2 years since first commit Anniversary Edition
- Breaking Changes
- Module Wide Parameter Changes
BaseURI
,WebSession
,PVWAAppName
,SessionToken
,ExternalVersion
- no longer required parameters.
New-PASSession
still requiresBaseURI
, and will acceptPVWAAppName
UseV9API
&UseV10API
Parameters renamed toUseClassicAPI
- Where functions support operations against both Classic & V10 API, default behaviour is to use the V10 API.
- Specify the
UseClassicAPI
switch parameter to force usage of the Classic API Endpoint.
- Values for
BaseURI
,WebSession
,PVWAAppName
,SessionToken
&ExternalVersion
are not returned from module functions in output.
- Functions Removed
New-PASSAMLSession
- Functionality moved into
New-PASSession
.
- Functionality moved into
New-PASSharedSession
- Functionality moved into
New-PASSession
.
- Functionality moved into
Close-PASSAMLSession
- Functionality moved into
Close-PASSession
.
- Functionality moved into
Close-PASSharedSession
- Functionality moved into
Close-PASSession
.
- Functionality moved into
Start-PASCredChange
- Functionality moved into
Invoke-PASCPMOperation
.
- Functionality moved into
Start-PASCredVerify
- Functionality moved into
Invoke-PASCPMOperation
.
- Functionality moved into
Invoke-PASCredChange
- Functionality moved into
Invoke-PASCPMOperation
.
- Functionality moved into
Invoke-PASCredVerify
- Functionality moved into
Invoke-PASCPMOperation
.
- Functionality moved into
Invoke-PASCredReconcile
- Functionality moved into
Invoke-PASCPMOperation
.
- Functionality moved into
- Aliases Removed
Get-PASApplications
- Removed old pluralised aliasGet-PASApplicationAuthenticationMethods
- Removed old pluralised aliasGet-PASAccountCredentials
- Removed old pluralised aliasGet-PASSafeMembers
- Removed old pluralised alias
- Module Wide Parameter Changes
- New Functions
Find-PASSafe
(Thanks (again) steveredden!)- List or search safes by name
Invoke-PASCPMOperation
- Invoke CPM Verify, Change & Reconcile via v10 or Classic API.
Get-PASSession
- Return module scope variable values which are used to perform each request to the API.
Use-PASSession
- Set module scope variable values which are used to perform each request to the API.
- Updated Functions
New-PASSession
- Added
CertificateThumbprint
Parameter- Allows requests to be sent with details required for Client Certificate authentication.
- Added
OTP
Parameter- Allows One Time Passcode to be provided, which is then sent with the password value.
- Tested with Duo RADIUS.
- Allows One Time Passcode to be provided, which is then sent with the password value.
- Added SAML authentication option.
- Added Shared authentication option
- Removed
$SecureMode
&$AdditionalInfo
parameters. -Get-PASPSMConnectionParameter
- Now saves an RDP file returned from an API request.
path
parameter now expects a folder to save the file to.- Output file is named automatically
- Added
Export-PASPlatform
path
parameter now expects a folder to save the file to.- Output file is named automatically
Export-PASPSMRecording
path
parameter now expects a folder to save the file to.- Output file is named automatically
- Fixes
New-PASUser
- Added
ChangePassOnNextLogon
parameter for working with latest API method - Fixes issue where
New-PASUser
was failing to set the change password at next logon flag for a new user.
- Added
- Other
- Improvements to exception handling and error reporting.
- Fix
Add-PASDirectory
- Parameter
SSLConnect
added (required if adding LDAPS hosts) - Thanks (again) jmk-foofus!
- Parameter
- Updated Functions
New-PASUser
- Added support for the updated Add User API method for v10.9
Get-PASUser
- Added support for the updated Get Users API method for v10.9
- Updates
Get-PASSafeMember
- Added
MemberName
parameter- Returns all safe permissions of a specific user.
- Added
Get-PASAccountActivity
- Added Alias
id
toAccountID
parameter
- Added Alias
Invoke-PASCredChange
- Added Alias
id
toAccountID
parameter
- Added Alias
Invoke-PASCredReconcile
- Added Alias
id
toAccountID
parameter
- Added Alias
Invoke-PASCredVerify
- Added Alias
id
toAccountID
parameter
- Added Alias
Start-PASCredChange
- Added Alias
id
toAccountID
parameter
- Added Alias
Start-PASCredVerify
- Added Alias
id
toAccountID
parameter
- Added Alias
Unlock-PASAccount
- Added Alias
id
toAccountID
parameter
- Added Alias
- Fix
Add-PASApplication
- Parameter
BusinessOwnerPhone
changed to[string]
type
- Parameter
- Updated Functions (Thanks steveredden!)
