search

rubrikinc / rubrik-sdk-for-powershell

Rubrik Module for PowerShell
https://build.rubrik.com/sdks/powershell/
MIT License
102 stars 87 forks source link

`Disconnect-Rubrik` does not support Service Accounts #821

Closed benwa closed 1 year ago

benwa commented 1 year ago

Current Behavior:

The Disconnect-Rubrik command does not properly delete the session when using a Service Account

PS>$Server = 'REDACTED'
PS>$Id = 'REDACTED'
PS>$Secret = 'REDACTED'
PS>Import-Module Rubrik -Verbose
VERBOSE: Loading module from path 'REDACTED\Documents\PowerShell\Modules\Rubrik\6.0.1\Rubrik.psd1'.
VERBOSE: Importing function 'Connect-Rubrik'.
VERBOSE: Importing function 'Disconnect-Rubrik'.
VERBOSE: Importing function 'Export-RubrikDatabase'.
VERBOSE: Importing function 'Export-RubrikReport'.
VERBOSE: Importing function 'Export-RubrikVApp'.
VERBOSE: Importing function 'Export-RubrikVCDTemplate'.
VERBOSE: Importing function 'Export-RubrikVM'.
VERBOSE: Importing function 'Find-RubrikFile'.
VERBOSE: Importing function 'Get-RubrikAPIToken'.
VERBOSE: Importing function 'Get-RubrikAPIVersion'.
VERBOSE: Importing function 'Get-RubrikArchive'.
VERBOSE: Importing function 'Get-RubrikAvailabilityGroup'.
VERBOSE: Importing function 'Get-RubrikBackupServiceDeployment'.
VERBOSE: Importing function 'Get-RubrikBlackout'.
VERBOSE: Importing function 'Get-RubrikBootStrap'.
VERBOSE: Importing function 'Get-RubrikClusterInfo'.
VERBOSE: Importing function 'Get-RubrikClusterNetworkInterface'.
VERBOSE: Importing function 'Get-RubrikClusterStorage'.
VERBOSE: Importing function 'Get-RubrikClusterUpgradeHistory'.
VERBOSE: Importing function 'Get-RubrikDatabase'.
VERBOSE: Importing function 'Get-RubrikDatabaseDownloadLink'.
VERBOSE: Importing function 'Get-RubrikDatabaseFiles'.
VERBOSE: Importing function 'Get-RubrikDatabaseMount'.
VERBOSE: Importing function 'Get-RubrikDatabaseRecoverableRange'.
VERBOSE: Importing function 'Get-RubrikDatabaseRecoveryPoint'.
VERBOSE: Importing function 'Get-RubrikDebugInfo'.
VERBOSE: Importing function 'Get-RubrikDNSSetting'.
VERBOSE: Importing function 'Get-RubrikDownloadLink'.
VERBOSE: Importing function 'Get-RubrikEmailSetting'.
VERBOSE: Importing function 'Get-RubrikEvent'.
VERBOSE: Importing function 'Get-RubrikEventSeries'.
VERBOSE: Importing function 'Get-RubrikFileset'.
VERBOSE: Importing function 'Get-RubrikFilesetTemplate'.
VERBOSE: Importing function 'Get-RubrikGuestOSCredential'.
VERBOSE: Importing function 'Get-RubrikHost'.
VERBOSE: Importing function 'Get-RubrikHostVolume'.
VERBOSE: Importing function 'Get-RubrikHvmFormatAutoUpgrade'.
VERBOSE: Importing function 'Get-RubrikHvmFormatClusterStorage'.
VERBOSE: Importing function 'Get-RubrikHvmFormatReport'.
VERBOSE: Importing function 'Get-RubrikHvmFormatUpgradeReport'.
VERBOSE: Importing function 'Get-RubrikHyperVHost'.
VERBOSE: Importing function 'Get-RubrikHyperVMount'.
VERBOSE: Importing function 'Get-RubrikHyperVVM'.
VERBOSE: Importing function 'Get-RubrikIPMI'.
VERBOSE: Importing function 'Get-RubrikLDAP'.
VERBOSE: Importing function 'Get-RubrikLoginBanner'.
VERBOSE: Importing function 'Get-RubrikLogShipping'.
VERBOSE: Importing function 'Get-RubrikManagedVolume'.
VERBOSE: Importing function 'Get-RubrikManagedVolumeExport'.
VERBOSE: Importing function 'Get-RubrikModuleDefaultParameter'.
VERBOSE: Importing function 'Get-RubrikModuleOption'.
VERBOSE: Importing function 'Get-RubrikMount'.
VERBOSE: Importing function 'Get-RubrikNASShare'.
VERBOSE: Importing function 'Get-RubrikNetworkThrottle'.
VERBOSE: Importing function 'Get-RubrikNfsArchive'.
VERBOSE: Importing function 'Get-RubrikNode'.
VERBOSE: Importing function 'Get-RubrikNotificationSetting'.
VERBOSE: Importing function 'Get-RubrikNTPServer'.
VERBOSE: Importing function 'Get-RubrikNutanixCluster'.
VERBOSE: Importing function 'Get-RubrikNutanixVM'.
VERBOSE: Importing function 'Get-RubrikObject'.
VERBOSE: Importing function 'Get-RubrikObjectStoreArchive'.
VERBOSE: Importing function 'Get-RubrikOracleDB'.
VERBOSE: Importing function 'Get-RubrikOrganization'.
