diff --git a/PowerArubaCX/Private/Confirm.ps1 b/PowerArubaCX/Private/Confirm.ps1 index 29d3f23..ed6fcab 100644 --- a/PowerArubaCX/Private/Confirm.ps1 +++ b/PowerArubaCX/Private/Confirm.ps1 @@ -116,4 +116,74 @@ function Confirm-ArubaCXVrfs { throw "Element specified does not contain a ssh_enable property." } $true +} + +function Confirm-ArubaCXTacacsServer { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + #Check if it looks like a TACACS server element + + if ( -not ( $argument | Get-Member -name auth_type -Membertype Properties)) { + throw "Element specified does not contain an auth_type property." + } + if ( -not ( $argument | Get-Member -name default_group_priority -Membertype Properties)) { + throw "Element specified does not contain a default_group_priority property." + } + if ( -not ( $argument | Get-Member -name group -Membertype Properties)) { + throw "Element specified does not contain a group property." + } + if ( -not ( $argument | Get-Member -name passkey -Membertype Properties)) { + throw "Element specified does not contain a passkey property." + } + if ( -not ( $argument | Get-Member -name timeout -Membertype Properties)) { + throw "Element specified does not contain a timeout property." + } + if ( -not ( $argument | Get-Member -name tracking_enable -Membertype Properties)) { + throw "Element specified does not contain a tracking_enable property." + } + if ( -not ( $argument | Get-Member -name user_group_priority -Membertype Properties)) { + throw "Element specified does not contain an user_group_priority property." + } + $true +} + +function Confirm-ArubaCXRadiusServer { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + #Check if it looks like a TACACS server element + + if ( -not ( $argument | Get-Member -name auth_type -Membertype Properties)) { + throw "Element specified does not contain an auth_type property." + } + if ( -not ( $argument | Get-Member -name default_group_priority -Membertype Properties)) { + throw "Element specified does not contain a default_group_priority property." + } + if ( -not ( $argument | Get-Member -name group -Membertype Properties)) { + throw "Element specified does not contain a group property." + } + if ( -not ( $argument | Get-Member -name passkey -Membertype Properties)) { + throw "Element specified does not contain a passkey property." + } + if ( -not ( $argument | Get-Member -name clearpass -Membertype Properties)) { + throw "Element specified does not contain a clearpass property." + } + if ( -not ( $argument | Get-Member -name timeout -Membertype Properties)) { + throw "Element specified does not contain a timeout property." + } + if ( -not ( $argument | Get-Member -name retries -Membertype Properties)) { + throw "Element specified does not contain a retries property." + } + if ( -not ( $argument | Get-Member -name tracking_enable -Membertype Properties)) { + throw "Element specified does not contain a tracking_enable property." + } + if ( -not ( $argument | Get-Member -name user_group_priority -Membertype Properties)) { + throw "Element specified does not contain an user_group_priority property." + } + $true } \ No newline at end of file diff --git a/PowerArubaCX/Public/Radius.ps1 b/PowerArubaCX/Public/Radius.ps1 new file mode 100644 index 0000000..f544a09 --- /dev/null +++ b/PowerArubaCX/Public/Radius.ps1 @@ -0,0 +1,429 @@ +# +# Copyright 2021, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Add-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Add Aruba CX RADIUS Server + + .DESCRIPTION + Add RADIUS Server (ip, group, port...) + + .EXAMPLE + Add-ArubaCXRadiusServer -address 192.2.0.1 -port 1812 -group PowerArubaCX -default_group_priority 1 + + Add RADIUS Server with ip 192.2.0.1 and port 1812 in RADIUS group PowerArubaCX + + .EXAMPLE + Add-ArubaCXRadiusServer -address 192.2.0.1 -port 1812 -group PowerArubaCX -default_group_priority 10 -timeout 10 -passkey ExampleRADIUS + + Add RADIUS Server with ip 192.2.0.1 and port 1812 in RADIUS group PowerArubaCX with timeout set to 10 and passkey as ExampleRADIUS + #> + [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingUsernameAndPasswordParams", "")] + Param( + [Parameter (Mandatory = $true)] + [string]$address, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 65535)] + [int]$port = 1812, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type = "pap", + [Parameter (Mandatory = $false)] + [ValidateSet('udp','tcp')] + [string]$port_type = "udp", + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int64]$default_group_priority = 10, + [Parameter (Mandatory = $false)] + [string]$group = "tacacs", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [string]$cppm_user_id, + [Parameter (Mandatory = $false)] + [String]$cppm_password, + [Parameter (Mandatory = $false)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [int]$retries, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + $uri = "system/vrfs/${vrf}/radius_servers" + + $_radius = new-Object -TypeName PSObject + + $_radius | add-member -name "address" -membertype NoteProperty -Value $address + + $_radius | add-member -name "port" -membertype NoteProperty -Value $port + + $_radius | add-member -name "vrf" -membertype NoteProperty -Value ("/rest/" + $($connection.version) + "/system/vrfs/" + $vrf) + + $_radius | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_radius | add-member -name "group" -membertype NoteProperty -Value $_group + + $_radius | add-member -name "auth_type" -membertype NoteProperty -Value $auth_type + + $_radius | add-member -name "port_type" -membertype NoteProperty -Value $port_type + + if ( $PsBoundParameters.ContainsKey('cppm_user_id') -and $PsBoundParameters.ContainsKey('cppm_password') ) { + $_cppm = new-Object -TypeName PSObject + + $_cppm | add-member -name "user_id" -membertype NoteProperty -Value $cppm_user_id + + $_cppm | add-member -name "password" -membertype NoteProperty -Value $cppm_password + + $_radius | add-member -name "clearpass" -membertype NoteProperty -Value $_cppm + } + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_radius | add-member -name "passkey" -membertype NoteProperty -Value $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_radius | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('retries') ) { + $_radius | add-member -name "retries" -membertype NoteProperty -Value $retries + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_radius | add-member -name "user_group_priority" -membertype NoteProperty -Value $user_group_priority + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_radius | add-member -name "tracking_enable" -membertype NoteProperty -Value $true + } + else { + $_radius | add-member -name "tracking_enable" -membertype NoteProperty -Value $false + } + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'POST' -body $_radius -connection $connection + $response + + Get-ArubaCXRadiusServer -address $address -port $port -port_type $port_type -vrf $vrf + + } + + End { + } +} + +function Get-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Get list of RADIUS Server configured + + .DESCRIPTION + Get list of RADIUS Server configured (ip, port, port_type...) + + .EXAMPLE + Get-ArubaCXRadiusServer -vrf default + + Get list of RADIUS Server configured (ip, port_type, port...) on default vrf + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 + + Get RADIUS Server with ip 192.2.0.1 + #> + + [CmdletBinding(DefaultParametersetname = "Default")] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [ipaddress]$address, + [Parameter (Mandatory = $false)] + [int]$port = 1812, + [Parameter (Mandatory = $false)] + [ValidateSet('udp','tcp')] + [string]$port_type = "udp", + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter(Mandatory = $false)] + [ValidateRange(1, 4)] + [Int]$depth, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [ValidateSet("configuration", "status", "statistics", "writable")] + [String]$selector, + [Parameter(Mandatory = $false)] + [String[]]$attributes, + [Parameter(Mandatory = $false)] + [switch]$vsx_peer, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('depth') ) { + $invokeParams.add( 'depth', $depth ) + } + if ( $PsBoundParameters.ContainsKey('selector') ) { + $invokeParams.add( 'selector', $selector ) + } + if ( $PsBoundParameters.ContainsKey('attributes') ) { + $invokeParams.add( 'attributes', $attributes ) + } + if ( $PsBoundParameters.ContainsKey('vsx_peer') ) { + $invokeParams.add( 'vsx_peer', $true ) + } + + if ($PsBoundParameters.ContainsKey('address')) { + $uri = "system/vrfs/${vrf}/radius_servers/${address},${port},${port_type}" + } + else { + $uri = "system/vrfs/${vrf}/radius_servers" + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'GET' -connection $connection @invokeParams + + $response + + } + + End { + } +} + +function Set-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Configure RADIUS Server ArubaCX Switch + + .DESCRIPTION + Configure RADIUS Server (Timeout, port...) + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -timeout 15 + + Configure timeout on RADIUS Server + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -group radius + + Configure group on RADIUS Server + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -passkey