PowerAruba · alagoutte · Jan 21, 2020 · Jan 12, 2020 · Jan 13, 2020 · Jan 13, 2020
diff --git a/PowerArubaCP/Private/Confirm.ps1 b/PowerArubaCP/Private/Confirm.ps1
@@ -3,6 +3,31 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 #
+
+Function Confirm-ArubaCPApiClient {
+
+    Param (
+        [Parameter (Mandatory = $true)]
+        [object]$argument
+    )
+
+    #Check if it looks like an Api Client element
+
+    if ( -not ( $argument | get-member -name client_id -Membertype Properties)) {
+        throw "Element specified does not contain a client_id property."
+    }
+    if ( -not ( $argument | get-member -name client_secret -Membertype Properties)) {
+        throw "Element specified does not contain an client_secret property."
+    }
+    if ( -not ( $argument | get-member -name grant_types -Membertype Properties)) {
+        throw "Element specified does not contain a grant_types property."
+    }
+    if ( -not ( $argument | get-member -name profile_id -Membertype Properties)) {
+        throw "Element specified does not contain a profile_id property."
+    }
+    $true
+
+}
 Function Confirm-ArubaCPApplicationLicense {
 
     Param (

diff --git a/PowerArubaCP/Public/ApiClient.ps1 b/PowerArubaCP/Public/ApiClient.ps1
@@ -0,0 +1,284 @@
+#
+# Copyright 2018-2020, Alexis La Goutte <alexis.lagoutte at gmail dot com>
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+function Add-ArubaCPApiClient {
+
+    <#
+        .SYNOPSIS
+        Add an API Client on ClearPass
+
+        .DESCRIPTION
+        Add an API Client with client id, client secret, grand_types...
+
+        .EXAMPLE
+        Add-ArubaCPApiClient -client_id Client1 -grant_types client_credentials -profile_id 1
+
+        Add API Client Client1 type client_credentials with profile id 1 (Super Administrator)
+
+        .EXAMPLE
+        Add-ArubaCPApiClient -client_id Client2 -client_secret mySecret -client_description "Add via PowerArubaCP" -grant_types client_credentials -profile_id 1
+
+        Add API Client Client2 with Client Secret mySecret and client description "Add Via PowerArubaCP"
+
+        .EXAMPLE
+        Add-ArubaCPApiClient -client_id Client3 -grant_types client_credentials -profile_id 1 -enabled:$false
+
+        Add API Client Client3 with enabled status to disabled
+    #>
+
+    Param(
+        [Parameter (Mandatory = $false)]
+        [int]$id,
+        [Parameter (Mandatory = $true)]
+        [string]$client_id,
+        [Parameter (Mandatory = $false)]
+        [string]$client_secret,
+        [Parameter (Mandatory = $false)]
+        [string]$client_description,
+        [Parameter (Mandatory = $true)]
+        [ValidateSet('client_credentials', 'password')]
+        [string]$grant_types,
+        [Parameter (Mandatory = $true)]
+        [string]$profile_id,
+        [Parameter (Mandatory = $false)]
+        [switch]$enabled,
+        [Parameter (Mandatory = $False)]
+        [ValidateNotNullOrEmpty()]
+        [PSObject]$connection = $DefaultArubaCPConnection
+    )
+
+    Begin {
+    }
+
+    Process {
+
+        $uri = "api/api-client"
+
+        $_ac = new-Object -TypeName PSObject
+
+        if ( $PsBoundParameters.ContainsKey('id') ) {
+            $_ac | add-member -name "id" -membertype NoteProperty -Value $id
+        }
+
+        $_ac | add-member -name "client_id" -membertype NoteProperty -Value $client_id
+
+        if ( $PsBoundParameters.ContainsKey('client_description') ) {
+            $_ac | add-member -name "client_description" -membertype NoteProperty -Value $client_description
+        }
+
+        if ( $PsBoundParameters.ContainsKey('client_secret') ) {
+            $_ac | add-member -name "client_secret" -membertype NoteProperty -Value $client_secret
+        }
+
+        $_ac | add-member -name "grant_types" -membertype NoteProperty -Value $grant_types
+
+        $_ac | add-member -name "profile_id" -membertype NoteProperty -Value $profile_id
+
+        if ( $PsBoundParameters.ContainsKey('enabled') ) {
+            if ( $enabled ) {
+                $_ac | add-member -name "enabled" -membertype NoteProperty -Value $True
+            }
+            else {
+                $_ac | add-member -name "enabled" -membertype NoteProperty -Value $false
+            }
+        }
+
+        $ac = invoke-ArubaCPRestMethod -method "POST" -body $_ac -uri $uri -connection $connection
+        $ac
+    }
+
+    End {
+    }
+}
+function Get-ArubaCPApiClient {
+
+    <#
+        .SYNOPSIS
+        Get API Client info on CPPM
+
+        .DESCRIPTION
+        Get API Client (Client Id, Client Secret, Grand Types...)
+
+        .EXAMPLE
+        Get-ArubaCPApiClient
+
+        Get ALL API Client on the Clearpass
+
+        .EXAMPLE
+        Get-ArubaCPApiClient -client_id PowerArubaCP
+
+        Get info about API Client ID PowerArubaCP Aruba on the ClearPass
+
+        .EXAMPLE
+        Get-ArubaCPApiClient -grant_types client_cretendials
+
+        Get info about API Client Grant Types equal client_credentials on the ClearPass
+
+        .EXAMPLE
+        Get-ArubaCApiClient -id 23
