search

thycotic-ps / thycotic.secretserver

PowerShell module for automating with Thycotic Secret Server REST API
https://thycotic-ps.github.io/thycotic.secretserver
MIT License
68 stars 22 forks source link

Get-tsssecret does not function poperly in EA 11.1 #258

Closed jagger closed 2 years ago

jagger commented 2 years ago

Verified issue does not already exist?

Yes

What error did you receive

PSMessageDetails : Exception : System.Management.Automation.RuntimeException: Cannot convert value "@{id=3188; name=testaccount; secretTemplateId=4; folderId=2; active=True; items=System.Object[]; launcherConnectAsSecretId=-1; checkOutMinutesRemaining=0; checkedOut=False; checkOutUserDisplayName=; checkOutUserId=-1; isRestricted=False; isOutOfSync=False; outOfSyncReason=; autoChangeEnabled=False; autoChangeNextPassword=; requiresApprovalForAccess=False; requiresComment=False; checkOutEnabled=False; checkOutIntervalMinutes=-1; checkOutChangePasswordEnabled=False; accessRequestWorkflowMapId=-1; proxyEnabled=False; sessionRecordingEnabled=False; restrictSshCommands=False; jumpboxRouteId=; allowOwnersUnrestrictedSshCommands=False; isDoubleLock=False; doubleLockId=-1; enableInheritPermissions=True; passwordTypeWebScriptId=-1; siteId=1; enableInheritSecretPolicy=True; secretPolicyId=-1; lastHeartBeatStatus=Pending; lastHeartBeatCheck=1/1/0001 12:00:00 AM; failedPasswordChangeAttempts=0; lastPasswordChangeAttempt=1/1/0001 12:00:00 AM; secretTemplateName=Combination Lock; responseCodes=System.Object[]; webLauncherRequiresIncognitoMode=False}" to type "Thycotic.PowerShell.Secrets.Secret". Error: "Cannot convert the "@{id=3188; name=testaccount; secretTemplateId=4; folderId=2; active=True; items=System.Object[]; launcherConnectAsSecretId=-1; checkOutMinutesRemaining=0; checkedOut=False; checkOutUserDisplayName=; checkOutUserId=-1; isRestricted=False; isOutOfSync=False; outOfSyncReason=; autoChangeEnabled=False; autoChangeNextPassword=; requiresApprovalForAccess=False; requiresComment=False; checkOutEnabled=False; checkOutIntervalMinutes=-1; checkOutChangePasswordEnabled=False; accessRequestWorkflowMapId=-1; proxyEnabled=False; sessionRecordingEnabled=False; restrictSshCommands=False; jumpboxRouteId=; allowOwnersUnrestrictedSshCommands=False; isDoubleLock=False; doubleLockId=-1; enableInheritPermissions=True; passwordTypeWebScriptId=-1; siteId=1; enableInheritSecretPolicy=True; secretPolicyId=-1; lastHeartBeatStatus=Pending; lastHeartBeatCheck=1/1/0001 12:00:00 AM; failedPasswordChangeAttempts=0; lastPasswordChangeAttempt=1/1/0001 12:00:00 AM; secretTemplateName=Combination Lock; responseCodes=System.Object[]; webLauncherRequiresIncognitoMode=False}" value of type "System.Management.Automation.PSCustomObject" to type "Thycotic.PowerShell.Secrets.Secret"." ---> System.Management.Automation.PSInvalidCastException: Cannot convert value "@{id=3188; name=testaccount; secretTemplateId=4; folderId=2; active=True; items=System.Object[]; launcherConnectAsSecretId=-1; checkOutMinutesRemaining=0; checkedOut=False; checkOutUserDisplayName=; checkOutUserId=-1; isRestricted=False; isOutOfSync=False; outOfSyncReason=; autoChangeEnabled=False; autoChangeNextPassword=; requiresApprovalForAccess=False; requiresComment=False; checkOutEnabled=False; checkOutIntervalMinutes=-1; checkOutChangePasswordEnabled=False; accessRequestWorkflowMapId=-1; proxyEnabled=False; sessionRecordingEnabled=False; restrictSshCommands=False; jumpboxRouteId=; allowOwnersUnrestrictedSshCommands=False; isDoubleLock=False; doubleLockId=-1; enableInheritPermissions=True; passwordTypeWebScriptId=-1; siteId=1; enableInheritSecretPolicy=True; secretPolicyId=-1; lastHeartBeatStatus=Pending; lastHeartBeatCheck=1/1/0001 