· 5 years ago · Oct 22, 2020, 08:52 AM
1using namespace Newtonsoft.Json
2using namespace Newtonsoft.Json.Serialization
3using namespace System.Collections.Generic
4using namespace System.Reflection
5using namespace System.Text
6
7class CPBase {
8 [JsonIgnore()]
9 hidden [IList[string]] $ForceIncludeProperties
10
11 CPBase() { }
12 CPBase(
13 [System.Collections.IDictionary] $properties
14 ) {
15 $this.ForceIncludeProperties = $properties.Keys -as [string[]]
16
17 foreach ($property in $properties.Keys) {
18 if ($this.PSObject.Properties.Item($property)) {
19 $this.$property = $properties[$property]
20 }
21 }
22 }
23}
24
25class CPContractResolver : DefaultContractResolver {
26 static [CPContractResolver] $instance = [CPContractResolver]::new()
27
28 [string[]] $propertiesToSerialize
29
30 [List[MemberInfo]] GetSerializableMembers(
31 [Type] $objectType
32 ) {
33 [List[MemberInfo]]$members = $objectType.GetProperties() | Where-Object {
34 -not ($_.CustomAttributes.AttributeType -eq [CPIgnoreSerialization])
35 }
36
37 return $members
38 }
39
40 [JsonProperty] CreateProperty(
41 [MemberInfo] $member,
42 [MemberSerialization] $memberSerialization
43 ) {
44 [JsonProperty] $property = ([DefaultContractResolver]$this).CreateProperty(
45 $member,
46 $memberSerialization
47 )
48
49 $predicate = [StringBuilder]::new().
50 AppendLine('param ( $instance )').
51 AppendLine().
52 AppendFormat(
53 'if ($instance.{0} -or $instance.ForceIncludeProperties -contains "{0}") {{',
54 $property.UnderlyingName
55 ).
56 AppendLine().
57 AppendLine(' return $true').
58 AppendLine('}').
59 AppendLine('return $false').
60 ToString()
61
62 $property.ShouldSerialize = [ScriptBlock]::Create($predicate)
63
64 return $property
65 }
66}
67
68class CPPolicyCheck : CPBase {
69 [string] $ObjectType
70 [bool] $Active
71 [bool] $Exportable
72 [string] $Suggestion
73
74 # File
75 [string] $Files
76 [bool] $Present
77
78 # Directory
79 [JsonProperty('dirs')]
80 [string] $Directories
81
82 # Registry
83 [string] $RegistryKey
84 [string] $ValueName
85 [string] $ExpectedData
86}
87
88class CPPolicyCheckDirectory : CPPolicyCheck {
89 [JsonProperty('dirs')]
90 [string] $Directories
91 [bool] $Present
92}
93
94class CPPolicyCheckFile : CPPolicyCheck {
95 [string] $Files
96 [bool] $Present
97}
98
99class CPPolicyCheckRegistry : CPPolicyCheck {
100 [string] $RegistryKey
101 [string] $ValueName
102 [string] $ExpectedData
103}
104
105class CPPolicyRule : CPBase {
106 [bool] $Active
107 [bool] $Alert
108 [string] $Comment
109 [bool] $Critical
110 [bool] $Log
111 [string] $Name
112 [string] $Taxonomy
113 [CPPolicyCheck[]] $Checks
114}
115
116class CPServerCount {
117 [int] $Active
118 [int] $Missing
119 [int] $Deactivated
120 [int] $Retired
121 [int] $Total
122}
123
124class CPFirewallInterface : CPBase {
125 [string] $ID
126
127 [string] $Name
128
129 [bool] $System
130
131 CPFirewallInterface() { }
132 CPFirewallInterface([System.Collections.IDictionary] $properties) : base($properties) { }
133}
134
