Release v1.0.24

🎯 What's New in v1.0.24

---

Documentation

Cmdlet Help — .OUTPUTS Accuracy Improvements

The .OUTPUTS section of every cmdlet has been audited and corrected. Several cmdlets had wrong type names, missing alternate return types (e.g. the -Async job object or the -ScheduleTime schedule object), or an inaccurate property list. Get-Help <cmdlet> now reliably reflects every object type a cmdlet can return, regardless of which parameters are used. This benefits script authors, IDE tooling, and documentation generators that rely on help metadata.

---

Non-Production Environment Support (Pavo)

The module now supports HPE's internal pre-production GreenLake environment (Pavo). This enables automation engineers who need to develop or validate scripts against Pavo to run the exact same cmdlets without any code changes.

To connect to Pavo, set the $env:HPE_COMMON_CLOUD_URL environment variable to https://pavo.common.cloud.hpe.com before calling Connect-HPEGL. All API endpoints, authentication settings, and region configuration are then automatically derived from that environment — no additional parameters are required.

The following areas have been updated to work correctly with Pavo:

• Disconnect-HPEGL — Pavo uses a different SSO provider than production. The disconnect operation now completes cleanly and the session is always fully terminated.

• Get-HPEGLUserAccountDetails — The cmdlet now correctly targets the Pavo OnePass instance when connected to Pavo, instead of the production service.

---

Bug Fixes

• Add-HPEGLDeviceTagToDevice, Remove-HPEGLDeviceTagFromDevice, Set-HPEGLDeviceLocation, Remove-HPEGLDeviceLocation, Set-HPEGLDeviceServiceDeliveryContact, Remove-HPEGLDeviceServiceDeliveryContact — -WhatIf produced no output — Passing -WhatIf to any of these six cmdlets displayed nothing. Fixed: -WhatIf now correctly simulates and displays the API request that would be sent.

• Connect-HPEGL error message for transient server errors — A 500 response from the GreenLake API token endpoint was surfaced as raw JSON ({"error": "server_error"}). Fixed by wrapping retry-exhaustion failures in a descriptive error message that includes the HTTP status code and advises retrying.

• Connect-HPEGL transient HTML response during authentication — On first call, the HPE identity service occasionally returns an HTML error page where a JSON response is expected, causing the cmdlet to fail with a JSON parse error (Unexpected character '<'). Fixed: the error is now detected as a known transient condition, the cmdlet automatically retries once after a 1-second delay, and emits an informational message. A second attempt is no longer required.

• Connect-HPEGL — SSO identity provider metadata now stored in session — After a successful SSO authentication, the $Global:HPEGreenLakeSession object is now populated with two new fields:

  • idp — the identity provider URL (e.g. https://sts.windows.net/<tenant-id> for Entra ID, https://<company>.okta.com for Okta).
  • idpType — the identity provider type string: EntraID, Okta, or PingIdentity.

  Both fields are $null for non-SSO (username/password) authentication. They are derived from the OAuth2 display parameter in the SSO redirect chain and require no user configuration.

• Get-HPEGLUserAccountDetails, Set-HPEGLUserAccountDetails, Set-HPEGLUserAccountPassword — raw OnePass error payload for federated users — When called for an account managed by a federated identity provider (Okta, Entra ID, PingIdentity), these cmdlets returned a raw 404 payload with the internal error code accessToken_not_matches_with_userId. Fixed: the error is now caught and replaced with a clear warning that identifies the detected identity provider (using the new idp/idpType session fields) and directs the user to their company IdP to manage account settings or change their password.

Save-HPEGLSession / Restore-HPEGLSession — Multiple session-switching bugs fixed

Several bugs affecting workspace session save/restore were discovered and fixed:

• Clone() lost after restore — Save-HPEGLSession failed with "does not contain a method named 'Clone'" after a Restore-HPEGLSession call. Fixed: the method is now reliably re-attached on every restore.

• Full reconnect instead of fast token refresh — After restoring a session, the next workspace operation triggered a full 7-step reconnect instead of a lightweight token refresh. Fixed: token refresh now correctly identifies the restored session's credentials.

• Credentials cleared but never recreated — In a specific error-recovery path, credential tokens were cleared but not rebuilt, causing the subsequent reconnect attempt to silently skip credential creation. Fixed: the recovery path now always recreates credentials.

• "Refresh token is no longer valid" after several restores — The OAuth2 refresh token was rotated on every reconnect even when the existing token was still valid, invalidating all other saved sessions. Fixed: rotation is now skipped when the token has sufficient remaining lifetime.

• COM regions not updated after Restore-HPEGLSession — After restoring a session, Compute Ops Management cmdlets could still use the previous workspace's region list. Fixed: the region list is now saved alongside the session and restored with it.

• Restore-HPEGLSession incorrectly blocked after Remove-HPEGLWorkspace — Removing a workspace clears the active session, which was mistakenly interpreted as an explicit disconnect, blocking any subsequent restore. Fixed: restore is now only blocked after an explicit Disconnect-HPEGL call.

• Session corruption when switching workspaces after restore — After restoring a session and switching to another workspace, the saved-session variable could be silently corrupted, causing future restores to refresh the wrong workspace's tokens. Fixed: the restore operation now works on an independent copy of the session object. Additionally, refreshed tokens are automatically synced back to the saved-session variable after each restore, so Save-HPEGLSession no longer needs to be called after every Restore-HPEGLSession call.

• New-HPECOMServerActivationKey — cryptic JWT verification failed error when no subscription is available — When called with no -SubscriptionKey parameter and no valid server subscription existed in the workspace, the COM API returned the completely unrelated error JWT verification failed, Token issuer is not trusted. Fixed: a pre-flight check now verifies that at least one valid server subscription with available quantity exists before making the API call. If none is found, a clear actionable error message is returned listing the steps to add a subscription key or enable auto-subscription.

All COM Cmdlets — Misleading Error When COM Is Not Provisioned

When a COM cmdlet was called with an unprovisioned -Region value, all COM modules produced the misleading error "No active HPE GreenLake session found" — even when the user was fully authenticated. The root cause was a single combined condition checking both session existence and provisioned regions simultaneously.

Fixed: the two checks are now separate. If the session is missing, the original message is shown; if the session exists but Compute Ops Management is not provisioned in the workspace, the user now receives a clear, actionable message directing them to Get-HPEGLService -Name 'Compute Ops Management' -ShowProvisioned.

---

Installation

Install-Module -Name HPECOMCmdlets -RequiredVersion 1.0.24

Or update from a previous version:

Update-Module -Name HPECOMCmdlets

Release v1.0.23

🎯 What's New in v1.0.23

---

38 x New Cmdlets

Save-HPEGLSession / Restore-HPEGLSession

Save and restore workspace sessions for multi-workspace automation without re-authenticating. Restore-HPEGLSession automatically refreshes the access token on restore.

