search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
286 stars 90 forks source link

Issue with Add-PASAccount module #478

Closed ivansilvafava closed 10 months ago

ivansilvafava commented 11 months ago

Hi team, i need to add account in PVWA with the Add-PASAccount modue but i have one error with the safe.

The safe exist in PVWA and it was created. Can you help me please?

Regards

Output

cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential Invoke-PASRestMethod : [400] There are some invalid parameters: Safe ['AR-LX-IMPLE-CUSTOM'] was not found At line:323 char:13

ivansilvafava commented 11 months ago

Invoke-PASRestMethod : [400] There are some invalid parameters: Safe [AR-LX-IMPLE-CUSTOM] was not found At line:323 char:13

ivansilvafava commented 11 months ago

Can you help me please?

pspete commented 11 months ago

It is hard to say without the detail requested in the issue template.

Initial thought is the safe name being queried 'AR-LX-IMPLE-CUSTOM' appears to have single quotes included.

ivansilvafava commented 11 months ago

Hi Pete,

I run again without single quotes included, but the issue continue.

@.***

@.***

Thanks! De: Pete Maan @.> Enviado el: 05 August 2023 13:58 Para: pspete/psPAS @.> CC: Silva, Hector Ivan @.>; Author @.> Asunto: [EXT]Re: [pspete/psPAS] Issue with Add-PASAccount module (Issue #478)

ALERTA: Este mensaje proviene de un remitente EXTERNO – ten cuidado especialmente con enlaces y archivos adjuntos. Si sospechas, repórtalo de inmediato con el botón del pez.

It is hard to say without the detail requested in the issue template.

Initial thought is the safe name being queried 'AR-LX-IMPLE-CUSTOM' appears to have single quotes included.

— Reply to this email directly, view it on GitHubhttps://github.com/pspete/psPAS/issues/478#issuecomment-1666553947, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BBWQYIHWEL2ELHL6ZC4ALBTXTZ3PZANCNFSM6AAAAAA3DHQTUI. You are receiving this because you authored the thread.Message ID: @.**@.>>

pspete commented 11 months ago
  • What version of psPAS? @. What version of CyberArk? Versión 12.6 What command can we use to attempt to recreate the issue? Add-PASAccount command How does the code that you are using look? **@. @.

@ivansilvafava ^ will need more information than this to be able to help. please provide some sample code which can be used to attempt to recreate the issue. additional context will also help, like if this is for all safes, or just 1?

can you confirm if the issue also exists outside of psPAS? some instructions can be found here: https://pspas.pspete.dev/docs/troubleshooting/#manual-api-command-testing

ivansilvafava commented 11 months ago

Hi Pete,

The issue is with this safe AR-LX-IMPLE-CUSTOM, with another safes the Ps script is running.

I have problem with this new safe created AR-LX-IMPLE-CUSTOM ´ PS C:\CyberOS\CyberArk\importacion Ivan> cat bulk-Linux-cuentas-Linux-Psafe1.ps1 Import-Module pspas

$cred = Get-Credential

$Accounts = Import-Csv -Path 'C:\CyberOS\CyberArk\importacion Ivan\subirEstaticaLinuxPsafe-test.csv'

New-PASSession -Credential $cred -BaseURI https://ciberpam.ar.bsch -type CyberArk -SkipCertificateCheck

foreach($Account in $Accounts){

$Password = ConvertTo-SecureString -String $Account.Password -AsPlainText -Force

Add-PASAccount -secretType Password `
-secret $Password `
-platformAccountProperties @{"UseSudoOnReconcile"=$Account.UseSudoOnReconcile} `
-address $Account.Address `
-userName $Account.Username `
-platformID $Account.PlatformID `
-SafeName $Account.SafeName `
-automaticManagementEnabled $False

