From ca455dac472b641ec93dde683adb99f92ae7dd5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 23 Nov 2021 10:38:02 +0100 Subject: [PATCH 1/8] Add Tacacs Server configuration (Add/Get/Set/Remove) --- PowerArubaCX/Private/Confirm.ps1 | 32 +++ PowerArubaCX/Public/Tacacs.ps1 | 363 +++++++++++++++++++++++++++++ Tests/common.ps1 | 2 + Tests/integration/Tacacs.Tests.ps1 | 222 ++++++++++++++++++ 4 files changed, 619 insertions(+) create mode 100644 PowerArubaCX/Public/Tacacs.ps1 create mode 100644 Tests/integration/Tacacs.Tests.ps1 diff --git a/PowerArubaCX/Private/Confirm.ps1 b/PowerArubaCX/Private/Confirm.ps1 index 29d3f23..311fd27 100644 --- a/PowerArubaCX/Private/Confirm.ps1 +++ b/PowerArubaCX/Private/Confirm.ps1 @@ -116,4 +116,36 @@ function Confirm-ArubaCXVrfs { throw "Element specified does not contain a ssh_enable property." } $true +} + +function Confirm-ArubaCXTacacsServer { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + #Check if it looks like a tacacs server element + + if ( -not ( $argument | get-member -name auth_type -Membertype Properties)) { + throw "Element specified does not contain an auth_type property." + } + if ( -not ( $argument | get-member -name default_group_priority -Membertype Properties)) { + throw "Element specified does not contain a default_group_priority property." + } + if ( -not ( $argument | get-member -name group -Membertype Properties)) { + throw "Element specified does not contain a group property." + } + if ( -not ( $argument | get-member -name passkey -Membertype Properties)) { + throw "Element specified does not contain a passkey property." + } + if ( -not ( $argument | get-member -name timeout -Membertype Properties)) { + throw "Element specified does not contain a timeout property." + } + if ( -not ( $argument | get-member -name tracking_enable -Membertype Properties)) { + throw "Element specified does not contain a tracking_enable property." + } + if ( -not ( $argument | get-member -name user_group_priority -Membertype Properties)) { + throw "Element specified does not contain a user_group_priority property." + } + $true } \ No newline at end of file diff --git a/PowerArubaCX/Public/Tacacs.ps1 b/PowerArubaCX/Public/Tacacs.ps1 new file mode 100644 index 0000000..ff7d5ce --- /dev/null +++ b/PowerArubaCX/Public/Tacacs.ps1 @@ -0,0 +1,363 @@ +# +# Copyright 2021, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Add-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Add Aruba CX Tacacs Server + + .DESCRIPTION + Add tacacs server (ip, group, port...) + + .EXAMPLE + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -group Clearpass -default_group_priority 10 + + Add tacacs server with ip 192.2.0.1 and port 49 in Tacacs group Clearpass + #> + Param( + [Parameter (Mandatory = $true)] + [string]$address, + [Parameter (Mandatory = $true)] + [ValidateRange(1, 65535)] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type = "pap", + [Parameter (Mandatory = $true)] + [ValidateRange(1, 9223372036854775807)] + [int]$default_group_priority, + [Parameter (Mandatory = $true)] + [string]$group, + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + $uri = "system/vrfs/${vrf}/tacacs_servers" + + $_tacacs = new-Object -TypeName PSObject + + $_tacacs | add-member -name "address" -membertype NoteProperty -Value $address + + $_tacacs | add-member -name "tcp_port" -membertype NoteProperty -Value $port + + $_tacacs | add-member -name "vrf" -membertype NoteProperty -Value ("/rest/" + $($connection.version) + "/system/vrfs/" + $vrf) + + $_tacacs | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_tacacs | add-member -name "group" -membertype NoteProperty -Value $_group + + $_tacacs | add-member -name "auth_type" -membertype NoteProperty -Value $auth_type + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_tacacs | add-member -name "passkey" -membertype NoteProperty -Value $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_tacacs | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_tacacs | add-member -name "user_group_priority" -membertype NoteProperty -Value $user_group_priority + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $true + } + else { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $false + } + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'POST' -body $_tacacs -connection $connection + $response + + Get-ArubaCXTacacsServer -address $address -port $port -vrf $vrf + + } + + End { + } +} + +function Get-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Get list of tacacs server configured + + .DESCRIPTION + Get list of tacacs server configured (ip, group, port...) + + .EXAMPLE + Get-ArubaCXTacacsServer -vrf default + + Get list of tacacs server configured (ip, group, port...) on default vrf + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 + + Get tacacs server with ip 192.2.0.1 and port 49 + #> + + [CmdletBinding(DefaultParametersetname = "Default")] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [ipaddress]$address, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [int]$port, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter(Mandatory = $false)] + [ValidateRange(1, 4)] + [Int]$depth, + [Parameter(Mandatory = $false)] + [ValidateSet("configuration", "status", "statistics", "writable")] + [String]$selector, + [Parameter(Mandatory = $false)] + [String[]]$attributes, + [Parameter(Mandatory = $false)] + [switch]$vsx_peer, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('depth') ) { + $invokeParams.add( 'depth', $depth ) + } + else { + #by default set depth to 2 to show items + $invokeParams.add( 'depth', 2 ) + } + if ( $PsBoundParameters.ContainsKey('selector') ) { + $invokeParams.add( 'selector', $selector ) + } + if ( $PsBoundParameters.ContainsKey('attributes') ) { + $invokeParams.add( 'attributes', $attributes ) + } + if ( $PsBoundParameters.ContainsKey('vsx_peer') ) { + $invokeParams.add( 'vsx_peer', $true ) + } + + if ($PsBoundParameters.ContainsKey('address') -and $PsBoundParameters.ContainsKey('port')) { + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + } + else { + $uri = "system/vrfs/${vrf}/tacacs_servers" + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'GET' -connection $connection @invokeParams + + $response + + } + + End { + } +} + +function Set-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Configure Tacacs Server ArubaCX Switch + + .DESCRIPTION + Configure Tacacs Server (Timeout, port...) + + .EXAMPLE + Set-ArubaCXTacacsServer -timeout 15 -address 192.2.0.1 -tcp_port + + Configure timeout on tacacs server + + .EXAMPLE + Set-ArubaCXTacacsServer -group tacacs -address 192.2.0.1 -tcp_port + + Configure group on tacacs server + + .EXAMPLE + Set-ArubaCXTacacsServer -passkey ExampleRadius -address 192.2.0.1 -tcp_port + + Configure passkey on tacacs server + #> + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] + [psobject]$tacacs, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int]$default_group_priority, + [Parameter (Mandatory = $false)] + [string]$group, + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + + Begin { + } + + Process { + + if ($tacacs) { + $address = $tacacs.address + $port = $tacacs.tcp_port + } + + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + + if ($tacacs) { + $_tacacs = $tacacs + $_tacacs.PSObject.Properties.Remove('address') + $_tacacs.PSObject.Properties.Remove('tcp_port') + } + else { + $_tacacs = Get-ArubaCXTacacsServer -address $address -port $port -selector writable -connection $connection + } + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $_tacacs.auth_type = $auth_type + } + if ( $PsBoundParameters.ContainsKey('default_group_priority') ) { + $_tacacs.default_group_priority = $default_group_priority + } + if ( $PsBoundParameters.ContainsKey('group') ) { + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_tacacs.group = $_group + } + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_tacacs.passkey = $passkey + } + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_tacacs.timeout = $timeout + } + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + $_tacacs.tracking_enable = $true + } + else { + $_tacacs.tracking_enable = $false + } + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_tacacs.user_group_priority = $user_group_priority + } + + if ($PSCmdlet.ShouldProcess($_tacacs.address, 'Configure Tacacs Server')) { + Invoke-ArubaCXRestMethod -method "PUT" -body $_tacacs -uri $uri -connection $connection + } + + Get-ArubaCXTacacsServer -address $address -port $port -connection $connection + } + + End { + } +} + +function Remove-ArubaCXTacacsServer { + + <# + .SYNOPSIS + Remove a tacacs server on Aruba CX Switch + .DESCRIPTION + Remove a tacacs server on Aruba CX Switch + .EXAMPLE + $ts = Get-ArubaCXArubaCXTacacsServer -address 192.2.0.1 -port 49 + PS C:\>$ts | Remove-ArubaCXTacacsServer + Remove tacacs server with address 192.0.2.1 and port 49 + .EXAMPLE + Remove-ArubaCXTacacsServer -address 192.2.0.1 -confirm:$false -vrf default + Remove tacacs server 192.0.2.1 on default vrf with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [int]$port, + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] + [psobject]$ts, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + #get address, port and vrf from tacacs server ts object + if ($ts) { + $address = $ts.address + $port = $ts.tcp_port + } + + $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" + + if ($PSCmdlet.ShouldProcess("Tacacs Server (VRF: ${vrf})", "Remove ${address},${port}")) { + Write-Progress -activity "Remove Tacacs Server" + Invoke-ArubaCXRestMethod -method "DELETE" -uri $uri -connection $connection + Write-Progress -activity "Remove Tacacs Server" -completed + } + } + + End { + } +} \ No newline at end of file diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 98da328..e538268 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -10,6 +10,8 @@ $script:pester_vlan = 85 #vlan id for Vlan test $script:pester_vlan2 = 86 #vlan id for Vlan test (for affect a second vlan to interface) $script:pester_interface = "1/1/1" #interface id for test... $script:pester_vrf = "pester_vrf" #interface id for test... +$script:pester_tacacs_address = "192.2.0.1" +$script:pester_tacacs_port = "49" . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... diff --git a/Tests/integration/Tacacs.Tests.ps1 b/Tests/integration/Tacacs.Tests.ps1 new file mode 100644 index 0000000..782fd5d --- /dev/null +++ b/Tests/integration/Tacacs.Tests.ps1 @@ -0,0 +1,222 @@ +# +# Copyright 2020, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# +. ../common.ps1 + +Describe "Get Tacacs Server" { + BeforeALL { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -auth_type pap -timeout 15 + } + + It "Get Tacacs Server Does not throw an error" { + { + Get-ArubaCXTacacsServer + } | Should Not Throw + } + + It "Get ALL Tacacs Server" { + $tacacs = Get-ArubaCXTacacsServer + $tacacs.count | Should -Not -Be $NULL + } + + It "Get Tacacs Server ($pester_tacacs_address)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.tcp_port | Should -Be $pester_tacacs_port + } + + It "Get Tacacs Server ($pester_tacacs_address) and confirm (via Confirm-ArubaCXVlans)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + Confirm-ArubaCXTacacsServer ($tacacs) | Should -Be $true + } + + #Get with attribute, depth... + Context "Selector" { + + It "Get Tacacs Server with selector equal configuration" { + { + Get-ArubaCXTacacsServer -selector configuration + } | Should Not Throw + } + + It "Get Tacacs Server with selector equal statistics" { + { + Get-ArubaCXTacacsServer -selector statistics + } | Should Not Throw + } + + It "Get Tacacs Server with selector equal status" { + { + Get-ArubaCXTacacsServer -selector status + } | Should Not Throw + } + + It "Get Tacacs Server with selector equal writable" { + { + Get-ArubaCXTacacsServer -selector writable + } | Should Not Throw + } + } + + Context "Depth" { + + It "Get Tacacs Server with depth equal 1" { + { + Get-ArubaCXTacacsServer -depth 1 + } | Should Not Throw + } + + It "Get Tacacs Server with depth equal 2" { + { + Get-ArubaCXTacacsServer -depth 2 + } | Should Not Throw + } + + It "Get Tacacs Server with depth equal 3" { + { + Get-ArubaCXTacacsServer -depth 3 + } | Should Not Throw + } + + It "Get Tacacs Server with depth equal 4" { + { + Get-ArubaCXTacacsServer -depth 4 + } | Should Not Throw + } + } + + Context "Attribute" { + + It "Get Tacacs Server with one attribute (auth_type)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type + @($tacacs).count | Should -be 1 + $tacacs.address | Should -BeNullOrEmpty + $tacacs.port | Should -Not -BeNullOrEmpty + } + + It "Get Tacacs Server with two attributes (auth_type, timeout)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type,timeout + @($tacacs).count | Should -be 1 + $tacacs.address | Should -BeNullOrEmpty + $tacacs.port | Should -Not -BeNullOrEmpty + $tacacs.auth_type | Should -Be "pap" + $tacacs.timeour | Should -Be 15 + } + + } + + Context "Search" { + It "Search Tacacs Server by address ($pester_tacacs_address)" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + @($tacacs).count | Should -be 1 + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.port | Should -Be $pester_tacacs_port + } + } + + AfterAll { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false + } +} + +Describe "Add Tacacs Server" { + + AfterEach { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false -ErrorAction SilentlyContinue + } + + It "Add Tacacs Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "/rest/v10.04/system/aaa_server_groups/tacacs" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be $null + $tacacs.passkey | Should -Be $null + $tacacs.tracking_enable | Should -Be $false + } + + It "Add Tacacs Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority -timeout 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "/rest/v10.04/system/aaa_server_groups/tacacs" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be 10 + $tacacs.passkey | Should -Be $null + $tacacs.tracking_enable | Should -Be $false + } + + It "Add Tacacs Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.address | Should -Be $pester_tacacs_address + $tacacs.port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "/rest/v10.04/system/aaa_server_groups/tacacs" + $tacacs.default_group_priority | Should -Be 1 + $tacacs.timeout | Should -Be 10 + $tacacs.passkey | Should -Not -BeNullOrEmpty + $tacacs.tracking_enable | Should -Be $true + } +} + +Describe "Configure Tacacs Server" { + BeforeAll { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + } + + It "Change Tacacs Server default_group_priority" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -default_group_priority 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.default_group_priority | Should -Be 10 + } + + It "Change Tacacs Server timeout" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -timeout 10 + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.timeout | Should -Be 10 + } + + It "Change Tacacs Server tracking_enable (enable)" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$true + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.tracking_enable | Should -Be $true + } + + It "Change Tacacs Server tracking_enable (disable)" { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$false + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs.tracking_enable | Should -Be $false + } + + AfterAll { + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false + } +} + +Describe "Remove Tacacs Server" { + + BeforeEach { + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 + } + + It "Remove Tacacs Server $pester_tacacs_address by address and port" { + Remove-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -confirm:$false + $tacacs = Get-ArubaCXTacacsServer + $tacacs.$pester_tacacs_address | Should -Be $NULL + } + + It "Remove Tacacs Server $pester_tacacs_address by pipeline" { + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs | Remove-ArubaCXTacacsServer -confirm:$false + $tacacs = Get-ArubaCXTacacsServer + $tacacs.$pester_tacacs_address | Should -Be $NULL + } + +} + +Disconnect-ArubaCX -confirm:$false \ No newline at end of file From a0e14e20175d895a4c4b0bfb618c35b8ccc0360a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 30 Nov 2021 09:57:29 +0100 Subject: [PATCH 2/8] Add TacacsServer cmdlets (Add/Get/Set/Remove) --- PowerArubaCX/Public/Tacacs.ps1 | 67 +++++++++++++++--------------- Tests/integration/Tacacs.Tests.ps1 | 31 +++++++------- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/PowerArubaCX/Public/Tacacs.ps1 b/PowerArubaCX/Public/Tacacs.ps1 index ff7d5ce..5e36d29 100644 --- a/PowerArubaCX/Public/Tacacs.ps1 +++ b/PowerArubaCX/Public/Tacacs.ps1 @@ -135,7 +135,7 @@ function Get-ArubaCXTacacsServer { [Parameter(Mandatory = $false)] [ValidateRange(1, 4)] [Int]$depth, - [Parameter(Mandatory = $false)] + [Parameter(Mandatory = $false, ParameterSetName = "address")] [ValidateSet("configuration", "status", "statistics", "writable")] [String]$selector, [Parameter(Mandatory = $false)] @@ -198,17 +198,22 @@ function Set-ArubaCXTacacsServer { Configure Tacacs Server (Timeout, port...) .EXAMPLE - Set-ArubaCXTacacsServer -timeout 15 -address 192.2.0.1 -tcp_port + Set-ArubaCXTacacsServer -timeout 15 -address 192.2.0.1 -port 49 Configure timeout on tacacs server .EXAMPLE - Set-ArubaCXTacacsServer -group tacacs -address 192.2.0.1 -tcp_port + Set-ArubaCXTacacsServer -group tacacs -address 192.2.0.1 -port 49 Configure group on tacacs server .EXAMPLE - Set-ArubaCXTacacsServer -passkey ExampleRadius -address 192.2.0.1 -tcp_port + Set-ArubaCXTacacsServer -passkey ExampleTacacs -address 192.2.0.1 -port 49 + + Configure passkey on tacacs server + + .EXAMPLE + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -default_group_priority 10 -group PowerArubaCX -passkey ExampleTacacs -timeout 15 -tacking_enable -user_group_priority 1 Configure passkey on tacacs server #> @@ -228,15 +233,15 @@ function Set-ArubaCXTacacsServer { [ValidateRange(1, 9223372036854775807)] [int]$default_group_priority, [Parameter (Mandatory = $false)] - [string]$group, + [string]$group = "tacacs", [Parameter (Mandatory = $false)] [string]$passkey, [Parameter (Mandatory = $false)] - [int]$timeout, + [int]$timeout = 10, [Parameter (Mandatory = $false)] [switch]$tracking_enable, [Parameter (Mandatory = $false)] - [int]$user_group_priority, + [int]$user_group_priority = 1, [Parameter (Mandatory = $false)] [string]$vrf = "default", [Parameter (Mandatory = $False)] @@ -250,6 +255,8 @@ function Set-ArubaCXTacacsServer { Process { + $_tacacs = @{ } + if ($tacacs) { $address = $tacacs.address $port = $tacacs.tcp_port @@ -257,44 +264,38 @@ function Set-ArubaCXTacacsServer { $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" - if ($tacacs) { - $_tacacs = $tacacs - $_tacacs.PSObject.Properties.Remove('address') - $_tacacs.PSObject.Properties.Remove('tcp_port') - } - else { - $_tacacs = Get-ArubaCXTacacsServer -address $address -port $port -selector writable -connection $connection - } + $_tacacs = Get-ArubaCXTacacsServer -address $address -port $port -selector writable if ( $PsBoundParameters.ContainsKey('auth_type') ) { - $_tacacs.auth_type = $auth_type + $_tacacs | add-member -name "auth_type" -membertype NoteProperty -Value $auth_type -Force } if ( $PsBoundParameters.ContainsKey('default_group_priority') ) { - $_tacacs.default_group_priority = $default_group_priority + $_tacacs | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority -Force } - if ( $PsBoundParameters.ContainsKey('group') ) { - $_group = @() - $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_tacacs | add-member -name "group" -membertype NoteProperty -Value $_group -Force - $_tacacs.group = $_group - } if ( $PsBoundParameters.ContainsKey('passkey') ) { - $_tacacs.passkey = $passkey - } - if ( $PsBoundParameters.ContainsKey('timeout') ) { - $_tacacs.timeout = $timeout + $_tacacs | add-member -name "passkey" -membertype NoteProperty -Value $passkey -Force } + + $_tacacs | add-member -name "timeout" -membertype NoteProperty -Value $timeout -Force + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { - $_tacacs.tracking_enable = $true - } - else { - $_tacacs.tracking_enable = $false - } - if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { - $_tacacs.user_group_priority = $user_group_priority + if ($tracking_enable) { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $true -Force + } + else { + $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $false -Force + } } + $_tacacs | add-member -name "user_group_priority" -membertype NoteProperty -Value $user_group_priority -Force + if ($PSCmdlet.ShouldProcess($_tacacs.address, 'Configure Tacacs Server')) { Invoke-ArubaCXRestMethod -method "PUT" -body $_tacacs -uri $uri -connection $connection } diff --git a/Tests/integration/Tacacs.Tests.ps1 b/Tests/integration/Tacacs.Tests.ps1 index 782fd5d..7f95c6f 100644 --- a/Tests/integration/Tacacs.Tests.ps1 +++ b/Tests/integration/Tacacs.Tests.ps1 @@ -18,7 +18,7 @@ Describe "Get Tacacs Server" { It "Get ALL Tacacs Server" { $tacacs = Get-ArubaCXTacacsServer - $tacacs.count | Should -Not -Be $NULL + @($tacacs).count | Should -Not -Be $NULL } It "Get Tacacs Server ($pester_tacacs_address)" { @@ -37,25 +37,25 @@ Describe "Get Tacacs Server" { It "Get Tacacs Server with selector equal configuration" { { - Get-ArubaCXTacacsServer -selector configuration + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector configuration } | Should Not Throw } It "Get Tacacs Server with selector equal statistics" { { - Get-ArubaCXTacacsServer -selector statistics + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector statistics } | Should Not Throw } It "Get Tacacs Server with selector equal status" { { - Get-ArubaCXTacacsServer -selector status + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector status } | Should Not Throw } It "Get Tacacs Server with selector equal writable" { { - Get-ArubaCXTacacsServer -selector writable + Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector writable } | Should Not Throw } } @@ -93,16 +93,15 @@ Describe "Get Tacacs Server" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type @($tacacs).count | Should -be 1 $tacacs.address | Should -BeNullOrEmpty - $tacacs.port | Should -Not -BeNullOrEmpty + $tacacs.auth_type | Should -Not -BeNullOrEmpty } It "Get Tacacs Server with two attributes (auth_type, timeout)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type,timeout @($tacacs).count | Should -be 1 $tacacs.address | Should -BeNullOrEmpty - $tacacs.port | Should -Not -BeNullOrEmpty $tacacs.auth_type | Should -Be "pap" - $tacacs.timeour | Should -Be 15 + $tacacs.timeout | Should -Be 15 } } @@ -112,7 +111,7 @@ Describe "Get Tacacs Server" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port @($tacacs).count | Should -be 1 $tacacs.address | Should -Be $pester_tacacs_address - $tacacs.port | Should -Be $pester_tacacs_port + $tacacs.tcp_port | Should -Be $pester_tacacs_port } } @@ -131,8 +130,8 @@ Describe "Add Tacacs Server" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.address | Should -Be $pester_tacacs_address - $tacacs.port | Should -Be $pester_tacacs_port - $tacacs.group.tacacs | Should -Be "/rest/v10.04/system/aaa_server_groups/tacacs" + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" $tacacs.default_group_priority | Should -Be 1 $tacacs.timeout | Should -Be $null $tacacs.passkey | Should -Be $null @@ -140,11 +139,11 @@ Describe "Add Tacacs Server" { } It "Add Tacacs Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { - Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority -timeout 10 + Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.address | Should -Be $pester_tacacs_address - $tacacs.port | Should -Be $pester_tacacs_port - $tacacs.group.tacacs | Should -Be "/rest/v10.04/system/aaa_server_groups/tacacs" + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" $tacacs.default_group_priority | Should -Be 1 $tacacs.timeout | Should -Be 10 $tacacs.passkey | Should -Be $null @@ -155,8 +154,8 @@ Describe "Add Tacacs Server" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.address | Should -Be $pester_tacacs_address - $tacacs.port | Should -Be $pester_tacacs_port - $tacacs.group.tacacs | Should -Be "/rest/v10.04/system/aaa_server_groups/tacacs" + $tacacs.tcp_port | Should -Be $pester_tacacs_port + $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" $tacacs.default_group_priority | Should -Be 1 $tacacs.timeout | Should -Be 10 $tacacs.passkey | Should -Not -BeNullOrEmpty From 158283bdf49b4848e96a9b163c85e109b10cc847 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 30 Nov 2021 16:19:45 +0100 Subject: [PATCH 3/8] Fix after review --- PowerArubaCX/Private/Confirm.ps1 | 16 +++---- PowerArubaCX/Public/Tacacs.ps1 | 71 ++++++++++++++++------------ Tests/integration/Tacacs.Tests.ps1 | 74 +++++++++++++++--------------- 3 files changed, 86 insertions(+), 75 deletions(-) diff --git a/PowerArubaCX/Private/Confirm.ps1 b/PowerArubaCX/Private/Confirm.ps1 index 311fd27..68a0969 100644 --- a/PowerArubaCX/Private/Confirm.ps1 +++ b/PowerArubaCX/Private/Confirm.ps1 @@ -124,27 +124,27 @@ function Confirm-ArubaCXTacacsServer { [Parameter (Mandatory = $true)] [object]$argument ) - #Check if it looks like a tacacs server element + #Check if it looks like a TACACS server element - if ( -not ( $argument | get-member -name auth_type -Membertype Properties)) { + if ( -not ( $argument | Get-Member -name auth_type -Membertype Properties)) { throw "Element specified does not contain an auth_type property." } - if ( -not ( $argument | get-member -name default_group_priority -Membertype Properties)) { + if ( -not ( $argument | Get-Member -name default_group_priority -Membertype Properties)) { throw "Element specified does not contain a default_group_priority property." } - if ( -not ( $argument | get-member -name group -Membertype Properties)) { + if ( -not ( $argument | Get-Member -name group -Membertype Properties)) { throw "Element specified does not contain a group property." } - if ( -not ( $argument | get-member -name passkey -Membertype Properties)) { + if ( -not ( $argument | Get-Member -name passkey -Membertype Properties)) { throw "Element specified does not contain a passkey property." } - if ( -not ( $argument | get-member -name timeout -Membertype Properties)) { + if ( -not ( $argument | Get-Member -name timeout -Membertype Properties)) { throw "Element specified does not contain a timeout property." } - if ( -not ( $argument | get-member -name tracking_enable -Membertype Properties)) { + if ( -not ( $argument | Get-Member -name tracking_enable -Membertype Properties)) { throw "Element specified does not contain a tracking_enable property." } - if ( -not ( $argument | get-member -name user_group_priority -Membertype Properties)) { + if ( -not ( $argument | Get-Member -name user_group_priority -Membertype Properties)) { throw "Element specified does not contain a user_group_priority property." } $true diff --git a/PowerArubaCX/Public/Tacacs.ps1 b/PowerArubaCX/Public/Tacacs.ps1 index 5e36d29..ff4b0a3 100644 --- a/PowerArubaCX/Public/Tacacs.ps1 +++ b/PowerArubaCX/Public/Tacacs.ps1 @@ -8,28 +8,33 @@ function Add-ArubaCXTacacsServer { <# .SYNOPSIS - Add Aruba CX Tacacs Server + Add Aruba CX TACACS Server .DESCRIPTION - Add tacacs server (ip, group, port...) + Add TACACS server (ip, group, port...) .EXAMPLE Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -group Clearpass -default_group_priority 10 - Add tacacs server with ip 192.2.0.1 and port 49 in Tacacs group Clearpass + Add TACACS server with ip 192.2.0.1 and port 49 in TACACS group Clearpass + + .EXAMPLE + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -group Clearpass -default_group_priority 10 -timeout 10 -passkey ExampleTACACS + + Add TACACS server with ip 192.2.0.1 and port 49 in TACACS group Clearpass with timeout set to 10 and passkey as ExampleTACACS #> Param( [Parameter (Mandatory = $true)] [string]$address, [Parameter (Mandatory = $true)] [ValidateRange(1, 65535)] - [int]$port, + [int]$port = 49, [Parameter (Mandatory = $false)] [ValidateSet('pap')] [string]$auth_type = "pap", [Parameter (Mandatory = $true)] [ValidateRange(1, 9223372036854775807)] - [int]$default_group_priority, + [int64]$default_group_priority = 10, [Parameter (Mandatory = $true)] [string]$group, [Parameter (Mandatory = $false)] @@ -108,20 +113,20 @@ function Get-ArubaCXTacacsServer { <# .SYNOPSIS - Get list of tacacs server configured + Get list of TACACS server configured .DESCRIPTION - Get list of tacacs server configured (ip, group, port...) + Get list of TACACS server configured (ip, group, port...) .EXAMPLE Get-ArubaCXTacacsServer -vrf default - Get list of tacacs server configured (ip, group, port...) on default vrf + Get list of TACACS server configured (ip, group, port...) on