6.0 Update 2 (#497)

* Patch-491 (#492)

When querying accounts with a `SavedFilter`, this update adds the `SavedFilter` value to any `NextLink` URL values which are followed to obtain the full result set.

Resolves issue where, if number of results of a `SavedFilter` are greater than the page size (either default or set via the `limit` parameter), only the URL of the first request sent includes the SavedFilter value.

Reported via #491

* ✨ ♻️ UPDATE Set-PASSafe

Updates ValidateRange attribute of `NumberOfDaysRetention` parameter to allow values of `0` to be provided.

Reported via #450
Resolves #493

* Depreciate Commands (#496)

* ➖ ⬇️ Depreciate Gen1 Commands

Depreciate commands from 13.2 onwards, as detailed in 13.2 release notes.
Adds default logic to `Get-PASServerWebService` to target `Gen2` API by default.

* Update Get-PASServerWebService.Tests.ps1

* 💚 👷  UPDATE Get-PASServerWebService

Fixing tests

* UPDATE Help Set-PASSafe

Updates help for Set-PASSafe

CHANGELOG.md

@@ -5,6 +5,29 @@
 - Continued development to encompass any new documented features of the CyberArk API.
 - psPAS v7.0...
 
+## **6.0.18**
+
+### Added
+- N/A
+
+### Changed
+- `Set-PASSafe`
+  - Allows `0` as valid value for parameter `NumberOfDaysRetention`
+- `Get-PASServerWebService`
+  - Depreciates Gen1 endpoint from 13.2. Adds Gen2 endpoint as default.
+- `Get-PASSafeShareLogo`
+  - Depreciates command from 13.2.
+- `Invoke-PASCPMOperation`
+  - Depreciates Gen1 endpoint from 13.2.
+- `Get-PASAccountActivity`
+  - Depreciates command from 13.2.
+- `Add-PASPendingAccount`
+  - Depreciates command from 13.2.
+
+### Fixed
+- `Get-PASAccount`
+  - Resolves issue where, if number of results of a `SavedFilter` are greater than the page size (either default or set via the `limit` parameter), only the URL of the first request sent would include the SavedFilter value.
+
 ## **6.0.4**
 
 - Updated

Tests/Get-NextLink.Tests.ps1

@@ -83,6 +83,16 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') {
 
 			}
 
+			It 'includes SavedFilter in request' {
+
+				$InputObj | Get-NextLink -SavedFilter SomeFilter
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					$URI -eq "$($Script:BaseURI)/SomeLink&SavedFilter=SomeFilter"
+
+				} -Times 10 -Exactly -Scope It
+			}
+
 			It 'outputs expected number of results' {
 
 				$results = $InputObj | Get-NextLink

Tests/Get-PASServerWebService.Tests.ps1

@@ -34,20 +34,22 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') {
 	}
 
 	InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) {
-		BeforeEach {
-			Mock Invoke-PASRestMethod -MockWith {
-				[PSCustomObject]@{
-					'ServerName'            = 'Val1';
-					'ServerID'              = 'Val2';
-					'ApplicationName'       = 'AppName';
-					'AuthenticationMethods' = 'SomeThing'
-				}
-			}
 
-			$response = Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp
-		}
 		Context 'Input' {
 
+			BeforeEach {
+				Mock Invoke-PASRestMethod -MockWith {
+					[PSCustomObject]@{
+						'ServerName'            = 'Val1'
+						'ServerID'              = 'Val2'
+						'ApplicationName'       = 'AppName'
+						'AuthenticationMethods' = 'SomeThing'
+					}
+				}
+				$Script:BaseURI = 'https://SomeURL/SomeApp'
+				$response = Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp -UseGen1API
+			}
+
 			It 'sends request' {
 
 				Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It
@@ -58,9 +60,21 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') {
 
 				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
 
-					$URI -eq "$($Script:BaseURI)/WebServices/PIMServices.svc/Verify"
+					$URI -eq 'https://SomeURL/SomeApp/WebServices/PIMServices.svc/Verify'
 
-				} -Times 1 -Exactly -Scope It
+				} #-Times 1 -Exactly -Scope It
+
+			}
+
+			It 'sends request to expected Gen2 endpoint' {
+
+				Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp
+
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					$URI -eq "$($Script:BaseURI)/API/verify/"
+
+				} #-Times 1 -Exactly -Scope It
 
 			}
 
@@ -80,6 +94,19 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') {
 
 		Context 'Output' {
 
+			BeforeEach {
+				Mock Invoke-PASRestMethod -MockWith {
+					[PSCustomObject]@{
+						'ServerName'            = 'Val1'
+						'ServerID'              = 'Val2'
+						'ApplicationName'       = 'AppName'
+						'AuthenticationMethods' = 'SomeThing'
+					}
+				}
+				$Script:BaseURI = 'https://SomeURL/SomeApp'
+				$response = Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp -UseGen1API
+			}
+
 			It 'provides output' {
 
 				$response | Should -Not -BeNullOrEmpty
@@ -88,7 +115,7 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') {
 
 			It 'has output with expected number of properties' {
 
-				($response | Get-Member -MemberType NoteProperty).length | Should -Be 4
+				($response | Get-Member -MemberType NoteProperty).length | Should -Be 5
 
 			}
 

docs/collections/_commands/Add-PASPendingAccount.md

@@ -30,6 +30,8 @@ as a pending account to the Accounts Feed.
 
