psPAS 6.1 (#516)

* 🌐 UPDATE docs

small fix

* ✨ ♻️ UPDATE Get-PASAccountActivity

Adds Gen2 replacement for deprecated Gen1 API.
Default operation will be against the Gen2 API.
The `UseGen1API` parameter will need to be used to target the Gen1 API if Gen2 is not available.

* 📝 🔖 Doc Updates

General Updates for new version and new year

* ➕ ✨ ADDS Version 14.0 Functions + Updates

- `Get-PASPTARiskEvent`
  - New filter parameters `FromTime` & `ToTime`
  - Fixes output and result paging
- `Set-PASPTARiskEvent`
  - New parameters `closeReason` & `reasonText`
  - General Fixes
- `New-PASDirectoryMapping`
  - New parameters `UsedQuota`, `AuthorizedInterfaces` & `EnableENEWhenDisconnected`
- `Set-PASDirectoryMapping`
  - New parameters `UsedQuota`, `AuthorizedInterfaces` & `EnableENEWhenDisconnected`
- `Add-PASPTAExcludedTarget`
  - New command, supported from 14.0
- `Add-PASPTAIncludedTarget`
  - New command, supported from 14.0
- `Add-PASPTAPrivilegedGroup`
  - New command, supported from 14.0
- `Add-PASPTAPrivilegedUser`
  - New command, supported from 14.0
- `Get-PASPTAExcludedTarget`
  - New command, supported from 14.0
- `Get-PASPTAIncludedTarget`
  - New command, supported from 14.0
- `Get-PASPTAPrivilegedGroup`
  - New command, supported from 14.0
- `Get-PASPTAPrivilegedUser`
  - New command, supported from 14.0
- `Remove-PASPTAExcludedTarget`
  - New command, supported from 14.0
- `Remove-PASPTAIncludedTarget`
  - New command, supported from 14.0
- `Remove-PASPTAPrivilegedGroup`
  - New command, supported from 14.0
- `Remove-PASPTAPrivilegedUser`
  - New command, supported from 14.0

* Update Get-PASPTARiskEvent.Tests.ps1

Fix date format issue when testing in different culture systems

* Update Get-PASPTARiskEvent.Tests.ps1

fix copy/paste error

* Update Get-PASPTARiskEvent.Tests.ps1

Adding milliseconds to date request

* ⚗️🚸🥅 UPDATE ISPSS Error Handling

Changes the way errors caught when operating against ISPSS Shared Services tenants are handled.
Instead of assuming the `error_description` & `error` properties will always be present in the caught error object, we first set a default state for the error to be returned from psPAS, then update it using the `error_description` & `error` properties only if they are present.

Attempts to avoid condition reported where user experience is an error from psPAS about not handling an error from PCloud due to the `error_description` & `error` properties not being found.

* Update Invoke-PASRestMethod.ps1

Corrects a copy/paste error introduced in previous commit

* Update CHANGELOG.md

* ⚗️ADD Get-PASLinkedGroup

New function based on undocumented API to get linked groups associated with an account

* Update CHANGELOG.md

* Create 2024-02-01-pspas-release-6-1.md

* Update CHANGELOG.md

CHANGELOG.md

@@ -5,6 +5,68 @@
 - Continued development to encompass any new documented features of the CyberArk API.
 - psPAS v7.0...
 