Get-PASAccount
- Support for nextLink implemented to return maximum number of query results.
- TimeoutSec parameter added
Get-PASSafe
- TimeoutSec parameter added
- New Functions
Get-PASDirectoryMapping
- Get directory mappings configured for a directory
Get-PASDirectoryMapping
- Adds a new Directory Mapping for an existing directory
Remove-PASDirectory
- Removes a directory configured in the Vault
- Updated Functions
Add-PASDirectory
- Added parameter
DCList
- Added parameter
Get-PASDirectory
- Function output updated to contain more properties
New-PASDirectoryMapping
- Added parameters
VaultGroups
,Location
,LDAPQuery
- Added parameters
Set-PASSafe
- Now supports renaming a safe via
NewSafeName
parameter
- Now supports renaming a safe via
- Other Updates
- Updated comment based help content based on user feedback.
-
Updated Functions / Bug Fix / Breaking Change
Close-PASSession
- Now sends request to V10 URL by default.
- New parameter added to send request to V9 API if required.
psPAS.psm1
- Updated to improve module load time.
- Original import method can be forced by specifying
Import-Module -Name psPAS -ArgumentList $true
-
Fixed
New-PASSession
- Fixed unexpected element in request body when specifying UseDefaultCredentials with Windows Authentication.
- Bug Fix
- Remove debug output which could contain plaintex passwords.
- Thanks karrth!
- Remove debug output which could contain plaintex passwords.
- New Functions
Get-PASPSMSessionActivity
- Returns activity details from an active PSM Session.
Get-PASPSMSessionProperty
- Returns property details from an active PSM Session.
Get-PASPSMRecordingActivity
- Returns activity details from a PSM Recording.
Get-PASPSMRecordingProperty
- Returns property details from a PSM Recording.
Export-PASPSMRecording
- Allows saving of PSM Session Recording to a file.
Request-PASAdHocAccess
- Enablex request of temporary administrative access to a server.
- Updated Functions
Get-PASPSMRecording
- Now able to query PSM recordings by ID.
Get-PASAccount
- Updated to include return of
InternalProperties
property when using the V9 API.
- Updated to include return of
Get-PASPSMConnectionParameter
- Added support for RDP File output
- Fixed
Invoke-PASRestMethod
- Specify "UseBasicParsing" on each request to prevent issues when run on machines which do not have IE available and initialized.
-
New Functions
Get-PASGroup
- Enables querying of Vault Groups
Remove-PASGroupMember
- Enables removal of vault group members
Set-PASOnboardingRule
- Enables updates to existing Onboarding Rules
Add-PASDiscoveredAccount
- Enables addition of discovered accounts or SSH keys as a pending account in the accounts feed
Connect-PASPSMSession
- Retrieves parameters needed to monitor an in-progress PSM session
-
Updated Functions
Get-PASDirectory
- Now possible to query LDAP Directory by name
Get-PASAccountGroup
- Updated to use API endpoint in 10.5
Get-PASPSMConnectionParameter
- Updated to cater for Ad-Hoc Connections with unmanaged accounts
-
Bug Fixes
- Use of TLS 1.2 Protocol enforced when using PSCore
- Update
New-PASSession
- Option added to use Windows integrated authentication with default credentials
- Thanks steveredden!
- Option added to use Windows integrated authentication with default credentials
- Bug Fix
Get-PASAccountPassword
- Fix applied to allow accountID from version 10 to be accepted from pipeline object.
Get-PASAccount
- Validation added to
limit
parameter.
- Validation added to
- Bug Fix
Get-PASAccountPassword
- Backward compatibility for retrieving password values from CyberArk version 9 restored.
- Bug Fix
Export-PASPlatform
- Exported files were invalid, now fixed.
- Thanks jmk-foofus!
- New Functions
Get-PASPTAEvent
- function added, returns security events from PTA.Get-PASPTARule
- function added, returns rules from PTA.Get-PASPTARemediation
- function added, returns automatic remediation settings frm PTA.Add-PASPTARule
- function added, adds a new rule to PTA.Set-PASPTARule
- function added, updates a rule in PTA.Set-PASPTARemediation
- function added, updates automatic remediation.settings in PTA.
- Updated Function
Set-PASAccount
, updated to support new 10.4 API features.- Thanks Assaf!