135class CPFirewallPolicy : CPBase {
136 [string] $ID
137
138 [string] $Url
139
140 [string] $Name
141
142 [string] $Description
143
144 [string] $Platform
145
146 [bool] $IgnoreForwardingRules
147
148 [bool] $LogAllowed
149
150 [bool] $LogDropped
151
152 [bool] $BlockInbound
153
154 [bool] $BlockOutbound
155
156 [CPFirewallRule[]]$FirewallRules
157
158 [bool] $System
159
160 [string] $GroupID
161
162 [CPGroup[]] $UsedBy
163
164 [string] $GroupName
165
166 [string] $CreatedBy
167
168 [string] $UpdatedBy
169
170 [DateTime] $CreatedAt
171
172 [DateTime] $UpdatedAt
173
174 CPFirewallPolicy() { }
175 CPFirewallPolicy([System.Collections.IDictionary] $properties) : base($properties) { }
176}
177
178class CPFirewallRule : CPBase {
179 [string] $ID
180
181 [string] $URL
182
183 [string] $Name
184
185 [string] $Chain = 'INPUT'
186
187 [string] $Action = 'ACCEPT'
188
189 [bool] $Active = $true
190
191 [string] $FirewallInterface
192
193 [CPFirewallZone] $FirewallSource
194
195 [string] $FirewallTarget
196
197 [CPFirewallService] $FirewallService
198
199 [string[]] $ConnectionStates
200
201 [string] $Log
202
203 [string] $LogPrefix
204
205 [string] $Comment
206
207 [string] $Position = 'last'
208
209 CPFirewallRule() { }
210 CPFirewallRule([System.Collections.IDictionary] $properties) : base($properties) { }
211}
212
213class CPFirewallService : CPBase {
214 [string] $ID
215
216 [string] $URL
217
218 [string] $Name
219
220 [string] $Protocol
221
222 [string] $Port
223
224 [bool] $System
225
226 CPFirewallService() { }
227 CPFirewallService([System.Collections.IDictionary] $properties) : base($properties) { }
228 CPFirewallService([string] $id) : base(@{ ID = $id }) { }
229
230 [string] ToString() {
231 return '{0}\{1}' -f $this.Protocol, $this.Port
232 }
233}
234
235class CPFirewallZone : CPBase {
236 [string] $ID
237
238 [string] $Name
239
240 [string] $IPAddress
241
242 [bool] $System
243
244 [CPFirewallPolicy[]] $UsedBy
245
246 [string] $Type
247
248 CPFirewallZone() { }
249 CPFirewallZone([System.Collections.IDictionary] $properties) : base($properties) { }
250 CPFirewallZone([string] $id) : base(@{ ID = $id; Type = 'FirewallZone' }) { }
251
252 [string] ToString() {
253 return $this.IPAddress
254 }
255}
256
257class CPGroup : CPBase {
258 [string] $Name
259 [string] $Description
260 [string] $Tag
261
262 [JsonProperty('policy_ids')]
263 [string[]] $LinuxPolicy
264
265 [JsonProperty('windows_policy_ids')]
266 [string[]] $WindowsPolicy
267
268 [JsonProperty('linux_firewall_policy_id')]
269 [string] $LinuxFirewallPolicy
270
271 [JsonProperty('windows_firewall_policy_id')]
272 [string] $WindowsFirewallPolicy
273
274 [JsonProperty('linux_fim_policy_ids')]
275 [string[]] $LinuxFimPolicy
276
277 [JsonProperty('windows_fim_policy_ids')]
278 [string[]] $WindowsFimPolicy
279
280 [JsonProperty('cve_exception_ids')]
281 [string[]] $CveException
282
283 [JsonProperty('alert_profile_ids')]
284 [string[]] $AlertProfile
285
286 # Use special_events_policy_id when setting. ffs...
