Closed AaronG1234 closed 3 years ago
gregharms
commented
3 years ago May be a limitation of CyberArk’s REST API implementation. Ampersand ‘&’ was in some of my org’s safe names. PACLI didn’t care but REST sure did. Confirmed via POSTman using CyberArk’s postman collection that it was a limitation of the CyberArk API and not psPAS.
AaronG1234
commented
3 years ago noted. Thanks for looking at it
From: Greg Harms @.> Sent: Thursday, June 3, 2021 4:10:00 PM To: pspete/psPAS @.> Cc: Aaron Galbraith @.>; Author @.> Subject: [EXTERNAL] Re: [pspete/psPAS] Safe Names with symbols (possibly all api calls where the endleaf should be urlencoded just incase) (#358)
Caution: This email came from outside the company. Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe!
May be a limitation of CyberArk’s REST API implementation. Ampersand ‘&’ was in some of my org’s safe names. PACLI didn’t care but REST sure did. Confirmed via POSTman using CyberArk’s postman collection that it was a limitation of the CyberArk API and not psPAS.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub [github.com]https://urldefense.com/v3/__https://github.com/pspete/psPAS/issues/358*issuecomment-854218532__;Iw!!BRJ0QSYGnkzhVH5s0g!ZqINL2KUdFLl220L90CQfkrlQnfNGqTU5hybAtTycV34PV1iOKFZhdYFXAUJUqTVe-7J$, or unsubscribe [github.com]https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AMOBT3QF7K3W7EKW5MHZ43TTQ74TRANCNFSM46BP2MIA__;!!BRJ0QSYGnkzhVH5s0g!ZqINL2KUdFLl220L90CQfkrlQnfNGqTU5hybAtTycV34PV1iOKFZhdYFXAUJUlr1S1vn$.
NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Blue Cross of Idaho, 3000 E. Pine Ave, Meridian, ID 83642
pspete
commented
3 years ago Hi @AaronG1234
While the issue can be reproduced, you can also see in the verbose output of any psPAS command that encoded URLs are used throughout the module where required; '+' is already escaped to '%2B' in the URL value.
The behaviour you note is also apparent outside of the module, thus is not necessarily something which may may be fixed through code.
You can experiment with the request syntax & format yourself to explore the issue using native powershell commands:
#after New-PASSession
$s = Get-PASSession
$SafeName = "ABC%2BXYZ"
$versions = 5
$Request = @{
"Method" = "PUT"
"Uri" = "$($s.BaseUri)/WebServices/PIMServices.svc/Safes/$SafeName"
"WebSession" = $s.WebSession
"ContentType" = "application/json"
"Body" = @{"safe" = @{"NumberOfVersionsRetention" = $versions}} | ConvertTo-Json
}
Invoke-RestMethod @Request
If you do identify a way to successfully resolve the behaviour, update us here so that any fix can be incorporated into the module.
Add-PASSafe, Get-PASSafe & Remove-PASSafe all benefitted from API enhancements present in the version 12 & 12.1 PAS releases, so expect an update is also imminent for Set-PASSafe, which has not really changed since the API was introduced back in PAS version 9.3....
pspete
commented
3 years ago Closing for now. Comment with any relevant details to reopen for potential future action.
Describe the issue Safe names with '+' and possible other characters are valid in CyberArk, but cannot be interacted with psPAS
To Reproduce Steps to reproduce the behavior:
Expected behavior no error and psPAS is able to achieve the results if PVWA can
I am guessing, based on the error that the api url that psPAS was interacting with needs to be urlencoded something like:
api/blah/safe/safenamenormal api/blah/safe/safenamenormal+symbols api/blah/safe/safenamenormal%2Bsymbols
where 'blah' is the correct path I didn't look up but all REST APIs follow some structure :(
Screenshots & Console Output If applicable, add screenshots to help explain your problem.
Console Output Code Block:
Your Environment Include relevant details about your environment