search

dell / iDRAC-Redfish-Scripting

Python and PowerShell scripting for Dell EMC PowerEdge iDRAC REST API with DMTF Redfish
GNU General Public License v2.0
598 stars 276 forks source link

Question: Credentials #221

Closed blazarmilkywayflybee closed 2 years ago

blazarmilkywayflybee commented 2 years ago

Hi @texroemer,

I was just wondering if there was a particular use case as to why all input credentials are strings instead of PSCredential objects?

texroemer commented 2 years ago

Hi @blazarmilkywayflybee

For all cmdlets, if you don't pass in arguments for iDRAC username and password, it will prompt you to pass this information which leverages Get-Credential.

Example:

image

Thanks Tex

blazarmilkywayflybee commented 2 years ago

I probably should have provided a little bit more context. I'm hoping to run this non-interactively against 50 odd servers, with differing credentials.

The issue is, even if I was to create the same logic in my wrapper function it would still require moving it back into plaintext to pass it into Invoke-CreateXauthTokenSessionREDFISH. (This might be my best option)

Ideally it would be nice to leverage PSCredential objects that can then be passed around. I'll create a pull for this module and show you what I'm thinking. One downside to this is it won't be as user friendly.

texroemer commented 2 years ago

Yes please send either pseudo code workflow or submit pull request for the solution you're looking for.

Would creating X-auth token variable work for your solution?

PS C:\> $R640_iDRAC_token = Invoke-CreateXauthTokenSessionREDFISH -idrac_ip 192.168.0.120 -create_x_auth_token_session y

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential

- PASS, new iDRAC token session successfully created

PS C:\> Invoke-CreateVirtualDiskREDFISH -idrac_ip 192.168.0.120 -x_auth_token $R640_iDRAC_token."X-Auth-Token" -get_storage_controllers y

- PASS, statuscode 200 returned successfully to get storage controller(s)

- Server controllers detected -

RAID.SL.3-1
AHCI.Embedded.2-1
AHCI.SL.6-1
AHCI.Embedded.1-1
blazarmilkywayflybee commented 2 years ago

That would be an option. I did want to avoid the plaintext, but it's kinda unavoidable.

Rather than reworking your code base I think the best option will be to just wrap this in a function and convert to plaintext. eg. Working with string passwords

function Example-Function {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string[]]$iDRAC_IP,
        [ValidateNotNull()]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty
    )

    $username = $Credential.UserName
    $password = $Credential.GetNetworkCredential().Password

    foreach ($ip in $iDRAC_IP) {
        # Obtain X-Auth-Token
        $token = Invoke-CreateXauthTokenSessionREDFISH -idrac_ip $ip -$idrac_username $username -$idrac_password $password -create_x_auth_token_session y

        # Using X-Auth-Token do required work

        # Dispose of X-Auth-Token
        Invoke-CreateXauthTokenSessionREDFISH -idrac_ip $ip -x_auth_token $($token.'X-Auth-Token') -delete_idrac_session $($token.'Location')
    }
}