To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

...
 
Commits (3)
......@@ -4,25 +4,25 @@
@{
# Script module or binary module file associated with this manifest.
RootModule = 'IAMClient.psm1'
RootModule = 'IAMClient.psm1'
# Version number of this module.
ModuleVersion = '1.2.5'
ModuleVersion = '1.2.6'
# ID used to uniquely identify this module
GUID = '33ce3afe-9156-4f0e-bbc7-6d4fab3f2ad7'
GUID = '33ce3afe-9156-4f0e-bbc7-6d4fab3f2ad7'
# Author of this module
Author = 'Aurel Schwitter'
Author = 'Aurel Schwitter'
# Company or vendor of this module
CompanyName = 'ETH Zuerich Informatikdienste'
CompanyName = 'ETH Zuerich Informatikdienste'
# Copyright statement for this module
Copyright = '(c) 2019 ETH Zuerich. All rights reserved.'
Copyright = '(c) 2019 ETH Zuerich. All rights reserved.'
# Description of the functionality provided by this module
Description = 'PowerShell module to access the IAM API'
Description = 'PowerShell module to access the IAM API'
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '4.0'
......@@ -55,7 +55,7 @@
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
FormatsToProcess = 'IAMClient.Format.ps1xml'
FormatsToProcess = 'IAMClient.Format.ps1xml'
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
......@@ -64,13 +64,13 @@
FunctionsToExport = '*'
# Cmdlets to export from this module
CmdletsToExport = '*'
CmdletsToExport = '*'
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module
AliasesToExport = '*'
AliasesToExport = '*'
# DSC resources to export from this module
# DscResourcesToExport = @()
......@@ -82,12 +82,12 @@
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
Tags = @("iam","ethz","PSEdition_Core","PSEdition_Desktop")
Tags = @("iam", "ethz", "PSEdition_Core", "PSEdition_Desktop")
# A URL to the license for this module.
LicenseUri = 'https://gitlab.ethz.ch/aurels/iam-powershell/raw/master/LICENSE'
......@@ -106,10 +106,10 @@
} # End of PrivateData hashtable
# HelpInfo URI of this module
HelpInfoURI = 'https://gitlab.ethz.ch/aurels/iam-powershell/raw/master/docs/IAMClient-help.xml'
HelpInfoURI = 'https://gitlab.ethz.ch/aurels/iam-powershell/raw/master/docs/IAMClient-help.xml'
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}
}
\ No newline at end of file
$script:IAMCreds = $null
$script:ApiHost = "https://vmiam42.ethz.ch:8443/iam-ws-legacy"
$script:DebugMode = $false
$script:ApiHost = ""# to be overridden during initialization
$script:DebugMode = $true
$Public = @( Get-ChildItem -Path "$PSScriptRoot\Public" -Include "*.ps1" -Recurse -ErrorAction SilentlyContinue )
$Private = @( Get-ChildItem -Path "$PSScriptRoot\Private" -Include "*.ps1" -Recurse -ErrorAction SilentlyContinue )
......
......@@ -3,4 +3,10 @@ param (
[string]$NuGetApiKey
)
$PSD1Content = . "..\dist\IAMClient.psd1"
$Version = $PSD1Content.ModuleVersion
git tag "v$Version"
git push --tags
Publish-Module -Name "$PSScriptRoot\..\dist\IAMClient.psd1" -NuGetApiKey $NuGetApiKey
\ No newline at end of file
$script:IAMCreds = $null
$script:ApiHost = "https://iam.password.ethz.ch/iam-ws-legacy"
$script:DebugMode = $true
\ No newline at end of file
$script:ApiHost = "" # will set during initialization
$script:DebugMode = $false
if ($PSVersionTable.PSVersion.Major -le 5){
# set TLS1.2 as default when running in PSv5
# if TLS1.3 is out, this should be specified
# https://docs.microsoft.com/en-us/security/engineering/solving-tls1-problem#update-windows-powershell-scripts-or-related-registry-settings
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
