Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 0.7.0 #84

Merged
merged 7 commits into from
Jan 29, 2024
Merged

Release 0.7.0 #84

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6049c81
PowerArubaCP(.psd1): Update to 0.7.0
alagoutte Jan 29, 2024
63827e6
README(.md): Update to 0.7.0
alagoutte Jan 29, 2024
d3f9aa0
README(.md): update command from 0.6.x
alagoutte Jan 29, 2024
491e013
README(.md): update with new (get-) cmdlet
alagoutte Jan 29, 2024
76d37ba
README(.md): Add Chapiter about Certificate
alagoutte Jan 29, 2024
ff25c89
README(.md): Add Get-ArubaCPCertTrustList EXAMPLE
alagoutte Jan 29, 2024
47709fe
README(.md): Add Enforcement (Policy/Profile) Chapiter
alagoutte Jan 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion PowerArubaCP/PowerArubaCP.psd1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
RootModule = 'PowerArubaCP.psm1'

# Version number of this module.
ModuleVersion = '0.6.1'
ModuleVersion = '0.7.0'

# ID used to uniquely identify this module
GUID = '24e1a5ba-e4e3-4109-b079-04d4d657da93'
Expand Down
256 changes: 255 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,16 @@ This is a Powershell module for configure an Aruba ClearPass (CPPM).
<img src="https://raw.githubusercontent.com/PowerAruba/PowerArubaCP/master/Medias/PowerArubaCP.png" width="250" height="250" />
</p>

With this module (version 0.6.1) you can manage:
With this module (version 0.7.0) you can manage:

- [API Client](#api-client) (Add / Get / Remove)
- [Application License](#application-license) (Add / Get / Remove)
- [Authentication Method and Source](#Authentication-Method-and-Source) (Get Auth Source and Method)
- [Certificate](#Certificate) (Get Cluster, Service, Server and Trust List Certificate)
- [CPPM](#clearpass-version) (Get Version)
- [Device Fingerprint](#device-fingerprint) (Add /Get)
- [Endpoint](#endpoint) (Add / Get / Set / Remove and Add / Set / Remove [Attribute](#attribute))
- [Enforcement](#Enforcement) (Get Enforcement Policy / Profile)
- [Local User](#local-user) (Add / Get / Set / Remove and Add / Set / Remove [Attribute](#attribute))
- [Network Device](#Network-device) (Add / Get / Set / Remove a Network Device and Add / Set / Remove [Attribute](#attribute))
- [Network Device Group](#network-device-group) (Add / Get / Set / Remove a Network Device Group and Add/remove Member)
Expand Down Expand Up @@ -320,6 +322,182 @@ You can retrieve its Authentication information of Method (EAP, PAP...) `Get-Aru
8 [Insight Repository] Insight database with session information for users and devices Local True
```

### Certificate

You can retrieve its Cluster Certificate information of Method (HTTPS, RadSec, Database...) `Get-ArubaCPClusterCertificate`,
Server (HTTPS, RadSec, Database...) `Get-ArubaCPServerCertificate` or Service `Get-ArubaCPServiceCertificate` or Certificate Trust List `Get-ArubaCPServiceCertificate`

```powershell
# Get Cluster Certificate
Get-ArubaCPClusterCertificate

service_id : 1
service_name : RADIUS
certificate_type : RADIUS Server Certificate
subject : CN=secure.arubademo.net
expiry_date : Mar 15, 2024 20:21:15 PDT
issue_date : Feb 12, 2023 19:21:15 PST
issued_by : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
validity : Valid
root_ca_cert :
intermediate_ca_cert : {@{subject=CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US;
expiry_date=May 03, 2031 00:00:00 PDT; issue_date=May 03, 2011 00:00:00 PDT; issued_by=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.",
L=Scottsdale, ST=Arizona, C=US; validity=Valid; public_key_algorithm=RSA}, @{subject=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale,
ST=Arizona, C=US; expiry_date=May 30, 2031 00:00:00 PDT; issue_date=Dec 31, 2013 23:00:00 PST; issued_by=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US; validity=Valid; public_key_algorithm=RSA}}
cert_file : -----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
enabled : True
public_key_algorithm : RSA

service_id : 2
service_name : HTTPS(ECC)
certificate_type : HTTPS(ECC) Server Certificate
subject : CN=clearpass-sjc1.arubademo.net
expiry_date : Jun 07, 2025 15:36:29 PDT
issue_date : Jun 08, 2023 15:36:29 PDT
issued_by : CN=clearpass-sjc1.arubademo.net
validity : Valid
root_ca_cert :
intermediate_ca_cert : {}
cert_file : -----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
enabled : False
public_key_algorithm : EC

