Power shell modules connection manager #3
Conversation
To Domain Module: Cleaned up params. Removed pipelines. Cleaned up error handling. Added a few params.
Cleaned up params. Removed pipelines. Cleaned up error handling. Added a few params.
Cleaned up params. Removed pipelines. Cleaned up error handling.
Cleaned up params. Removed pipelines. Cleaned up error handling.
-Added new module for ConnMgr-Elastic Search. -Added new cmdlet ConnMgr-Main - Generate a Connection CSR. -Made tweaks to $body variables made them [ordered] for easier readability and predictability. -Tried out adding some enum to variables. Also employing ValidateSet param for parameters that are numbers or have dashes.
-Created Google Connection module -Found a bug in CMConnCSR cmdlet. Fixed
-Fixed a some typos. -Created new module for CM to DSM Connections.
-was copying copy from module to module and wanted to cleanup indentations on the help data -also added a few missing examples
-Also fixed some typos. -Remove private key demo from GCP Connection example
-Found errors in Elasticsearch Module due to using it as template for Loki.
-Added new module for adding Luna HSM Servers -Cleaned up some code in the Loki module. -Made some fixes to the Clear-CMRefreshTokens cmdlet to NOT delete web-ui tokens. -Added "ps_module" label to all tokens generated by the collections.
-Finished Luna HSM Connections (Partitions) module of API Playground -Added "Connection not found" error to all Remove-<connection> commands.
-Renamed Module Folder for Connection Manager from: Connections\ to ConnectionsMgr\ -New Module: ConnectionMgr: Luna STC Partitions -New Module: ConnectionMgr: LDAP for CTE -New Module: ConnectionMgr: OIDC for CTE
-Added Complete Module for Identity Provider Management. /v1/usermgmt/connections/* -Added overlooked help text in a previous module. -Updated README
-LDAP and OIDC IdP Module -Connection Manager Oracle module -Connection Manager SAP Module -Updated README.md
-Fixed typos in SAP module. -Added SCP Module -Added SMB Module -Updated README.md
-Connection Manager: Syslog Log Forwarder -Found minor issue during code review.
-Added Connection Manager: Salesforce Module -Fixed an example in a previous module.
| @@ -0,0 +1,960 @@ | |||
| ####################################################################################################################### | |||
| # File: CipherTrustManager-ConnectionMgr-Loki.psm1 # | |||
There was a problem hiding this comment.
file name need to be fixed... looks like the intention is to implement Loki.
| # File: CipherTrustManager-ConnectionMgr-Loki.psm1 # | ||
| # Author: Rick Leon, Professional Services # | ||
| # Publisher: Thales Group # | ||
| # Copyright: (c) 2023 Thales Group. All rights reserved. # |
There was a problem hiding this comment.
Copyright year can be updated
There was a problem hiding this comment.
I am slightly confused with the purpose and placement of this file. Shouldn't this be inside the folder CipherTrustManager. and also it seems to be a duplicate of ...
/CipherTrustManager/ConnectionsMgr
/CipherTrustManager-ConnectionMgr-LunaHSMConnection.psm1
I am skipping the review of this file.
There was a problem hiding this comment.
That file shouldn’t be there. we can delete. I didn’t realize it was going to publish that far down. I forgot it was there.
| Write-Debug "Start: $($MyInvocation.MyCommand.Name)" | ||
|
|
||
| Write-Debug "Getting a List of all LDAP Connections in CM" | ||
| $endpoint = $CM_Session.REST_URL + $target_uri |
There was a problem hiding this comment.
$target_uri is set to "/usermgmt/connections"...
there is also an API for listing all external identity providers /auth/id-providers
I am assuming in this module we are just referring to OIDC/LDAP based identities associated with user management tile.
There was a problem hiding this comment.
Feels like the /autg/id-prividers section oft he playground only has to do with actually authenticating people. not "managing" the connections themselves.
| return "Missing LDAPS Certificate. Please try again." | ||
| } | ||
| if($root_ca_file){ | ||
| $root_cas = Get-Content -Path $root_ca_file -raw -ErrorAction Stop |
There was a problem hiding this comment.
Thinking aloud here... can we do or do we need to validate the CA cert here to fail fast in case of a bad cert? Before hitting the CM API... I do not even know if we need to do this...just a thought
| return $response | ||
| } | ||
|
|
||
| #Connection Manager - Connections (IdP) |
There was a problem hiding this comment.
do we need to replace (IdP) with (LDAP)?
PowerShell/CipherTrustManager/Connections/CipherTrustManager-Connections-IdP.psm1
Show resolved
Hide resolved
| .EXAMPLE | ||
| PS> New-CMAWSConnection -name MyTestAWSConnection2 -description "This is my Test AWS Connection" -access_key_id abc123abc123 -secret_access_key xyz987xyz987 -assume_role_arn "arn:aws:iam::123456789012:user/johndoe" -assume_role_external_id EXT_ROLE_ID -aws_region us-west-1 -aws_sts_regional_endpoints regional -cloud_name aws-us-gov -metadata "red:stop,:green:go,blue:ocean" | ||
| .EXAMPLE | ||
| PS> New-CMAWSConnection -name MyTestAWSConnection3 -description "This is my Test AWS Connection" -assume_role_arn "arn:aws:iam::123456789012:user/johndoe" -assume_role_external_id EXT_ROLE_ID -aws_region us-west-1 -aws_sts_regional_endpoints regional -cloud_name aws-us-gov -is_role_anywhere -anywhere_role_arn "arn:aws:iam::123456789012:user/johndoe" -anywhere_role_certfile mongocert.pem -anywhere_role_keyfile mongokey.pem -anywhere_profile_arn "arn:aws:iam::123456789012:user" -anywhere_trust_anchor_arn "arn:aws:iam::123456789012:user/johndoe" -metadata "red:stop,green:go,blue:ocean" |
There was a problem hiding this comment.
someday, we would love to add examples of how you can do the same with secrets in CSM instead of directly passing them as string-based args... someday :)
There was a problem hiding this comment.
that would definitely be cool
| @@ -27,8 +27,8 @@ public enum CM_TokensGrantTypes { | |||
| $target_uri = "/auth/tokens" | |||
| $target_revoke_uri = "/auth/revoke" | |||
| $target_selfdomain_uri = "/auth/self/domains" | |||
| $target_authkey_uri = "/auth/auth-key" | |||
| $target_authkey_rotation_uri = "/auth/rotate-auth-key" | |||
| #$target_authkey_uri = "/auth/auth-key" | |||
There was a problem hiding this comment.
if we are not gonna need them, can we just remove them?
There was a problem hiding this comment.
I guess. I didn't add those initially, they were already there. I can double check, but yeah... if we don't need them in the module, we could drop them.
No description provided.