Merge pull request #12 from alagoutte/enhance-connect

Enhance Connection (Support -SkipCertificateCheck, Cipher options) Indentation fixes Fixes #8
2025-12-13 18:02:29 +00:00 · 2021-07-22 10:16:00 -04:00 · 2021-07-22 10:16:00 -04:00 · 1f66348205
commit 1f66348205
parent fcbb25c088 4800cc6564
13 changed files with 172 additions and 92 deletions
--- a/Functions/Helpers/InvokeNetboxRequest.ps1
+++ b/Functions/Helpers/InvokeNetboxRequest.ps1
@ -1,4 +1,4 @@
-<#	
+<#
 	.NOTES
 	===========================================================================
 	 Created with: 	SAPIEN Technologies, Inc., PowerShell Studio 2020 v5.7.172
@ -18,44 +18,46 @@ function InvokeNetboxRequest {
    (
        [Parameter(Mandatory = $true)]
        [System.UriBuilder]$URI,
-        
+
        [Hashtable]$Headers = @{
        },
-        
+
        [pscustomobject]$Body = $null,
-        
+
        [ValidateRange(0, 60)]
        [uint16]$Timeout = 5,
-        
+
        [ValidateSet('GET', 'PATCH', 'PUT', 'POST', 'DELETE', 'OPTIONS', IgnoreCase = $true)]
        [string]$Method = 'GET',
-        
+
        [switch]$Raw
    )
-    
+
    $creds = Get-NetboxCredential
-    
+
    $Headers.Authorization = "Token {0}" -f $creds.GetNetworkCredential().Password
-    
+
    $splat = @{
-        'Method' = $Method
-        'Uri'    = $URI.Uri.AbsoluteUri # This property auto generates the scheme, hostname, path, and query
-        'Headers' = $Headers
-        'TimeoutSec' = $Timeout
+        'Method'      = $Method
+        'Uri'         = $URI.Uri.AbsoluteUri # This property auto generates the scheme, hostname, path, and query
+        'Headers'     = $Headers
+        'TimeoutSec'  = $Timeout
        'ContentType' = 'application/json'
        'ErrorAction' = 'Stop'
-        'Verbose' = $VerbosePreference
+        'Verbose'     = $VerbosePreference
    }
-    
+
+    $splat += Get-NetboxInvokeParams
+
    if ($Body) {
        Write-Verbose "BODY: $($Body | ConvertTo-Json -Compress)"
        $null = $splat.Add('Body', ($Body | ConvertTo-Json -Compress))
    }
-    
+
    $result = Invoke-RestMethod @splat
-    
+
    #region TODO: Handle errors a little more gracefully...
-    
+
    <#
    try {
        Write-Verbose "Sending request..."
@ -69,7 +71,7 @@ function InvokeNetboxRequest {
                Write-Verbose "RAW provided...throwing raw exception"
                throw $_
            }
-            
+
            Write-Verbose "Converting response to object"
            $myError = GetNetboxAPIErrorBody -Response $_.Exception.Response | ConvertFrom-Json
        } else {
@ -77,27 +79,29 @@ function InvokeNetboxRequest {
            $myError = $_
        }
    }
-    
+
    Write-Verbose "MyError is $($myError.GetType().FullName)"
-    
+
    if ($myError -is [Exception]) {
        throw $_
    } elseif ($myError -is [pscustomobject]) {
        throw $myError.detail
-    }    
+    }
    #>
-    
+
    #endregion TODO: Handle errors a little more gracefully...
-    
+
    # If the user wants the raw value from the API... otherwise return only the actual result
    if ($Raw) {
        Write-Verbose "Returning raw result by choice"
        return $result
-    } else {
+    }
+    else {
        if ($result.psobject.Properties.Name.Contains('results')) {
            Write-Verbose "Found Results property on data, returning results directly"
            return $result.Results
-        } else {
+        }
+        else {
            Write-Verbose "Did NOT find results property on data, returning raw result"
            return $result
        }
--- a/Functions/Setup/Connect-NetboxAPI.ps1
+++ b/Functions/Setup/Connect-NetboxAPI.ps1
@ -1,75 +1,94 @@
 function Connect-NetboxAPI {
-<#
+    <#
    .SYNOPSIS
        Connects to the Netbox API and ensures Credential work properly
-    
+
    .DESCRIPTION
        Connects to the Netbox API and ensures Credential work properly
-    
+
    .PARAMETER Hostname
        The hostname for the resource such as netbox.domain.com
-    
+
    .PARAMETER Credential
        Credential object containing the API key in the password. Username is not applicable
-    
+
    .PARAMETER Scheme
        Scheme for the URI such as HTTP or HTTPS. Defaults to HTTPS
-    
+
    .PARAMETER Port
        Port for the resource. Value between 1-65535
-    
+
    .PARAMETER URI
        The full URI for the resource such as "https://netbox.domain.com:8443"
-    
+
    .EXAMPLE
        PS C:\> Connect-NetboxAPI -Hostname "netbox.domain.com"
-        
+
        This will prompt for Credential, then proceed to attempt a connection to Netbox
-    
+
    .NOTES
        Additional information about the function.
