search

infamousjoeg / cybr-cli

A "Swiss Army Knife" command-line interface (CLI) for easy human and non-human interaction with @CyberArk suite of products.
Apache License 2.0
71 stars 15 forks source link

V0.1.2 beta #47 account move #93

Closed AndrewCopeland closed 3 years ago

AndrewCopeland commented 3 years ago
sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

infamousjoeg commented 3 years ago

@AndrewCopeland I'm getting weird results from this. I don't believe it's the method as we applied it in the CLI. I'm hoping you can test to see if you get similar results.

I created an account test-move in DemoSafe1. I then moved it using the Account ID 95_4 to Dummy-Safe. This created a new Account ID 96_4. When I run cybr accounts get -i 95_4 it still returns test-move from DemoSafe1 but I cannot view it in PVWA. Similarly, when I run cybr accounts get -i 96_4 it returns the proper move of test-move to Dummy-Safe.

Typically, I wouldn't bat an eye and move on, but I ran cybr accounts get-password -i 95_4 and the old "moved" account returned the set password. This is where it got weird. Technically, this shouldn't return a password or even be an object in existence, however it is.

Thoughts?

AndrewCopeland commented 3 years ago

I think this may be intended behaviour for the API because of the safe retention period. I will look into it further, odd you can still retrieve the password of a "deleted" account.

AndrewCopeland commented 3 years ago

I was able to replicate the behavior you were experiencing on my side. Is this expected behaviour of the cyberark rest API?

infamousjoeg commented 3 years ago

Apparently, it is.