ExampleRADIUS + + Configure passkey on RADIUS Server + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -default_group_priority 10 -group PowerArubaCX -passkey ExampleRADIUS -timeout 15 -tacking_enable -user_group_priority 1 + + Configure passkey, timeout, tacking enable and user group priority on RADIUS Server + #> + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingUsernameAndPasswordParams", "")] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXRadiusServer $_ })] + [psobject]$radius, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [ValidateSet('udp','tcp')] + [string]$port_type, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int]$default_group_priority, + [Parameter (Mandatory = $false)] + [string]$group = "radius", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [string]$cppm_user_id, + [Parameter (Mandatory = $false)] + [String]$cppm_password, + [Parameter (Mandatory = $false)] + [int]$timeout = 10, + [Parameter (Mandatory = $false)] + [int]$retries = 1, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority = 1, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + + Begin { + } + + Process { + + $_radius = @{ } + + if ($radius) { + $address = $radius.address + $port = $radius.port + $port_type = $radius.port_type + } + + $uri = "system/vrfs/${vrf}/radius_servers/${address},${port},${port_type}" + + $_radius = Get-ArubaCXRadiusServer -address $address -port $port -port_type $port_type -selector writable + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $_radius.auth_type = $auth_type + } + if ( $PsBoundParameters.ContainsKey('default_group_priority') ) { + $_radius.default_group_priority = $default_group_priority + } + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_radius.group = $_group + + if ( $PsBoundParameters.ContainsKey('cppm_user_id') -and $PsBoundParameters.ContainsKey('cppm_password') ) { + $_cppm = new-Object -TypeName PSObject + + $_cppm | add-member -name "password" -membertype NoteProperty -Value $cppm_password + + $_cppm | add-member -name "user_id" -membertype NoteProperty -Value $cppm_user_id + + $_radius.clearpass = $_cppm + } + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_radius.passkey = $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_radius.timeout = $timeout + } + + if ( $PsBoundParameters.ContainsKey('retries') ) { + $_radius.retries = $retries + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_radius.tracking_enable = $true + } + else { + $_radius.tracking_enable = $false + } + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_radius.user_group_priority = $user_group_priority + } + + if ($PSCmdlet.ShouldProcess($_radius.address, 'Configure RADIUS Server')) { + Invoke-ArubaCXRestMethod -method "PUT" -body $_radius -uri $uri -connection $connection + } + + Get-ArubaCXRadiusServer -address $address -port $port -port_type $port_type -connection $connection + } + + End { + } +} + +function Remove-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Remove a RADIUS Server on Aruba CX Switch + + .DESCRIPTION + Remove a RADIUS Server on Aruba CX Switch + + .EXAMPLE + $rs = Get-ArubaCXArubaCXRadiusServer -address 192.2.0.1 + PS C:\>$rs | Remove-ArubaCXRadiusServer + + Remove RADIUS Server with address 192.0.2.1 + + .EXAMPLE + Remove-ArubaCXRadiusServer -address 192.2.0.1 -confirm:$false -vrf default + Remove RADIUS Server 192.0.2.1 on default vrf with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $false, ParameterSetName = "address")] + [int]$port = 1812, + [Parameter (Mandatory = $false, ParameterSetName = "address")] + [ValidateSet('udp','tcp')] + [string]$port_type = "udp", + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXRadiusServer $_ })] + [psobject]$rs, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + #get address, port, port_type and vrf from RADIUS Server ts object + if ($rs) { + $address = $rs.address + $port = $rs.port + $port_type = $rs.port_type + } + + $uri = "system/vrfs/${vrf}/radius_servers/${address},${port},${port_type}" + + if ($PSCmdlet.ShouldProcess("RADIUS Server (VRF: ${vrf})", "Remove ${address},${port},${port_type}")) { + Invoke-ArubaCXRestMethod -method "DELETE" -uri $uri -connection $connection + } + } + + End { + } +} \ No newline at end of file diff --git a/PowerArubaCX/Public/Tacacs.ps1 b/PowerArubaCX/Public/Tacacs.ps1 new file mode 100644 index 0000000..c5c19c7 --- /dev/null +++ b/PowerArubaCX/Public/Tacacs.ps1 @@ -0,0 +1,371 @@ +# +# Copyright 2021, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Add-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Add