search

cyberark / ansible-security-automation-collection

CyberArk Ansible Security Automation Collection
MIT License
60 stars 39 forks source link

Error when updating Account. Wrong Path? #19

Open thedatabaseme opened 4 years ago

thedatabaseme commented 4 years ago

Hello,

I'm trying to getting an update of an existing User Account our Cyberark Vault to work. The Creation of the Account works fine. But when I try to update the Secret manually, I receive the following Error.

"msg": "Error while performing update_account.Please validate parameters provided.\n*** end_point=********/PasswordVault/api/Accounts/36_9\n ==> {'ErrorCode': 'PASWS125E', 'ErrorMessage': \"Property 'secretmanagement' cannot be added\"}",

The Payload looks like this:

    "payload": [
        {
            "op": "replace",
            "path": "/secretManagement",
            "value": {
                "manualManagementReason": "Test"
            }
        }

It seems to me, that the URL + Endpoint is concatinated wrongly by the account module. Following the API Documentation, the path should be /secretManagement/manualManagementReason and the Value alone should be "Test".

Here's my Playbook Code (The Authentication is excluded):

- name: Create Account
  cyberark_account:
    username: "UsertoUpdate"
    address: "Testserver"
    secret: "InitialPassword"
    logging_level: INFO
    state: present
    safe: "CUSA_Linux"
    platform_id: "CUSA_Linux_unmanaged"
    cyberark_session: "{{ cyberark_session }}"
    secret_management:
      automatic_management_enabled: false
  register: cyberark_account_creation

- name: Update Account
  cyberark_account:
    username: "UsertoUpdate"
    address: "Testserver"
    logging_level: DEBUG
    state: present
    safe: "CUSA_Linux"
    platform_id: "CUSA_Linux_unmanaged"
    cyberark_session: "{{ cyberark_session }}"
    secret_management:
      automatic_management_enabled: false
      manual_management_reason: "Test"
      new_secret: "ChangedPassword"
  register: cyberark_account_update
owwweiha commented 4 months ago

Same for "automaticManagementEnabled". Currently, it's impossible to change the value with the help of this module.

It has to be: "payload": [ { "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": true } ]

instead of

"payload": [ { "op": "replace", "path": "/secretManagement", "value": { "automaticManagementEnabled": true } } ]

hertus commented 2 months ago

This is an issue since 2020 and no changes since then where the fix would be easy

szh commented 2 months ago

@cyberark-bizdev @infamousjoeg are you able to take a look at this?

mviniciusleal commented 1 month ago

I had the same problem, looks like that is because the CPM disabled the "Allow automatic password management" option due max retries. Before the CPM disable this option I could update the account.