search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
286 stars 90 forks source link

set-pasuser resets details #528

Closed ELANDJEA closed 3 months ago

ELANDJEA commented 4 months ago

Describe the issue The documentation of set-pasuser already indicates "Appears to require all properties set on a user to be passed with the request." it would be nice if the function does update full details/properties and not clear the not provided details/properties as is done currently

To Reproduce Steps to reproduce the behavior: 1. 2. 3.

Expected behavior why not get full details....update the object and rewrite the full details (similar way of getting details like I added in issue #527 )

Screenshots & Console Output If applicable, add screenshots and/or console output to help explain your problem.


<--Console Output Goes Here-->

Your Environment Include relevant details about your environment

Additional context I created for instance a (basic)user-rename function that does something similar (now only for the "username" but can be done for other properties also:

Function rename-pasuser { param([string]$oldname,[string]$newname) $user=$null $user=get-pasuser -username $oldname if ($user -eq $null) { write-host user $oldname does not exist return $false }

get details via plain rest

$id=$user.id $ThisSession = Get-PASSession $UrlPath = "api/users/$id/" $method="get" $Request = @{ "Method" = $Method "Uri" = "$($ThisSession.BaseUri)/$UrlPath" "WebSession" = $ThisSession.WebSession "ContentType" = "application/json" } $userdetails=Invoke-RestMethod @Request

$userdetails.username=$newname $userupdate=$null

set full details back witch changed name via plain rest

$body=convertto-json $userdetails
$Request = @{
  "Method"      = "PUT"
  "Uri"         = "$($ThisSession.BaseUri)/$UrlPath"
  "WebSession"  = $ThisSession.WebSession
  "ContentType" = "application/json"
  "body"        = $body
  }
$userupdate=Invoke-RestMethod @Request

if ($userupdate -eq $null) { write-host rename of user $oldname ended with error return $false } write-host user $oldname renamed to $newname return $true }

pspete commented 3 months ago

Hi @ELANDJEA ,

An update to make Set-PASUser work in the way you describe is now present in the DEV branch, and will be in the next psPAS release.

pspete commented 3 months ago

Thanks for raising this @ELANDJEA The change is now present in psPAS 6.3.78

Also expanded the same functionality across all API commands that require use of a PUT request so current values from the object being updated are automatically fetched so that existing values not being changed will remain on the object. Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.