From 526bef5026d7aa28cfe32179ca5dfbb9c4d27ea1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 12:00:49 +0200 Subject: [PATCH 01/18] Get function --- PowerFGT/Public/cmdb/user/tacacs.ps1 | 105 +++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 PowerFGT/Public/cmdb/user/tacacs.ps1 diff --git a/PowerFGT/Public/cmdb/user/tacacs.ps1 b/PowerFGT/Public/cmdb/user/tacacs.ps1 new file mode 100644 index 000000000..e111e5a5e --- /dev/null +++ b/PowerFGT/Public/cmdb/user/tacacs.ps1 @@ -0,0 +1,105 @@ +#Get-FGTUserTACACS +# Copyright 2024, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Get-FGTUserTACACS { + + <# + .SYNOPSIS + Get list of all TACACS servers + + .DESCRIPTION + Get list of all TACACS servers + + .EXAMPLE + Get-FGTUserTACACS + + Display all TACACS servers + + .EXAMPLE + Get-FGTUserTACACS -name FGT -filter_type contains + + Get TACACS servers that contains *FGT* + + .EXAMPLE + Get-FGTUserTACACS -meta + + Display all TACACS servers with metadata (q_...) like usage (q_ref) + + .EXAMPLE + Get-FGTUserTACACS -skip + + Display all TACACS servers (but only relevant attributes) + + .EXAMPLE + Get-FGTUserTACACS -vdom vdomX + + Display all TACACS servers on vdomX + #> + + [CmdletBinding(DefaultParameterSetName = "default")] + Param( + [Parameter (Mandatory = $false, Position = 1, ParameterSetName = "name")] + [string]$name, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "filter")] + [string]$filter_attribute, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "name")] + [Parameter (ParameterSetName = "filter")] + [ValidateSet('equal', 'contains')] + [string]$filter_type = "equal", + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "filter")] + [psobject]$filter_value, + [Parameter(Mandatory = $false)] + [switch]$meta, + [Parameter(Mandatory = $false)] + [switch]$skip, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('meta') ) { + $invokeParams.add( 'meta', $meta ) + } + if ( $PsBoundParameters.ContainsKey('skip') ) { + $invokeParams.add( 'skip', $skip ) + } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + #Filtering + switch ( $PSCmdlet.ParameterSetName ) { + "name" { + $filter_value = $name + $filter_attribute = "name" + } + default { } + } + + #if filter value and filter_attribute, add filter (by default filter_type is equal) + if ( $filter_value -and $filter_attribute ) { + $invokeParams.add( 'filter_value', $filter_value ) + $invokeParams.add( 'filter_attribute', $filter_attribute ) + $invokeParams.add( 'filter_type', $filter_type ) + } + + $reponse = Invoke-FGTRestMethod -uri 'api/v2/cmdb/user/tacacs+' -method 'GET' -connection $connection @invokeParams + $reponse.results + } + + End { + } +} From f944ca92defd40edf57768dd8758140baa7ecec4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 12:06:34 +0200 Subject: [PATCH 02/18] Get tests --- Tests/integration/UserTacacs.Tests.ps1 | 75 ++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 Tests/integration/UserTacacs.Tests.ps1 diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 new file mode 100644 index 000000000..ac216e1da --- /dev/null +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -0,0 +1,75 @@ +# +# Copyright 2024, Cedric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +#include common configuration +. ../common.ps1 + +BeforeAll { + Connect-FGT @invokeParams +} + +Describe "Get User Tacacs" { + + BeforeAll { + Add-FGTusertacacs -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key + } + + It "Get User Tacacs Does not throw an error" { + { + Get-FGTuserTACACS + } | Should -Not -Throw + } + + It "Get ALL User Tacacs" { + $usertacacs = Get-FGTuserTACACS + @($usertacacs).count | Should -Not -Be $NULL + } + + It "Get ALL User Tacacs with -skip" { + $usertacacs = Get-FGTuserTACACS -skip + @($usertacacs).count | Should -Not -Be $NULL + } + + It "Get User Tacacs with -name $pester_usertacacs -meta" { + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs -meta + $usertacacs.q_ref | Should -Not -BeNullOrEmpty + $usertacacs.q_static | Should -Not -BeNullOrEmpty + $usertacacs.q_no_rename | Should -Not -BeNullOrEmpty + $usertacacs.q_global_entry | Should -Not -BeNullOrEmpty + $usertacacs.q_type | Should -Not -BeNullOrEmpty + $usertacacs.q_path | Should -Be "user" + $usertacacs.q_name | Should -Be "tacacs+" + $usertacacs.q_mkey_type | Should -Be "string" + if ($DefaultFGTConnection.version -ge "6.2.0") { + $usertacacs.q_no_edit | Should -Not -BeNullOrEmpty + } + } + + It "Get User Tacacs ($pester_usertacacs)" { + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + } + + It "Get User Tacacs ($pester_usertacacs) and confirm (via Confirm-FGTuserTACACS)" { + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + Confirm-FGTuserTACACS ($usertacacs) | Should -Be $true + } + + Context "Search" { + + It "Search User Tacacs by name ($pester_usertacacs)" { + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + @($usertacacs).count | Should -be 1 + $usertacacs.name | Should -Be $pester_usertacacs + } + + } + + AfterAll { + Get-FGTuserTACACS -name $pester_usertacacs | Remove-FGTuserTACACS -confirm:$false + } + +} \ No newline at end of file From 32c8ff988370d61c96eeb5d822f401657944fcb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:12:54 +0200 Subject: [PATCH 03/18] Add function --- PowerFGT/Public/cmdb/user/tacacs.ps1 | 192 +++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) diff --git a/PowerFGT/Public/cmdb/user/tacacs.ps1 b/PowerFGT/Public/cmdb/user/tacacs.ps1 index e111e5a5e..2def5e93d 100644 --- a/PowerFGT/Public/cmdb/user/tacacs.ps1 +++ b/PowerFGT/Public/cmdb/user/tacacs.ps1 @@ -4,6 +4,198 @@ # SPDX-License-Identifier: Apache-2.0 # +function Add-FGTUserTACACS { + + <# + .SYNOPSIS + Add a FortiGate TACACS+ Server + + .DESCRIPTION + Add a FortiGate TACACS+ Server + + .EXAMPLE + $mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>Add-FGTUserTACACS -Name PowerFGT -server tacacs.powerfgt -key $mykey + + Add a TACACS+ Server with tacacs.powerfgt as server and key + + .EXAMPLE + $mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>Add-FGTUserTACACS -Name PowerFGT -server tacacs.powerfgt -key $mykey -secondary_server tacacs2.powerfgt -secondary_key $mykey -tertiary_server tacacs3.powerfgt -tertiary_key $mykey + + Add a TACACS+ Server with tacacs.powerfgt as server and key, and secondary and tertiary servers + + .EXAMPLE + $mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>Add-FGTUserTACACS -Name PowerFGT -server tacacs.powerfgt -key $mykey -port 49 + + Add a TACACS+ Server with tacacs.powerfgt as server and key and port set to 49 + + .EXAMPLE + $mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>Add-FGTUserTACACS -Name PowerFGT -server tacacs.powerfgt -key $mykey -authen_type chap + + Add a TACACS+ Server with tacacs.powerfgt as server and key and CHAP as authentication type + + .EXAMPLE + $mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>Add-FGTUserTACACS -Name PowerFGT -server tacacs.powerfgt -key $mykey -authen_type auto + + Add a TACACS+ Server with tacacs.powerfgt as server and key and PAP, MSCHAP and CHAP as authentication type in that order + + .EXAMPLE + $mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>Add-FGTUserTACACS -Name PowerFGT -server tacacs.powerfgt -key $mykey -authorization + + Add a TACACS+ Server with tacacs.powerfgt as server and key and authorization enable + #> + + Param( + [Parameter (Mandatory = $true)] + [ValidateLength(1, 35)] + [string]$name, + [Parameter (Mandatory = $true)] + [ValidateLength(1, 63)] + [string]$server, + [Parameter (Mandatory = $true)] + [SecureString]$key, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$secondary_server, + [Parameter (Mandatory = $false)] + [SecureString]$secondary_key, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$tertiary_server, + [Parameter (Mandatory = $false)] + [SecureString]$tertiary_key, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 65535)] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet("mschap", "chap", "pap", "ascii", "auto")] + [string]$authen_type, + [Parameter (Mandatory = $false)] + [string]$authorization, + [Parameter (Mandatory = $false)] + [boolean]$visibility, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + if ( Get-FGTUserTACACS @invokeParams -name $name -connection $connection) { + Throw "Already a TACACS+ Server using the same name" + } + + $uri = "api/v2/cmdb/user/tacacs+" + + $tacacs = new-Object -TypeName PSObject + + $tacacs | add-member -name "name" -membertype NoteProperty -Value $name + + $tacacs | add-member -name "server" -membertype NoteProperty -Value $server + + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($key); + $key_secure = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $tacacs | add-member -name "key" -membertype NoteProperty -Value $key_secure + } + else { + $key_secure = ConvertFrom-SecureString -SecureString $key -AsPlainText + $tacacs | add-member -name "key" -membertype NoteProperty -Value $key_secure + } + + if ( $PsBoundParameters.ContainsKey('secondary_server') -xor $PsBoundParameters.ContainsKey('secondary_key') ) { + Throw "You must specify secondary server and secondary key !" + } + elseif ($PsBoundParameters.ContainsKey('secondary_server') -and $PsBoundParameters.ContainsKey('secondary_key')) { + $tacacs | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secondary_key); + $secondary_key_secure = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $tacacs | add-member -name "secondary-key" -membertype NoteProperty -Value $secondary_key_secure + } + else { + $secondary_key_secure = ConvertFrom-SecureString -SecureString $secondary_key -AsPlainText + $tacacs | add-member -name "secondary-key" -membertype NoteProperty -Value $secondary_key_secure + } + } + + if ( $PsBoundParameters.ContainsKey('tertiary_server') -xor $PsBoundParameters.ContainsKey('tertiary_key') ) { + Throw "You must specify tertiary server and tertiary key !" + } + elseif ($PsBoundParameters.ContainsKey('tertiary_server') -and $PsBoundParameters.ContainsKey('tertiary_key')) { + $tacacs | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tertiary_key); + $tertiary_key_secure = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $tacacs | add-member -name "tertiary-key" -membertype NoteProperty -Value $tertiary_key_secure + } + else { + $tertiary_key_secure = ConvertFrom-SecureString -SecureString $tertiary_key -AsPlainText + $tacacs | add-member -name "tertiary-key" -membertype NoteProperty -Value $tertiary_key_secure + } + } + + if ( $PsBoundParameters.ContainsKey('port') ) { + $tacacs | add-member -name "port" -membertype NoteProperty -Value $port + } + + if ( $PsBoundParameters.ContainsKey('authen_type') ) { + $tacacs | add-member -name "authen-type" -membertype NoteProperty -Value $authen_type + } + + if ( $PsBoundParameters.ContainsKey('authorization') ) { + $tacacs | add-member -name "authorization" -membertype NoteProperty -Value $true + } + else { + $tacacs | add-member -name "authorization" -membertype NoteProperty -Value $false + } + + if ( $PsBoundParameters.ContainsKey('visibility') ) { + #with 6.4.x, there is no longer visibility parameter + if ($connection.version -ge "6.4.0") { + Write-Warning "-visibility parameter is no longer available with FortiOS 6.4.x and after" + } + else { + if ( $visibility ) { + $tacacs | add-member -name "visibility" -membertype NoteProperty -Value "enable" + } + else { + $tacacs | add-member -name "visibility" -membertype NoteProperty -Value "disable" + } + } + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $tacacs | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + Invoke-FGTRestMethod -method "POST" -body $tacacs -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserTACACS -connection $connection @invokeParams -name $name + } + + End { + } +} + function Get-FGTUserTACACS { <# From e963717a5c3be03222c3a7962c49fade913da946 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:17:43 +0200 Subject: [PATCH 04/18] Fix authorization in add function --- PowerFGT/Public/cmdb/user/tacacs.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/tacacs.ps1 b/PowerFGT/Public/cmdb/user/tacacs.ps1 index 2def5e93d..4df4be2d3 100644 --- a/PowerFGT/Public/cmdb/user/tacacs.ps1 +++ b/PowerFGT/Public/cmdb/user/tacacs.ps1 @@ -76,7 +76,7 @@ function Add-FGTUserTACACS { [ValidateSet("mschap", "chap", "pap", "ascii", "auto")] [string]$authen_type, [Parameter (Mandatory = $false)] - [string]$authorization, + [switch]$authorization, [Parameter (Mandatory = $false)] [boolean]$visibility, [Parameter (Mandatory = $false)] @@ -160,10 +160,10 @@ function Add-FGTUserTACACS { } if ( $PsBoundParameters.ContainsKey('authorization') ) { - $tacacs | add-member -name "authorization" -membertype NoteProperty -Value $true + $tacacs | add-member -name "authorization" -membertype NoteProperty -Value "enable" } else { - $tacacs | add-member -name "authorization" -membertype NoteProperty -Value $false + $tacacs | add-member -name "authorization" -membertype NoteProperty -Value "disable" } if ( $PsBoundParameters.ContainsKey('visibility') ) { From 2ca48ea890b0e3ca54f1818aaa4f5e419288d0cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:25:48 +0200 Subject: [PATCH 05/18] Add tests --- Tests/integration/UserTacacs.Tests.ps1 | 133 ++++++++++++++++++++++++- 1 file changed, 131 insertions(+), 2 deletions(-) diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 index ac216e1da..47cf58f6b 100644 --- a/Tests/integration/UserTacacs.Tests.ps1 +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -14,7 +14,7 @@ BeforeAll { Describe "Get User Tacacs" { BeforeAll { - Add-FGTusertacacs -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key } It "Get User Tacacs Does not throw an error" { @@ -69,7 +69,136 @@ Describe "Get User Tacacs" { } AfterAll { - Get-FGTuserTACACS -name $pester_usertacacs | Remove-FGTuserTACACS -confirm:$false + Get-FGTuserTACACS -name $pester_usertacacs | Remove-FGTUserTACACS -confirm:$false + } + +} + +Describe "Add User Tacacs" { + + Context "Tacacs Server (Primary, secondary, tertiary servers, port, authentication type etc ...)" { + + AfterEach { + Get-FGTuserTACACS -name $pester_usertacacs | Remove-FGTUserTACACS -confirm:$false + } + + It "Add User Tacacs Server $pester_usertacacs" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + } + + It "Add User Tacacs Server $pester_usertacacs with secondary-server" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -secondary_server $pester_usertacacsserver2 -secondary_key $pester_usertacacs_key + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs.'secondary-server' | Should -Be $pester_usertacacsserver2 + $usertacacs.'secondary-key' | Should -Not -Be $Null + } + + It "Add User Tacacs Server $pester_usertacacs with tertiary-server" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -secondary_server $pester_usertacacsserver2 -secondary_key $pester_usertacacs_key -tertiary_server $pester_usertacacsserver3 -tertiary_key $pester_usertacacs_key + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs.'secondary-server' | Should -Be $pester_usertacacsserver2 + $usertacacs.'secondary-key' | Should -Not -Be $Null + $usertacacs.'tertiary-server' | Should -Be $pester_usertacacsserver3 + $usertacacs.'tertiary-key' | Should -Not -Be $Null + } + + It "Add User Tacacs Server $pester_usertacacs with port" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -port 10049 + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs.timeout | Should -Be "10049" + } + + It "Add User Tacacs Server $pester_usertacacs with authorization enabled" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -authorization + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs.authorization | Should -Be "enable" + } + + It "Add User Tacacs Server $pester_usertacacs with authorization disabled" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs.authorization | Should -Be "disable" + } + + It "Try to Add User Tacacs Server $pester_usertacacs (but there is already a object with same name)" { + #Add first userTacacs + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key + #Add Second userTacacs with same name + { Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key } | Should -Throw "Already a Tacacs Server using the same name" + } + + } + + Context "Tacacs Server authen-type" { + + AfterEach { + Get-FGTuserTACACS -name $pester_usertacacs | Remove-FGTUserTACACS -confirm:$false + } + + It "Add User Tacacs Server $pester_usertacacs with authen_type as auto" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -authen_type auto + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs."authen-type" | Should -Be "auto" + } + + It "Add User Tacacs Server $pester_usertacacs with authen_type as mschap" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -authen_type mschap + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs."authen-type" | Should -Be "mschap" + } + + It "Add User Tacacs Server $pester_usertacacs with authen_type as ascii" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -authen_type ascii + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs."authen-type" | Should -Be "ascii" + } + + It "Add User Tacacs Server $pester_usertacacs with authen_type as chap" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -authen_type chap + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs."authen-type" | Should -Be "chap" + } + + It "Add User Tacacs Server $pester_usertacacs with authen_type as pap" { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key -authen_type pap + $usertacacs = Get-FGTuserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + $usertacacs."authen-type" | Should -Be "pap" + } + } } \ No newline at end of file From bbc30cc1837f485348f3e5a494f6bd84bbb28fa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:36:58 +0200 Subject: [PATCH 06/18] Set function --- PowerFGT/Public/cmdb/user/tacacs.ps1 | 180 +++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) diff --git a/PowerFGT/Public/cmdb/user/tacacs.ps1 b/PowerFGT/Public/cmdb/user/tacacs.ps1 index 4df4be2d3..f81a97139 100644 --- a/PowerFGT/Public/cmdb/user/tacacs.ps1 +++ b/PowerFGT/Public/cmdb/user/tacacs.ps1 @@ -295,3 +295,183 @@ function Get-FGTUserTACACS { End { } } + +function Set-FGTUserTACACS { + + <# + .SYNOPSIS + Change a FortiGate TACACS Server + + .DESCRIPTION + Change a FortiGate TACACS Server + + .EXAMPLE + $MyFGTUserTACACS = Get-FGTUserTACACS -name MyFGTUserTACACS + PS C:\>$MyFGTUserTACACS | Set-FGTUserTACACS -server mynewTACACSserver + + Change server name from MyFGTUserTACACS to mynewTACACSserver + + .EXAMPLE + $MyFGTUserTACACS = Get-FGTUserTACACS -name MyFGTUserTACACS + PS C:\>$mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>$MyFGTUserTACACS | Set-FGTUserTACACS -secondary_server tacacs2.powerfgt -secondary_key $mykey + + Change secondary server and key + + .EXAMPLE + $MyFGTUserTACACS = Get-FGTUserTACACS -name MyFGTUserTACACS + PS C:\>$mykey = ConvertTo-SecureString mykey -AsPlainText -Force + PS C:\>$MyFGTUserTACACS | Set-FGTUserTACACS -tertiary_server tacacs3.powerfgt -tertiary_key $mykey + + Change tertiary server and key + + .EXAMPLE + $MyFGTUserTACACS = Get-FGTUserTACACS -name MyFGTUserTACACS + PS C:\>$MyFGTUserTACACS | Set-FGTUserTACACS -authorization disable + + Change authorization to disable + + .EXAMPLE + $data = @{ "port" = "10049" } + PS C:\>$MyFGTUserTACACS = Get-FGTUserTACACS -name MyFGTUserTACACS + PS C:\>$MyFGTUserTACACS | Set-FGTUserTACACS -data $data + + Change port to 10049 + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + [ValidateScript( { Confirm-FGTUserTACACS $_ })] + [psobject]$usertacacs, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 35)] + [string]$name, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$server, + [Parameter (Mandatory = $false)] + [SecureString]$key, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$secondary_server, + [Parameter (Mandatory = $false)] + [SecureString]$secondary_key, + [Parameter (Mandatory = $false)] + [ValidateLength(1, 63)] + [string]$tertiary_server, + [Parameter (Mandatory = $false)] + [SecureString]$tertiary_key, + [Parameter (Mandatory = $false)] + [ValidateRange(1, 65535)] + [int]$port, + [Parameter (Mandatory = $false)] + [ValidateSet("mschap", "chap", "pap", "ascii", "auto")] + [string]$authen_type, + [Parameter (Mandatory = $false)] + [ValidateSet("enable", "disable")] + [string]$authorization, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/tacacs+/$($usertacacs.name)" + + $_tacacs = New-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('name') ) { + #TODO check if there is no already an object with this name ? + $_tacacs | add-member -name "name" -membertype NoteProperty -Value $name + $usertacacs.name = $name + } + + if ( $PsBoundParameters.ContainsKey('server') ) { + $_tacacs | add-member -name "server" -membertype NoteProperty -Value $server + } + + if ( $PsBoundParameters.ContainsKey('key') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($key); + $key_secure = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_tacacs | add-member -name "key" -membertype NoteProperty -Value $key_secure + } + else { + $key_secure = ConvertFrom-SecureString -SecureString $key -AsPlainText + $_tacacs | add-member -name "key" -membertype NoteProperty -Value $key_secure + } + } + + if ( $PsBoundParameters.ContainsKey('secondary_server') ) { + $_tacacs | add-member -name "secondary-server" -membertype NoteProperty -Value $secondary_server + } + + if ( $PsBoundParameters.ContainsKey('secondary_key') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secondary_key); + $secondary_key_secure = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_tacacs | add-member -name "secondary-key" -membertype NoteProperty -Value $secondary_key_secure + } + else { + $secondary_key_secure = ConvertFrom-SecureString -SecureString $secondary_key -AsPlainText + $_tacacs | add-member -name "secondary-key" -membertype NoteProperty -Value $secondary_key_secure + } + } + + if ( $PsBoundParameters.ContainsKey('tertiary_server') ) { + $_tacacs | add-member -name "tertiary-server" -membertype NoteProperty -Value $tertiary_server + } + + if ( $PsBoundParameters.ContainsKey('tertiary_key') ) { + if (("Desktop" -eq $PSVersionTable.PsEdition) -or ($null -eq $PSVersionTable.PsEdition)) { + $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tertiary_key); + $tertiary_key_secure = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr); + $_tacacs | add-member -name "tertiary-key" -membertype NoteProperty -Value $tertiary_key_secure + } + else { + $tertiary_key_secure = ConvertFrom-SecureString -SecureString $tertiary_key -AsPlainText + $_tacacs | add-member -name "tertiary-key" -membertype NoteProperty -Value $tertiary_key_secure + } + } + + if ( $PsBoundParameters.ContainsKey('port') ) { + $_tacacs | add-member -name "port" -membertype NoteProperty -Value $port + } + + if ( $PsBoundParameters.ContainsKey('authen_type') ) { + $tacacs | add-member -name "authen-type" -membertype NoteProperty -Value $authen_type + } + + if ( $PsBoundParameters.ContainsKey('authorization') ) { + $tacacs | add-member -name "authorization" -membertype NoteProperty -Value $authorization + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_tacacs | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + if ($PSCmdlet.ShouldProcess($usertacacs.name, 'Configure User TACACS')) { + Invoke-FGTRestMethod -method "PUT" -body $_tacacs -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserTACACS -connection $connection @invokeParams -name $usertacacs.name + } + } + + End { + } +} \ No newline at end of file From 0b8917547d84fff6421026bbff4706867db2ac8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:44:18 +0200 Subject: [PATCH 07/18] Set tests --- Tests/integration/UserTacacs.Tests.ps1 | 128 +++++++++++++++++++++++++ 1 file changed, 128 insertions(+) diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 index 47cf58f6b..d632c91da 100644 --- a/Tests/integration/UserTacacs.Tests.ps1 +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -201,4 +201,132 @@ Describe "Add User Tacacs" { } +} + +Describe "Configure User TACACS" { + + Context "Change server, secondary-server, port, etc ..." { + + BeforeAll { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key + } + + It "Change name of TACACS Server" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -name "pester_tacacsserver_renamed" + $usertacacs = Get-FGTUserTACACS -name "pester_tacacsserver_renamed" + $usertacacs.name | Should -Be "pester_tacacsserver_renamed" + $usertacacs.server | Should -Be $pester_usertacacsserver1 + $usertacacs.key | Should -Not -Be $Null + } + + It "Change name of TACACS Server back to initial value" { + Get-FGTUserTACACS -name "pester_tacacsserver_renamed" | Set-FGTuserTACACS -name $pester_usertacacs + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + } + + It "Change server" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -server $pester_usertacacsserver2 + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver2 + $usertacacs.key | Should -Not -Be $Null + } + + It "Change secondary-server" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -secondary_server $pester_usertacacsserver3 -secondary_key $pester_usertacacs_key + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver2 + $usertacacs.key | Should -Not -Be $Null + $usertacacs."secondary-server" | Should -Be $pester_usertacacsserver3 + $usertacacs."secondary-key" | Should -Not -Be $Null + } + + It "Change tertiary-server" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -tertiary_server $pester_usertacacsserver1 -tertiary_key $pester_usertacacs_key + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.server | Should -Be $pester_usertacacsserver2 + $usertacacs.key | Should -Not -Be $Null + $usertacacs."secondary-server" | Should -Be $pester_usertacacsserver3 + $usertacacs."secondary-key" | Should -Not -Be $Null + $usertacacs."tertiary-server" | Should -Be $pester_usertacacsserver1 + $usertacacs."tertiary-key" | Should -Not -Be $Null + } + + It "Change port" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -port 10049 + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.port | Should -Be "10049" + } + + It "Change authorization to enable" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authorization enable + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.authorization | Should -Be "enable" + } + + It "Change authorization to disable" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authorization disable + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs.authorization | Should -Be "disable" + } + + AfterAll { + Get-FGTUserTACACS -name $pester_usertacacs | Remove-FGTUserTACACS -confirm:$false + } + + } + + Context "Change authen-type" { + + BeforeAll { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key + } + + It "Change type mschap" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type mschap + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs."auth-type" | Should -Be "mschap" + } + + It "Change type chap" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type chap + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs."auth-type" | Should -Be "chap" + } + + It "Change type pap" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type pap + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs."auth-type" | Should -Be "pap" + } + + It "Change type ascii" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type ascii + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs."auth-type" | Should -Be "ascii" + } + + It "Change type auto" { + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type auto + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs.name | Should -Be $pester_usertacacs + $usertacacs."auth-type" | Should -Be "auto" + } + + AfterAll { + Get-FGTUserTACACS -name $pester_usertacacs | Remove-FGTUserTACACS -confirm:$false + } + + } + } \ No newline at end of file From 5daa04cf709f9dc82d83ad5c236dcae06bf51e93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:51:11 +0200 Subject: [PATCH 08/18] Remove function --- PowerFGT/Public/cmdb/user/tacacs.ps1 | 54 ++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/PowerFGT/Public/cmdb/user/tacacs.ps1 b/PowerFGT/Public/cmdb/user/tacacs.ps1 index f81a97139..814641444 100644 --- a/PowerFGT/Public/cmdb/user/tacacs.ps1 +++ b/PowerFGT/Public/cmdb/user/tacacs.ps1 @@ -472,6 +472,60 @@ function Set-FGTUserTACACS { } } + End { + } +} + +function Remove-FGTUserTACACS { + + <# + .SYNOPSIS + Remove a FortiGate TACACS Server + + .DESCRIPTION + Remove a TACACS Server on the FortiGate + + .EXAMPLE + $MyFGTUserTACACS = Get-FGTUserTACACS -name PowerFGT + PS C:\>$MyFGTUserTACACS | Remove-FGTUserTACACS + + Remove user object $MyFGTUserTACACS + + .EXAMPLE + $MyFGTUserTACACS = Get-FGTUserTACACS -name MyFGTUserTACACS + PS C:\>$MyFGTUserTACACS | Remove-FGTUserTACACS -confirm:$false + + Remove UserTACACS object $MyFGTUserTACACS with no confirmation + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + [ValidateScript( { Confirm-FGTUserTACACS $_ })] + [psobject]$usertacacs, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/tacacs+/$($usertacacs.name)" + + if ($PSCmdlet.ShouldProcess($usertacacs.name, 'Remove User Tacacs')) { + $null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams + } + } + End { } } \ No newline at end of file From e22d5dd404fe53f4eb0ce65e5e9a99c338056494 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:52:53 +0200 Subject: [PATCH 09/18] Remove tests --- Tests/integration/UserTacacs.Tests.ps1 | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 index d632c91da..50736da96 100644 --- a/Tests/integration/UserTacacs.Tests.ps1 +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -329,4 +329,27 @@ Describe "Configure User TACACS" { } +} + +Describe "Remove User TACACS" { + + Context "local" { + + BeforeEach { + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -secret $pester_usertacacs_key + } + + It "Remove User TACACS $pester_usertacacs by pipeline" { + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs | Remove-FGTUserTACACS -confirm:$false + $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs + $usertacacs | Should -Be $NULL + } + + } + +} + +AfterAll { + Disconnect-FGT -confirm:$false } \ No newline at end of file From a6311922b8d5d7068a29c94c2f3a539d589b07f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:54:57 +0200 Subject: [PATCH 10/18] Add Confirm-UserTACACS --- PowerFGT/Private/Confirm.ps1 | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index de81b0845..9d7de4fe7 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -481,6 +481,48 @@ Function Confirm-FGTUserLocal { } +Function Confirm-FGTUserTACACS { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + + #Check if it looks like a TACACS Server element + + if ( -not ( $argument | get-member -name name -Membertype Properties)) { + throw "Element specified does not contain a name property." + } + if ( -not ( $argument | get-member -name server -Membertype Properties)) { + throw "Element specified does not contain a server property." + } + if ( -not ( $argument | get-member -name key -Membertype Properties)) { + throw "Element specified does not contain a key property." + } + if ( -not ( $argument | get-member -name secondary-server -Membertype Properties)) { + throw "Element specified does not contain a secondary-server property." + } + if ( -not ( $argument | get-member -name secondary-key -Membertype Properties)) { + throw "Element specified does not contain a secondary-key property." + } + if ( -not ( $argument | get-member -name tertiary-server -Membertype Properties)) { + throw "Element specified does not contain a tertiary-server property." + } + if ( -not ( $argument | get-member -name tertiary-key -Membertype Properties)) { + throw "Element specified does not contain a tertiary-key property." + } + if ( -not ( $argument | get-member -name port -Membertype Properties)) { + throw "Element specified does not contain a port property." + } + if ( -not ( $argument | get-member -name authorization -Membertype Properties)) { + throw "Element specified does not contain a authorization property." + } + if ( -not ( $argument | get-member -name authen-type -Membertype Properties)) { + throw "Element specified does not contain a authen-type property." + } + + $true +} Function Confirm-FGTUserGroup { Param ( From 478a79937b1c96d328f300cc1f0558cfd9161095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 14:56:04 +0200 Subject: [PATCH 11/18] Add pester variables in common.ps1 --- Tests/common.ps1 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 5d1f1fd3c..4d58cd6f5 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -57,6 +57,11 @@ $script:pester_userlocal3 = "pester_userlocal3" $script:pester_userlocal4 = "pester_userlocal4" $script:pester_usergroup1 = "pester_usergroup1" $script:pester_usergroup2 = "pester_usergroup2" +$script:pester_usertacacs = "pester_usertacacs" +$script:pester_usertacacsserver1 = "pestertacacsserver1.powerfgt" +$script:pester_usertacacsserver2 = "pestertacacsserver2.powerfgt" +$script:pester_usertacacsserver3 = "pestertacacsserver3.powerfgt" +$script:pester_usertacacs_key = ConvertTo-SecureString "pester_usertacacskey" -AsPlainText -Force . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... From 5e4c572c8f9adedea01dc5de6a9a35bb33bc5654 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 15:02:29 +0200 Subject: [PATCH 12/18] Fix tests : auth_type --> authen_type --- Tests/common.ps1 | 2 +- Tests/integration/UserTacacs.Tests.ps1 | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 4d58cd6f5..f238ae79e 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -63,7 +63,7 @@ $script:pester_usertacacsserver2 = "pestertacacsserver2.powerfgt" $script:pester_usertacacsserver3 = "pestertacacsserver3.powerfgt" $script:pester_usertacacs_key = ConvertTo-SecureString "pester_usertacacskey" -AsPlainText -Force -. ../credential.ps1 +#. ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... $script:mysecpassword = ConvertTo-SecureString $password -AsPlainText -Force diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 index 50736da96..37ba0a425 100644 --- a/Tests/integration/UserTacacs.Tests.ps1 +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -143,7 +143,7 @@ Describe "Add User Tacacs" { #Add first userTacacs Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key #Add Second userTacacs with same name - { Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key } | Should -Throw "Already a Tacacs Server using the same name" + { Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key } | Should -Throw "Already a TACACS+ Server using the same name" } } @@ -289,35 +289,35 @@ Describe "Configure User TACACS" { } It "Change type mschap" { - Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type mschap + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type mschap $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs $usertacacs."auth-type" | Should -Be "mschap" } It "Change type chap" { - Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type chap + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type chap $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs $usertacacs."auth-type" | Should -Be "chap" } It "Change type pap" { - Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type pap + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type pap $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs $usertacacs."auth-type" | Should -Be "pap" } It "Change type ascii" { - Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type ascii + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type ascii $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs $usertacacs."auth-type" | Should -Be "ascii" } It "Change type auto" { - Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -auth_type auto + Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type auto $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs $usertacacs."auth-type" | Should -Be "auto" From 10db6eb502b1884b0a3014795bc9c8776a6f3ede Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 15:03:35 +0200 Subject: [PATCH 13/18] Fix tests : --> --- PowerFGT/Public/cmdb/user/tacacs.