VERBOSE: Importing function 'Get-RubrikOrgAuthorization'.
VERBOSE: Importing function 'Get-RubrikProxySetting'.
VERBOSE: Importing function 'Get-RubrikQstarArchive'.
VERBOSE: Importing function 'Get-RubrikReplicationSource'.
VERBOSE: Importing function 'Get-RubrikReplicationTarget'.
VERBOSE: Importing function 'Get-RubrikReport'.
VERBOSE: Importing function 'Get-RubrikReportData'.
VERBOSE: Importing function 'Get-RubrikRequest'.
VERBOSE: Importing function 'Get-RubrikScvmm'.
VERBOSE: Importing function 'Get-RubrikSecurityClassification'.
VERBOSE: Importing function 'Get-RubrikSetting'.
VERBOSE: Importing function 'Get-RubrikSLA'.
VERBOSE: Importing function 'Get-RubrikSmbDomain'.
VERBOSE: Importing function 'Get-RubrikSmbSecurity'.
VERBOSE: Importing function 'Get-RubrikSnapshot'.
VERBOSE: Importing function 'Get-RubrikSNMPSetting'.
VERBOSE: Importing function 'Get-RubrikSoftwareVersion'.
VERBOSE: Importing function 'Get-RubrikSQLInstance'.
VERBOSE: Importing function 'Get-RubrikSupportTunnel'.
VERBOSE: Importing function 'Get-RubrikSyslogServer'.
VERBOSE: Importing function 'Get-RubrikUnmanagedObject'.
VERBOSE: Importing function 'Get-RubrikUser'.
VERBOSE: Importing function 'Get-RubrikUserRole'.
VERBOSE: Importing function 'Get-RubrikVApp'.
VERBOSE: Importing function 'Get-RubrikVAppExportOption'.
VERBOSE: Importing function 'Get-RubrikVAppRecoverOption'.
VERBOSE: Importing function 'Get-RubrikVAppSnapshot'.
VERBOSE: Importing function 'Get-RubrikVCD'.
VERBOSE: Importing function 'Get-RubrikVCDTemplateExportOption'.
VERBOSE: Importing function 'Get-RubrikVCenter'.
VERBOSE: Importing function 'Get-RubrikVersion'.
VERBOSE: Importing function 'Get-RubrikVgfAutoUpgrade'.
VERBOSE: Importing function 'Get-RubrikVgfClusterStorage'.
VERBOSE: Importing function 'Get-RubrikVgfReport'.
VERBOSE: Importing function 'Get-RubrikVgfUpgradeReport'.
VERBOSE: Importing function 'Get-RubrikVM'.
VERBOSE: Importing function 'Get-RubrikVMSnapshot'.
VERBOSE: Importing function 'Get-RubrikVMwareCluster'.
VERBOSE: Importing function 'Get-RubrikVMwareDatacenter'.
VERBOSE: Importing function 'Get-RubrikVMwareDatastore'.
VERBOSE: Importing function 'Get-RubrikVMwareHost'.
VERBOSE: Importing function 'Get-RubrikVolumeGroup'.
VERBOSE: Importing function 'Get-RubrikVolumeGroupMount'.
VERBOSE: Importing function 'Invoke-RubrikGraphQLCall'.
VERBOSE: Importing function 'Invoke-RubrikHvmFormatUpgrade'.
VERBOSE: Importing function 'Invoke-RubrikRESTCall'.
VERBOSE: Importing function 'Invoke-RubrikVgfUpgrade'.
VERBOSE: Importing function 'Move-RubrikMountVMDK'.
VERBOSE: Importing function 'New-RubrikAPIToken'.
VERBOSE: Importing function 'New-RubrikBootStrap'.
VERBOSE: Importing function 'New-RubrikDatabaseMount'.
VERBOSE: Importing function 'New-RubrikFileset'.
VERBOSE: Importing function 'New-RubrikFilesetTemplate'.
VERBOSE: Importing function 'New-RubrikHost'.
VERBOSE: Importing function 'New-RubrikHyperVVMMount'.
VERBOSE: Importing function 'New-RubrikLDAP'.
VERBOSE: Importing function 'New-RubrikLogBackup'.
VERBOSE: Importing function 'New-RubrikLogShipping'.
VERBOSE: Importing function 'New-RubrikManagedVolume'.
VERBOSE: Importing function 'New-RubrikManagedVolumeExport'.
VERBOSE: Importing function 'New-RubrikMount'.
VERBOSE: Importing function 'New-RubrikNASShare'.
VERBOSE: Importing function 'New-RubrikOrganization'.
VERBOSE: Importing function 'New-RubrikReport'.
VERBOSE: Importing function 'New-RubrikSLA'.
VERBOSE: Importing function 'New-RubrikSnapshot'.
VERBOSE: Importing function 'New-RubrikUser'.
VERBOSE: Importing function 'New-RubrikVCenter'.
VERBOSE: Importing function 'New-RubrikVMDKMount'.
VERBOSE: Importing function 'New-RubrikVolumeGroupMount'.
VERBOSE: Importing function 'Protect-RubrikDatabase'.
VERBOSE: Importing function 'Protect-RubrikFileset'.
VERBOSE: Importing function 'Protect-RubrikHyperVVM'.
VERBOSE: Importing function 'Protect-RubrikNutanixVM'.
VERBOSE: Importing function 'Protect-RubrikTag'.
VERBOSE: Importing function 'Protect-RubrikVApp'.
VERBOSE: Importing function 'Protect-RubrikVM'.