$prodSession = Save-HPEGLSession
Connect-HPEGL -Workspace "Staging"
# ... operations ...
Restore-HPEGLSession -Session $prodSession

---

Invoke-HPECOMExternalServiceVCenterFirmwareBaselineSync

Trigger a firmware baseline synchronization job for a VMware vCenter external service. Supports -Async and scheduled/recurring execution (-ScheduleTime / -Interval).

Invoke-HPECOMExternalServiceVCenterFirmwareBaselineSync -Region us-west -Name "vcsa.lab.local"
Invoke-HPECOMExternalServiceVCenterFirmwareBaselineSync -Region us-west -Name "vcsa.lab.local" -ScheduleTime (Get-Date).AddHours(6) -Interval P1W
Get-HPECOMExternalService -Region us-west -ServiceType VMWARE_VCENTER | Invoke-HPECOMExternalServiceVCenterFirmwareBaselineSync

---

Confirm-HPEGLLocation

Revalidate expired locations and reset the validation cycle to 6, 12 (default), or 18 months. Use -Force to skip the confirmation prompt.

Confirm-HPEGLLocation -Name "Building 5 - Paris" -ValidationCycle 18
Get-HPEGLLocation | Where-Object validationExpired -eq $True | Confirm-HPEGLLocation

---

Restart-HPECOMAppliance

Trigger an OS reboot of an HPE Secure Gateway appliance. Only Secure Gateway appliances are supported; appliance must be in Connected state. Supports -Async.

Restart-HPECOMAppliance -Region eu-central -Name "sg01.lj.lab"
Get-HPECOMAppliance -Region eu-central -Type SecureGateway | Restart-HPECOMAppliance -Async

---

Add-HPECOMApprovalPolicyToGroup / Remove-HPECOMApprovalPolicyFromGroup

Attach or detach an approval policy from a group. When an approval policy is attached, any approvable operation targeting that group's servers will require explicit approval before execution.

Add-HPECOMApprovalPolicyToGroup -Region eu-central -GroupName "Production" -PolicyName "RequireApproval"
Remove-HPECOMApprovalPolicyFromGroup -Region eu-central -GroupName "Production" -PolicyName "RequireApproval"

---

Get-HPECOMApprovalRequest

Retrieve pending or historical approval requests for jobs awaiting authorization. Filter by -State (e.g., PENDING, APPROVED, DECLINED) or by resource.

Get-HPECOMApprovalRequest -Region eu-central -State PENDING

---

Resolve-HPECOMApprovalRequest

Approve or decline a pending job approval request. Supports optional -Remarks to include a reason with the decision.

Get-HPECOMApprovalRequest -Region eu-central -State PENDING | Resolve-HPECOMApprovalRequest -Action Approve
Resolve-HPECOMApprovalRequest -Region eu-central -RequestId <id> -Action Decline -Remarks "Not authorized at this time"

---

Get-HPECOMOneViewServerProfileTemplate

Retrieve all server profile templates from OneView appliances registered in COM. Filter by appliance name (-ApplianceName) or display extended attributes (-ShowAttributes). Pagination is handled automatically.

Get-HPECOMOneViewServerProfileTemplate -Region eu-central
Get-HPECOMAppliance -Region eu-central | Get-HPECOMOneViewServerProfileTemplate

---

New-HPECOMSettingOneViewAppliance / Set-HPECOMSettingOneViewAppliance

Create and update OneView VM appliance settings. New- captures settings from a source appliance across 8 categories (Security, Notifications, Proxy, Remote Support, SNMP, Time/Locale, Updates, Global Settings) with 22 granular parameters. Set- updates an existing setting.

---

New-HPECOMSettingOneViewSynergyAppliance / Set-HPECOMSettingOneViewSynergyAppliance

Create and update Synergy Composer appliance settings. New- captures interconnect and logical interconnect settings from a Synergy Composer with automatic source validation.

New-HPECOMSettingOneViewSynergyAppliance -Region eu-central -Name "SynergyPolicy" -ApplianceName "synergy01.lab"

---

New-HPECOMSettingOneViewServerProfileTemplate / Set-HPECOMSettingOneViewServerProfileTemplate

Copy server profile templates from a OneView appliance into COM as a setting. Appliance type (VM vs Synergy) is auto-detected from the source appliance name.

New-HPECOMSettingOneViewServerProfileTemplate -Region eu-central -Name "WebSrv-Template" -ApplianceName "ov01.lab" -TemplateName "Web Server Profile"

---

New-HPECOMSettingOneViewApplianceSoftware / Set-HPECOMSettingOneViewApplianceSoftware

Define the target OneView firmware version for managed OVE appliances by referencing a firmware bundle. Use -ApplianceType when a version matches bundles for both VM and Synergy.

New-HPECOMSettingOneViewApplianceSoftware -Region eu-central -Name "OVE-LTS" -Version "9.10.00.300754"
Get-HPECOMApplianceFirmwareBundle -Region eu-central | New-HPECOMSettingOneViewApplianceSoftware -Name "OVE-LTS"

---

Add-HPECOMApplianceToGroup / Remove-HPECOMApplianceFromGroup

Manage OVE appliance group membership. Use -All on Remove- to remove all members at once. Both cmdlets support pipeline input from Get-HPECOMAppliance.

Get-HPECOMAppliance -Region eu-central -Type OVEVMAppliance | Add-HPECOMApplianceToGroup -GroupName "OVE-VM-Group"
Remove-HPECOMApplianceFromGroup -Region eu-central -GroupName "OVE-VM-Group" -ApplianceName "ov01.lab"

---

Update-HPECOMGroupApplianceFirmware

Trigger firmware updates for all appliances in an OVE appliance group. Target version comes from the group's appliance software setting. Appliances already at the target version or with jobs in progress are skipped. Use -Force to suppress the confirmation prompt; -Wait to block until completion.

Update-HPECOMGroupApplianceFirmware -Region eu-central -GroupName "OVE-VM-Group" -Force
Get-HPECOMGroup -Region eu-central -ShowDeviceType OVE_APPLIANCE_VM | Update-HPECOMGroupApplianceFirmware -Force

---

Invoke-HPECOMGroupApplianceSettings

Apply the OneView appliance settings assigned to a group to all its member appliances. Supports -Async.

Invoke-HPECOMGroupApplianceSettings -Region eu-central -GroupName "OVE-VM-Group"
Get-HPECOMGroup -Region eu-central -ShowDeviceType OVE_APPLIANCE_VM | Invoke-HPECOMGroupApplianceSettings

---

Copy-HPECOMGroupApplianceServerProfileTemplate

Copy server profile templates from the group's template setting to all group member appliances. Supports -Async.

Copy-HPECOMGroupApplianceServerProfileTemplate -Region eu-central -GroupName "OVE-VM-Group"

---

Invoke-HPECOMApplianceRefreshSettings

Trigger a COM job to pull the latest configuration from a OneView appliance and update the COM setting record. Supports -Async, -ScheduleTime, and -Interval.

