Release 5.6

Release 5.6

CHANGELOG.md

@@ -5,7 +5,44 @@
 - Continued development to encompass any new documented features of the CyberArk API.
 - psPAS v6.0...
 
-## **5.5.110 (March 7th 2023)
+## **5.6.135 (July 31st 2023)**
+
+### Module update to cover all CyberArk 13.2 API features
+
+**psPAS Year 6**
+
+- New
+  - `Get-PASUserTypeInfo`
+    - Output information on User Types
+  - `Get-PASPTARiskEvent`
+    - Output PTA Risk Events
+  - `Set-PASPTARiskEvent`
+    - Update PTA Risk Events
+  - `Get-PASPTARiskSummary`
+    - Output PTA Risk Summary
+  - `New-PASRequestObject`
+    - Enables creation of request objects for bulk account access requests using `New-PASRequest`.
+- Updates
+  - `New-PASSession`
+    - Adds option for PKIPN authentication.
+      - Thanks ([JesseMcWilliamss](https://github.com/JesseMcWilliamss))!
+    - Adds options to Shared Services Authentication capability
+      - Supports different subdomains for Identity & Privilege Cloud tenants
+      - Supports ability to provide tenant URLs for Identity & Privilege Cloud systems.
+  - `Unlock-PASAccount`
+    - Adds Unlock capability, in addition to the existing check-in capability.
+      - Thanks & Credit to ([Qrelis](https://github.com/Qrelis))for this!
+  - `Get-PASUser`
+    - Adds `source` parameter (allows filter by cyberark or ldap source).
+    - Adds `userStatus` parameter (allows filter by active, disabled, or suspended status).
+  - `New-PASUser` & `Set-PASUser`
+    - Adds parameters `userActivityLogRetentionDays`, `loginFromHour` & `loginToHour`
+  - `New-PASRequest`
+    - Adds new ParameterSets `BulkSearch`, `BulkFilter` & `BulkItems`.
+  - `Get-PASRequest`
+    - Adds `id` parameter to support get status bulk request actions.
+
+## **5.5.110 (March 7th 2023)**
 
 ### Module update to cover all CyberArk 13.0 API features
 

README.md

@@ -8,7 +8,7 @@
 
 Through the PVWA REST API, administer CyberArk PAS with PowerShell.
 
-contains all of the documented API capabilities up to CyberArk v13.0.
+Contains all of the documented API capabilities up to CyberArk v13.2.
 
 Docs: [https://pspas.pspete.dev](https://pspas.pspete.dev)
 
@@ -71,7 +71,7 @@ _Everything begins with a **Logon**:_
 
 To submit a logon request to the CyberArk API, use the psPAS `New-PASSession` command.
 
-All subsequent operations are carried out by `psPAS` utilising the input data provided for the `New-PASSession` request (URL, Certificate), as well as data received from the API after successful authentication (Authentication Token, PVWA Version).
+All subsequent operations are carried out by `psPAS` utilises the input data provided for the `New-PASSession` request (URL, Certificate), as well as data received from the API after successful authentication (Authentication Token, PVWA Version).
 
