dustinbutterworth/cloudflareAccessReport.ps1

## cloudflareAccessReport.ps1
#!/usr/bin/env pwsh
# WIP - not finished
# TODO: error catching and whatnot
$cloudflareUrl = "https://api.cloudflare.com/client/v4"

# Retrieve Zones
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$headers.Add("Authorization", "Bearer changeme")
$zoneRetrievePage = 1
$zoneRetrievePerPage = 20
$allZones = [System.Collections.ArrayList]@()

do {
    $zoneRetrieveUri = "$cloudflareUrl/zones?status=active&page=$zoneRetrievePage&per_page=$zoneRetrievePerPage&order=status&direction=desc"
    $zoneRetrieveResponse = Invoke-RestMethod "$zoneRetrieveUri" -Method 'GET' -Headers $headers
    $zone = $zoneRetrieveResponse.result
    $zone.foreach({ $allZones.add($_) }) | out-null
    $zoneRetrievePage++
} until ($zoneRetrieveResponse.result_info.count -eq 0)

# Get Applications from each Zone
$allPolicies = @()

foreach ($zone in $allZones) {
    $zoneId = $zone.id
    $zoneName = $zone.name
    $applicationRetrieveResponse = Invoke-RestMethod "https://api.cloudflare.com/client/v4/zones/$zoneId/access/apps?" -Method 'GET' -Headers $headers
    $applications = $applicationRetrieveResponse.result
    foreach ($application in $applications) {
        $applicationId = $application.id
        $applicationName = $application.name
        $applicationDomain = $application.domain
        $applicationPolicyResponse = Invoke-RestMethod "https://api.cloudflare.com/client/v4/zones/$zoneId/access/apps/$applicationId/policies" -Method 'GET' -Headers $headers
        $policies = $applicationPolicyResponse.result
        foreach ($policy in $policies) {
            if ($policy.include.ip -ne $Null) {
                $includeIp = ($policy.include.ip.ip | Join-String -DoubleQuote -Separator ',')
            }
            else {
                $includeIp = "N/A"
            }
            if ($policy.include.everyone -ne $Null) {
                $includeEveryone = "TRUE"
            }
            else {
                $includeEveryone = "FALSE"
            }
            if ($policy.include.azureAD.id -ne $Null) {
                $AAD_ID = ($policy.include.azureAD | foreach-object { $($_ | select -expandproperty id) }) | Join-String -DoubleQuote -Separator ','
            }
            else {
                $AAD_ID = "N/A"
            }
            if ($policy.include.service_token.token_id -ne $Null) {
                $serviceToken = ($policy.include.service_token | foreach-object { $($_ | select -expandproperty token_id) }) | Join-String -DoubleQuote -Separator ','
            }
            else {
                $serviceToken = "N/A"
            }
            if ($policy.include.azureAD.identity_provider_id -ne $Null) {
                $AAD_identity_provider_id = ($policy.include.azureAD | foreach-object { $($_ | select -expandproperty identity_provider_id) }) | Join-String -DoubleQuote -Separator ','
            }
            else {
                $AAD_identity_provider_id = "N/A"
            }
            if ($policy.include.azureAD.connection_id -ne $Null) {
                $AAD_connection_id = ($policy.include.azureAD | foreach-object { $($_ | select -expandproperty connection_id) }) | Join-String -DoubleQuote -Separator ','
            }
            else {
                $AAD_connection_id = "N/A"
            }
            if ($policy.include.azureAD.name -eq $Null) {
                $AAD_name = "N/A"
            }
            elseif ($policy.include.azureAd.name -eq "") {
                $AAD_name = "N/A"
            }
            elseif ($policy.include.azureAd.name.length -lt 1) {
                $AAD_name = "N/A"
            }
            else {
                $AAD_name = ($policy.include.azureAD | foreach-object { $($_ | select -expandproperty name) }) | Join-String -DoubleQuote -Separator ','
            }
            if ($policy.require.length -gt 0) {
                $require = $policy.require
            }
            else {
                $require = "N/A"
            }
            if ($policy.require.length -gt 0) {
                $require = $policy.require
            }
            else {
                $require = "N/A"
            }
            $allPolicies += [pscustomobject]@{
                zoneId              = $zoneId
                zoneName            = $zoneName
                applicationId       = $applicationId
                applicationName     = $applicationName
                applicationDomain   = $applicationDomain
                created_at          = $policy.created_at
                decision            = $policy.decision
                exclude             = $exclude
                policyId            = $policy.id
                policyName          = $policy.name
                precedence          = $policy.precedence
                require             = $require
                includeIp           = $includeIp
                includeAdId         = $AAD_ID
                includeAdIdProvider = $AAD_identity_provider_id
                includeAdName       = $AAD_name
                includeAdConnection = $AAD_connection_id
                includeServiceToken = $serviceToken
                includeEveryone     = $includeEveryone
                uid                 = $policy.uid
                updated_at          = $policy.updated_at
            }
        }
    }
}

