90 lines
3.3 KiB
PowerShell
90 lines
3.3 KiB
PowerShell
#requires -Version 7.0
|
|
<#
|
|
.SYNOPSIS
|
|
Initialize Tanium (Redden-TanREST) from config.json, then
|
|
export all roles whose name starts with a given prefix (default: CASH).
|
|
|
|
.PARAMETER Prefix
|
|
Role name prefix to match (prefix match, case-insensitive). Default: CASH.
|
|
|
|
.PARAMETER OutputFolder
|
|
Destination folder for JSON exports. Default: %TEMP%\RBAC
|
|
#>
|
|
|
|
param(
|
|
[string]$Prefix = 'CASH',
|
|
[string]$OutputFolder = "$env:TEMP\RBAC"
|
|
)
|
|
|
|
$ErrorActionPreference = 'Stop'
|
|
try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}
|
|
Import-Module Redden-TanREST -Force
|
|
|
|
# --- Load config
|
|
$ConfigPath = Join-Path $PSScriptRoot 'config.json'
|
|
if (-not (Test-Path $ConfigPath)) { throw "Configuration file not found: $ConfigPath" }
|
|
$config = Get-Content -Path $ConfigPath -Raw | ConvertFrom-Json
|
|
$TaniumUrl = ($config.TaniumUrl -replace '^https?://','').TrimEnd('/')
|
|
$TaniumTok = $config.TaniumApiToken
|
|
if ([string]::IsNullOrWhiteSpace($TaniumUrl) -or [string]::IsNullOrWhiteSpace($TaniumTok)) {
|
|
throw "Both TaniumUrl and TaniumApiToken must be provided in $ConfigPath."
|
|
}
|
|
|
|
# --- Prepare output
|
|
if (-not (Test-Path $OutputFolder)) { New-Item -ItemType Directory -Path $OutputFolder -Force | Out-Null }
|
|
|
|
# --- Temporary CLIXML for Initialize-TaniumSession
|
|
$TempXml = Join-Path $env:TEMP ("tanium-session-{0}.apicred" -f ([guid]::NewGuid().ToString('N')))
|
|
@{ baseURI = $TaniumUrl; token = ($TaniumTok | ConvertTo-SecureString -AsPlainText -Force) } |
|
|
Export-Clixml -Path $TempXml -Force
|
|
|
|
Write-Host "Initializing Tanium session..."
|
|
try {
|
|
Initialize-TaniumSession -PathToXML $TempXml | Out-Null
|
|
Write-Host "Session OK."
|
|
|
|
# ---------- GET roles starting with prefix ----------
|
|
# Prefer server-side regex; fall back to client-side if module/endpoint refuses inline (?i)
|
|
$regex = "(?i)^$([regex]::Escape($Prefix))"
|
|
$roles = $null
|
|
try { $roles = Get-Role -NameRegex $regex } catch { $roles = $null }
|
|
if (-not $roles) {
|
|
# fallback: pull all and filter locally
|
|
$roles = Get-Role -All | Where-Object { $_.name -match $regex -or $_.Name -match $regex }
|
|
}
|
|
|
|
if (-not $roles) {
|
|
Write-Warning "No roles found starting with '$Prefix'."
|
|
return
|
|
}
|
|
|
|
# ---------- Export each role ----------
|
|
$exported = @()
|
|
foreach ($r in @($roles)) {
|
|
$id = if ($r.PSObject.Properties.Name -contains 'id') { $r.id } elseif ($r.PSObject.Properties.Name -contains 'ID') { $r.ID } else { $null }
|
|
$name = if ($r.PSObject.Properties.Name -contains 'name') { $r.name } elseif ($r.PSObject.Properties.Name -contains 'Name') { $r.Name } else { $null }
|
|
if (-not $name) { continue }
|
|
|
|
try {
|
|
Export-RoleToJSON -RoleName $name -OutputFolder $OutputFolder -SkipReInitialize:$true -ErrorAction Stop
|
|
Write-Host ("✓ Exported: {0} (ID: {1})" -f $name, $id)
|
|
$exported += [pscustomobject]@{ Id=$id; Name=$name }
|
|
}
|
|
catch {
|
|
Write-Warning ("Export failed for role '{0}' (ID: {1}) — {2}" -f $name, $id, $_.Exception.Message)
|
|
}
|
|
}
|
|
|
|
if ($exported) {
|
|
Write-Host "`nSummary:"
|
|
$exported | Sort-Object Name | Format-Table Id,Name -AutoSize
|
|
Write-Host "`nJSON files in: $OutputFolder"
|
|
}
|
|
}
|
|
finally {
|
|
if (Test-Path $TempXml) {
|
|
Remove-Item $TempXml -Force -ErrorAction SilentlyContinue
|
|
Write-Host "Temporary CLIXML removed: $TempXml"
|
|
}
|
|
}
|