Merge pull request #12 from alagoutte/enhance-connect

Enhance Connection (Support -SkipCertificateCheck, Cipher options) Indentation fixes Fixes #8
2025-12-13 18:02:29 +00:00 · 2021-07-22 10:16:00 -04:00 · 2021-07-22 10:16:00 -04:00 · 1f66348205
commit 1f66348205
parent fcbb25c088 4800cc6564
13 changed files with 172 additions and 92 deletions
--- a/Functions/Helpers/InvokeNetboxRequest.ps1
+++ b/Functions/Helpers/InvokeNetboxRequest.ps1
@ -47,6 +47,8 @@ function InvokeNetboxRequest {
        'Verbose'     = $VerbosePreference
    }

+    $splat += Get-NetboxInvokeParams
+
    if ($Body) {
        Write-Verbose "BODY: $($Body | ConvertTo-Json -Compress)"
        $null = $splat.Add('Body', ($Body | ConvertTo-Json -Compress))
@ -93,11 +95,13 @@ function InvokeNetboxRequest {
    if ($Raw) {
        Write-Verbose "Returning raw result by choice"
        return $result
-    } else {
+    }
+    else {
        if ($result.psobject.Properties.Name.Contains('results')) {
            Write-Verbose "Found Results property on data, returning results directly"
            return $result.Results
-        } else {
+        }
+        else {
            Write-Verbose "Did NOT find results property on data, returning raw result"
            return $result
        }
--- a/Functions/Setup/Connect-NetboxAPI.ps1
+++ b/Functions/Setup/Connect-NetboxAPI.ps1
@ -49,13 +49,17 @@

        [Parameter(ParameterSetName = 'URI',
                   Mandatory = $true)]
-        [string]$URI
+        [string]$URI,
+
+        [Parameter(Mandatory = $false)]
+        [switch]$SkipCertificateCheck = $false
    )

    if (-not $Credential) {
        try {
            $Credential = Get-NetboxCredential -ErrorAction Stop
-        } catch {
+        }
+        catch {
            # Credentials are not set... Try to obtain from the user
            if (-not ($Credential = Get-Credential -UserName 'username-not-applicable' -Message "Enter token for Netbox")) {
                throw "Token is necessary to connect to a Netbox API."
@ -63,7 +67,22 @@
        }
    }

-    $null = Set-NetboxCredential -Credential $Credential
+    $invokeParams = @{ SkipCertificateCheck = $SkipCertificateCheck; }
+
+    if ("Desktop" -eq $PSVersionTable.PsEdition) {
+        #Remove -SkipCertificateCheck from Invoke Parameter (not supported <= PS 5)
+        $invokeParams.remove("SkipCertificateCheck")
+    }
+
+    #for PowerShell (<=) 5 (Desktop), Enable TLS 1.1, 1.2 and Disable SSL chain trust
+    if ("Desktop" -eq $PSVersionTable.PsEdition) {
+        #Enable TLS 1.1 and 1.2
+        Set-NetboxCipherSSL
+        if ($SkipCertificateCheck) {
+            #Disable SSL chain trust...
+            Set-NetboxuntrustedSSL
+        }
+    }

    switch ($PSCmdlet.ParameterSetName) {
        'Manual' {
@ -79,18 +98,22 @@
    }

    $null = Set-NetboxHostName -Hostname $uriBuilder.Host
+    $null = Set-NetboxCredential -Credential $Credential
    $null = Set-NetboxHostScheme -Scheme $uriBuilder.Scheme
    $null = Set-NetboxHostPort -Port $uriBuilder.Port
+    $null = Set-NetboxInvokeParams -invokeParams $invokeParams

    try {
        Write-Verbose "Verifying API connectivity..."
        $null = VerifyAPIConnectivity
-    } catch {
+    }
+    catch {
        Write-Verbose "Failed to connect. Generating error"
        Write-Verbose $_.Exception.Message
        if (($_.Exception.Response) -and ($_.Exception.Response.StatusCode -eq 403)) {
            throw "Invalid token"
-        } else {
+        }
+        else {
            throw $_
        }
    }
--- a/Functions/Setup/Get-NetboxInvokeParams.ps1
+++ b/Functions/Setup/Get-NetboxInvokeParams.ps1
@ -0,0 +1,11 @@
+function Get-NetboxInvokeParams {
+    [CmdletBinding()]
+    param ()
+
+    Write-Verbose "Getting Netbox InvokeParams"
+    if ($null -eq $script:NetboxConfig.InvokeParams) {
+        throw "Netbox Invoke Parms is not set! You may set it with Set-NetboxInvokeParams -InvokeParams ..."
+    }
+
+    $script:NetboxConfig.InvokeParams
+}
--- a/Functions/Setup/Set-NetboxCipherSSL.ps1
+++ b/Functions/Setup/Set-NetboxCipherSSL.ps1
@ -0,0 +1,8 @@
+Function Set-NetboxCipherSSL {
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessforStateChangingFunctions", "")]
+    Param(  )
+    # Hack for allowing TLS 1.1 and TLS 1.2 (by default it is only SSL3 and TLS (1.0))
+    $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
+    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
+
+}
--- a/Functions/Setup/Set-NetboxInvokeParams.ps1
+++ b/Functions/Setup/Set-NetboxInvokeParams.ps1
@ -0,0 +1,15 @@
+function Set-NetboxInvokeParams {
+    [CmdletBinding(ConfirmImpact = 'Low',
+        SupportsShouldProcess = $true)]
+    [OutputType([string])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [array]$InvokeParams
+    )
+
+    if ($PSCmdlet.ShouldProcess('Netbox Invoke Params', 'Set')) {
+        $script:NetboxConfig.InvokeParams = $InvokeParams
+        $script:NetboxConfig.InvokeParams
+    }
+}
--- a/Functions/Setup/Set-NetboxUnstrustedSSL.ps1
+++ b/Functions/Setup/Set-NetboxUnstrustedSSL.ps1
@ -0,0 +1,19 @@
+Function Set-NetboxUntrustedSSL {
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessforStateChangingFunctions", "")]
+    Param(  )
+    # Hack for allowing untrusted SSL certs with https connections
+    Add-Type -TypeDefinition @"
+    using System.Net;
+    using System.Security.Cryptography.X509Certificates;
+    public class TrustAllCertsPolicy : ICertificatePolicy {
+        public bool CheckValidationResult(
+        ServicePoint srvPoint, X509Certificate certificate,
+        WebRequest request, int certificateProblem) {
+            return true;
+        }
+    }
+"@
+
+    [System.Net.ServicePointManager]::CertificatePolicy = New-Object -TypeName TrustAllCertsPolicy
+
+}