Aruba CX TACACS Server + + .DESCRIPTION + Add TACACS server (ip, group, port...) + + .EXAMPLE + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -group Clearpass -default_group_priority 10 + + Add TACACS server with ip 192.2.0.1 and port 49 in TACACS group Clearpass + + .EXAMPLE + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -group Clearpass -default_group_priority 10 -timeout 10 -passkey ExampleTACACS + + Add TACACS server with ip 192.2.0.1 and port 49 in TACACS group Clearpass with timeout set to 10 and passkey as ExampleTACACS + #> + Param( + [Parameter (Mandatory = $true)] + [string]$address, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 65535)] + [int]$port = 49, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type = "pap", + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int64]$default_group_priority = 10, + [Parameter (Mandatory = $false)] + [string]$group = "tacacs", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + $uri = "system/vrfs/${vrf}/tacacs_servers" + + $_tacacs = new-Object -TypeName PSObject + + $_tacacs | add-member -name "address" -membertype NoteProperty -Value $address + + $_tacacs | add-member -name "tcp_port" -membertype NoteProperty -Value $port + + $_tacacs | add-member -name "vrf" -membertype NoteProperty -Value ("/rest/" + $($connection.version) + "/system/vrfs/" + $vrf) + + $_tacacs | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_tacacs | add-member -name "group" -membertype NoteProperty -Value $_group + + $_tacacs | add-member -name "auth_type" -membertype NoteProperty -Value $auth_type + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_tacacs | add-member -name "passkey" -membertype NoteProperty -Value $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_tacacs | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_tacacs | add-member -name "user_group_priority" -membertype NoteProperty -Value $user_group_priority + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $true + } + else { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $false + } + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'POST' -body $_tacacs -connection $connection + $response + + Get-ArubaCXTacacsServer -address $address -port $port -vrf $vrf + + } + + End { + } +} + +function Get-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Get list of TACACS server configured + + .DESCRIPTION + Get list of TACACS server configured (ip, group, port...) + + .EXAMPLE + Get-ArubaCXTacacsServer -vrf default + + Get list of TACACS server configured (ip, group, port...) on default vrf + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 + + Get TACACS server with ip 192.2.0.1 and port 49 + #> + + [CmdletBinding(DefaultParametersetname = "Default")] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [ipaddress]$address, + [Parameter (Mandatory = $false)] + [int]$port = 49, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter(Mandatory = $false)] + [ValidateRange(1, 4)] + [Int]$depth, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [ValidateSet("configuration", "status", "statistics", "writable")] + [String]$selector, + [Parameter(Mandatory = $false)] + [String[]]$attributes, + [Parameter(Mandatory = $false)] + [switch]$vsx_peer, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('depth') ) { + $invokeParams.add( 'depth', $depth ) + } + if ( $PsBoundParameters.ContainsKey('selector') ) { + $invokeParams.add( 'selector', $selector ) + } + if ( $PsBoundParameters.ContainsKey('attributes') ) { + $invokeParams.add( 'attributes', $attributes ) + } + if ( $PsBoundParameters.ContainsKey('vsx_peer') ) { + $invokeParams.add( 'vsx_peer', $true ) + } + + if ($PsBoundParameters.ContainsKey('address') -and $PsBoundParameters.ContainsKey('port')) { + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + } + else { + $uri = "system/vrfs/${vrf}/tacacs_servers" + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'GET' -connection $connection @invokeParams + + $response + + } + + End { + } +} + +function Set-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Configure TACACS Server ArubaCX Switch + + .DESCRIPTION + Configure TACACS Server (Timeout, port...) + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -timeout 15 + + Configure timeout on TACACS server + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -group tacacs + + Configure group on TACACS server + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -passkey ExampleTacacs + + Configure passkey on TACACS server + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -default_group_priority 10 -group