}

Close-PASSession

Where 'C:\CyberOS\CyberArk\importacion Ivan\subirEstaticaLinuxPsafe-test.csv' has these data for example

userName,address,Password,safeName,platformID,UseSudoOnReconcile usrespro15051,redidebinpro01,CVBGjjsjy#91,AR-LX-IMPLE-CUSTOM,AR-LX-Custom,No usrespro15052,redidebinpro01,CVBGjjsjy#92,AR-LX-IMPLE-CUSTOM,AR-LX-Custom,No userdt,redidebindev03,CVBGjjsjy#93,AR-LX-IMPLE-CUSTOM,AR-LX-Custom,No De: Pete Maan @.> Enviado el: 06 August 2023 19:55 Para: pspete/psPAS @.> CC: Silva, Hector Ivan @.>; Mention @.> Asunto: [EXT]Re: [pspete/psPAS] Issue with Add-PASAccount module (Issue #478)

ALERTA: Este mensaje proviene de un remitente EXTERNO – ten cuidado especialmente con enlaces y archivos adjuntos. Si sospechas, repórtalo de inmediato con el botón del pez.

@ivansilvafavahttps://github.com/ivansilvafava ^ will need more information than this to be able to help. please provide some sample code which can be used to attempt to recreate the issue. additional context will also help, like if this is for all safes, or just 1?

can you confirm if the issue also exists outside of psPAS? some instructions can be found here: https://pspas.pspete.dev/docs/troubleshooting/#manual-api-command-testing

— Reply to this email directly, view it on GitHubhttps://github.com/pspete/psPAS/issues/478#issuecomment-1666996670, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BBWQYIAFN4HBP4BZHJ2BOI3XUAODXANCNFSM6AAAAAA3DHQTUI. You are receiving this because you were mentioned.Message ID: @.**@.>>

pspete commented 11 months ago

As it is only affecting 1 safe, it is unlikely to be an issue in the module. Is the same issue observed outside the module?

$Body = @{
    userName                  = "userdt"
    address                   = "redidebindev03"
    secret                    = "CVBGjjsjy#93"
    platformId                = "AR-LX-Custom"
    SafeName                  = "AR-LX-IMPLE-CUSTOM"
    platformAccountProperties = @{"UseSudoOnReconcile"="No"}
    secretManagement          = @{"automaticManagementEnabled"= $false}
} | ConvertTo-Json

#after New-PASSession
$ThisSession = Get-PASSession

$Method = "POST"
$UrlPath = "API/Accounts/"

$Request = @{
    "Method"      = $Method
    "Uri"         = "$($ThisSession.BaseUri)/$UrlPath"
    "WebSession"  = $ThisSession.WebSession
    "ContentType" = "application/json"
    "Body"        = $Body
}

Invoke-RestMethod @Request
pspete commented 11 months ago

Did you manage to test outside the module? No update for a while, did you resolve? Still an issue?

ivansilvafava commented 11 months ago

Thanks Pete,

I found the issue, I need to add the administrator role in the Safe, Is it Correct? I put it and it is running now. Another question I would like to ask you is if there is a line that can be added to validate if the account exists in PVWA when I need to add account in the PVWA?

Regards and Thanks!

De: Pete Maan @.> Enviado el: 12 August 2023 09:03 Para: pspete/psPAS @.> CC: Silva, Hector Ivan @.>; Mention @.> Asunto: [EXT]Re: [pspete/psPAS] Issue with Add-PASAccount module (Issue #478)

ALERTA: Este mensaje proviene de un remitente EXTERNO – ten cuidado especialmente con enlaces y archivos adjuntos. Si sospechas, repórtalo de inmediato con el botón del pez.

Did you manage to test outside the module? No update for a while, did you resolve? Still an issue?

— Reply to this email directly, view it on GitHubhttps://github.com/pspete/psPAS/issues/478#issuecomment-1675877216, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BBWQYIDC4J5D64C7RN6CFSLXU5WIRANCNFSM6AAAAAA3DHQTUI. You are receiving this because you were mentioned.Message ID: @.**@.>>

pspete commented 10 months ago

Is it Correct?

We can't comment for your implementation - whatever works?

is if there is a line that can be added to validate if the account exists in PVWA

perhaps some logic to search for the account details, like: if((Get-PASAccount -search someuser -safename somesafe).count -eq 0){do things}

pspete commented 10 months ago

closing as original issue resolved.