diff --git a/PowerArubaCP/Private/Confirm.ps1 b/PowerArubaCP/Private/Confirm.ps1 index 9481b26..4bcfec6 100644 --- a/PowerArubaCP/Private/Confirm.ps1 +++ b/PowerArubaCP/Private/Confirm.ps1 @@ -3,6 +3,31 @@ # # SPDX-License-Identifier: Apache-2.0 # + +Function Confirm-ArubaCPApiClient { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + + #Check if it looks like an Api Client element + + if ( -not ( $argument | get-member -name client_id -Membertype Properties)) { + throw "Element specified does not contain a client_id property." + } + if ( -not ( $argument | get-member -name client_secret -Membertype Properties)) { + throw "Element specified does not contain an client_secret property." + } + if ( -not ( $argument | get-member -name grant_types -Membertype Properties)) { + throw "Element specified does not contain a grant_types property." + } + if ( -not ( $argument | get-member -name profile_id -Membertype Properties)) { + throw "Element specified does not contain a profile_id property." + } + $true + +} Function Confirm-ArubaCPApplicationLicense { Param ( diff --git a/PowerArubaCP/Public/ApiClient.ps1 b/PowerArubaCP/Public/ApiClient.ps1 new file mode 100644 index 0000000..8f0e03d --- /dev/null +++ b/PowerArubaCP/Public/ApiClient.ps1 @@ -0,0 +1,284 @@ +# +# Copyright 2018-2020, Alexis La Goutte +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Add-ArubaCPApiClient { + + <# + .SYNOPSIS + Add an API Client on ClearPass + + .DESCRIPTION + Add an API Client with client id, client secret, grand_types... + + .EXAMPLE + Add-ArubaCPApiClient -client_id Client1 -grant_types client_credentials -profile_id 1 + + Add API Client Client1 type client_credentials with profile id 1 (Super Administrator) + + .EXAMPLE + Add-ArubaCPApiClient -client_id Client2 -client_secret mySecret -client_description "Add via PowerArubaCP" -grant_types client_credentials -profile_id 1 + + Add API Client Client2 with Client Secret mySecret and client description "Add Via PowerArubaCP" + + .EXAMPLE + Add-ArubaCPApiClient -client_id Client3 -grant_types client_credentials -profile_id 1 -enabled:$false + + Add API Client Client3 with enabled status to disabled + #> + + Param( + [Parameter (Mandatory = $false)] + [int]$id, + [Parameter (Mandatory = $true)] + [string]$client_id, + [Parameter (Mandatory = $false)] + [string]$client_secret, + [Parameter (Mandatory = $false)] + [string]$client_description, + [Parameter (Mandatory = $true)] + [ValidateSet('client_credentials', 'password')] + [string]$grant_types, + [Parameter (Mandatory = $true)] + [string]$profile_id, + [Parameter (Mandatory = $false)] + [switch]$enabled, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCPConnection + ) + + Begin { + } + + Process { + + $uri = "api/api-client" + + $_ac = new-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('id') ) { + $_ac | add-member -name "id" -membertype NoteProperty -Value $id + } + + $_ac | add-member -name "client_id" -membertype NoteProperty -Value $client_id + + if ( $PsBoundParameters.ContainsKey('client_description') ) { + $_ac | add-member -name "client_description" -membertype NoteProperty -Value $client_description + } + + if ( $PsBoundParameters.ContainsKey('client_secret') ) { + $_ac | add-member -name "client_secret" -membertype NoteProperty -Value $client_secret + } + + $_ac | add-member -name "grant_types" -membertype NoteProperty -Value $grant_types + + $_ac | add-member -name "profile_id" -membertype NoteProperty -Value $profile_id + + if ( $PsBoundParameters.ContainsKey('enabled') ) { + if ( $enabled ) { + $_ac | add-member -name "enabled" -membertype NoteProperty -Value $True + } + else { + $_ac | add-member -name "enabled" -membertype NoteProperty -Value $false + } + } + + $ac = invoke-ArubaCPRestMethod -method "POST" -body $_ac -uri $uri -connection $connection + $ac + } + + End { + } +} +function Get-ArubaCPApiClient { + + <# + .SYNOPSIS + Get API Client info on CPPM + + .DESCRIPTION + Get API Client (Client Id, Client Secret, Grand Types...) + + .EXAMPLE + Get-ArubaCPApiClient + + Get ALL API Client