 Users can identify privileged accounts and determine which are on-boarded to the vault.
 
+Depreciated from version 13.2
+
 ## EXAMPLES
 
 ### EXAMPLE 1

docs/collections/_commands/Get-PASAccountActivity.md

@@ -21,6 +21,8 @@ Get-PASAccountActivity [-AccountID] <String> [<CommonParameters>]
 ## DESCRIPTION
 Returns activities for a specific account identified by its AccountID.
 
+Depreciated from version 13.2
+
 ## EXAMPLES
 
 ### EXAMPLE 1

docs/collections/_commands/Get-PASSafeShareLogo.md

@@ -21,6 +21,8 @@ Get-PASSafeShareLogo [-ImageType] <String> [<CommonParameters>]
 ## DESCRIPTION
 Gets configuration details of logo displayed in the SafeShare WebGUI
 
+Depreciated from version 13.2
+
 ## EXAMPLES
 
 ### EXAMPLE 1

docs/collections/_commands/Get-PASServerWebService.md

@@ -16,7 +16,7 @@ Returns details of the Web Service
 
 ```
 Get-PASServerWebService [[-WebSession] <WebRequestSession>] [-BaseURI] <String> [[-PVWAAppName] <String>]
- [<CommonParameters>]
+ [-UseGen1API] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -84,6 +84,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -UseGen1API
+Force use of Gen1 API for request.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: UseClassicAPI
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 

docs/collections/_commands/Invoke-PASCPMOperation.md

@@ -90,6 +90,8 @@ Invoke-PASCPMOperation -AccountID $ID -ChangeTask -ImmediateChangeByCPM Yes
 
 Marks an account for immediate change using the Gen1 API
 
+Depreciated from version 13.2
+
 ### EXAMPLE 4
 ```
 Invoke-PASCPMOperation -AccountID $ID -ChangeTask
@@ -260,6 +262,8 @@ Yes/No value, dictating if the account will be scheduled for immediate change.
 
 Specify Yes to initiate a password change by CPM - Relevant for Gen1 API only.
 