The 1 year since first commit anniversary edition
-
Breaking Changes
New-PASSession
- Function now defaults to the v10 API Endpoints
- Users on CyberArk Version 9 need to specify the
-UseV9API
switch parameter
New-PASOnboardingRule
- Function now defaults to the ParameterSet relating to version 10.2 onwards
Add-PASPendingAccount
- Parameter
AccountDiscoveryDate
changed to type[datetime]
- Parameter
Add-PASApplication
- Parameter
ExpirationDate
changed to type[datetime]
- Parameter
Add-PASSafeMember
- Parameter
MembershipExpirationDate
changed to type[datetime]
- Parameter
Set-PASSafeMember
- Parameter
MembershipExpirationDate
changed to type[datetime]
- Parameter
New-PASUser
- Parameter
ExpiryDate
changed to type[datetime]
- Parameter
Set-PASUser
- Parameter
ExpiryDate
changed to type[datetime]
- Parameter
-
New Functions
Export-PASPlatform
function added, allows export of platform to a zip file.Get-PASUserLoginInfo
function added, retrieves logon information for the authenticated user.Add-PASDirectory
function added, adds a new LDAP directory for authentication.Get-PASDirectory
function added, lists LDAP directories.New-PASDirectoryMapping
function added, creates new LDAP Directory mappings.
-
Bug Fixes
New-PASSession
- Fixed issue where module was not returning authentication token when using LDAP credentials in version 10.3.
- To use LDAP authentication the
-type LDAP
must be specified as a parameter.
- To use LDAP authentication the
- Fixed issue where module was not returning authentication token when using LDAP credentials in version 10.3.
-
Other Updates
Remove-PASAccount
, updated to support new 10.4 API features.Get-PASAccount
, updated to support new 10.4 API features.- Version Check:
- All logon functions now attempt to query the version of CyberArk in use, and return the External Version number as an additional output property.
- The version check after logon can be skipped by specifying the
-SkipVersionCheck
parameter.
- The version check after logon can be skipped by specifying the
- Functions, or, functions with specific parameters, that have minimum version requirements will assert that the version being used can support the action being requested.
- If a minimum version requirement is not met, a descriptive error will be thrown.
- If the version of CyberArk is unknown, or the version check has been skipped, version assertion will not occur.
- All logon functions now attempt to query the version of CyberArk in use, and return the External Version number as an additional output property.
- Output:
- Any function that does return output, now includes the CyberArk ExternalVersion as a standard property.
- This enables functions along the pipeline to receive the information and assert and minimum version requirements.
- Any function that does return output, now includes the CyberArk ExternalVersion as a standard property.
- PSCore:
- All testing via Appveyor has now been transitioned to, and is performed in, PSCore.
-
New Function
Import-PASConnectionComponent
function added, allows import of connection component from zip file.
-
Bug Fixes
- Updates to some functions and test scripts to fix Pester & PSScriptAnalyzer failures/violations/errors
- Updates to some pester tests to allow them to run & pass in PowerShell Core
-
Other Updates
- Build, Test, Deploy process updated to run in PowerShell Core instead of Windows PowerShell 5
- Removed about_psPAS_Versions.help.txt - an unhelpful help file.
- Bug Fix:
- Fix added to specify
-SkipHeaderValidation
onInvoke-WebRequest
if using PowerShell Core.- Thanks Serge!
- Fix added to specify
- Bug Fixes:
New-PASSession
,New-PASSAMLSession
&New-PASSharedSession
prevented from providing output (except error message) in the event of a failure
-
New Functions
New-PASOnboardingRule
has added parameters available from 10.2 onwards. The 9.8 & 10.2 parameters are configured as separate parametersets.Get-PASOnboardingRule
has a new parameter added, allowing search of Onboarding rules by name in version 10.2Import-PASPlatform
function added, allowing import of CPM PlatformsGet-PASPSMConnectionParameters
updated to facilitate return of HTML5 connection data when PSMGW is configured.Suspend-PASPSMSession
&Resume-PASPSMSession
functions added, expanding on the automatic mitigation capability for PSM Sessions.
-
Attained 100% Code Coverage in the Tests for the module.
- Bug Fixes:
Add-PASAccountGroupMember
now sends AccountID with request.New-PASAccountGroup
fixed an incorrect parameter name (GroupPlatformID).New-PASSAMLSession
- basic authentication token now sent in request header.Get-PASOnboardingRule
,New-PASOnboardingRule
&Remove-PASOnboardingRule
, parameters updated to allow specification of alternate PVWA application name (in-line with the rest of the module's functions).
Published to PowerShell Gallery