+## [unreleased]
+
+### Added
+- N/A
+
+### Updated
+- N/A
+
+### Fixed
+- N/A
+
+## **6.1.47**
+
+### Module update to cover all CyberArk 14.0 API features
+
+### Added
+- `Add-PASPTAExcludedTarget`
+  - New command, supported from 14.0
+- `Add-PASPTAIncludedTarget`
+  - New command, supported from 14.0
+- `Add-PASPTAPrivilegedGroup`
+  - New command, supported from 14.0
+- `Add-PASPTAPrivilegedUser`
+  - New command, supported from 14.0
+- `Get-PASPTAExcludedTarget`
+  - New command, supported from 14.0
+- `Get-PASPTAIncludedTarget`
+  - New command, supported from 14.0
+- `Get-PASPTAPrivilegedGroup`
+  - New command, supported from 14.0
+- `Get-PASPTAPrivilegedUser`
+  - New command, supported from 14.0
+- `Remove-PASPTAExcludedTarget`
+  - New command, supported from 14.0
+- `Remove-PASPTAIncludedTarget`
+  - New command, supported from 14.0
+- `Remove-PASPTAPrivilegedGroup`
+  - New command, supported from 14.0
+- `Remove-PASPTAPrivilegedUser`
+  - New command, supported from 14.0
+- `Get-PASLinkedGroup`
+  - New experimental command based on undocumented API.
+
+ ### Updated
+- `Get-PASAccountActivity`
+  - Adds Gen2 replacement for deprecated Gen1 API.
+  - Updates default operation to target Gen2 API.
+- `Get-PASPTARiskEvent`
+  - New filter parameters `FromTime` & `ToTime`
+  - Fixes output and result paging
+- `Set-PASPTARiskEvent`
+  - New parameters `closeReason` & `reasonText`
+  - General Fixes
+- `New-PASDirectoryMapping`
+  - New parameters `UsedQuota`, `AuthorizedInterfaces` & `EnableENEWhenDisconnected`
+- `Set-PASDirectoryMapping`
+  - New parameters `UsedQuota`, `AuthorizedInterfaces` & `EnableENEWhenDisconnected`
+
+ ### Fixed
+- `Invoke-PASRestMethod`
+  - Avoids potential error condition when handling errors in ISPSS environments
+
 ## **6.0.30**
 
 ### Added

LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2017-2023 Pete Maan
+Copyright (c) 2017-2024 Pete Maan
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -8,7 +8,7 @@
 
 Through the PVWA REST API, administer CyberArk PAS with PowerShell.
 
-Contains all of the documented API capabilities up to CyberArk v13.2.
+Contains all of the documented API capabilities up to CyberArk v14.0.
 
 Docs: [https://pspas.pspete.dev](https://pspas.pspete.dev)
 
