search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
293 stars 91 forks source link

Get-PASAccount "Warning: x matching accounts found. Only the first result will be returned" #320

Closed gregmarnie closed 3 years ago

gregmarnie commented 3 years ago

Describe the issue When running Get-PASAccount, it gives a warning as indicated in the title. get-passession indicates the external version is 11.1.0. Based on documentation, any CyberArk instance over 10.4 should not give that as a result and list all the accounts. I'm not using the classic API switch. Is is possible to force my connection to 10.4 and above and not run into that limitation.

To Reproduce Steps to reproduce the behavior:

  1. User BaseURI ExternalVersion WebSession

    userinfo https://mycompany.com/PasswordVault 11.1.0 Microsoft.PowerShell.Commands.WebRequestSession 2.PS H:\cyberark\audit\output> Get-PASAccount -safe mysafe WARNING: 10 matching accounts found. Only the first result will be returned

Expected behavior Based on documentation, any cyberark instance over 10.4 and not using the classic API switch should return all accounts in a safe but is acting like the old versions.

Screenshots & Console Output If applicable, add screenshots to help explain your problem.

Console Output Code Block: No special code being ran, just manually running GET-PASAccount gives the error

Your Environment Running version 11.1.0

Additional context Any assistance is appreciated.

pspete commented 3 years ago

This is covered in the documentation: https://pspas.pspete.dev/docs/search/#classic-api

If you use the safe or keyword parameters, then the request will go to the legacy/classic API endpoint and only a single result will be returned.

Consider using the parameters specific to the updated gen2\v10 API:

Get-PASAccount -SafeName mysafe
gregmarnie commented 3 years ago

When I use the command, Get-PASAccount -SafeName mysafe, I get the error...

PS H:\cyberark\audit\output> get-pasaccount -SafeName mysafe Get-PASAccount : A parameter cannot be found that matches parameter name 'SafeName'. At line:1 char:16

gregmarnie commented 3 years ago

Error didn't go through

Get-PASAccount : A parameter cannot be found that matches parameter name 'SafeName'. At line:1 char:16

pspete commented 3 years ago

Unable to reproduce. It is a valid parameter: https://pspas.pspete.dev/commands/Get-PASAccount#parameters

https://github.com/pspete/psPAS/blob/7432e6470944c5431016f8c703b34dc14fd93793/psPAS/Functions/Accounts/Get-PASAccount.ps1#L198-L203

gregmarnie commented 3 years ago

Yeah, I think this one is on me. I upgrade to the latest PSPAS but had an older version in my path. Once I cleaned that up, I'm able to utilize the -SafeName parameter. My apologies, this may be closed. Thanks for the very quick turn around on information.