+Depreciated from version 13.2
+
 ```yaml
 Type: String
 Parameter Sets: ChangeCredentials

docs/collections/_commands/Set-PASSafe.md

@@ -194,7 +194,7 @@ Accept wildcard characters: False
 ### -NumberOfDaysRetention
 The number of days for which password versions are saved in the Safe.
 
-- Minimum Value: 1
+- Minimum Value: 0
 - Maximum Value: 3650
 Specify either this parameter or NumberOfVersionsRetention
 

docs/collections/_posts/2023-09-06-pspas-release-6-0.md

@@ -0,0 +1,57 @@
+---
+title:  "psPAS Release 6.0"
+date:   2023-10-06 00:00:00
+tags:
+  - Release Notes
+  - New-PASSession
+  - IdentityCommand
+  - Add-PASSafeMember
+  - Set-PASSafe
+  - Get-PASServerWebService
+  - Get-PASSafeShareLogo
+  - Invoke-PASCPMOperation
+  - Get-PASAccountActivity
+  - Add-PASPendingAccount
+  - Get-PASAccount
+
+---
+
+## **6.0.18**
+
+### Added
+- N/A
+
+### Changed
+- `Set-PASSafe`
+  - Allows `0` as valid value for parameter `NumberOfDaysRetention`
+- `Get-PASServerWebService`
+  - Depreciates Gen1 endpoint from 13.2. Adds Gen2 endpoint as default.
+- `Get-PASSafeShareLogo`
+  - Depreciates command from 13.2.
+- `Invoke-PASCPMOperation`
+  - Depreciates Gen1 endpoint from 13.2.
+- `Get-PASAccountActivity`
+  - Depreciates command from 13.2.
+- `Add-PASPendingAccount`
+  - Depreciates command from 13.2.
+
+### Fixed
+- `Get-PASAccount`
+  - Resolves issue where, if number of results of a `SavedFilter` are greater than the page size (either default or set via the `limit` parameter), only the URL of the first request sent would include the SavedFilter value.
+
+## **6.0.4**
+
+- Updated
+  - `Add-PASSafeMember`
+    - Adds 'Role' to acceptable values in ParameterSet for `memberType` parameter
+
+## **6.0.0**
+
+- Update & Breaking Change
+  - `New-PASSession`
+    - **All Privilege Cloud Shared Services Authentication via the CyberArk Identity Platform now depends on the pspete `IdentityCommand` module.**
+    - Adds Identity User Authentication, using the `IdentityCommand` module to satisfy Identity MFA challenges and obtain required authentication token to use against Privileged Cloud Shared Services.
+    - Adds logic to determine correct Identity tenant URL based on provided Privileged Cloud Subdomain value.
+    - Both Privileged Cloud API URL & Identity Portal URL are required to be specified if subdomain value is not provided.
+    - Service User authentication for Shared Services introduced in recent previous versions requires installation of `IdentityCommand` module and specification of additional attribute.
+    - See [the docs](https://pspas.pspete.dev/docs/authentication/#shared-services-authentication) & [New-PASSession](https://pspas.pspete.dev/commands/New-PASSession) for full details.

psPAS/Functions/Accounts/Add-PASPendingAccount.ps1

@@ -138,7 +138,10 @@ function Add-PASPendingAccount {
 		[string]$MachineOSFamily
 	)
 
-	BEGIN { }#begin
+	BEGIN {
+		#!Depreciated above 13.2
+		Assert-VersionRequirement -MaximumVersion 13.2
+	}#begin
 
 	PROCESS {
 

psPAS/Functions/Accounts/Get-PASAccount.ps1

@@ -280,8 +280,11 @@ function Get-PASAccount {
 
 				default {
 
+					#Get default parameters to pass to Get-NextLink
+					$DefaultParams = $PSBoundParameters | Get-PASParameter -ParametersToKeep SavedFilter, TimeoutSec
+
 					#return list
-					$return = $Result | Get-NextLink -TimeoutSec $TimeoutSec
+					$return = $Result | Get-NextLink @DefaultParams
 
 					break
 

psPAS/Functions/Accounts/Get-PASAccountActivity.ps1

@@ -12,7 +12,10 @@ function Get-PASAccountActivity {
 
 	)
 
-	BEGIN { }#begin
+	BEGIN {
+		#!Depreciated above 13.2
+		Assert-VersionRequirement -MaximumVersion 13.2
+	}#begin
 
 	PROCESS {
 

psPAS/Functions/Accounts/Invoke-PASCPMOperation.ps1

@@ -127,6 +127,9 @@ function Invoke-PASCPMOperation {
 
 			'ChangeCredentials' {
 
+				#!Depreciated above 13.2
+				Assert-VersionRequirement -MaximumVersion 13.2
+
 				#add ImmediateChangeByCPM to header as key=value pair
 				$ThisRequest['WebSession'].Headers['ImmediateChangeByCPM'] = $ImmediateChangeByCPM
 

psPAS/Functions/Safes/Set-PASSafe.ps1

@@ -75,7 +75,7 @@ function Set-PASSafe {
 			ValueFromPipelinebyPropertyName = $true,
 			ParameterSetName = 'Gen1-NumberOfDaysRetention'
 		)]
-		[ValidateRange(1, 3650)]
+		[ValidateRange(0, 3650)]
 		[int]$NumberOfDaysRetention,
 
 		[parameter(

psPAS/Functions/ServerWebServices/Get-PASSafeShareLogo.ps1

@@ -9,7 +9,10 @@ function Get-PASSafeShareLogo {
 		[String]$ImageType
 	)
 
-	BEGIN { }#begin
+	BEGIN {
+		#!Depreciated above 13.2
+		Assert-VersionRequirement -MaximumVersion 13.2
+	}#begin
 
 	PROCESS {
 

psPAS/Functions/ServerWebServices/Get-PASServerWebService.ps1

@@ -18,23 +18,49 @@ function Get-PASServerWebService {
 			Mandatory = $false,
 			ValueFromPipelinebyPropertyName = $true
 		)]
-		[string]$PVWAAppName = 'PasswordVault'
+		[string]$PVWAAppName = 'PasswordVault',
+
+		[parameter(
+			Mandatory = $false,
+			ValueFromPipelinebyPropertyName = $true
+		)]
+		[Alias('UseClassicAPI')]
+		[switch]$UseGen1API
+
 	)
 
 	BEGIN { }#begin
 
 	PROCESS {
 
-		#Create URL for request
-		$URI = "$BaseURI/$PVWAAppName/WebServices/PIMServices.svc/Verify"
+		switch ($PSBoundParameters.Keys) {
+
+			'UseGen1API' {
+				#!Depreciated above 13.2
+				Assert-VersionRequirement -MaximumVersion 13.2
+
+				#Create URL for request
+				$URI = "$BaseURI/$PVWAAppName/WebServices/PIMServices.svc/Verify"
+
+				break
+			}
+
+			default {
+
+				#Create URL for request
+				$URI = "$BaseURI/$PVWAAppName/API/verify/"
+
+			}
+
+		}
 
 		#send request to web service
 		$result = Invoke-PASRestMethod -Uri $URI -Method GET -WebSession $WebSession
 
 		If ($null -ne $result) {
 
 			#return results
-			$result | Select-Object ServerName, ServerId, ApplicationName , AuthenticationMethods
+			$result | Select-Object ServerName, ServerId, ApplicationName , AuthenticationMethods, Features
 
 		}