cyberark-aws-auto-onboarding icon indicating copy to clipboard operation
cyberark-aws-auto-onboarding copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Associate reconcile account to an onboarded ssh key

Open ahmednaz opened this issue 2 years ago • 6 comments

Is your feature request related to a problem? Please describe.

A clear and concise description of what the problem is. Ex. I would like to see [...] because [...]. Please include the intended use case and what the feature would improve on so that we can prioritize the feature accordingly.

Describe the solution you would like

We would like to associate a reconcile account to an ssh key we have onboarded using this framework. We can apply a reconcile account for another script we have created for bulk onboarding but with in this script/framework, we are not able to associate the reconcile account.

We have tried:

logger.info(f'Associate reconcile id with {instance_id}') header = DEFAULT_HEADER header.update({"Authorization": session}) url = f"{pvwa_url}/API/Accounts/{account_id}/LinkAccount" folder = "/" extraPasswordIndex = "3"

data = f"""
    {{    
        "account" : {{
            "name":"{reconcile_account_name}",
            "safe":"{reconcile_safe_name}",
            "folder":"{folder}"
            "extraPasswordIndex":"{extraPasswordIndex}"

We get following error: PASWS167E there are some invalid parameters

image (16)

Describe alternatives you have considered

not alternate at this point

Additional context

We onboard an ssh key first, rotate the key. then we onboarded a 2nd key, issue rotate and then associate the 2nd key as reconcile account for the first key. Association part is not working.

ahmednaz avatar May 04 '22 16:05 ahmednaz

Folder should be "root" not "/"

Code examples are available here

https://github.com/cyberark/epv-api-scripts/tree/main/Linked%20Accounts

bab29 avatar May 04 '22 20:05 bab29

Thank you for the feedback but we still getting same error even with root value: image (19)

image (18)

ahmednaz avatar May 13 '22 16:05 ahmednaz

You "data" should be this

data = f"""
{{
      "name": "{reconcile_account_name}",
      "safe": "{reconcile_safe_name}",
      "folder" "{folder}",
      "extraPasswordIndex": {extraPassIndex}
}}
"""

There is no "Account" layer in the call.

bab29 avatar May 13 '22 17:05 bab29

Thank you, this seems to be working.

ahmednaz avatar May 17 '22 07:05 ahmednaz

We also have another issue where a particular field, we call is, OpCoName is not appearing when performing onboarding with this script/workflow. screenshot attached. There are no errors in the execution of the script.

image

ahmednaz avatar May 18 '22 07:05 ahmednaz

We also have another issue where a particular field, we call is, OpCoName is not appearing when performing onboarding with this script/workflow. screenshot attached. There are no errors in the execution of the script.

image

Any feedback please?

ahmednaz avatar May 25 '22 10:05 ahmednaz