on the Clearpass + + .EXAMPLE + Get-ArubaCPApiClient -client_id PowerArubaCP + + Get info about API Client ID PowerArubaCP Aruba on the ClearPass + + .EXAMPLE + Get-ArubaCPApiClient -grant_types client_cretendials + + Get info about API Client Grant Types equal client_credentials on the ClearPass + + .EXAMPLE + Get-ArubaCApiClient -id 23 + + Get info about API id 23 on the ClearPass + + .EXAMPLE + Get-ArubaCPApiClient -client_id PowerArubaCP -filter_type contains + + Get info about API Client where client_id contains PowerArubaCP + + #> + + [CmdLetBinding(DefaultParameterSetName = "Default")] + + Param( + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "id")] + [int]$id, + [Parameter (Mandatory = $false, Position = 1)] + [Parameter (ParameterSetName = "client_id")] + [string]$client_id, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "grant_types")] + [ValidateSet('client_credentials', 'password')] + [string]$grant_types, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "filter")] + [string]$filter_attribute, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "id")] + [Parameter (ParameterSetName = "client_id")] + [Parameter (ParameterSetName = "grant_types")] + [Parameter (ParameterSetName = "filter")] + [ValidateSet('equal', 'contains')] + [string]$filter_type, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "filter")] + [psobject]$filter_value, + [Parameter (Mandatory = $false)] + [int]$limit, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCPConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('limit') ) { + $invokeParams.add( 'limit', $limit ) + } + + switch ( $PSCmdlet.ParameterSetName ) { + "id" { + $filter_value = $id + $filter_attribute = "id" + } + "client_id" { + $filter_value = $client_id + $filter_attribute = "client_id" + } + "grant_types" { + $filter_value = $grant_types + $filter_attribute = "grant_types" + } + default { } + } + + if ( $PsBoundParameters.ContainsKey('filter_type') ) { + switch ( $filter_type ) { + "equal" { + $filter_value = @{ "`$eq" = $filter_value } + } + "contains" { + $filter_value = @{ "`$contains" = $filter_value } + } + default { } + } + } + + if ($filter_value -and $filter_attribute) { + $filter = @{ $filter_attribute = $filter_value } + $invokeParams.add( 'filter', $filter ) + } + + $uri = "api/api-client" + + $ac = Invoke-ArubaCPRestMethod -method "GET" -uri $uri @invokeParams -connection $connection + + $ac._embedded.items + } + + End { + } +} + +function Remove-ArubaCPApiClient { + + <# + .SYNOPSIS + Remove an ApiClient on ClearPass + + .DESCRIPTION + Remove an ApiClient on ClearPass + + .EXAMPLE + $ac = Get-ArubaCPApiClient -client_id PowerArubaCP + PS C:\>$ac | Remove-ArubaCPApiClient + + Remove API Client with client id PowerArubaCP + + .EXAMPLE + Remove-ArubaCPEndpoint -id 3001 -noconfirm + + Remove API Client with id 3001 and no confirmation + #> + + Param( + [Parameter (Mandatory = $true, ParameterSetName = "id")] + [string]$id, + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ac")] + [ValidateScript( { Confirm-ArubaCPApiClient $_ })] + [psobject]$ac, + [Parameter(Mandatory = $false)] + [switch]$noconfirm, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCPConnection + ) + + Begin { + } + + Process { + + #get ApiClient id from nad ps object + if ($ac) { + $id = $ac.client_id + } + + $uri = "api/api-client/${id}" + + if ( -not ( $Noconfirm )) { + $message = "Remove API Client on ClearPass" + $question = "Proceed with removal of API Client ${id} ?" + $choices = New-Object Collections.ObjectModel.Collection[Management.Automation.Host.ChoiceDescription] + $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&Yes')) + $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&No')) + + $decision = $Host.UI.PromptForChoice($message, $question, $choices, 1) + } + else { $decision = 0 } + if ($decision -eq 0) { + Write-Progress -activity "Remove API Client" + Invoke-ArubaCPRestMethod -method "DELETE" -uri $uri -connection $connection + Write-Progress -activity "Remove API Client" -completed + } + } + + End { + } +} \ No