## Please change the $HomeDir to the path of Config file.
## Run by passing orgname as Argument and create folder to orgname in HomeDir.

$org = $args[0]
$HomeDir = "C:\exportdata"
$configFile = "$($HomeDir)\config.json"

	if ((Test-Path "$($HomeDir)\$($org)\Roles.csv") -eq $true) {
		Remove-Item "$($HomeDir)\$($org)\Roles.csv"
	}
	if ((Test-Path "$($HomeDir)\$($org)\AccessProfiles.csv") -eq $true) {
		Remove-Item "$($HomeDir)\$($org)\AccessProfiles.csv"
	}
	

$processedusers = @()
# Get Token


try {
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    $config = Get-Content $configFile | ConvertFrom-Json
    $clientId = $config.clientId
    $clientSecret = $config.clientSecret
    
    $oAuthURI = "https://$($org).api.identitynow.com/oauth/token"
    $token = Invoke-RestMethod -Method Post -Uri "$($oAuthURI)?grant_type=client_credentials&client_id=$($clientID)&client_secret=$($clientSecret)"
    $bearerToken = $token.access_token
}
catch {
    $ErrorMessage = $_.Exception.Message
    $ErrorItem = $_.Exception.ItemName
}
$apiUrl = "https://$($org).api.identitynow.com"

function getObjects($bearerToken, $type) {
    $limit = 250
	$results = @()
	$searchAfterID = ""
	do {
		$body = @"
{
    "indices": [
        "$($type)"
    ],
    "query": {
        "query": "name:*"
    },
    "sort": [
        "id"
    ],
    "queryResultFilter": {
        "includes": [
            "*"
        ]
    },
    "searchAfter":["$($searchAfterID)"]
}

"@
		$apiRes = Invoke-RestMethod -Method Post -Uri "https://$($org).api.identitynow.com/v3/search" -body $body -Headers @{Authorization = "Bearer $($bearerToken)" } -ContentType "application/json"
		$len = $apiRes.Length
		if($len -gt 1) {
			$searchAfterID = $apiRes[$len-1]
		}
		$results += $apiRes
	} until ($len -lt $limit)

	return $results
}

function getRoleRule($roleID) {
	$url = "https://$($org).identitynow.com/cc/api/role/get/?id=$($roleID)"
	$role = Invoke-RestMethod -Method Get -Uri $url -Headers @{Authorization = "Bearer $($bearerToken)"}
	$selector = $role.selector
	$aliaslist = $selector.complexRoleCriterion
	return $aliaslist
}

 $accessProfiles = getObjects $bearerToken "accessprofiles"
 $roles = getObjects $bearerToken "roles"
 
 $len = $roles.Length
	
	For($i=0; $i -lt $len; $i++) { 
		$role = $roles[$i] 
		$name = $role.name
		$description = $role.description
		$enabled = $role.enabled
		$requestable = $role.requestable
		$apIDs = $role.accessProfiles 
		$appNames = ""
		For($j=0; $j -lt $apIDs.Length; $j++) { 
			$apName = $apIDs[$j].name
			if(-not([string]::IsNullOrEmpty($appNames))) {
				$appNames = "$($appNames);$($apName)"
			} 
			else {
				$appNames = $apName
			}

		}
		$aliaslist = getRoleRule $role.id
		$aliaslist = $aliaslist | convertto-json -Compress -depth 100	

		$processedusers = [PSCustomObject]@{
			"name"=$name
			"description" =$description
			"Enabled" = $enabled 
			"requestable" = $requestable
			"Access Profiles" = $appNames
			"Rule" = $aliaslist

		}
		$processedusers | Export-Csv -NoTypeInformation -Path "$($HomeDir)\$($org)\Roles.csv" -Append

	}
	
	$len = $accessProfiles.Length
	For($i=0; $i -lt $len; $i++) { 
		$ap = $accessProfiles[$i] 
		$name = $ap.name
		$description = $ap.description
		$enabled = $ap.enabled
		$sourceName = $ap.source.name
		$entIds = $ap.entitlements
		$appNames = ""
		For($j=0; $j -lt $entIds.Length; $j++) { 
			$entName = $entIds[$j].name
			if(-not([string]::IsNullOrEmpty($appNames))) {
				$appNames = "$($appNames);$($entName)"
			} else {
				$appNames = $entName
			}
		}
		$appNames
		$processedusers = [PSCustomObject]@{
			"name"=$name
			"description" =$description
			"Enabled" = $enabled 
			"sourceName" = $sourceName
			"appNames" = $appNames
		}
		$processedusers | Export-Csv -NoTypeInformation -Path "$($HomeDir)\$($org)\AccessProfiles.csv" -Append
	}