@@ -965,6 +965,7 @@ Click the below dropdown to view the current list of psPAS functions and their m
 [`Disable-PASUser`][Disable-PASUser]                                                     |**12.6**            |Disable CyberArk Users
 [`Publish-PASDiscoveredAccount`][Publish-PASDiscoveredAccount]                           |**12.6**            |Onboard Discovered Accounts
 [`Get-PASLinkedAccount`][Get-PASLinkedAccount]                                           |**12.2**            |Get details of linked accounts
+[`Get-PASLinkedGroup`][Get-PASLinkedGroup]                                               |**12.2**            |Get details of linked groups
 [`Add-PASPersonalAdminAccount`][Add-PASPersonalAdminAccount]                             |**12.6**            |Add Personal Admin Account (Privilege Cloud Only).
 [`Get-PASPTAGlobalCatalog`][Get-PASPTAGlobalCatalog]                                     |**13.0**            |Get Global Catalog connectivity details for PTA.
 [`Add-PASPTAGlobalCatalog`][Add-PASPTAGlobalCatalog]                                     |**13.0**            |Add Global Catalog connectivity details to PTA.
@@ -973,7 +974,31 @@ Click the below dropdown to view the current list of psPAS functions and their m
 [`Set-PASPTARiskEvent`][Set-PASPTARiskEvent]                                             |**13.2**            |Update PTA Risk Events
 [`Get-PASPTARiskSummary`][Get-PASPTARiskSummary]                                         |**13.2**            |Get PTA Risk Summary
 [`New-PASRequestObject`][New-PASRequestObject]                                           |**---**             |Format an object to include in an request list
-
+[`Add-PASPTAIncludedTarget`][Add-PASPTAIncludedTarget]                                   |**14.0**            |Includes a PTA Monitored Target
+[`Add-PASPTAExcludedTarget`][Add-PASPTAExcludedTarget]                                   |**14.0**            |Excludes a PTA Monitored Target
+[`Add-PASPTAPrivilegedGroup`][Add-PASPTAPrivilegedGroup]                                 |**14.0**            |Configures a PTA Privileged Group
+[`Add-PASPTAPrivilegedUser`][Add-PASPTAPrivilegedUser]                                   |**14.0**            |Configures a PTA Privileged User
+[`Get-PASPTAExcludedTarget`][Get-PASPTAExcludedTarget]                                   |**14.0**            |Get PTA Excluded Target
+[`Get-PASPTAIncludedTarget`][Get-PASPTAIncludedTarget]                                   |**14.0**            |Get PTA Included target
+[`Get-PASPTAPrivilegedGroup`][Get-PASPTAPrivilegedGroup]                                 |**14.0**            |Get PTA Privileged Group
+[`Get-PASPTAPrivilegedUser`][Get-PASPTAPrivilegedUser]                                   |**14.0**            |Get PTA Privileged User
+[`Remove-PASPTAExcludedTarget`][Remove-PASPTAExcludedTarget]                             |**14.0**            |Remove PTA Excluded Target
+[`Remove-PASPTAIncludedTarget`][Remove-PASPTAIncludedTarget]                             |**14.0**            |Remove PTA Included Target
+[`Remove-PASPTAPrivilegedGroup`][Remove-PASPTAPrivilegedGroup]                           |**14.0**            |Remove PTA Privileged Group
+[`Remove-PASPTAPrivilegedUser`][Remove-PASPTAPrivilegedUser]                             |**14.0**            |Remove PTA Privileged User
+
+[Add-PASPTAExcludedTarget]:/psPAS/Functions/EventSecurity/Add-PASPTAExcludedTarget.ps1
+[Add-PASPTAIncludedTarget]:/psPAS/Functions/EventSecurity/Add-PASPTAIncludedTarget.ps1
+[Add-PASPTAPrivilegedGroup]:/psPAS/Functions/EventSecurity/Add-PASPTAPrivilegedGroup.ps1
+[Add-PASPTAPrivilegedUser]:/psPAS/Functions/EventSecurity/Add-PASPTAPrivilegedUser.ps1
+[Get-PASPTAExcludedTarget]:/psPAS/Functions/EventSecurity/Get-PASPTAExcludedTarget.ps1
+[Get-PASPTAIncludedTarget]:/psPAS/Functions/EventSecurity/Get-PASPTAIncludedTarget.ps1
+[Get-PASPTAPrivilegedGroup]:/psPAS/Functions/EventSecurity/Get-PASPTAPrivilegedGroup.ps1
+[Get-PASPTAPrivilegedUser]:/psPAS/Functions/EventSecurity/Get-PASPTAPrivilegedUser.ps1
+[Remove-PASPTAExcludedTarget]:/psPAS/Functions/EventSecurity/Remove-PASPTAExcludedTarget.ps1
+[Remove-PASPTAIncludedTarget]:/psPAS/Functions/EventSecurity/Remove-PASPTAIncludedTarget.ps1
+[Remove-PASPTAPrivilegedGroup]:/psPAS/Functions/EventSecurity/Remove-PASPTAPrivilegedGroup.ps1
+[Remove-PASPTAPrivilegedUser]:/psPAS/Functions/EventSecurity/Remove-PASPTAPrivilegedUser.ps1
 [New-PASRequestObject]:/psPAS/Functions/Requests/New-PASRequestObject.ps1
 [Get-PASUserTypeInfo]:/psPAS/Functions/User/Get-PASUserTypeInfo.ps1
 [Get-PASPTARiskEvent]:/psPAS/Functions/EventSecurity/Get-PASPTARiskEvent.ps1
@@ -984,6 +1009,7 @@ Click the below dropdown to view the current list of psPAS functions and their m
 [Disable-PASUser]:/psPAS/Functions/User/Disable-PASUser.ps1
 [Enable-PASUser]:/psPAS/Functions/User/Enable-PASUser.ps1
 [Get-PASLinkedAccount]:/psPAS/Functions/Accounts/Get-PASLinkedAccount.ps1
+[Get-PASLinkedGroup]:/psPAS/Functions/Accounts/Get-PASLinkedGroup.ps1
 [Add-PASPersonalAdminAccount]:/psPAS/Functions/Accounts/Add-PASPersonalAdminAccount.ps1
 [Publish-PASDiscoveredAccount]:/psPAS/Functions/Accounts/Publish-PASDiscoveredAccount.ps1
 [Get-PASPlatformSummary]:/psPAS/Functions/Platforms/Get-PASPlatformSummary.ps1