12:00:00 AM; failedPasswordChangeAttempts=0; lastPasswordChangeAttempt=1/1/0001 12:00:00 AM; secretTemplateName=Combination Lock; responseCodes=System.Object[]; webLauncherRequiresIncognitoMode=False}" to type "Thycotic.PowerShell.Secrets.Secret". Error: "Cannot convert the "@{id=3188; name=testaccount; secretTemplateId=4; folderId=2; active=True; items=System.Object[]; launcherConnectAsSecretId=-1; checkOutMinutesRemaining=0; checkedOut=False; checkOutUserDisplayName=; checkOutUserId=-1; isRestricted=False; isOutOfSync=False; outOfSyncReason=; autoChangeEnabled=False; autoChangeNextPassword=; requiresApprovalForAccess=False; requiresComment=False; checkOutEnabled=False; checkOutIntervalMinutes=-1; checkOutChangePasswordEnabled=False; accessRequestWorkflowMapId=-1; proxyEnabled=False; sessionRecordingEnabled=False; restrictSshCommands=False; jumpboxRouteId=; allowOwnersUnrestrictedSshCommands=False; isDoubleLock=False; doubleLockId=-1; enableInheritPermissions=True; passwordTypeWebScriptId=-1; siteId=1; enableInheritSecretPolicy=True; secretPolicyId=-1; lastHeartBeatStatus=Pending; lastHeartBeatCheck=1/1/0001 12:00:00 AM; failedPasswordChangeAttempts=0; lastPasswordChangeAttempt=1/1/0001 12:00:00 AM; secretTemplateName=Combination Lock; responseCodes=System.Object[]; webLauncherRequiresIncognitoMode=False}" value of type "System.Management.Automation.PSCustomObject" to type "Thycotic.PowerShell.Secrets.Secret"." ---> System.Management.Automation.PSInvalidCastException: Cannot convert the "@{id=3188; name=testaccount; secretTemplateId=4; folderId=2; active=True; items=System.Object[]; launcherConnectAsSecretId=-1; checkOutMinutesRemaining=0; checkedOut=False; checkOutUserDisplayName=; checkOutUserId=-1; isRestricted=False; isOutOfSync=False; outOfSyncReason=; autoChangeEnabled=False; autoChangeNextPassword=; requiresApprovalForAccess=False; requiresComment=False; checkOutEnabled=False; checkOutIntervalMinutes=-1; checkOutChangePasswordEnabled=False; accessRequestWorkflowMapId=-1; proxyEnabled=False; sessionRecordingEnabled=False; restrictSshCommands=False; jumpboxRouteId=; allowOwnersUnrestrictedSshCommands=False; isDoubleLock=False; doubleLockId=-1; enableInheritPermissions=True; passwordTypeWebScriptId=-1; siteId=1; enableInheritSecretPolicy=True; secretPolicyId=-1; lastHeartBeatStatus=Pending; lastHeartBeatCheck=1/1/0001 12:00:00 AM; failedPasswordChangeAttempts=0; lastPasswordChangeAttempt=1/1/0001 12:00:00 AM; secretTemplateName=Combination Lock; responseCodes=System.Object[]; webLauncherRequiresIncognitoMode=False}" value of type "System.Management.Automation.PSCustomObject" to type "Thycotic.PowerShell.Secrets.Secret". ---> System.InvalidOperationException: The jumpboxRouteId property was not found for the Thycotic.PowerShell.Secrets.Secret object. The available property is: [SecretId ] , [AccessRequestWorkflowMapId ] , [Active ] , [AllowOwnersUnrestrictedSshCommands ] , [AutoChangeEnabled ] , [AutoChangeNextPassword ] , [CheckedOut ] , [CheckOutChangePasswordEnabled ] , [CheckOutEnabled ] , [CheckOutIntervalMinutes ] , [CheckOutMinutesRemaining ] , [CheckOutUserDisplayName ] , [CheckOutUserId ] , [DoubleLockId ] , [EnableInheritPermissions ] , [EnableInheritSecretPolicy ] , [FailedPasswordChangeAttempts ] , [FolderId ] , [Id ] , [IsDoubleLock ] , [IsOutOfSync ] , [IsRestricted ] , [Items <Thycotic.PowerShell.Secrets.Items[]>] , [LastHeartBeatCheck <System.Nullable1[[System.DateTime, System.Private.CoreLib, Version=6.