service_id : 7
service_name : HTTPS(RSA)
certificate_type : HTTPS(RSA) Server Certificate
subject : CN=*.arubademo.net
expiry_date : Jul 20, 2024 13:32:07 PDT
issue_date : Jul 24, 2023 12:43:51 PDT
issued_by : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
validity : Valid
root_ca_cert : @{subject=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US; expiry_date=Jun 29, 2034 10:06:20 PDT; issue_date=Jun 29, 2004 10:06:20
PDT; issued_by=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US; validity=Valid; public_key_algorithm=RSA}
intermediate_ca_cert : {@{subject=CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US;
expiry_date=May 03, 2031 00:00:00 PDT; issue_date=May 03, 2011 00:00:00 PDT; issued_by=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.",
L=Scottsdale, ST=Arizona, C=US; validity=Valid; public_key_algorithm=RSA}, @{subject=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale,
ST=Arizona, C=US; expiry_date=May 30, 2031 00:00:00 PDT; issue_date=Dec 31, 2013 23:00:00 PST; issued_by=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US; validity=Valid; public_key_algorithm=RSA}}
cert_file : -----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
enabled : True
public_key_algorithm : RSA

service_id : 21
service_name : RadSec
certificate_type : RadSec Server Certificate
subject : CN=clearpass-sjc1.arubademo.net
expiry_date : May 11, 2025 14:33:46 PDT
issue_date : Nov 20, 2019 13:33:46 PST
issued_by : CN=clearpass-sjc1.arubademo.net
validity : Valid
root_ca_cert :
intermediate_ca_cert : {}
cert_file : -----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
enabled : True
public_key_algorithm : RSA

service_id : 106
certificate_type : Database Server Certificate
subject : O=PolicyManager, CN=clearpass-sjc1.arubademo.net
expiry_date : Mar 18, 2027 16:36:57 PDT
issue_date : Mar 18, 2022 16:36:57 PDT
issued_by : O=PolicyManager, CN=clearpass-sjc1.arubademo.net
validity : Valid
root_ca_cert :
intermediate_ca_cert : {}
cert_file : -----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
enabled : True
public_key_algorithm : RSA

# Get Server Certificate RadSec from Server clearpass-sjc1.arubademo.net
$server_uuid = (Get-ArubaCPServerConfiguration -name clearpass-sjc1.arubademo.net).server_uuid
Get-ArubaCPServerCertificate -server_uuid $server_uuid -service_name "RadSec"

service_id : 21
service_name : RadSec
certificate_type : RadSec Server Certificate
subject : CN=clearpass-sjc1.arubademo.net
expiry_date : May 11, 2025 14:33:46 PDT
issue_date : Nov 20, 2019 13:33:46 PST
issued_by : CN=clearpass-sjc1.arubademo.net
validity : Valid
root_ca_cert :
intermediate_ca_cert : {}
cert_file : -----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
enabled : True
public_key_algorithm : RSA
_links : @{self=}

# Get Service Certificate
Get-ArubaCPServiceCertificate

id : 3147
subject : CN=*.arubademo.net
expiry_date : Jul 20, 2024 13:32:07 PDT
issue_date : Jul 24, 2023 12:43:51 PDT
issued_by : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
validity : Valid
root_ca_cert : @{subject=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US; expiry_date=Jun 29, 2034 10:06:20 PDT; issue_date=Jun 29, 2004 10:06:20
PDT; issued_by=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US; validity=Valid}
intermediate_ca_cert : {@{subject=CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US;
expiry_date=May 03, 2031 00:00:00 PDT; issue_date=May 03, 2011 00:00:00 PDT; issued_by=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.",
L=Scottsdale, ST=Arizona, C=US; validity=Valid}, @{subject=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US;
expiry_date=May 30, 2031 00:00:00 PDT; issue_date=Dec 31, 2013 23:00:00 PST; issued_by=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.",
C=US; validity=Valid}}
cert_file : -----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
_links : @{self=}

...

# Get Certificate Trust List (with details)

Get-ArubaCPCertTrustList -details

id : 2029
subject_DN : CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
issue_date : 2010/01/18 16:00:00
expiry_date : 2038/01/18 15:59:59
enabled : True
valid : valid
signature_algorithm : SHA384WITHRSA
public_key_format : X.509
serial_number : 101909084537582093308941363524873193117
cert_usage : {Others}
issuer_DN : C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Certification Authority
_links : @{self=}

id : 2012
subject_DN : OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
issue_date : 1996/01/28 16:00:00
expiry_date : 2028/08/02 16:59:59
enabled : False
valid : valid
signature_algorithm : SHA1WITHRSA
public_key_format : X.509
serial_number : 80507572722862485515306429940691309246
cert_usage : {Others}
issuer_DN : C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority
_links : @{self=}

[...]

```


### ClearPass Version

You can retrieve its informations `Get-ArubaCPCPPMVersion`.
Expand Down Expand Up @@ -426,6 +604,62 @@ You can add Endpoint `Add-ArubaCPEndpoint`, retrieve its informations `Get-Aruba
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):Y
```

