From 82363ad838d2fd4de5a31f903130b0791a80baa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:06:40 +0200 Subject: [PATCH 01/25] Add function + tests for add --- PowerFGT/Public/cmdb/user/radius.ps1 | 205 +++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 112060b83..1cd5b6abb 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -4,6 +4,211 @@ # SPDX-License-Identifier: Apache-2.0 # +function Add-FGTUserRADIUS { + + <# + .SYNOPSIS + Add a FortiGate RADIUS Server + + .DESCRIPTION + Add a FortiGate RADIUS Server + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret + + Add a RADIUS Server with radius.powerfgt as server and secret + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -secondary_server radius2.powerfgt -secondary_secret $mysecret -tertiary_server radius3.powerfgt -tertiary_secret $mysecret + + Add a RADIUS Server with radius.powerfgt as server and secret, and secondary and tertiary servers + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -timeout 5 + + Add a RADIUS Server with radius.powerfgt as server and secret and timeout to 5 seconds + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -nas_ip 192.0.2.1 + + Add a RADIUS Server with radius.powerfgt as server and secret and NAS IP as 192.0.2.1 + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -nas_id PowerFGT_RADIUS + + Add a RADIUS Server with radius.powerfgt as server and secret and NAS ID as PowerFGT_RADIUS + + .EXAMPLE + $mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -auth_type ms_chap_v2 + + Add a RADIUS Server with radius.powerfgt as server and secret and auth_type as ms_chap_v2 + + .EXAMPLE + $data = @{ "password-renewal" = "enable" } + PS C:\>Add-FGTUserRADIUS -Name PowerFGT -server radius.powerfgt -secret $mysecret -data $data + + Add a RADIUS Server with radius.powerfgt as server and secret and password renewal enabled + #> + + Param( + [Parameter (Mandatory = $true)] + [ValidateLength(1, 35)] + [string]$name, + [Parameter (Mandatory = $true)] + [ValidateLength(1, 63)] + [string]$server, + [Parameter (Mandatory = $true)] + [SecureString]$secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$secondary_server, + [Parameter (Mandatory = $false)] + [SecureString]$secondary_secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$tertiary_server, + [Parameter (Mandatory = $false)] + [SecureString]$tertiary_secret, + [Parameter (Mandatory = $false)] + [ValidateRange(0, 300)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [string]$nas_ip, + [Parameter (Mandatory = $false)] + [ValidateSet("ms_chap_v2", "ms_chap", "chap", "pap", "auto")] + [string]$auth_type, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 255)] + [string]$nas_id, + [Parameter (Mandatory = $false)] + [boolean]$visibility, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + if ( Get-FGTUserRADIUS @invokeParams -name $name -connection $connection) { + Throw "Already a RADIUS Server using the same name" + } + + $uri = "api/v2/cmdb/user/radius" + + $radius = new-Object -TypeName PSObject + + $radius | add-member -name "name" -membertype NoteProperty -Value $name + + $radius | add-member -name "server" -membertype NoteProperty -Value $server + + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + + if ( $PsBoundParameters.ContainsKey('secondary_server') -xor $PsBoundParameters.ContainsKey('secondary_secret') ) { + Throw "You must specify secondary server and secondary secret !" + } + elseif ($PsBoundParameters.ContainsKey('secondary_server') -and $PsBoundParameters.ContainsKey('secondary_secret')) { + $radius | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $sec + } + } + + if ( $PsBoundParameters.ContainsKey('tertiary_server') -xor $PsBoundParameters.ContainsKey('tertiary_secret') ) { + Throw "You must specify tertiary server and tertiary secret !" + } + elseif ($PsBoundParameters.ContainsKey('tertiary_server') -and $PsBoundParameters.ContainsKey('tertiary_secret')) { + $radius | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $sec + } + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $radius | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('nas_ip') ) { + $nasip = new-Object -TypeName PSObject + $nasip | add-member -name "Address" -membertype NoteProperty -Value $nas_ip + $radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nasip + } + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $radius | add-member -name "auth-type" -membertype NoteProperty -Value $auth_type + } + + if ( $PsBoundParameters.ContainsKey('nas_id') ) { + $radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" + $radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + } + + if ( $PsBoundParameters.ContainsKey('visibility') ) { + #with 6.4.x, there is no longer visibility parameter + if ($connection.version -ge "6.4.0") { + Write-Warning "-visibility parameter is no longer available with FortiOS 6.4.x and after" + } + else { + if ( $visibility ) { + $radius | add-member -name "visibility" -membertype NoteProperty -Value "enable" + } + else { + $radius | add-member -name "visibility" -membertype NoteProperty -Value "disable" + } + } + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $radius | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + Invoke-FGTRestMethod -method "POST" -body $radius -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserRADIUS -connection $connection @invokeParams -name $name + } + + End { + } +} + function Get-FGTUserRADIUS { <# From 5036f80187a5014ba9c02cdbd8fa1eebeb073b65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:10:03 +0200 Subject: [PATCH 02/25] Add remove function --- PowerFGT/Public/cmdb/user/radius.ps1 | 54 ++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 1cd5b6abb..338d7b77d 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -308,3 +308,57 @@ function Get-FGTUserRADIUS { End { } } + +function Remove-FGTUserRADIUS { + + <# + .SYNOPSIS + Remove a FortiGate RADIUS Server + + .DESCRIPTION + Remove a RADIUS Server on the FortiGate + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name PowerFGT + PS C:\>$MyFGTUserRADIUS | Remove-FGTUserRADIUS + + Remove user object $MyFGTUserRADIUS + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$MyFGTUserRADIUS | Remove-FGTUserRADIUS -confirm:$false + + Remove UserRADIUS object $MyFGTUserRADIUS with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + [ValidateScript( { Confirm-FGTUserRADIUS $_ })] + [psobject]$userradius, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/radius/$($userradius.name)" + + if ($PSCmdlet.ShouldProcess($userradius.name, 'Remove User Radius')) { + $null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams + } + } + + End { + } +} \ No newline at end of file From 26e8921ad286d271e5d131171f252dced5513ab4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:13:29 +0200 Subject: [PATCH 03/25] Add confirm-userradius --- PowerFGT/Private/Confirm.ps1 | 46 ++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index 9d7de4fe7..6cc153ede 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -386,6 +386,52 @@ Function Confirm-FGTInterface { $true } +Function Confirm-FGTUserRADIUS { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + + #Check if it looks like a RADIUS Server element + + if ( -not ( $argument | get-member -name name -Membertype Properties)) { + throw "Element specified does not contain a name property." + } + if ( -not ( $argument | get-member -name server -Membertype Properties)) { + throw "Element