convert session rights JSON to PowerShell object
$WallixSessionRights = $response.Content | ConvertFrom-Json
# Create an array to store authorization objects
$MyAuthorization = foreach ($WallixSessionRight in $WallixSessionRights) {
# Determine the target type based on service protocol
$TargetType = switch ($WallixSessionRight.service_protocol) {
"RDP" { "RemoteDesktopConnection" }
"APP" { "RemoteDesktopConnection" }
"SSH" { "TerminalConnection" }
}
# Determine the target name based on type (device or application)
$TargetName = switch ($WallixSessionRight.type) {
"device" { $WallixSessionRight.device }
"application" { $WallixSessionRight.application }
}
# Create a new target object for RoyalTS
[PSCustomObject]@{
"Type" = $TargetType
"Name" = $TargetName
"ComputerName" = $BastionFQDN
"Username" = "$($WallixSessionRight.account)@$($WallixSessionRight.domain)@$($TargetName):$($WallixSessionRight.service_protocol):$($WallixSessionRight.authorization):$($PrimaryUser)"
"Password" = $PrimaryPassword
"Description" = "$($WallixSessionRight.device_description)$($WallixSessionRight.application_description)"
"Path" = "$($WallixSessionRight.authorization)"
}
}
# Convert the MyAuthorization array to JSON
$MyAuthorizationJSON = $MyAuthorization| sort-object -property Path | ConvertTo-Json
# Construct the final JSON payload for RoyalTS
$rJSON = @"
{
"Objects": $MyAuthorizationJSON
}
"@
# Return the final RoyalJSON payload
$rJSON