PowerArubaCX -passkey ExampleTacacs -timeout 15 -tacking_enable -user_group_priority 1 + + Configure passkey, timeout, tacking enable and user group priority on TACACS server + #> + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] + [psobject]$tacacs, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int]$default_group_priority, + [Parameter (Mandatory = $false)] + [string]$group = "tacacs", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [int]$timeout = 10, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority = 1, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + + Begin { + } + + Process { + + $_tacacs = @{ } + + if ($tacacs) { + $address = $tacacs.address + $port = $tacacs.tcp_port + } + + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + + $_tacacs = Get-ArubaCXTacacsServer -address $address -port $port -selector writable + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $_tacacs.auth_type = $auth_type + } + if ( $PsBoundParameters.ContainsKey('default_group_priority') ) { + $_tacacs.default_group_priority = $default_group_priority + } + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_tacacs.group = $_group + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_tacacs.passkey = $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_tacacs.timeout = $timeout + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_tacacs.tracking_enable = $true + } + else { + $_tacacs.tracking_enable = $false + } + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_tacacs.user_group_priority = $user_group_priority + } + + if ($PSCmdlet.ShouldProcess($_tacacs.address, 'Configure Tacacs Server')) { + Invoke-ArubaCXRestMethod -method "PUT" -body $_tacacs -uri $uri -connection $connection + } + + Get-ArubaCXTacacsServer -address $address -port $port -connection $connection + } + + End { + } +} + +function Remove-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Remove a TACACS server on Aruba CX Switch + + .DESCRIPTION + Remove a TACACS server on Aruba CX Switch + + .EXAMPLE + $ts = Get-ArubaCXArubaCXTacacsServer -address 192.2.0.1 -port 49 + PS C:\>$ts | Remove-ArubaCXTacacsServer + + Remove TACACS server with address 192.0.2.1 and port 49 + + .EXAMPLE + Remove-ArubaCXTacacsServer -address 192.2.0.1 -confirm:$false -vrf default + Remove TACACS server 192.0.2.1 on default vrf with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $false, ParameterSetName = "address")] + [int]$port = 49, + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] + [psobject]$ts, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + #get address, port and vrf from tacacs server ts object + if ($ts) { + $address = $ts.address + $port = $ts.tcp_port + } + + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + + if ($PSCmdlet.ShouldProcess("Tacacs Server (VRF: ${vrf})", "Remove ${address},${port}")) { + Invoke-ArubaCXRestMethod -method "DELETE" -uri $uri -connection $connection + } + } + + End { + } +} \ No newline at end of file diff --git a/README.md b/README.md index ce295f0..1b7fa9f 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ With this module (version 0.4.0) you can manage: - [System](#System) (Get/Set) - User (Get) - [Vlans](#Vlans-Management) (Add/Get/Set/Remove) +- [TACACS Server](#Tacacs-Server) (Add/Get/Set/Remove) There is some extra feature - [Invoke API](#Invoke-API) using Invoke-ArubaCXRestMethod @@ -376,6 +377,60 @@ For example to get system of 2 ArubaCX ``` +### TACACS Server + +You can create a new TACACS Server `Add-ArubaCXTacacsServer`, retrieve its information `Get-ArubaCXTacacsServer`, modify its properties `Set-ArubaCXTacacsServer`, or delete it `Remove-ArubaCXTacacsServer`. + +```powershell +# Create a TACACS Server + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -auth_type pap -default_group_priority 10 -group tacacs -passkey PowerArubaCX -timeout 10 -tracking_enable -user_group_priority 10 -vrf default + + address : 192.2.0.1 + [...] + auth_type : pap + default_group_priority : 10 + group : @{tacacs=} + [...] + passkey : AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== + reachability_status : + tcp_port : 49 + timeout : 10 + tracking_enable : True + [...] + user_group_priority : 10 + + +# Get information about TACACS Server + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -depth 2 -attributes auth_type, default_group_priority, group, passkey, tcp_port, timeout, tracking_enable, user_group_priority | Format-Table + + auth_type default_group_priority group passkey tcp_port timeout tracking_enable user_group_priority + --------- ---------------------- ----- ------- -------- ------- --------------- ------------------- + pap 10 @{tacacs=} AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== 49 10 True 10 + +# Change settings of a TACACS Server (Timeout and default group priority) + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -timeout 15 -default_group_priority 1 + + address : 192.2.0.1 + [...] + auth_type : pap + default_group_priority : 1 + group : @{tacacs=} + [...] + passkey : AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== + reachability_status : + tcp_port : 49 + timeout : 15 + tracking_enable : True + [...] + user_group_priority : 10 + + +# Remove a TACACS Server + Get-ArubaCXTacacsServer -address 192.2.0.1 | Remove-ArubaCXTacacsServer +``` + +For configure a vlan to an interface, need to use [Set-ArubaCXInterfaces](#Interface) + ### Disconnecting ```powershell diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 98da328..0283d2d 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -10,6 +10,10 @@ $script:pester_vlan = 85 #vlan id for Vlan test $script:pester_vlan2 = 86 #vlan id for Vlan test (for affect a second vlan to interface) $script:pester_interface = "1/1/1" #interface id for test... $script:pester_vrf = "pester_vrf" #interface id for test... +$script:pester_tacacs_address = "192.2.0.1" +$script:pester_tacacs_port = "49" +$script:pester_radius_address = "192.2.0.1" +$script:pester_radius_port = "1812" . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... diff --git a/Tests/integration/Radius.Tests.ps1 b/Tests/integration/Radius.Tests.ps1 new file mode 100644 index 0000000..eca2394 --- /dev/null +++ b/Tests/integration/Radius.Tests.ps1 @@ -0,0 +1,259 @@ +# +# Copyright 2020, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# +. ../common.ps1 + +Describe "Get RADIUS Server" { + BeforeAll { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -auth_type pap -timeout 15 -retries 1 + } + + It "Get RADIUS Server Does not throw an error" { + { + Get-ArubaCXRadiusServer + } | Should -Not -Throw + } + + It "Get ALL RADIUS Server" { + $radius = Get-ArubaCXRadiusServer + @($radius).count | Should -Not -Be $NULL + } + + It "Get RADIUS Server ($pester_radius_address)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + } + + It "Get RADIUS Server ($pester_radius_address) and confirm (via Confirm-ArubaCXRadiusServer)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + Confirm-ArubaCXRadiusServer ($radius) | Should -Be $true + } + + #Get with attribute, depth... + Context "Selector" { + + It "Get RADIUS Server with selector equal configuration" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector configuration + } | Should -Not -Throw + } + + It "Get RADIUS Server with selector equal statistics" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector statistics + } | Should -Not -Throw + } + + It "Get RADIUS Server with selector equal status" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector status + } | Should -Not -Throw + } + + It "Get RADIUS Server with selector equal writable" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector writable + } | Should -Not -Throw + } + } + + Context "Depth" { + + It "Get RADIUS Server with depth equal 1" { + { + Get-ArubaCXRadiusServer -depth 1 + } | Should -Not -Throw + } + + It "Get RADIUS Server with depth equal 2" { + { + Get-ArubaCXRadiusServer -depth 2 + } | Should -Not -Throw + } + + It "Get RADIUS Server with depth equal 3" { + { + Get-ArubaCXRadiusServer -depth 3 + } | Should -Not -Throw + } + + It "Get RADIUS Server with depth equal 4" { + { + Get-ArubaCXRadiusServer -depth 4 + } | Should -Not -Throw + } + } + + Context "Attribute" { + + It "Get RADIUS Server with one attribute (auth_type)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -attribute auth_type + @($radius).count | Should -Be 1 + $radius.address | Should -BeNullOrEmpty + $radius.auth_type | Should -Not -BeNullOrEmpty + } + + It "Get RADIUS Server with two attributes (auth_type, timeout)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -attribute auth_type,timeout + @($radius).count | Should -Be 1 + $radius.address | Should -BeNullOrEmpty + $radius.auth_type | Should -Be "pap" + $radius.timeout | Should -Be 15 + } + + It "Get RADIUS Server with three attributes (auth_type, timeout, retries)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -attribute auth_type,timeout,retries + @($radius).count | Should -Be 1 + $radius.address | Should -BeNullOrEmpty + $radius.auth_type | Should -Be "pap" + $radius.timeout | Should -Be 15 + $radius.retries | Should -Be 1 + } + + } + + Context "Search" { + It "Search RADIUS