diff --git a/CHANGELOG.md b/CHANGELOG.md index aac39b2a..8dbc49cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,29 @@ - Continued development to encompass any new documented features of the CyberArk API. - psPAS v7.0... +## **6.0.18** + +### Added +- N/A + +### Changed +- `Set-PASSafe` + - Allows `0` as valid value for parameter `NumberOfDaysRetention` +- `Get-PASServerWebService` + - Depreciates Gen1 endpoint from 13.2. Adds Gen2 endpoint as default. +- `Get-PASSafeShareLogo` + - Depreciates command from 13.2. +- `Invoke-PASCPMOperation` + - Depreciates Gen1 endpoint from 13.2. +- `Get-PASAccountActivity` + - Depreciates command from 13.2. +- `Add-PASPendingAccount` + - Depreciates command from 13.2. + +### Fixed +- `Get-PASAccount` + - Resolves issue where, if number of results of a `SavedFilter` are greater than the page size (either default or set via the `limit` parameter), only the URL of the first request sent would include the SavedFilter value. + ## **6.0.4** - Updated diff --git a/Tests/Get-NextLink.Tests.ps1 b/Tests/Get-NextLink.Tests.ps1 index 4ac3011d..9daa7698 100644 --- a/Tests/Get-NextLink.Tests.ps1 +++ b/Tests/Get-NextLink.Tests.ps1 @@ -83,6 +83,16 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { } + It 'includes SavedFilter in request' { + + $InputObj | Get-NextLink -SavedFilter SomeFilter + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:BaseURI)/SomeLink&SavedFilter=SomeFilter" + + } -Times 10 -Exactly -Scope It + } + It 'outputs expected number of results' { $results = $InputObj | Get-NextLink diff --git a/Tests/Get-PASServerWebService.Tests.ps1 b/Tests/Get-PASServerWebService.Tests.ps1 index 900a42d6..ebb15b7f 100644 --- a/Tests/Get-PASServerWebService.Tests.ps1 +++ b/Tests/Get-PASServerWebService.Tests.ps1 @@ -34,20 +34,22 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { } InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { - BeforeEach { - Mock Invoke-PASRestMethod -MockWith { - [PSCustomObject]@{ - 'ServerName' = 'Val1'; - 'ServerID' = 'Val2'; - 'ApplicationName' = 'AppName'; - 'AuthenticationMethods' = 'SomeThing' - } - } - $response = Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp - } Context 'Input' { + BeforeEach { + Mock Invoke-PASRestMethod -MockWith { + [PSCustomObject]@{ + 'ServerName' = 'Val1' + 'ServerID' = 'Val2' + 'ApplicationName' = 'AppName' + 'AuthenticationMethods' = 'SomeThing' + } + } + $Script:BaseURI = 'https://SomeURL/SomeApp' + $response = Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp -UseGen1API + } + It 'sends request' { Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It @@ -58,9 +60,21 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { - $URI -eq "$($Script:BaseURI)/WebServices/PIMServices.svc/Verify" + $URI -eq 'https://SomeURL/SomeApp/WebServices/PIMServices.svc/Verify' - } -Times 1 -Exactly -Scope It + } #-Times 1 -Exactly -Scope It + + } + + It 'sends request to expected Gen2 endpoint' { + + Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:BaseURI)/API/verify/" + + } #-Times 1 -Exactly -Scope It } @@ -80,6 +94,19 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { Context 'Output' { + BeforeEach { + Mock Invoke-PASRestMethod -MockWith { + [PSCustomObject]@{ + 'ServerName' = 'Val1' + 'ServerID' = 'Val2' + 'ApplicationName' = 'AppName' + 'AuthenticationMethods' = 'SomeThing' + } + } + $Script:BaseURI = 'https://SomeURL/SomeApp' + $response = Get-PASServerWebService -BaseURI 'https://SomeURL' -PVWAAppName SomeApp -UseGen1API + } + It 'provides output' { $response | Should -Not -BeNullOrEmpty @@ -88,7 +115,7 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { It 'has output with expected number of