Merge pull request #112 from pspete/feature-10_5

CyberArk 10.5 Features

CHANGELOG.md

@@ -1,5 +1,39 @@
 # psPAS
 
+## 2.3.0 (November 1st 2018)
+
+### Module update to cover CyberArk 10.5 API features
+
+- New Functions
+  - `Get-PASGroup`
+    - Enables querying of Vault Groups
+  - `Remove-PASGroupMember`
+    - Enables removal of vault group members
+  - `Set-PASOnboardingRule`
+    - Enables updates to existing Onboarding Rules
+  - `Add-PASDiscoveredAccount`
+    - Enables addition of discovered accounts or SSH keys as a pending account in the accounts feed
+  - `Connect-PASPSMSession`
+    - Retrieves parameters needed to monitor an in-progress PSM session
+
+- Updated Functions
+  - `Get-PASDirectory`
+    - Now possible to query LDAP Directory by name
+  - `Get-PASAccountGroup`
+    - Updated to use API endpoint in 10.5
+  - `Get-PASPSMConnectionParameter`
+    - Updated to cater for Ad-Hoc Connections with unmanaged accounts
+
+- Bug Fixes
+  - Use of TLS 1.2 Protocol enforced when using PSCore
+
+## 2.2.22 (October 21st 2018)
+
+- Update
+  - `New-PASSession`
+    - Option added to use Windows integrated authentication with default credentials
+      - Thanks [steveredden](https://github.com/steveredden)!
+
 ## 2.2.10 (September 23rd 2018)
 
 - Bug Fix

README.md

@@ -4,7 +4,7 @@
 
 Use PowerShell to manage CyberArk via the Web Services REST API.
 
-Contains all published methods of the API up to CyberArk v10.4.
+Contains all published methods of the API up to CyberArk v10.5.
 
 ----------
 
@@ -222,6 +222,11 @@ requires version 9.8+).
 [`Get-PASPTARule`][Get-PASPTARule]                                                       |**10.4**            |List all new Risky </br>Command rules from PTA
 [`Set-PASPTARemediation`][Set-PASPTARemediation]                                         |**10.4**            |Update automatic</br>response config in PTA
 [`Set-PASPTARule`][Set-PASPTARule]                                                       |**10.4**            |Update a Risky Command</br>rule in PTA
+[`Get-PASGroup`][Get-PASGroup]                                                           |**10.5**            |Return vault group information
+[`Remove-PASGroupMember`][Remove-PASGroupMember]                                         |**10.5**            |Remove vault group members
+[`Set-PASOnboardingRule`][Set-PASOnboardingRule]                                         |**10.5**            |Update Onboarding Rules
+[`Add-PASDiscoveredAccount`][Add-PASDiscoveredAccount]                                   |**10.5**            |Add of discovered accounts</br>to the accounts feed
+[`Connect-PASPSMSession`][Connect-PASPSMSession]                                         |**10.5**            |Get required parameters to </br>connect to live PSM Sessions
 
 [New-PASSession]:/psPAS/Functions/Authentication/New-PASSession.ps1
 [Close-PASSession]:/psPAS/Functions/Authentication/Close-PASSession.ps1
@@ -311,6 +316,11 @@ requires version 9.8+).
 [Get-PASPTARule]:/psPAS/Functions/EventSecurity/Get-PASPTARule.ps1
 [Set-PASPTARemediation]:/psPAS/Functions/EventSecurity/Set-PASPTARemediation.ps1
 [Set-PASPTARule]:/psPAS/Functions/EventSecurity/Set-PASPTARule.ps1
+[Get-PASGroup]:/psPAS/Functions/User/Get-PASGroup.ps1
+[Remove-PASGroupMember]:/psPAS/Functions/User/Remove-PASGroupMember.ps1
+[Set-PASOnboardingRule]:/psPAS/Functions/OnboardingRules/Set-PASOnboardingRule.ps1
+[Add-PASDiscoveredAccount]:/psPAS/Functions/Accounts/Add-PASDiscoveredAccount.ps1
+[Connect-PASPSMSession]:/psPAS/Functions/Monitoring/Connect-PASPSMSession.ps1
 