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]>] , [LastHeartBeatStatus <Thycotic.PowerShell.Enums.SecretHeartbeatStatus>] , [LastPasswordChangeAttempt <System.Nullable1[[System.DateTime, System.Private.CoreLib, Version=6.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]>] , [LauncherConnectAsSecretId ] , [Name ] , [OutOfSyncReason ] , [PasswordTypeWebScriptId ] , [ProxyEnabled ] , [RequiresApprovalForAccess ] , [RequiresComment ] , [RestrictSshCommands ] , [SecretPolicyId ] , [SecretTemplateId ] , [SecretTemplateName ] , [SessionRecordingEnabled ] , [SiteId ] , [WebLauncherRequiresIncognitoMode ] , [ResponseCodes <System.String[]>] at System.Management.Automation.LanguagePrimitives.CreateMemberNotFoundError(PSObject pso, DictionaryEntry property, Type resultType) at System.Management.Automation.LanguagePrimitives.SetObjectProperties(Object o, IDictionary properties, Type resultType, MemberNotFoundError memberNotFoundErrorAction, MemberSetValueError memberSetValueErrorAction, Boolean enableMethodCall, IFormatProvider formatProvider, Boolean recursion, Boolean ignoreUnknownMembers) at System.Management.Automation.LanguagePrimitives.SetObjectProperties(Object o, PSObject psObject, Type resultType, MemberNotFoundError memberNotFoundErrorAction, MemberSetValueError memberSetValueErrorAction, IFormatProvider formatProvider, Boolean recursion, Boolean ignoreUnknownMembers) --- End of inner exception stack trace --- at System.Management.Automation.LanguagePrimitives.SetObjectProperties(Object o, PSObject psObject, Type resultType, MemberNotFoundError memberNotFoundErrorAction, MemberSetValueError memberSetValueErrorAction, IFormatProvider formatProvider, Boolean recursion, Boolean ignoreUnknownMembers) at System.Management.Automation.LanguagePrimitives.ConvertViaNoArgumentConstructor.Convert(Object valueToConvert, Type resultType, Boolean recursion, PSObject originalValueToConvert, IFormatProvider formatProvider, TypeTable backupTable, Boolean ignoreUnknownMembers) --- End of inner exception stack trace --- at System.Management.Automation.LanguagePrimitives.ConvertViaNoArgumentConstructor.Convert(Object valueToConvert, Type resultType, Boolean recursion, PSObject originalValueToConvert, IFormatProvider formatProvider, TypeTable backupTable, Boolean ignoreUnknownMembers) at System.Management.Automation.LanguagePrimitives.ConvertViaNoArgumentConstructor.Convert(Object valueToConvert, Type resultType, Boolean recursion, PSObject originalValueToConvert, IFormatProvider formatProvider, TypeTable backupTable) at CallSite.Target(Closure , CallSite , Object ) at Get-TssSecret(Closure , FunctionContext ) --- End of inner exception stack trace --- TargetObject : CategoryInfo : InvalidArgument: (:) [], RuntimeException FullyQualifiedErrorId : InvalidCastConstructorException ErrorDetails : InvocationInfo : System.Management.Automation.InvocationInfo ScriptStackTrace : at Get-TssSecret, C:\Users\RJagger\OneDrive - Thycotic Corporate\Documents\PowerShell\Modules\Thycotic.SecretServer\0.60.4\functions\secrets\Get-TssSecret.ps1: line 219 at , : line 1 PipelineIterationInfo : {}