### Enforcement

You can retrieve its Enforcement Policy information (name, Type, Rules...) `Get-ArubaCPEnforcementPolicy`, or Enforcement Profile `Get-ArubaCPEnforcementProfile`
Need ClearPass >= 6.11.0

```powershell
# Get Enforcement Policy
Get-ArubaCPEnforcementPolicy

id : 5
name : [Admin Network Login Policy]
description : Enforcement policy controlling access to Policy Manager Admin
enforcement_type : TACACS
default_enforcement_profile : [TACACS+ Deny Profile]
rule_eval_algo : evaluate-all
rules : {@{enforcement_profile_names=System.Object[]; condition=System.Object[]}, @{enforcement_profile_names=System.Object[]; condition=System.Object[]},
@{enforcement_profile_names=System.Object[]; condition=System.Object[]}, @{enforcement_profile_names=System.Object[]; condition=System.Object[]}…}
_links : @{self=}

id : 7
name : [AirGroup Enforcement Policy]
description : Enforcement policy controlling access for AirGroup devices
enforcement_type : RADIUS
default_enforcement_profile : [AirGroup Response]
rule_eval_algo : evaluate-all
rules : {@{enforcement_profile_names=System.Object[]; condition=System.Object[]}, @{enforcement_profile_names=System.Object[]; condition=System.Object[]},
@{enforcement_profile_names=System.Object[]; condition=System.Object[]}, @{enforcement_profile_names=System.Object[]; condition=System.Object[]}}
_links : @{self=}
[...]

# Get Enforcement Profile
Get-ArubaCPEnforcementProfile

id : 1
name : [Allow Access Profile]
description : System-defined profile to allow network access
type : RADIUS
action : Accept
_links : @{self=}

id : 2
name : [Deny Access Profile]
description : System-defined profile to deny network access
type : RADIUS
action : Reject
_links : @{self=}

id : 3
name : [Drop Access Profile]
description : System-defined profile to drop the request
type : RADIUS
action : Drop
_links : @{self=}
[...]
```

### Local User

You can add Endpoint `Add-ArubaCPLocalUser`, retrieve its informations `Get-ArubaCPLocalUser`, modify its properties `Set-ArubaCPLocalUser` or delete it `Remove-ArubaCPLocalUser`.
Expand Down Expand Up @@ -970,18 +1204,24 @@ Currently, [@alagoutte](#author) started this project and will keep maintaining
```powershell
Add-ArubaCPApiClient
Add-ArubaCPApplicationLicense
Add-ArubaCPAttributesMember
Add-ArubaCPDeviceFingerprint
Add-ArubaCPEndpoint
Add-ArubaCPLocaluser
Add-ArubaCPNetworkDevice
Add-ArubaCPNetworkDeviceGroup
Add-ArubaCPNetworkDeviceGroupMember
Add-ArubaCPRole
Add-ArubaCPStaticHostList
Add-ArubaCPStaticHostListMember
Confirm-ArubaCPApiClient
Confirm-ArubaCPApplicationLicense
Confirm-ArubaCPEndpoint
Confirm-ArubaCPLocalUser
Confirm-ArubaCPNetworkDevice
Confirm-ArubaCPNetworkDeviceGroup
Confirm-ArubaCPRole
Confirm-ArubaCPServerCertificate
Confirm-ArubaCPService
Confirm-ArubaCPStaticHostList
Connect-ArubaCP
Expand All @@ -995,28 +1235,42 @@ Get-ArubaCPApiClient
Get-ArubaCPApplicationLicense
Get-ArubaCPAuthMethod
Get-ArubaCPAuthSource
Get-ArubaCPCertTrustList
Get-ArubaCPClusterCertificate
Get-ArubaCPCPPMVersion
Get-ArubaCPDeviceFingerprint
Get-ArubaCPEndpoint
Get-ArubaCPEnforcementPolicy
Get-ArubaCPEnforcementProfile
Get-ArubaCPLocaluser
Get-ArubaCPNetworkDevice
Get-ArubaCPNetworkDeviceGroup
Get-ArubaCPRole
Get-ArubaCPServerCertificate
Get-ArubaCPServerConfiguration
Get-ArubaCPServerVersion
Get-ArubaCPService
Get-ArubaCPServiceCertificate
Get-ArubaCPStaticHostList
Invoke-ArubaCPRestMethod
Remove-ArubaCPApiClient
Remove-ArubaCPApplicationLicense
Remove-ArubaCPAttributesMember
Remove-ArubaCPEndpoint
Remove-ArubaCPLocalUser
Remove-ArubaCPNetworkDevice
Remove-ArubaCPNetworkDeviceGroup
Remove-ArubaCPNetworkDeviceGroupMember
Remove-ArubaCPRole
Remove-ArubaCPStaticHostList
Remove-ArubaCPStaticHostListMember
Set-ArubaCPAttributesMember
Set-ArubaCPCipherSSL
Set-ArubaCPEndpoint
Set-ArubaCPLocalUser
Set-ArubaCPNetworkDevice
Set-ArubaCPNetworkDeviceGroup
Set-ArubaCPRole
Set-ArubaCPStaticHostList
Set-ArubaCPuntrustedSSL
Set-ArubaCPVmAddLicencePlatform
Expand Down