diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index 9d7de4fe7..2714bc326 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -386,6 +386,49 @@ Function Confirm-FGTInterface { $true } +Function Confirm-FGTUserRADIUS { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + + #Check if it looks like a RADIUS Server element + + if ( -not ( $argument | get-member -name name -Membertype Properties)) { + throw "Element specified does not contain a name property." + } + if ( -not ( $argument | get-member -name server -Membertype Properties)) { + throw "Element specified does not contain a server property." + } + if ( -not ( $argument | get-member -name secret -Membertype Properties)) { + throw "Element specified does not contain a secret property." + } + if ( -not ( $argument | get-member -name secondary-server -Membertype Properties)) { + throw "Element specified does not contain a secondary-server property." + } + if ( -not ( $argument | get-member -name secondary-secret -Membertype Properties)) { + throw "Element specified does not contain a secondary-secret property." + } + if ( -not ( $argument | get-member -name tertiary-server -Membertype Properties)) { + throw "Element specified does not contain a tertiary-server property." + } + if ( -not ( $argument | get-member -name tertiary-secret -Membertype Properties)) { + throw "Element specified does not contain a tertiary-secret property." + } + if ( -not ( $argument | get-member -name timeout -Membertype Properties)) { + throw "Element specified does not contain a timeout property." + } + if ( -not ( $argument | get-member -name nas-ip -Membertype Properties)) { + throw "Element specified does not contain a nas-ip property." + } + if ( -not ( $argument | get-member -name auth-type -Membertype Properties)) { + throw "Element specified does not contain an auth-type property." + } + + $true +} + Function Confirm-FGTVpnIpsecPhase1Interface { Param ( diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 112060b83..6d616ea40 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -4,6 +4,198 @@ # SPDX-License-Identifier: Apache-2.0 # +function Add-FGTUserRADIUS { + + <# + .SYNOPSIS + Add a FortiGate RADIUS Server + + .DESCRIPTION + Add a FortiGate RADIUS Server + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret + + Add a RADIUS Server with radius.powerfgt as server and secret + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -secondary_server radius2.powerfgt -secondary_secret $mysecret -tertiary_server radius3.powerfgt -tertiary_secret $mysecret + + Add a RADIUS Server with radius.powerfgt as server and secret, and secondary and tertiary servers + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -timeout 5 + + Add a RADIUS Server with radius.powerfgt as server and secret and timeout to 5 seconds + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -nas_ip 192.0.2.1 + + Add a RADIUS Server with radius.powerfgt as server and secret and NAS IP as 192.0.2.1 + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -nas_id PowerFGT_RADIUS + + Add a RADIUS Server with radius.powerfgt as server and secret and NAS ID as PowerFGT_RADIUS + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -auth_type ms_chap_v2 + + Add a RADIUS Server with radius.powerfgt as server and secret and auth_type as ms_chap_v2 + + .EXAMPLE + $data = @{ "password-renewal" = "enable" } + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -data $data + + Add a RADIUS Server with radius.powerfgt as server and secret and password renewal enabled + #> + + Param( + [Parameter (Mandatory = $true)] + [ValidateLength(1, 35)] + [string]$name, + [Parameter (Mandatory = $true)] + [ValidateLength(1, 63)] + [string]$server, + [Parameter (Mandatory = $true)] + [SecureString]$secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$secondary_server, + [Parameter (Mandatory = $false)] + [SecureString]$secondary_secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$tertiary_server, + [Parameter (Mandatory = $false)] + [SecureString]$tertiary_secret, + [Parameter (Mandatory = $false)] + [ValidateRange(0, 300)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [string]$nas_ip, + [Parameter (Mandatory = $false)] + [ValidateSet("ms_chap_v2", "ms_chap", "chap", "pap", "auto")] + [string]$auth_type, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 255)] + [string]$nas_id, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + if ( Get-FGTUserRADIUS @invokeParams -name $name -connection $connection) { + Throw "Already a RADIUS Server using the same name" + } + + $uri = "api/v2/cmdb/user/radius" + + $radius = new-Object -TypeName PSObject + + $radius | add-member -name "name" -membertype NoteProperty -Value $name + + $radius | add-member -name "server" -membertype NoteProperty -Value $server + + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + + if ( $PsBoundParameters.ContainsKey('secondary_server') -xor $PsBoundParameters.ContainsKey('secondary_secret') ) { + Throw "You must specify secondary server and secondary secret !" + } + elseif ($PsBoundParameters.ContainsKey('secondary_server') -and $PsBoundParameters.ContainsKey('secondary_secret')) { + $radius | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secondary_secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $secondary_secret -AsPlainText + $radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $sec + } + } + + if ( $PsBoundParameters.ContainsKey('tertiary_server') -xor $PsBoundParameters.ContainsKey('tertiary_secret') ) { + Throw "You must specify tertiary server and tertiary secret !" + } + elseif ($PsBoundParameters.ContainsKey('tertiary_server') -and $PsBoundParameters.ContainsKey('tertiary_secret')) { + $radius | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tertiary_secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $tertiary_secret -AsPlainText + $radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $sec + } + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $radius | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('nas_ip') ) { + $radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nas_ip + } + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $radius | add-member -name "auth-type" -membertype NoteProperty -Value $auth_type + } + + if ( $PsBoundParameters.ContainsKey('nas_id') ) { + #before 7.x.x, there is no nas-id parameter + if ($connection.version -lt "7.2.0") { + Write-Warning "-nas-id parameter is not available before FortiOS 7.2.x" + } + else { + $radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" + $radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + } + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $radius | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + Invoke-FGTRestMethod -method "POST" -body $radius -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserRADIUS -name $name -connection $connection @invokeParams + } + + End { + } +} + function Get-FGTUserRADIUS { <# @@ -103,3 +295,244 @@ function Get-FGTUserRADIUS { End { } } + +function Set-FGTUserRADIUS { + + <# + .SYNOPSIS + Change a FortiGate RADIUS Server + + .DESCRIPTION + Change a FortiGate RADIUS Server + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -server mynewRADIUSserver + + Change server name from MyFGTUserRADIUS to mynewRADIUSserver + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -secondary_server radius2.powerfgt -secondary_secret $mysecret + + Change secondary server and secret + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -tertiary_server radius2.powerfgt -tertiary_secret $mysecret + + Change tertiary server and secret + + .EXAMPLE + $data = @{ "timeout" = "200" } + PS C:\>$MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -data $data + + Change timeout to 200sec + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + [ValidateScript( { Confirm-FGTUserRADIUS $_ })] + [psobject]$userradius, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 35)] + [string]$name, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$server, + [Parameter (Mandatory = $false)] + [SecureString]$secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$secondary_server, + [Parameter (Mandatory = $false)] + [SecureString]$secondary_secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$tertiary_server, + [Parameter (Mandatory = $false)] + [SecureString]$tertiary_secret, + [Parameter (Mandatory = $false)] + [ValidateRange(0, 300)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [string]$nas_ip, + [Parameter (Mandatory = $false)] + [ValidateSet("ms_chap_v2", "ms_chap", "chap", "pap", "auto")] + [string]$auth_type, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 255)] + [string]$nas_id, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/radius/$($userradius.name)" + + $_radius = New-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('name') ) { + #TODO check if there is no already an object with this name ? + $_radius | add-member -name "name" -membertype NoteProperty -Value $name + $userradius.name = $name + } + + if ( $PsBoundParameters.ContainsKey('server') ) { + $_radius | add-member -name "server" -membertype NoteProperty -Value $server + } + + if ( $PsBoundParameters.ContainsKey('secret') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $_radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + } + + if ( $PsBoundParameters.ContainsKey('secondary_server') ) { + $_radius | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server + } + + if ( $PsBoundParameters.ContainsKey('secondary_secret') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secondary_secret); + $secondary_sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $secondary_sec + } + else { + $secondary_sec = ConvertFrom-SecureString -SecureString $secondary_secret -AsPlainText + $_radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $secondary_sec + } + } + + if ( $PsBoundParameters.ContainsKey('tertiary_server') ) { + $_radius | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server + } + + if ( $PsBoundParameters.ContainsKey('tertiary_secret') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tertiary_secret); + $tertiary_sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $tertiary_sec + } + else { + $tertiary_sec = ConvertFrom-SecureString -SecureString $tertiary_secret -AsPlainText + $_radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $tertiary_sec + } + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_radius | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('nas_ip') ) { + $_radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nas_ip + } + + if ( $PsBoundParameters.ContainsKey('nas_id') ) { + #before 7.x.x, there is no nas-id parameter + if ($connection.version -lt "7.0.0") { + Write-Warning "-nas-id parameter is not available before FortiOS 7.0.x" + } + else { + $_radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" + $_radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + } + } + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $_radius | add-member -name "auth-type" -membertype NoteProperty -Value $auth_type + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_radius | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + if ($PSCmdlet.ShouldProcess($userradius.name, 