Merge pull request #282 from pspete/dev

New Version

CHANGELOG.md

@@ -2,8 +2,35 @@
 
 ## Planned Updates
 
-- Continued development to encompass any capability updates released for the CyberArk API.
-- psPAS v4.0...
+- Update for PAS 11.5
+- Continued development to encompass any new documented features of the CyberArk API.
+- psPAS v5.0...
+
+## **4.0.0** (July 1st 2020)
+
+### Module update to cover CyberArk 11.4 API features
+
+- **Breaking Changes**
+  - `Get-PASSafeMember`, `Add-PASSafeMember` & `Set-PASSafeMember`: Output Changed
+    - "Permission" property of returned object now contains a nested property=value pair for each permission instead of an array containing only the name of the assigned permissions.
+    - Existing scripts which rely on the legacy array value of the `Permissions` property when working with the `*-PASSafeMember` functions must either be updated to work with the new output or use an earlier compatible psPAS version.
+
+- New Function
+  - Added `Set-PASPTAEvent`
+    - Appeared in 11.3
+    - Set status of PTA events
+
+- Updated Functions
+  - `New-PASSession`
+    - Adds support for updated saml auth updated in 11.4
+  - `Get-PASPTAEvent`
+    - Adds newly documented parameters for 11.4 and updates request format for filtering events
+
+- Fixes
+  - `Set-PASUser`
+    - Corrects issue where an incorrectly formed json body was being sent with the request if using the parameters introduced in psPAS 3.3.88.
+  - `Add-PASSafeMember` & `Set-PASSafeMember`
+    - Update ensures json body of request is always sent with the permission properties statically ordered.
 
 ## 3.5.8 (April 2nd 2020)
 

README.md

@@ -4,7 +4,7 @@
 
 Use PowerShell to manage CyberArk via the Web Services REST API.
 
-Contains all published methods of the API up to CyberArk v11.3.
+Contains all published methods of the API up to CyberArk v11.4.
 
 Docs: [https://pspas.pspete.dev](https://pspas.pspete.dev)
 
@@ -188,7 +188,7 @@ Get-PASSafeMember -SafeName 3_TestSafe_028_XYJ -MemberName ACC-G-3_TestSafe_028_
 
 UserName                     SafeName           Permissions
 --------                     --------           -----------
-ACC-G-3_TestSafe_028_XYJ-Usr 3_TestSafe_028_XYJ {UseAccounts, RetrieveAccounts, ListAccounts, ViewAuditLog…}
+ACC-G-3_TestSafe_028_XYJ-Usr 3_TestSafe_028_XYJ @{Add=True; AddRenameFolder=True; BackupSafe=True...}
 ````
 
 ##### Users
@@ -321,7 +321,7 @@ Add-PASSafeMember -SafeName NewSafe -MemberName NewMember -UseAccounts $false -L
 
 MemberName SearchIn SafeName Permissions
 ---------- -------- -------- -----------
-NewMember  vault    NewSafe  {ListAccounts, ViewAuditLog, ViewSafeMembers}
+NewMember  vault    NewSafe  @{Add=True; AddRenameFolder=True; BackupSafe=True...}
 ````
 
 ##### Update Accounts
@@ -432,12 +432,12 @@ Where-Object{ Get-PASGroup -search $_.UserName -filter 'groupType eq Directory'
 
