Solved: Re: HX API through PowerShell

srehling · ‎06-05-2018

I am trying to create a framework for Powershell access to the HX API. I cannot seem to get past authentication. PowerShell is preferred, because follow-on actions are going to be in PowerCLI. Basically looking to obtain a list of nodes. Put each node in Maintenance mode. Complete actions. Return the node to service. Verify that the cluster returns to a healthy state, and repeat for other nodes in the cluster until the entire cluster is finished. The same framework would be used for putting nodes in HX Maintenance mode, and then initiate patches from VUM.

At this point, I am just trying to figure out the authentication piece. This method works fine with ACI and UCS. It appears something is unique about the HX API.

Any ideas what I am doing wrong?

add-type @"

using System.Net;

using System.Security.Cryptography.X509Certificates;

public class TrustAllCertsPolicy : ICertificatePolicy {

public bool CheckValidationResult(

ServicePoint srvPoint, X509Certificate certificate,

WebRequest request, int certificateProblem) {

return true;

}

"@

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$authString = """

{

'username': 'administrator@vsphere.local',

'password': 'SomePassword',

'client_id': 'HxGuiClient',

'client_secret': 'Sunnyvale',

'redirect_uri' : 'http://localhost:8080/aaa/redirect'

}

"""

Invoke-WebRequest -uri 'https://HXIP/auth?grant_type=password' -Method Post -Body $authString -ContentType 'application/json'

srehling · ‎07-24-2018

I did get this worked out, and thought others might come looking for the same code. Here is example PowerShell code to authenticate with HyperFlex:

First off, I strongly recommend that you include the following lines so that TLS 1.2 will work:

# Allows self signed certificates and support TLS 1.2 only. 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Trusting all certicates based on new type above
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12      # Setting TLS to 1.2

I am not providing a method of populating user name and password, but for the example I am assuming you have those has a string assigned to $user and $password. You build the authorization string in this manner:

$authString = @{
    'username'=$user;
    'password'=$password;
    'client_id'='HxGuiClient';
    'client_secret'='Sunnyvale';
    'redirect_uri'='http://localhost:8080/aaa/redirect'} | 
        convertto-json # Converts the hash table to JSON, which is the required format for authentication.

It is important to node that client_id and client_secret are static and should not be changed. redirect_uri is also a static entry.

Finally, assign an IP or resolvable DNS name to $server. Your authorization request will look like this:

$authResponse = (Invoke-WebRequest -uri "https://$server/aaa/v1/auth?grant_type=password" -Method Post -Body $authString -ContentType 'application/json')

View solution in original post

srehling · ‎07-24-2018

I did get this worked out, and thought others might come looking for the same code. Here is example PowerShell code to authenticate with HyperFlex:

First off, I strongly recommend that you include the following lines so that TLS 1.2 will work:

# Allows self signed certificates and support TLS 1.2 only. 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Trusting all certicates based on new type above
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12      # Setting TLS to 1.2

I am not providing a method of populating user name and password, but for the example I am assuming you have those has a string assigned to $user and $password. You build the authorization string in this manner:

$authString = @{
    'username'=$user;
    'password'=$password;
    'client_id'='HxGuiClient';
    'client_secret'='Sunnyvale';
    'redirect_uri'='http://localhost:8080/aaa/redirect'} | 
        convertto-json # Converts the hash table to JSON, which is the required format for authentication.

It is important to node that client_id and client_secret are static and should not be changed. redirect_uri is also a static entry.

Finally, assign an IP or resolvable DNS name to $server. Your authorization request will look like this:

$authResponse = (Invoke-WebRequest -uri "https://$server/aaa/v1/auth?grant_type=password" -Method Post -Body $authString -ContentType 'application/json')

srehling · ‎07-24-2018

I did get this worked out, and thought others might come looking for the same code. Here is example PowerShell code to authenticate with HyperFlex:

First off, I strongly recommend that you include the following lines so that TLS 1.2 will work:

# Allows self signed certificates and support TLS 1.2 only. 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Trusting all certicates based on new type above
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12      # Setting TLS to 1.2

I am not providing a method of populating user name and password, but for the example I am assuming you have those has a string assigned to $user and $password. You build the authorization string in this manner:

$authString = @{
    'username'=$user;
    'password'=$password;
    'client_id'='HxGuiClient';
    'client_secret'='Sunnyvale';
    'redirect_uri'='http://localhost:8080/aaa/redirect'} | 
        convertto-json # Converts the hash table to JSON, which is the required format for authentication.

It is important to node that client_id and client_secret are static and should not be changed. redirect_uri is also a static entry.

Finally, assign an IP or resolvable DNS name to $server. Your authorization request will look like this:

$authResponse = (Invoke-WebRequest -uri "https://$server/aaa/v1/auth?grant_type=password" -Method Post -Body $authString -ContentType 'application/json')