New-RubrikAPIToken returns Invoke-WebRequest : Request needs authentication!

[MahdiEslami]

Current Behavior: When using Connect-Rubrik and Toekn to conenct to Rubrik cluster and trying to create new Token in same session, The command New-RubrikAPIToken fails and returns "Invoke-WebRequest : Request needs authentication!"

Provide information about the failure by issuing the command using the -Verbose command. Ensure that any identifiable information (server names, tokens, passwords) is removed from your logs before sharing this on GitHub.

1) $RubrikAPIToken = Get-AzKeyVaultSecret -VaultName $AKV -Name $SecretName -AsPlainText 2) Connect-Rubrik -Server $RubrikClusterName -Token $RubrikAPIToken (Successfull) 3) Get-RubrikAPIToken -Verbose (Sucessfull) 4) New-RubrikAPIToken -Tag "TestToken-01" -Expiration 100 -Verbose (ERROR)

Paste the verbose output from the command here

New-RubrikAPIToken -Tag "TestToken-01" -Expiration 100 -Verbose VERBOSE: Validate the Rubrik token exists VERBOSE: Found a Rubrik token for authentication VERBOSE: Gather API Data for New-RubrikAPIToken VERBOSE: Selected 5.0 API Data for New-RubrikAPIToken VERBOSE: Load API data for New-RubrikAPIToken VERBOSE: Description: Create an API Token VERBOSE: Build the URI VERBOSE: URI = https://rubrikcluster.mydomain.com/api/internal/session VERBOSE: Build the query parameters for VERBOSE: URI = https://rubrikcluster.mydomain.com/api/internal/session VERBOSE: Body = { "initParams": { "apiToken": { "tag": "TestToken-01", "expiration": 100 } } } VERBOSE: Submitting the request VERBOSE: Submitting "Post" request as "text/plain; charset=utf-8" VERBOSE: Invoking request with a custom timeout of 100 seconds VERBOSE: POST https://rubrikcluster.mydomain.com/api/internal/session with -1-byte payload Invoke-WebRequest : Request needs authentication! At C:\Users\UserName\Documents\WindowsPowerShell\Modules\Rubrik\Private\Invoke-RubrikWebRequest.ps1:36 char:23

• ... $result = Invoke-WebRequest -UseBasicParsing -TimeoutSec $rubrikOpt ...

• 
  + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
  + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Expected Behavior:

New-RubrikAPIToken uses curernt Token as authentication and don't requests authenticatino again.

Steps to Reproduce:

Please provide detailed steps for reproducing the issue.

1. Step 1 Connect-Rubrik -Server $RubrikClusterName -Token $RubrikAPIToken (Successfull)
2. Step 2 New-RubrikAPIToken -Tag "TestToken-01" -Expiration 100 -Verbose
3. Step 3 (and so on)

Context:

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• Rubrik PowerShell Module Version: Use Get-Module -ListAvailable Rubrik
• 6.0.1
• PowerShell Version: Use $PSVersiontable.PSVersion
• 5.1
• Operating System: Use $PSVersiontable.PSVersion on PowerShell 6 and later, use (Get-WMIObject win32_operatingsystem).Name for Windows PowerShell
• Microsoft Windows Server 2019

Failure Logs

Please include any relevant log snippets or files here, IMPORTANT all information will be visible publicly on GitHub. Do not include computer or user names, passwords, API tokens or any identifiable information when submitting failure logs.

[MahdiEslami]

.EXAMPLE New-RubrikAPIToken -Expiration 10080 -Tag "Dev Org Weekly Token" -OrganizationId "Organization:::11111111-2222-3333-4444-555555555555" This will generate a new API Token named "Dev Org Weekly Token" that lasts for 10080 minutes (7 days) in the organization matching id value "Organization:::11111111-2222-3333-4444-555555555555". This assumes that the current session that is requested the token has authority in that organization.

What authority or role is needed for New-RubrikAPIToken?

[supersjimmie]

We see the same issue here. Also tried with more direct API calls:

$$token = …(my current token)…
$headers = @{
         'Authorization' = "Bearer $($token)"
       }

$par = @{
       'initParams'= @{
         'apiToken'= @{
            'expiration'= '3600'
            'tag'= 'API Generated Token'
         }
       }
    }

Then use Get-RubrikUser to fetch my User_ID And then:

$res = invoke-webrequest -Headers $headers -Method POST -Uri "https://rubrika.mydomain.com/api/internal/session?user_id=...(user_ID)..." -Body $par

invoke-webrequest : Request needs authentication!

[gabriellus]

I'm attempting to use a Service Account (with Administrator Role), and have the same problem/error message. It is unlikely an authority issue.

[labradoe]

Any work around for this issue?

[ESOGenics]

I have ran into the same issue. I have tried passing creds several different ways. If you make the call manually using the api address and passing creds it will return the key. However, if you're using this powershell command it has the error.

VERBOSE: Validate the Rubrik token exists VERBOSE: Found a Rubrik token for authentication VERBOSE: Gather API Data for New-RubrikAPIToken VERBOSE: Selected 5.0 API Data for New-RubrikAPIToken VERBOSE: Load API data for New-RubrikAPIToken VERBOSE: Description: Create an API Token VERBOSE: Build the URI VERBOSE: URI = https://servername/api/internal/session VERBOSE: Build the query parameters for <null> VERBOSE: URI = https://servername/api/internal/session VERBOSE: Body = { "initParams": { "apiToken": { "tag": "1 Day Token", "expiration": 1440 } } } VERBOSE: Submitting the request VERBOSE: Submitting "Post" request as "text/plain; charset=utf-8" VERBOSE: Invoking request with a custom timeout of 100 seconds VERBOSE: POST with -1-byte payload