Set-PASAccount - Invalid value for parameter - Properties

toddwbutler commented 5 years ago

Your Environment

Powershell v4 psPAS 2.4.8 CyberArk 10.6

Expected Behaviour

Expecting Set-PASAccount to update category values

Current Behaviour

We use REST to create and delete accounts from the vault however we are unable to update/modify existing accounts using REST due to this error relating to "Invalid value for parameter - Properties" error.

The commands: $Credentials = Get-Credential $token = New-PASSession -credential $Credentials -BaseURI https://sample.domain.org Write-Host $token $token | Get-PASAccount -Safe "J1DF221 13401 iPhone Test" -Keywords "12346789" $token | Set-PASAccount -AccountID 155_196 -Folder Root -AccountName NewName -DeviceType "Operating System" -PlatformID NF211-Firecall-Human-Managed-DC -Address newaddress -UserName 12346789 -Properties @{"District"="1A"} Write-Host $result

The behavior:

PS D:\REST\REST_Development> D:\REST\REST_Development\pspete_SetPASAccount_01.ps1 cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: @{sessionToken=System.Collections.Hashtable; WebSession=Microsoft.PowerShell.Commands.WebRequestSession; BaseURI=https: //sample.domain.org; PVWAAppName=PasswordVault; ConnectionNumber=0; ExternalVersion=10.6.0}

AccountID : 155_196 Safe : J1DF221 13401 iPhone Test Folder : Root Name : Operating System-NFS22-Firecall-Human-Static-PA-sample.domain.org-12346789 UserName : 12346789 PlatformID : NFS22-Firecall-Human-Static-PA DeviceType : Operating System Address : sample.domain.org InternalProperties :

Invoke-PASRestMethod : [400] Failed to update account 155_196. Reason: Invalid value for parameter - Properties At line:405 char:14

$Result = Invoke-PASRestMethod -Uri $URI -Method $Method -Body $Body -Headers ...


+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : CAWS00001E,Invoke-PASRestMethod

@{AccountID=155_196; InternalProperties=; Safe=J1DF221 22 iPhone Test; Folder=Root; Name=Operating System-NFS22-Firecall-Human-Static-PA-sample.domain.org-12346789; Description=; UserName=12346789; PolicyID=NFS22-Firecall-Human-Static-PA; Details=nothing; DeviceType=Operating System; Address=sample.domain.org; District=22PK; sessionToken=System.Collections.Hashtable; PVWAAppName=PasswordVault; ExternalVersion=10.6.0; BaseURI=https://sample.domain.org; WebSession=Microsoft.PowerShe ll.Commands.WebRequestSession}

PS D:\REST\REST_Development>

Context

Our goal is to use REST to create, update, and delete accounts from safes. We use REST to create accounts and delete accounts. We are unable to update existing accounts using REST until this issue is resolved.

pspete commented 5 years ago

Hi Todd, As you use 10.6, have your attempted to use the op,path & value parameters for set-pasaccount?

toddwbutler commented 5 years ago

Pete,

Thanks for your assistance. Yes I've tried that one too.

Get-PASAccount finds the account to show it's valid.

$token | Get-PASAccount -Safe "J1DF221 13401 iPhone Test" -Keywords "12346789"

Set-PASAccount attempts to change the address parameter but comes back with a 404 error:

$token | Set-PASAccount -AccountID 155_196 -op replace -path "/address" -value "NewAddress"

Invoke-PASRestMethod : The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. At C:\Users\J1TWBQ1\Documents\WindowsPowerShell\Modules\psPAS\Functions\Accounts\Set-PASAccount.ps1:405 char:14

$Result = Invoke-PASRestMethod -Uri $URI -Method $Method -Body $Body -Headers ...


+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : 404,Invoke-PASRestMethod

Again, using Set-PASAccount attempting to replace the district parameter, we get the same error. $token | Set-PASAccount -AccountID 155_196 -op replace -path "/district" -value "22vk"

pspete commented 5 years ago

I don't see district returned as a property in the result of your Get-PASAccount command, is it set already? The property has to exist on the platform assigned to the account also.

I'm without a test environment currently so can't validate the command....

If district is not set, try this command: $token | Set-PASAccount -AccountID 155_196 -op add -path "/platformaccountproperties/district"

If you are changing the value of district - it would look like this: $token | Set-PASAccount -AccountID 155_196 -op replace -path "/platformaccountproperties/district"

toddwbutler commented 5 years ago

Pete,

Nice! This works!

$token | Set-PASAccount -AccountID 155_196 -op replace -path "/platformAccountProperties/District" -value "12L"

Regards!

Todd

toddwbutler commented 5 years ago

Pete,

The root cause was that I failed to put the method in IIS of PATCH.

On Thu, Mar 7, 2019 at 1:31 PM Pete Maan notifications@github.com wrote:

I don't see district returned as a property in the result of your Get-PASAccount command, is it set already? The property has to exist on the platform assigned to the account also.

I'm without a test environment currently so can't validate the command....

If district is not set, try this command: $token | Set-PASAccount -AccountID 155_196 -op add -path "/platformaccountproperties/district"

If you are changing the value of district - it would look like this: $token | Set-PASAccount -AccountID 155_196 -op replace -path "/platformaccountproperties/district"

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pspete/psPAS/issues/137#issuecomment-470662340, or mute the thread https://github.com/notifications/unsubscribe-auth/AVC5cu4AT-BJgX53g73OKHySyppnnrLfks5vUWkJgaJpZM4bifXT .

-- Todd W. Butler

pspete commented 5 years ago

Glad you got it sorted out - this is the only part of the API which allows the PATCH method.

27560 commented 5 years ago

After upgrading my psPAS, I am getting below error: Get-PASAccount -Keywords $ADDRESS -Safe $SAFE | Set-PASAccount -AccountName "$HOSTNAME-$ACCOUNT" Invoke-PASRestMethod : [400] Failed to update account 737_1155. Reason: Invalid value for parameter - Properties

27560 commented 5 years ago

I was able to do the following instead: Get-PASAccount -Keywords $ADDRESS -Safe $SAFE | Set-PASAccount -op replace -path "/name" -value "$HOSTNAME-$ACCOUNT"

27560 commented 5 years ago

Another issue, the following command worked before I upgraded: Get-PASAccount -Keywords $ADDRESS -Safe $RECONCILESAFE | Set-PASAccount -Properties @{"extrapass3name" = "$HOSTNAME-$ACCOUNT";"extrapass3folder" = "Root";"extrapass3safe" = $SAFE}

Now it yields: Invoke-PASRestMethod : [400] Failed to update account 737_1155. Reason: Invalid value for parameter - Properties

27560 commented 5 years ago

I solved my issue, the InternalProperties being returned from Get-PASAccount was messing things up. I added the following select statement in-between my get & set: select -Property -ExcludeProperty InternalProperties So my command now looks like this: Get-PASAccount -Keywords $ADDRESS -Safe $RECONCILESAFE | select -Property -ExcludeProperty InternalProperties | Set-PASAccount -Properties @{"extrapass3name" = "$HOSTNAME-$ACCOUNT";"extrapass3folder" = "Root";"extrapass3safe" = $SAFE}

and it works fine now :)

pspete / psPAS