Invoke-HPECOMApplianceRefreshSettings -Region eu-central -ApplianceName "ov01.lab"
Get-HPECOMAppliance -Region eu-central -Type OVEVMAppliance | Invoke-HPECOMApplianceRefreshSettings

---

Set-HPECOMServerUIDIndicator

Control the UID (Unit Identification) indicator light on a server. Use the UID LED to physically locate a server in a data center without logging into iLO.

Set-HPECOMServerUIDIndicator -Region eu-central -Name myserver -State On
Set-HPECOMServerUIDIndicator -Region eu-central -Name myserver -State Off

---

Get-HPEGLWebhook / New-HPEGLWebhook / Set-HPEGLWebhook / Send-HPEGLWebhookTest / Remove-HPEGLWebhook / Confirm-HPEGLWebhookEndpoint / Invoke-HPEGLWebhookDeliveryRetry

Full lifecycle management for HPE GreenLake platform webhook endpoints. Webhooks define a destination URL and authentication method; event subscriptions are managed separately with the subscription cmdlets below.

• Get-HPEGLWebhook — List all webhooks, filter by name or status. Use -ShowRecentDeliveries with -Name to view the recent delivery history for a specific webhook (outcome, HTTP response code, and timestamp for each recent delivery attempt).
• New-HPEGLWebhook — Register a new webhook endpoint. Supports API Key, OAuth, and No authentication. Optionally enable batching to group multiple events into a single delivery (-BatchingEnabled).
• Set-HPEGLWebhook — Rename a webhook or update its destination URL.
• Send-HPEGLWebhookTest — Send a test event to a webhook's destination to verify connectivity.
• Confirm-HPEGLWebhookEndpoint — Verify that a webhook's destination URL is reachable and the server is ready to receive events. Returns a status object indicating whether the endpoint passed verification.
• Invoke-HPEGLWebhookDeliveryRetry — Retry a failed webhook delivery. Accepts the webhook name and a failure ID, which can be piped directly from Get-HPEGLWebhook -ShowRecentDeliveries for deliveries where RetryStatus is RETRY.
• Remove-HPEGLWebhook — Delete one or more webhooks. All associated event subscriptions are removed automatically.

New-HPEGLWebhook -Name "Webhook for audit log events" -Destination "https://hooks.example.com/audit" -AuthenticationType "No authentication"
New-HPEGLWebhook -Name "Webhook for device events" -Destination "https://hooks.example.com/devices" -AuthenticationType "API Key" -BatchingEnabled
Set-HPEGLWebhook -Name "Webhook for audit log events" -Destination "https://hooks.new-endpoint.com/audit"
Send-HPEGLWebhookTest -Name "Webhook for audit log events"
Get-HPEGLWebhook -Name "Webhook for audit log events" -ShowRecentDeliveries
Confirm-HPEGLWebhookEndpoint -Name "Webhook for audit log events"
Get-HPEGLWebhook | Remove-HPEGLWebhook

---

Get-HPEGLWebhookSubscription / Add-HPEGLWebhookSubscription / Remove-HPEGLWebhookSubscription

Manage event type subscriptions that link specific HPE GreenLake event types to a webhook endpoint. A webhook receives events...

Release v1.0.22

🎯 What's New in v1.0.22

Enhancements

UTF-8 Character Support

All Cmdlets - Proper Handling of Accented Characters

• Fixed issue where names and text with accented characters (é, à, ñ, etc.) were corrupted
• Affects all cmdlets that send or receive text data (Get-HPEGLUser, New-HPEGLLocation, New-HPECOMGroup, etc.)
• Characters now display and send correctly in all operations

Error Handling - Improved User Guidance

Connect-HPEGL - Enhanced Error Messages

• SSO Detection: When using -Credential with hpe.com account requiring SSO, error now clearly directs to use -SSOEmail instead
• Authentication Context: Error messages now reflect the actual authenticator in use (password vs Okta Verify)
• User Identifier Validation: Improved detection of SSO redirect scenarios to prevent misleading "username not recognized" errors
• 401 Errors: Password authentication failures now show "Incorrect password or authentication error" instead of generic Okta Verify message
• Entra ID State 3: Added specific error handling for AuthorizationState = 3 (passwordless not fully configured) with clear setup instructions

Invoke-EntraIDMFAAuthentication - Enhanced Push Notification Handling

• State 3 Detection: Now properly identifies when Microsoft Authenticator is installed but passwordless phone sign-in is not enabled
• Clear Guidance: Provides step-by-step instructions for enabling passwordless sign-in (phone sign-in toggle)
• Alternative Options: Suggests using -Credential parameter as immediate workaround
• Better Diagnostics: Distinguishes between denied push (State 1), approved (State 2), not configured (State 3), and unexpected states

iLO Connection - DisabledByCOM Handling Fix

Connect-HPEGLDeviceComputeiLOtoCOM - Fixed False Connection Failures

• Issue Fixed: iLOs showing DisabledByCOM status with WebConnectivity: Connected were incorrectly reported as failed connections
• Root Cause: DisabledByCOM is a temporary administrative state during initial connection establishment, not a failure
• Solution:
  • Excluded DisabledByCOM from error detection logic
  • Modified loop exit condition to recognize successful connection when DisabledByCOM + Connected state detected
  • Connection now properly proceeds to verify device appears in workspace
• Impact: iLO connections that were failing with "iLO cannot be connected to Compute Ops Management! DisabledByCOM" now correctly complete as successful
• Result: Status now shows "Complete" with device successfully appearing in COM workspace

Unicode Character Support - UTF-8 Encoding Fix

Invoke-HPEGLWebRequest & Invoke-HPECOMWebRequest - Fixed Character Encoding

• Issue Fixed: API calls with accented characters (é, à, ü, ñ, etc.) in JSON payloads were being corrupted in both requests and responses, causing validation failures

• Root Cause:

  • Sending: JSON strings with non-ASCII characters weren't properly UTF-8 encoded before transmission
  • Receiving: API responses with accented characters weren't explicitly decoded as UTF-8, resulting in corruption (é became ??)

• Affected Cmdlets: Any cmdlet sending/receiving user names, descriptions, or text fields with accented characters:

  • Get-HPEGLUser - Returned corrupted names ("Lion??l" instead of "Lionél")
  • New-HPEGLLocation - Failed when contact emails referenced users with accented names
  • New-HPECOMGroup - Could fail with accented group descriptions
  • All other cmdlets using Invoke-HPEGLWebRequest or Invoke-HPECOMWebRequest

• Solution:

  • Request Encoding: Automatic detection of non-ASCII characters, converts JSON payloads to UTF-8 byte arrays before sending
  • Response Decoding: Explicit UTF-8 decoding of API responses using RawContentStream with StreamReader
  • Applied to all API endpoints in both wrapper functions (UI Doorway, GLP Platform API, Onepass API, COM API)

• Example Errors Resolved:

• Impact: All cmdlets now properly handle international characters in both directions (API → PowerShell and PowerShell → API)

• Result: Users with accented characters work correctly in all operations - retrieving user data, creating locations, group descriptions, etc.