 UserName                     SafeName           Permissions
 --------                     --------           -----------
-ACC-G-1_TestSafe_049_JXW-Usr 1_TestSafe_049_JXW {ListContent, RestrictedRetrieve, Retrieve, ViewAudit…}
-ACC-G-1_TestSafe_049_JXW-Adm 1_TestSafe_049_JXW {ListContent, RestrictedRetrieve, Retrieve, Unlock…}
-ACC-G-2_TestSafe_049_JXW-Usr 2_TestSafe_049_JXW {ListContent, RestrictedRetrieve, Retrieve, ViewAudit…}
-ACC-G-2_TestSafe_049_JXW-Adm 2_TestSafe_049_JXW {ListContent, RestrictedRetrieve, Retrieve, Unlock…}
-ACC-G-3_TestSafe_049_JXW-Usr 3_TestSafe_049_JXW {ListContent, RestrictedRetrieve, Retrieve, ViewAudit…}
-ACC-G-3_TestSafe_049_JXW-Adm 3_TestSafe_049_JXW {ListContent, RestrictedRetrieve, Retrieve, Unlock…}
+ACC-G-1_TestSafe_049_JXW-Usr 1_TestSafe_049_JXW @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+ACC-G-1_TestSafe_049_JXW-Adm 1_TestSafe_049_JXW @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+ACC-G-2_TestSafe_049_JXW-Usr 2_TestSafe_049_JXW @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+ACC-G-2_TestSafe_049_JXW-Adm 2_TestSafe_049_JXW @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+ACC-G-3_TestSafe_049_JXW-Usr 3_TestSafe_049_JXW @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+ACC-G-3_TestSafe_049_JXW-Adm 3_TestSafe_049_JXW @{Add=True; AddRenameFolder=True; BackupSafe=True...}
 ````
 
 - Multiple `psPAS` commands can be used together, along with standard PowerShell CmdLets:
@@ -451,20 +451,20 @@ Add-PASGroupMember -GroupName PVWAMonitor
 Get-PASAccount -id 330_5 | Get-PASSafe | Get-PASSafeMember
 
 UserName             SafeName    Permissions
---------             --------    -----------
-Master               ApproveTest {Add, AddRenameFolder, BackupSafe, Delete...}
-Batch                ApproveTest {Add, AddRenameFolder, BackupSafe, Delete...}
-Backup Users         ApproveTest BackupSafe
-Auditors             ApproveTest {ListContent, ViewAudit, ViewMembers}
-Operators            ApproveTest {AddRenameFolder, DeleteFolder, ManageSafe, MoveFilesAndFolders...}
-DR Users             ApproveTest BackupSafe
-Notification Engines ApproveTest {ListContent, ViewAudit, ViewMembers}
-PVWAGWAccounts       ApproveTest {ListContent, ViewAudit, ViewMembers}
-PasswordManager      ApproveTest {Add, AddRenameFolder, Delete, DeleteFolder...}
-SafeAdmin            ApproveTest {Add, AddRenameFolder, BackupSafe, Delete...}
-SafeAdmin1           ApproveTest {Add, AddRenameFolder, BackupSafe, Delete...}
-zApprover_1          ApproveTest {ListContent, ViewAudit, ViewMembers}
-xReq                 ApproveTest {ListContent, RestrictedRetrieve, Retrieve, ViewAudit...}
+--------             --------    ---------- -
+Master               ApproveTest @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+Batch                ApproveTest @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+Backup Users         ApproveTest @{Add=False; AddRenameFolder=False; BackupSafe=True...}
+Auditors             ApproveTest @{Add=False; AddRenameFolder=False; BackupSafe=False...}
+Operators            ApproveTest @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+DR Users             ApproveTest @{Add=False; AddRenameFolder=False; BackupSafe=True...}
+Notification Engines ApproveTest @{Add=False; AddRenameFolder=False; BackupSafe=False...}
+PVWAGWAccounts       ApproveTest @{Add=False; AddRenameFolder=False; BackupSafe=False...}
+PasswordManager      ApproveTest @{Add=False; AddRenameFolder=True; BackupSafe=False...}
+SafeAdmin            ApproveTest @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+SafeAdmin1           ApproveTest @{Add=True; AddRenameFolder=True; BackupSafe=True...}
+zApprover_1          ApproveTest @{Add=False; AddRenameFolder=False; BackupSafe=False...}
+xReq                 ApproveTest @{Add=False; AddRenameFolder=False; BackupSafe=False...}
 ````
 
 ### Advanced Examples
@@ -586,13 +586,13 @@ $Role1 | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn Vault
 
 MemberName SearchIn SafeName Permissions
 ---------- -------- -------- -----------
-User23     Vault    NewSafe  {UseAccounts, RetrieveAccounts, ListAccounts}
+User23     Vault    NewSafe  @{Add=False; AddRenameFolder=False; BackupSafe=False...}
 
 $Role2 | Add-PASSafeMember -SafeName NewSafe -MemberName SafeAdmin1 -SearchIn Vault
 