Server by address ($pester_radius_address)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + @($radius).count | Should -Be 1 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + } + } + + AfterAll { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Remove-ArubaCXRadiusServer -confirm:$false + } +} + +Describe "Add RADIUS Server" { + + AfterEach { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Remove-ArubaCXRadiusServer -confirm:$false -ErrorAction SilentlyContinue + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group)" { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be $null + $radius.passkey | Should -Be $null + $radius.tracking_enable | Should -Be $false + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be 10 + $radius.passkey | Should -Be $null + $radius.tracking_enable | Should -Be $false + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be 10 + $radius.passkey | Should -Not -BeNullOrEmpty + $radius.tracking_enable | Should -Be $true + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey, tracking_enable, and clearpass username)" { + $password = ConvertTo-SecureString Example -AsPlainText -Force + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable -cppm_user_id PowerArubaCX -cppm_password $password + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be 10 + $radius.passkey | Should -Not -BeNullOrEmpty + $radius.tracking_enable | Should -Be $true + $radius.clearpass.user_id | Should -Be "PowerArubaCX" + $radius.clearpass.password | Should -Not -BeNullOrEmpty + } +} + +Describe "Configure RADIUS Server" { + BeforeAll { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 + } + + It "Change RADIUS Server default_group_priority" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -default_group_priority 10 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.default_group_priority | Should -Be 10 + } + + It "Change RADIUS Server timeout" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -timeout 10 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.timeout | Should -Be 10 + } + + It "Change RADIUS Server retries" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -retries 1 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.retries | Should -Be 1 + } + + It "Change RADIUS Server tracking_enable (enable)" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -tracking_enable:$true + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.tracking_enable | Should -Be $true + } + + It "Change RADIUS Server tracking_enable (disable)" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -tracking_enable:$false + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.tracking_enable | Should -Be $false + } + + It "Change RADIUS ClearPass account" { + $password = ConvertTo-SecureString Example -AsPlainText -Force + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -cppm_user_id PowerArubaCX -cppm_password $password + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.clearpass.user_id | Should -Be "PowerArubaCX" + $radius.clearpass.password | Should -Not -BeNullOrEmpty + } + + AfterAll { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Remove-ArubaCXRadiusServer -confirm:$false + } +} + +Describe "Remove RADIUS Server" { + + BeforeEach { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 + } + + It "Remove RADIUS Server $pester_radius_address by address and port" { + Remove-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -confirm:$false + $radius = Get-ArubaCXRadiusServer + $radius.$pester_radius_address | Should -Be $NULL + } + + It "Remove RADIUS Server $pester_radius_address by pipeline" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius | Remove-ArubaCXRadiusServer -confirm:$false + $radius = Get-ArubaCXRadiusServer + $radius.$pester_radius_address | Should -Be $NULL + } + +} + +Disconnect-ArubaCX -confirm:$false \ No newline at end of file diff --git a/Tests/integration/Tacacs.Tests.ps1 b/Tests/integration/Tacacs.Tests.ps1 new file mode 100644 index 0000000..c546d27 --- /dev/null +++ b/Tests/integration/Tacacs.Tests.ps1 @@ -0,0 +1,221 @@ +# +# Copyright 2020, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# +. ../common.ps1 + +Describe "Get TACACS Server" { + BeforeAll { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -auth_type pap -timeout 15 + } + + It "Get TACACS Server Does not throw an error" { + { + Get-ArubaCXTacacsServer + } | Should -Not -Throw + } + + It "Get ALL TACACS Server" { + $tacacs = Get-ArubaCXTacacsServer + @($tacacs).count | Should -Not -Be $NULL + } + + It "Get TACACS Server ($pester_tacacs_address)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + } + + It "Get TACACS Server ($pester_tacacs_address) and confirm (via Confirm-ArubaCXTacacsServer)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + Confirm-ArubaCXTacacsServer ($tacacs) | Should -Be $true + } + + #Get with attribute, depth... + Context "Selector" { + + It "Get TACACS Server with selector equal configuration" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector configuration + } | Should -Not -Throw + } + + It "Get TACACS Server with selector equal statistics" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector statistics + } | Should -Not -Throw + } + + It "Get TACACS Server with selector equal status" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector status + } | Should -Not -Throw + } + + It "Get TACACS Server with selector equal writable" { + { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector writable + } | Should -Not -Throw + } + } + + Context "Depth" { + + It "Get TACACS Server with depth equal 1" { + { + Get-ArubaCXTacacsServer -depth 1 + } | Should -Not -Throw + } + + It "Get TACACS Server with depth equal 2" { + { + Get-ArubaCXTacacsServer -depth 2 + } | Should -Not -Throw + } + + It "Get TACACS Server with depth equal 3" { + { + Get-ArubaCXTacacsServer -depth 3 + } | Should -Not -Throw + } + + It "Get TACACS Server with depth equal 4" { + { + Get-ArubaCXTacacsServer -depth 4 + } | Should -Not -Throw + } + } + + Context "Attribute" { + + It "Get TACACS Server with one attribute (auth_type)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type + @($tacacs).count | Should -Be 1 + $tacacs.address | Should -BeNullOrEmpty + $tacacs.auth_type | Should -Not -BeNullOrEmpty + } + + It "Get TACACS Server with two attributes (auth_type, timeout)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type,timeout + @($tacacs).count | Should -Be 1 + $tacacs.address | Should -BeNullOrEmpty + $tacacs.auth_type | Should -Be "pap" + $tacacs.timeout | Should -Be 15 + } + + } + + Context "Search" { + It "Search TACACS Server by address ($pester_tacacs_address)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + @($tacacs).count | Should -Be 1 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + } + } + + AfterAll { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false + } +} + +Describe "Add TACACS Server" { + + AfterEach { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false -ErrorAction SilentlyContinue + } + + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be $null + $tacacs.passkey | Should -Be $null + $tacacs.tracking_enable | Should -Be $false + } + + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be 10 + $tacacs.passkey | Should -Be $null + $tacacs.tracking_enable | Should -Be $false + } + + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be 10 + $tacacs.passkey | Should -Not -BeNullOrEmpty + $tacacs.tracking_enable | Should -Be $true + } +} + +Describe "Configure TACACS Server" { + BeforeAll { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + } + + It "Change TACACS Server default_group_priority" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -default_group_priority 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.default_group_priority | Should -Be 10 + } + + It "Change TACACS Server timeout" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -timeout 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.timeout | Should -Be 10 + } + + It "Change TACACS Server tracking_enable (enable)" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$true + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.tracking_enable | Should -Be $true + } + + It "Change TACACS Server tracking_enable (disable)" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$false + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.tracking_enable | Should -Be $false + } + + AfterAll { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false + } +} + +Describe "Remove TACACS Server" { + + BeforeEach { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + } + + It "Remove TACACS Server $pester_tacacs_address by address and port" { + Remove-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -confirm:$false + $tacacs = Get-ArubaCXTacacsServer + $tacacs.$pester_tacacs_address | Should -Be $NULL + } + + It "Remove TACACS Server $pester_tacacs_address by pipeline" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs | Remove-ArubaCXTacacsServer -confirm:$false + $tacacs = Get-ArubaCXTacacsServer + $tacacs.$pester_tacacs_address | Should -Be $NULL + } + +} + +Disconnect-ArubaCX -confirm:$false \ No newline at end of file