newline at end of file diff --git a/PowerArubaCP/Public/Connection.ps1 b/PowerArubaCP/Public/Connection.ps1 index 2df2dde..92064a0 100644 --- a/PowerArubaCP/Public/Connection.ps1 +++ b/PowerArubaCP/Public/Connection.ps1 @@ -13,6 +13,11 @@ function Connect-ArubaCP { .DESCRIPTION Connect to an Aruba ClearPass + .EXAMPLE + Connect-ArubaCP -Server 192.0.2.1 -client_id PowerArubaCP -client_secret MySecret + + Connect to an Aruba ClearPass with IP 192.0.2.1 using client_id PowerArubaCP and client_secret MySecret + .EXAMPLE Connect-ArubaCP -Server 192.0.2.1 -token aaaaaaaaaaaaa @@ -43,8 +48,12 @@ function Connect-ArubaCP { Param( [Parameter(Mandatory = $true, position = 1)] [String]$Server, - [Parameter(Mandatory = $false)] + [Parameter(Mandatory = $false, ParameterSetName = "token")] [String]$token, + [Parameter(Mandatory = $false, ParameterSetName = "client_credentials")] + [String]$client_id, + [Parameter(Mandatory = $false, ParameterSetName = "client_credentials")] + [String]$client_secret, [Parameter(Mandatory = $false)] [switch]$SkipCertificateCheck = $false, [Parameter(Mandatory = $false)] @@ -82,6 +91,22 @@ function Connect-ArubaCP { } } + #Try to oauth... + if ($PSCmdlet.ParameterSetName -eq "client_credentials") { + + $oauth = @{ + grant_type = 'client_credentials'; + client_id = $client_id; + client_secret = $client_secret; + } + + $headers = @{ Accept = "application/json"; "Content-type" = "application/json" } + $fullurl = "https://${Server}/api/oauth" + $response = Invoke-RestMethod -uri $fullurl -Method "POST" -body ($oauth | ConvertTo-Json) -Headers $headers @invokeParams + + $token = $response.access_token + } + $connection.server = $server $connection.token = $token $connection.invokeParams = $invokeParams diff --git a/Tests/integration/ApiClient.Tests.ps1 b/Tests/integration/ApiClient.Tests.ps1 new file mode 100644 index 0000000..9d832fe --- /dev/null +++ b/Tests/integration/ApiClient.Tests.ps1 @@ -0,0 +1,120 @@ +# +# Copyright 2019, Alexis La Goutte +# +# SPDX-License-Identifier: Apache-2.0 +# +. ../common.ps1 + +Describe "Get API Client" { + + BeforeAll { + #Add 2 entries + Add-ArubaCPApiClient -client_id pester_PowerArubaCP1 -client_secret "mySecret" -client_description "Add by PowerArubaCP" -grant_types "client_credentials" -profile_id 1 + Add-ArubaCPApiClient -client_id pester_PowerArubaCP2 -client_secret "mySecret" -client_description "Add by PowerArubaCP" -grant_types "client_credentials" -profile_id 1 + } + + It "Get NetworkDevice Does not throw an error" { + { + Get-ArubaCPApiClient + } | Should Not Throw + } + + It "Get ALL Api Client" { + $ac = Get-ArubaCPApiClient + $ac.count | Should not be $NULL + } + + It "Get Api Client (pester_PowerArubaCP1)" { + $ac = Get-ArubaCPApiClient | Where-Object { $_.client_id -eq "pester_PowerArubaCP1" } + $ac.id | Should not be BeNullOrEmpty + $ac.client_id | Should be "pester_PowerArubaCP1" + $ac.client_secret | should not be BeNullOrEmpty + $ac.client_description | Should be "Add by PowerArubaCP" + $ac.grant_types | Should be "client_credentials" + $ac.profile_id | Should be "1" + } + + It "Get Api Client (pester_PowerArubaCP2) and confirm (via Confirm-ArubaCPApiClient)" { + $ac = Get-ArubaCPApiClient | Where-Object { $_.client_id -eq "pester_PowerArubaCP2" } + Confirm-ArubaCPApiClient $ac | Should be $true + } + + It "Search Api Client by client_id (pester_PowerArubaCP1)" { + $ac = Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 + @($ac).count | Should be 1 + $ac.id | Should not be BeNullOrEmpty + $ac.client_id | Should be "pester_PowerArubaCP1" + $ac.client_description | Should be "Add by PowerArubaCP" + } + + It "Search Api Client by client_id (contains *pester*)" { + $ac = Get-ArubaCPApiClient -client_id pester -filter_type contains + @($ac).count | Should be 2 + } + + AfterAll { + #Remove 2 entries + Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 | Remove-ArubaCPApiClient -noconfirm + Get-ArubaCPApiClient -client_id pester_PowerArubaCP2 | Remove-ArubaCPApiClient -noconfirm + } +} + +Describe "Add Api Client" { + + It "Add Api