Breaking Changes

None

Deprecations

None

---

Installation & Upgrade

PowerShell Gallery

# Install or update to latest version
Install-Module -Name HPECOMCmdlets -Force

# Update existing installation
Update-Module -Name HPECOMCmdlets

Minimum Requirements

• PowerShell 7.0 or later
• HPE GreenLake account with Compute Ops Management service provisioned

---

Resources

• GitHub Repository: https://github.com/jullienl/HPE-COM-PowerShell-Library
• Documentation: See README.md in repository

Release v1.0.21

🎯 What's New in v1.0.21

Enhancements

iLO Connection - User-Configurable Retry Parameters

Connect-HPEGLDeviceComputeiLOtoCOM - New Retry Control Parameters

• New Parameter: MaxConnectionAttempts (default: 10, range: 1-30) - Control maximum connection retry attempts
• New Parameter: ConnectionRetryDelaySeconds (default: 5, range: 1-60) - Configure delay between retry attempts
• New Parameter: ConnectionMonitoringTimeoutSeconds (default: 120, range: 30-600) - Set timeout for monitoring connection progress
• Benefits:
  • Flexible retry behavior for different network environments
  • Fast-fail mode for testing (-MaxConnectionAttempts 1)
  • Extended resilience for flaky networks (increase attempts and timeouts)
  • Better control for automation scripts with specific timing requirements
• Backward Compatible: All parameters use defaults matching previous hardcoded values

API Wrapper Functions - Collection Property Detection Synchronization

Invoke-HPEGLWebRequest & Invoke-HPECOMWebRequest - Enhanced Response Handling

• Synchronized collection property detection logic across both GLP and COM API wrappers
• Enhanced detection to support non-standard property names: items, roles, users, members, resources, data
• Added metadata property exclusion to prevent false matches: excluded, count, total, offset, limit
• Automatically adds items alias when collection uses non-standard property name
• Returns full response object when no collection property is found
• Ensures consistent behavior across all HPEGL* and HPECOM* cmdlets

Server Utilization & Sustainability Insights - Improved Processor Compatibility Detection

Get-HPECOMServerUtilizationInsights - Enhanced Non-Intel Server Handling

• Changed approach: No longer blocks non-Intel servers upfront (allows API to determine compatibility)
• Enhanced "excluded from insights" warning to include processor-specific guidance when applicable
• For non-Intel servers returning no data: Warning now indicates processor type and mentions limited architecture support
• For Intel servers returning no data: Standard metrics/data collection troubleshooting guidance
• Updated documentation: Changed from "Intel-only" to "primarily designed for Intel, some non-Intel architectures may have limited support"
• Prevents false positives while providing helpful context when utilization data is unavailable

Get-HPECOMSustainabilityInsights - Fixed Issues

• Fixed bug: Server-specific queries now correctly filter by single server instead of returning all servers
• Added resource-uri parameter support to API calls for precise server filtering
• Improved pagination handling with -SkipPaginationParameters for resource-uri queries
• Resolved data wrapping issue when using -ReturnFullObject flag
• Fixed: -WhatIf no longer triggers false "No sustainability insights data were found" warning
• WhatIf now cleanly shows API preview without attempting to validate null results

Get-HPECOMServerUtilizationInsights - Fixed Issues

• Fixed bug: Single-server utilization queries now correctly extract and process items array
• Resolved issue where API-returned data was not properly unwrapped from response object
• Enhanced items array extraction logic for all metric types (CPU, Memory, IO, CPU Interconnect)
• Added -SkipPaginationParameters to prevent unwanted limit/offset on resource-uri queries
• Fixed: -WhatIf no longer attempts to process null data for each server in the loop
• Added Continue statement to skip to next iteration when WhatIf is enabled
• Prevents false warnings about excluded servers or missing data during API preview

Breaking Changes

None

Deprecations

None

---

Installation & Upgrade

PowerShell Gallery

# Install or update to latest version
Install-Module -Name HPECOMCmdlets -Force

# Update existing installation
Update-Module -Name HPECOMCmdlets

Minimum Requirements

• PowerShell 7.0 or later
• HPE GreenLake account with Compute Ops Management service provisioned

---

Resources

• GitHub Repository: https://github.com/jullienl/HPE-COM-PowerShell-Library
• Documentation: See README.md in repository
• Report Issues: https://github.com/jullienl/HPE-COM-PowerShell-Library/issues

Release v1.0.20

🎯 What's New in v1.0.20

New Features

Approval Policy Management

Complete approval policy lifecycle management cmdlets for HPE Compute Ops Management:

• Get-HPECOMApprovalPolicy: Retrieve approval policies with support for:

  • List all policies or filter by name
  • -ShowPolicyDetails for full configuration including approvables and resources
  • Pipeline output with resourceUri for seamless integration with Set/Remove cmdlets
  • WhatIf support for API preview

• New-HPECOMApprovalPolicy: Create approval policies with advanced validation:

  • 12 individual action parameters matching UI design: EnableAllApprovers, UpdateFirmwareApprovers, ApplyInternalStorageConfigurationApprovers, InstallOperatingSystemImageApprovers, ApplyExternalStorageConfigurationApprovers, PowerOnApprovers, PowerOffApprovers, ResetApprovers, ColdBootApprovers, UpdateiLOFirmwareApprovers, ApplyServerSettingsApprovers, DownloadFirmwareApprovers
  • Each action has separate Approvers (email list) and Required (1-4) parameters
  • EnableAllApprovers: Special parameter that expands to all 11 individual actions automatically

• Set-HPECOMApprovalPolicy: Update existing policies with same validation as New:

  • Accepts policy by Name or ResourceUri (pipeline compatible)
  • CRITICAL BEHAVIOR: If ANY action parameter specified, ALL existing actions REPLACED with new configuration
  • To preserve existing actions while modifying: Must specify all actions you want in the policy
  • If NO action parameters specified: Existing actions preserved unchanged
  • Can update Name (-NewName), Description, and GroupNames independently without affecting actions
  • Same validation as New: user existence, group existence, collects all errors
  • Pipeline support from Get-HPECOMApprovalPolicy

• Remove-HPECOMApprovalPolicy: Delete policies with validation:

  • Accepts policy by Name or ResourceUri (pipeline compatible)
  • Pre-validation: Verifies policy exists before attempting deletion
  • Pipeline support from Get-HPECOMApprovalPolicy

Enhanced Functionality

Server Management Enhancements

Get-HPECOMAlert - New Function for Retrieving Server Alerts

• New standalone function to retrieve server security alerts and issues
• Supports retrieving alerts for all servers in a region or for a specific server by name/serial number
• Consistent pattern with Get-HPECOMActivity and Get-HPECOMJob (uses -SourceName parameter)
• Supports pipeline input from Get-HPECOMServer
• Default behavior: Shows all alerts regardless of age (alerts persist until cleared, unlike temporal activities)
• Time filtering options: -ShowLastWeek (7 days), -ShowLastMonth, -ShowLastThreeMonths
• Returns alert objects sorted by creation date (most recent first) with properties: serverName, serialNumber, serverId, createdAt (DateTime), description, severity, category, region
• Get-HPECOMServer -ShowAlerts now uses Get-HPECOMAlert internally for consistent behavior