VERBOSE: Importing function 'Protect-RubrikVolumeGroup'.
VERBOSE: Importing function 'Register-RubrikBackupService'.
VERBOSE: Importing function 'Remove-RubrikAPIToken'.
VERBOSE: Importing function 'Remove-RubrikDatabaseMount'.
VERBOSE: Importing function 'Remove-RubrikDatabaseSnapshots'.
VERBOSE: Importing function 'Remove-RubrikFileset'.
VERBOSE: Importing function 'Remove-RubrikFilesetSnapshot'.
VERBOSE: Importing function 'Remove-RubrikFilesetTemplate'.
VERBOSE: Importing function 'Remove-RubrikHost'.
VERBOSE: Importing function 'Remove-RubrikHyperVMount'.
VERBOSE: Importing function 'Remove-RubrikHyperVSnapshot'.
VERBOSE: Importing function 'Remove-RubrikLogShipping'.
VERBOSE: Importing function 'Remove-RubrikManagedVolume'.
VERBOSE: Importing function 'Remove-RubrikManagedVolumeExport'.
VERBOSE: Importing function 'Remove-RubrikManagedVolumeSnapshot'.
VERBOSE: Importing function 'Remove-RubrikModuleDefaultParameter'.
VERBOSE: Importing function 'Remove-RubrikMount'.
VERBOSE: Importing function 'Remove-RubrikNASShare'.
VERBOSE: Importing function 'Remove-RubrikNutanixVMSnapshot'.
VERBOSE: Importing function 'Remove-RubrikOrganization'.
VERBOSE: Importing function 'Remove-RubrikOrgAuthorization'.
VERBOSE: Importing function 'Remove-RubrikProxySetting'.
VERBOSE: Importing function 'Remove-RubrikReport'.
VERBOSE: Importing function 'Remove-RubrikSLA'.
VERBOSE: Importing function 'Remove-RubrikUnmanagedObject'.
VERBOSE: Importing function 'Remove-RubrikUser'.
VERBOSE: Importing function 'Remove-RubrikVCenter'.
VERBOSE: Importing function 'Remove-RubrikVMSnapshot'.
VERBOSE: Importing function 'Remove-RubrikVolumeGroupMount'.
VERBOSE: Importing function 'Remove-RubrikVolumeGroupSnapshot'.
VERBOSE: Importing function 'Reset-RubrikLogShipping'.
VERBOSE: Importing function 'Restore-RubrikDatabase'.
VERBOSE: Importing function 'Restore-RubrikVApp'.
VERBOSE: Importing function 'Resume-RubrikSLA'.
VERBOSE: Importing function 'Set-RubrikAvailabilityGroup'.
VERBOSE: Importing function 'Set-RubrikBlackout'.
VERBOSE: Importing function 'Set-RubrikDatabase'.
VERBOSE: Importing function 'Set-RubrikHvmFormatAutoUpgrade'.
VERBOSE: Importing function 'Set-RubrikHyperVVM'.
VERBOSE: Importing function 'Set-RubrikLogShipping'.
VERBOSE: Importing function 'Set-RubrikManagedVolume'.
VERBOSE: Importing function 'Set-RubrikModuleDefaultParameter'.
VERBOSE: Importing function 'Set-RubrikModuleOption'.
VERBOSE: Importing function 'Set-RubrikMount'.
VERBOSE: Importing function 'Set-RubrikNASShare'.
VERBOSE: Importing function 'Set-RubrikNutanixVM'.
VERBOSE: Importing function 'Set-RubrikOrgAuthorization'.
VERBOSE: Importing function 'Set-RubrikProxySetting'.
VERBOSE: Importing function 'Set-RubrikReport'.
VERBOSE: Importing function 'Set-RubrikSetting'.
VERBOSE: Importing function 'Set-RubrikSLA'.
VERBOSE: Importing function 'Set-RubrikSQLInstance'.
VERBOSE: Importing function 'Set-RubrikSupportTunnel'.
VERBOSE: Importing function 'Set-RubrikUser'.
VERBOSE: Importing function 'Set-RubrikUserRole'.
VERBOSE: Importing function 'Set-RubrikVCD'.
VERBOSE: Importing function 'Set-RubrikVCenter'.
VERBOSE: Importing function 'Set-RubrikVgfAutoUpgrade'.
VERBOSE: Importing function 'Set-RubrikVM'.
VERBOSE: Importing function 'Set-RubrikVolumeFilterDriver'.
VERBOSE: Importing function 'Start-RubrikDownload'.
VERBOSE: Importing function 'Start-RubrikManagedVolumeSnapshot'.
VERBOSE: Importing function 'Stop-RubrikManagedVolumeSnapshot'.
VERBOSE: Importing function 'Suspend-RubrikSLA'.
VERBOSE: Importing function 'Sync-RubrikAnnotation'.
VERBOSE: Importing function 'Sync-RubrikTag'.
VERBOSE: Importing function 'Test-RubrikSnapshotVerification'.
VERBOSE: Importing function 'Update-RubrikHost'.
VERBOSE: Importing function 'Update-RubrikNutanixCluster'.
VERBOSE: Importing function 'Update-RubrikVCD'.
VERBOSE: Importing function 'Update-RubrikVCenter'.
VERBOSE: Importing function 'Update-RubrikVMwareVM'.
VERBOSE: Importing alias 'New-RubrikModuleDefaultParameter'.
VERBOSE: Importing alias 'Pause-RubrikSLA'.