Please run the command using -Verbose

Get-TssSecret -TssSession $Session -id 3188 -verbose

VERBOSE: Command invocation: Get-TssSecret -TssSession:TssSessionObject -Id:System.Int32[] -Verbose:True VERBOSE: Performing the operation GET https://labss01.jaggerlab.local/SecretServer/api/v1/secrets/3188 with:

InvalidArgument: C:\Users\RJagger\OneDrive - Thycotic Corporate\Documents\PowerShell\Modules\Thycotic.SecretServer\0.60.4\functions\secrets\Get-TssSecret.ps1:219:25

Provide a test case or steps to reproduce

Works fine on 11.0.8 uploading to Early Adopter release gets the above error

Expected behavior

Returns secret

What Edition of Secret Server?

Platinum

What version of Secret Server

EA release

What PowerShell host was used when producing this error

VS Code (terminal)

PowerShell Host Version

Name Value

PSVersion 7.2.0 PSEdition Core GitCommitId 7.2.0 OS Microsoft Windows 10.0.19043 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

MhmdRahim commented 2 years ago

Any updates or workarounds for this issue? I'm getting the same error cannot convert value of type "System.Management.Automation.PSCustomObject" to type "Thycotic.PowerShell.Secrets.Secret" when using Get-TssSecretStub

I'm using SS cloud version 11.1.000006

GeorgeYinICF commented 2 years ago

We just ran into the same issue. It looks like the Get-TssSecret has trouble returning the psobj or the sdkclient PS module has trouble receiving it. Either way, the end result is the credentials needed for subsequent steps in the scripts will fail. As stated, the "issue" only occurred after TSS cloud was upgrade to 11.1.000006. The issue need to be fixed. In the meantimek we have to do unduely amount of workarounds to get fhings working. The main workaround you can do is use Get-TssSecretField and specify each "-Slug" you want to retrieve. For example:
Get-TssSecretField -TssSession $session -Id 1234 -Slug password

Be aware the returned system.string value has double quotes around it. So you'll need to strip them off or authenitcation will also fail :-(

dnlrv commented 2 years ago

potential fix has been identified, testing internally first before pushing something out for everyone.

Essentially the Secret.cs class needs to have the jumpboxRouteId property added to account for it. I added the following to Secret.cs:

public int JumpboxRouteId { get; set; }

need you to try the following, download this file https://drive.google.com/file/d/1rTFjFF3WWQ_LAqFwEtCJet7F6NZFMhTh/view?usp=sharing need you to go into your Thycotic PS module folder, in /bin and rename the following files:

Thycotic.SecretServer.deps.json -> Thycotic.SecretServer.deps.json.backup
Thycotic.SecretServer.dll -> Thycotic.SecretServer.dll.backup
Thycotic.SecretServer.pdb -> Thycotic.SecretServer.pdb.backup

Then extract the contents of the above zip into that /bin folder Then import the Thycotic PS module and try Get-TSSSecret again

MhmdRahim commented 2 years ago

potential fix has been identified, testing internally first before pushing something out for everyone.

Essentially the Secret.cs class needs to have the jumpboxRouteId property added to account for it. I added the following to Secret.cs:

public int JumpboxRouteId { get; set; }

need you to try the following, download this file https://drive.google.com/file/d/1rTFjFF3WWQ_LAqFwEtCJet7F6NZFMhTh/view?usp=sharing need you to go into your Thycotic PS module folder, in /bin and rename the following files:

Thycotic.SecretServer.deps.json -> Thycotic.SecretServer.deps.json.backup
Thycotic.SecretServer.dll -> Thycotic.SecretServer.dll.backup
Thycotic.SecretServer.pdb -> Thycotic.SecretServer.pdb.backup

Then extract the contents of the above zip into that /bin folder Then import the Thycotic PS module and try Get-TSSSecret again

I just tried this fix with Get-TssSecretStub and Get-TssSecret, I confirm that both worked as expected.

Thanks!

miked1313 commented 2 years ago

Hi @dnlrv We are running 11.1 in prod and are also affected by this issue. Is an updated Thycotic.SecretServer PowerShell module going to be released soon? Thank you.

miked1313 commented 2 years ago

I tested the fix from the Google Drive link and confirmed that it fixes the issue with Get-TssSecret not working with Secret Server 11.1.

evandena commented 2 years ago

FWIW, I had to open that zip with 7zip

chrisallennc commented 2 years ago

We were having the same issue running the module version 0.60.5 with Secret Server 11.1.000007. I deployed the 3 files in the zip file which resolved the issue. It appears the @wsmelton no longer works at the company or supports this module, is there another contributor that can merge the changes?

Null-Fault commented 2 years ago

@dnlrv @peetrike @stahler With 11.1 being in production, when can we see this fix pushed?

EndlessTrax commented 2 years ago

I've merged a patch for this with #265. A release has been created in GitHub (v0.60.6).

However, I cannot currently publish the update to the PowerShell Gallery, so to use this new version, you'll need to build from the source. The build scripts are included in this repo.