Get-HPECOMServerLogs - New Function for Collecting and Downloading Server Logs

• Collects server logs (AHS) asynchronously with download URL retrieval via /download-logs endpoint
• Optional -Path for automatic download with timestamped filename,
• -UploadToHPESupport for HPE support case analysis
• Supports pipeline input for batch operations
• Graceful timeout handling: Returns job URI with detailed instructions when timeout is reached

Get-HPECOMServer - New Parameters

• Added -ShowActivities switch parameter to retrieve activities for specific server(s) or all servers in the region
• Added -ShowAlerts switch parameter to retrieve alerts for specific server(s) or all servers in the region
• Added -ShowJobs switch parameter to retrieve jobs for specific server(s) or all servers in the region

Get-HPECOMGroup - New Parameters

• Added -ShowActivities switch parameter to retrieve activities for specific group(s) or all groups in the region
• Added -ShowJobs switch parameter to retrieve jobs for specific group(s) or all groups in the region

Get-HPECOMAppliance - New Parameterrs

• Added -ShowActivities switch parameter to retrieve activities for specific appliance(s) or all appliances
• Added -ShowJobs switch parameter to retrieve jobs for specific appliance(s) or all appliances

Get-HPECOMJob - New SourceName Parameter for Resource-Based Job Filtering

• Added -SourceName parameter to filter jobs by resource name (server, group, or appliance)
• Clarified -Name parameter is exclusively for job names (e.g., 'IloOnlyFirmwareUpdate')
• Follows the same pattern as Get-HPECOMActivity for consistent resource filtering
• Automatically detects resource type and applies appropriate filter (associatedResourceId for servers, resource/id for groups/appliances)

Session Management Enhancements

Connect-HPEGL - New Session Methods and Properties

• Clone() Method: Creates deep copy of session object for instant restoration without API calls, ideal for switching between workspaces
• IsValid Property: Dynamically checks if session is valid by verifying both OAuth2 and GLP API token expiration

---

Bug Fixes

Enhanced Error Handling Across All Cmdlets

• Improved catch block error handling to prioritize enhanced error messages from API wrappers
• Detailed 403 Forbidden errors now show cause, required actions, and technical details for troubleshooting

Connect-HPEGLDeviceComputeiLOtoCOM - Enhanced Error Detection and Reporting

• Fixed duplicate object output on timeout and added real-time FailReason detection (checks every 4 seconds)
• Reports specific errors within 4-8 seconds instead of waiting for full timeout

Connect-HPEGLDeviceComputeiLOtoCOM - New Proxy Management Parameters

• -RemoveExistingiLOProxySettings: Removes existing iLO proxy configuration before connecting to COM
• -ResetiLOIfProxyErrorPersists: Automated iLO reset when proxy errors persist after removal (addresses iLO firmware limitation)
• Enhanced proxy removal workflow with verification and automatic CloudConnect disable

New-HPEGLScopeGroup - Fixed API Payload Issue

• Removed unsupported resourceProviderName field from API request payload that was causing rejection errors

New-HPEGLService - Fixed Parameter Name Error

• Fixed internal code using outdated -ComputeOpsManagementRole parameter, updated to correct -RoleName parameter
• Also updated documentation and example scripts

Get-HPECOMActivity - Fixed -SourceName Parameter

• Fixed internal call error, URL encoding, and improved error handling
• Now correctly retrieves activities by source name for servers, groups, appliances, and external services
• Fixed appliance activity filtering by adding proper type prefix mapping (gateway+, oneview+)

Get-HPECOMServerUtilizationInsights - Enhanced Error Messages and Warnings

• Fixed URL encoding to use uppercase hex (%2F, %2B) as required by API
• Enhanced warnings for excluded servers with detailed causes and resolution steps
• Suppressed redundant warnings and added verbose debugging output

Get-HPECOMSustainabilityInsights - Enhanced Filtering and Error Messages

• Renamed parameter from -SerialNumber to -Name accepting both hostnames and serial numbers (aliases added for backward compatibility)
• Fixed filtering to check both serialNumber and name fields
• Added detailed warning when servers have no sustainability data with resolution steps

Invoke-HPECOMWebRequest and Invoke-HPEGLWebRequest - Fixed -ReturnFullObject Behavior

• Now correctly returns full response object when -ReturnFullObject is used, even when total=0
• Ensures access to important response properties like excluded, count, and metadata

Get-HPECOMServerInventory - Fixed -ShowSoftware and -ShowSmartUpdateTool Error Handling

• Enhanced warning message for -ShowSoftware when data is unavailable to specifically mention HPE Agentless Management Service (AMS) requirement
• Enhanced warning message for -ShowSmartUpdateTool when data is unavailable to specifically mention Smart Update Tool (SUT) installation requirement
• Warning now displays even when full inventory collection has been previously run, as software and SUT inventory require respective services to be running on the server OS
• Fixed null reference error when attempting to add serverName property to null data
• Added null check before adding member properties to prevent failures when inventory data is unavailable

---

📦 Installation & Upgrade

🚀 See How to Upgrade the Module

---

📖 Documentation & Resources

• 📘 SAML SSO Configuration Guide - Complete step-by-step tutorial
• 📖 PowerShell Library Blog - Examples and best practices
• 💬 GitHub Discussions - Community support and Q&A
• 🐛 Report Issues - Bug reports and feature requests

---

🙏 Feedback & Contributions

We'd love to hear your feedback! If you encounter any issues or have suggestions for improvements, please open an issue or start a discussion on GitHub.

Full Changelog: v1.0.19...v1.0.20

Release v1.0.19

🎯 What's New in v1.0.19

Highlights

This release introduces major enhancements to identity and access management (IAMv2 support),
modernized API terminology, expanded server compliance monitoring, and improved connection reliability.
Organizations managing multiple workspaces and tenants will benefit from new organization management
features and scope-based access control (SBAC) capabilities.