 #>
-    
+
    [CmdletBinding(DefaultParameterSetName = 'Manual')]
    param
    (
        [Parameter(ParameterSetName = 'Manual',
                   Mandatory = $true)]
        [string]$Hostname,
-        
+
        [Parameter(Mandatory = $false)]
        [pscredential]$Credential,
-        
+
        [Parameter(ParameterSetName = 'Manual')]
        [ValidateSet('https', 'http', IgnoreCase = $true)]
        [string]$Scheme = 'https',
-        
+
        [Parameter(ParameterSetName = 'Manual')]
        [uint16]$Port = 443,
-        
+
        [Parameter(ParameterSetName = 'URI',
                   Mandatory = $true)]
-        [string]$URI
+        [string]$URI,
+
+        [Parameter(Mandatory = $false)]
+        [switch]$SkipCertificateCheck = $false
    )
-    
+
    if (-not $Credential) {
        try {
            $Credential = Get-NetboxCredential -ErrorAction Stop
-        } catch {
+        }
+        catch {
            # Credentials are not set... Try to obtain from the user
            if (-not ($Credential = Get-Credential -UserName 'username-not-applicable' -Message "Enter token for Netbox")) {
                throw "Token is necessary to connect to a Netbox API."
            }
        }
    }
-    
-    $null = Set-NetboxCredential -Credential $Credential
-    
+
+    $invokeParams = @{ SkipCertificateCheck = $SkipCertificateCheck; }
+
+    if ("Desktop" -eq $PSVersionTable.PsEdition) {
+        #Remove -SkipCertificateCheck from Invoke Parameter (not supported <= PS 5)
+        $invokeParams.remove("SkipCertificateCheck")
+    }
+
+    #for PowerShell (<=) 5 (Desktop), Enable TLS 1.1, 1.2 and Disable SSL chain trust
+    if ("Desktop" -eq $PSVersionTable.PsEdition) {
+        #Enable TLS 1.1 and 1.2
+        Set-NetboxCipherSSL
+        if ($SkipCertificateCheck) {
+            #Disable SSL chain trust...
+            Set-NetboxuntrustedSSL
+        }
+    }
+
    switch ($PSCmdlet.ParameterSetName) {
        'Manual' {
            $uriBuilder = [System.UriBuilder]::new($Scheme, $Hostname, $Port)
        }
-        
+
        'URI' {
            $uriBuilder = [System.UriBuilder]::new($URI)
            if ([string]::IsNullOrWhiteSpace($uriBuilder.Host)) {
@ -77,35 +96,39 @@
            }
        }
    }
-    
+
    $null = Set-NetboxHostName -Hostname $uriBuilder.Host
+    $null = Set-NetboxCredential -Credential $Credential
    $null = Set-NetboxHostScheme -Scheme $uriBuilder.Scheme
    $null = Set-NetboxHostPort -Port $uriBuilder.Port
-    
+    $null = Set-NetboxInvokeParams -invokeParams $invokeParams
+
    try {
        Write-Verbose "Verifying API connectivity..."
        $null = VerifyAPIConnectivity
-    } catch {
+    }
+    catch {
        Write-Verbose "Failed to connect. Generating error"
        Write-Verbose $_.Exception.Message
        if (($_.Exception.Response) -and ($_.Exception.Response.StatusCode -eq 403)) {
            throw "Invalid token"
-        } else {
+        }
+        else {
            throw $_
        }
    }
-    
+
    Write-Verbose "Caching API definition"
    $script:NetboxConfig.APIDefinition = Get-NetboxAPIDefinition
-    
+
    if ([version]$script:NetboxConfig.APIDefinition.info.version -lt 2.8) {
        $Script:NetboxConfig.Connected = $false
        throw "Netbox version is incompatible with this PS module. Requires >=2.8.*, found version $($script:NetboxConfig.APIDefinition.info.version)"
    }
-    
+
    $script:NetboxConfig.Connected = $true
    Write-Verbose "Successfully connected!"
