search

insomniacc / PSSnow

A powershell module for interacting with the ServiceNow REST API
GNU General Public License v3.0
41 stars 9 forks source link

Doesnt work behind corporate firewall. #53

Closed zpersichetti12 closed 1 year ago

zpersichetti12 commented 1 year ago

Describe the bug Doesnt work behind corporate firewall

To Reproduce Steps to reproduce the behavior:

  1. Import-Module
  2. Set-SNOWAuth -Instance "dev123456" -Credential (get-credential)

Can basically fix it by adding a check for corporate firewall then using default credentials / input credentials. https://bycode.dev/2019/08/22/how-to-use-powershell-invoke-webrequest-behind-corporate-proxy/

Example: `

if([String]::IsNullOrWhiteSpace($Instance)){
    Write-Error "Instance cannot be an empty string" -ErrorAction stop
}

if($instance -like "https://*"){
    $instance = $instance.replace('https://','')
}

if($instance -like "*.service-now.com*"){
    $instance = $instance.split('.') | Select-Object -first 1
}

$dest = "https://registry.npmjs.org/express"
$proxy = ([System.Net.WebRequest]::GetSystemWebproxy()).GetProxy($dest)

#? Aliveness/Hibernation check for developer instances
$response = Invoke-WebRequest -Uri "https://$Instance.service-now.com/stats.do" -ErrorAction Stop -Verbose:$false -UseBasicParsing -Proxy $proxy -ProxyUseDefaultCredentials
if($response -and $response.content -like "*Instance Hibernating page*"){
    Throw "This servicenow instance is hibernating. Please wake the instance up and use $($PSCmdlet.MyInvocation.MyCommand.Name) again."
}

`

zpersichetti12 commented 1 year ago

I think that may be the only place it needs to be set? Once set there, it seems to carry over and work in CRUD functions (at least the get/sets that Ive tested).

insomniacc commented 1 year ago

Sorry it's been a while since this was logged unfortunately haven't had a great deal of free time on my hands these past few weeks. I've just installed a proxy on my local network and will get this tested today & tomorrow!

While your tests worked after the intial auth was provided, I'm not sure it will carry between invoke-webrequest and invoke-restmethod, but either way I think the auth needs to be applied to every instance of those commands so that there's no chance it could drop for any reason.

I'll apply the code to all instances of those commands for now, but this will probably spawn another enhancement to clean up the code so that all commands use a underlying wrapper for those, but that's a more fundamental change that also ties in with the rate limiting feature.

insomniacc commented 1 year ago

I've added & tested this on the 'Rate-Limit-Handling' branch, it'll go into the next update along with some other features when I eventually merge that and publish the next version on PSGallery.

Essentially if you provide no additional changes to your existing commands, it should pickup the system proxy and use default credentials. However you can specify -ProxyURI and/or -ProxyCredential on Set-SNOWAuth if you want to supply those too as there's a potential need for some to configure those differently.