$File = "AccessPolicies.csv"
$allPolicies | Export-Csv -path ($File) -NoTypeInformation -Encoding ASCII
	#!/usr/bin/env pwsh
	# WIP - not finished
	# TODO: error catching and whatnot
	$cloudflareUrl = "https://api.cloudflare.com/client/v4"

	# Retrieve Zones
	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$headers.Add("Content-Type", "application/json")
	$headers.Add("Authorization", "Bearer changeme")
	$zoneRetrievePage = 1
	$zoneRetrievePerPage = 20
	$allZones = [System.Collections.ArrayList]@()

	do {
	$zoneRetrieveUri = "$cloudflareUrl/zones?status=active&page=$zoneRetrievePage&per_page=$zoneRetrievePerPage&order=status&direction=desc"
	$zoneRetrieveResponse = Invoke-RestMethod "$zoneRetrieveUri" -Method 'GET' -Headers $headers
	$zone = $zoneRetrieveResponse.result
	$zone.foreach({ $allZones.add($_) }) \| out-null
	$zoneRetrievePage++
	} until ($zoneRetrieveResponse.result_info.count -eq 0)

	# Get Applications from each Zone
	$allPolicies = @()

	foreach ($zone in $allZones) {
	$zoneId = $zone.id
	$zoneName = $zone.name
	$applicationRetrieveResponse = Invoke-RestMethod "https://api.cloudflare.com/client/v4/zones/$zoneId/access/apps?" -Method 'GET' -Headers $headers
	$applications = $applicationRetrieveResponse.result
	foreach ($application in $applications) {
	$applicationId = $application.id
	$applicationName = $application.name
	$applicationDomain = $application.domain
	$applicationPolicyResponse = Invoke-RestMethod "https://api.cloudflare.com/client/v4/zones/$zoneId/access/apps/$applicationId/policies" -Method 'GET' -Headers $headers
	$policies = $applicationPolicyResponse.result
	foreach ($policy in $policies) {
	if ($policy.include.ip -ne $Null) {
	$includeIp = ($policy.include.ip.ip \| Join-String -DoubleQuote -Separator ',')
	}
	else {
	$includeIp = "N/A"
	}
	if ($policy.include.everyone -ne $Null) {
	$includeEveryone = "TRUE"
	}
	else {
	$includeEveryone = "FALSE"
	}
	if ($policy.include.azureAD.id -ne $Null) {
	$AAD_ID = ($policy.include.azureAD \| foreach-object { $($_ \| select -expandproperty id) }) \| Join-String -DoubleQuote -Separator ','
	}
	else {
	$AAD_ID = "N/A"
	}
	if ($policy.include.service_token.token_id -ne $Null) {
	$serviceToken = ($policy.include.service_token \| foreach-object { $($_ \| select -expandproperty token_id) }) \| Join-String -DoubleQuote -Separator ','
	}
	else {
	$serviceToken = "N/A"
	}
	if ($policy.include.azureAD.identity_provider_id -ne $Null) {
	$AAD_identity_provider_id = ($policy.include.azureAD \| foreach-object { $($_ \| select -expandproperty identity_provider_id) }) \| Join-String -DoubleQuote -Separator ','
	}
	else {
	$AAD_identity_provider_id = "N/A"
	}
	if ($policy.include.azureAD.connection_id -ne $Null) {
	$AAD_connection_id = ($policy.include.azureAD \| foreach-object { $($_ \| select -expandproperty connection_id) }) \| Join-String -DoubleQuote -Separator ','
	}
	else {
	$AAD_connection_id = "N/A"
	}
	if ($policy.include.azureAD.name -eq $Null) {
	$AAD_name = "N/A"
	}
	elseif ($policy.include.azureAd.name -eq "") {
	$AAD_name = "N/A"
	}
	elseif ($policy.include.azureAd.name.length -lt 1) {
	$AAD_name = "N/A"
	}
	else {
	$AAD_name = ($policy.include.azureAD \| foreach-object { $($_ \| select -expandproperty name) }) \| Join-String -DoubleQuote -Separator ','
	}
	if ($policy.require.length -gt 0) {
	$require = $policy.require
	}
	else {
	$require = "N/A"
	}
	if ($policy.require.length -gt 0) {
	$require = $policy.require
	}
	else {
	$require = "N/A"
	}
	$allPolicies += [pscustomobject]@{
	zoneId = $zoneId
	zoneName = $zoneName
	applicationId = $applicationId
	applicationName = $applicationName
	applicationDomain = $applicationDomain
	created_at = $policy.created_at
	decision = $policy.decision
	exclude = $exclude
	policyId = $policy.id
	policyName = $policy.name
	precedence = $policy.precedence
	require = $require
	includeIp = $includeIp
	includeAdId = $AAD_ID
	includeAdIdProvider = $AAD_identity_provider_id
	includeAdName = $AAD_name
	includeAdConnection = $AAD_connection_id
	includeServiceToken = $serviceToken
	includeEveryone = $includeEveryone
	uid = $policy.uid
	updated_at = $policy.updated_at
	}
	}
	}
	}

	$File = "AccessPolicies.csv"
	$allPolicies \| Export-Csv -path ($File) -NoTypeInformation -Encoding ASCII