287 [JsonProperty('server_events_policy_id')]
288 [string] $ServerEventsPolicy
289
290 [JsonProperty('lids_policy_ids')]
291 [string[]] $LidsPolicy
292
293 [string] $ID
294
295 [string] $Url
296
297 [CPServerCount] $ServerCounts
298
299 [string] $ParentID
300
301 [bool] $HasChildren
302
303 CPGroup() { }
304 CPGroup([System.Collections.IDictionary] $properties) : base($properties) { }
305}
306
307class CPPolicy : CPBase {
308 [string] $Name
309
310 [string] $Description
311
312 [string] $Module
313
314 [string] $Platform
315
316 [bool] $Template
317
318 [string] $GroupID
319
320 [string] $GroupName
321
322 [string] $CreatedBy
323
324 [string] $UpdatedBy
325
326 [DateTime] $CreatedAt
327
328 [DateTime] $UpdatedAt
329
330 [string] $Url
331
332 [string] $ID
333
334 [bool] $Shared
335
336 [bool] $Retired
337
338 [JsonIgnore()]
339 [string[]] $UsedBy
340
341 [string] $TargetType
342
343 [string] $Status
344
345 [CPPolicyRule[]] $Rules
346
347 CPPolicy() { }
348 CPPolicy([System.Collections.IDictionary] $properties) : base($properties) { }
349}
350
351class CPFirewallInterfaces : CPBase {
352 [CPIgnoreSerialization()]
353 [int] $Count
354
355 [CPIgnoreSerialization()]
356 [JsonProperty('firewall_interfaces')]
357 [CPFirewallInterface[]] $Array
358
359 [JsonProperty('firewall_interface')]
360 [CPFirewallInterface] $Scalar
361
362 CPFirewallServices() { }
363 CPFirewallServices(
364 [CPFirewallInterface] $object
365 ) {
366 $this.Scalar = $object
367 }
368}
369
370class CPFirewallPolicies : CPBase {
371 [CPIgnoreSerialization()]
372 [int] $Count
373
374 [CPIgnoreSerialization()]
375 [JsonProperty('firewall_policies')]
376 [CPFirewallPolicy[]] $Array
377
378 [JsonProperty('firewall_policy')]
379 [CPFirewallPolicy] $Scalar
380
381 CPFirewallPolicies() { }
382 CPFirewallPolicies(
383 [CPFirewallPolicy] $object
384 ) {
385 $this.Scalar = $object
386 }
387}
388
389class CPFirewallRules : CPBase {
390 [CPIgnoreSerialization()]
391 [int] $Count
392
393 [CPIgnoreSerialization()]
394 [JsonProperty('firewall_rules')]
395 [CPFirewallRule[]] $Array
396
397 [JsonProperty('firewall_rule')]
398 [CPFirewallRule] $Scalar
399
400 CPFirewallRules() { }
401 CPFirewallRules(
402 [CPFirewallRule] $object
403 ) {
404 $this.Scalar = $object
405 }
406}
407
408class CPFirewallServices : CPBase {
409 [CPIgnoreSerialization()]
410 [int] $Count
411
412 [CPIgnoreSerialization()]
413 [JsonProperty('firewall_services')]
414 [CPFirewallService[]] $Array
415
416 [JsonProperty('firewall_service')]
417 [CPFirewallService] $Scalar
418
419 CPFirewallServices() { }
420 CPFirewallServices(
421 [CPFirewallService] $object
422 ) {
423 $this.Scalar = $object
424 }
425}
426
427class CPFirewallZones : CPBase {
428 [CPIgnoreSerialization()]
429 [int] $Count
430
431 [CPIgnoreSerialization()]
432 [JsonProperty('firewall_zones')]
433 [CPFirewallZone[]] $Array
434
435 [JsonProperty('firewall_zone')]
436 [CPFirewallZone] $Scalar
437
438 CPFirewallZones() { }
439 CPFirewallZones(
440 [CPFirewallZone] $object
441 ) {
442 $this.Scalar = $object
443 }
444}
445
446class CPGroups : CPBase {
447 [CPIgnoreSerialization()]
448 [int] $Count
449
450 [CPIgnoreSerialization()]
451 [JsonProperty('groups')]
452 [CPGroup[]] $Array
453
454 [JsonProperty('group')]
455 [CPGroup] $Scalar
456
457 CPGroups() { }
458 CPGroups(
459 [CPGroup] $object
460 ) {
461 $this.Scalar = $object
462 }
463}
464
465class CPPolicies : CPBase {
466 [CPIgnoreSerialization()]
467 [int] $Count
468
469 [CPIgnoreSerialization()]
470 [JsonProperty('policies')]
471 [CPPolicy[]] $Array
472
473 [JsonProperty('policy')]
474 [CPPolicy] $Scalar
475
476 CPPolicies() { }
477 CPPolicies(
478 [CPPolicy] $object
479 ) {
480 $this.Scalar = $object
481 }
482}
483
484# Causes import module to fail.
