Releases: pspete/psPAS
v6.4.85
psPAS v6.4.85
[6.4.85]
Added
- N/A
Updated
- N/A
Fixed
Set-PASUser
- Adds logic to not attempt conversion to unix time if expiry date is not a valid datetime object, this resolves an issue where an error was raised when updating an account with an existing value for the
expirydate
property - Adds logic to not apply time zone offset when specifying Unix epoch time to remove an expiry date from an account which could previously result in an invalid time value in non-GMT time zones.
- Adds logic to not attempt conversion to unix time if expiry date is not a valid datetime object, this resolves an issue where an error was raised when updating an account with an existing value for the
v6.4.80
psPAS v6.4.80
6.4.80
Includes a general update across multiple module commands to ensure commands which are specific to self-hosted implementations are not able to be run against Privilege Cloud, and any commands which are specific to Privilege Cloud are not able to be run against a Self-Hosted solution.
Added
Get-PASIPAllowList
- Privilege Cloud only command to show IP Allow List
Set-PASIPAllowList
- Privilege Cloud only command to set IP Allow List
Get-PASBYOKConfig
- Privilege Cloud only command to show BYOK Config
Publish-PASDiscoveredLocalAccount
- Privilege Cloud only command to publish discovered local account
Get-PASDiscoveredLocalAccountActivity
- Privilege Cloud only command to show discovered local account activity
Get-PASDiscoveredLocalAccount
- Privilege Cloud only command to show local discovered account details
Clear-PASDiscoveredLocalAccount
- Privilege Cloud only command to delete all discovered local accounts from the Pending Accounts list.
Add-PASDiscoveredLocalAccount
- Privilege Cloud only command to add a specific local account to the Discovered Accounts list
Remove-PASDiscoveredLocalAccount
- Privilege Cloud only command to remove a local account from the Discovered Accounts list
Updated
Invoke-PASRestMethod
- Improvements to error handling
Fixed
Get-PASPSMRecording
- Fixes result paging issue
Get-PASPSMSession
- Fixes result paging issue
v6.3.78
psPAS v6.3.78
Added
- N/A
Updated
Get-PASPSMRecording
- In-line with PVWA default operation:
- Changed the default limit for each page of results to 100, in-line with PVWA default values
- Updated to return recordings from the last 48 hours by default when
FromTime
&ToTime
parameters are not specified.
- When specifying
ToTime
withoutFromTime
, recordings from the 48 hours beforeToTime
are returned.- This avoids potential for unintentionally long running queries which return details of many recording from the vault.
- In-line with PVWA default operation:
Set-PASUser
- Updated to query for, and send, any existing user properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the user object.
- This update allows single properties to be updated without having to specify all properties.
- Allows Empty argument for
unAuthorizedInterfaces
&vaultAuthorization
parameters to enable set values to be cleared. - Corrects ValidateSet for
unAuthorizedInterfaces
parameter.
- Updated to query for, and send, any existing user properties, which are not being specifically updated, with the request.
Set-PASSafe
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
- This update allows single properties to be updated without having to specify all properties.
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
Set-PASOpenIDConnectProvider
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
- This update allows single properties to be updated without having to specify all properties.
- Number of mandatory parameters required to be specified has been reduced
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
Set-PASPTARule
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
- This update allows single properties to be updated without having to specify all properties.
- Number of mandatory parameters required to be specified has been reduced
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
Set-PASDirectoryMapping
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
- This update allows single properties to be updated without having to specify all properties.
- Number of mandatory parameters required to be specified has been reduced
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
New-PASOnboardingRule
- Reordered parameters to simplify tab completion options
Set-PASOnboardingRule
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
- This update allows single properties to be updated without having to specify all properties.
- Number of mandatory parameters required to be specified has been reduced
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
Set-PASPlatformPSMConfig
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
- This update allows single properties to be updated without having to specify all properties.
- Number of mandatory parameters required to be specified has been reduced
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
Set-PASSafeMember
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
- Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
- This update allows single properties to be updated without having to specify all properties.
- Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
New-PASUser
- In-line with update to
Set-PASUser
- Allows Empty argument for
unAuthorizedInterfaces
&vaultAuthorization
parameters. - Corrects ValidateSet for
unAuthorizedInterfaces
parameter.
- Allows Empty argument for
- In-line with update to
Get-PASComponentDetail
- Adds assertion that command specifying
PTA
component must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
- Adds assertion that command specifying
Add-PASAccountACL
- Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Get-PASAccountACL
- Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Remove-PASAccountACL
- Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Invoke-PASCPMOperation
- Adds assertion that Gen1 verify task must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Set-PASAccount
- Adds assertion that Gen1 task must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Close-PASSession
- Adds assertion that Shared Authentication logoff request is executed against a self hosted implementation as invocation against privilege cloud is not supported.
New-PASSession
- Adds assertion that Shared Authentication logon request is executed against a self hosted implementation as invocation against privilege cloud is not supported.
Add-PASPolicyACL
- Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Get-PASPolicyACL
- Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Remove-PASPolicyACL
- Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Remove-PASSafeMember
- Adds assertion that command using Gen1 parameters must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
Assert-VersionRequirement
- Updates helper function to provide ability to assert if command is being run against self-hosted or privilege cloud implementation.
Fixed
- N/A
v6.2.68
psPAS v6.2.68
6.2.68
Introducing enhancements to psPAS session related data.
Using the Get-PASSession
command, users of the module can now get data on session start time, elapsed time since authentication as well as details of the last command run, the raw results returned from the api, as well as any detail of the last error which may have been received during the session.