properties' { - ($response | Get-Member -MemberType NoteProperty).length | Should -Be 4 + ($response | Get-Member -MemberType NoteProperty).length | Should -Be 5 } diff --git a/docs/collections/_commands/Add-PASPendingAccount.md b/docs/collections/_commands/Add-PASPendingAccount.md index 6fc3a92e..27ff29eb 100644 --- a/docs/collections/_commands/Add-PASPendingAccount.md +++ b/docs/collections/_commands/Add-PASPendingAccount.md @@ -30,6 +30,8 @@ as a pending account to the Accounts Feed. Users can identify privileged accounts and determine which are on-boarded to the vault. +Depreciated from version 13.2 + ## EXAMPLES ### EXAMPLE 1 diff --git a/docs/collections/_commands/Get-PASAccountActivity.md b/docs/collections/_commands/Get-PASAccountActivity.md index dfe4efc4..7ca75939 100644 --- a/docs/collections/_commands/Get-PASAccountActivity.md +++ b/docs/collections/_commands/Get-PASAccountActivity.md @@ -21,6 +21,8 @@ Get-PASAccountActivity [-AccountID] [] ## DESCRIPTION Returns activities for a specific account identified by its AccountID. +Depreciated from version 13.2 + ## EXAMPLES ### EXAMPLE 1 diff --git a/docs/collections/_commands/Get-PASSafeShareLogo.md b/docs/collections/_commands/Get-PASSafeShareLogo.md index 60c82927..96d0151a 100644 --- a/docs/collections/_commands/Get-PASSafeShareLogo.md +++ b/docs/collections/_commands/Get-PASSafeShareLogo.md @@ -21,6 +21,8 @@ Get-PASSafeShareLogo [-ImageType] [] ## DESCRIPTION Gets configuration details of logo displayed in the SafeShare WebGUI +Depreciated from version 13.2 + ## EXAMPLES ### EXAMPLE 1 diff --git a/docs/collections/_commands/Get-PASServerWebService.md b/docs/collections/_commands/Get-PASServerWebService.md index 916861a2..9d21ee64 100644 --- a/docs/collections/_commands/Get-PASServerWebService.md +++ b/docs/collections/_commands/Get-PASServerWebService.md @@ -16,7 +16,7 @@ Returns details of the Web Service ``` Get-PASServerWebService [[-WebSession] ] [-BaseURI] [[-PVWAAppName] ] - [] + [-UseGen1API] [] ``` ## DESCRIPTION @@ -84,6 +84,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -UseGen1API +Force use of Gen1 API for request. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: UseClassicAPI + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Invoke-PASCPMOperation.md b/docs/collections/_commands/Invoke-PASCPMOperation.md index 50acc26b..28284488 100644 --- a/docs/collections/_commands/Invoke-PASCPMOperation.md +++ b/docs/collections/_commands/Invoke-PASCPMOperation.md @@ -90,6 +90,8 @@ Invoke-PASCPMOperation -AccountID $ID -ChangeTask -ImmediateChangeByCPM Yes Marks an account for immediate change using the Gen1 API +Depreciated from version 13.2 + ### EXAMPLE 4 ``` Invoke-PASCPMOperation -AccountID $ID -ChangeTask @@ -260,6 +262,8 @@ Yes/No value, dictating if the account will be scheduled for immediate change. Specify Yes to initiate a password change by CPM - Relevant for Gen1 API only. +Depreciated from version 13.2 + ```yaml Type: String Parameter Sets: ChangeCredentials diff --git a/docs/collections/_commands/Set-PASSafe.md b/docs/collections/_commands/Set-PASSafe.md index 4af499e4..35c463d3 100644 --- a/docs/collections/_commands/Set-PASSafe.md +++ b/docs/collections/_commands/Set-PASSafe.md @@ -194,7 +194,7 @@ Accept wildcard characters: False ### -NumberOfDaysRetention The number of days for which password versions are saved in the Safe. -- Minimum Value: 1 +- Minimum Value: 0 - Maximum Value: 3650 Specify either this parameter or NumberOfVersionsRetention diff --git a/docs/collections/_posts/2023-09-06-pspas-release-6-0.md b/docs/collections/_posts/2023-09-06-pspas-release-6-0.md new file mode 100644 index 00000000..429857e1 --- /dev/null +++ b/docs/collections/_posts/2023-09-06-pspas-release-6-0.md @@ -0,0 +1,57 @@ +--- +title: "psPAS Release 6.0" +date: 2023-10-06 00:00:00 +tags: + - Release Notes + - New-PASSession + - IdentityCommand + - Add-PASSafeMember + - Set-PASSafe + - Get-PASServerWebService + - Get-PASSafeShareLogo + - Invoke-PASCPMOperation + - Get-PASAccountActivity + - Add-PASPendingAccount + - Get-PASAccount + +--- + +## **6.0.18** + +### Added +- N/A + +### Changed +- `Set-PASSafe` + - Allows `0` as valid value for parameter `NumberOfDaysRetention` +- `Get-PASServerWebService` + - Depreciates Gen1 endpoint from 13.2. Adds Gen2 endpoint as default. +- `Get-PASSafeShareLogo` + - Depreciates command from 13.2. +- `Invoke-PASCPMOperation` + - Depreciates Gen1 endpoint from 13.2. +- `Get-PASAccountActivity` + - Depreciates command from 13.2. +- `Add-PASPendingAccount` + - Depreciates command from 13.2. + +### Fixed +- `Get-PASAccount` + - Resolves issue where, if number of results of a `SavedFilter` are greater than the page size (either default or set via the `limit` parameter), only the URL of the first request sent would include the SavedFilter value. + +## **6.0.4** + +- Updated + - `Add-PASSafeMember` + - Adds 'Role' to acceptable values in ParameterSet for `memberType` parameter + +## **6.0.0** + +- Update & Breaking Change + - `New-PASSession` + - **All Privilege Cloud Shared Services Authentication via the CyberArk Identity Platform now depends on the pspete `IdentityCommand` module.** + - Adds Identity User Authentication, using the `IdentityCommand` module to satisfy Identity MFA challenges and obtain required authentication token to use against Privileged Cloud Shared Services. + - Adds logic to determine correct Identity tenant URL based on provided Privileged Cloud Subdomain value. + - Both Privileged Cloud API URL & Identity Portal URL are required to be specified if subdomain value is not provided. + - Service User authentication for Shared Services introduced in recent previous versions requires installation of `IdentityCommand` module and specification of additional attribute. + - See [the docs](https://pspas.pspete.dev/docs/authentication/#shared-services-authentication) & [New-PASSession](https://pspas.pspete.dev/commands/New-PASSession) for full details. \ No newline at end of file diff --git a/psPAS/Functions/Accounts/Add-PASPendingAccount.ps1 b/psPAS/Functions/Accounts/Add-PASPendingAccount.ps1 index 6235961d..6494dc73 100644 --- a/psPAS/Functions/Accounts/Add-PASPendingAccount.ps1 +++ b/psPAS/Functions/Accounts/Add-PASPendingAccount.ps1 @@ -138,7 +138,10 @@ function Add-PASPendingAccount { [string]$MachineOSFamily ) - BEGIN { }#begin + BEGIN { + #!Depreciated above 13.2 + Assert-VersionRequirement -MaximumVersion 13.2 + }#begin PROCESS { diff --git a/psPAS/Functions/Accounts/Get-PASAccount.ps1 b/psPAS/Functions/Accounts/Get-PASAccount.ps1 index a6f74c1f..093465ab 100644 --- a/psPAS/Functions/Accounts/Get-PASAccount.ps1 +++ b/psPAS/Functions/Accounts/Get-PASAccount.ps1 @@ -280,8 +280,11 @@ function Get-PASAccount { default { + #Get default parameters to pass to Get-NextLink + $DefaultParams = $PSBoundParameters | Get-PASParameter -ParametersToKeep SavedFilter, TimeoutSec + #return list - $return = $Result | Get-NextLink -TimeoutSec $TimeoutSec + $return = $Result | Get-NextLink @DefaultParams break diff --git a/psPAS/Functions/Accounts/Get-PASAccountActivity.ps1 b/psPAS/Functions/Accounts/Get-PASAccountActivity.ps1 index e962bbb2..32d1eb0d 100644 --- a/psPAS/Functions/Accounts/Get-PASAccountActivity.ps1 +++ b/psPAS/Functions/Accounts/Get-PASAccountActivity.ps1 @@ -12,7 +12,10 @@ function Get-PASAccountActivity { ) - BEGIN { }#begin + BEGIN { + #!Depreciated above 13.2 + Assert-VersionRequirement -MaximumVersion 13.2 + }#begin PROCESS { diff --git a/psPAS/Functions/Accounts/Invoke-PASCPMOperation.ps1 b/psPAS/Functions/Accounts/Invoke-PASCPMOperation.ps1 index cae48bc5..5c873cc2 100644 --- a/psPAS/Functions/Accounts/Invoke-PASCPMOperation.ps1 +++ b/psPAS/Functions/Accounts/Invoke-PASCPMOperation.ps1 @@ -127,6 +127,9 @@ function Invoke-PASCPMOperation { 'ChangeCredentials' { + #!Depreciated above 13.2 + Assert-VersionRequirement -MaximumVersion 13.2 + #add ImmediateChangeByCPM to header as key=value pair $ThisRequest['WebSession'].Headers['ImmediateChangeByCPM'] = $ImmediateChangeByCPM diff --git a/psPAS/Functions/Safes/Set-PASSafe.ps1 b/psPAS/Functions/Safes/Set-PASSafe.ps1 index e26101b3..b7d7ea1b 100644 --- a/psPAS/Functions/Safes/Set-PASSafe.ps1 +++ b/psPAS/Functions/Safes/Set-PASSafe.ps1 @@ -75,7 +75,7 @@ function Set-PASSafe { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen1-NumberOfDaysRetention' )] - [ValidateRange(1, 3650)] + [ValidateRange(0, 3650)] [int]$NumberOfDaysRetention, [parameter( diff --git a/psPAS/Functions/ServerWebServices/Get-PASSafeShareLogo.ps1 b/psPAS/Functions/ServerWebServices/Get-PASSafeShareLogo.ps1 index c36b0ef6..f328584f 100644 --- a/psPAS/Functions/ServerWebServices/Get-PASSafeShareLogo.ps1 +++ b/psPAS/Functions/ServerWebServices/Get-PASSafeShareLogo.ps1 @@ -9,7 +9,10 @@ function Get-PASSafeShareLogo { [String]$ImageType ) - BEGIN { }#begin + BEGIN { + #!Depreciated above 13.2 + Assert-VersionRequirement -MaximumVersion 13.2 + }#begin PROCESS { diff --git a/psPAS/Functions/ServerWebServices/Get-PASServerWebService.ps1 b/psPAS/Functions/ServerWebServices/Get-PASServerWebService.ps1 index a17f77c4..00e48483 100644 --- a/psPAS/Functions/ServerWebServices/Get-PASServerWebService.ps1 +++ b/psPAS/Functions/ServerWebServices/Get-PASServerWebService.ps1 @@ -18,15 +18,41 @@ function Get-PASServerWebService { Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] - [string]$PVWAAppName = 'PasswordVault' + [string]$PVWAAppName = 'PasswordVault', + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('UseClassicAPI')] + [switch]$UseGen1API + ) BEGIN { }#begin PROCESS { - #Create URL for request - $URI = "$BaseURI/$PVWAAppName/WebServices/PIMServices.svc/Verify" + switch ($PSBoundParameters.Keys) { + + 'UseGen1API' { + #!Depreciated above 13.2 + Assert-VersionRequirement -MaximumVersion 13.2 + + #Create URL for request + $URI = "$BaseURI/$PVWAAppName/WebServices/PIMServices.svc/Verify" + + break + } + + default { + + #Create URL for request + $URI = "$BaseURI/$PVWAAppName/API/verify/" + + } + + } #send request to web service $result = Invoke-PASRestMethod -Uri $URI -Method GET -WebSession $WebSession @@ -34,7 +60,7 @@ function Get-PASServerWebService { If ($null -ne $result) { #return results - $result | Select-Object ServerName, ServerId, ApplicationName , AuthenticationMethods + $result | Select-Object ServerName, ServerId, ApplicationName , AuthenticationMethods, Features } diff --git a/psPAS/Private/Get-NextLink.ps1 b/psPAS/Private/Get-NextLink.ps1 index 163e3286..2a68c559 100644 --- a/psPAS/Private/Get-NextLink.ps1 +++ b/psPAS/Private/Get-NextLink.ps1 @@ -11,6 +11,9 @@ Function Get-NextLink { .PARAMETER InitialResult The value of the initial result containing the `nextLink` property + .PARAMETER SavedFilter + A value matching a configured Saved Filters + .PARAMETER TimeoutSec See Invoke-WebRequest Specify a timeout value in seconds @@ -28,6 +31,12 @@ Function Get-NextLink { )] $InitialResult, + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [string]$SavedFilter, + [parameter( Mandatory = $false, ValueFromPipelineByPropertyName = $false @@ -47,9 +56,22 @@ Function Get-NextLink { #iterate any nextLinks $NextLink = $InitialResult.nextLink + #!SavedFilter is not inclduded in NextLink value. + #* Create a query parameter for SavedFilter to include in URL + $queryString = $PSBoundParameters | Get-PASParameter -ParametersToKeep SavedFilter | ConvertTo-QueryString + While ( $null -ne $NextLink ) { $URI = "$Script:BaseURI/$NextLink" + + #*If there is a SavedFilter querystring, append it to the URL + If ($null -ne $queryString) { + + #Build URL from base URL/NextLink + $URI = "$URI`&$queryString" + + } + $NextResult = Invoke-PASRestMethod -Uri $URI -Method GET -WebSession $Script:WebSession -TimeoutSec $TimeoutSec $NextLink = $NextResult.nextLink $null = $Result.AddRange(($NextResult.value)) diff --git a/psPAS/en-US/psPAS-help.xml b/psPAS/en-US/psPAS-help.xml index adb8f009..41900819 100644 --- a/psPAS/en-US/psPAS-help.xml +++ b/psPAS/en-US/psPAS-help.xml @@ -5288,6 +5288,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( Enables an account or SSH key that is discovered by an external scanner to be added as a pending account to the Accounts Feed. Users can identify privileged accounts and determine which are on-boarded to the vault. + Depreciated from version 13.2 @@ -11616,6 +11617,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn Returns activities for a specific account identified by its AccountID. + Depreciated from version 13.2 @@ -17858,6 +17860,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn Gets configuration details of logo displayed in the SafeShare WebGUI + Depreciated from version 13.2 @@ -18018,6 +18021,17 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn PasswordVault + + UseGen1API + + Force use of Gen1 API for request. + + + SwitchParameter + + + False + @@ -18059,6 +18073,18 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn PasswordVault + + UseGen1API + + Force use of Gen1 API for request. + + SwitchParameter + + SwitchParameter + + + False + @@ -19097,6 +19123,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess Yes/No value, dictating if the account will be scheduled for immediate change. Specify Yes to initiate a password change by CPM - Relevant for Gen1 API only. + Depreciated from version 13.2 String @@ -19510,6 +19537,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess Yes/No value, dictating if the account will be scheduled for immediate change. Specify Yes to initiate a password change by CPM - Relevant for Gen1 API only. + Depreciated from version 13.2 String @@ -19598,6 +19626,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess Invoke-PASCPMOperation -AccountID $ID -ChangeTask -ImmediateChangeByCPM Yes Marks an account for immediate change using the Gen1 API + Depreciated from version 13.2 @@ -35429,7 +35458,7 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector NumberOfDaysRetention The number of days for which password versions are saved in the Safe. - - Minimum Value: 1 + - Minimum Value: 0 - Maximum Value: 3650 Specify either this parameter or NumberOfVersionsRetention @@ -35548,7 +35577,7 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector NumberOfDaysRetention The number of days for which password versions are saved in the Safe. - - Minimum Value: 1 + - Minimum Value: 0 - Maximum Value: 3650 Specify either this parameter or NumberOfVersionsRetention @@ -35678,7 +35707,7 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector NumberOfDaysRetention The number of days for which password versions are saved in the Safe. - - Minimum Value: 1 + - Minimum Value: 0 - Maximum Value: 3650 Specify either this parameter or NumberOfVersionsRetention