---

New Features

Server Health & Compliance Monitoring

Get-HPECOMServer - Enhanced Compliance Parameters

• Added -ShowHealthStatus parameter displays comprehensive hardware health information
  • Overall health summary and health LED status
  • Component health: fans, memory, network, power supplies, processor, storage, temperature, BIOS, smart storage
  • Redundancy states: fan, liquid cooling, and power supply redundancy
  • Usage: Works with or without -Name parameter (no filter support)
• Added group compliance parameters for server perspective
  • -ShowGroupCompliance - Comprehensive group compliance view
  • -ShowGroupiLOSettingsCompliance - iLO settings compliance per server
  • -ShowGroupExternalStorageCompliance - External storage compliance per server

Get-HPECOMGroup - Enhanced Compliance Parameters

• Added granular compliance type parameters matching HPE Compute Ops Management UI
  • -ShowFirmwareCompliance - Firmware compliance details
  • -ShowiLOSettingsCompliance - iLO settings compliance
  • -ShowExternalStorageCompliance - External storage compliance
  • -ShowCompliance - Comprehensive compliance view (updated)

New-HPECOMSettingServerFirmware & Set-HPECOMSettingServerFirmware - Gen12 Support

• Added support for Gen12 firmware baselines alongside existing Gen10 and Gen11 support
• New parameter: -Gen12FirmwareBaselineReleaseVersion (with Gen12FirmwareBundleReleaseVersion alias for backward compatibility)
• Flexible firmware baseline combinations: create or update settings for Gen10, Gen11, Gen12 independently or together
• Maintains backward compatibility with existing Gen10/Gen11-only firmware settings

Identity & Access Management (IAMv2)

New Cmdlets

• Get-HPEGLTenantWorkspace - List all tenant workspaces in an organization
  • Added isParent property to identify management/parent workspaces
  • Added -ShowParent switch to filter parent workspaces only
• Get-HPEGLDomain, New-HPEGLDomain, Test-HPEGLDomain, Remove-HPEGLDomain - Domain management
• Get-HPEGLSSOConnection, New-HPEGLSSOConnection, Set-HPEGLSSOConnection, Remove-HPEGLSSOConnection - SSO connections
• Get-HPEGLSSOAuthenticationPolicy, New-HPEGLSSOAuthenticationPolicy, Set-HPEGLSSOAuthenticationPolicy, Remove-HPEGLSSOAuthenticationPolicy - Authentication policies
• New-HPEGLOrganization, Set-HPEGLOrganization, Join-HPEGLOrganization - Organization management

New User Group Management

• Get-HPEGLUserGroupMembership, Get-HPEGLUserGroup, New-HPEGLUserGroup, Remove-HPEGLUserGroup, Set-HPEGLUserGroup
• Add-HPEGLRoleToUserGroup, Remove-HPEGLRoleFromUserGroup
• Add-HPEGLUserToUserGroup, Remove-HPEGLUserFromUserGroup

New Scope-Based Access Control (SBAC)

• Get-HPEGLScopeGroup, New-HPEGLScopeGroup, Remove-HPEGLScopeGroup, Set-HPEGLScopeGroup, Copy-HPEGLScopeGroup
• Get-HPEGLServiceScopeFilter - Service scope filter management

Migrated to IAMv2 APIs

• Get-HPEGLUser, Remove-HPEGLUser, New-HPEGLUser
• Get-HPEGLRole
• Get-HPEGLUserPreference, Set-HPEGLUserPreference
• Send-HPEGLUserInvitation

Migrated to New APIs

• Get-HPEGLDeviceAutoSubscription, Set-HPEGLDeviceAutoSubscription
• Get-HPEGLLocation

Enhanced Subscription Management

New-HPEGLSubscription - DryRun Mode

• Added -DryRun switch parameter to validate subscription key availability without claiming it
• Returns detailed information about the workspace that owns an already-claimed key
• Enables safer key validation before actual subscription claiming

---

Terminology Changes

Firmware Bundle → Firmware Baseline

To align with HPE Compute Ops Management UI terminology, "Firmware Bundle" is now "Firmware Baseline".
Old parameter names remain supported as aliases for backward compatibility.

Affected Cmdlets:

Cmdlet	Old Name	New Name	Alias Support
Renamed	Get-HPECOMFirmwareBundle	Get-HPECOMFirmwareBaseline	✓
Parameter	-FirmwareBundleName	-FirmwareBaselineName	✓
Parameter	-FirmwareBundleReleaseVersion	-FirmwareBaselineReleaseVersion	✓
Property	GEN10FirmwareBundle	GEN10FirmwareBaseline	✓
Property	GEN11FirmwareBundle	GEN11FirmwareBaseline	✓

Affected Functions:

• Get-HPECOMSetting - Now returns GEN10FirmwareBaseline, GEN11FirmwareBaseline, GEN12FirmwareBaseline properties
• New-HPECOMSettingServerFirmware - Now uses GEN10FirmwareBaselineReleaseVersion, GEN11FirmwareBaselineReleaseVersion, GEN12FirmwareBaselineReleaseVersion
• Set-HPECOMSettingServerFirmware - Now uses GEN10FirmwareBaselineReleaseVersion, GEN11FirmwareBaselineReleaseVersion, GEN12FirmwareBaselineReleaseVersion
• Update-HPECOMServerFirmware - Now uses -FirmwareBaselineReleaseVersion

Resource Restriction Policy → Scope-Based Access Control (SBAC)

"Resource Restriction Policy" (RRP) is replaced with "Scope-Based Access Control" (SBAC) terminology.

Affected Cmdlets:

• New-HPECOMFilter - New parameter EnabledForScopeAccess (alias: -EnabledForRRP)
• Set-HPECOMFilter - New parameter EnabledForScopeAccess (alias: -EnabledForRRP)

---

Enhanced Functionality

Workspace & Organization Management

Get-HPEGLWorkspace

• Fixed display issue where current workspace showed incomplete information
• Current workspace now displays consistently with all other workspaces
• Improved logic to prevent duplicate workspace entries
• "Current" column properly marks the active workspace

Get-HPEGLOrganization

• Added "Current" column to identify active organization
• Implemented intelligent organization detection for member workspaces (not just management workspaces)
• 3-step detection logic: session cache → management workspace match → member workspace lookup
• Optimized for environments with hundreds of organizations using hash table lookups

Remove-HPEGLWorkspace

• Automatic detection and warning when deleting the last workspace in an organization
• Enhanced documentation clarifying that deletion is permanent and irrecoverable
• Fixed session preservation bug where session was removed even when deletion was cancelled

Join-HPEGLOrganization

• Added automatic session reconnection after joining to refresh RBAC permissions
• Enables immediate access to organization-level resources

Connection Reliability

Connect-HPEGL

• Added automatic retry logic with exponential backoff (up to 3 attempts) for token acquisition
• Added 30-second timeout to token requests to prevent indefinite hanging
• Handles transient network failures gracefully
• Enhanced error handling for users without required Compute Ops Management (COM) roles
  • Detects 403 Forbidden errors when accessing COM job templates during connection
  • Provides clear, actionable error message directing users to request Viewer role from administrator
  • Eliminates confusing HTTP 403 error responses with user-friendly guidance

Connect-HPEGLWorkspace

• Fixed organization tracking bug where cached organization info persisted incorrectly

All COM Cmdlets

• Proper detection when no active HPE GreenLake session exists
• Enhanced error messages for better troubleshooting

API Request Handling

Invoke-HPEGLWebRequest

• Added -SkipPaginationLimit switch parameter to bypass automatic pagination for internal/test APIs
• Replaced hardcoded pagination workaround with configurable switch

Role Assignment Simplification

Set-HPEGLUserRole, Add-HPEGLRoleToUser, Add-HPEGLRoleToUserGroup

• Roles now assigned to entire workspace by default
• Removed -EntireWorkspace parameter (now default behavior)
• Added optional -ScopeGroupName parameter for scoped role assignments

New-HPEGLUser

• -ScopeName defaults to 'All resources' (entire workspace)
• No longer requires explicit ScopeName parameter
• Added dynamic ArgumentCompleter that retrieves available roles via Get-HPEGLRole
• Dynamically retrieves scope groups via Get-HPEGLScopeGroup
• Handles both static and dynamic scopes
• Properly quotes scope names containing spaces

---

Deprecated Functions

The following functions are deprecated and maintained for backward compatibility only.
Use the recommended replacements for new implementations.

