search

thycotic-ps / thycotic.secretserver

PowerShell module for automating with Thycotic Secret Server REST API
https://thycotic-ps.github.io/thycotic.secretserver
MIT License
68 stars 22 forks source link

Update-TssSecretTemplateField throws "Failed to set column \"SecretFieldDescription\"." #367

Closed miked1313 closed 1 year ago

miked1313 commented 1 year ago

Verified issue does not already exist?

Yes

What error did you receive

ProcessResponse.ps1: C:\Users\mike\Documents\PowerShell\Modules\Thycotic.SecretServer\0.61.3\functions\secret-templates\Update-TssSecretTemplateField.ps1:62 Line | 62 | $restResponse = . $ProcessResponse $apiResponse | ~~~~~~~ | { "errorCode": "API_GenericException", "message": "Failed to set column \"SecretFieldDescription\"." }

Please run the command using -Verbose

VERBOSE: Command invocation: Update-TssSecretTemplateField -TssSession:TssSessionObject -TemplateId:TssSessionObject -Field:TssSessionObject -Verbose:True VERBOSE: Performing the operation "PUT https://server.domain.com/SecretServer/api/v1/secret-templates/6039 with: { "Description": null, "DisplayName": null, "EditablePermission": 0, "EditRequires": 0, "FieldSlugName": null, "GeneratePasswordCharacterSet": null, "GeneratePasswordLength": 0, "HideOnView": false, "HistoryLength": 0, "IsExpirationField": false, "IsFile": false, "IsIndexable": false, "IsNotes": false, "IsPassword": false, "IsRequired": false, "IsUrl": false, "IsList": false, "ListType": 0, "MustEncrypt": false, "Name": null, "PasswordRequirementId": 0, "PasswordTypeFieldId": 0, "SecretTemplateFieldId": 0, "SortOrder": 0, "ExposeForDisplay": false }" on target "Secret Template ID: 6039". VERBOSE: Performing the operation PUT https://server.domain.com/SecretServer/api/v1/secret-templates/6039 with:

{ "Description": null, "DisplayName": null, "EditablePermission": 0, "EditRequires": 0, "FieldSlugName": null, "GeneratePasswordCharacterSet": null, "GeneratePasswordLength": 0, "HideOnView": false, "HistoryLength": 0, "IsExpirationField": false, "IsFile": false, "IsIndexable": false, "IsNotes": false, "IsPassword": false, "IsRequired": false, "IsUrl": false, "IsList": false, "ListType": 0, "MustEncrypt": false, "Name": null, "PasswordRequirementId": 0, "PasswordTypeFieldId": 0, "SecretTemplateFieldId": 0, "SortOrder": 0, "ExposeForDisplay": false }

Provide a test case or steps to reproduce

$session = New-TssSession -SecretServer 'https://server.domain.com/SecretServer' -Credential (Get-Credential) $template = Get-TssSecretTemplate -TssSession $session -Id 6039 $devicename = $template.GetField('Device Name') $devicename.ExposeForDisplay = $false Update-TssSecretTemplateField -TssSession $session -TemplateId 6039 -Field $devicename

Expected behavior

Get-TssSecretTemplate should return all values from the template fields. The $template contains a lot of null values which I think is why I think Update-TssSecretTemplateField is throwing the error.

I confirmed that $response = Invoke-RestMethod 'https://server.domain.com/SecretServer/api/v1/secret-templates/6039' -Method 'GET' -Headers $headers returns the expected values for DisplayName, Description, name, fieldSlugName, etc.

What Edition of Secret Server?

Professional

What version of Secret Server

Current GA release

What PowerShell host was used when producing this error

PowerShell Core (pwsh)

PowerShell Host Version

Name Value

PSVersion 7.3.6 PSEdition Core GitCommitId 7.3.6 OS Microsoft Windows 10.0.22621 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

jagger commented 1 year ago

can you try again but use the slug name rather than the field name with your $template.GetField('Device Name') call? Presumably $template.GetField('Device-Name') or $template.GetField('device-name')

miked1313 commented 1 year ago

Ahh, good catch. Yes the device-name field slug worked to allow Update-TssSecretTemplateField to execute without error.

Problem: Seems like Expose for Display is backwards though in the Module. Trying to set $devicename.ExposeForDisplay = $false didn't do anything. A Get shows that it is False and the Secret Server UI says it is "Yes".

$devicename.MustEncrypt = $true worked and then Expose for Display in the PowerShell response was True. In the Secret Server UI, Expose for Display is then "No".

$response = Update-TssSecretTemplateField -TssSession $session -TemplateId 7046 -Field $devicename

Description                  : The name of the Device.
DisplayName                  : Device Name
EditablePermission           : 2
EditRequires                 : Edit
FieldSlugName                : device-name
GeneratePasswordCharacterSet :
GeneratePasswordLength       : -1
HideOnView                   : False
HistoryLength                : 2147483647
IsExpirationField            : False
IsFile                       : False
IsIndexable                  : False
IsNotes                      : False
IsPassword                   : False
IsRequired                   : False
IsUrl                        : False
IsList                       : False
ListType                     : None
MustEncrypt                  : True
Name                         : Device Name
PasswordRequirementId        : -1
PasswordTypeFieldId          : -1
SecretTemplateFieldId        : 1333
SortOrder                    : 6
ExposeForDisplay             : True

When Secret Server UI shows that Expose for Display is No, the module returns:

$template = Get-TssSecretTemplate -TssSession $session -Id 7046
$devicename = $template.GetField('device-name')
$devicename | Select-Object FieldSlugName, MustEncrypt, ExposeForDisplay

FieldSlugName MustEncrypt ExposeForDisplay
------------- ----------- ----------------
device-name          True             True

I think it should be MustEncrypt true and ExposeForDisplay false?

jagger commented 1 year ago

https://github.com/thycotic-ps/thycotic.secretserver/blob/996427548cdefd482d1c0b14ec0824e7a4633e82/src/Thycotic.SecretServer.Types.ps1xml#L113

ExposeForDisplay is an alias for MustEncrypt so the values would be the same when pulled even though the meanings are opposite

PS > $xnine |  Select-Object FieldSlugName, MustEncrypt, ExposeForDisplay

FieldSlugName MustEncrypt ExposeForDisplay
------------- ----------- ----------------
notes               False            False

PS > $xnine.ExposeForDisplay = $true
PS > $xnine |  Select-Object FieldSlugName, MustEncrypt, ExposeForDisplay

FieldSlugName MustEncrypt ExposeForDisplay
------------- ----------- ----------------
notes                True             True

PS > $xnine.ExposeForDisplay = $false
PS > $xnine |  Select-Object FieldSlugName, MustEncrypt, ExposeForDisplay

FieldSlugName MustEncrypt ExposeForDisplay
------------- ----------- ----------------
notes               False            False

PS > $xnine.MustEncrypt = $true
PS > $xnine |  Select-Object FieldSlugName, MustEncrypt, ExposeForDisplay

FieldSlugName MustEncrypt ExposeForDisplay
------------- ----------- ----------------
notes                True             True

PS > $xnine.MustEncrypt = $false
PS > $xnine |  Select-Object FieldSlugName, MustEncrypt, ExposeForDisplay

FieldSlugName MustEncrypt ExposeForDisplay
------------- ----------- ----------------
notes               False            False
jagger commented 1 year ago

Closing as resolved, will look into confusing property names in #368