search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
286 stars 90 forks source link

How to tag logon account in powershell using Add-PASAccount command? #428

Closed Kulan117 closed 1 year ago

Kulan117 commented 1 year ago

Describe the issue When I am using the below command I am getting the error below

To Reproduce Steps to reproduce the behavior:

  1. Add-PASAccount -address test -userName test -platformID test1234 -SafeName testsafe -password $Password -ExtraPass1Name "Network Device-test1234-test-admin" -ExtraPass1Safe testsafe

Expected behavior The new account to be added along with the login account being tagged to the account.

Screenshots & Console Output If applicable, add screenshots and/or console output to help explain your problem.


Add-PASAccount -address test -userName test -platformID test1234 -SafeName testsafe -password $Password -ExtraPass1Name "Network Device-test1234-test-admin" -ExtraPass1Safe testsafe

Invoke-PASRestMethod : Request Error BODY color 000000 background color white font family Verdana margin left 0px margin top 0px content margin left 30px font size 70em padding bottom 2em 
A link color 336699 font weight bold text decoration underline A visited color 6699cc font weight bold text decoration underline A active color 336699 font weight bold text decoration 
underline heading1 background color 003366 border bottom 336699 6px solid color ffffff font family Tahoma font size 26px font weight normal margin 0em 0em 10px 20px padding bottom 8px 
padding left 30px padding top 16px pre font size small background color e5e5cc padding 5px font family Courier New margin top 0px border 1px f0f0e0 solid white space pre wrap white space 
pre wrap word wrap break word table border collapse collapse border spacing 0px font family Verdana table th border right 2px white solid border bottom 2px white solid font weight bold 
background color cecf9c table td border right 2px white solid border bottom 2px white solid background color e5e5cc Request Error The server encountered an error processing the request See 
server logs for more details 
At line:323 char:13
+ ...  $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body - ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo     : NotSpecified: (
  R...ls.
:ErrorRecord) [Invoke-PASRestMethod], Exception

  + FullyQualifiedErrorId : 400,Invoke-PASRestMethod

Your Environment Privileged Cloud v12.6

Additional context Add any other context about the problem here.

pspete commented 1 year ago

Can you complete the form? Reasons: https://pspas.pspete.dev/docs/troubleshooting/#logging-an-issue

pspete commented 1 year ago

With no more details forthcoming..... maybe specify the -ExtraPass1Folder parameter

Kulan117 commented 1 year ago

I have updated this tracker to the specified format, please let me know for any details. I tried with -ExtraPass1Folder as root directory but still same

pspete commented 1 year ago

The project cannot test against Privilege Cloud, so no attempt to replicate the issue will be possible. There may be fixes included in psPAS versions released since 5.2.59. For 12.6, consider using the Gen2 parameterset of Add-PASAccount, and link accounts using the Set-PASLinkedAccount command

Kulan117 commented 1 year ago

sure let me try that and post the update! Thank you!

Kulan117 commented 1 year ago

Hi @pspete

I was successful using the Set-PasLinkedAccount command when adding the account ID and name manually. But if I am passing the Account ID and name as variable from the Add-PASAccount command as below I am getting the below error. Can you please help on this

Add Account

$value1 = Add-PASAccount -secretType Password -secret $Password -SafeName "keyssafe" -PlatformID "keysplatform" ` -Username $uname -platformAccountProperties $platformAccountProperties

$value2 = Add-PASAccount -secretType Password -secret $Password -SafeName "rootsafe" -PlatformID "rootplatform" ` -Address "https://console.aws.amazon.com/console/home" -Username $uname -platformAccountProperties $platformAccountProperties

$accid= $value1 | Select-Object id $username = $value2 | Select-Object name

Set-PASLinkedAccount -AccountID $accid -safe "keyssafe" -extraPasswordIndex 1 -name $username -folder root

Error 1: When passing both -Account ID and -name as variable

Invoke-PASRestMethod : [400] Account id value is invalid. At line:57 char:4

Error 2: When passing -Account ID as actual ID and -name as variable

Invoke-PASRestMethod : [404] Linked account was not found. At line:57 char:4

It works when passing the below **Set-PASLinkedAccount -AccountID 222222 -safe "keyssafe" -extraPasswordIndex 1 -name gotest6 -folder root

**

pspete commented 1 year ago

Take a look at the variable values... they look like they might be objects with property values rather than just the id/Name values

pspete commented 1 year ago

closing as nothing to fix. believe you just need to fix your variables, or reference them differently (i.e. Set-PASLinkedAccount -AccountID $accid.id -safe "keyssafe" -extraPasswordIndex 1 -name $username.name -folder root)

Kulan117 commented 1 year ago

Thank you for your help! I fixed the variables and now it works as expected!