+
+        Get info about API id 23 on the ClearPass
+
+        .EXAMPLE
+        Get-ArubaCPApiClient -client_id PowerArubaCP -filter_type contains
+
+        Get info about API Client where client_id contains PowerArubaCP
+
+    #>
+
+    [CmdLetBinding(DefaultParameterSetName = "Default")]
+
+    Param(
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "id")]
+        [int]$id,
+        [Parameter (Mandatory = $false, Position = 1)]
+        [Parameter (ParameterSetName = "client_id")]
+        [string]$client_id,
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "grant_types")]
+        [ValidateSet('client_credentials', 'password')]
+        [string]$grant_types,
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "filter")]
+        [string]$filter_attribute,
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "id")]
+        [Parameter (ParameterSetName = "client_id")]
+        [Parameter (ParameterSetName = "grant_types")]
+        [Parameter (ParameterSetName = "filter")]
+        [ValidateSet('equal', 'contains')]
+        [string]$filter_type,
+        [Parameter (Mandatory = $false)]
+        [Parameter (ParameterSetName = "filter")]
+        [psobject]$filter_value,
+        [Parameter (Mandatory = $false)]
+        [int]$limit,
+        [Parameter (Mandatory = $False)]
+        [ValidateNotNullOrEmpty()]
+        [PSObject]$connection = $DefaultArubaCPConnection
+    )
+
+    Begin {
+    }
+
+    Process {
+
+        $invokeParams = @{ }
+        if ( $PsBoundParameters.ContainsKey('limit') ) {
+            $invokeParams.add( 'limit', $limit )
+        }
+
+        switch ( $PSCmdlet.ParameterSetName ) {
+            "id" {
+                $filter_value = $id
+                $filter_attribute = "id"
+            }
+            "client_id" {
+                $filter_value = $client_id
+                $filter_attribute = "client_id"
+            }
+            "grant_types" {
+                $filter_value = $grant_types
+                $filter_attribute = "grant_types"
+            }
+            default { }
+        }
+
+        if ( $PsBoundParameters.ContainsKey('filter_type') ) {
+            switch ( $filter_type ) {
+                "equal" {
+                    $filter_value = @{ "`$eq" = $filter_value }
+                }
+                "contains" {
+                    $filter_value = @{ "`$contains" = $filter_value }
+                }
+                default { }
+            }
+        }
+
+        if ($filter_value -and $filter_attribute) {
+            $filter = @{ $filter_attribute = $filter_value }
+            $invokeParams.add( 'filter', $filter )
+        }
+
+        $uri = "api/api-client"
+
+        $ac = Invoke-ArubaCPRestMethod -method "GET" -uri $uri @invokeParams -connection $connection
+
+        $ac._embedded.items
+    }
+
+    End {
+    }
+}
+
+function Remove-ArubaCPApiClient {
+
+    <#
+        .SYNOPSIS
+        Remove an ApiClient on ClearPass
+
+        .DESCRIPTION
+        Remove an ApiClient on ClearPass
+
+        .EXAMPLE
+        $ac = Get-ArubaCPApiClient -client_id PowerArubaCP
+        PS C:\>$ac | Remove-ArubaCPApiClient
+
+        Remove API Client with client id PowerArubaCP
+
+        .EXAMPLE
+        Remove-ArubaCPEndpoint -id 3001 -noconfirm
+
+        Remove API Client with id 3001 and no confirmation
+    #>
+
+    Param(
+        [Parameter (Mandatory = $true, ParameterSetName = "id")]
+        [string]$id,
+        [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ac")]
+        [ValidateScript( { Confirm-ArubaCPApiClient $_ })]
+        [psobject]$ac,
+        [Parameter(Mandatory = $false)]
+        [switch]$noconfirm,
+        [Parameter (Mandatory = $False)]
+        [ValidateNotNullOrEmpty()]
+        [PSObject]$connection = $DefaultArubaCPConnection
+    )
+
+    Begin {
+    }
+
+    Process {
+
+        #get ApiClient id from nad ps object
+        if ($ac) {
+            $id = $ac.client_id
+        }
+
+        $uri = "api/api-client/${id}"
+
+        if ( -not ( $Noconfirm )) {
+            $message = "Remove API Client on ClearPass"
+            $question = "Proceed with removal of API Client ${id} ?"
+            $choices = New-Object Collections.ObjectModel.Collection[Management.Automation.Host.ChoiceDescription]
+            $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&Yes'))
+            $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&No'))
+
+            $decision = $Host.UI.PromptForChoice($message, $question, $choices, 1)
+        }
+        else { $decision = 0 }
+        if ($decision -eq 0) {
+            Write-Progress -activity "Remove API Client"
+            Invoke-ArubaCPRestMethod -method "DELETE" -uri $uri -connection $connection
+            Write-Progress -activity "Remove API Client" -completed
+        }
+    }
+
+    End {
+    }
+}
diff --git a/PowerArubaCP/Public/Connection.ps1 b/PowerArubaCP/Public/Connection.ps1
@@ -13,6 +13,11 @@ function Connect-ArubaCP {
       .DESCRIPTION
       Connect to an Aruba ClearPass
 
