search

cyberark / cyberark-aws-auto-onboarding

Solutions for automatically detecting, managing and securing privileged accounts in AWS EC2
Apache License 2.0
40 stars 32 forks source link

Associate reconcile account to an onboarded ssh key #76

Open ahmednaz opened 2 years ago

ahmednaz commented 2 years ago

Is your feature request related to a problem? Please describe.

A clear and concise description of what the problem is. Ex. I would like to see [...] because [...]. Please include the intended use case and what the feature would improve on so that we can prioritize the feature accordingly.

Describe the solution you would like

We would like to associate a reconcile account to an ssh key we have onboarded using this framework. We can apply a reconcile account for another script we have created for bulk onboarding but with in this script/framework, we are not able to associate the reconcile account.

We have tried:

logger.info(f'Associate reconcile id with {instance_id}') header = DEFAULT_HEADER header.update({"Authorization": session}) url = f"{pvwa_url}/API/Accounts/{account_id}/LinkAccount" folder = "/" extraPasswordIndex = "3"

data = f"""
    {{    
        "account" : {{
            "name":"{reconcile_account_name}",
            "safe":"{reconcile_safe_name}",
            "folder":"{folder}"
            "extraPasswordIndex":"{extraPasswordIndex}"

We get following error: PASWS167E there are some invalid parameters

image (16)

Describe alternatives you have considered

not alternate at this point

Additional context

We onboard an ssh key first, rotate the key. then we onboarded a 2nd key, issue rotate and then associate the 2nd key as reconcile account for the first key. Association part is not working.

bab29 commented 2 years ago

Folder should be "root" not "/"

Code examples are available here

https://github.com/cyberark/epv-api-scripts/tree/main/Linked%20Accounts

ahmednaz commented 2 years ago

Thank you for the feedback but we still getting same error even with root value: image (19)

image (18)

bab29 commented 2 years ago

You "data" should be this

data = f"""
{{
      "name": "{reconcile_account_name}",
      "safe": "{reconcile_safe_name}",
      "folder" "{folder}",
      "extraPasswordIndex": {extraPassIndex}
}}
"""

There is no "Account" layer in the call.

ahmednaz commented 2 years ago

Thank you, this seems to be working.

ahmednaz commented 2 years ago

We also have another issue where a particular field, we call is, OpCoName is not appearing when performing onboarding with this script/workflow. screenshot attached. There are no errors in the execution of the script.

image

ahmednaz commented 2 years ago

We also have another issue where a particular field, we call is, OpCoName is not appearing when performing onboarding with this script/workflow. screenshot attached. There are no errors in the execution of the script.

image

Any feedback please?