 ## Installation
 

Tests/Add-PASDiscoveredAccount.Tests.ps1

@@ -0,0 +1,219 @@
+#Get Current Directory
+$Here = Split-Path -Parent $MyInvocation.MyCommand.Path
+
+#Get Function Name
+$FunctionName = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -Replace ".Tests.ps1"
+
+#Assume ModuleName from Repository Root folder
+$ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf
+
+#Resolve Path to Module Directory
+$ModulePath = Resolve-Path "$Here\..\$ModuleName"
+
+#Define Path to Module Manifest
+$ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1"
+
+if( -not (Get-Module -Name $ModuleName -All)) {
+
+	Import-Module -Name "$ManifestPath" -Force -ErrorAction Stop
+
+}
+
+BeforeAll {
+
+	$Script:RequestBody = $null
+
+}
+
+AfterAll {
+
+	$Script:RequestBody = $null
+
+}
+
+Describe $FunctionName {
+
+	InModuleScope $ModuleName {
+
+		Context "Mandatory Parameters" {
+
+			$Parameters = @{Parameter = 'BaseURI'},
+			@{Parameter = 'SessionToken'},
+			@{Parameter = 'UserName'},
+			@{Parameter = 'Address'},
+			@{Parameter = 'discoveryDate'},
+			@{Parameter = 'AccountEnabled'},
+			@{Parameter = 'fingerprint'}
+
+			It "specifies parameter <Parameter> as mandatory" -TestCases $Parameters {
+
+				param($Parameter)
+
+				(Get-Command Add-PASDiscoveredAccount ).Parameters["$Parameter"].Attributes.Mandatory | Should Be $true
+
+			}
+
+		}
+
+		Context "Input" {
+
+			BeforeEach {
+
+				Mock Invoke-PASRestMethod -MockWith {}
+
+				$InputObj = [pscustomobject]@{
+					"sessionToken"   = @{"Authorization" = "P_AuthValue"}
+					"WebSession"     = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+					"BaseURI"        = "https://P_URI"
+					"PVWAAppName"    = "P_App"
+					"UserName"       = "SomeUser"
+					"Address"        = "SomeDomain"
+					"discoveryDate"  = "$(Get-Date 1/1/1971)"
+					"AccountEnabled" = $true
+
+				}
+
+			}
+
+			It "sends request" {
+				$InputObj | Add-PASDiscoveredAccount
+				Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It
+
+			}
+
+			It "sends request to expected endpoint" {
+				$InputObj | Add-PASDiscoveredAccount
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					$URI -eq "$($InputObj.BaseURI)/$($InputObj.PVWAAppName)/api/DiscoveredAccounts"
+
+				} -Times 1 -Exactly -Scope It
+
+			}
+
+			It "uses expected method" {
+				$InputObj | Add-PASDiscoveredAccount
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {$Method -match 'POST' } -Times 1 -Exactly -Scope It
+
+			}
+
+			It "sends request with expected body" {
+				$InputObj | Add-PASDiscoveredAccount
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+					($Body) -ne $null
+				} -Times 1 -Exactly -Scope It
+
+			}
+
+			It "has a request body with expected number of properties" {
+				$InputObj | Add-PASDiscoveredAccount
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					($Body | ConvertFrom-Json | Get-Member -MemberType NoteProperty).length -eq 4
+
+				} -Times 1 -Exactly -Scope It
+			}
+
+			It "converts date to expected UNIX time" {
+				$InputObj | Add-PASDiscoveredAccount
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					($Body | ConvertFrom-Json).discoveryDate -eq 31536000
+
+				} -Times 1 -Exactly -Scope It
+			}
+
+			It "throws error if version requirement not met" {
+
+				{$InputObj | Add-PASDiscoveredAccount -ExternalVersion 1.2} | Should throw
+
+			}
+
+			It "has a request body with expected platformTypeAccountProperties property for Windows" {
+				$InputObj | Add-PASDiscoveredAccount -sid 1234
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.SID -eq "1234"
+
+				} -Times 1 -Exactly -Scope It
+			}
+
+			It "has a request body with expected platformTypeAccountProperties property for UNIX" {
+				$InputObj | Add-PASDiscoveredAccount -uid 1234 -gid 1
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.UID -eq "1234"
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.GID -eq "1"
+
+				} -Times 1 -Exactly -Scope It
+			}
+
+			It "has a request body with expected platformTypeAccountProperties property for UNIXSSHKey" {
+				$InputObj | Add-PASDiscoveredAccount -uid 1234 -gid 1 -fingerprint "SomePrint" -Path "SomePath" -format "SomeFormat"
+				Assert-MockCalled Invoke-PASRestMethod -ParameterFilter {
+
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.UID -eq "1234"
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.GID -eq "1"
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.fingerprint -eq "SomePrint"
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.Path -eq "SomePath"
+					($Body | ConvertFrom-Json).platformTypeAccountProperties.format -eq "SomeFormat"
+
+				} -Times 1 -Exactly -Scope It
+			}
+
+		}
+
+		Context "Output" {
+
+			BeforeEach {
+
+				Mock Invoke-PASRestMethod -MockWith {
+
+					[pscustomobject]@{
+						"id"     = "Value1"
+						"status" = "Value2"
+					}
+
+
+
+				}
+
+
+				$InputObj = [pscustomobject]@{
+					"sessionToken"   = @{"Authorization" = "P_AuthValue"}
+					"WebSession"     = New-Object Microsoft.PowerShell.Commands.WebRequestSession
+					"BaseURI"        = "https://P_URI"
+					"PVWAAppName"    = "P_App"
+					"UserName"       = "SomeUser"
+					"Address"        = "SomeDomain"
+					"discoveryDate"  = "$(Get-Date 1/1/1971)"
+					"AccountEnabled" = $true
+
+				}
+
+			}
+
+			it "provides output" {
+				$response = $InputObj | Add-PASDiscoveredAccount
+				$response | Should Not BeNullOrEmpty
+
+			}
+
+			$DefaultProps = @{Property = 'sessionToken'},
+			@{Property = 'WebSession'},
+			@{Property = 'BaseURI'},
+			@{Property = 'PVWAAppName'},
+			@{Property = 'ExternalVersion'}
+
+
+			It "returns default property <Property> in response" -TestCases $DefaultProps {
+				param($Property)
+				($InputObj | Add-PASDiscoveredAccount).$Property | Should Not BeNullOrEmpty
+
+			}
+
+		}
+
+	}
+
+}