Hi, I am trying to write a PowerShell script that given a csv with Identity IDs, Access IDs and Access Type columns it revokes the access from the identity.
The aim is the remove access in bulk.
I got the request to work in Hoppscotch (= same as Postman), it returns status 202 and the request shows up in my tenant and the identity is removed from the access.
The request returns a 400 when issued by my PowerShell script however, despite the body looking identical to the one on the previous image when I print it. What’s strange as well is when I make the same request in Hoppscotch afterwards, I get a 400 saying there is already an outstanding request for that identity on this access, despite the code giving me a 400 and the request not showing up in my tenant.
Below is the code I wrote. Right before this I read the csv using Import-Csv. Then I store each column as an array and define the request headers (identical to those in Hoppscotch). I then iterate over each element of the arrays and build the request body. When I print it it looks identical to the one in the Hoppscotch request. I then make the request and this goes into the catch block and adds "7d61872f951a4caa99374fd63f0541db // f35846021b3c4e5a8c72ca5fa9ba242b // API request failed. Code: 400. Description: " to my log file. I can’t get it to print any more information about the error, if anyone knows how to do that please let me know.
Looking at my code and my Hoppscotch request, is anyone able to see where I am going wrong?
$accessType = @($csv.'Access Type')
$accessIds = @($csv.'Access ID')
$identityIds = @($csv.'Identity ID')
# Request headers
$authToken = GetJWT
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$headers.Add("Accept", "application/json")
$headers.Add("Authorization", "Bearer $($authToken)")
for ($i = 0; $i -lt $accessIds.Count; $i++) {
$body = @"
[
{
"requestedFor": [
"$($identityIds[$i])"
],
"requestType": "REVOKE_ACCESS",
"requestedItems": [
{
"type": "$($accessType[$i])",
"id": "$($accessIds[$i])",
"comment": "Revoking access for terminated & postTermination identities"
}
]
}
]
"@
try{
$response = Invoke-RestMethod "$($tenant)/beta/access-requests" -Method 'POST' -Headers $headers -Body $body
$result = $identityIds[$i] + " // " + $accessIds[$i] + " // Success. Membership was revoked."
$result | Out-File -FilePath $logPath -Append
} catch {
$result = $identityIds[$i] + " // " + $accessIds[$i] + " // API request failed. Code: $($_.Exception.Response.StatusCode.value__). Description: $($_.Exception.Response.StatusDescription)"
$result | Out-File -FilePath $logPath -Append
}
}