485#
486# class CPPolicyCheckConverter : JsonConverter[CPPolicyCheck] {
487# [CPPolicyCheck] ReadJson(
488# [JsonReader] $reader,
489# [Type] $objectType,
490# [CPPolicyCheck] $existingValue,
491# [bool] $hasExistingValue,
492# [JsonSerializer] $serializer
493# ) {
494# $newType = switch ($existingValue.ObjectType) {
495# 'dir_presence' { 'CPPolicyCheckDirectory' }
496# default { return $existingValue }
497# }
498
499# return (ConvertFromCPJson -Json $reader.Value -Type $newType)
500# }
501
502# [void] WriteJson(
503# [JsonWriter] $writer,
504# [CPPolicyCheck] $value,
505# [JsonSerializer] $serializer
506# ) {
507# throw 'Not implemented'
508# }
509# }
510
511function ConvertFromCPJson {
512 [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSPossibleIncorrectComparisonWithNull', '')]
513 [CmdletBinding()]
514 param (
515 [Parameter(Mandatory, ValueFromPipeline)]
516 [AllowEmptyString()]
517 [string]$Json,
518
519 [Parameter(Mandatory)]
520 [Type]$Type
521 )
522
523 begin {
524 $method = $settings = $null
525 if ($Type -and $Type -ne [Void]) {
526 $settings = [JsonSerializerSettings]@{
527 ContractResolver = [DefaultContractResolver]@{
528 NamingStrategy = [SnakeCaseNamingStrategy]::new(
529 $false,
530 $true
531 )
532 }
533 DateFormatString = 'yyyy-MM-ddTHH:mm:ss.fffZ'
534 MaxDepth = 10
535 }
536 $method = [JsonConvert].GetMethod(
537 'DeserializeObject',
538 1,
539 [Type[]]@([string], [JsonSerializerSettings])
540 ).MakeGenericMethod(
541 $Type
542 )
543 }
544 }
545
546 process {
547 if ($Json) {
548 Write-Debug $Json
549
550 if ($method) {
551 $deserializedObject = $method.Invoke(
552 $null,
553 @(
554 $Json
555 $settings
556 )
557 )
558
559 if ($deserializedObject.Scalar) {
560 $deserializedObject.Scalar
561 } elseif ($deserializedObject.Array -ne $null) {
562 $deserializedObject.Array -ne $null
563 } else {
564 $deserializedObject
565 }
566 } else {
567 $Json | ConvertFrom-Json
568 }
569 }
570 }
571}
572
573function ConvertToCPJson {
574 [CmdletBinding()]
575 param (
576 [Parameter(ValueFromPipeline)]
577 $InputObject
578 )
579
580 begin {
581 $settings = [JsonSerializerSettings]@{
582 ContractResolver = [CPContractResolver]@{
583 NamingStrategy = [SnakeCaseNamingStrategy]::new(
584 $false,
585 $true
586 )
587 }
588 DateFormatString = 'yyyy-MM-ddTHH:mm:ss.fffZ'
589 MaxDepth = 10
590 }
591 }
592
593 process {
594 # Here's the problem. This really only accounts for one object
595 # $settings.ContractResolver.PropertiesToSerialize = $InputObject.properties.Keys
596
597 $Json = [JsonConvert]::SerializeObject(
598 $InputObject,
599 $settings
600 )
601 Write-Debug $Json
602
603 $Json
604 }
605}
606
607function ConvertToSnakeCase {
608 [CmdletBinding()]
609 param (
610 [Parameter(ValueFromPipeline)]
611 [string]$String
612 )
613
614 process {
615 $stringBuilder = [StringBuilder]::new()
616 for ($i = 0; $i -lt $String.Length; $i++) {
617 $char = $String[$i]
618 $nextChar = $String[$i + 1]
619
620 if ($char -eq ' ') {
621 $null = $stringBuilder.Append('_')
622 } else {
623 $null = $stringBuilder.Append($String[$i].ToString().ToLower())
624
625 if ($i -gt 0) {
626 if ($char -cge 'a' -and $char -cle 'z' -and $nextChar -cge 'A' -and $nextChar -cle 'Z') {
627 $null = $stringBuilder.Append('_')
628 }
629 }
630 }
631 }
632 $stringBuilder.ToString()
633 }
634}
635
636function InvokeCPRestMethod {
637 <#
638 .SYNOPSIS
639 Wrapper for Invoke-RestMethod. Simplifies CloudPassage API calls.
640 .DESCRIPTION
641 Wrapper for Invoke-RestMethod. Simplifies CloudPassage API calls.
642 #>
643
644 [CmdletBinding()]
645 [OutputType([PSObject])]
646 param (
647 # The rest method to invoke. For example, 'repositories' will be used to construct the request GET /service/rest/v1/repositories.
648 [Parameter(Mandatory)]
649 [string]$RestMethod,
650
651 # Request body which should be set with the request.
652 [object]$Body,
653
654 # The expected object type. Used to convert content from JSON.
655 [Type]$ObjectType = 'Void',
656
657 # The content type. If the content type is application/json the body will be converted to JSON before sending the request.
658 [string]$ContentType = 'application/json',
659
660 # The web request method. For example, GET or POST.