-    
+
    #Write-Verbose "Caching static choices"
    #$script:NetboxConfig.Choices.Circuits = Get-NetboxCircuitsChoices
    #$script:NetboxConfig.Choices.DCIM = Get-NetboxDCIMChoices # Not completed yet
@ -114,6 +137,6 @@
    ##$script:NetboxConfig.Choices.Secrets = Get-NetboxSecretsChoices    # Not completed yet
    ##$script:NetboxConfig.Choices.Tenancy = Get-NetboxTenancyChoices
    #$script:NetboxConfig.Choices.Virtualization = Get-NetboxVirtualizationChoices
-    
+
    Write-Verbose "Connection process completed"
 }
--- a/Functions/Setup/Get-NetboxCredential.ps1
+++ b/Functions/Setup/Get-NetboxCredential.ps1
@ -2,10 +2,10 @@
    [CmdletBinding()]
    [OutputType([pscredential])]
    param ()
-    
+
    if (-not $script:NetboxConfig.Credential) {
        throw "Netbox Credentials not set! You may set with Set-NetboxCredential"
    }
-    
+
    $script:NetboxConfig.Credential
 }
--- a/Functions/Setup/Get-NetboxHostname.ps1
+++ b/Functions/Setup/Get-NetboxHostname.ps1
@ -1,11 +1,11 @@
 function Get-NetboxHostname {
    [CmdletBinding()]
    param ()
-    
+
    Write-Verbose "Getting Netbox hostname"
    if ($null -eq $script:NetboxConfig.Hostname) {
        throw "Netbox Hostname is not set! You may set it with Set-NetboxHostname -Hostname 'hostname.domain.tld'"
    }
-    
+
    $script:NetboxConfig.Hostname
 }
--- a/Functions/Setup/Get-NetboxInvokeParams.ps1
+++ b/Functions/Setup/Get-NetboxInvokeParams.ps1
@ -0,0 +1,11 @@
+function Get-NetboxInvokeParams {
+    [CmdletBinding()]
+    param ()
+
+    Write-Verbose "Getting Netbox InvokeParams"
+    if ($null -eq $script:NetboxConfig.InvokeParams) {
+        throw "Netbox Invoke Parms is not set! You may set it with Set-NetboxInvokeParams -InvokeParams ..."
+    }
+
+    $script:NetboxConfig.InvokeParams
+}
--- a/Functions/Setup/Set-NetboxCipherSSL.ps1
+++ b/Functions/Setup/Set-NetboxCipherSSL.ps1
@ -0,0 +1,8 @@
+Function Set-NetboxCipherSSL {
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessforStateChangingFunctions", "")]
+    Param(  )
+    # Hack for allowing TLS 1.1 and TLS 1.2 (by default it is only SSL3 and TLS (1.0))
+    $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
+    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
+
+}
--- a/Functions/Setup/Set-NetboxCredential.ps1
+++ b/Functions/Setup/Set-NetboxCredential.ps1
@ -1,32 +1,32 @@
 function Set-NetboxCredential {
    [CmdletBinding(DefaultParameterSetName = 'CredsObject',
-                   ConfirmImpact = 'Low',
-                   SupportsShouldProcess = $true)]
+        ConfirmImpact = 'Low',
+        SupportsShouldProcess = $true)]
    [OutputType([pscredential])]
    param
    (
        [Parameter(ParameterSetName = 'CredsObject',
-                   Mandatory = $true)]
+            Mandatory = $true)]
        [pscredential]$Credential,
-        
+
        [Parameter(ParameterSetName = 'UserPass',
-                   Mandatory = $true)]
+            Mandatory = $true)]
        [securestring]$Token
    )
-    
+
    if ($PSCmdlet.ShouldProcess('Netbox Credentials', 'Set')) {
        switch ($PsCmdlet.ParameterSetName) {
            'CredsObject' {
                $script:NetboxConfig.Credential = $Credential
                break
            }
-            
+
            'UserPass' {
                $script:NetboxConfig.Credential = [System.Management.Automation.PSCredential]::new('notapplicable', $Token)
                break
            }
        }
-        
+
        $script:NetboxConfig.Credential
    }
 }
--- a/Functions/Setup/Set-NetboxHostName.ps1
+++ b/Functions/Setup/Set-NetboxHostName.ps1
@ -1,13 +1,13 @@
 function Set-NetboxHostName {
    [CmdletBinding(ConfirmImpact = 'Low',
-                   SupportsShouldProcess = $true)]
+        SupportsShouldProcess = $true)]
    [OutputType([string])]
    param
    (
        [Parameter(Mandatory = $true)]
        [string]$Hostname
    )
-    
+