Client with grant types client_credentials and description" { + Add-ArubaCPApiClient -client_id pester_PowerArubaCP1 -client_description "Add by PowerArubaCP" -grant_types "client_credentials" -profile_id 1 + $ac = Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 + $ac.id | Should not be BeNullOrEmpty + $ac.client_id | Should not be BeNullOrEmpty + $ac.client_secret | should not be BeNullOrEmpty + $ac.client_description | Should be "Add by PowerArubaCP" + $ac.grant_types | Should be "client_credentials" + $ac.profile_id | Should be "1" + } + + It "Add Api Client with grant type password (refresh_token) and status disabled" { + Add-ArubaCPApiClient -client_id pester_PowerArubaCP1 -grant_types password -profile_id 1 -enabled:$false + $ac = Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 + $ac.id | Should not be BeNullOrEmpty + $ac.client_id | Should be "pester_PowerArubaCP1" + $ac.grant_types | Should be "password refresh_token" + $ac.profile_id | Should be "1" + $ac.enabled | should be "false" + } + + AfterEach { + Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 | Remove-ArubaCPApiClient -noconfirm + } +} + + +Describe "Remove Api Client" { + + It "Remove Api Client by id" { + Add-ArubaCPApiClient -client_id pester_PowerArubaCP1 -grant_types "client_credentials" -profile_id 1 + $ac = Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 + $ac.client_id | Should be "pester_PowerArubaCP1" + @($ac).count | should be 1 + Remove-ArubaCPApiClient -id $ac.client_id -noconfirm + $ac = Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 + $ac | Should BeNullOrEmpty + @($ac).count | should be 0 + } + + It "Remove Api Client by client_id (and pipeline)" { + Add-ArubaCPApiClient -client_id pester_PowerArubaCP1 -grant_types "client_credentials" -profile_id 1 + $ac = Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 + $ac.client_id | Should be "pester_PowerArubaCP1" + @($ac).count | should be 1 + Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 | Remove-ArubaCPApiClient -noconfirm + $ac = Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 + $ac | Should BeNullOrEmpty + @($ac).count | should be 0 + } + + AfterEach { + Get-ArubaCPApiClient -client_id pester_PowerArubaCP1 | Remove-ArubaCPApiClient -noconfirm + } +} + +Disconnect-ArubaCP -noconfirm \ No newline at end of file diff --git a/Tests/integration/Connection.Tests.ps1 b/Tests/integration/Connection.Tests.ps1 index 2d6b3f8..da81189 100644 --- a/Tests/integration/Connection.Tests.ps1 +++ b/Tests/integration/Connection.Tests.ps1 @@ -69,6 +69,9 @@ Describe "Connect to a ClearPass (using multi connection)" { It "Use Multi connection for call Get Endpoint" { { Get-ArubaCPEndpoint -connection $cppm } | Should Not throw } + It "Use Multi connection for call Get Api Client" { + { Get-ArubaCPApiClient -connection $cppm } | Should Not throw + } } It "Disconnect to a ClearPass (Multi connection)" { @@ -78,6 +81,33 @@ Describe "Connect to a ClearPass (using multi connection)" { } +Describe "Connect using client_credentials" { + BeforeAll { + #connect... + Connect-ArubaCP $ipaddress -Token $token -SkipCertificateCheck -port $port + #Create a API Client with client credentials + Add-ArubaCPApiClient -client_id pester_PowerArubaCP -client_secret pester_MySecret -grant_types "client_credentials" -profile_id 1 + } + + It "Connect to a ClearPass (using client_credentials and store on cppm variable)" { + $script:cppm = Connect-ArubaCP $ipaddress -client_id pester_PowerArubaCP -client_secret pester_MySecret -SkipCertificateCheck -port $port -DefaultConnection:$false + $cppm.server | Should be $ipaddress + $cppm.token | Should not be BeNullOrEmpty + $cppm.port | Should be $port + } + + It "Use Multi connection for call Get (Api Client)" { + { Get-ArubaCPApiClient -connection $cppm } | Should Not throw + } + + AfterAll { + #Remove API Client + Get-ArubaCPApiClient -client_id pester_PowerArubaCP | Remove-ArubaCPApiClient -noconfirm + #And disconnect + Disconnect-ArubaCP -noconfirm + } +} + Describe "Invoke ArubaCP RestMethod tests" { BeforeAll { #connect...