specified does not contain a server property." + } + if ( -not ( $argument | get-member -name secret -Membertype Properties)) { + throw "Element specified does not contain a secret property." + } + if ( -not ( $argument | get-member -name secondary-server -Membertype Properties)) { + throw "Element specified does not contain a secondary-server property." + } + if ( -not ( $argument | get-member -name secondary-secret -Membertype Properties)) { + throw "Element specified does not contain a secondary-secret property." + } + if ( -not ( $argument | get-member -name tertiary-server -Membertype Properties)) { + throw "Element specified does not contain a tertiary-server property." + } + if ( -not ( $argument | get-member -name tertiary-secret -Membertype Properties)) { + throw "Element specified does not contain a tertiary-secret property." + } + if ( -not ( $argument | get-member -name timeout -Membertype Properties)) { + throw "Element specified does not contain a timeout property." + } + if ( -not ( $argument | get-member -name nas-ip -Membertype Properties)) { + throw "Element specified does not contain a nas-ip property." + } + if ( -not ( $argument | get-member -name nas-id -Membertype Properties)) { + throw "Element specified does not contain a nas-id property." + } + if ( -not ( $argument | get-member -name auth-type -Membertype Properties)) { + throw "Element specified does not contain a auth-type property." + } + + $true +} + Function Confirm-FGTVpnIpsecPhase1Interface { Param ( From f85f085271c89f21558c0eb3b28acc4ad6fcd433 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:15:56 +0200 Subject: [PATCH 04/25] Add pester variables in confirm.ps1 --- Tests/common.ps1 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 4d58cd6f5..90117e071 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -62,6 +62,11 @@ $script:pester_usertacacsserver1 = "pestertacacsserver1.powerfgt" $script:pester_usertacacsserver2 = "pestertacacsserver2.powerfgt" $script:pester_usertacacsserver3 = "pestertacacsserver3.powerfgt" $script:pester_usertacacs_key = ConvertTo-SecureString "pester_usertacacskey" -AsPlainText -Force +$script:pester_userradius = "pester_userradius" +$script:pester_userradiusserver1 = "pester_userradiusserver1" +$script:pester_userradiusserver2 = "pester_userradiusserver2" +$script:pester_userradiusserver3 = "pester_userradiusserver3" +$script:pester_userradius_secret = ConvertTo-SecureString "pester_userradiussecret" -AsPlainText -Force . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... From ef51c06c9078d87a38aeb082a479b91a800a6051 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:17:27 +0200 Subject: [PATCH 05/25] Add tests file --- Tests/integration/UserRadius.Tests.ps1 | 423 +++++++++++++++++++++++++ 1 file changed, 423 insertions(+) create mode 100644 Tests/integration/UserRadius.Tests.ps1 diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 new file mode 100644 index 000000000..3d213d34c --- /dev/null +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -0,0 +1,423 @@ +# +# Copyright 2024, Cedric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +#include common configuration +. ../common.ps1 + +BeforeAll { + Connect-FGT @invokeParams +} + +Describe "Get User Radius" { + + BeforeAll { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + } + + It "Get User Radius Does not throw an error" { + { + Get-FGTUserRADIUS + } | Should -Not -Throw + } + + It "Get ALL User Radius" { + $userradius = Get-FGTUserRADIUS + @($userradius).count | Should -Not -Be $NULL + } + + It "Get ALL User RADIUS with -skip" { + $userradius = Get-FGTUserRADIUS -skip + @($userradius).count | Should -Not -Be $NULL + } + + It "Get User Radius with -name $pester_userradius -meta" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius -meta + $userradius.q_ref | Should -Not -BeNullOrEmpty + $userradius.q_static | Should -Not -BeNullOrEmpty + $userradius.q_no_rename | Should -Not -BeNullOrEmpty + $userradius.q_global_entry | Should -Not -BeNullOrEmpty + $userradius.q_type | Should -Not -BeNullOrEmpty + $userradius.q_path | Should -Be "user" + $userradius.q_name | Should -Be "radius" + $userradius.q_mkey_type | Should -Be "string" + if ($DefaultFGTConnection.version -ge "6.2.0") { + $userradius.q_no_edit | Should -Not -BeNullOrEmpty + } + } + + It "Get User Radius ($pester_userradius)" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + } + + It "Get User Radius ($pester_userradius) and confirm (via Confirm-FGTUserRADIUS)" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + Confirm-FGTUserRADIUS ($userradius) | Should -Be $true + } + + Context "Search" { + + It "Search User Radius by name ($pester_userradius)" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + @($userradius).count | Should -be 1 + $userradius.name | Should -Be $pester_userradius + } + + } + + AfterAll { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + +} + +Describe "Add User Radius" { + + Context "Radius Server (Primary, secondary, tertiary servers, timeout, nas ID etc ...)" { + + AfterEach { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + It "Add User RADIUS Server $pester_userradius" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + } + + It "Add User RADIUS Server $pester_userradius with secondary-server" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -secondary_server $pester_userradiusserver2 -secondary_secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius.'secondary-server' | Should -Be $pester_userradiusserver2 + $userradius.'secondary-secret' | Should -Not -Be $Null + } + + It "Add User RADIUS Server $pester_userradius with tertiary-server" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -secondary_server $pester_userradiusserver2 -secondary_secret $pester_userradius_secret -tertiary_server $pester_userradiusserver3 -tertiary_secret $pester_userradius_secret + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius.'secondary-server' | Should -Be $pester_userradiusserver2 + $userradius.'secondary-secret' | Should -Not -Be $Null + $userradius.'tertiary-server' | Should -Be $pester_userradiusserver3 + $userradius.'tertiary-secret' | Should -Not -Be $Null + } + + It "Add User RADIUS Server $pester_userradius with timeout" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -timeout 100 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius.timeout | Should -Be "100" + } + + It "Add User RADIUS Server $pester_userradius with NAS IP" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_ip 192.0.2.1 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."nas-ip" | Should -Be "192.0.2.1" + } + + It "Add User RADIUS Server $pester_userradius with NAS ID" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_id PowerFGT + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."nas-id" | Should -Be "PowerFGT" + } + + It "Try to Add User RADIUS Server $pester_userradius (but there is already a object with same name)" { + #Add first userRADIUS + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + #Add Second userRADIUS with same name + { Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret } | Should -Throw "Already a RADIUS Server using the same name" + } + + } + + Context "Radius Server auth-type" { + + AfterEach { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + It "Add User RADIUS Server $pester_userradius with auth_type as auto" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type auto + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "auto" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as ms_chap_v2" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type ms_chap_v2 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "ms_chap_v2" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as ms_chap" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type ms_chap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "ms_chap" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as chap" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type chap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "chap" + } + + It "Add User RADIUS Server $pester_userradius with auth_type as pap" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -auth_type pap + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."auth-type" | Should -Be "pap" + } + + } + +} + +Describe "Configure User RADIUS" { + + Context "Change server, CNID, DN, etc..." { + + BeforeAll { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + } + + It "Change name of RADIUS Server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -name "pester_RADIUSserver_renamed" + $userradius = Get-FGTUserRADIUS -name "pester_RADIUSserver_renamed" + $userradius.name | Should -Be "pester_RADIUSserver_renamed" + $userradius.server | Should -Be $pester_userradiusserver1 + } + + It "Change name of RADIUS Server back to initial value" { + Get-FGTUserRADIUS -name "pester_RADIUSserver_renamed" | Set-FGTuserRADIUS -name $pester_userradius + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + } + + It "Change server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -server $pester_userradiusserver2 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver2 + } + + It "Change secondary-server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secondary_server $pester_userradiusserver3 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver2 + $userradius."secondary-server" | Should -Be $pester_userradiusserver3 + } + + It "Change tertiary-server" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -tertiary_server $pester_userradiusserver1 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver2 + $userradius."secondary-server" | Should -Be $pester_userradiusserver3 + $userradius."tertiary-server" | Should -Be $pester_userradiusserver1 + } + + It "Change CNID" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -cnid sAMAccountName + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.cnid | Should -Be "sAMAccountName" + } + + It "Change DN" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -dn "dc=newfgt,dc=power,dc=powerfgt" + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.dn | Should -Be "dc=newfgt,dc=power,dc=powerfgt" + } + + AfterAll { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + } + + Context "Change type" { + + BeforeAll { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + } + + It "Change type (Regular)" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular -username powerfgt -password $pester_userradiuspassword + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.type | Should -Be "regular" + $userradius.username | Should -Be "powerfgt" + $userradius.password | Should -Not -Be $Null + } + + It "Change only username when type is already regular" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -username powerfgtchanged + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.type | Should -Be "regular" + $userradius.username | Should -Be "powerfgtchanged" + } + + It "Change only password when type is already regular" { + { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -password $pester_userradiuspasswordchanged + } | Should -Not -Throw + } + + It "Change type (Anonymous)" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type anonymous + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.type | Should -Be "anonymous" + } + + It "Change type (Simple)" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type simple + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.type | Should -Be "simple" + } + + It "Change only username when type is not regular" { + { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -username powerfgt + } | Should -Throw "The type need to be regular to specify username or password" + } + + It "Change only password when type is not regular" { + { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -password $pester_userradiuspassword + } | Should -Throw "The type need to be regular to specify username or password" + } + + It "Change username and password when type is not regular" { + { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -username powerfgt -password $pester_userradiuspassword + } | Should -Throw "The type need to be regular to specify username or password" + } + + It "Change type to regular without username" { + { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular -password $pester_userradiuspassword + } | Should -Throw "You need to specify an username and a password !" + } + + It "Change type to regular without password" { + { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular -username powerfgt + } | Should -Throw "You need to specify an username and a password !" + } + + It "Change type to regular without username and password" { + { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular + } | Should -Throw "You need to specify an username and a password !" + } + + AfterAll { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + } + + Context "Change secure connection" { + + BeforeAll { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + } + + It "Change secure connection to RADIUSs" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secure RADIUSs + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.secure | Should -Be "RADIUSs" + $userradius.port | Should -Be "636" + } + + It "Change secure connection to starttls" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secure starttls + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.secure | Should -Be "starttls" + $userradius.port | Should -Be "389" + } + + It "Change secure connection to disable" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secure disable + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.secure | Should -Be "disable" + $userradius.port | Should -Be "389" + } + + It "Change secure connection with -data" { + $data = @{ "secure" = "RADIUSs" } + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -data $data + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.secure | Should -Be "RADIUSs" + $userradius.port | Should -Be "636" + } + + AfterAll { + Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false + } + + } +} + +Describe "Remove User RADIUS" { + + Context "local" { + + BeforeEach { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + } + + It "Remove User RADIUS $pester_userradius by pipeline" { + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius | Remove-FGTUserRADIUS -confirm:$false + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius | Should -Be $NULL + } + + } + +} + +AfterAll { + Disconnect-FGT -confirm:$false +} \ No newline at end of file From a6f6d45fd6ff3df13581c945cd7f2b40e88fac96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:18:28 +0200 Subject: [PATCH 06/25] Add remove function tests --- Tests/integration/UserRadius.