'Configure User Radius')) { + Invoke-FGTRestMethod -method "PUT" -body $_radius -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserRADIUS -name $userradius.name -connection $connection @invokeParams + } + } + + End { + } +} + +function Remove-FGTUserRADIUS { + + <# + .SYNOPSIS + Remove a FortiGate RADIUS Server + + .DESCRIPTION + Remove a RADIUS Server on the FortiGate + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name PowerFGT + PS C:\>$MyFGTUserRADIUS | Remove-FGTUserRADIUS + + Remove user object $MyFGTUserRADIUS + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$MyFGTUserRADIUS | Remove-FGTUserRADIUS -confirm:$false + + Remove UserRADIUS object $MyFGTUserRADIUS with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + [ValidateScript( { Confirm-FGTUserRADIUS $_ })] + [psobject]$userradius, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/radius/$($userradius.name)" + + if ($PSCmdlet.ShouldProcess($userradius.name, 'Remove User Radius')) { + $null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams + } + } + + End { + } +} \ No newline at end of file diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 4d58cd6f5..8846774d1 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -62,6 +62,11 @@ $script:pester_usertacacsserver1 = "pestertacacsserver1.powerfgt" $script:pester_usertacacsserver2 = "pestertacacsserver2.powerfgt" $script:pester_usertacacsserver3 = "pestertacacsserver3.powerfgt" $script:pester_usertacacs_key = ConvertTo-SecureString "pester_usertacacskey" -AsPlainText -Force +$script:pester_userradius = "pester_userradius" +$script:pester_userradiusserver1 = "pesterradiusserver1.powerfgt" +$script:pester_userradiusserver2 = "pesterradiusserver2.powerfgt" +$script:pester_userradiusserver3 = "pesterradiusserver3.powerfgt" +$script:pester_userradius_secret = ConvertTo-SecureString "pester_userradiussecret" -AsPlainText -Force . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 new file mode 100644 index 000000000..8de5406ed --- /dev/null +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -0,0 +1,352 @@ +# +# Copyright 2024, Cedric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +#include common configuration +. ../common.ps1 + +BeforeAll { + Connect-FGT @invokeParams +} + +Describe "Get User RADIUS" { + + BeforeAll { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + } + + It "Get User RADIUS Does not throw an error" { + { + Get-FGTUserRADIUS + } | Should -Not -Throw + } + + It "Get ALL User RADIUS" { + $userradius = Get-FGTUserRADIUS + @($userradius).count | Should -Not -Be $NULL + } + + It "Get ALL User RADIUS with -skip" { + $userradius = Get-FGTUserRADIUS -skip + @($userradius).count | Should -Not -Be $NULL + } + + It "Get User RADIUS with -name $pester_userradius -meta" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius -meta + $userradius.q_ref | Should -Not -BeNullOrEmpty + $userradius.q_static | Should -Not -BeNullOrEmpty + $userradius.q_no_rename | Should -Not -BeNullOrEmpty + $userradius.q_global_entry | Should -Not -BeNullOrEmpty + $userradius.q_type | Should -Not -BeNullOrEmpty + $userradius.q_path | Should -Be "user" + $userradius.q_name | Should -Be "radius" + $userradius.q_mkey_type | Should -Be "string" + if ($DefaultFGTConnection.version -ge "6.2.0") { + $userradius.q_no_edit | Should -Not -BeNullOrEmpty + } + } + + It "Get User RADIUS ($pester_userradius)" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + } + + It "Get User RADIUS ($pester_userradius) and confirm (via Confirm-FGTUserRADIUS)" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + Confirm-FGTUserRADIUS ($userradius) | Should -Be $true + } + + Context "Search" { + + It "Search User RADIUS by name ($pester_userradius)" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + @($userradius).count | Should -be 1 + $userradius.name | Should -Be $pester_userradius + } + + } + + AfterAll { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + +} + +Describe "Add User RADIUS" { + + Context "RADIUS Server (Primary, secondary, tertiary servers, timeout, nas ID etc ...)" { + + AfterEach { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + It "Add User RADIUS Server $pester_userradius" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + } + + It "Add User RADIUS Server $pester_userradius with secondary-server" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -secondary_server $pester_userradiusserver2 -secondary_secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius.'secondary-server' | Should -Be $pester_userradiusserver2 + $userradius.'secondary-secret' | Should -Not -Be $Null + } + + It "Add User RADIUS Server $pester_userradius with tertiary-server" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -secondary_server $pester_userradiusserver2 -secondary_secret $pester_userradius_secret -tertiary_server $pester_userradiusserver3 -tertiary_secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius.'secondary-server' | Should -Be $pester_userradiusserver2 + $userradius.'secondary-secret' | Should -Not -Be $Null + $userradius.'tertiary-server' | Should -Be $pester_userradiusserver3 + $userradius.'tertiary-secret' | Should -Not -Be $Null + } + + It "Add User RADIUS Server $pester_userradius with timeout" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -timeout 100 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius.timeout | Should -Be "100" + } + + It "Add User RADIUS Server $pester_userradius with NAS IP" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_ip 192.0.2.1 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."nas-ip" | Should -Be "192.0.2.1" + } + + It "Add User RADIUS Server $pester_userradius with NAS ID" -skip:($fgt_version -lt "7.2.0") { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_id PowerFGT + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."nas-id" | Should -Be "PowerFGT" + } + + It "Try to Add User RADIUS Server $pester_userradius (but there is already a object with same name)" { + #Add first userRADIUS + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + #Add Second userRADIUS with same name + { Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret } | Should -Throw "Already a RADIUS Server using the same name" + } + + } + + Context "RADIUS Server auth-type" { + + AfterEach { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + It "Add User RADIUS Server $pester_userradius with auth_type as auto" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type auto + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "auto" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as ms_chap_v2" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type ms_chap_v2 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "ms_chap_v2" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as ms_chap" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type ms_chap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "ms_chap" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as chap" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type chap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "chap" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as pap" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type pap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "pap" + } + + } + +} + +Describe "Configure User RADIUS" { + + Context "Change server, secondary-server, timeout, etc ..." { + + BeforeAll { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + } + + It "Change name of RADIUS Server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -name "pester_radiusserver_renamed" + $userradius = Get-FGTUserRADIUS -name "pester_radiusserver_renamed" + $userradius.name | Should -Be "pester_radiusserver_renamed" + $userradius.server | Should -Be $pester_userradiusserver1 + } + + It "Change name of RADIUS Server back to initial value" { + Get-FGTUserRADIUS -name "pester_radiusserver_renamed" | Set-FGTuserRADIUS -name $pester_userradius + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + } + + It "Change server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -server $pester_userradiusserver2 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver2 + $userradius.secret | Should -Not -Be $Null + } + + It "Change secondary-server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secondary_server $pester_userradiusserver3 -secondary_secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver2 + $userradius."secondary-server" | Should -Be $pester_userradiusserver3 + $userradius."secondary-secret" | Should -Not -Be $Null + } + + It "Change tertiary-server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -tertiary_server $pester_userradiusserver1 -tertiary_secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver2 + $userradius."secondary-server" | Should -Be $pester_userradiusserver3 + $userradius."secondary-secret" | Should -Not -Be $Null + $userradius."tertiary-server" | Should -Be $pester_userradiusserver1 + $userradius."tertiary-secret" | Should -Not -Be $Null + } + + It "Change timeout" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -timeout 200 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.timeout | Should -Be "200" + } + + It "Change NAS IP" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_ip 192.2.0.2 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."nas-ip" | Should -Be "192.2.0.2" + } + + It "Change NAS ID" -skip:($fgt_version -lt "7.2.0") { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id PowerFGT + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."nas-id" | Should -Be "PowerFGT" + } + + AfterAll { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + } + + Context "Change auth-type" { + + BeforeAll { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + } + + It "Change type ms_chap_v2" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type ms_chap_v2 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."auth-type" | Should -Be "ms_chap_v2" + } + + It "Change type ms_chap" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type ms_chap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."auth-type" | Should -Be "ms_chap" + } + + It "Change type chap" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type chap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."auth-type" | Should -Be "chap" + } + + It "Change type pap" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type pap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."auth-type" | Should -Be "pap" + } + + It "Change type auto" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type auto + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."auth-type" | Should -Be "auto" + } + + AfterAll { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + } + +} + +Describe "Remove User RADIUS" { + + Context "local" { + + BeforeEach { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + } + + It "Remove User RADIUS $pester_userradius by pipeline" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius | Remove-FGTUserRADIUS -confirm:$false + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius | Should -Be $NULL + } + + } + +} + +AfterAll { + Disconnect-FGT -confirm:$false +} \ No newline at end of file