 MemberName SearchIn SafeName Permissions
 ---------- -------- -------- -----------
-SafeAdmin1 Vault    NewSafe  {ListAccounts, AddAccounts, UpdateAccountContent, UpdateAccountProperties…}
+SafeAdmin1 Vault    NewSafe  @{Add=True; AddRenameFolder=True; BackupSafe=True...}
 ````
 
 ![psPAS](docs/assets/images/shop_banner_symbol.png)
@@ -822,7 +822,8 @@ Check the output of `Get-Help` for the `psPAS` functions for further details of
 [`Add-PASDirectory`][Add-PASDirectory]                                                   |**10.4**            |Add a new LDAP directory
 [`New-PASDirectoryMapping`][New-PASDirectoryMapping]                                     |**10.4**            |Create a new LDAP directory mapping
 [`Add-PASPTARule`][Add-PASPTARule]                                                       |**10.4**            |Add a new Risky Commandrule to PTA
-[`Get-PASPTAEvent`][Get-PASPTAEvent]                                                     |**10.3**            |Get security eventsfrom PTA
+[`Get-PASPTAEvent`][Get-PASPTAEvent]                                                     |**10.3**            |Get security events from PTA
+[`Set-PASPTAEvent`][Set-PASPTAEvent]                                                     |**11.3**            |Set PTA security event status
 [`Get-PASPTARemediation`][Get-PASPTARemediation]                                         |**10.4**            |Get automatic response config from PTA
 [`Get-PASPTARule`][Get-PASPTARule]                                                       |**10.4**            |List Risky Command rules from PTA
 [`Set-PASPTARemediation`][Set-PASPTARemediation]                                         |**10.4**            |Update automaticresponse config in PTA
@@ -838,17 +839,17 @@ Check the output of `Get-Help` for the `psPAS` functions for further details of
 [`Get-PASPSMRecordingProperty`][Get-PASPSMRecordingProperty]                             |**10.6**            |Get property details from a PSM Recording.
 [`Export-PASPSMRecording`][Export-PASPSMRecording]                                       |**10.6**            |Save PSM Session Recording to a file.
 [`Request-PASAdHocAccess`][Request-PASAdHocAccess]                                       |**10.6**            |Request temporary access to a server.
-[`Get-PASDirectoryMapping`][Get-PASDirectoryMapping]                                     |**10.7**            |Get details of configureddirectory mappings.
-[`Set-PASDirectoryMapping`][Set-PASDirectoryMapping]                                     |**10.7**            |Update a configureddirectory mapping.
+[`Get-PASDirectoryMapping`][Get-PASDirectoryMapping]                                     |**10.7**            |Get details of configured directory mappings.
+[`Set-PASDirectoryMapping`][Set-PASDirectoryMapping]                                     |**10.7**            |Update a configured directory mapping.
 [`Remove-PASDirectory`][Remove-PASDirectory]                                             |**10.7**            |Delete a directory configuration.
 [`Find-PASSafe`][Find-PASSafe]                                                           |**10.1**            |List or Search Safes by name.
 [`Set-PASDirectoryMappingOrder`][Set-PASDirectoryMappingOrder]                           |**10.10**           |Reorder Directory Mappings
 [`Set-PASUserPassword`][Set-PASUserPassword]                                             |**10.10**           |Reset a User's Password
 [`New-PASGroup`][New-PASGroup]                                                           |**11.1**            |Create a new CyberArk group
 [`Get-PASPlatformSafe`][Get-PASPlatformSafe]                                             |**11.1**            |List details for all platforms
 [`Remove-PASDirectoryMapping`][Remove-PASDirectoryMapping]                               |**11.1**            |Deletes a Directory Mapping
-[`Enable-PASCPMAutoManagement`][Enable-PASCPMAutoManagement]                             |**10.4**            |Enables Automatic CPM Managment for an account
-[`Disable-PASCPMAutoManagement`][Disable-PASCPMAutoManagement]                           |**10.4**            |Disables Automatic CPM Managment for an account
+[`Enable-PASCPMAutoManagement`][Enable-PASCPMAutoManagement]                             |**10.4**            |Enables Automatic CPM Management for an account
+[`Disable-PASCPMAutoManagement`][Disable-PASCPMAutoManagement]                           |**10.4**            |Disables Automatic CPM Management for an account
 [`Test-PASPSMRecording`][Test-PASPSMRecording]                                           | **11.2**           |Determine validity of PSM Session Recording
 
 [New-PASSession]:/psPAS/Functions/Authentication/New-PASSession.ps1
@@ -928,6 +929,7 @@ Check the output of `Get-Help` for the `psPAS` functions for further details of
 [New-PASDirectoryMapping]:/psPAS/Functions/LDAPDirectories/New-PASDirectoryMapping.ps1
 [Add-PASPTARule]:/psPAS/Functions/EventSecurity/Add-PASPTARule.ps1
 [Get-PASPTAEvent]:/psPAS/Functions/EventSecurity/Get-PASPTAEvent.ps1
