-
Notifications
You must be signed in to change notification settings - Fork 49
/
New-OmeUser.ps1
233 lines (187 loc) · 7.11 KB
/
New-OmeUser.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
<#
_author_ = Chris Steinbeisser <chris.steinbeisser@Dell.com>
_author_ = Grant Curell <grant_curell@dell.com>
Copyright (c) 2022 Dell EMC Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
#>
<#
.SYNOPSIS
Script to add users to OpenManage Enterprise
.DESCRIPTION
This script uses the OME REST API to add users to OpenManage Enterprise.
For authentication X-Auth is used over Basic Authentication
Note that the credentials entered are not stored to disk.
.PARAMETER IpAddress
IP Address of the OME Appliance
.PARAMETER Credentials
Credentials used to talk to the OME Appliance
.PARAMETER NewUserCredentials
Credentials for the new user
.PARAMETER NewUserRole
The role you would like to assign the user. The default roles in OME include "VIEWER", "DEVICE_MANAGER", and "ADMINISTRATOR". You may add your own.
.PARAMETER NewUserDescription
Description of the new user in the form of 'a string like this'. The default is "User created via the OME API."
.PARAMETER NewUserLocked
Add this switch to lock the user after creation. False by default.
.PARAMETER NewUserEnabled
Add this switch to enable the user after creation. True by default.
.EXAMPLE
$cred = Get-Credential
$newusercred = Get-Credential
.\New-OMEntUser.ps1 -IpAddress "10.xx.xx.xx" -Credentials $cred -NewUserCredentials $newusercred -NewUserRole ADMINISTRATOR
.\New-OMEntUser.ps1 -IpAddress "10.xx.xx.xx" -Credentials $cred -NewUserCredentials $newusercred -NewUserRole ADMINISTRATOR -NewUserDescription 'This is a description of the user'
.\New-OMEntUser.ps1 -IpAddress "10.xx.xx.xx" -Credentials $cred -NewUserCredentials $newusercred -NewUserRole ADMINISTRATOR -NewUserLocked
#>
[CmdletBinding()]
param(
[Parameter(Mandatory)]
[System.Net.IPAddress] $IpAddress,
[Parameter(Mandatory)]
[pscredential] $Credentials,
[Parameter(Mandatory)]
[pscredential] $NewUserCredentials,
[Parameter(Mandatory)]
[string] $NewUserRole,
[Parameter(Mandatory=$false)]
[string] $NewUserDescription = "User created via the OME API.",
[Parameter(Mandatory=$false)]
[boolean] $NewUserLocked = $false,
[Parameter(Mandatory=$false)]
[boolean] $NewUserEnabled = $true
)
function Get-Data {
<#
.SYNOPSIS
Used to interact with API resources
.DESCRIPTION
This function retrieves data from a specified URL. Get requests from OME return paginated data. The code below
handles pagination. This is the equivalent in the UI of a list of results that require you to go to different
pages to get a complete listing.
.PARAMETER Url
The API url against which you would like to make a request
.PARAMETER OdataFilter
An optional parameter for providing an odata filter to run against the API endpoint.
.PARAMETER MaxPages
The maximum number of pages you would like to return
.INPUTS
None. You cannot pipe objects to Get-Data.
.OUTPUTS
dict. A dictionary containing the results of the API call or an empty dictionary in the case of a failure
#>
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[string]
$Url,
[Parameter(Mandatory = $false)]
[string]
$OdataFilter,
[Parameter(Mandatory = $false)]
[int]
$MaxPages = $null
)
$Data = @()
$NextLinkUrl = $null
try {
if ($PSBoundParameters.ContainsKey('OdataFilter')) {
$CountData = Invoke-RestMethod -Uri $Url"?`$filter=$($OdataFilter)" -Method Get -Credential $Credentials -SkipCertificateCheck
if ($CountData.'@odata.count' -lt 1) {
Write-Error "No results were found for filter $($OdataFilter)."
return @{}
}
}
else {
$CountData = Invoke-RestMethod -Uri $Url -Method Get -Credential $Credentials -ContentType $Type `
-SkipCertificateCheck
}
if ($null -ne $CountData.'value') {
$Data += $CountData.'value'
}
else {
$Data += $CountData
}
if ($CountData.'@odata.nextLink') {
$NextLinkUrl = "https://$($IpAddress)$($CountData.'@odata.nextLink')"
}
$i = 1
while ($NextLinkUrl) {
if ($MaxPages) {
if ($i -ge $MaxPages) {
break
}
$i = $i + 1
}
$NextLinkData = Invoke-RestMethod -Uri "$($NextLinkUrl)" -Method Get -Credential $Credentials `
-ContentType $Type -SkipCertificateCheck
if ($null -ne $NextLinkData.'value') {
$Data += $NextLinkData.'value'
}
else {
$Data += $NextLinkData
}
if ($NextLinkData.'@odata.nextLink') {
$NextLinkUrl = "https://$($IpAddress)$($NextLinkData.'@odata.nextLink')"
}
else {
$NextLinkUrl = $null
}
}
return $Data
}
catch [System.Net.Http.HttpRequestException] {
Write-Error "There was a problem connecting to OME or the URL supplied is invalid. Did it become unavailable?"
return @{}
}
}
try {
$Roles = Get-Data "https://$($IpAddress)/api/AccountService/Roles"
$FoundRole = $false
Write-Host "Searching OME for the requested role..."
foreach ($Role in $Roles) {
if ($NewUserRole -eq $Role.Name) {
$RoleId = $Role.Id
$FoundRole = $True
Write-Host "Found role $($NewUserRole)!"
break
}
}
if (-not $FoundRole) {
Write-Error "We did not find the role $($NewUserRole). The possible roles on this OME server are:"
foreach($Role in $Roles) {
Write-Host $Role.Name
}
Exit
}
$AccountInfo = @{
UserName = $NewUserCredentials.GetNetworkCredential().UserName
Password = $NewUserCredentials.GetNetworkCredential().Password
RoleId = $RoleId
Locked = $NewUserLocked
Enabled = $NewUserEnabled
Description = $NewUserDescription
UserTypeId = 1
DirectoryServiceId = 0
} | ConvertTo-Json
Write-Host "Creating new user..."
try {
$AccountsUrlResp = Invoke-RestMethod -Uri "https://$($IpAddress)/api/AccountService/Accounts" -Method Post -Headers $Headers -ContentType "application/json" -Body $AccountInfo -SkipCertificateCheck -Credential $Credentials
}
catch [System.Net.Http.HttpRequestException] {
Write-Error "Creating the new user failed. Exception occured at line $($_.InvocationInfo.ScriptLineNumber) - $($_.Exception.Message)"
Write-Error "Error details are $($_.ErrorDetails)"
Exit
}
Write-Host "URLStatusCode -> $($AccountsUrlResp.StatusCode) Success"
Write-Host "Successfully created user $($NewUserCredentials.GetNetworkCredential().UserName)!"
}
catch {
Write-Error "Exception occured at line $($_.InvocationInfo.ScriptLineNumber) - $($_.Exception.Message)"
}