This update makes troubleshooting API commands and expected results much easier from both an end user and module support perspective.
PS> Get-PASSession
Name Value
---- -----
BaseURI https://sometenant.privilegecloud.cyberark.cloud/PasswordVault
User someuser@cyberark.cloud.1312
ExternalVersion 14.0.0
WebSession Microsoft.PowerShell.Commands.WebRequestSession
StartTime 20/02/2024 18:14:01
ElapsedTime 00:04:03
LastCommand System.Management.Automation.InvocationInfo
LastCommandTime 20/02/2024 18:18:03
LastCommandResults {"Users":[{"id":26,"username":"[email protected]","source":"CyberArk","userType":"SomeType",...
LastError {"ErrorCode":"PASWS041E","ErrorMessage":"You are not authorized to perform this action."}
LastErrorTime 20/02/2024 18:13:12
To realise this update, lots of module wide changes to all module commands have been required; while no change to the general operation of the psPAS module should be noticed - do raise an issue if something does not appear correct.
Added
- N/A
Updated
Get-PASSession
- makes additional information available to users running the command
- authentication time
- session length
- last command and result data
- last error details
- makes additional information available to users running the command
New-PASPSMSession
- RDP and PSMGW connections will be automatically opened when issuing connection request.
New-PASSession
- Adds logic around getting the logged on user name for either self-hosted or privilege cloud deployments
- PSM Session Data Formats
- Adds
Start
&End
to standard table view output - Formats
Start
&End
as standard datetime instead of unixtime.
- Adds
Fixed
Add-PASGroupMember
,Remove-PASGroup
,Set-PASGroup
- Standardises name of
ID
parameter. - Adds
GroupID
alias toID
parameter.
- Standardises name of
v6.1.62
psPAS v6.1.62
6.1.62
Added
- N/A
Updated
Get-PASPSMRecording
- Removes
Offset
Parameter - Updates
FromTime
&ToTime
parameters to[datetime]
types - Returns all pages of results instead of only the first page of results
- Removes
Get-PASPSMSession
- Removes
Offset
Parameter - Updates
FromTime
&ToTime
parameters to[datetime]
types - Returns all pages of results instead of only the first page of results
- Removes
Get-PASAccount
- Removes
Offset
Parameter
- Removes
Get-PASDiscoveredAccount
- Removes
Offset
Parameter
- Removes
Fixed
Get-PASSession
- Removes
UserName
from command output, avoiding error condition on expired session.
- Removes
Get-PASPlatform
- Adds
search
parameter to the defaulttargets
parameterset
- Adds
- ISPSS Error Handling
- Fixes issue where error returned from ISPSS solution may not be handled properly
v6.1.50
psPAS v6.1.50
Module update to cover all CyberArk 14.0 API features
Added
- New commands supported from 14.0:
Add-PASPTAExcludedTarget
Add-PASPTAIncludedTarget
Add-PASPTAPrivilegedGroup
Add-PASPTAPrivilegedUser
Get-PASPTAExcludedTarget
Get-PASPTAIncludedTarget
Get-PASPTAPrivilegedGroup
Get-PASPTAPrivilegedUser
Remove-PASPTAExcludedTarget
Remove-PASPTAIncludedTarget
Remove-PASPTAPrivilegedGroup
Remove-PASPTAPrivilegedUser
Get-PASLinkedGroup
- New experimental command based on undocumented API.
Updated
Get-PASAccountActivity
- Adds Gen2 replacement for deprecated Gen1 API.
- Updates default operation to target Gen2 API.
Get-PASPTARiskEvent
- New filter parameters
FromTime
&ToTime
- Fixes output and result paging
- New filter parameters
Set-PASPTARiskEvent
- New parameters
closeReason
&reasonText
- General Fixes
- New parameters
New-PASDirectoryMapping
- New parameters
UsedQuota
,AuthorizedInterfaces
&EnableENEWhenDisconnected
- New parameters
Set-PASDirectoryMapping
- New parameters
UsedQuota
,AuthorizedInterfaces
&EnableENEWhenDisconnected
- New parameters
Fixed
Invoke-PASRestMethod
- Avoids potential error condition when handling errors in ISPSS environments
v6.0.30
psPAS v6.0.30
Added
- N/A
Updated
Add-PASPTARule
&Set-PASPTARule
- Adds scope parameters
vaultUsersMode
,vaultUsersList
,machinesMode
&machinesList
- Includes scope property in output by default
- Adds scope parameters
Fixed
Add-PASApplication
- Updates date format of
ExpirationDate
toMM/dd/yyyy
. Resolves issue observed when sending date format ofMM-dd-yyyy
- Updates date format of
Set-PASPTAEvent
&Set-PASPTARiskEvent
- Fixes issue where websession object and auth header were not being sent with the request
v6.0.21
v6.0.18
psPAS v6.0.18
Changed
Set-PASSafe
- Allows
0
as valid value for parameterNumberOfDaysRetention
- Allows
Get-PASServerWebService
- Depreciates Gen1 endpoint from 13.2. Adds Gen2 endpoint as default.
Get-PASSafeShareLogo
- Depreciates command from 13.2.
Invoke-PASCPMOperation
- Depreciates Gen1 endpoint from 13.2.
Get-PASAccountActivity
- Depreciates command from 13.2.
Add-PASPendingAccount
- Depreciates command from 13.2.
Fixed
Get-PASAccount
- Resolves issue where, if number of results of a
SavedFilter
are greater than the page size (either default or set via thelimit
parameter), only the URL of the first request sent would include the SavedFilter value.
- Resolves issue where, if number of results of a