search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
286 stars 90 forks source link

Get-PASSafeMember with includePredefinedUsers eq True and more than 26 members in the safe. #433

Closed InconstantRO closed 1 year ago

InconstantRO commented 1 year ago

Describe the issue Get-PASSafeMember with includePredefinedUsers eq True and more than 26 members in the safe throws "[500] String was not recognized as a valid Boolean." error. Error is thrown by Invoke-PASRestMethod method in line 295 (in Get-PASSafeMember.ps1 file). It also returns first 25 members, but fails to query next.

To Reproduce Steps to reproduce the behavior:

  1. Assign 26+ members (35 to be sure) to your PVWAReports safe.
  2. Logon to PAM and run next command to get safe PVWAReports members, including predefined users: Get-PASSafeMember -safename "PVWAReports" -includePredefinedUsers $true

Expected behavior Expected to get all safe members.

Screenshots & Console Output If applicable, add screenshots and/or console output to help explain your problem.


<--
[500] String was not recognized as a valid Boolean.
-->

Your Environment Include relevant details about your environment

Additional context I think the problem is in double question mark in resulting URL (?filter, ?limit): https://myserver.com/PasswordVault/api/Safes/PVWAReports/Members?filter=includePredefinedUsers%20eq%20True?limit=25&OffSet=25

Fix To fix the problem this line should be changed from:


$Null = $Members.AddRange((Invoke-PASRestMethod -Uri "$URI`?limit=$Limit&OffSet=$Offset" -Method GET -WebSession $Script:WebSession -TimeoutSec $TimeoutSec).value)

to


if ($URI -match ".*\?.*") {
    $Null = $Members.AddRange((Invoke-PASRestMethod -Uri "$URI`&limit=$Limit&OffSet=$Offset" -Method GET -WebSession $Script:WebSession -TimeoutSec $TimeoutSec).value)
} else {
    $Null = $Members.AddRange((Invoke-PASRestMethod -Uri "$URI`?limit=$Limit&OffSet=$Offset" -Method GET -WebSession $Script:WebSession -TimeoutSec $TimeoutSec).value)
}
pspete commented 1 year ago

Hi @InconstantRO - many many thanks for reporting this. Confirmed the observed behaviour, fix developed and now present in the Dev branch.

pspete commented 1 year ago

Fix now published in version 5.4.101. Also added unit tests to check the URL is getting formed as expected. Thanks again for the report.