search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
287 stars 90 forks source link

Add-PASAccount doesn't add accounts #407

Closed arkayali closed 1 year ago

arkayali commented 1 year ago

Describe the issue Add-PASAccount returns an error message

To Reproduce

  1. Run Add-PASAccount standard parameters and DynamicProperties

Expected behavior The desired account to be added to CyberArk Screenshots & Console Output image image


<--Console Output Goes Here-->

Invoke-PASRestMethod :  Request Error BODY color 000000 background color white font family Verdana margin left 0px margin top 0px content margin left 30px font size 70em padding bottom 2em A link color 336699 font weight bold text decoration underline A 
visited color 6699cc font weight bold text decoration underline A active color 336699 font weight bold text decoration underline heading1 background color 003366 border bottom 336699 6px solid color ffffff font family Tahoma font size 26px font weight 
normal margin 0em 0em 10px 20px padding bottom 8px padding left 30px padding top 16px pre font size small background color e5e5cc padding 5px font family Courier New margin top 0px border 1px f0f0e0 solid white space pre wrap white space pre wrap word wrap 
break word table border collapse collapse border spacing 0px font family Verdana table th border right 2px white solid border bottom 2px white solid font weight bold background color cecf9c table td border right 2px white solid border bottom 2px white 
solid background color e5e5cc Request Error The server encountered an error processing the request See server logs for more details 
At line:323 char:13
+ ...   $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body - ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (

    R...ls.

:ErrorRecord) [Invoke-PASRestMethod], Exception
    + FullyQualifiedErrorId : 400,Invoke-PASRestMethod

DEBUG: [Body] {
    "account":  {
                    "accountName":  "",
                    "platformID":  "RedHat-1Time-CVR",
                    "password":  "******",
                    "username":  "unixcsrs",
                    "address":  "unixvl139",
                    "properties":  [
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry",
                                       "System.Collections.DictionaryEntry"
                                   ],
                    "safe":  "CPM-ReconcileSafe-ER"
                }
}

Your Environment

Additional context Add any other context about the problem here.

pspete commented 1 year ago

Hi @arkayali

Information revealing how you are running the command is missing - it can be assumed that your issue lies there as unable to replicate the behaviour you see.

PS > Add-PASAccount -secretType Password -secret $password -address SomeAddress.com -userName SomeUser `
-platformID Some-Test-Platform -SafeName SomeTestSafe `
-platformAccountProperties @{"Port"=123; "LogonDomain"="SomeDomain"}

DEBUG: [Body] {
    "remoteMachinesAccess":  {

                             },
    "secretManagement":  {

                         },
    "platformAccountProperties":  {
                                      "LogonDomain":  "SomeDomain",
                                      "Port":  123
                                  },
    "address":  "SomeAddress.com",
    "userName":  "SomeUser",
    "secret":  "******",
    "secretType":  "Password",
    "platformID":  "Some-Test-Platform",
    "SafeName":  "SomeTestSafe"
}
VERBOSE: POST with -1-byte payload
VERBOSE: received 434-byte response of content type application/json; charset=utf-8

AccountID                 : 336_4
Safe                      : SomeTestSafe
address                   : SomeAddress.com
userName                  : SomeUser
name                      : Operating System-Some-Test-Platform-SomeAddress.com-SomeUser
platformId                : Some-Test-Platform
secretType                : password
platformAccountProperties : @{LogonDomain=SomeDomain; Port=123}
secretManagement          : @{automaticManagementEnabled=True; lastModifiedTime=1660472329}
createdTime               : 14/08/2022 10:18:49
categoryModificationTime  : 14/08/2022 10:18:49

Can you confirm that you are using the Gen2 API?

arkayali commented 1 year ago

Hi @pspete,

Thanks for your reply. Just noticed that I didn't enclose the cmdlet itself .. sorry for that.

This is exactly what I ran .. and I'm using Gen1 API as ver CA 11.5 have issues with Gen2 I guess

Add-PASAccount -SafeName CPM-ReconcileSafe-ER -platformID RedHat-1Time-CVR -address unixvl139 -accountName '' -password $pwd99 -userName unixcsrs -ExtraPass3Name unixcsrs -DynamicProperties @{'LogonDomain'='Server01';'Folder'='Root';'Server_Environment'='UAT';'Class'='FuncID';'AppPlatform'='CyberArk';'Owner'='Milk';'Ticket'='RITM0123456';'DeviceType'='Operating System'} -Debug

pspete commented 1 year ago

Add Accounts Gen 1 API is relevant to legacy versions older than 10.4. Gen 2 API is relevant to versions 10.4 and above. With your 11.5 version, you should use Gen2 API. Support for the legacy API might be removed at some point.

Add-PASAccount -secretType Password -secret $pwd99 -address unixvl139 -userName unixcsrs `
-platformID RedHat-1Time-CVR -SafeName CPM-ReconcileSafe-ER `
-platformAccountProperties @{'LogonDomain'='Server01';'Folder'='Root';'Server_Environment'='UAT'}
arkayali commented 1 year ago

@pspete

Thank you so much .. you made my day. I still have some confusion when it comes to Gen1 or Gen2 as other cmdlet don't run unless I add -UseGen1API !! That what made me thing that I should Gen1 for Add-Account

arkayali commented 1 year ago

Thanks again

pspete commented 1 year ago

You can see all notes about version requirements here: https://pspas.pspete.dev/docs/compatibility/ All help pages for all module commands should also detail version requirements for specific parameters.