}
\ No newline at end of file
......@@ -56,7 +56,13 @@ Function Invoke-IAMMethod {
PROCESS {
if ($PSCmdlet.ShouldProcess($Url)) {
if ($script:DebugMode) {
Write-RequestToConsole -Method $Method.ToString() -Headers $Headers -JsonBody $JsonBody
}
try {
# only provide the body when needed, as it gives an error when used with GET
if ($Method -eq [Microsoft.PowerShell.Commands.WebRequestMethod]::Get) {
$Response = Invoke-RestMethod -Uri $Uri -Method $Method -Headers $Headers
......@@ -67,52 +73,51 @@ Function Invoke-IAMMethod {
# Only write to console if debug is enabled
if ($script:DebugMode) {
Write-RequestToConsole -Method $Method.ToString() -Headers $Headers -JsonBody $JsonBody
Write-ResponseToConsole -Response $Response
}
}
catch {
# Only write to console if debug is enabled
if ($script:DebugMode) {
Write-RequestToConsole -Method $Method.ToString() -Headers $Headers -JsonBody $JsonBody
}
# if response is a string, is contains a json object
if ($null -ne $_.Exception.Response){
if ($null -ne $_.Exception.Response) {
# read answer from stream
$responseStream = $_.Exception.Response.GetResponseStream()
$streamReader = new-object System.IO.StreamReader -ArgumentList $responseStream
$errResponse = $streamReader.ReadToEnd()
if ($_.Exception.Response.Content.GetType().GetMethods().Name -contains "ReadAsStreamAsync") {
$responseStream = $_.Exception.Response.Content.ReadAsStreamAsync().Result
}
else {
$responseStream = $_.Exception.Response.GetResponseStream()
}
$responseStream = $_.Exception.Response.Content.ReadAsStreamAsync().Result
# clean up reader
$streamReader.Dispose()
$errObject = ConvertFrom-Json $errResponse
throw ($errObject.level + " -> " + $errObject.message)
} else {
throw $_.Exception.Message
}
try {
try {
$errResponse = ConvertFrom-Json $_
}
catch {
Write-Error -Message $_.Exception.Message -Exception $_.Exception
return
if ($errResponse -ne "") {
try {
$errObject = ConvertFrom-Json $errResponse
Write-Error -Exception $_ -Message ($errObject.level + " -> " + $errObject.message)
return
}
catch {
# response did not contain valid JSON, return original error message ( see below )
}
}
}
catch {
throw "API Request failed. Message: $_"
}
# we did not get any additional info from the error message, just throw the original message
# throw original error
throw $_
}
}
END {
return $Response
}
}
END {
return $Response
}
}
\ No newline at end of file
......@@ -7,17 +7,17 @@ function Initialize-IAMClient {
[switch]$Force,
[switch]$EnableDebugOutput
[switch]$EnableDebugOutput,
[string]$ApiHost = "https://iam.passwort.ethz.ch"
)
$script:ApiHost = $ApiHost
if ($Force -eq $true) {
Write-Warning "The -Force switch is included for backwards compatibility only, it has no functionality"
}
if (-not (Test-ETHCredentials $Credentials)) {
throw "Could not validate your credentials"
}
# Enable Debug mode for script
if ($EnableDebugOutput) {
$script:DebugMode = $true
......@@ -27,7 +27,14 @@ function Initialize-IAMClient {
$VerbosePreference = "SilentlyContinue"
}
if (-not (Test-ETHCredentials $Credentials)) {
throw "Could not validate your credentials"
}
$script:IAMCreds = $Credentials
Set-StrictMode -Version latest
}
}
......@@ -13,6 +13,8 @@ function Test-ETHCredentials {
return $true
}
catch {
# write error to error stream as non-terminating error
Write-Error $_
return $false
}
finally {
......
