cyberark_account - unable to append new remote_machine IP address

iamgini commented 1 year ago

Summary

Provide a brief overview and context for the discovered bug. When we try to update the `Remmote Machines" of an existing account, the task failed with the following message.

  "msg": "Error while performing update_account.Please validate parameters provided.\n*** end_point=********/PasswordVault/api/Accounts/70_8\n ==> {'ErrorCode': 'PASWS125E', 'ErrorMessage': \"Property 'remotemachinesaccess' cannot be added\"}",

Steps to Reproduce

Create an account in CyberArk (if doesn't exist). (This is also working with the Ansible playbook to create the new Account)
Add some remote machine IP address in the "Remote Machines" section (eg: 1.1.1.1, 2.2.2.2, 3.3.3.3).
Use the playbook to append the new IP address to the list (eg: 4.4.4.4.

- name: Logon to CyberArk Vault using PAS Web Services SDK
  delegate_to: localhost
  cyberark.pas.cyberark_authentication:
    api_base_url: "{{ lookup('ansible.builtin.env', 'CYBERARK_VAULT_URL') }}"
    validate_certs: false
    username: "{{ lookup('ansible.builtin.env', 'CYBERARK_AUTH_USERNAME') }}"
    password: "{{ lookup('ansible.builtin.env', 'CYBERARK_AUTH_PASSWORD') }}"
    use_ldap_authentication: true
  no_log: true

- name: Updating the account with new remote_machines
  block:
    - name: Update Account using the PAS WebServices SDK
      delegate_to: localhost
      cyberark.pas.cyberark_account:
        safe: "{{ cyberark_safe_name }}"
        address: "{{ cyberark_entry_address }}"
        username: "{{ cyberark_account_username }}"
        platform_id: "{{ cyberark_platform_id }}"
        remote_machines_access:
          remote_machines: "4.4.4.4"          
        state: present
        cyberark_session: "{{ cyberark_session }}"
      register: cyberark_action

  always:    
    - name: Logoff from CyberArk Vault
      delegate_to: localhost
      cyberark.pas.cyberark_authentication:
        state: absent
        cyberark_session: "{{ cyberark_session }}"

Expected Results

A clear and concise description of what you expected to happen. The new IP address (eg: 4.4.4.4) should be appended to the remote machines list. (eg: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4).

Actual Results

A clear and concise description of what did happen. Include logs and screens shots, whenever possible

{
  "payload": [
    {
      "op": "replace",
      "path": "/remoteMachinesAccess",
      "value": {
        "remoteMachines": "4.4.4.4"
      }
    }
  ],
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
    "User-Agent": "CyberArk/1.0 (Ansible; cyberark.pas)"
  },
  "status_code": 400,
  "msg": "Error while performing update_account.Please validate parameters provided.\n*** end_point=********/PasswordVault/api/Accounts/70_8\n ==> {'ErrorCode': 'PASWS125E', 'ErrorMessage': \"Property 'remotemachinesaccess' cannot be added\"}",
  "invocation": {
    "module_args": {
      "safe": "<removed>",
      "address": "example.com",
      "username": "demouser",
      "platform_id": "DEMO_SSH_ANSIBLE",
      "remote_machines_access": {
        "remote_machines": "10.1.10.11",
        "access_restricted_to_remote_machines": true
      },
      "state": "present",
      "cyberark_session": {
        "token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
        "api_base_url": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
        "validate_certs": false
      },
      "logging_file": "/tmp/ansible_cyberark.log",
      "validate_certs": true,
      "identified_by": "username,address,platform_id",
      "secret_type": "password",
      "logging_level": null,
      "api_base_url": null,
      "name": null,
      "secret": null,
      "new_secret": null,
      "secret_management": null,
      "platform_account_properties": null
    }
  },
  "_ansible_no_log": null,
  "changed": false,
  "_ansible_delegated_vars": {
    "ansible_host": "localhost",
    "ansible_port": null,
    "ansible_user": "admin",
    "ansible_connection": "local"
  }
}

Reproducible

[x] Always
[ ] Sometimes
[ ] Non-Reproducible

Version/Tag number

What version of the product are you running? Any version info that you can share is helpful. For example, you might give the version from Docker logs, the Docker tag, a specific download URL, the output of the /info route, etc.

Ansible Automation Platform 2.2
cyberark.pas collection 1.0.4 from Automation Hub

Environment setup

Can you describe the environment in which this product is running? Is it running on a VM / in a container / in a cloud?
- Running from Ansible execution environment (also tested from VM)
Which cloud provider? Which container orchestrator (including version)? - NA
The more info you can share about your runtime environment, the better we may be able to reproduce the issue.

Additional Information

Add any other context about the problem here.

szh commented 1 year ago

@infamousjoeg Are you able to look at this and see who might be able to triage it?

iamgini commented 1 year ago

Dear Team, did you get a chance to test this?

infamousjoeg commented 1 year ago

@szh This would need to be handled by @cyberark-bizdev. I am 2 days away from parental leave and am closing out open issues elsewhere.

cyberark / ansible-security-automation-collection