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/tacacs.ps1 b/PowerFGT/Public/cmdb/user/tacacs.ps1 index 814641444..b54895eca 100644 --- a/PowerFGT/Public/cmdb/user/tacacs.ps1 +++ b/PowerFGT/Public/cmdb/user/tacacs.ps1 @@ -452,11 +452,11 @@ function Set-FGTUserTACACS { } if ( $PsBoundParameters.ContainsKey('authen_type') ) { - $tacacs | add-member -name "authen-type" -membertype NoteProperty -Value $authen_type + $_tacacs | add-member -name "authen-type" -membertype NoteProperty -Value $authen_type } if ( $PsBoundParameters.ContainsKey('authorization') ) { - $tacacs | add-member -name "authorization" -membertype NoteProperty -Value $authorization + $_tacacs | add-member -name "authorization" -membertype NoteProperty -Value $authorization } if ( $PsBoundParameters.ContainsKey('data') ) { From bb13528c1bd9c547e7a44cea6b15ab0334c16000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 15:07:43 +0200 Subject: [PATCH 14/18] Fix tests : timeout --> port --- Tests/integration/UserTacacs.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 index 37ba0a425..4c51c087e 100644 --- a/Tests/integration/UserTacacs.Tests.ps1 +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -118,7 +118,7 @@ Describe "Add User Tacacs" { $usertacacs.name | Should -Be $pester_usertacacs $usertacacs.server | Should -Be $pester_usertacacsserver1 $usertacacs.key | Should -Not -Be $Null - $usertacacs.timeout | Should -Be "10049" + $usertacacs.port | Should -Be "10049" } It "Add User Tacacs Server $pester_usertacacs with authorization enabled" { From 7fe405c2e6a8693d85420f1f55778b274f7ae8fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 15:08:13 +0200 Subject: [PATCH 15/18] Fix tests : auth-type --> authen-type --- Tests/integration/UserTacacs.Tests.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 index 4c51c087e..2d79f7ed5 100644 --- a/Tests/integration/UserTacacs.Tests.ps1 +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -292,35 +292,35 @@ Describe "Configure User TACACS" { Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type mschap $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs - $usertacacs."auth-type" | Should -Be "mschap" + $usertacacs."authen-type" | Should -Be "mschap" } It "Change type chap" { Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type chap $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs - $usertacacs."auth-type" | Should -Be "chap" + $usertacacs."authen-type" | Should -Be "chap" } It "Change type pap" { Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type pap $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs - $usertacacs."auth-type" | Should -Be "pap" + $usertacacs."authen-type" | Should -Be "pap" } It "Change type ascii" { Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type ascii $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs - $usertacacs."auth-type" | Should -Be "ascii" + $usertacacs."authen-type" | Should -Be "ascii" } It "Change type auto" { Get-FGTUserTACACS -name $pester_usertacacs | Set-FGTuserTACACS -authen_type auto $usertacacs = Get-FGTUserTACACS -name $pester_usertacacs $usertacacs.name | Should -Be $pester_usertacacs - $usertacacs."auth-type" | Should -Be "auto" + $usertacacs."authen-type" | Should -Be "auto" } AfterAll { From d60b1794e25dc2303e95fb1c35061783e3cbc0cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 15:10:20 +0200 Subject: [PATCH 16/18] Fix tests : secret --> key --- Tests/integration/UserTacacs.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/integration/UserTacacs.Tests.ps1 b/Tests/integration/UserTacacs.Tests.ps1 index 2d79f7ed5..f52402d41 100644 --- a/Tests/integration/UserTacacs.Tests.ps1 +++ b/Tests/integration/UserTacacs.Tests.ps1 @@ -336,7 +336,7 @@ Describe "Remove User TACACS" { Context "local" { BeforeEach { - Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -secret $pester_usertacacs_key + Add-FGTUserTACACS -Name $pester_usertacacs -server $pester_usertacacsserver1 -key $pester_usertacacs_key } It "Remove User TACACS $pester_usertacacs by pipeline" { From 110ec050242d993964be8a516e12b555b33a9414 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 15:10:46 +0200 Subject: [PATCH 17/18] Uncomment credential.ps1 --- Tests/common.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index f238ae79e..4d58cd6f5 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -63,7 +63,7 @@ $script:pester_usertacacsserver2 = "pestertacacsserver2.powerfgt" $script:pester_usertacacsserver3 = "pestertacacsserver3.powerfgt" $script:pester_usertacacs_key = ConvertTo-SecureString "pester_usertacacskey" -AsPlainText -Force -#. ../credential.ps1 +. ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... $script:mysecpassword = ConvertTo-SecureString $password -AsPlainText -Force From 448d75957bc01990c6c12c658f98c3fca78a0ee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Wed, 11 Sep 2024 17:28:38 +0200 Subject: [PATCH 18/18] Add uncoding --- PowerFGT/Public/cmdb/user/tacacs.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PowerFGT/Public/cmdb/user/tacacs.ps1 b/PowerFGT/Public/cmdb/user/tacacs.ps1 index b54895eca..9b10288de 100644 --- a/PowerFGT/Public/cmdb/user/tacacs.ps1 +++ b/PowerFGT/Public/cmdb/user/tacacs.ps1 @@ -1,4 +1,4 @@ -#Get-FGTUserTACACS +#Get-FGTUserTACACS # Copyright 2024, Cédric Moreau # # SPDX-License-Identifier: Apache-2.0