Resource Restriction Policy (RRP) Deprecation

• Deprecated: Get-HPEGLServiceResourceRestrictionPolicy
• Use Instead: Get-HPEGLServiceScopeFilter

IAMv1 SAML SSO Domain Functions (Deprecated for IAMv2 workspaces)

• Deprecated: Get-HPEGLWorkspaceSAMLSSODomain
  • Use Instead: Get-HPEGLDomain and Get-HPEGLSSOConnection
• Deprecated: New-HPEGLWorkspaceSAMLSSODomain
  • Use Instead: New-HPEGLDomain and New-HPEGLSSOConnection
• Deprecated: Set-HPEGLWorkspaceSAMLSSODomain
  • Use Instead: Set-HPEGLSSOConnection
• Deprecated: Remove-HPEGLWorkspaceSAMLSSODomain
  • Use Instead: Remove-HPEGLDomain and Remove-HPEGLSSOConnection
• Deprecated: Send-HPEGLWorkspaceSAMLSSODomainNotifications
  • Note: Domain notifications are handled differently in IAMv2 workspaces

All deprecated functions display runtime warnings with migration guidance when executed.

---

Bug Fixes

• Fixed session preservation issue in `Remove-HPEGLWorks...

Release v1.0.18

🎯 What's New in v1.0.18

This release introduces comprehensive SAML SSO support with passwordless authentication for the top three identity providers (Okta, Microsoft Entra ID, and PingIdentity), critical authentication fixes for HPE internal users, major documentation improvements, and enhanced error handling for better user experience.

✨ Major Enhancements

SAML Single Sign-On & Passwordless Authentication

• ✅ Okta - Okta Verify push notifications and TOTP codes
• ✅ Microsoft Entra ID - Microsoft Authenticator with mandatory number matching
• ✅ PingIdentity - PingID push notifications and TOTP codes
• 🔐 Implemented passwordless authentication flows for enhanced security

Critical Authentication Fixes for HPE Internal Users (@hpe.com)

• 🔧 Okta FastPass workaround: Automatically detects and cancels device-challenge-poll remediation (Okta FastPass/device-bound authentication) to fall back to traditional mobile authentication
• 🔧 StateHandle management fixes: Fixed three critical bugs in authentication state management that were causing "Verification timed out" errors
• ✅ Cross-platform compatibility: Windows/Linux users now use mobile push/TOTP authentication; Mac users fall back to polling if desktop app is available

📚 Documentation Improvements

• Comprehensive README overhaul:
  • Added quick start guide with 3-step setup
  • Detailed authentication methods comparison table
  • Expanded troubleshooting sections
  • New section on unsupported Identity Providers (Google Workspace, Auth0, OneLogin, etc.)
  • Environment variable configuration for development/staging environments
• New tutorial sections: Step-by-step guidance for SAML SSO configuration
• Enhanced help documentation: Updated Connect-HPEGL cmdlet with detailed SSO parameters and examples
• Important notices:
  • ⚠️ Enhanced workspaces support is in development (limited support in current version)
  • ⚠️ Identity Provider implementations may vary across organizations - issue reporting guidance provided

🔧 Error Handling & User Experience

• Improved error messages with multi-line format for better readability
• Enhanced error context with actionable troubleshooting steps
• New: Comprehensive 403 Forbidden error handling - Clear explanations when users lack permissions to create/remove API credentials, including:
  • Complete list of roles that cannot manage API credentials
  • Required permission levels
  • Actionable solutions for resolving access issues
• Better user guidance for common authentication and configuration issues

🐛 Bug Fixes

Critical Authentication Fixes (November 24, 2025):

• Fixed expired stateToken usage in final introspect request (was causing 404 errors)
• Fixed missing stateHandle updates after successful push notification verification
• Fixed missing stateHandle updates after successful TOTP code verification
• These fixes resolve "Verification timed out" errors that occurred even when users approved authentication quickly

General Improvements:

• Improved session validation and credential management
• Enhanced COM region validation with better error messages

🚀 Additional Improvements

• Updated authentication examples for HPE Account and SSO scenarios
• New: Environment variable support for development/testing environments - Override production endpoints using HPE_COMMON_CLOUD_URL, HPE_AUTH_URL, and HPE_SSO_URL
• Enhanced SAML session tracking and state management across authentication flows
• Comprehensive MFA (Multi-Factor Authentication) handling supporting push notifications and TOTP (Time-based One-Time Password) codes across all three Identity Providers

---

📖 New Documentation

📘 Complete SAML SSO Configuration Guide

A comprehensive step-by-step tutorial that covers:

• Setting up SAML (Security Assertion Markup Language) SSO (Single Sign-On) with Okta, Microsoft Entra ID, and PingIdentity
• Configuring passwordless authentication using push notifications and TOTP codes
• Troubleshooting common issues and best practices
• Real-world examples and screenshots for each Identity Provider (IdP)

This guide walks you through the complete integration process, from configuring your Identity Provider to testing the authentication flow with this PowerShell library.

---

📦 Installation & Upgrade

See the How to install and upgrade the Module section in the README for the complete 4-step upgrade process.

---

💬 Support & Feedback

• 🐛 Report Issues: GitHub Issues
• 💬 Get Help: GitHub Discussions
• 📖 Main Blog: PowerShell Library for HPE Compute Ops Management

Full Changelog: v1.0.17...v1.0.18

Release v1.0.17

This release delivers three targeted bug fixes to enhance compatibility and reliability.

Bug Fixes:

• Connect-HPEGL compatibility:
  Resolved an issue where the cmdlet threw a parameter mismatch error ("A parameter cannot be found that matches parameter name 'AllowInsecureRedirectURI'") on PowerShell versions prior to 7.4.

• Invoke-HPECOMWebRequest pagination:
  Fixed a critical bug in paginated GET requests (e.g., server listings) that limited results to the first page due to malformed subsequent URLs, triggering "Invalid URI" errors and partial data warnings.
  The update refines the pagination loop with explicit subexpressions in string interpolation, guaranteeing complete data retrieval without skips.

• Get-HPECOMServer limit validation:
  Corrected the -Limit parameter's validation script, which incorrectly enforced a hard cap of 100 via [ValidateScript({ -le 100 })], now allowing higher values aligned with API capabilities.

