Closed bhumitra closed 1 week ago
Could we do this?
Function Request-vROPSToken {
Param (
[Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$fqdn,
[Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$username,
[Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$password,
[Parameter (Mandatory = $false)] [ValidateSet("LOCAL", "vIDMAuthSource")] [String]$authSource = "LOCAL"
)
if ( -not $PsBoundParameters.ContainsKey("username") -or ( -not $PsBoundParameters.ContainsKey("password"))) {
$creds = Get-Credential # Request Credentials
$username = $creds.UserName.ToString()
$password = $creds.GetNetworkCredential().password
}
Try {
$Global:vropsAppliance = $fqdn
$Global:vropsHeaders = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$vropsHeaders.Add("Accept", "application/json")
$vropsHeaders.Add("Content-Type", "application/json")
$uri = "https://$vropsAppliance/suite-api/api/auth/token/acquire"
$body = "{
`n `"username`" : `"$username`",
`n `"authSource`" : `"$authSource`",
`n `"password`" : `"$password`"
`n}"
if ($PSEdition -eq 'Core') {
$vropsResponse = Invoke-RestMethod -Uri $uri -Method 'POST' -Headers $vropsHeaders -Body $body -SkipCertificateCheck # PS Core has -SkipCertificateCheck implemented, PowerShell 5.x does not
} else {
$vropsResponse = Invoke-RestMethod -Uri $uri -Method 'POST' -Headers $vropsHeaders -Body $body
}
if ($vropsResponse.token) {
$vropsHeaders.Add("Authorization", "vRealizeOpsToken " + $vropsResponse.token)
Write-Output "Successfully connected to VMware Aria Operations: $vropsAppliance"
}
} Catch {
Write-Error $_.Exception.Message
}
}
And then:
Function Test-vROPSAuthentication {
Param (
[Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$server,
[Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$user,
[Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$pass,
[Parameter (Mandatory = $false)] [ValidateSet("LOCAL", "vIDMAuthSource")] [String]$authSource = "LOCAL"
)
Remove-Item variable:vropsHeaders -Force -Confirm:$false -ErrorAction Ignore
Try {
Request-vROPSToken -fqdn $server -username $user -password $pass -authSource $authSource | Out-Null
if ($vropsHeaders.Authorization) {
$vropsAuthentication = $True
Return $vropsAuthentication
} else {
Write-Error "Unable to obtain access token from VMware Aria Operations ($server), check credentials: PRE_VALIDATION_FAILED"
$vropsAuthentication = $False
Return $vropsAuthentication
}
} Catch {
# Do Nothing
}
}
That may address the requirement with no breaking changes.
Code of Conduct
VMware Cloud Foundation
5.1
Module Version
2.9
PowerShell Version
7.2
PowerCLI Version
v13.1.0
PowerVCF Version
2.4.1
Guest Operating System
Windows Server 2019
Environment Details
No response
Description
Current implementation of Function
Test-vROPSAuthentication
which callsRequest-vROPSToken
uses LOCAL authSource when generating authentication json.Test-vROPSAuthentication fails if we try to use AD user to authenticate it. e.g. - if username is svc-hrm-vrops@sfo.rainpole.io it wont work with local authsource.
Error or Debug Output
Test-vROPSAuthentication: Unable to obtain access token from VMware Aria Operations (xint-vrops01.rainpole.io), check credentials: PRE_VALIDATION_FAILED
Expected Behavior
User should be able to authenticate.
Actual Behavior
NA
Steps to Reproduce
Run Test-vROPSAuthentication
Log Fragments and Files
No response
Screenshots
No response
References
No response