661 [Microsoft.PowerShell.Commands.WebRequestMethod]$Method = 'GET',
662
663 # Items to include in a query string.
664 [AllowEmptyCollection()]
665 [Hashtable]$Filter,
666
667 # The Nexus server used to perform this action.
668 [PSTypeName('PS.CloudPassage.Service')]
669 [PSObject]$Connection = (Get-CPService)
670 )
671
672 $params = @{
673 Uri = 'https://api.cloudpassage.com/{0}' -f $RestMethod
674 Method = $Method
675 Headers = @{
676 Authorization = 'Bearer {0}' -f $Connection.access_token
677 }
678 UseBasicParsing = $true
679 }
680 if ($Filter -and $Filter.Count -gt 0) {
681 $queryStringBuilder = [System.Web.HttpUtility]::ParseQueryString('')
682 foreach ($key in $Filter.Keys) {
683 $queryStringBuilder.Add(
684 (ConvertToSnakeCase -String $key),
685 $Filter[$key]
686 )
687 }
688 $params.Uri = '{0}?{1}' -f @(
689 $params.Uri -replace '/$'
690 $queryStringBuilder.ToString()
691 )
692 }
693 if ($Body) {
694 if ($ContentType -eq 'application/json' -and $Body -isnot [string]) {
695 $params.Body = $Body | ConvertToCPJson
696 } else {
697 $params.Body = $Body
698 }
699 }
700 $params.Add('ContentType', $ContentType)
701
702 try {
703 Write-Debug ('Sending request to {0}' -f $params.Uri)
704
705 Invoke-WebRequest @params -ErrorAction Stop |
706 ConvertFromCPJson -Type $ObjectType
707 } catch {
708 Write-Error -ErrorRecord $_
709 }
710}
711
712function Connect-CPService {
713 <#
714 .SYNOPSIS
715 Connect to the CloudPassage service.
716 .DESCRIPTION
717 Connect to the CloudPassage service to obtain a bearer token.
718 #>
719
720 [CmdletBinding()]
721 [OutputType([PSObject])]
722 param (
723 [string]$ID = $env:CloudPassageID,
724
725 [string]$Secret = $env:CloudPassageSecret
726 )
727
728 if ([string]::IsNullOrEmpty($ID) -or [string]::IsNullOrEmpty($Secret)) {
729 $errorRecord = [System.Management.Automation.ErrorRecord]::new(
730 [System.InvalidOperationException]::new('ID and Key must be specified to connect to CloudPassage'),
731 'MissingIDOrSecret',
732 'InvalidOperation',
733 $null
734 )
735 $pscmdlet.ThrowTerminatingError($errorRecord)
736 }
737
738 try {
739 $token = '{0}:{1}' -f $ID, $Secret
740 $encodedToken = [Convert]::ToBase64String([byte[]][char[]]$token)
741
742 $params = @{
743 Uri = 'https://api.cloudpassage.com/oauth/access_token?grant_type=client_credentials'
744 Header = @{
745 Authorization = 'Basic {0}' -f $encodedToken
746 }
747 Method = 'POST'
748 }
749 $Script:connectedService = Invoke-RestMethod @params | Add-Member -TypeName PS.CloudPassage.Service -PassThru
750 } catch {
751 $pscmdlet.ThrowTerminatingError($_)
752 }
753}
754
755function Get-CPFirewallInterface {
756 [CmdletBinding()]
757 param (
758 [string]$InterfaceID
759 )
760
761 $params = @{
762 RestMethod = 'v1/firewall_interfaces/{0}' -f $InterfaceID
763 ObjectType = 'CPFirewallInterfaces'
764 }
765 InvokeCPRestMethod @params
766}
767
768function Get-CPFirewallPolicy {
769 [CmdletBinding()]
770 param (
771 [string]$PolicyID,
772
773 [string]$Name
774 )
775
776 $Filter = [Hashtable]::new($PSBoundParameters)
777 $Filter.Remove('PolicyID')
778
779 $params = @{
780 RestMethod = 'v1/firewall_policies/{0}' -f $PolicyID
781 Filter = $Filter
782 ObjectType = 'CPFirewallPolicies'
783 }
784 InvokeCPRestMethod @params