PS>Connect-Rubrik -Server $Server -Id $Id -Secret $Secret -Verbose
VERBOSE: Gather API Data for Connect-Rubrik
VERBOSE: Selected 3.0 API Data for Connect-Rubrik
VERBOSE: Load API data for Connect-Rubrik
VERBOSE: Description: Create a new login session
VERBOSE: Using User Agent RubrikPowerShellSDK-6.0.1--7.2.7--platform--Win32NT--platform_version--Microsoft Windows 10.0.22621
VERBOSE: POST with 174-byte payload
VERBOSE: received 549-byte response of content type application/json
VERBOSE: Content encoding: utf-8
VERBOSE: Storing all connection details into $global:rubrikConnection
VERBOSE: Gather API Data for Get-RubrikAPIVersion
VERBOSE: Selected 1.0 API Data for Get-RubrikAPIVersion
VERBOSE: Load API data for Get-RubrikAPIVersion
VERBOSE: Description: Retrieves software version of the Rubrik cluster
VERBOSE: Build the URI
VERBOSE: URI = https://REDACTED/api/v1/cluster/me/api_version
VERBOSE: Build the query parameters for <null>
VERBOSE: URI = https://REDACTED/api/v1/cluster/me/api_version
VERBOSE: Submitting the request
VERBOSE: Invoking request with a custom timeout of 100 seconds
VERBOSE: GET with 0-byte payload
VERBOSE: received 18-byte response of content type application/json
VERBOSE: Received HTTP Status 200
VERBOSE: Formatting return value
VERBOSE: Filter the results
VERBOSE: Gather API Data for Get-RubrikSoftwareVersion
VERBOSE: Selected 1.0 API Data for Get-RubrikSoftwareVersion
VERBOSE: Load API data for Get-RubrikSoftwareVersion
VERBOSE: Description: Retrieves software version of the Rubrik cluster
VERBOSE: Build the URI
VERBOSE: URI = https://REDACTED/api/v1/cluster/me/version
VERBOSE: Build the query parameters for <null>
VERBOSE: URI = https://REDACTED/api/v1/cluster/me/version
VERBOSE: Submitting the request
VERBOSE: Invoking request with a custom timeout of 100 seconds
VERBOSE: GET with 0-byte payload
VERBOSE: received 28-byte response of content type application/json
VERBOSE: Received HTTP Status 200
VERBOSE: Formatting return value
VERBOSE: Filter the results
VERBOSE: Adding connection details into the $global:RubrikConnections array