+[Set-PASPTAEvent]:/psPAS/Functions/EventSecurity/Set-PASPTAEvent.ps1
 [Get-PASPTARemediation]:/psPAS/Functions/EventSecurity/Get-PASPTARemediation.ps1
 [Get-PASPTARule]:/psPAS/Functions/EventSecurity/Get-PASPTARule.ps1
 [Set-PASPTARemediation]:/psPAS/Functions/EventSecurity/Set-PASPTARemediation.ps1

Tests/Add-PASAccount.Tests.ps1

@@ -1,42 +1,39 @@
-#Get Current Directory
-$Here = Split-Path -Parent $MyInvocation.MyCommand.Path
+Describe $($PSCommandPath -Replace ".Tests.ps1") {
 
-#Get Function Name
-$FunctionName = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -Replace ".Tests.ps1"
+	BeforeAll {
+		#Get Current Directory
+		$Here = Split-Path -Parent $PSCommandPath
 
-#Assume ModuleName from Repository Root folder
-$ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf
+		#Assume ModuleName from Repository Root folder
+		$ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf
 
-#Resolve Path to Module Directory
-$ModulePath = Resolve-Path "$Here\..\$ModuleName"
+		#Resolve Path to Module Directory
+		$ModulePath = Resolve-Path "$Here\..\$ModuleName"
 
-#Define Path to Module Manifest
-$ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1"
+		#Define Path to Module Manifest
+		$ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1"
 
-if ( -not (Get-Module -Name $ModuleName -All)) {
+		if ( -not (Get-Module -Name $ModuleName -All)) {
 
-	Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop
+			Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop
 
-}
-
-BeforeAll {
+		}
 
-	$Script:RequestBody = $null
-	$Script:BaseURI = "https://SomeURL/SomeApp"
-	$Script:ExternalVersion = "0.0"
-	$Script:WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+		$Script:RequestBody = $null
+		$Script:BaseURI = "https://SomeURL/SomeApp"
+		$Script:ExternalVersion = "0.0"
+		$Script:WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession
 
-}
+	}
 
-AfterAll {
 
-	$Script:RequestBody = $null
+	AfterAll {
 
-}
+		$Script:RequestBody = $null
 
-Describe $FunctionName {
+	}
 
-	InModuleScope $ModuleName {
+	InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) {
 
 		Context "Mandatory Parameters" {
 
@@ -46,33 +43,33 @@ Describe $FunctionName {
 
 				param($Parameter)
 
-				(Get-Command Add-PASAccount).Parameters["$Parameter"].Attributes.Mandatory | Should Be $true
+				(Get-Command Add-PASAccount).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true
 
 			}
 
 			It "specifies parameter userName as mandatory for ParameterSet V9" {
 
-				(Get-Command Add-PASAccount).Parameters["UserName"].ParameterSets["V9"].IsMandatory | Should be $true
+				(Get-Command Add-PASAccount).Parameters["UserName"].ParameterSets["V9"].IsMandatory | Should -Be $true
 
 			}
 			It "specifies parameter SafeName as mandatory for ParameterSet V9" {
 
-				(Get-Command Add-PASAccount).Parameters["SafeName"].ParameterSets["V9"].IsMandatory | Should be $true
+				(Get-Command Add-PASAccount).Parameters["SafeName"].ParameterSets["V9"].IsMandatory | Should -Be $true
 
 			}
 			It "specifies parameter SafeName as mandatory for ParameterSet V10" {
 
-				(Get-Command Add-PASAccount).Parameters["SafeName"].ParameterSets["V10"].IsMandatory | Should be $true
+				(Get-Command Add-PASAccount).Parameters["SafeName"].ParameterSets["V10"].IsMandatory | Should -Be $true
 
 			}
 			It "specifies parameter platformID as mandatory for ParameterSet V9" {
 
-				(Get-Command Add-PASAccount).Parameters["platformID"].ParameterSets["V9"].IsMandatory | Should be $true
+				(Get-Command Add-PASAccount).Parameters["platformID"].ParameterSets["V9"].IsMandatory | Should -Be $true
 
 			}
 			It "specifies parameter platformID as mandatory for ParameterSet V10" {
 
-				(Get-Command Add-PASAccount).Parameters["platformID"].ParameterSets["V10"].IsMandatory | Should be $true
+				(Get-Command Add-PASAccount).Parameters["platformID"].ParameterSets["V10"].IsMandatory | Should -Be $true
 
 			}
 
@@ -241,7 +238,7 @@ Describe $FunctionName {
 			It "throws error if version requirement not met" {
 
 				$Script:ExternalVersion = "1.0"
-				{ $InputObjV10 | Add-PASAccount } | Should Throw
+				{ $InputObjV10 | Add-PASAccount } | Should -Throw
 				$Script:ExternalVersion = "0.0"
 
 			}
@@ -299,13 +296,13 @@ Describe $FunctionName {
 					"ExtraPass3Safe"        = "SomeSafe"
 				}
 				$response = $InputObj | Add-PASAccount
-				$response | Should BeNullOrEmpty
+				$response | Should -BeNullOrEmpty
 
 			}
 
 			it "provides output - V10 ParameterSet" {
 				$response = $InputObj | Add-PASAccount
-				$response | Should Not BeNullOrEmpty
+				$response | Should -Not -BeNullOrEmpty
 
 			}
 
@@ -317,14 +314,16 @@ Describe $FunctionName {
 					}
 				}
 				$response = $InputObj | Add-PASAccount
-				$response | get-member | select-object -expandproperty typename -Unique | Should Be psPAS.CyberArk.Vault.Account.V10
+				$response | get-member | select-object -expandproperty typename -Unique | Should -Be psPAS.CyberArk.Vault.Account.V10
 
 			}
 
 
 
 		}
-
+#>
 	}
 
+
+
 }