785}
786
787function Get-CPFirewallRule {
788 [CmdletBinding()]
789 param (
790 [Parameter(Mandatory)]
791 [string]$PolicyID,
792
793 [string]$RuleID
794 )
795
796 $params = @{
797 RestMethod = 'v1/firewall_policies/{0}/firewall_rules/{1}' -f @(
798 $PolicyID
799 $RuleID
800 )
801 ObjectType = 'CPFirewallRules'
802 }
803 InvokeCPRestMethod @params
804}
805
806function Get-CPFirewallService {
807 [CmdletBinding()]
808 param (
809 [string]$ServiceID,
810
811 [string]$Name
812 )
813
814 $Filter = [Hashtable]::new($PSBoundParameters)
815 $Filter.Remove('ServiceID')
816
817 $params = @{
818 RestMethod = 'v1/firewall_services/{0}' -f $ServiceID
819 Filter = $Filter
820 ObjectType = 'CPFirewallServices'
821 }
822 InvokeCPRestMethod @params
823}
824
825function Get-CPFirewallZone {
826 [CmdletBinding()]
827 param (
828 [string]$ZoneID
829 )
830
831 $params = @{
832 RestMethod = 'v1/firewall_zones/{0}' -f $ZoneID
833 ObjectType = 'CPFirewallZones'
834 }
835 InvokeCPRestMethod @params
836}
837
838function Get-CPGroup {
839 [CmdletBinding()]
840 param (
841 [string]$GroupID,
842
843 [string]$GroupName
844 )
845
846 $Filter = [Hashtable]::new($PSBoundParameters)
847 $Filter.Remove('GroupID')
848
849 $params = @{
850 RestMethod = 'v1/groups/{0}' -f $GroupID
851 Filter = $Filter
852 ObjectType = 'CPGroups'
853 }
854 InvokeCPRestMethod @params
855}
856
857function Get-CPPolicy {
858 [CmdletBinding()]
859 param (
860 [string]$PolicyID
861 )
862
863 $params = @{
864 RestMethod = 'v2/policies/{0}' -f $PolicyID
865 ObjectType = 'CPPolicies'
866 }
867 InvokeCPRestMethod @params
868}
869
870function Get-CPService {
871 <#
872 .SYNOPSIS
873 Get an existing token from the CP service.
874
875 .DESCRIPTION
876
877 #>
878
879 [CmdletBinding()]
880 param ( )
881
882 if ($Script:connectedService) {
883 return $Script:connectedService
884 }
885
886 $errorRecord = [System.Management.Automation.ErrorRecord]::new(
887 [System.InvalidOperationException]::new('Need a token'),
888 'MissingBearerToken',
889 'InvalidOperation',
890 $null
891 )
892 $pscmdlet.ThrowTerminatingError($errorRecord)
893}
894
895function New-CPFirewallPolicy {
896 [CmdletBinding(SupportsShouldProcess)]
897 param (
898 [Parameter(Mandatory)]
899 [string]$Name,
900
901 [string]$Description,
902
903 [Parameter(Mandatory)]
904 [ValidateSet('linux', 'windows')]
905 [string]$Platform,
906
907 [switch]$IgnoreForwardingRules,
908
909 [switch]$LogAllowed,
910
911 [switch]$LogDropped,
912
913 [switch]$BlockInbound,
914
915 [switch]$BlockOutbound
916 )
917
918 $params = @{
919 RestMethod = 'v1/firewall_policies/' -f @(
920 $PolicyID
921 )
922 Method = 'POST'
923 Body = [CPFirewallPolicies][CPFirewallPolicy]$PSBoundParameters
924 ObjectType = 'CPFirewallPolicies'
925 }
926 if ($pscmdlet.ShouldProcess('Creating policy', $Name)) {
927 InvokeCPRestMethod @params
928 }
929}
930
931function New-CPFirewallRule {
932 [CmdletBinding(SupportsShouldProcess)]
933 param (
934 [Parameter(Mandatory)]
935 [string]$PolicyID,
936
937 [string]$Name,
938
939 [string]$Chain,
940
941 [switch]$Active,
942
943 [string]$FirewallSource,
944
945 [string]$FirewallInterface,
946
947 [string]$FirewallService,
948
949 [string]$State,
950
951 [string]$Action,
952
953 [string]$Log,
954
