diff --git a/ZertoApiWrapper/Public/Connect-ZertoServer.ps1 b/ZertoApiWrapper/Public/Connect-ZertoServer.ps1 index 237f845..1272a68 100644 --- a/ZertoApiWrapper/Public/Connect-ZertoServer.ps1 +++ b/ZertoApiWrapper/Public/Connect-ZertoServer.ps1 @@ -1,4 +1,3 @@ -<# .ExternalHelp ./en-us/ZertoApiWrapper-help.xml #> function Connect-ZertoServer { [cmdletbinding()] [OutputType([hashtable])] @@ -18,26 +17,31 @@ function Connect-ZertoServer { )] [System.Management.Automation.PSCredential]$credential, [Parameter( - HelpMessage = "Zerto Virtual Manager management port. Default value is 9669." + HelpMessage = "Zerto Virtual Manager management port. Default value is 443." )] [ValidateNotNullOrEmpty()] [ValidateRange(1024, 65535)] [Alias("port")] - [string]$zertoPort = "9669", + [string]$zertoPort = "443", + [Parameter( + HelpMessage = "Zerto Keycloak client id. Default value is zerto-client." + )] + [ValidateNotNullOrEmpty()] + [Alias("clientid")] + [string]$zertoClientId = "zerto-client", [Parameter( HelpMessage = "Use this switch to indicate that you would like the module to take care of auto re-authorization and reconnection to the ZVM should the token expire. This option will cache your PSCredential object to be reused" )] [switch]$AutoReconnect, [Parameter( - HelpMessage = "Use this switch to return the headers to a specified variable or to the default output." + HelpMessage = "Use this switch to return the Bearer Token to a specified variable or to the default output." )] - [switch]$returnHeaders + [switch]$returnToken ) begin { - $body = '{"AuthenticationMethod": "1"}' - $uri = "session/add" + $uri = "auth/realms/zerto/protocol/openid-connect/token" # Set Script Scope Variables for Use in all functions in the module; Server and Port Information Set-Variable -Name zvmServer -Scope Script -Value $zertoServer Set-Variable -Name zvmPort -Scope Script -Value $zertoPort @@ -45,26 +49,34 @@ function Connect-ZertoServer { Set-Variable -Name zvmLastAction -Scope Script -Value $(Get-Date).Ticks # Set / Clear the zvmHeaders to clear any existing token Set-Variable -Name zvmHeaders -Scope Script -Value @{ - "Accept" = "application/json" + #"Accept" = "application/json" "zerto-triggered-by" = "PowershellWes" } Set-Variable -Name Reconnect -Scope Script -Value $AutoReconnect.IsPresent if ($Script:Reconnect) { Set-Variable -Name CachedCredential -Scope Script -Value $credential } + Set-Variable -Name zertoClientId -Scope Script -Value $zertoClientId + + $body = @{ + 'client_id' = $script:zertoClientId + 'username' = $credential.GetNetworkCredential().Username + 'password' = $credential.GetNetworkCredential().Password + 'grant_type' = 'password' + } } process { - # Send authorization request to the function and send back the results including headers - $results = Invoke-ZertoRestRequest -uri $uri -credential $credential -returnHeaders -body $body -method POST -ErrorAction Stop + # Send authorization request to the function and send back the results including headers -returnHeaders + $results = Invoke-ZertoRestRequest -uri $uri -credential $credential -body $body -method POST -ErrorAction Stop } end { # Build Headers Hashtable with Authorization Token - $Script:zvmHeaders['x-zerto-session'] = $results.Headers['x-zerto-session'][0].ToString() - + $script:zvmHeaders['Authorization'] = "Bearer " + $results.access_token.ToString() + # Have the option to return the headers to a variable - if ($returnHeaders) { + if ($returnToken) { return $Script:zvmHeaders } } diff --git a/ZertoApiWrapper/Public/Get-ZertoVpg.ps1 b/ZertoApiWrapper/Public/Get-ZertoVpg.ps1 index c26a968..e5e3e58 100644 --- a/ZertoApiWrapper/Public/Get-ZertoVpg.ps1 +++ b/ZertoApiWrapper/Public/Get-ZertoVpg.ps1 @@ -1,4 +1,5 @@ -<# .ExternalHelp ./en-us/ZertoApiWrapper-help.xml #> +<# .ExternalHelp ./en-us/ZertoApiWrapper-help.xml +#> function Get-ZertoVpg { [cmdletbinding( DefaultParameterSetName = "main" )] param( diff --git a/ZertoApiWrapper/Public/Invoke-ZertoRestRequest.ps1 b/ZertoApiWrapper/Public/Invoke-ZertoRestRequest.ps1 index 93d77e4..b9ae720 100644 --- a/ZertoApiWrapper/Public/Invoke-ZertoRestRequest.ps1 +++ b/ZertoApiWrapper/Public/Invoke-ZertoRestRequest.ps1 @@ -1,4 +1,3 @@ -<# .ExternalHelp ./en-us/ZertoApiWrapper-help.xml #> function Invoke-ZertoRestRequest { [cmdletbinding()] param( @@ -54,7 +53,35 @@ function Invoke-ZertoRestRequest { $script:zvmLastAction = (Get-Date).Ticks # If running PwSh - Use this Invoke-RestMethod with passed Variables if ($PSVersionTable.PSVersion.Major -ge 6) { - $apiRequestResults = Invoke-RestMethod -Uri $submittedURI -Headers $script:zvmHeaders -Method $method -Body $body -ContentType $contentType -Credential $credential -SkipCertificateCheck -ResponseHeadersVariable responseHeaders -TimeoutSec 100 + # If we are authenticating to the ZVM, Use this block to use Invoke-WebRequest and format the Headers as expected. + if ($uri -eq "auth/realms/zerto/protocol/openid-connect/token" -and $method -eq "POST") { + write-host "in the loop" + + $data = @{ + 'client_id' = 'zerto-client' + 'username' = 'admin' + 'password' = 'Zertodata987!' + 'grant_type' = 'password' + } + $params = @{ + 'Uri' = 'https://192.168.50.60/auth/realms/zerto/protocol/openid-connect/token' + 'Method' = 'Post' + 'Body' = $data + 'ContentType' = 'application/x-www-form-urlencoded' + } + + $apiRequestResults = Invoke-RestMethod @params -SkipCertificateCheck + + + $ExpiresIn = $apiRequestResults.expires_in + $script:AuthExpiresAt = (Get-Date).AddSeconds($ExpiresIn) + $script:refreshToken = $apiRequestResults.refresh_token + $responseHeaders = @{ } + $responseHeaders['Authorization'] = "Bearer " + @($apiRequestResults.access_token) + } else { + $apiRequestResults = Invoke-RestMethod -Uri $submittedURI -Headers $script:zvmHeaders -Method $method -Body $body -ContentType $contentType -Credential $credential -SkipCertificateCheck -ResponseHeadersVariable responseHeaders -TimeoutSec 100 + Write-Host $apiRequestResults + } } else { # If running PowerShell 5.1 --> Do the Following # Check to see if All Certs are Trusted. If not, Create the Policy to Trust All Certificates @@ -79,10 +106,20 @@ public class TrustAllCertsPolicy : ICertificatePolicy { } # If we are authenticating to the ZVM, Use this block to use Invoke-WebRequest and format the Headers as expected. - if ($uri -eq "session/add" -and $method -eq "POST") { + if ($uri -eq "auth/realms/zerto/protocol/openid-connect/token" -and $method -eq "POST") { + $submittedURI = "https://{0}:{1}/{2}" -f $script:zvmServer, $script:zvmPort, $uri + $body = @{ + 'client_id' = $script:zertoClientId + 'username' = $credential.GetNetworkCredential().Username + 'password' = $credential.GetNetworkCredential().Password + 'grant_type' = 'password' + } + $contentType = 'application/x-www-form-urlencoded' + $apiRequestResults = Invoke-WebRequest -Uri $submittedURI -Headers $script:zvmHeaders -Method $method -Body $body -ContentType $contentType -Credential $credential -TimeoutSec 100 - $responseHeaders = @{ } - $responseHeaders['x-zerto-session'] = @($apiRequestResults.Headers['x-zerto-session']) + Write-Host $apiRequestResults + #$responseHeaders = @{ } + #$responseHeaders['x-zerto-session'] = @($apiRequestResults.Headers['x-zerto-session']) } elseif ($method -ne "GET") { # If the Method is something other than 'GET' use this call with a body parameter $apiRequestResults = Invoke-RestMethod -Uri $submittedURI -Headers $script:zvmHeaders -Method $method -Body $body -ContentType $contentType -Credential $credential -TimeoutSec 100 diff --git a/ZertoApiWrapper/test.ps1 b/ZertoApiWrapper/test.ps1 new file mode 100644 index 0000000..8bcd0c4 --- /dev/null +++ b/ZertoApiWrapper/test.ps1 @@ -0,0 +1,22 @@ +$Body = @{ + 'client_id' = 'zerto-client' + 'username' = 'admin' + 'password' = 'Zertodata987!' + 'grant_type' = 'password' +} +$Params = @{ + 'Uri' = 'https://192.168.50.60/auth/realms/zerto/protocol/openid-connect/token' + 'Method' = 'Post' + 'Body' = $Body + 'ContentType' = 'application/x-www-form-urlencoded' +} +$Result = Invoke-RestMethod @Params -SkipCertificateCheck + +Write-Host $Result + +$ExpiresIn = $Result.expires_in +$ExpiresAt = (Get-Date).AddSeconds($ExpiresIn) + +Write-Host $ExpiresAt + +Write-Host $Result