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 index 3d213d34c..dbe7c8d56 100644 --- a/Tests/integration/UserRadius.Tests.ps1 +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -404,7 +404,7 @@ Describe "Remove User RADIUS" { Context "local" { BeforeEach { - Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret } It "Remove User RADIUS $pester_userradius by pipeline" { From de91ada5af6d139475c16a4bcce121ed43ffca0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:30:42 +0200 Subject: [PATCH 07/25] Add set function --- PowerFGT/Public/cmdb/user/radius.ps1 | 180 +++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 338d7b77d..0e41d54e4 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -309,6 +309,186 @@ function Get-FGTUserRADIUS { } } +function Set-FGTUserRADIUS { + + <# + .SYNOPSIS + Change a FortiGate RADIUS Server + + .DESCRIPTION + Change a FortiGate RADIUS Server + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -server mynewRADIUSserver + + Change server name from MyFGTUserRADIUS to mynewRADIUSserver + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -secondary_server radius2.powerfgt -secondary_secret $mysecret + + Change secondary server and secret + + .EXAMPLE + $MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$mysecret = ConvertTo-SecureString mysecret -AsPlainText -Force + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -tertiary_server radius2.powerfgt -tertiary_secret $mysecret + + Change tertiary server and secret + + .EXAMPLE + $data = @{ "timeout" = "200" } + PS C:\>$MyFGTUserRADIUS = Get-FGTUserRADIUS -name MyFGTUserRADIUS + PS C:\>$MyFGTUserRADIUS | Set-FGTUserRADIUS -data $data + + Change timeout to 200sec + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + [ValidateScript( { Confirm-FGTUserRADIUS $_ })] + [psobject]$userradius, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 35)] + [string]$name, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$server, + [Parameter (Mandatory = $false)] + [SecureString]$secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$secondary_server, + [Parameter (Mandatory = $false)] + [SecureString]$secondary_secret, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$tertiary_server, + [Parameter (Mandatory = $false)] + [SecureString]$tertiary_secret, + [Parameter (Mandatory = $false)] + [ValidateRange(0, 300)] + [int]$timeout, + [Parameter (Mandatory = $false)] + [string]$nas_ip, + [Parameter (Mandatory = $false)] + [ValidateSet("ms_chap_v2", "ms_chap", "chap", "pap", "auto")] + [string]$auth_type, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 255)] + [string]$nas_id, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/radius/$($userradius.name)" + + $_radius = New-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('name') ) { + #TODO check if there is no already an object with this name ? + $_radius | add-member -name "name" -membertype NoteProperty -Value $name + $userradius.name = $name + } + + if ( $PsBoundParameters.ContainsKey('server') ) { + $_radius | add-member -name "server" -membertype NoteProperty -Value $server + } + + if ( $PsBoundParameters.ContainsKey('secret') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + else { + $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $_radius | add-member -name "secret" -membertype NoteProperty -Value $sec + } + } + + if ( $PsBoundParameters.ContainsKey('secondary_server') ) { + $_radius | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server + } + + if ( $PsBoundParameters.ContainsKey('secondary_secret') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $secondary_sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $secondary_sec + } + else { + $secondary_sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $_radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $secondary_sec + } + } + + if ( $PsBoundParameters.ContainsKey('tertiary_server') ) { + $_radius | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server + } + + if ( $PsBoundParameters.ContainsKey('tertiary_secret') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $tertiary_sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $tertiary_sec + } + else { + $tertiary_sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $_radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $tertiary_sec + } + } + + if ( $PsBoundParameters.ContainsKey('timeout') ) { + $_radius | add-member -name "timeout" -membertype NoteProperty -Value $timeout + } + + if ( $PsBoundParameters.ContainsKey('nas_ip') ) { + $_radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nas_ip + } + + if ( $PsBoundParameters.ContainsKey('nas_id') ) { + $_radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + } + + if ( $PsBoundParameters.ContainsKey('auth_type') ) { + $_radius | add-member -name "auth-type" -membertype NoteProperty -Value $auth_type + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_radius | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + if ($PSCmdlet.ShouldProcess($userradius.name, 'Configure User Radius')) { + Invoke-FGTRestMethod -method "PUT" -body $_radius -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserRADIUS -connection $connection @invokeParams -name $userradius.name + } + } + + End { + } +} + function Remove-FGTUserRADIUS { <# From ae7e93b3bdea8cbc3903cdf1f69f9ef7811418f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 10 Sep 2024 17:38:16 +0200 Subject: [PATCH 08/25] Add set tests --- Tests/integration/UserRadius.Tests.ps1 | 157 +++++++------------------ 1 file changed, 43 insertions(+), 114 deletions(-) diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 index dbe7c8d56..a951ff6e8 100644 --- a/Tests/integration/UserRadius.Tests.ps1 +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -205,21 +205,21 @@ Describe "Add User Radius" { Describe "Configure User RADIUS" { - Context "Change server, CNID, DN, etc..." { + Context "Change server, secondary-server, timeout, etc ..." { BeforeAll { - Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret } It "Change name of RADIUS Server" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -name "pester_RADIUSserver_renamed" - $userradius = Get-FGTUserRADIUS -name "pester_RADIUSserver_renamed" - $userradius.name | Should -Be "pester_RADIUSserver_renamed" + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -name "pester_radiusserver_renamed" + $userradius = Get-FGTUserRADIUS -name "pester_radiusserver_renamed" + $userradius.name | Should -Be "pester_radiusserver_renamed" $userradius.server | Should -Be $pester_userradiusserver1 } It "Change name of RADIUS Server back to initial value" { - Get-FGTUserRADIUS -name "pester_RADIUSserver_renamed" | Set-FGTuserRADIUS -name $pester_userradius + Get-FGTUserRADIUS -name "pester_radiusserver_renamed" | Set-FGTuserRADIUS -name $pester_userradius $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius } @@ -229,122 +229,48 @@ Describe "Configure User RADIUS" { $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius $userradius.server | Should -Be $pester_userradiusserver2 + $userradius.secret | Should -Not -Be $Null } It "Change secondary-server" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secondary_server $pester_userradiusserver3 + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secondary_server $pester_userradiusserver3 -secondary_secret $pester_userradius_secret $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius $userradius.server | Should -Be $pester_userradiusserver2 $userradius."secondary-server" | Should -Be $pester_userradiusserver3 + $userradius."secondary-secret" | Should -Not -Be $Null } It "Change tertiary-server" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -tertiary_server $pester_userradiusserver1 + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -tertiary_server $pester_userradiusserver1 -tertiary_secret $pester_userradius_secret $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius $userradius.server | Should -Be $pester_userradiusserver2 $userradius."secondary-server" | Should -Be $pester_userradiusserver3 + $userradius."secondary-secret" | Should -Not -Be $Null $userradius."tertiary-server" | Should -Be $pester_userradiusserver1 + $userradius."tertiary-secret" | Should -Not -Be $Null } - It "Change CNID" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -cnid sAMAccountName + It "Change timeout" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -timeout 200 $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius - $userradius.cnid | Should -Be "sAMAccountName" - } - - It "Change DN" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -dn "dc=newfgt,dc=power,dc=powerfgt" - $userradius = Get-FGTUserRADIUS -name $pester_userradius - $userradius.name | Should -Be $pester_userradius - $userradius.dn | Should -Be "dc=newfgt,dc=power,dc=powerfgt" - } - - AfterAll { - Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false - } - - } - - Context "Change type" { - - BeforeAll { - Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" - } - - It "Change type (Regular)" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular -username powerfgt -password $pester_userradiuspassword - $userradius = Get-FGTUserRADIUS -name $pester_userradius - $userradius.name | Should -Be $pester_userradius - $userradius.type | Should -Be "regular" - $userradius.username | Should -Be "powerfgt" - $userradius.password | Should -Not -Be $Null - } - - It "Change only username when type is already regular" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -username powerfgtchanged - $userradius = Get-FGTUserRADIUS -name $pester_userradius - $userradius.name | Should -Be $pester_userradius - $userradius.type | Should -Be "regular" - $userradius.username | Should -Be "powerfgtchanged" - } - - It "Change only password when type is already regular" { - { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -password $pester_userradiuspasswordchanged - } | Should -Not -Throw + $userradius.timeout | Should -Be "200" } - It "Change type (Anonymous)" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type anonymous + It "Change NAS IP" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_ip "192.2.0.2" $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius - $userradius.type | Should -Be "anonymous" + $userradius."nas-ip" | Should -Be "192.2.0.2" } - It "Change type (Simple)" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type simple + It "Change NAS ID" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id "PowerFGT" $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius - $userradius.type | Should -Be "simple" - } - - It "Change only username when type is not regular" { - { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -username powerfgt - } | Should -Throw "The type need to be regular to specify username or password" - } - - It "Change only password when type is not regular" { - { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -password $pester_userradiuspassword - } | Should -Throw "The type need to be regular to specify username or password" - } - - It "Change username and password when type is not regular" { - { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -username powerfgt -password $pester_userradiuspassword - } | Should -Throw "The type need to be regular to specify username or password" - } - - It "Change type to regular without username" { - { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular -password $pester_userradiuspassword - } | Should -Throw "You need to specify an username and a password !" - } - - It "Change type to regular without password" { - { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular -username powerfgt - } | Should -Throw "You need to specify an username and a password !" - } - - It "Change type to regular without username and password" { - { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -type regular - } | Should -Throw "You need to specify an username and a password !" + $userradius."nas-id" | Should -Be "PowerFGT" } AfterAll { @@ -353,43 +279,45 @@ Describe "Configure User RADIUS" { } - Context "Change secure connection" { + Context "Change auth-type" { BeforeAll { - Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -dn "dc=fgt,dc=power,dc=powerfgt" + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret + } + + It "Change type ms_chap_v2" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type ms_chap_v2 + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."auth-type" | Should -Be "ms_chap_v2" } - It "Change secure connection to RADIUSs" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secure RADIUSs + It "Change type ms_chap" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type ms_chap $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius - $userradius.secure | Should -Be "RADIUSs" - $userradius.port | Should -Be "636" + $userradius."auth-type" | Should -Be "ms_chap" } - It "Change secure connection to starttls" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secure starttls + It "Change type chap" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type chap $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius - $userradius.secure | Should -Be "starttls" - $userradius.port | Should -Be "389" + $userradius."auth-type" | Should -Be "chap" } - It "Change secure connection to disable" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -secure disable + It "Change type pap" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type pap $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius - $userradius.secure | Should -Be "disable" - $userradius.port | Should -Be "389" + $userradius."auth-type" | Should -Be "pap" } - It "Change secure connection with -data" { - $data = @{ "secure" = "RADIUSs" } - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -data $data + It "Change type auto" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -auth_type auto $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius - $userradius.secure | Should -Be "RADIUSs" - $userradius.port | Should -Be "636" + $userradius."auth-type" | Should -Be "auto" } AfterAll { @@ -397,6 +325,7 @@ Describe "Configure User RADIUS" { } } + } Describe "Remove User RADIUS" { From 068fc5a559a51af4925e4002ac10cbf21094208b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 10:13:59 +0200 Subject: [PATCH 09/25] Fix common.ps1 --- Tests/common.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 90117e071..74e091a98 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -63,12 +63,12 @@ $script:pester_usertacacsserver2 = "pestertacacsserver2.powerfgt" $script:pester_usertacacsserver3 = "pestertacacsserver3.powerfgt" $script:pester_usertacacs_key = ConvertTo-SecureString "pester_usertacacskey" -AsPlainText -Force $script:pester_userradius = "pester_userradius" -$script:pester_userradiusserver1 = "pester_userradiusserver1" -$script:pester_userradiusserver2 = "pester_userradiusserver2" -$script:pester_userradiusserver3 = "pester_userradiusserver3" +$script:pester_userradiusserver1 = "pesterradiusserver1.powerfgt" +$script:pester_userradiusserver2 = "pesterradiusserver2.powerfgt" +$script:pester_userradiusserver3 = "pesterradiusserver3.powerfgt" $script:pester_userradius_secret = ConvertTo-SecureString "pester_userradiussecret" -AsPlainText -Force -. ../credential.ps1 +#. ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... $script:mysecpassword = ConvertTo-SecureString $password -AsPlainText -Force From e70fb8609178759afc18b92e1b864b6b176679e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 10:23:39 +0200 Subject: [PATCH 10/25] Fix add/set secret for secondary and tertiary servers --- PowerFGT/Public/cmdb/user/radius.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 0e41d54e4..80d1d0e0e 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -134,12 +134,12 @@ function Add-FGTUserRADIUS { elseif ($PsBoundParameters.ContainsKey('secondary_server') -and $PsBoundParameters.ContainsKey('secondary_secret')) { $radius | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { - $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secondary_secret); $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); $radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $sec } else { - $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $sec = ConvertFrom-SecureString -SecureString $secondary_secret -AsPlainText $radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $sec } } @@ -150,12 +150,12 @@ function Add-FGTUserRADIUS { elseif ($PsBoundParameters.ContainsKey('tertiary_server') -and $PsBoundParameters.ContainsKey('tertiary_secret')) { $radius | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { - $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tertiary_secret); $sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); $radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $sec } else { - $sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $sec = ConvertFrom-SecureString -SecureString $tertiary_secret -AsPlainText $radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $sec } } @@ -430,12 +430,12 @@ function Set-FGTUserRADIUS { if ( $PsBoundParameters.ContainsKey('secondary_secret') ) { if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { - $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secondary_secret); $secondary_sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); $_radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $secondary_sec } else { - $secondary_sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $secondary_sec = ConvertFrom-SecureString -SecureString $secondary_secret -AsPlainText $_radius | add-member -name "secondary-secret" -membertype NoteProperty -Value $secondary_sec } } @@ -446,12 +446,12 @@ function Set-FGTUserRADIUS { if ( $PsBoundParameters.ContainsKey('tertiary_secret') ) { if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { - $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret); + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tertiary_secret); $tertiary_sec = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); $_radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $tertiary_sec } else { - $tertiary_sec = ConvertFrom-SecureString -SecureString $secret -AsPlainText + $tertiary_sec = ConvertFrom-SecureString -SecureString $tertiary_secret -AsPlainText $_radius | add-member -name "tertiary-secret" -membertype NoteProperty -Value $tertiary_sec } } From f4151654b395a03c9b868fdeb84077c06afce701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 10:27:27 +0200 Subject: [PATCH 11/25] Fix nas-id --- PowerFGT/Public/cmdb/user/radius.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 80d1d0e0e..e5eca28c3 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -465,6 +465,7 @@ function Set-FGTUserRADIUS { } if ( $PsBoundParameters.ContainsKey('nas_id') ) { + $_radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" $_radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id } From f1265be1303c51b8bf5286201502f7bb506e6445 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 10:39:03 +0200 Subject: [PATCH 12/25] Fix nas-ip --- PowerFGT/Public/cmdb/user/radius.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index e5eca28c3..119cc36b6 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -165,9 +165,8 @@ function Add-FGTUserRADIUS { } if ( $PsBoundParameters.ContainsKey('nas_ip') ) { - $nasip = new-Object -TypeName PSObject - $nasip | add-member -name "Address" -membertype NoteProperty -Value $nas_ip - $radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nasip + $radius | add-member -name "switch-controller-nas-ip-dynamic" -membertype NoteProperty -Value $true + $radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nas_ip } if ( $PsBoundParameters.ContainsKey('auth_type') ) { @@ -461,6 +460,7 @@ function Set-FGTUserRADIUS { } if ( $PsBoundParameters.ContainsKey('nas_ip') ) { + $_radius | add-member -name "switch-controller-nas-ip-dynamic" -membertype NoteProperty -Value $true $_radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nas_ip } From c6a4f9f2ab265c5b6d47c5318a6ae403cca02350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 10:39:49 +0200 Subject: [PATCH 13/25] Uncomment credentials.ps1 --- Tests/common.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 74e091a98..8846774d1 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -68,7 +68,7 @@ $script:pester_userradiusserver2 = "pesterradiusserver2.powerfgt" $script:pester_userradiusserver3 = "pesterradiusserver3.powerfgt" $script:pester_userradius_secret = ConvertTo-SecureString "pester_userradiussecret" -AsPlainText -Force -#. ../credential.ps1 +. ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... $script:mysecpassword = ConvertTo-SecureString $password -AsPlainText -Force From 24a754c10aca385a45a18fa179116a017e70a977 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 17:30:38 +0200 Subject: [PATCH 14/25] Fix typo in confirm.ps1 --- PowerFGT/Private/Confirm.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index 6cc153ede..36bc74b45 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -426,7 +426,7 @@ Function Confirm-FGTUserRADIUS { throw "Element specified does not contain a nas-id property." } if ( -not ( $argument | get-member -name auth-type -Membertype Properties)) { - throw "Element specified does not contain a auth-type property." + throw "Element specified does not contain an auth-type property." } $true From 4d1aa9631b4ab5f2e9b3134d32114e5e788f729d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 17:32:00 +0200 Subject: [PATCH 15/25] Fix typo in userradius.tests.ps1 --- Tests/integration/UserRadius.Tests.ps1 | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 index a951ff6e8..28b6e8ba1 100644 --- a/Tests/integration/UserRadius.Tests.ps1 +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -11,19 +11,19 @@ BeforeAll { Connect-FGT @invokeParams } -Describe "Get User Radius" { +Describe "Get User RADIUS" { BeforeAll { Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret } - It "Get User Radius Does not throw an error" { + It "Get User RADIUS Does not throw an error" { { Get-FGTUserRADIUS } | Should -Not -Throw } - It "Get ALL User Radius" { + It "Get ALL User RADIUS" { $userradius = Get-FGTUserRADIUS @($userradius).count | Should -Not -Be $NULL } @@ -33,7 +33,7 @@ Describe "Get User Radius" { @($userradius).count | Should -Not -Be $NULL } - It "Get User Radius with -name $pester_userradius -meta" { + It "Get User RADIUS with -name $pester_userradius -meta" { $userradius = Get-FGTUserRADIUS -name $pester_userradius -meta $userradius.q_ref | Should -Not -BeNullOrEmpty $userradius.q_static | Should -Not -BeNullOrEmpty @@ -48,19 +48,19 @@ Describe "Get User Radius" { } } - It "Get User Radius ($pester_userradius)" { + It "Get User RADIUS ($pester_userradius)" { $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius } - It "Get User Radius ($pester_userradius) and confirm (via Confirm-FGTUserRADIUS)" { + It "Get User RADIUS ($pester_userradius) and confirm (via Confirm-FGTUserRADIUS)" { $userradius = Get-FGTUserRADIUS -name $pester_userradius Confirm-FGTUserRADIUS ($userradius) | Should -Be $true } Context "Search" { - It "Search User Radius by name ($pester_userradius)" { + It "Search User RADIUS by name ($pester_userradius)" { $userradius = Get-FGTUserRADIUS -name $pester_userradius @($userradius).count | Should -be 1 $userradius.name | Should -Be $pester_userradius @@ -74,9 +74,9 @@ Describe "Get User Radius" { } -Describe "Add User Radius" { +Describe "Add User RADIUS" { - Context "Radius Server (Primary, secondary, tertiary servers, timeout, nas ID etc ...)" { + Context "RADIUS Server (Primary, secondary, tertiary servers, timeout, nas ID etc ...)" { AfterEach { Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false @@ -148,7 +148,7 @@ Describe "Add User Radius" { } - Context "Radius Server auth-type" { + Context "RADIUS Server auth-type" { AfterEach { Get-FGTUserRADIUS -name $pester_userradius | Remove-FGTUserRADIUS -confirm:$false From 18f64e96a55afc87d93632051ade7ef11d9afdec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 17:36:28 +0200 Subject: [PATCH 16/25] Fix parameter in radius.ps1 --- PowerFGT/Public/cmdb/user/radius.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 119cc36b6..b8688eab7 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -201,7 +201,7 @@ function Add-FGTUserRADIUS { Invoke-FGTRestMethod -method "POST" -body $radius -uri $uri -connection $connection @invokeParams | out-Null - Get-FGTUserRADIUS -connection $connection @invokeParams -name $name + Get-FGTUserRADIUS -name $name -connection $connection @invokeParams } End { @@ -482,7 +482,7 @@ function Set-FGTUserRADIUS { if ($PSCmdlet.ShouldProcess($userradius.name, 'Configure User Radius')) { Invoke-FGTRestMethod -method "PUT" -body $_radius -uri $uri -connection $connection @invokeParams | out-Null - Get-FGTUserRADIUS -connection $connection @invokeParams -name $userradius.name + Get-FGTUserRADIUS -name $userradius.name -connection $connection @invokeParams } } From 7d61b6a223efb280d50fc2d338bdf7155cf6ead5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 17:40:54 +0200 Subject: [PATCH 17/25] Remove nas-id in confirm.ps1 --- PowerFGT/Private/Confirm.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index 36bc74b45..2714bc326 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -422,9 +422,6 @@ Function Confirm-FGTUserRADIUS { if ( -not ( $argument | get-member -name nas-ip -Membertype Properties)) { throw "Element specified does not contain a nas-ip property." } - if ( -not ( $argument | get-member -name nas-id -Membertype Properties)) { - throw "Element specified does not contain a nas-id property." - } if ( -not ( $argument | get-member -name auth-type -Membertype Properties)) { throw "Element specified does not contain an auth-type property." } From 3684cfe6446b0639cac69a2e09abbe20d134ab64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 17:42:30 +0200 Subject: [PATCH 18/25] Remove -visibility in add function --- PowerFGT/Public/cmdb/user/radius.ps1 | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index b8688eab7..b49914acc 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -87,8 +87,6 @@ function Add-FGTUserRADIUS { [ValidateLength(0, 255)] [string]$nas_id, [Parameter (Mandatory = $false)] - [boolean]$visibility, - [Parameter (Mandatory = $false)] [hashtable]$data, [Parameter(Mandatory = $false)] [String[]]$vdom, @@ -178,21 +176,6 @@ function Add-FGTUserRADIUS { $radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id } - if ( $PsBoundParameters.ContainsKey('visibility') ) { - #with 6.4.x, there is no longer visibility parameter - if ($connection.version -ge "6.4.0") { - Write-Warning "-visibility parameter is no longer available with FortiOS 6.4.x and after" - } - else { - if ( $visibility ) { - $radius | add-member -name "visibility" -membertype NoteProperty -Value "enable" - } - else { - $radius | add-member -name "visibility" -membertype NoteProperty -Value "disable" - } - } - } - if ( $PsBoundParameters.ContainsKey('data') ) { $data.GetEnumerator() | ForEach-Object { $radius | Add-member -name $_.key -membertype NoteProperty -Value $_.value From 36312628adc4927ea509311a5f069bd18be19760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 12 Sep 2024 11:12:43 +0200 Subject: [PATCH 19/25] Fix nas-id not available before 7.x.x --- PowerFGT/Public/cmdb/user/radius.ps1 | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index b49914acc..6e847223e 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -172,8 +172,14 @@ function Add-FGTUserRADIUS { } if ( $PsBoundParameters.ContainsKey('nas_id') ) { - $radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" - $radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + #before 7.x.x, there is no nas-id parameter + if ($connection.version -lt "7.0.0") { + Write-Warning "-nas-id parameter is not available before FortiOS 7.0.x" + } + else { + $radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" + $radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + } } if ( $PsBoundParameters.ContainsKey('data') ) { @@ -448,8 +454,14 @@ function Set-FGTUserRADIUS { } if ( $PsBoundParameters.ContainsKey('nas_id') ) { - $_radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" - $_radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + #before 7.x.x, there is no nas-id parameter + if ($connection.version -lt "7.0.0") { + Write-Warning "-nas-id parameter is not available before FortiOS 7.0.x" + } + else { + $radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" + $radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + } } if ( $PsBoundParameters.ContainsKey('auth_type') ) { From 03c768c71ba95951a7f0ef2919be773f8066d311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 12 Sep 2024 11:15:21 +0200 Subject: [PATCH 20/25] Fix nas-id in tests --- Tests/integration/UserRadius.Tests.ps1 | 28 +++++++++++++++----------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 index 28b6e8ba1..739f1ac08 100644 --- a/Tests/integration/UserRadius.Tests.ps1 +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -130,13 +130,15 @@ Describe "Add User RADIUS" { $userradius."nas-ip" | Should -Be "192.0.2.1" } - It "Add User RADIUS Server $pester_userradius with NAS ID" { - Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_id PowerFGT - $userradius = Get-FGTUserRADIUS -name $pester_userradius - $userradius.name | Should -Be $pester_userradius - $userradius.server | Should -Be $pester_userradiusserver1 - $userradius.secret | Should -Not -Be $Null - $userradius."nas-id" | Should -Be "PowerFGT" + if ($DefaultFGTConnection.version -ge "7.0.0") { + It "Add User RADIUS Server $pester_userradius with NAS ID" { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_id PowerFGT + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."nas-id" | Should -Be "PowerFGT" + } } It "Try to Add User RADIUS Server $pester_userradius (but there is already a object