955 [string]$LogPrefix,
956
957 [string]$Comment,
958
959 [string]$Position
960 )
961
962 $params = @{
963 RestMethod = 'v1/firewall_policies/{0}/firewall_rules' -f @(
964 $PolicyID
965 )
966 Method = 'POST'
967 Body = [CPFirewallRules][CPFirewallRule]$PSBoundParameters
968 ObjectType = 'CPFirewallRules'
969 }
970 if ($pscmdlet.ShouldProcess('Adding rule', $PolicyID)) {
971 InvokeCPRestMethod @params
972 }
973}
974
975function New-CPFirewallService {
976 [CmdletBinding(SupportsShouldProcess)]
977 param (
978 [Parameter(Mandatory)]
979 [string]$Name,
980
981 [Parameter(Mandatory)]
982 [ValidateSet('TCP', 'UDP', 'ICMP')]
983 [string]$Protocol,
984
985 [string]$Port
986 )
987
988 try {
989 $params = @{
990 RestMethod = 'v1/firewall_services'
991 Method = 'POST'
992 Body = [CPFirewallServices][CPFirewallService]$PSBoundParameters
993 ObjectType = 'CPFirewallServices'
994 }
995 if ($pscmdlet.ShouldProcess('Creating service')) {
996 InvokeCPRestMethod @params
997 }
998 } catch {
999 $pscmdlet.ThrowTerminatingError($_)
1000 }
1001}
1002
1003function New-CPFirewallZone {
1004 [CmdletBinding(SupportsShouldProcess)]
1005 param (
1006 [Parameter(Mandatory)]
1007 [string]$Name,
1008
1009 [Parameter(Mandatory)]
1010 [string]$IPAddress
1011 )
1012
1013 try {
1014 $params = @{
1015 RestMethod = 'v1/firewall_zones'
1016 Method = 'POST'
1017 Body = [CPFirewallZones][CPFirewallZone]$PSBoundParameters
1018 ObjectType = 'CPFirewallZones'
1019 }
1020 if ($pscmdlet.ShouldProcess('Creating zone')) {
1021 InvokeCPRestMethod @params
1022 }
1023 } catch {
1024 $pscmdlet.ThrowTerminatingError($_)
1025 }
1026}
1027
1028function New-CPPolicy {
1029 [CmdletBinding(SupportsShouldProcess)]
1030 param (
1031 [Parameter(Mandatory)]
1032 [string]$Name,
1033
1034 [string]$Description,
1035
1036 [Parameter(Mandatory)]
1037 [ValidateSet('linux', 'windows')]
1038 [string]$Platform,
1039
1040 [CPPolicyRule[]]$Rules
1041 )
1042
1043 $params = @{
1044 RestMethod = 'v1/policies/'
1045 Method = 'POST'
1046 Body = [CPPolicies][CPPolicy]$PSBoundParameters
1047 ObjectType = 'CPPolicies'
1048 }
1049 if ($pscmdlet.ShouldProcess('Creating policy', $Name)) {
1050 InvokeCPRestMethod @params
1051 }
1052}
1053
1054function Remove-CPFirewallPolicy {
1055 [CmdletBinding()]
1056 param (
1057 [Parameter(Mandatory)]
1058 [string]$PolicyID
1059 )
1060
1061 $params = @{
1062 RestMethod = 'v1/firewall_policies/{0}' -f $PolicyID
1063 Method = 'DELETE'
1064 ObjectType = 'CPFirewallPolicies'
1065 }
1066 InvokeCPRestMethod @params
1067}
1068
1069function Remove-CPFirewallRule {
1070 [CmdletBinding()]
1071 param (
1072 [Parameter(Mandatory)]
1073 [string]$PolicyID,
1074
1075 [Parameter(Mandatory)]
1076 [string]$RuleID
1077 )
1078
1079 $params = @{
1080 RestMethod = 'v1/firewall_policies/{0}/firewall_rules/{1}' -f $PolicyID, $RuleID
1081 Method = 'PUT'
1082 ObjectType = 'CPFirewallRules'
1083 }
1084 InvokeCPRestMethod @params
1085}
1086
1087function Remove-CPFirewallService {
1088 [CmdletBinding()]
1089 param (
1090 [Parameter(Mandatory)]
1091 [string]$ServiceID
1092 )
1093
1094 $params = @{
1095 RestMethod = 'v1/firewall_services/{0}' -f $ServiceID
1096 Method = 'DELETE'
1097 ObjectType = 'CPFirewallServices'
1098 }
1099 InvokeCPRestMethod @params