+      .EXAMPLE
+      Connect-ArubaCP -Server 192.0.2.1 -client_id PowerArubaCP -client_secret MySecret
+
+      Connect to an Aruba ClearPass with IP 192.0.2.1 using client_id PowerArubaCP and client_secret MySecret
+
       .EXAMPLE
       Connect-ArubaCP -Server 192.0.2.1 -token aaaaaaaaaaaaa
 
@@ -43,8 +48,12 @@ function Connect-ArubaCP {
     Param(
         [Parameter(Mandatory = $true, position = 1)]
         [String]$Server,
-        [Parameter(Mandatory = $false)]
+        [Parameter(Mandatory = $false, ParameterSetName = "token")]
         [String]$token,
+        [Parameter(Mandatory = $false, ParameterSetName = "client_credentials")]
+        [String]$client_id,
+        [Parameter(Mandatory = $false, ParameterSetName = "client_credentials")]
+        [String]$client_secret,
         [Parameter(Mandatory = $false)]
         [switch]$SkipCertificateCheck = $false,
         [Parameter(Mandatory = $false)]
@@ -82,6 +91,22 @@ function Connect-ArubaCP {
             }
         }
 
+        #Try to oauth...
+        if ($PSCmdlet.ParameterSetName -eq "client_credentials") {
+
+            $oauth = @{
+                grant_type    = 'client_credentials';
+                client_id     = $client_id;
+                client_secret = $client_secret;
+            }
+
+            $headers = @{ Accept = "application/json"; "Content-type" = "application/json" }
+            $fullurl = "https://${Server}/api/oauth"
+            $response = Invoke-RestMethod -uri $fullurl -Method "POST" -body ($oauth | ConvertTo-Json) -Headers $headers @invokeParams
+
+            $token = $response.access_token
+        }
+
         $connection.server = $server
         $connection.token = $token
         $connection.invokeParams = $invokeParams