with same name)" { @@ -266,11 +268,13 @@ Describe "Configure User RADIUS" { $userradius."nas-ip" | Should -Be "192.2.0.2" } - It "Change NAS ID" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id "PowerFGT" - $userradius = Get-FGTUserRADIUS -name $pester_userradius - $userradius.name | Should -Be $pester_userradius - $userradius."nas-id" | Should -Be "PowerFGT" + if ($DefaultFGTConnection.version -ge "7.0.0") { + It "Change NAS ID" { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id "PowerFGT" + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."nas-id" | Should -Be "PowerFGT" + } } AfterAll { From e147a97a8d3c0d6c555419ce6b99966562bed036 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Thu, 12 Sep 2024 16:17:18 +0200 Subject: [PATCH 21/25] Fix nas-id in tests using -skip --- Tests/integration/UserRadius.Tests.ps1 | 28 +++++++++++--------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 index 739f1ac08..41387388b 100644 --- a/Tests/integration/UserRadius.Tests.ps1 +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -130,15 +130,13 @@ Describe "Add User RADIUS" { $userradius."nas-ip" | Should -Be "192.0.2.1" } - if ($DefaultFGTConnection.version -ge "7.0.0") { - It "Add User RADIUS Server $pester_userradius with NAS ID" { - Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_id PowerFGT - $userradius = Get-FGTUserRADIUS -name $pester_userradius - $userradius.name | Should -Be $pester_userradius - $userradius.server | Should -Be $pester_userradiusserver1 - $userradius.secret | Should -Not -Be $Null - $userradius."nas-id" | Should -Be "PowerFGT" - } + It "Add User RADIUS Server $pester_userradius with NAS ID" -skip:($fgt_version -lt "7.0.0") { + Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_id PowerFGT + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius.server | Should -Be $pester_userradiusserver1 + $userradius.secret | Should -Not -Be $Null + $userradius."nas-id" | Should -Be "PowerFGT" } It "Try to Add User RADIUS Server $pester_userradius (but there is already a object with same name)" { @@ -268,13 +266,11 @@ Describe "Configure User RADIUS" { $userradius."nas-ip" | Should -Be "192.2.0.2" } - if ($DefaultFGTConnection.version -ge "7.0.0") { - It "Change NAS ID" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id "PowerFGT" - $userradius = Get-FGTUserRADIUS -name $pester_userradius - $userradius.name | Should -Be $pester_userradius - $userradius."nas-id" | Should -Be "PowerFGT" - } + It "Change NAS ID" -skip:($fgt_version -lt "7.0.0") { + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id "PowerFGT" + $userradius = Get-FGTUserRADIUS -name $pester_userradius + $userradius.name | Should -Be $pester_userradius + $userradius."nas-id" | Should -Be "PowerFGT" } AfterAll { From 000614ffe153c914155e60bd4a83aea5ba905fea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Fri, 13 Sep 2024 09:54:07 +0200 Subject: [PATCH 22/25] Fix nas-id (not existing in 7.0.0) --- PowerFGT/Public/cmdb/user/radius.ps1 | 4 ++-- Tests/integration/UserRadius.Tests.ps1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index 6e847223e..de4c0eab9 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -173,8 +173,8 @@ function Add-FGTUserRADIUS { if ( $PsBoundParameters.ContainsKey('nas_id') ) { #before 7.x.x, there is no nas-id parameter - if ($connection.version -lt "7.0.0") { - Write-Warning "-nas-id parameter is not available before FortiOS 7.0.x" + if ($connection.version -lt "7.2.0") { + Write-Warning "-nas-id parameter is not available before FortiOS 7.2.x" } else { $radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 index 41387388b..b1b6d48b3 100644 --- a/Tests/integration/UserRadius.Tests.ps1 +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -130,7 +130,7 @@ Describe "Add User RADIUS" { $userradius."nas-ip" | Should -Be "192.0.2.1" } - It "Add User RADIUS Server $pester_userradius with NAS ID" -skip:($fgt_version -lt "7.0.0") { + It "Add User RADIUS Server $pester_userradius with NAS ID" -skip:($fgt_version -lt "7.2.0") { Add-FGTUserRADIUS -Name $pester_userradius -server $pester_userradiusserver1 -secret $pester_userradius_secret -nas_id PowerFGT $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius @@ -266,7 +266,7 @@ Describe "Configure User RADIUS" { $userradius."nas-ip" | Should -Be "192.2.0.2" } - It "Change NAS ID" -skip:($fgt_version -lt "7.0.0") { + It "Change NAS ID" -skip:($fgt_version -lt "7.2.0") { Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id "PowerFGT" $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius From 39c0bb2ba37e9e70648a8e6e16586e1a5944aa29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Fri, 13 Sep 2024 10:07:17 +0200 Subject: [PATCH 23/25] Fix nas-ip tests --- Tests/integration/UserRadius.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/integration/UserRadius.Tests.ps1 b/Tests/integration/UserRadius.Tests.ps1 index b1b6d48b3..8de5406ed 100644 --- a/Tests/integration/UserRadius.Tests.ps1 +++ b/Tests/integration/UserRadius.Tests.ps1 @@ -260,14 +260,14 @@ Describe "Configure User RADIUS" { } It "Change NAS IP" { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_ip "192.2.0.2" + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_ip 192.2.0.2 $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius $userradius."nas-ip" | Should -Be "192.2.0.2" } It "Change NAS ID" -skip:($fgt_version -lt "7.2.0") { - Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id "PowerFGT" + Get-FGTUserRADIUS -name $pester_userradius | Set-FGTuserRADIUS -nas_id PowerFGT $userradius = Get-FGTUserRADIUS -name $pester_userradius $userradius.name | Should -Be $pester_userradius $userradius."nas-id" | Should -Be "PowerFGT" From d4453b13a8fcf4db16b91d0d53bc002d72eb384e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Mon, 16 Sep 2024 15:16:37 +0200 Subject: [PATCH 24/25] remove switch-controller-nas-ip-dynamic --- PowerFGT/Public/cmdb/user/radius.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index de4c0eab9..e2bdd714d 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -163,7 +163,6 @@ function Add-FGTUserRADIUS { } if ( $PsBoundParameters.ContainsKey('nas_ip') ) { - $radius | add-member -name "switch-controller-nas-ip-dynamic" -membertype NoteProperty -Value $true $radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nas_ip } From c6f5929c01769ba9d1817ef9f977042b5a8fb901 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Mon, 16 Sep 2024 17:39:21 +0200 Subject: [PATCH 25/25] fix nas-id and nas-ip tests --- PowerFGT/Public/cmdb/user/radius.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/radius.ps1 b/PowerFGT/Public/cmdb/user/radius.ps1 index e2bdd714d..6d616ea40 100644 --- a/PowerFGT/Public/cmdb/user/radius.ps1 +++ b/PowerFGT/Public/cmdb/user/radius.ps1 @@ -448,7 +448,6 @@ function Set-FGTUserRADIUS { } if ( $PsBoundParameters.ContainsKey('nas_ip') ) { - $_radius | add-member -name "switch-controller-nas-ip-dynamic" -membertype NoteProperty -Value $true $_radius | add-member -name "nas-ip" -membertype NoteProperty -Value $nas_ip } @@ -458,8 +457,8 @@ function Set-FGTUserRADIUS { Write-Warning "-nas-id parameter is not available before FortiOS 7.0.x" } else { - $radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" - $radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id + $_radius | add-member -name "nas-id-type" -membertype NoteProperty -Value "custom" + $_radius | add-member -name "nas-id" -membertype NoteProperty -Value $nas_id } }