Tests/Add-PASPTAExcludedTarget.Tests.ps1

@@ -0,0 +1,137 @@
+Describe $($PSCommandPath -Replace '.Tests.ps1') {
+
+    BeforeAll {
+        #Get Current Directory
+        $Here = Split-Path -Parent $PSCommandPath
+
+        #Assume ModuleName from Repository Root folder
+        $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf
+
+        #Resolve Path to Module Directory
+        $ModulePath = Resolve-Path "$Here\..\$ModuleName"
+
+        #Define Path to Module Manifest
+        $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1"
+
+        if ( -not (Get-Module -Name $ModuleName -All)) {
+
+            Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop
+
+        }
+
+        $Script:RequestBody = $null
+        $Script:BaseURI = 'https://SomeURL/SomeApp'
+        $Script:ExternalVersion = '0.0'
+        $Script:WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+
+    }
+
+
+    AfterAll {
+
+        $Script:RequestBody = $null
+
+    }
+
+    InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) {
+
+        BeforeEach {
+
+            Mock Invoke-PASRestMethod -MockWith {
+
+            }
+
+            $SomePassword = $('Some_Password' | ConvertTo-SecureString -AsPlainText -Force)
+
+            $InputObj = [pscustomobject]@{
+                'cidr' = '10.10.10.10/32'
+
+            }
+
+            $response = $InputObj | Add-PASPTAExcludedTarget
+
+        }
+
+
+
+        Context 'Mandatory Parameters' {
+
+            $Parameters = @{Parameter = 'cidr' }
+
+            It 'specifies parameter <Parameter> as mandatory' -TestCases $Parameters {
+
+                param($Parameter)
+
+				(Get-Command Add-PASPTAExcludedTarget).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true
+
+            }
+
+        }
+
+        Context 'Input' {
+
+            It 'sends request' {
+
+                Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'sends request to expected endpoint' {
+
+                Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+                    $URI -eq "$($Script:BaseURI)/api/pta/API/Administration/properties/CidrExclusionList"
+
+                } -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'uses expected method' {
+
+                Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'PATCH' } -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'sends request with expected body' {
+
+                Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+                    $Script:RequestBody = $Body | ConvertFrom-Json
+
+					($Script:RequestBody) -ne $null
+
+                } -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'has a request body with expected number of properties' {
+
+				($Script:RequestBody | Get-Member -MemberType NoteProperty).length | Should -Be 1
+
+            }
+
+            It 'throws error if version requirement not met' {
+
+                $Script:ExternalVersion = '1.0'
+
+                { $InputObj | Add-PASPTAExcludedTarget } | Should -Throw
+
+                $Script:ExternalVersion = '0.0'
+            }
+
+        }
+
+        Context 'Output' {
+
+            It 'provides no output' {
+
+                $response | Should -BeNullOrEmpty
+
+            }
+
+
+        }
+
+    }
+
+}