default vrf .EXAMPLE Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 - Get tacacs server with ip 192.2.0.1 and port 49 + Get TACACS server with ip 192.2.0.1 and port 49 #> [CmdletBinding(DefaultParametersetname = "Default")] @@ -129,7 +134,7 @@ function Get-ArubaCXTacacsServer { [Parameter (Mandatory = $true, ParameterSetName = "address")] [ipaddress]$address, [Parameter (Mandatory = $true, ParameterSetName = "address")] - [int]$port, + [int]$port = 49, [Parameter (Mandatory = $false)] [string]$vrf = "default", [Parameter(Mandatory = $false)] @@ -192,30 +197,30 @@ function Set-ArubaCXTacacsServer { <# .SYNOPSIS - Configure Tacacs Server ArubaCX Switch + Configure TACACS Server ArubaCX Switch .DESCRIPTION - Configure Tacacs Server (Timeout, port...) + Configure TACACS Server (Timeout, port...) .EXAMPLE Set-ArubaCXTacacsServer -timeout 15 -address 192.2.0.1 -port 49 - Configure timeout on tacacs server + Configure timeout on TACACS server .EXAMPLE Set-ArubaCXTacacsServer -group tacacs -address 192.2.0.1 -port 49 - Configure group on tacacs server + Configure group on TACACS server .EXAMPLE Set-ArubaCXTacacsServer -passkey ExampleTacacs -address 192.2.0.1 -port 49 - Configure passkey on tacacs server + Configure passkey on TACACS server .EXAMPLE Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -default_group_priority 10 -group PowerArubaCX -passkey ExampleTacacs -timeout 15 -tacking_enable -user_group_priority 1 - Configure passkey on tacacs server + Configure passkey, timeout, tacking enable and user group priority on TACACS server #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] Param( @@ -267,34 +272,38 @@ function Set-ArubaCXTacacsServer { $_tacacs = Get-ArubaCXTacacsServer -address $address -port $port -selector writable if ( $PsBoundParameters.ContainsKey('auth_type') ) { - $_tacacs | add-member -name "auth_type" -membertype NoteProperty -Value $auth_type -Force + $_tacacs.auth_type = $auth_type } if ( $PsBoundParameters.ContainsKey('default_group_priority') ) { - $_tacacs | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority -Force + $_tacacs.default_group_priority = $default_group_priority } $_group = @() $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group - $_tacacs | add-member -name "group" -membertype NoteProperty -Value $_group -Force + $_tacacs.group = $_group if ( $PsBoundParameters.ContainsKey('passkey') ) { - $_tacacs | add-member -name "passkey" -membertype NoteProperty -Value $passkey -Force + $_tacacs.passkey = $passkey } - $_tacacs | add-member -name "timeout" -membertype NoteProperty -Value $timeout -Force + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_tacacs.timeout = $timeout + } if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { if ($tracking_enable) { - $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $true -Force + $_tacacs.tracking_enable = $true } else { - $_tacacs | add-member -name "tracking_enable" -membertype NoteProperty -Value $false -Force + $_tacacs.tracking_enable = $false } } - $_tacacs | add-member -name "user_group_priority" -membertype NoteProperty -Value $user_group_priority -Force + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_tacacs.user_group_priority = $user_group_priority + } if ($PSCmdlet.ShouldProcess($_tacacs.address, 'Configure Tacacs Server')) { Invoke-ArubaCXRestMethod -method "PUT" -body $_tacacs -uri $uri -connection $connection @@ -311,16 +320,19 @@ function Remove-ArubaCXTacacsServer { <# .SYNOPSIS - Remove a tacacs server on Aruba CX Switch + Remove a TACACS server on Aruba CX Switch + .DESCRIPTION - Remove a tacacs server on Aruba CX Switch + Remove a TACACS server on Aruba CX Switch + .EXAMPLE $ts = Get-ArubaCXArubaCXTacacsServer -address 192.2.0.1 -port 49 PS C:\>$ts | Remove-ArubaCXTacacsServer - Remove tacacs server with address 192.0.2.1 and port 49 + + Remove TACACS server with address 192.0.2.1 and port 49 .EXAMPLE Remove-ArubaCXTacacsServer -address 192.2.0.1 -confirm:$false -vrf default - Remove tacacs server 192.0.2.1 on default vrf with no confirmation + Remove TACACS server 192.0.2.1 on default vrf with no confirmation #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] @@ -328,7 +340,7 @@ function Remove-ArubaCXTacacsServer { [Parameter (Mandatory = $true, ParameterSetName = "address")] [string]$address, [Parameter (Mandatory = $true, ParameterSetName = "address")] - [int]$port, + [int]$port = 49, [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] [psobject]$ts, @@ -353,7 +365,6 @@ function Remove-ArubaCXTacacsServer { $uri = "system/vrfs/${vrf}/tacacs_servers/${address},${port}" if ($PSCmdlet.ShouldProcess("Tacacs Server (VRF: ${vrf})", "Remove ${address},${port}")) { - Write-Progress -activity "Remove Tacacs Server" Invoke-ArubaCXRestMethod -method "DELETE" -uri $uri -connection $connection Write-Progress -activity "Remove Tacacs Server" -completed } diff --git a/Tests/integration/Tacacs.Tests.ps1 b/Tests/integration/Tacacs.Tests.ps1 index 7f95c6f..0a2dc1f 100644 --- a/Tests/integration/Tacacs.Tests.ps1 +++ b/Tests/integration/Tacacs.Tests.ps1 @@ -5,29 +5,29 @@ # . ../common.ps1 -Describe "Get Tacacs Server" { +Describe "Get TACACS Server" { BeforeALL { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -auth_type pap -timeout 15 } - It "Get Tacacs Server Does not throw an error" { + It "Get TACACS Server Does not throw an error" { { Get-ArubaCXTacacsServer - } | Should Not Throw + } | Should -Not -Throw } - It "Get ALL Tacacs Server" { + It "Get ALL TACACS Server" { $tacacs = Get-ArubaCXTacacsServer @($tacacs).count | Should -Not -Be $NULL } - It "Get Tacacs Server ($pester_tacacs_address)" { + It "Get TACACS Server ($pester_tacacs_address)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.address | Should -Be $pester_tacacs_address $tacacs.tcp_port | Should -Be $pester_tacacs_port } - It "Get Tacacs Server ($pester_tacacs_address) and confirm (via Confirm-ArubaCXVlans)" { + It "Get TACACS Server ($pester_tacacs_address) and confirm (via Confirm-ArubaCXTacacsServer)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port Confirm-ArubaCXTacacsServer ($tacacs) | Should -Be $true } @@ -35,68 +35,68 @@ Describe "Get Tacacs Server" { #Get with attribute, depth... Context "Selector" { - It "Get Tacacs Server with selector equal configuration" { + It "Get TACACS Server with selector equal configuration" { { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector configuration - } | Should Not Throw + } | Should -Not -Throw } - It "Get Tacacs Server with selector equal statistics" { + It "Get TACACS Server with selector equal statistics" { { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector statistics - } | Should Not Throw + } | Should -Not -Throw } - It "Get Tacacs Server with selector equal status" { + It "Get TACACS Server with selector equal status" { { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector status - } | Should Not Throw + } | Should -Not -Throw } - It "Get Tacacs Server with selector equal writable" { + It "Get TACACS Server with selector equal writable" { { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -selector writable - } | Should Not Throw + } | Should -Not -Throw } } Context "Depth" { - It "Get Tacacs Server with depth equal 1" { + It "Get TACACS Server with depth equal 1" { { Get-ArubaCXTacacsServer -depth 1 - } | Should Not Throw + } | Should -Not -Throw } - It "Get Tacacs Server with depth equal 2" { + It "Get TACACS Server with depth equal 2" { { Get-ArubaCXTacacsServer -depth 2 - } | Should Not Throw + } | Should -Not -Throw } - It "Get Tacacs Server with depth equal 3" { + It "Get TACACS Server with depth equal 3" { { Get-ArubaCXTacacsServer -depth 3 - } | Should Not Throw + } | Should -Not -Throw } - It "Get Tacacs Server with depth equal 4" { + It "Get TACACS Server with depth equal 4" { { Get-ArubaCXTacacsServer -depth 4 - } | Should Not Throw + } | Should -Not -Throw } } Context "Attribute" { - It "Get Tacacs Server with one attribute (auth_type)" { + It "Get TACACS Server with one attribute (auth_type)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type @($tacacs).count | Should -be 1 $tacacs.address | Should -BeNullOrEmpty $tacacs.auth_type | Should -Not -BeNullOrEmpty } - It "Get Tacacs Server with two attributes (auth_type, timeout)" { + It "Get TACACS Server with two attributes (auth_type, timeout)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type,timeout @($tacacs).count | Should -be 1 $tacacs.address | Should -BeNullOrEmpty @@ -107,7 +107,7 @@ Describe "Get Tacacs Server" { } Context "Search" { - It "Search Tacacs Server by address ($pester_tacacs_address)" { + It "Search TACACS Server by address ($pester_tacacs_address)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port @($tacacs).count | Should -be 1 $tacacs.address | Should -Be $pester_tacacs_address @@ -120,13 +120,13 @@ Describe "Get Tacacs Server" { } } -Describe "Add Tacacs Server" { +Describe "Add TACACS Server" { AfterEach { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Remove-ArubaCXTacacsServer -confirm:$false -ErrorAction SilentlyContinue } - It "Add Tacacs Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group)" { + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group)" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.address | Should -Be $pester_tacacs_address @@ -138,7 +138,7 @@ Describe "Add Tacacs Server" { $tacacs.tracking_enable | Should -Be $false } - It "Add Tacacs Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.address | Should -Be $pester_tacacs_address @@ -150,7 +150,7 @@ Describe "Add Tacacs Server" { $tacacs.tracking_enable | Should -Be $false } - It "Add Tacacs Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { + It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.address | Should -Be $pester_tacacs_address @@ -163,30 +163,30 @@ Describe "Add Tacacs Server" { } } -Describe "Configure Tacacs Server" { +Describe "Configure TACACS Server" { BeforeAll { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 } - It "Change Tacacs Server default_group_priority" { + It "Change TACACS Server default_group_priority" { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -default_group_priority 10 $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.default_group_priority | Should -Be 10 } - It "Change Tacacs Server timeout" { + It "Change TACACS Server timeout" { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -timeout 10 $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.timeout | Should -Be 10 } - It "Change Tacacs Server tracking_enable (enable)" { + It "Change TACACS Server tracking_enable (enable)" { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$true $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.tracking_enable | Should -Be $true } - It "Change Tacacs Server tracking_enable (disable)" { + It "Change TACACS Server tracking_enable (disable)" { Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port | Set-ArubaCXTacacsServer -tracking_enable:$false $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs.tracking_enable | Should -Be $false @@ -197,19 +197,19 @@ Describe "Configure Tacacs Server" { } } -Describe "Remove Tacacs Server" { +Describe "Remove TACACS Server" { BeforeEach { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 } - It "Remove Tacacs Server $pester_tacacs_address by address and port" { + It "Remove TACACS Server $pester_tacacs_address by address and port" { Remove-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -confirm:$false $tacacs = Get-ArubaCXTacacsServer $tacacs.$pester_tacacs_address | Should -Be $NULL } - It "Remove Tacacs Server $pester_tacacs_address by pipeline" { + It "Remove TACACS Server $pester_tacacs_address by pipeline" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port $tacacs | Remove-ArubaCXTacacsServer -confirm:$false $tacacs = Get-ArubaCXTacacsServer From e47341af2c98d53fa5926b700f09fccee6ff041a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 2 Dec 2021 09:05:54 +0100 Subject: [PATCH 4/8] Fix typos, and change depth of Get function --- PowerArubaCX/Private/Confirm.ps1 | 2 +- PowerArubaCX/Public/Tacacs.ps1 | 20 +++++------ README.md | 55 ++++++++++++++++++++++++++++++ Tests/integration/Tacacs.Tests.ps1 | 14 ++++---- 4 files changed, 71 insertions(+), 20 deletions(-) diff --git a/PowerArubaCX/Private/Confirm.ps1 b/PowerArubaCX/Private/Confirm.ps1 index 68a0969..bf7d4f0 100644 --- a/PowerArubaCX/Private/Confirm.ps1 +++ b/PowerArubaCX/Private/Confirm.ps1 @@ -145,7 +145,7 @@ function Confirm-ArubaCXTacacsServer { throw "Element specified does not contain a tracking_enable property." } if ( -not ( $argument | Get-Member -name user_group_priority -Membertype Properties)) { - throw "Element specified does not contain a user_group_priority property." + throw "Element specified does not contain an user_group_priority property." } $true } \ No newline at end of file diff --git a/PowerArubaCX/Public/Tacacs.ps1 b/PowerArubaCX/Public/Tacacs.ps1 index ff4b0a3..15c3d97 100644 --- a/PowerArubaCX/Public/Tacacs.ps1 +++ b/PowerArubaCX/Public/Tacacs.ps1 @@ -32,11 +32,11 @@ function Add-ArubaCXTacacsServer { [Parameter (Mandatory = $false)] [ValidateSet('pap')] [string]$auth_type = "pap", - [Parameter (Mandatory = $true)] + [Parameter (Mandatory = $false)] [ValidateRange(1, 9223372036854775807)] [int64]$default_group_priority = 10, - [Parameter (Mandatory = $true)] - [string]$group, + [Parameter (Mandatory = $false)] + [string]$group = "tacacs", [Parameter (Mandatory = $false)] [string]$passkey, [Parameter (Mandatory = $false)] @@ -133,7 +133,7 @@ function Get-ArubaCXTacacsServer { Param( [Parameter (Mandatory = $true, ParameterSetName = "address")] [ipaddress]$address, - [Parameter (Mandatory = $true, ParameterSetName = "address")] + [Parameter (Mandatory = $false)] [int]$port = 49, [Parameter (Mandatory = $false)] [string]$vrf = "default", @@ -162,10 +162,6 @@ function Get-ArubaCXTacacsServer { if ( $PsBoundParameters.ContainsKey('depth') ) { $invokeParams.add( 'depth', $depth ) } - else { - #by default set depth to 2 to show items - $invokeParams.add( 'depth', 2 ) - } if ( $PsBoundParameters.ContainsKey('selector') ) { $invokeParams.add( 'selector', $selector ) } @@ -203,17 +199,17 @@ function Set-ArubaCXTacacsServer { Configure TACACS Server (Timeout, port...) .EXAMPLE - Set-ArubaCXTacacsServer -timeout 15 -address 192.2.0.1 -port 49 + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -timeout 15 Configure timeout on TACACS server .EXAMPLE - Set-ArubaCXTacacsServer -group tacacs -address 192.2.0.1 -port 49 + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -group tacacs Configure group on TACACS server .EXAMPLE - Set-ArubaCXTacacsServer -passkey ExampleTacacs -address 192.2.0.1 -port 49 + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -passkey ExampleTacacs Configure passkey on TACACS server @@ -330,6 +326,7 @@ function Remove-ArubaCXTacacsServer { PS C:\>$ts | Remove-ArubaCXTacacsServer Remove TACACS server with address 192.0.2.1 and port 49 + .EXAMPLE Remove-ArubaCXTacacsServer -address 192.2.0.1 -confirm:$false -vrf default Remove TACACS server 192.0.2.1 on default vrf with no confirmation @@ -366,7 +363,6 @@ function Remove-ArubaCXTacacsServer { if ($PSCmdlet.ShouldProcess("Tacacs Server (VRF: ${vrf})", "Remove ${address},${port}")) { Invoke-ArubaCXRestMethod -method "DELETE" -uri $uri -connection $connection - Write-Progress -activity "Remove Tacacs Server" -completed } } diff --git a/README.md b/README.md index ce295f0..1b7fa9f 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ With this module (version 0.4.0) you can manage: - [System](#System) (Get/Set) - User (Get) - [Vlans](#Vlans-Management) (Add/Get/Set/Remove) +- [TACACS Server](#Tacacs-Server) (Add/Get/Set/Remove) There is some extra feature - [Invoke API](#Invoke-API) using Invoke-ArubaCXRestMethod @@ -376,6 +377,60 @@ For example to get system of 2 ArubaCX ``` +### TACACS Server + +You can create a new TACACS Server `Add-ArubaCXTacacsServer`, retrieve its information `Get-ArubaCXTacacsServer`, modify its properties `Set-ArubaCXTacacsServer`, or delete it `Remove-ArubaCXTacacsServer`. + +```powershell +# Create a TACACS Server + Add-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -auth_type pap -default_group_priority 10 -group tacacs -passkey PowerArubaCX -timeout 10 -tracking_enable -user_group_priority 10 -vrf default + + address : 192.2.0.1 + [...] + auth_type : pap + default_group_priority : 10 + group : @{tacacs=} + [...] + passkey : AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== + reachability_status : + tcp_port : 49 + timeout : 10 + tracking_enable : True + [...] + user_group_priority : 10 + + +# Get information about TACACS Server + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 -depth 2 -attributes auth_type, default_group_priority, group, passkey, tcp_port, timeout, tracking_enable, user_group_priority | Format-Table + + auth_type default_group_priority group passkey tcp_port timeout tracking_enable user_group_priority + --------- ---------------------- ----- ------- -------- ------- --------------- ------------------- + pap 10 @{tacacs=} AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== 49 10 True 10 + +# Change settings of a TACACS Server (Timeout and default group priority) + Get-ArubaCXTacacsServer -address 192.2.0.1 -port 49 | Set-ArubaCXTacacsServer -timeout 15 -default_group_priority 1 + + address : 192.2.0.1 + [...] + auth_type : pap + default_group_priority : 1 + group : @{tacacs=} + [...] + passkey : AQBapWD/wBAlSYvjgEqjBhR33D8T+fRfVUjTQNKVtSYzl5kMDAAAAM6/W76103nUuYlUQQ== + reachability_status : + tcp_port : 49 + timeout : 15 + tracking_enable : True + [...] + user_group_priority : 10 + + +# Remove a TACACS Server + Get-ArubaCXTacacsServer -address 192.2.0.1 | Remove-ArubaCXTacacsServer +``` + +For configure a vlan to an interface, need to use [Set-ArubaCXInterfaces](#Interface) + ### Disconnecting ```powershell diff --git a/Tests/integration/Tacacs.Tests.ps1 b/Tests/integration/Tacacs.Tests.ps1 index 0a2dc1f..c546d27 100644 --- a/Tests/integration/Tacacs.Tests.ps1 +++ b/Tests/integration/Tacacs.Tests.ps1 @@ -6,7 +6,7 @@ . ../common.ps1 Describe "Get TACACS Server" { - BeforeALL { + BeforeAll { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -auth_type pap -timeout 15 } @@ -91,14 +91,14 @@ Describe "Get TACACS Server" { It "Get TACACS Server with one attribute (auth_type)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type - @($tacacs).count | Should -be 1 + @($tacacs).count | Should -Be 1 $tacacs.address | Should -BeNullOrEmpty $tacacs.auth_type | Should -Not -BeNullOrEmpty } It "Get TACACS Server with two attributes (auth_type, timeout)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -attribute auth_type,timeout - @($tacacs).count | Should -be 1 + @($tacacs).count | Should -Be 1 $tacacs.address | Should -BeNullOrEmpty $tacacs.auth_type | Should -Be "pap" $tacacs.timeout | Should -Be 15 @@ -109,7 +109,7 @@ Describe "Get TACACS Server" { Context "Search" { It "Search TACACS Server by address ($pester_tacacs_address)" { $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port - @($tacacs).count | Should -be 1 + @($tacacs).count | Should -Be 1 $tacacs.address | Should -Be $pester_tacacs_address $tacacs.tcp_port | Should -Be $pester_tacacs_port } @@ -128,7 +128,7 @@ Describe "Add TACACS Server" { It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group)" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 - $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 $tacacs.address | Should -Be $pester_tacacs_address $tacacs.tcp_port | Should -Be $pester_tacacs_port $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" @@ -140,7 +140,7 @@ Describe "Add TACACS Server" { It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 - $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 $tacacs.address | Should -Be $pester_tacacs_address $tacacs.tcp_port | Should -Be $pester_tacacs_port $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" @@ -152,7 +152,7 @@ Describe "Add TACACS Server" { It "Add TACACS Server $pester_tacacs_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { Add-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -group tacacs -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable - $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port + $tacacs = Get-ArubaCXTacacsServer -address $pester_tacacs_address -port $pester_tacacs_port -depth 2 $tacacs.address | Should -Be $pester_tacacs_address $tacacs.tcp_port | Should -Be $pester_tacacs_port $tacacs.group.tacacs | Should -Be "@{group_name=tacacs; group_type=tacacs; origin=built-in}" From e8d5044693c446a1d4b8e9474fe089b5b8a6c2a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 2 Dec 2021 09:31:24 +0100 Subject: [PATCH 5/8] Fix some mandatory parameters --- PowerArubaCX/Public/Tacacs.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PowerArubaCX/Public/Tacacs.ps1 b/PowerArubaCX/Public/Tacacs.ps1 index 15c3d97..c5c19c7 100644 --- a/PowerArubaCX/Public/Tacacs.ps1 +++ b/PowerArubaCX/Public/Tacacs.ps1 @@ -26,7 +26,7 @@ function Add-ArubaCXTacacsServer { Param( [Parameter (Mandatory = $true)] [string]$address, - [Parameter (Mandatory = $true)] + [Parameter (Mandatory = $false)] [ValidateRange(1, 65535)] [int]$port = 49, [Parameter (Mandatory = $false)] @@ -336,7 +336,7 @@ function Remove-ArubaCXTacacsServer { Param( [Parameter (Mandatory = $true, ParameterSetName = "address")] [string]$address, - [Parameter (Mandatory = $true, ParameterSetName = "address")] + [Parameter (Mandatory = $false, ParameterSetName = "address")] [int]$port = 49, [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] [ValidateScript( { Confirm-ArubaCXTacacsServer $_ })] From ce6c795c2b848e270e7996ba4d7d64adc48046d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 2 Dec 2021 12:07:59 +0100 Subject: [PATCH 6/8] Add RADIUS cmdlets (Add/Get/Set/Remove) --- PowerArubaCX/Private/Confirm.ps1 | 38 +++ PowerArubaCX/Public/Radius.ps1 | 427 +++++++++++++++++++++++++++++ Tests/common.ps1 | 2 + Tests/integration/Radius.Tests.ps1 | 257 +++++++++++++++++ 4 files changed, 724 insertions(+) create mode 100644 PowerArubaCX/Public/Radius.ps1 create mode 100644 Tests/integration/Radius.Tests.ps1 diff --git a/PowerArubaCX/Private/Confirm.ps1 b/PowerArubaCX/Private/Confirm.ps1 index bf7d4f0..ed6fcab 100644 --- a/PowerArubaCX/Private/Confirm.ps1 +++ b/PowerArubaCX/Private/Confirm.ps1 @@ -148,4 +148,42 @@ function Confirm-ArubaCXTacacsServer { throw "Element specified does not contain an user_group_priority property." } $true +} + +function Confirm-ArubaCXRadiusServer { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + #Check if it looks like a TACACS server element + + if ( -not ( $argument | Get-Member -name auth_type -Membertype Properties)) { + throw "Element specified does not contain an auth_type property." + } + if ( -not ( $argument | Get-Member -name default_group_priority -Membertype Properties)) { + throw "Element specified does not contain a default_group_priority property." + } + if ( -not ( $argument | Get-Member -name group -Membertype Properties)) { + throw "Element specified does not contain a group property." + } + if ( -not ( $argument | Get-Member -name passkey -Membertype Properties)) { + throw "Element specified does not contain a passkey property." + } + if ( -not ( $argument | Get-Member -name clearpass -Membertype Properties)) { + throw "Element specified does not contain a clearpass property." + } + if ( -not ( $argument | Get-Member -name timeout -Membertype Properties)) { + throw "Element specified does not contain a timeout property." + } + if ( -not ( $argument | Get-Member -name retries -Membertype Properties)) { + throw "Element specified does not contain a retries property." + } + if ( -not ( $argument | Get-Member -name tracking_enable -Membertype Properties)) { + throw "Element specified does not contain a tracking_enable property." + } + if ( -not ( $argument | Get-Member -name user_group_priority -Membertype Properties)) { + throw "Element specified does not contain an user_group_priority property." + } + $true } \ No newline at end of file diff --git a/PowerArubaCX/Public/Radius.ps1 b/PowerArubaCX/Public/Radius.ps1 new file mode 100644 index 0000000..54f13ae --- /dev/null +++ b/PowerArubaCX/Public/Radius.ps1 @@ -0,0 +1,427 @@ +# +# Copyright 2021, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Add-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Add Aruba CX RADIUS Server + + .DESCRIPTION + Add RADIUS Server (ip, group, port...) + + .EXAMPLE + Add-ArubaCXRadiusServer -address 192.2.0.1 -port 1812 -group PowerArubaCX -default_group_priority 1 + + Add RADIUS Server with ip 192.2.0.1 and port 1812 in RADIUS group PowerArubaCX + + .EXAMPLE + Add-ArubaCXRadiusServer -address 192.2.0.1 -port 1812 -group PowerArubaCX -default_group_priority 10 -timeout 10 -passkey ExampleRADIUS + + Add RADIUS Server with ip 192.2.0.1 and port 1812 in RADIUS group PowerArubaCX with timeout set to 10 and passkey as ExampleRADIUS + #> + Param( + [Parameter (Mandatory = $true)] + [string]$address, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 65535)] + [int]$port = 1812, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type = "pap", + [Parameter (Mandatory = $false)] + [ValidateSet('udp','tcp')] + [string]$port_type = "udp", + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int64]$default_group_priority = 10, + [Parameter (Mandatory = $false)] + [string]$group = "tacacs", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [string]$cppm_user_id, + [Parameter (Mandatory = $false)] + [string]$cppm_password, + [Parameter (Mandatory = $false)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [int]$retries, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + $uri = "system/vrfs/${vrf}/radius_servers" + + $_radius = new-Object -TypeName PSObject + + $_radius | add-member -name "address" -membertype NoteProperty -Value $address + + $_radius | add-member -name "port" -membertype NoteProperty -Value $port + + $_radius | add-member -name "vrf" -membertype NoteProperty -Value ("/rest/" + $($connection.version) + "/system/vrfs/" + $vrf) + + $_radius | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_radius | add-member -name "group" -membertype NoteProperty -Value $_group + + $_radius | add-member -name "auth_type" -membertype NoteProperty -Value $auth_type + + $_radius | add-member -name "port_type" -membertype NoteProperty -Value $port_type + + if ( $PsBoundParameters.ContainsKey('cppm_user_id') -and $PsBoundParameters.ContainsKey('cppm_password') ) { + $_cppm = new-Object -TypeName PSObject + + $_cppm | add-member -name "user_id" -membertype NoteProperty -Value $cppm_user_id + + $_cppm | add-member -name "password" -membertype NoteProperty -Value $cppm_password + + $_radius | add-member -name "clearpass" -membertype NoteProperty -Value $_cppm + } + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_radius | add-member -name "passkey" -membertype NoteProperty -Value $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_radius | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('retries') ) { + $_radius | add-member -name "retries" -membertype NoteProperty -Value $retries + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_radius | add-member -name "user_group_priority" -membertype NoteProperty -Value $user_group_priority + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_radius | add-member -name "tracking_enable" -membertype NoteProperty -Value $true + } + else { + $_radius | add-member -name "tracking_enable" -membertype NoteProperty -Value $false + } + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'POST' -body $_radius -connection $connection + $response + + Get-ArubaCXRadiusServer -address $address -port $port -port_type $port_type -vrf $vrf + + } + + End { + } +} + +function Get-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Get list of RADIUS Server configured + + .DESCRIPTION + Get list of RADIUS Server configured (ip, port, port_type...) + + .EXAMPLE + Get-ArubaCXRadiusServer -vrf default + + Get list of RADIUS Server configured (ip, port_type, port...) on default vrf + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 + + Get RADIUS Server with ip 192.2.0.1 + #> + + [CmdletBinding(DefaultParametersetname = "Default")] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [ipaddress]$address, + [Parameter (Mandatory = $false)] + [int]$port = 1812, + [Parameter (Mandatory = $false)] + [ValidateSet('udp','tcp')] + [string]$port_type = "udp", + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter(Mandatory = $false)] + [ValidateRange(1, 4)] + [Int]$depth, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [ValidateSet("configuration", "status", "statistics", "writable")] + [String]$selector, + [Parameter(Mandatory = $false)] + [String[]]$attributes, + [Parameter(Mandatory = $false)] + [switch]$vsx_peer, + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('depth') ) { + $invokeParams.add( 'depth', $depth ) + } + if ( $PsBoundParameters.ContainsKey('selector') ) { + $invokeParams.add( 'selector', $selector ) + } + if ( $PsBoundParameters.ContainsKey('attributes') ) { + $invokeParams.add( 'attributes', $attributes ) + } + if ( $PsBoundParameters.ContainsKey('vsx_peer') ) { + $invokeParams.add( 'vsx_peer', $true ) + } + + if ($PsBoundParameters.ContainsKey('address')) { + $uri = "system/vrfs/${vrf}/radius_servers/${address},${port},${port_type}" + } + else { + $uri = "system/vrfs/${vrf}/radius_servers" + } + + $response = Invoke-ArubaCXRestMethod -uri $uri -method 'GET' -connection $connection @invokeParams + + $response + + } + + End { + } +} + +function Set-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Configure RADIUS Server ArubaCX Switch + + .DESCRIPTION + Configure RADIUS Server (Timeout, port...) + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -timeout 15 + + Configure timeout on RADIUS Server + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -group radius + + Configure group on RADIUS Server + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -passkey ExampleRADIUS + + Configure passkey on RADIUS Server + + .EXAMPLE + Get-ArubaCXRadiusServer -address 192.2.0.1 | Set-ArubaCXRadiusServer -default_group_priority 10 -group PowerArubaCX -passkey ExampleRADIUS -timeout 15 -tacking_enable -user_group_priority 1 + + Configure passkey, timeout, tacking enable and user group priority on RADIUS Server + #> + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXRadiusServer $_ })] + [psobject]$radius, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet('pap')] + [string]$auth_type, + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [ValidateSet('udp','tcp')] + [string]$port_type, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 9223372036854775807)] + [int]$default_group_priority, + [Parameter (Mandatory = $false)] + [string]$group = "radius", + [Parameter (Mandatory = $false)] + [string]$passkey, + [Parameter (Mandatory = $false)] + [string]$cppm_user_id, + [Parameter (Mandatory = $false)] + [string]$cppm_password, + [Parameter (Mandatory = $false)] + [int]$timeout = 10, + [Parameter (Mandatory = $false)] + [int]$retries = 1, + [Parameter (Mandatory = $false)] + [switch]$tracking_enable, + [Parameter (Mandatory = $false)] + [int]$user_group_priority = 1, + [Parameter (Mandatory = $false)] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + + Begin { + } + + Process { + + $_radius = @{ } + + if ($radius) { + $address = $radius.address + $port = $radius.port + $port_type = $radius.port_type + } + + $uri = "system/vrfs/${vrf}/radius_servers/${address},${port},${port_type}" + + $_radius = Get-ArubaCXRadiusServer -address $address -port $port -port_type $port_type -selector writable + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $_radius.auth_type = $auth_type + } + if ( $PsBoundParameters.ContainsKey('default_group_priority') ) { + $_radius.default_group_priority = $default_group_priority + } + + $_group = @() + + $_group += "/rest/" + $($connection.version) + "/system/aaa_server_groups/" + $group + + $_radius.group = $_group + + if ( $PsBoundParameters.ContainsKey('cppm_user_id') -and $PsBoundParameters.ContainsKey('cppm_password') ) { + $_cppm = new-Object -TypeName PSObject + + $_cppm | add-member -name "password" -membertype NoteProperty -Value $cppm_password + + $_cppm | add-member -name "user_id" -membertype NoteProperty -Value $cppm_user_id + + $_radius.clearpass = $_cppm + } + + if ( $PsBoundParameters.ContainsKey('passkey') ) { + $_radius.passkey = $passkey + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_radius.timeout = $timeout + } + + if ( $PsBoundParameters.ContainsKey('retries') ) { + $_radius.retries = $retries + } + + if ( $PsBoundParameters.ContainsKey('tracking_enable') ) { + if ($tracking_enable) { + $_radius.tracking_enable = $true + } + else { + $_radius.tracking_enable = $false + } + } + + if ( $PsBoundParameters.ContainsKey('user_group_priority') ) { + $_radius.user_group_priority = $user_group_priority + } + + if ($PSCmdlet.ShouldProcess($_radius.address, 'Configure RADIUS Server')) { + Invoke-ArubaCXRestMethod -method "PUT" -body $_radius -uri $uri -connection $connection + } + + Get-ArubaCXRadiusServer -address $address -port $port -port_type $port_type -connection $connection + } + + End { + } +} + +function Remove-ArubaCXRadiusServer { + + <# + .SYNOPSIS + Remove a RADIUS Server on Aruba CX Switch + + .DESCRIPTION + Remove a RADIUS Server on Aruba CX Switch + + .EXAMPLE + $rs = Get-ArubaCXArubaCXRadiusServer -address 192.2.0.1 + PS C:\>$rs | Remove-ArubaCXRadiusServer + + Remove RADIUS Server with address 192.0.2.1 + + .EXAMPLE + Remove-ArubaCXRadiusServer -address 192.2.0.1 -confirm:$false -vrf default + Remove RADIUS Server 192.0.2.1 on default vrf with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ParameterSetName = "address")] + [string]$address, + [Parameter (Mandatory = $false, ParameterSetName = "address")] + [int]$port = 1812, + [Parameter (Mandatory = $false, ParameterSetName = "address")] + [ValidateSet('udp','tcp')] + [string]$port_type = "udp", + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] + [ValidateScript( { Confirm-ArubaCXRadiusServer $_ })] + [psobject]$rs, + [Parameter(Mandatory = $false, ParameterSetName = "address")] + [string]$vrf = "default", + [Parameter (Mandatory = $False)] + [ValidateNotNullOrEmpty()] + [PSObject]$connection = $DefaultArubaCXConnection + ) + + Begin { + } + + Process { + + #get address, port, port_type and vrf from RADIUS Server ts object + if ($rs) { + $address = $rs.address + $port = $rs.port + $port_type = $rs.port_type + } + + $uri = "system/vrfs/${vrf}/radius_servers/${address},${port},${port_type}" + + if ($PSCmdlet.ShouldProcess("RADIUS Server (VRF: ${vrf})", "Remove ${address},${port},${port_type}")) { + Invoke-ArubaCXRestMethod -method "DELETE" -uri $uri -connection $connection + } + } + + End { + } +} \ No newline at end of file diff --git a/Tests/common.ps1 b/Tests/common.ps1 index e538268..0283d2d 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -12,6 +12,8 @@ $script:pester_interface = "1/1/1" #interface id for test... $script:pester_vrf = "pester_vrf" #interface id for test... $script:pester_tacacs_address = "192.2.0.1" $script:pester_tacacs_port = "49" +$script:pester_radius_address = "192.2.0.1" +$script:pester_radius_port = "1812" . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... diff --git a/Tests/integration/Radius.Tests.ps1 b/Tests/integration/Radius.Tests.ps1 new file mode 100644 index 0000000..1745fc9 --- /dev/null +++ b/Tests/integration/Radius.Tests.ps1 @@ -0,0 +1,257 @@ +# +# Copyright 2020, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# +. ../common.ps1 + +Describe "Get RADIUS Server" { + BeforeAll { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -auth_type pap -timeout 15 -retries 1 + } + + It "Get RADIUS Server Does not throw an error" { + { + Get-ArubaCXRadiusServer + } | Should -Not -Throw + } + + It "Get ALL RADIUS Server" { + $radius = Get-ArubaCXRadiusServer + @($radius).count | Should -Not -Be $NULL + } + + It "Get RADIUS Server ($pester_radius_address)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + } + + It "Get RADIUS Server ($pester_radius_address) and confirm (via Confirm-ArubaCXRadiusServer)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + Confirm-ArubaCXRadiusServer ($radius) | Should -Be $true + } + + #Get with attribute, depth... + Context "Selector" { + + It "Get RADIUS Server with selector equal configuration" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector configuration + } | Should -Not -Throw + } + + It "Get RADIUS Server with selector equal statistics" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector statistics + } | Should -Not -Throw + } + + It "Get RADIUS Server with selector equal status" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector status + } | Should -Not -Throw + } + + It "Get RADIUS Server with selector equal writable" { + { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -selector writable + } | Should -Not -Throw + } + } + + Context "Depth" { + + It "Get RADIUS Server with depth equal 1" { + { + Get-ArubaCXRadiusServer -depth 1 + } | Should -Not -Throw + } + + It "Get RADIUS Server with depth equal 2" { + { + Get-ArubaCXRadiusServer -depth 2 + } | Should -Not -Throw + } + + It "Get RADIUS Server with depth equal 3" { + { + Get-ArubaCXRadiusServer -depth 3 + } | Should -Not -Throw + } + + It "Get RADIUS Server with depth equal 4" { + { + Get-ArubaCXRadiusServer -depth 4 + } | Should -Not -Throw + } + } + + Context "Attribute" { + + It "Get RADIUS Server with one attribute (auth_type)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -attribute auth_type + @($radius).count | Should -Be 1 + $radius.address | Should -BeNullOrEmpty + $radius.auth_type | Should -Not -BeNullOrEmpty + } + + It "Get RADIUS Server with two attributes (auth_type, timeout)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -attribute auth_type,timeout + @($radius).count | Should -Be 1 + $radius.address | Should -BeNullOrEmpty + $radius.auth_type | Should -Be "pap" + $radius.timeout | Should -Be 15 + } + + It "Get RADIUS Server with three attributes (auth_type, timeout, retries)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -attribute auth_type,timeout,retries + @($radius).count | Should -Be 1 + $radius.address | Should -BeNullOrEmpty + $radius.auth_type | Should -Be "pap" + $radius.timeout | Should -Be 15 + $radius.retries | Should -Be 1 + } + + } + + Context "Search" { + It "Search RADIUS Server by address ($pester_radius_address)" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + @($radius).count | Should -Be 1 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + } + } + + AfterAll { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Remove-ArubaCXRadiusServer -confirm:$false + } +} + +Describe "Add RADIUS Server" { + + AfterEach { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Remove-ArubaCXRadiusServer -confirm:$false -ErrorAction SilentlyContinue + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group)" { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be $null + $radius.passkey | Should -Be $null + $radius.tracking_enable | Should -Be $false + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group, and a timeout)" { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be 10 + $radius.passkey | Should -Be $null + $radius.tracking_enable | Should -Be $false + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey and tracking_enable)" { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be 10 + $radius.passkey | Should -Not -BeNullOrEmpty + $radius.tracking_enable | Should -Be $true + } + + It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey, tracking_enable, and clearpass username)" { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable -cppm_user_id PowerArubaCX -cppm_password Example + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 + $radius.address | Should -Be $pester_radius_address + $radius.port | Should -Be $pester_radius_port + $radius.group.radius | Should -Be "@{group_name=radius; group_type=radius; origin=built-in}" + $radius.default_group_priority | Should -Be 1 + $radius.timeout | Should -Be 10 + $radius.passkey | Should -Not -BeNullOrEmpty + $radius.tracking_enable | Should -Be $true + $radius.clearpass.user_id | Should -Be "PowerArubaCX" + $radius.clearpass.password | Should -Not -BeNullOrEmpty + } +} + +Describe "Configure RADIUS Server" { + BeforeAll { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 + } + + It "Change RADIUS Server default_group_priority" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -default_group_priority 10 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.default_group_priority | Should -Be 10 + } + + It "Change RADIUS Server timeout" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -timeout 10 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.timeout | Should -Be 10 + } + + It "Change RADIUS Server retries" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -retries 1 + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.retries | Should -Be 1 + } + + It "Change RADIUS Server tracking_enable (enable)" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -tracking_enable:$true + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.tracking_enable | Should -Be $true + } + + It "Change RADIUS Server tracking_enable (disable)" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -tracking_enable:$false + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.tracking_enable | Should -Be $false + } + + It "Change RADIUS ClearPass account" { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -cppm_user_id PowerArubaCX -cppm_password Example + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius.clearpass.user_id | Should -Be "PowerArubaCX" + $radius.clearpass.password | Should -Not -BeNullOrEmpty + } + + AfterAll { + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Remove-ArubaCXRadiusServer -confirm:$false + } +} + +Describe "Remove RADIUS Server" { + + BeforeEach { + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 + } + + It "Remove RADIUS Server $pester_radius_address by address and port" { + Remove-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -confirm:$false + $radius = Get-ArubaCXRadiusServer + $radius.$pester_radius_address | Should -Be $NULL + } + + It "Remove RADIUS Server $pester_radius_address by pipeline" { + $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port + $radius | Remove-ArubaCXRadiusServer -confirm:$false + $radius = Get-ArubaCXRadiusServer + $radius.$pester_radius_address | Should -Be $NULL + } + +} + +Disconnect-ArubaCX -confirm:$false \ No newline at end of file From c299d7b0595f8fe5ed14437cf18478e258c6ff11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 2 Dec 2021 13:47:58 +0100 Subject: [PATCH 7/8] Remove whitespace and add securestring for password --- PowerArubaCX/Public/Radius.ps1 | 10 +++++----- Tests/integration/Radius.Tests.ps1 | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/PowerArubaCX/Public/Radius.ps1 b/PowerArubaCX/Public/Radius.ps1 index 54f13ae..5c52ede 100644 --- a/PowerArubaCX/Public/Radius.ps1 +++ b/PowerArubaCX/Public/Radius.ps1 @@ -1,4 +1,4 @@ -# +# # Copyright 2021, Cédric Moreau # # SPDX-License-Identifier: Apache-2.0 @@ -45,7 +45,7 @@ function Add-ArubaCXRadiusServer { [Parameter (Mandatory = $false)] [string]$cppm_user_id, [Parameter (Mandatory = $false)] - [string]$cppm_password, + [SecureString]$cppm_password, [Parameter (Mandatory = $false)] [int]$timeout, [Parameter (Mandatory = $false)] @@ -75,7 +75,7 @@ function Add-ArubaCXRadiusServer { $_radius | add-member -name "port" -membertype NoteProperty -Value $port $_radius | add-member -name "vrf" -membertype NoteProperty -Value ("/rest/" + $($connection.version) + "/system/vrfs/" + $vrf) - + $_radius | add-member -name "default_group_priority" -membertype NoteProperty -Value $default_group_priority $_group = @() @@ -271,7 +271,7 @@ function Set-ArubaCXRadiusServer { [Parameter (Mandatory = $false)] [string]$cppm_user_id, [Parameter (Mandatory = $false)] - [string]$cppm_password, + [SecureString]$cppm_password, [Parameter (Mandatory = $false)] [int]$timeout = 10, [Parameter (Mandatory = $false)] @@ -424,4 +424,4 @@ function Remove-ArubaCXRadiusServer { End { } -} \ No newline at end of file +} \ No newline at end of file diff --git a/Tests/integration/Radius.Tests.ps1 b/Tests/integration/Radius.Tests.ps1 index 1745fc9..511c525 100644 --- a/Tests/integration/Radius.Tests.ps1 +++ b/Tests/integration/Radius.Tests.ps1 @@ -1,4 +1,4 @@ -# +# # Copyright 2020, Cédric Moreau # # SPDX-License-Identifier: Apache-2.0 From 4c7a999fac75e2a8c8157c18c68a514c19b6ddfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 2 Dec 2021 14:59:57 +0100 Subject: [PATCH 8/8] Clean state --- PowerArubaCX/Public/Radius.ps1 | 6 ++++-- Tests/integration/Radius.Tests.ps1 | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/PowerArubaCX/Public/Radius.ps1 b/PowerArubaCX/Public/Radius.ps1 index 5c52ede..f544a09 100644 --- a/PowerArubaCX/Public/Radius.ps1 +++ b/PowerArubaCX/Public/Radius.ps1 @@ -23,6 +23,7 @@ function Add-ArubaCXRadiusServer { Add RADIUS Server with ip 192.2.0.1 and port 1812 in RADIUS group PowerArubaCX with timeout set to 10 and passkey as ExampleRADIUS #> + [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingUsernameAndPasswordParams", "")] Param( [Parameter (Mandatory = $true)] [string]$address, @@ -45,7 +46,7 @@ function Add-ArubaCXRadiusServer { [Parameter (Mandatory = $false)] [string]$cppm_user_id, [Parameter (Mandatory = $false)] - [SecureString]$cppm_password, + [String]$cppm_password, [Parameter (Mandatory = $false)] [int]$timeout, [Parameter (Mandatory = $false)] @@ -247,6 +248,7 @@ function Set-ArubaCXRadiusServer { Configure passkey, timeout, tacking enable and user group priority on RADIUS Server #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingUsernameAndPasswordParams", "")] Param( [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ID")] [ValidateScript( { Confirm-ArubaCXRadiusServer $_ })] @@ -271,7 +273,7 @@ function Set-ArubaCXRadiusServer { [Parameter (Mandatory = $false)] [string]$cppm_user_id, [Parameter (Mandatory = $false)] - [SecureString]$cppm_password, + [String]$cppm_password, [Parameter (Mandatory = $false)] [int]$timeout = 10, [Parameter (Mandatory = $false)] diff --git a/Tests/integration/Radius.Tests.ps1 b/Tests/integration/Radius.Tests.ps1 index 511c525..eca2394 100644 --- a/Tests/integration/Radius.Tests.ps1 +++ b/Tests/integration/Radius.Tests.ps1 @@ -172,7 +172,8 @@ Describe "Add RADIUS Server" { } It "Add RADIUS Server $pester_radius_address (with only an address and a port, a group and a default priority for the group, a timeout, a passkey, tracking_enable, and clearpass username)" { - Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable -cppm_user_id PowerArubaCX -cppm_password Example + $password = ConvertTo-SecureString Example -AsPlainText -Force + Add-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -group radius -default_group_priority 1 -timeout 10 -passkey PowerArubaCX -tracking_enable -cppm_user_id PowerArubaCX -cppm_password $password $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port -depth 2 $radius.address | Should -Be $pester_radius_address $radius.port | Should -Be $pester_radius_port @@ -222,7 +223,8 @@ Describe "Configure RADIUS Server" { } It "Change RADIUS ClearPass account" { - Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -cppm_user_id PowerArubaCX -cppm_password Example + $password = ConvertTo-SecureString Example -AsPlainText -Force + Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port | Set-ArubaCXRadiusServer -cppm_user_id PowerArubaCX -cppm_password $password $radius = Get-ArubaCXRadiusServer -address $pester_radius_address -port $pester_radius_port $radius.clearpass.user_id | Should -Be "PowerArubaCX" $radius.clearpass.password | Should -Not -BeNullOrEmpty