search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
293 stars 91 forks source link

If account is locked a CPM operation fails, but does not return an error in the object. #256

Closed begunrom closed 4 years ago

begunrom commented 4 years ago

Describe the issue If account ischecked out by a user, a CPM operation fails (is normal), but does not return an error in the object.

To Reproduce Steps to reproduce the behavior:

  1. Checkout account
  2. Invoke-PASCPMOperation

Expected behavior Expected to see an error object beenr eturned. cable, add screenshots to help explain your problem.

Console Output Code Block: $e` = Invoke-PASCPMOperation -AccountID 27_402 -ChangeTask

Invoke-PASRestMethod : [500] Can not modify object GDCVMSS01.test.org-Administrator-5b81839e-2d32-4a20-9223-c5610d1d9246. Object is locked by xxxx. At line:287 char:4 Invoke-PASRestMethod @ThisRequest


     CategoryInfo          : NotSpecified: ({"ErrorCode":"I...y operations."}:ErrorRecord) [Invoke-PASRestMethod], Exception
     FullyQualifiedErrorId : ITATS339E,Invoke-PASRestMethod
 $e
The $e is empty and does not contain the error, so we can not deal with it `programmatorically.

**Your Environment**
Include relevant details about your environment

* PowerShell Version:
* psPAS Version:
* CyberArk Version:11.2
pspete commented 4 years ago

This is expected behaviour. The returned error is included in the console output you have provided.

To handle errors, consider

try{
    Get-PASAccount -search LockedAccount | Get-PASAccountPassword
}
catch {

    throw $PSItem

}
Finally{

    $Error[0]

}

try{
    Get-PASAccount -search LockedAccount | Get-PASAccountPassword -ErrorVariable DidNotWork
}
catch {

    throw "Some Error"

}

$DidNotWork
$Error[0]
begunrom commented 4 years ago

Thanks