Import-Module pester
if (! $Credentials){
$Credentials = Get-Credential -Message "Enter your 4ea credentials"
if (! $global:credentials) {
$global:credentials = Get-Credential -Message "Enter your 4ea credentials"
}
$Globals = @{
TestUser = "biolcourse-71";
TestUser = "biolcourse-71";
TestUserSn = "Schwitter";
TestGroup = "biol-micro-api-perm_test_2";
TestGroup = "biol-micro-api-perm_test_2";
TestGroup2 = "biol-micro-sunagawa-server-adm"; # just a second group, only reads are performed to this group
TestListRW = "biol-micro-list-api_test-donotuse"
TestListRO = "Cluster_Users"
Host = "https://qss2.password.ethz.ch/iam-ws-legacy"
Creds = $global:credentials
}
Describe "Importing the module" {
It 'Should import' {
# remove if loaded
if (Get-Module IAMClient){
if (Get-Module IAMClient) {
Remove-Module IAMClient
}
{import-module ..\IAMClient.psm1} | Should -not -Throw
{ Import-Module ..\IAMClient.psd1 -Force -ErrorAction Stop } | Should -Throw -not
}
}
Describe "Running non-initialized" {
<#it "Should allow reading an API" {
Get-ETHUser -Identity "aurels" | Select-Object -ExpandProperty sn | Should -be "Schwitter"
}#>
it "Should not allow interacting with an API" {
{Get-ETHUser -Identity $Globals.TestUser } | Should -Throw "Please initialize the client to use this function"
<#$User.displayName = $user.displayName + " tst"
{$User | Set-ETHUser -Identity $Globals.TestUser} | should -Throw "Please initialize the client to use this function"#>
}
}
Describe "Initializing the module" {
it "Should be initialized" {
{Initialize-IAMClient -Credentials $Credentials} | should -not -throw
}
$ImportAndInitModule = {
Import-Module ..\IAMClient.psd1 -Force
Initialize-IAMClient -ApiHost "https://qss2.password.ethz.ch/iam-ws-legacy" -EnableDebugOutput -Credentials $Globals["Creds"] -Verbose -Debug
}
Describe "Interacting with users" {
BeforeAll $ImportAndInitModule
It "Should load a user" {
Get-ETHUser -Identity $Globals.TestUser | Select-Object -Expand sn | Should -be $Globals.TestUserSn
}
......@@ -54,18 +49,20 @@ Describe "Interacting with users" {
$SavedDescription = $User.description
$User.description = $SavedDescription + "Test"
{Set-ETHUser -Identity $Globals.TestUser -User $User} | should -not -Throw
{ Set-ETHUser -Identity $Globals.TestUser -User $User } | should -not -Throw
# check if change succeeded
Get-ETHUser $Globals.TestUser | Select-Object -expand description | Should -be ($SavedDescription + "Test")
# Reset description
$user.description = $SavedDescription
{Set-ETHUser -Identity $Globals.TestUser -User $User} | should -not -Throw
{ Set-ETHUser -Identity $Globals.TestUser -User $User } | should -not -Throw
}
}
Describe "Interacting with groups" {
BeforeAll $ImportAndInitModule
it "Should load a group" {
Get-ETHGroup -Identity $Globals.TestGroup2 | Select-Object -expand name | Should -be $Globals.TestGroup2 # Obviously
}
......@@ -73,7 +70,7 @@ Describe "Interacting with groups" {
it "Should add a member to a group" {
$GroupMemberCount = @(Get-ETHGroup -Identity $Globals.TestGroup | Select-Object -Expand members).Count
{Add-ETHGroupMember -Identity $Globals.TestGroup -Members $Globals.TestUser} | Should -not -Throw
{ Add-ETHGroupMember -Identity $Globals.TestGroup -Members $Globals.TestUser } | Should -not -Throw
@(Get-ETHGroup -Identity $Globals.TestGroup | Select-Object -Expand members).Count | Should -be ($GroupMemberCount + 1)
}
......@@ -81,25 +78,27 @@ Describe "Interacting with groups" {
it "Should remove a member from a group" {
$GroupMemberCount = @(Get-ETHGroup -Identity $Globals.TestGroup | Select-Object -Expand members).Count
if ($GroupMemberCount -eq 0){
if ($GroupMemberCount -eq 0) {
Set-ItResult -Skipped -Because "cannot remove a member from an empty group"
return
}
{Remove-ETHGroupMember -Identity $Globals.TestGroup -Members $Globals.TestUser} | Should -not -Throw
{ Remove-ETHGroupMember -Identity $Globals.TestGroup -Members $Globals.TestUser } | Should -not -Throw
@(Get-ETHGroup -Identity $Globals.TestGroup | Select-Object -Expand members).Count | Should -be ($GroupMemberCount - 1)
}
}
it "Should export a group to AD" {
Set-ItResult -skipped -Because "exporting is not needed with IAM"
return
Describe "Interacting with maillists" {
BeforeAll $ImportAndInitModule
if ((Get-ETHGroup -Identity $Globals.TestGroup).targets -notcontains "AD"){
Set-ItResult -Skipped -Because "it cannot be exported to AD because it is not exported to AD"
return
}
it "Should load a list" {
$List = Get-ETHMaillist -Identity $Globals["TestListRW"]
$List.name | should -be $Globals["TestListRW"]
}
{Start-GroupProvisioning -Identity $Globals.TestGroup -AD} | should -not -Throw
it "Should load list members" {
$ListMembers = Get-ETHMaillistMember -Identity $Globals["TestListRO"]
$ListMembers.Count | should -be -gt 0
}
}
\ No newline at end of file