ansible-security-automation-collection icon indicating copy to clipboard operation
ansible-security-automation-collection copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Error when updating Account. Wrong Path?

Open thedatabaseme opened this issue 4 years ago • 3 comments

Hello,

I'm trying to getting an update of an existing User Account our Cyberark Vault to work. The Creation of the Account works fine. But when I try to update the Secret manually, I receive the following Error.

"msg": "Error while performing update_account.Please validate parameters provided.\n*** end_point=********/PasswordVault/api/Accounts/36_9\n ==> {'ErrorCode': 'PASWS125E', 'ErrorMessage': \"Property 'secretmanagement' cannot be added\"}",

The Payload looks like this:

    "payload": [
        {
            "op": "replace",
            "path": "/secretManagement",
            "value": {
                "manualManagementReason": "Test"
            }
        }

It seems to me, that the URL + Endpoint is concatinated wrongly by the account module. Following the API Documentation, the path should be /secretManagement/manualManagementReason and the Value alone should be "Test".

Here's my Playbook Code (The Authentication is excluded):

- name: Create Account
  cyberark_account:
    username: "UsertoUpdate"
    address: "Testserver"
    secret: "InitialPassword"
    logging_level: INFO
    state: present
    safe: "CUSA_Linux"
    platform_id: "CUSA_Linux_unmanaged"
    cyberark_session: "{{ cyberark_session }}"
    secret_management:
      automatic_management_enabled: false
  register: cyberark_account_creation

- name: Update Account
  cyberark_account:
    username: "UsertoUpdate"
    address: "Testserver"
    logging_level: DEBUG
    state: present
    safe: "CUSA_Linux"
    platform_id: "CUSA_Linux_unmanaged"
    cyberark_session: "{{ cyberark_session }}"
    secret_management:
      automatic_management_enabled: false
      manual_management_reason: "Test"
      new_secret: "ChangedPassword"
  register: cyberark_account_update

thedatabaseme avatar Nov 20 '20 12:11 thedatabaseme

Same for "automaticManagementEnabled". Currently, it's impossible to change the value with the help of this module.

It has to be: "payload": [ { "op": "replace", "path": "/secretManagement/automaticManagementEnabled", "value": true } ]

instead of

"payload": [ { "op": "replace", "path": "/secretManagement", "value": { "automaticManagementEnabled": true } } ]

owwweiha avatar Jul 05 '24 08:07 owwweiha

This is an issue since 2020 and no changes since then where the fix would be easy

hertus avatar Sep 04 '24 07:09 hertus

@cyberark-bizdev @infamousjoeg are you able to take a look at this?

szh avatar Sep 04 '24 13:09 szh