 #### CyberArk Authentication
 
@@ -940,7 +940,17 @@ Click the below dropdown to view the current list of psPAS functions and their m
 [`Add-PASPersonalAdminAccount`][Add-PASPersonalAdminAccount]                             |**12.6**            |Add Personal Admin Account (Privilege Cloud Only).
 [`Get-PASPTAGlobalCatalog`][Get-PASPTAGlobalCatalog]                                     |**13.0**            |Get Global Catalog connectivity details for PTA.
 [`Add-PASPTAGlobalCatalog`][Add-PASPTAGlobalCatalog]                                     |**13.0**            |Add Global Catalog connectivity details to PTA.
-
+[`Get-PASUserTypeInfo`][Get-PASUserTypeInfo]                                             |**13.2**            |Get User Type Info
+[`Get-PASPTARiskEvent`][Get-PASPTARiskEvent]                                             |**13.2**            |Get PTA Risk Events
+[`Set-PASPTARiskEvent`][Set-PASPTARiskEvent]                                             |**13.2**            |Update PTA Risk Events
+[`Get-PASPTARiskSummary`][Get-PASPTARiskSummary]                                         |**13.2**            |Get PTA Risk Summary
+[`New-PASRequestObject`][New-PASRequestObject]                                           |**---**             |Format an object to include in an request list
+
+[New-PASRequestObject]:/psPAS/Functions/Requests/New-PASRequestObject
+[Get-PASUserTypeInfo]:/psPAS/Functions/User/Get-PASUserTypeInfo
+[Get-PASPTARiskEvent]:/psPAS/Functions/EventSecurity/Get-PASPTARiskEvent
+[Set-PASPTARiskEvent]:/psPAS/Functions/EventSecurity/Set-PASPTARiskEvent
+[Get-PASPTARiskSummary]:/psPAS/Functions/EventSecurity/Get-PASPTARiskSummary
 [Get-PASPTAGlobalCatalog]:/psPAS/Functions/EventSecurity/Get-PASPTAGlobalCatalog
 [Add-PASPTAGlobalCatalog]:/psPAS/Functions/EventSecurity/Add-PASPTAGlobalCatalog
 [Disable-PASUser]:/psPAS/Functions/User/Disable-PASUser
@@ -1231,6 +1241,14 @@ Priority support could be considered for <a href="https://github.com/sponsors/ps
 
 Hat Tips:
 
+**Jesse McWilliams**
+([JesseMcWilliamss](https://github.com/JesseMcWilliams))
+For the infomration needed to add PKIPN authentication into `New-PASSession`
+
+**Wojciech Ossowski**
+([Qrelis](https://github.com/Qrelis))
+For sharing the details of the account unlock API.
+
 **Allyn Lindsay**
 ([allynl93](https://github.com/allynl93))
 for [PS-SAML-Interactive](https://github.com/allynl93/PS-SAML-Interactive)

Tests/ConvertTo-BulkFilterItem.Tests.ps1

@@ -0,0 +1,86 @@
+Describe $($PSCommandPath -Replace '.Tests.ps1') {
+
+    BeforeAll {
+        #Get Current Directory
+        $Here = Split-Path -Parent $PSCommandPath
+
+        #Assume ModuleName from Repository Root folder
+        $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf
+
+        #Resolve Path to Module Directory
+        $ModulePath = Resolve-Path "$Here\..\$ModuleName"
+
+        #Define Path to Module Manifest
+        $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1"
+
+        if ( -not (Get-Module -Name $ModuleName -All)) {
+
+            Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop
+
+        }
+
+        $Script:RequestBody = $null
+        $Script:BaseURI = 'https://SomeURL/SomeApp'
+        $Script:ExternalVersion = '0.0'
+        $Script:WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+
+    }
+
+
+    AfterAll {
+
+        $Script:RequestBody = $null
+
+    }
+
+    InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) {
+
+        Context 'General' {
+
+            BeforeEach {
+
+
+                $InputObj = @{
+                    'reason'   = 'some reason'
+                    'fromDate' = 5
+                }
+
+            }
+
+            It 'does not throw' {
+
+                { ConvertTo-BulkFilterItem } | Should -Not -Throw
+
+            }
+
+            It 'produces expected output if given no input' {
+
+                $output = ConvertTo-BulkFilterItem
+                $output['Reason'] | Should -BeNullOrEmpty
+                $output['TicketingSystemName'] | Should -BeNullOrEmpty
+                $output['TicketID'] | Should -BeNullOrEmpty
+                $output['AdditionalInfo'] | Should -BeNullOrEmpty
+                $output['multipleAccessRequired'] | Should -Be $false
+                $output['fromDate'] | Should -Be 0
+                $output['toDate'] | Should -Be 0
+
+            }
+
+            It 'outputs expected values' {
+
+                $output = $InputObj | ConvertTo-BulkFilterItem
+                $output['Reason'] | Should -Be 'some reason'
+                $output['TicketingSystemName'] | Should -BeNullOrEmpty
+                $output['TicketID'] | Should -BeNullOrEmpty
+                $output['AdditionalInfo'] | Should -BeNullOrEmpty
+                $output['multipleAccessRequired'] | Should -Be $false
+                $output['fromDate'] | Should -Be 5
+                $output['toDate'] | Should -Be 0
+
+            }
+
+        }
+
+    }
+
+}