    if ($PSCmdlet.ShouldProcess('Netbox Hostname', 'Set')) {
        $script:NetboxConfig.Hostname = $Hostname.Trim()
        $script:NetboxConfig.Hostname
--- a/Functions/Setup/Set-NetboxInvokeParams.ps1
+++ b/Functions/Setup/Set-NetboxInvokeParams.ps1
@ -0,0 +1,15 @@
+function Set-NetboxInvokeParams {
+    [CmdletBinding(ConfirmImpact = 'Low',
+        SupportsShouldProcess = $true)]
+    [OutputType([string])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [array]$InvokeParams
+    )
+
+    if ($PSCmdlet.ShouldProcess('Netbox Invoke Params', 'Set')) {
+        $script:NetboxConfig.InvokeParams = $InvokeParams
+        $script:NetboxConfig.InvokeParams
+    }
+}
--- a/Functions/Setup/Set-NetboxUnstrustedSSL.ps1
+++ b/Functions/Setup/Set-NetboxUnstrustedSSL.ps1
@ -0,0 +1,19 @@
+Function Set-NetboxUntrustedSSL {
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessforStateChangingFunctions", "")]
+    Param(  )
+    # Hack for allowing untrusted SSL certs with https connections
+    Add-Type -TypeDefinition @"
+    using System.Net;
+    using System.Security.Cryptography.X509Certificates;
+    public class TrustAllCertsPolicy : ICertificatePolicy {
+        public bool CheckValidationResult(
+        ServicePoint srvPoint, X509Certificate certificate,
+        WebRequest request, int certificateProblem) {
+            return true;
+        }
+    }
+"@
+
+    [System.Net.ServicePointManager]::CertificatePolicy = New-Object -TypeName TrustAllCertsPolicy
+
+}
--- a/Functions/Setup/Support/Get-NetboxAPIDefinition.ps1
+++ b/Functions/Setup/Support/Get-NetboxAPIDefinition.ps1
@ -1,4 +1,4 @@
-<#	
+<#
 	.NOTES
 	===========================================================================
 	 Created with: 	SAPIEN Technologies, Inc., PowerShell Studio 2020 v5.7.174
@ -14,16 +14,16 @@


 function Get-NetboxAPIDefinition {
-    [CmdletBinding()]
-    param ()
-    
-    #$URI = "https://netbox.neonet.org/api/docs/?format=openapi"
-    
-    $Segments = [System.Collections.ArrayList]::new(@('docs'))
-    
-    $URIComponents = BuildURIComponents -URISegments $Segments -ParametersDictionary @{'format' = 'openapi'}
-    
-    $URI = BuildNewURI -Segments $URIComponents.Segments -Parameters $URIComponents.Parameters -SkipConnectedCheck
-    
-    InvokeNetboxRequest -URI $URI -Timeout 10
+	[CmdletBinding()]
+	param ()
+
+	#$URI = "https://netbox.neonet.org/api/docs/?format=openapi"
+
+	$Segments = [System.Collections.ArrayList]::new(@('docs'))
+
+	$URIComponents = BuildURIComponents -URISegments $Segments -ParametersDictionary @{'format' = 'openapi' }
+
+	$URI = BuildNewURI -Segments $URIComponents.Segments -Parameters $URIComponents.Parameters -SkipConnectedCheck
+
+	InvokeNetboxRequest -URI $URI -Timeout 10
 }
--- a/Functions/Setup/Support/SetupNetboxConfigVariable.ps1
+++ b/Functions/Setup/Support/SetupNetboxConfigVariable.ps1
@ -4,17 +4,17 @@
    (
        [switch]$Overwrite
    )
-    
+
    Write-Verbose "Checking for NetboxConfig hashtable"
    if ((-not ($script:NetboxConfig)) -or $Overwrite) {
        Write-Verbose "Creating NetboxConfig hashtable"
        $script:NetboxConfig = @{
-            'Connected' = $false
-            'Choices'   = @{
+            'Connected'     = $false
+            'Choices'       = @{
            }
            'APIDefinition' = $null
        }
    }
-    
+
    Write-Verbose "NetboxConfig hashtable already exists"
 }
--- a/Functions/Setup/Support/VerifyAPIConnectivity.ps1
+++ b/Functions/Setup/Support/VerifyAPIConnectivity.ps1
@ -1,10 +1,10 @@
 function VerifyAPIConnectivity {
    [CmdletBinding()]
    param ()
-    
+
    $uriSegments = [System.Collections.ArrayList]::new(@('extras'))
-    
-    $uri = BuildNewURI -Segments $uriSegments -Parameters @{'format' = 'json'} -SkipConnectedCheck
-    
+
+    $uri = BuildNewURI -Segments $uriSegments -Parameters @{'format' = 'json' } -SkipConnectedCheck
+
    InvokeNetboxRequest -URI $uri
 }