Release v1.0.16

Bug Fixes

• [CRITICAL] Resolved authentication failures in Connect-HPEGL caused by updates to Okta endpoints (auth.hpe.com), which broke all authentication methods across published module versions.
  • Affected scenarios included MFA with push notifications, MFA with OTP codes, SSO, and single-factor authentication.
  • Users encountered "Invalid username or password" errors despite valid credentials, preventing connections to HPE GreenLake services.
  • Resolution: Updated library to use the OIDC/IDX OAuth flow, aligning with HPE GreenLake's recommended authentication and authorization standards.
• Fixed Get-HPECOMServer -ShowGroupFirmwareCompliance to handle servers not assigned to any group.
• Corrected Get-HPECOMActivity to properly return activity dates.
• Resolved incorrect WorkloadProfile definitions in New-HPECOMSettingServerBios and Set-HPECOMSettingServerBios, adding support for the 'custom' profile option.
• Added warning in Add-HPECOMServerToGroup when the server is already a member of another group.
• Restored functionality in Get-HPECOMServeriLOSSO via a temporary workaround using legacy COM API endpoints, pending full implementation of new endpoints.
• Fixed Test-HPECOMExternalService to accurately detect test completion, addressing typos, procedural errors, and changes in activity source names.
• Improved Invoke-HPEGLAutoReconnect to detect expired tokens and return appropriate errors.
• Updated Get-HPECOMAppliance to handle cases with no valid Compute Ops Management - OneView Edition subscription without error messages.
• Numerous additional minor bug fixes and enhancements for overall stability.

New Cmdlets

• New-HPECOMSettingiLOSettings and Set-HPECOMSettingiLOSettings
  • Enable creation and configuration of iLO settings.
  • Support key areas like account services, network protocols, SNMP, and security services.
  • Updated New-HPECOMGroup and Set-HPECOMGroup to apply iLO settings at the group level.
• Invoke-HPECOMGroupiLOConfiguration
  • Triggers iLO configuration updates for some or all members of a server group.
• Get-HPECOMGroupiLOConfigurationCompliance
  • Reports iLO configuration compliance status for servers in a group.
  • Aids in monitoring and enforcing consistent iLO settings across the group.
• Get-HPECOMSustainabilityInsights
  • Fetches sustainability metrics for COM-managed servers, including energy use, CO2 emissions, and cost savings.
  • Facilitates environmental impact tracking and optimization.
  • Replaces the deprecated Get-HPECOMSustainabilityReport.
• Get-HPECOMServerUtilizationInsights
  • Provides utilization data for COM-managed servers (CPU, memory bus, I/O bus).
  • Supports proactive performance monitoring and infrastructure management.
• Get-HPEGLOrganization
  • First cmdlet to interact with HPE GreenLake organizational resources.
  • Retrieves information about HPE GreenLake organizations.
  • Provides insights into organizational structure, resource allocation, and compliance.
• Remove-HPEGLWorkspace
  • Deletes the connected workspace in HPE GreenLake.
  • Includes -NotifyAllWorkspaceUsersByEmail to alert all users via email.
  • Streamlines cleanup of unused workspaces; note that deletion disconnects the session—reconnect via Connect-HPEGL -Workspace <workspace_name>.

Improvements

• Enhanced Security in Verbose Logging
  • Automatically redacts sensitive data (e.g., stateHandle tokens, SAMLRequest payloads, okta_key parameters, passwords) in authentication functions like Connect-HPEGL and Connect-HPEGLDeviceComputeiLOtoCOM, as well as -WhatIf scenarios.
  • Masks values as [REDACTED] to prevent exposure in debug transcripts, shared logs, or CI/CD pipelines while maintaining log utility.
  • No impact on core functionality or non-verbose output.
• Get-HPECOMServer
  • Added -ShowSubscriptionDetails parameter for detailed subscription info.
  • Enhanced Get-HPECOMServer -ShowServersWithRecentSupportCases output with support case counts and details.
• Invoke-HPECOMWebRequest
  • Dynamically adjusts JSON conversion depth based on response size for better performance.
• Get-HPEGLSubscription
  • Added -ShowAssignedServers to list servers tied to a subscription key.
• Get-HPEGLLocation
  • Added -ShowServers to display servers assigned to a location.
• Invoke-HPECOMGroupInternalStorageConfiguration
  • Now supports volume name renaming.
• New-HPEGLWorkspace
  • Defaults to creating workspaces with the latest IAMv2 (Identity and Access Management) and organizational governance.
  • Added -EnableIAMv1Workspace switch for legacy IAMv1 compatibility.
• Connect-HPEGLDeviceComputeiLOtoCOM
  • Added -RemoveExistingiLOProxySettings to clear outdated proxy or Secure Gateway configurations.
  • Removed -SerialNumber parameter; now auto-retrieves from iLO for simplicity.
  • Introduced wait periods post-proxy changes to ensure reliable iLO-to-COM connections.
  • Enhanced output with detailed status updates on proxy modifications and connection progress.
  • Improved verbose logging by masking iLO passwords for added security.
• Broad performance and reliability enhancements across various cmdlets.

Module Restructuring

• Refactored into nested submodules to boost performance, maintainability, and modularity.
• Previously, a monolithic .psm1 file complicated maintenance, debugging, and extensions while risking scoping issues.
• Benefits include easier dependency management, clearer code organization, and streamlined future updates—no breaking changes.

Cmdlets Migrated to Public APIs

• Add-HPEGLDeviceToService and Remove-HPEGLDeviceFromService
• Add-HPEGLSubscriptionFromDevice and Remove-HPEGLSubscriptionFromDevice
• Get-HPEGLDevice (partial migration)

These updates leverage stable public APIs for improved reliability and future-proofing.

Cmdlets Removed

• Get-HPECOMSustainabilityReport
• New-HPECOMSustainabilityReport

These have been replaced by AI-driven insights cmdlets: Get-HPECOMSustainabilityInsights, Get-HPECOMMetricsConfiguration, Enable-HPECOMMetricsConfiguration, and Disable-HPECOMMetricsConfiguration.

Cmdlets Renamed

• Get-HPEGLServiceResourceRestrictionPolicyFilter → Get-HPEGLServiceResourceRestrictionPolicy
  • Renamed for clarity; retrieves resource restriction policies for HPE GreenLake services, including applied policy details.

Release v1.0.15

• Improvements:

  • Connection now generates a unique API client for each session, enabling true parallel processing with a single user. Previously, the same client was always created and replaced, preventing parallel operations.
  • Added a new parameter '-RemoveExistingCredentials' to Connect-HPEGL and Connect-HPEGLWorkspace cmdlets to optionally delete existing API credentials generated by the library. This parameter provides automatic cleanup of lingering API credentials that may accumulate from previous PowerShell sessions due to sessions ending without calling Disconnect-HPEGL. This parameter is particularly useful for users who frequently connect to the HPE GreenLake API without properly disconnecting, ensuring that old credentials do not persist and cause issues with new connections. The typical error message when this occurs is 'You have reached the maximum of 7 personal API clients' when connecting.

• Bug Fixes:

  • Resolved an issue where Invoke-HPEGLAutoReconnect was failing to properly refresh the session token, causing repeated attempts to generate API access tokens.