1100}
1101
1102function Remove-CPFirewallZone {
1103 [CmdletBinding()]
1104 param (
1105 [Parameter(Mandatory)]
1106 [string]$ZoneID
1107 )
1108
1109 $params = @{
1110 RestMethod = 'v1/firewall_zones/{0}' -f $ZoneID
1111 Method = 'DELETE'
1112 ObjectType = 'CPFirewallZones'
1113 }
1114 InvokeCPRestMethod @params
1115}
1116
1117function Set-CPFirewallPolicy {
1118 [CmdletBinding()]
1119 param (
1120 [Parameter(Mandatory)]
1121 [string]$PolicyID,
1122
1123 [string]$Name,
1124
1125 [string]$Description,
1126
1127 [ValidateSet('linux', 'windows')]
1128 [string]$Platform,
1129
1130 [switch]$IgnoreForwardingRules,
1131
1132 [switch]$LogAllowed,
1133
1134 [switch]$LogDropped,
1135
1136 [switch]$BlockInbound,
1137
1138 [switch]$BlockOutbound
1139 )
1140
1141 $params = @{
1142 RestMethod = 'v1/firewall_policies/' -f @(
1143 $PolicyID
1144 )
1145 Method = 'PUT'
1146 Body = [CPFirewallPolicies][CPFirewallPolicy]$PSBoundParameters
1147 ObjectType = 'CPFirewallPolicies'
1148 }
1149 InvokeCPRestMethod @params
1150}
1151
1152function Set-CPFirewallZone {
1153 [CmdletBinding()]
1154 param (
1155 [Parameter(Mandatory)]
1156 [string]$ZoneID,
1157
1158 [string]$Name,
1159
1160 [string]$IPAddress
1161
1162 )
1163
1164 $params = @{
1165 RestMethod = 'v1/firewall_zones/{0}' -f $ZoneID
1166 Method = 'PUT'
1167 Body = [CPFirewallZones][CPFirewallZone]$PSBoundParameters
1168 ObjectType = 'CPFirewallZones'
1169 }
1170 InvokeCPRestMethod @params
1171}
1172
1173function Set-CPPolicy {
1174 [CmdletBinding(SupportsShouldProcess)]
1175 param (
1176 [Parameter(Mandatory)]
1177 [string]$PolicyID,
1178
1179 [string]$Name,
1180
1181 [string]$Description,
1182
1183 [ValidateSet('linux', 'windows')]
1184 [string]$Platform,
1185
1186 [CPPolicyRule[]]$Rules
1187 )
1188
1189 $params = @{
1190 RestMethod = 'v2/policies/{0}' -f @(
1191 $PolicyID
1192 )
1193 Method = 'PUT'
1194 Body = [CPPolicies][CPPolicy]$PSBoundParameters
1195 ObjectType = 'CPPolicies'
1196 }
1197 if ($pscmdlet.ShouldProcess('Updating policy', $Name)) {
1198 InvokeCPRestMethod @params
1199 }
1200}
1201
1202function Set-CPGroup {
1203 [CmdletBinding(SupportsShouldProcess)]
1204 param (
1205 [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
1206 [Alias('ID')]
1207 [string]$GroupID,
1208
1209 [AllowEmptyCollection()]
1210 [string[]]$LinuxPolicy,
1211
1212 [AllowEmptyCollection()]
1213 [string[]]$WindowsPolicy,
1214
1215 [AllowEmptyCollection()]
1216 [string[]]$LinuxFirewallPolicy,
1217
1218 [AllowEmptyCollection()]
1219 [string[]]$WindowsFirewallPolicy,
1220
1221 [AllowEmptyCollection()]
1222 [string[]]$LinuxFimPolicy,
1223
1224 [AllowEmptyCollection()]
1225 [string[]]$WindowsFimPolicy,
1226
1227 [AllowEmptyCollection()]
1228 [string[]]$CveException,
1229
1230 [AllowEmptyCollection()]
1231 [string[]]$AlertProfile
1232 )
1233
1234 process {
1235 if ($PSBoundParameters.Count -lt 2) {
1236 Write-Warning ('No changes requested for {0}.' -f $GroupID)
1237 return
1238 }
1239
1240 $params = @{
1241 RestMethod = 'v1/groups/{0}' -f $GroupID
1242 Method = 'PUT'
1243 Body = [CPGroups][CPGroup]$PSBoundParameters
1244 ObjectType = 'CPGroups'
1245 }
1246 if ($pscmdlet.ShouldProcess('Updating group', $GroupID)) {
1247 InvokeCPRestMethod @params
1248 }
1249 }
1250}
1251