Name                           Value
----                           -----
header                         {Authorization, User-Agent}
api                            1
time                           11/10/2022 9:03:39 AM
authType                       ServiceAccount
version                        8.0.1-p1-22135
server                         REDACTED
userId
id

PS>Get-RubrikDebugInfo -Verbose
VERBOSE: Populating RepositorySourceLocation property for module Rubrik.

PSVersion                     : 7.2.7
PSEdition                     : Core
GitCommitId                   : 7.2.7
OS                            : Microsoft Windows 10.0.22621
Platform                      : Win32NT
PSCompatibleVersions          : {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion     : 2.3
SerializationVersion          : 1.1.0.1
WSManStackVersion             : 3.0
HostConsoleName               : ConsoleHost
HostConsoleVersion            : 7.2.7
HostCulture                   : en-US
HostCultureUI                 : en-US
RubrikConnection              : True
UserAgentString               : RubrikPowerShellSDK-6.0.1--7.2.7--platform--Win32NT--platform_version--Microsoft Windows 10.0.22621
RubrikAuthentication          : Bearer
RubrikClusterVersion          : 8.0.1-p1-22135
RubrikCurrentModuleVersion    : 6.0.1
RubrikInstalledModule         : 6.0.1
RubrikModuleOptions           : ApplyCustomViewDefinitions = True; CredentialPath = ; DefaultWebRequestTimeOut = 100
RubrikModuleDefaultParameters : 

PS>Disconnect-Rubrik -Verbose
VERBOSE: Validate the Rubrik token exists
VERBOSE: Found a Rubrik token for authentication
VERBOSE: Gather API Data for Disconnect-Rubrik
VERBOSE: Selected 1.0 API Data for Disconnect-Rubrik
VERBOSE: Load API data for Disconnect-Rubrik
VERBOSE: Description: Closes a user session and invalidates the session token
VERBOSE: Build the URI
VERBOSE: URI = https://REDACTED/api/v1/session/me
VERBOSE: Build the query parameters for <null>
VERBOSE: URI = https://REDACTED/api/v1/session/me
VERBOSE: List of set parameters: [Verbose, True]
VERBOSE: Build the body parameters
VERBOSE: No body for this request
VERBOSE: Submitting the request
VERBOSE: Invoking request with a custom timeout of 100 seconds
VERBOSE: DELETE with 0-byte payload
VERBOSE: received 77-byte response of content type text/plain
>> TerminatingError(Invoke-WebRequest): "{"message":"User unavailable: userId = REDACTED"}"
>> TerminatingError(Invoke-WebRequest): "{"message":"User unavailable: userId = REDACTED"}"
WARNING: User unavailable: userId = REDACTED
PS>TerminatingError(): "Response status code does not indicate success: 404 (Not Found)."
>> TerminatingError(): "Response status code does not indicate success: 404 (Not Found)."
>> TerminatingError(): "Response status code does not indicate success: 404 (Not Found)."
Response status code does not indicate success: 404 (Not Found).

OperationStopped: REDACTED\Documents\PowerShell\Modules\Rubrik\6.0.1\Private\Submit-Request.ps1:133
Line |
 133 |                          throw $_.Exception
     |                          ~~~~~~~~~~~~~~~~~~
     | Response status code does not indicate success: 404 (Not Found).

Expected Behavior: The session is properly terminated Steps to Reproduce:

Please provide detailed steps for reproducing the issue.

  1. Create a Service Account
  2. Use Connect-Rubrik with the Service Account's credentials
  3. Try to use Disconnect-Rubrik

Context:

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

Please include any relevant log snippets or files here, IMPORTANT all information will be visible publicly on GitHub. Do not include computer or user names, passwords, API tokens or any identifiable information when submitting failure logs.

benwa commented 1 year ago

After digging in with Rubrik engineers, we've determined that this is a bug in CDM, not the PowerShell SDK. It relates to the Service Account not having permissions to close its own session if it does not have the AdministratorRole assigned.