Tests/ConvertTo-FilterString.Tests.ps1

@@ -70,6 +70,17 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') {
 
 			}
 
+			It 'converts hashtable to expected filter string with quoted values' {
+
+				$Value = $InputObj | ConvertTo-FilterString -QuoteValue
+
+				$Value['filter'] | Should -Match ' AND '
+				$Value['filter'] | Should -Match 'Property1 eq "Value"'
+				$Value['filter'] | Should -Match 'Property2 eq "Another Value"'
+				$Value['filter'] | Should -Match 'modificationTime gte 1577836800'
+
+			}
+
 		}
 
 	}

Tests/Get-PASPTARiskEvent.Tests.ps1

@@ -0,0 +1,128 @@
+Describe $($PSCommandPath -Replace '.Tests.ps1') {
+
+    BeforeAll {
+        #Get Current Directory
+        $Here = Split-Path -Parent $PSCommandPath
+
+        #Assume ModuleName from Repository Root folder
+        $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf
+
+        #Resolve Path to Module Directory
+        $ModulePath = Resolve-Path "$Here\..\$ModuleName"
+
+        #Define Path to Module Manifest
+        $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1"
+
+        if ( -not (Get-Module -Name $ModuleName -All)) {
+
+            Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop
+
+        }
+
+        $Script:RequestBody = $null
+        $Script:BaseURI = 'https://SomeURL/SomeApp'
+        $Script:ExternalVersion = '0.0'
+        $Script:WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+
+    }
+
+
+    AfterAll {
+
+        $Script:RequestBody = $null
+
+    }
+
+    InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) {
+
+        Context 'Input' {
+
+            BeforeEach {
+
+                Mock Invoke-PASRestMethod -MockWith {
+                    [PSCustomObject]@{'addsaferesult' = [PSCustomObject]@{'Prop1' = 'Val1'; 'Prop2' = 'Val2' } }
+                }
+
+                $Script:BaseURI = 'https://SomeURL/SomeApp'
+                $Script:ExternalVersion = '0.0'
+                $Script:WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+
+            }
+
+            It 'sends request' {
+                Get-PASPTARiskEvent
+                Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'sends request to expected endpoint' {
+                Get-PASPTARiskEvent
+                Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+                    $URI -match "$($Script:BaseURI)/API/pta/API/Risks/RisksEvents/"
+
+                } -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'uses expected method' {
+                Get-PASPTARiskEvent
+                Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'GET' } -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'sends request with no body' {
+                Get-PASPTARiskEvent
+                Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+                    $Body -eq $null
+
+                } -Times 1 -Exactly -Scope It
+
+            }
+
+            It 'throws error if version requirement not met' {
+                $Script:ExternalVersion = '1.0'
+                { Get-PASPTARiskEvent } | Should -Throw
+                $Script:ExternalVersion = '0.0'
+            }
+
+        }
+
+        Context 'Output' {
+            BeforeEach {
+
+                Mock Invoke-PASRestMethod -MockWith {
+                    [PSCustomObject]@{'addsaferesult' = [PSCustomObject]@{'Prop1' = 'Val1'; 'Prop2' = 'Val2' } }
+                }
+
+                $Script:BaseURI = 'https://SomeURL/SomeApp'
+                $Script:ExternalVersion = '0.0'
+                $Script:WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+
+            }
+            It 'provides output' {
+
+                Get-PASPTARiskEvent | Should -Not -BeNullOrEmpty
+
+            }
+
+            It 'has output with expected number of properties' {
+
+				(Get-PASPTARiskEvent | Get-Member -MemberType NoteProperty).length | Should -Be 1
+
+            }
+
+            It 'outputs object with expected typename' {
+
+                Get-PASPTARiskEvent | Get-Member | Select-Object -ExpandProperty typename -Unique | Should -Be psPAS.CyberArk.Vault.PTA.Event.Risk
+
+            }
+
+
+
+        }
+
+    }
+
+}