From 2eedd9e49e1d61e9b6493d0ff2ad905eaa6bd605 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Mon, 30 May 2022 16:58:52 +0200 Subject: [PATCH 01/17] Add Add-FGTUserLocal function --- PowerFGT/Public/cmdb/user/local.ps1 | 143 ++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) diff --git a/PowerFGT/Public/cmdb/user/local.ps1 b/PowerFGT/Public/cmdb/user/local.ps1 index d810d7b9..00d62381 100644 --- a/PowerFGT/Public/cmdb/user/local.ps1 +++ b/PowerFGT/Public/cmdb/user/local.ps1 @@ -5,6 +5,149 @@ # SPDX-License-Identifier: Apache-2.0 # +function Add-FGTUserLocal { + + <# + .SYNOPSIS + Add a FortiGate Local User + + .DESCRIPTION + Add a FortiGate Local User (Name, Password, MFA) + + .EXAMPLE + Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 + + Add Local User object type ipmask with name FGT and value 192.0.2.0/24 + + .EXAMPLE + Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 -interface port2 + + Add Local User object type ipmask with name FGT, value 192.0.2.0/24 and associated to interface port2 + + .EXAMPLE + Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 -comment "My FGT Local User" + + Add Local User object type ipmask with name FGT, value 192.0.2.0/24 and a comment + + .EXAMPLE + Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 -visibility:$false + + Add Local User object type ipmask with name FGT, value 192.0.2.0/24 and disabled visibility + + .EXAMPLE + Add-FGTUserLocal -Name FortiPower -fqdn fortipower.github.io + + Add Local User object type fqdn with name FortiPower and value fortipower.github.io + + .EXAMPLE + Add-FGTUserLocal -Name FGT-Range -startip 192.0.2.1 -endip 192.0.2.100 + + Add Local User object type iprange with name FGT-Range with start IP 192.0.2.1 and end ip 192.0.2.100 + #> + + Param( + [Parameter (Mandatory = $true)] + [string]$name, + [Parameter (Mandatory = $false)] + [switch]$status, + [Parameter (Mandatory = $false, ParameterSetName = "local")] + [string]$password, + [Parameter (Mandatory = $false, ParameterSetName = "radius")] + [string]$radius_server, + [Parameter (Mandatory = $false, ParameterSetName = "tacacs")] + [string]$tacacs_server, + [Parameter (Mandatory = $false)] + [ValidateSet("fortitoken", "email", "sms", "disable", "fortitoken-cloud")] + [string]$two_factor, + [Parameter (Mandatory = $false)] + [ValidateSet("fortitoken", "email", "sms")] + [string]$two_factor_authentication, + [Parameter (Mandatory = $false)] + [string]$two_factor_notification, + [Parameter (Mandatory = $false)] + [string]$fortitoken, + [Parameter (Mandatory = $false)] + [string]$email_to, + [Parameter (Mandatory = $false)] + [string]$sms_server, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + if ( Get-FGTUserLocal @invokeParams -name $name -connection $connection) { + Throw "Already an Local User object using the same name" + } + + $uri = "api/v2/cmdb/user/local" + + $Local_User = new-Object -TypeName PSObject + + $Local_User | add-member -name "name" -membertype NoteProperty -Value $name + + if ($status) { + $Local_User | add-member -name "status" -membertype NoteProperty -Value "enable" + } + else { + $Local_User | add-member -name "status" -membertype NoteProperty -Value "disable" + } + + switch ( $PSCmdlet.ParameterSetName ) { + "local" { + $Local_User | add-member -name "type" -membertype NoteProperty -Value "password" + $Local_User | add-member -name "passwd" -membertype NoteProperty -Value $password + } + "radius" { + $Local_User | add-member -name "type" -membertype NoteProperty -Value "radius" + $Local_User | add-member -name "radius-server" -membertype NoteProperty -Value $radius_server + } + "tacacs" { + $Local_User | add-member -name "type" -membertype NoteProperty -Value "tacacs" + $Local_User | add-member -name "tacacs+-server" -membertype NoteProperty -Value $tacacs_server + } + default { } + } + + if ( $PsBoundParameters.ContainsKey('two_factor') ) { + $Local_User | add-member -name "two-factor" -membertype NoteProperty -Value $two_factor_authentication + } + + if ( $PsBoundParameters.ContainsKey('two_factor_authentication') ) { + $Local_User | add-member -name "two-factor-authentication" -membertype NoteProperty -Value $two_factor_authentication + } + + if ( $PsBoundParameters.ContainsKey('fortitoken') ) { + $Local_User | add-member -name "fortitoken" -membertype NoteProperty -Value $fortitoken + } + + if ( $PsBoundParameters.ContainsKey('email_to') ) { + $Local_User | add-member -name "email-to" -membertype NoteProperty -Value $email_to + } + + if ( $PsBoundParameters.ContainsKey('sms_server') ) { + $Local_User | add-member -name "sms-server" -membertype NoteProperty -Value $sms_server + } + + Invoke-FGTRestMethod -method "POST" -body $Local_User -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserLocal -connection $connection @invokeParams -name $name + } + + End { + } +} + function Get-FGTUserLocal { <# From 070363a77f31438f2bd22089a26c47348d9fd492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Mon, 30 May 2022 17:20:38 +0200 Subject: [PATCH 02/17] Add remove function --- PowerFGT/Public/cmdb/user/local.ps1 | 83 ++++++++++++++++++++--------- 1 file changed, 59 insertions(+), 24 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/local.ps1 b/PowerFGT/Public/cmdb/user/local.ps1 index 00d62381..1c028ef8 100644 --- a/PowerFGT/Public/cmdb/user/local.ps1 +++ b/PowerFGT/Public/cmdb/user/local.ps1 @@ -15,34 +15,14 @@ function Add-FGTUserLocal { Add a FortiGate Local User (Name, Password, MFA) .EXAMPLE - Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 + Add-FGTUserLocal -Name FGT -password MyFGT -status - Add Local User object type ipmask with name FGT and value 192.0.2.0/24 + Add Local User object name FGT, password MyFGT and enable it .EXAMPLE - Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 -interface port2 + Add-FGTUserLocal -Name FGT -password MyFGT -status -two_factor email -two_factor_authentication email -email_to powerfgt@fgt.power - Add Local User object type ipmask with name FGT, value 192.0.2.0/24 and associated to interface port2 - - .EXAMPLE - Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 -comment "My FGT Local User" - - Add Local User object type ipmask with name FGT, value 192.0.2.0/24 and a comment - - .EXAMPLE - Add-FGTUserLocal -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 -visibility:$false - - Add Local User object type ipmask with name FGT, value 192.0.2.0/24 and disabled visibility - - .EXAMPLE - Add-FGTUserLocal -Name FortiPower -fqdn fortipower.github.io - - Add Local User object type fqdn with name FortiPower and value fortipower.github.io - - .EXAMPLE - Add-FGTUserLocal -Name FGT-Range -startip 192.0.2.1 -endip 192.0.2.100 - - Add Local User object type iprange with name FGT-Range with start IP 192.0.2.1 and end ip 192.0.2.100 + Add Local User object name FGT, password MyFGT and enable it, with two factor authentication by email #> Param( @@ -246,6 +226,61 @@ function Get-FGTUserLocal { $reponse.results } + End { + } +} + +function Remove-FGTUserLocal { + + <# + .SYNOPSIS + Remove a FortiGate Local User + + .DESCRIPTION + Remove a local user object on the FortiGate + + .EXAMPLE + $MyFGTUserLocal = Get-FGTUserLocal -name FGT + PS C:\>$MyFGTUserLocal | Remove-FGTUserLocal + + Remove user object $MyFGTUserLocal + + .EXAMPLE + $MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal + PS C:\>$MyFGTUserLocal | Remove-FGTUserLocal -confirm:$false + + Remove UserLocal object $MyFGTUserLocal with no confirmation + + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + #[ValidateScript( { Confirm-FGTUserLocal $_ })] + [psobject]$userlocal, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/local/$($address.name)" + + if ($PSCmdlet.ShouldProcess($userlocal.name, 'Remove User Local')) { + $null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams + } + } + End { } } \ No newline at end of file From 49f169b89dfeeec96e4b08648fe4d1cec79153e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 10:03:02 +0200 Subject: [PATCH 03/17] Add Set function --- PowerFGT/Public/cmdb/user/local.ps1 | 143 +++++++++++++++++++++++++++- 1 file changed, 141 insertions(+), 2 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/local.ps1 b/PowerFGT/Public/cmdb/user/local.ps1 index 1c028ef8..aec8e914 100644 --- a/PowerFGT/Public/cmdb/user/local.ps1 +++ b/PowerFGT/Public/cmdb/user/local.ps1 @@ -100,7 +100,7 @@ function Add-FGTUserLocal { } if ( $PsBoundParameters.ContainsKey('two_factor') ) { - $Local_User | add-member -name "two-factor" -membertype NoteProperty -Value $two_factor_authentication + $Local_User | add-member -name "two-factor" -membertype NoteProperty -Value $two_factor } if ( $PsBoundParameters.ContainsKey('two_factor_authentication') ) { @@ -230,6 +230,145 @@ function Get-FGTUserLocal { } } +function Set-FGTUserLocal { + + <# + .SYNOPSIS + Configure a FortiGate Local User + + .DESCRIPTION + Change a FortiGate Local User (ip, mask, comment, associated interface... ) + + .EXAMPLE + $MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal + PS C:\>$MyFGTUserLocal | Set-FGTUserLocal -status $false + + Change MyFGTUserLocal to status disable + + .EXAMPLE + $MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal + PS C:\>$MyFGTUserLocal | Set-FGTUserLocal -password MyFGTUserLocalPassword + + Change MyFGTUserLocal to value (Password) MyFGTUserLocalPassword + + .EXAMPLE + $MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal + PS C:\>$MyFGTUserLocal | Set-FGTUserLocal -email_to newpowerfgt@fgt.power + + Change MyFGTUserLocal to set email to newpowerfgt@fgt.power + + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + #[ValidateScript( { Confirm-FGTAddress $_ })] + [psobject]$userlocal, + [Parameter (Mandatory = $true)] + [string]$name, + [Parameter (Mandatory = $false)] + [switch]$status, + [Parameter (Mandatory = $false, ParameterSetName = "local")] + [string]$password, + [Parameter (Mandatory = $false, ParameterSetName = "radius")] + [string]$radius_server, + [Parameter (Mandatory = $false, ParameterSetName = "tacacs")] + [string]$tacacs_server, + [Parameter (Mandatory = $false)] + [ValidateSet("fortitoken", "email", "sms", "disable", "fortitoken-cloud")] + [string]$two_factor, + [Parameter (Mandatory = $false)] + [ValidateSet("fortitoken", "email", "sms")] + [string]$two_factor_authentication, + [Parameter (Mandatory = $false)] + [string]$two_factor_notification, + [Parameter (Mandatory = $false)] + [string]$fortitoken, + [Parameter (Mandatory = $false)] + [string]$email_to, + [Parameter (Mandatory = $false)] + [string]$sms_server, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/user/local/$($userlocal.name)" + + $_userlocal = new-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('name') ) { + #TODO check if there is no already a object with this name ? + $_userlocal | add-member -name "name" -membertype NoteProperty -Value $name + $userlocal.name = $name + } + + if ( $PSCmdlet.ParameterSetName -ne "default" -and $userlocal.type -ne $PSCmdlet.ParameterSetName ) { + throw "Address type ($($userlocal.type)) need to be on the same type ($($PSCmdlet.ParameterSetName))" + } + + if ($status) { + $_userlocal | add-member -name "status" -membertype NoteProperty -Value "enable" + } + else { + $_userlocal | add-member -name "status" -membertype NoteProperty -Value "disable" + } + + switch ( $PSCmdlet.ParameterSetName ) { + "local" { + $_userlocal | add-member -name "passwd" -membertype NoteProperty -Value $password + } + "radius" { + $_userlocal | add-member -name "radius-server" -membertype NoteProperty -Value $radius_server + } + "tacacs" { + $_userlocal | add-member -name "tacacs+-server" -membertype NoteProperty -Value $tacacs_server + } + default { } + } + + if ( $PsBoundParameters.ContainsKey('two_factor') ) { + $_userlocal | add-member -name "two-factor" -membertype NoteProperty -Value $two_factor + } + + if ( $PsBoundParameters.ContainsKey('two_factor_authentication') ) { + $_userlocal | add-member -name "two-factor-authentication" -membertype NoteProperty -Value $two_factor_authentication + } + + if ( $PsBoundParameters.ContainsKey('fortitoken') ) { + $_userlocal | add-member -name "fortitoken" -membertype NoteProperty -Value $fortitoken + } + + if ( $PsBoundParameters.ContainsKey('email_to') ) { + $_userlocal | add-member -name "email-to" -membertype NoteProperty -Value $email_to + } + + if ( $PsBoundParameters.ContainsKey('sms_server') ) { + $_userlocal | add-member -name "sms-server" -membertype NoteProperty -Value $sms_server + } + + if ($PSCmdlet.ShouldProcess($userlocal.name, 'Configure User Local')) { + Invoke-FGTRestMethod -method "PUT" -body $_userlocal -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTUserLocal -connection $connection @invokeParams -name $userlocal.name + } + } + + End { + } +} + function Remove-FGTUserLocal { <# @@ -274,7 +413,7 @@ function Remove-FGTUserLocal { $invokeParams.add( 'vdom', $vdom ) } - $uri = "api/v2/cmdb/user/local/$($address.name)" + $uri = "api/v2/cmdb/user/local/$($userlocal.name)" if ($PSCmdlet.ShouldProcess($userlocal.name, 'Remove User Local')) { $null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams From 4a3e9c197b40a4c7b209397508f7cd7b742a0916 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 10:08:48 +0200 Subject: [PATCH 04/17] Add Confirm function --- PowerFGT/Private/Confirm.ps1 | 46 ++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index 40f3f8d1..e3a94fc2 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -336,3 +336,49 @@ Function Confirm-FGTInterface { $true } + +Function Confirm-FGTUserLocal { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + + if ( -not ( $argument | get-member -name name -Membertype Properties)) { + throw "Element specified does not contain a name property." + } + if ( -not ( $argument | get-member -name status -Membertype Properties)) { + throw "Element specified does not contain a status property." + } + if ( -not ( $argument | get-member -name type -Membertype Properties)) { + throw "Element specified does not contain a type property." + } + if ( -not ( $argument | get-member -name passwd -Membertype Properties)) { + throw "Element specified does not contain a passwd property." + } + if ( -not ( $argument | get-member -name ldap-server -Membertype Properties)) { + throw "Element specified does not contain a ldap-server property." + } + if ( -not ( $argument | get-member -name radius-server -Membertype Properties)) { + throw "Element specified does not contain a radius-server property." + } + if ( -not ( $argument | get-member -name tacacs+-server -Membertype Properties)) { + throw "Element specified does not contain a tacacs+-server property." + } + if ( -not ( $argument | get-member -name two-factor -Membertype Properties)) { + throw "Element specified does not contain a two-factor property." + } + if ( -not ( $argument | get-member -name two-factor-authentication -Membertype Properties)) { + throw "Element specified does not contain a two-factor-authentication property." + } + if ( -not ( $argument | get-member -name fortitoken -Membertype Properties)) { + throw "Element specified does not contain a fortitoken property." + } + if ( -not ( $argument | get-member -name email-to -Membertype Properties)) { + throw "Element specified does not contain a email-to property." + } + if ( -not ( $argument | get-member -name sms-server -Membertype Properties)) { + throw "Element specified does not contain a sms-server property." + } + + $true \ No newline at end of file From 8b6ecab4ec6537bcf664b6e8a2f8907442857492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:02:18 +0200 Subject: [PATCH 05/17] Add Tests --- Tests/integration/UserLocal.Tests.ps1 | 187 ++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 Tests/integration/UserLocal.Tests.ps1 diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 new file mode 100644 index 00000000..f0bf9854 --- /dev/null +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -0,0 +1,187 @@ +# +# Copyright 2022, Cedric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +#include common configuration +. ../common.ps1 + +BeforeAll { + Connect-FGT @invokeParams +} + +Describe "Get User Local" { + + BeforeAll { + $userlocal = Add-FGTUserLocal -Name $pester_userlocal -name PowerFGT1 + #$script:uuid = $addr.uuid + } + + It "Get User Local Does not throw an error" { + { + Get-FGTUserLocal + } | Should -Not -Throw + } + + It "Get ALL userlocal" { + $userlocal = Get-FGTUserLocal + $userlocal.count | Should -Not -Be $NULL + } + + It "Get ALL userlocal with -skip" { + $userlocal = Get-FGTUserLocal -skip + $userlocal.count | Should -Not -Be $NULL + } + + It "Get userlocal ($pester_userlocal)" { + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal.name | Should -Be $pester_userlocal + } + + It "Get userlocal ($pester_userlocal) and confirm (via Confirm-FGTUserLocal)" { + $userlocal = Get-FGTUserLocal -name $pester_userlocal + Confirm-FGTuserlocal ($userlocal) | Should -Be $true + } + + Context "Search" { + + It "Search userlocal by name ($pester_userlocal)" { + $userlocal = Get-FGTUserLocal -name $pester_userlocal + @($userlocal).count | Should -be 1 + $userlocal.name | Should -Be $pester_userlocal + } + + <#It "Search userlocal by uuid ($script:uuid)" { + $userlocal = Get-FGTUserLocal -uuid $script:uuid + @($userlocal).count | Should -be 1 + $userlocal.name | Should -Be $pester_userlocal + }#> + + } + + AfterAll { + Get-FGTUserLocal -name $pester_userlocal | Remove-FGTUserLocal -confirm:$false + } + +} + +Describe "Add User Local" { + + Context "local" { + + AfterEach { + Get-FGTUserLocal -name $pester_userlocal | Remove-FGTUserLocal -confirm:$false + } + + It "Add userlocal $pester_userlocal enable" { + Add-FGTUserLocal -Name $pester_userlocal -status + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal.name | Should -Be $pester_userlocal + $userlocal.status | Should -Be "enable" + $userlocal.'email-to' | Should -BeNullOrEmpty + $userlocal.'two-factor' | Should -BeNullOrEmpty + } + + It "Add userlocal $pester_userlocal email to" { + Add-FGTUserLocal -Name $pester_userlocal -email_to "powerfgt@power.fgt" + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal.name | Should -Be $pester_userlocal + $userlocal.status | Should -Be "disable" + $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" + $userlocal.'two-factor' | Should -BeNullOrEmpty + } + + It "Add userlocal $pester_userlocal MFA" { + Add-FGTUserLocal -Name $pester_userlocal -status -two_factor email -email_to "powerfgt@power.fgt" + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal.name | Should -Be $pester_userlocal + $userlocal.status | Should -Be "disable" + $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" + $userlocal.'two-factor' | Should -Be "email" + } + + It "Try to Add userlocal $pester_userlocal (but there is already a object with same name)" { + #Add first userlocal + Add-FGTUserLocal -Name $pester_userlocal -status + #Add Second userlocal with same name + { Add-FGTUserLocal -Name $pester_userlocal -status } | Should -Throw "Already a user object using the same name" + } + + } + +} + +Describe "Configure User Local" { + + Context "local" { + + BeforeAll { + $userlocal = Add-FGTUserLocal -Name $pester_userlocal + } + + It "Change status userlocal" { + Get-FGTUserLocal -name $pester_userlocal | Set-FGTUserLocal -status + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal.name | Should -Be $pester_userlocal + $userlocal.status | Should -Be "enable" + $userlocal.'email-to' | Should -BeNullOrEmpty + $userlocal.'two-factor' | Should -BeNullOrEmpty + } + + It "Change email to" { + Get-FGTUserLocal -name $pester_userlocal | Set-FGTUserLocal -email_to "powerfgt@power.fgt" + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal.name | Should -Be $pester_userlocal + $userlocal.status | Should -Be "disable" + $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" + $userlocal.'two-factor' | Should -BeNullOrEmpty + } + + It "Change MFA" { + Get-FGTUserLocal -name $pester_userlocal | Set-FGTUserLocal -two_factor email + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal.name | Should -Be $pester_userlocal + $userlocal.status | Should -Be "disable" + $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" + $userlocal.'two-factor' | Should -Be "email" + } + + It "Change Name" { + Get-FGTUserLocal -name $pester_userlocal | Set-FGTUserLocal -name "pester_userlocal_change" + $userlocal = Get-FGTUserLocal -name "pester_userlocal_change" + $userlocal.name | Should -Be "pester_userlocal_change" + $userlocal.status | Should -Be "disable" + $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" + $userlocal.'two-factor' | Should -Be "email" + } + + AfterAll { + Get-FGTUserLocal -name "pester_userlocal_change" | Remove-FGTUserLocal -confirm:$false + } + + } +} + +Describe "Remove User Local" { + + Context "local" { + + BeforeEach { + Add-FGTUserLocal -Name $pester_userlocal + } + + It "Remove userlocal $pester_userlocal by pipeline" { + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal | Remove-FGTUserLocal -confirm:$false + $userlocal = Get-FGTUserLocal -name $pester_userlocal + $userlocal | Should -Be $NULL + } + + } + +} + +AfterAll { + Disconnect-FGT -confirm:$false +} \ No newline at end of file From 47f1908ae0905fcdfedc71db6ee5335eb6107826 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:03:53 +0200 Subject: [PATCH 06/17] Add pester variable --- Tests/common.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 186e11fc..25fd1719 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -38,6 +38,7 @@ $script:pester_int1 = "int1" $script:pester_vlanid1 = "10" $script:pester_zone1 = "pester_zone1" $script:pester_zone2 = "pester_zone2" +$script:pester_userlocal = "pester_userlocal" . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... From 05bb94ba5ae0a322e9b6ef88331218bbdbf464f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:15:40 +0200 Subject: [PATCH 07/17] add password variable --- Tests/common.ps1 | 1 + Tests/integration/UserLocal.Tests.ps1 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/common.ps1 b/Tests/common.ps1 index 25fd1719..2f809218 100644 --- a/Tests/common.ps1 +++ b/Tests/common.ps1 @@ -39,6 +39,7 @@ $script:pester_vlanid1 = "10" $script:pester_zone1 = "pester_zone1" $script:pester_zone2 = "pester_zone2" $script:pester_userlocal = "pester_userlocal" +$script:pester_userlocalpassword = "pester_userlocalpassword" . ../credential.ps1 #TODO: Add check if no ipaddress/login/password info... diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 index f0bf9854..063bb103 100644 --- a/Tests/integration/UserLocal.Tests.ps1 +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -14,7 +14,7 @@ BeforeAll { Describe "Get User Local" { BeforeAll { - $userlocal = Add-FGTUserLocal -Name $pester_userlocal -name PowerFGT1 + Add-FGTUserLocal -name $pester_userlocal #$script:uuid = $addr.uuid } From 22f31e4bd4f5866a5a7015e25ab2de24bc4b9513 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:17:06 +0200 Subject: [PATCH 08/17] Add password in ADD function --- Tests/integration/UserLocal.Tests.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 index 063bb103..af4c70f3 100644 --- a/Tests/integration/UserLocal.Tests.ps1 +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -14,7 +14,7 @@ BeforeAll { Describe "Get User Local" { BeforeAll { - Add-FGTUserLocal -name $pester_userlocal + Add-FGTUserLocal -name $pester_userlocal -password $pester_userlocalpassword #$script:uuid = $addr.uuid } @@ -75,7 +75,7 @@ Describe "Add User Local" { } It "Add userlocal $pester_userlocal enable" { - Add-FGTUserLocal -Name $pester_userlocal -status + Add-FGTUserLocal -Name $pester_userlocal -status -password $pester_userlocalpassword $userlocal = Get-FGTUserLocal -name $pester_userlocal $userlocal.name | Should -Be $pester_userlocal $userlocal.status | Should -Be "enable" @@ -84,7 +84,7 @@ Describe "Add User Local" { } It "Add userlocal $pester_userlocal email to" { - Add-FGTUserLocal -Name $pester_userlocal -email_to "powerfgt@power.fgt" + Add-FGTUserLocal -Name $pester_userlocal -email_to "powerfgt@power.fgt" -password $pester_userlocalpassword $userlocal = Get-FGTUserLocal -name $pester_userlocal $userlocal.name | Should -Be $pester_userlocal $userlocal.status | Should -Be "disable" @@ -93,7 +93,7 @@ Describe "Add User Local" { } It "Add userlocal $pester_userlocal MFA" { - Add-FGTUserLocal -Name $pester_userlocal -status -two_factor email -email_to "powerfgt@power.fgt" + Add-FGTUserLocal -Name $pester_userlocal -status -two_factor email -email_to "powerfgt@power.fgt" -password $pester_userlocalpassword $userlocal = Get-FGTUserLocal -name $pester_userlocal $userlocal.name | Should -Be $pester_userlocal $userlocal.status | Should -Be "disable" @@ -103,9 +103,9 @@ Describe "Add User Local" { It "Try to Add userlocal $pester_userlocal (but there is already a object with same name)" { #Add first userlocal - Add-FGTUserLocal -Name $pester_userlocal -status + Add-FGTUserLocal -Name $pester_userlocal -status -password $pester_userlocalpassword #Add Second userlocal with same name - { Add-FGTUserLocal -Name $pester_userlocal -status } | Should -Throw "Already a user object using the same name" + { Add-FGTUserLocal -Name $pester_userlocal -status -password $pester_userlocalpassword } | Should -Throw "Already a user object using the same name" } } @@ -117,7 +117,7 @@ Describe "Configure User Local" { Context "local" { BeforeAll { - $userlocal = Add-FGTUserLocal -Name $pester_userlocal + $userlocal = Add-FGTUserLocal -Name $pester_userlocal -password $pester_userlocalpassword } It "Change status userlocal" { @@ -168,7 +168,7 @@ Describe "Remove User Local" { Context "local" { BeforeEach { - Add-FGTUserLocal -Name $pester_userlocal + Add-FGTUserLocal -Name $pester_userlocal -password $pester_userlocalpassword } It "Remove userlocal $pester_userlocal by pipeline" { From e87556e72d500ebdf2202f5d1dd5d985be65420a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:19:06 +0200 Subject: [PATCH 09/17] Fix confirm.ps1 --- PowerFGT/Private/Confirm.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index e3a94fc2..5acf89af 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -381,4 +381,6 @@ Function Confirm-FGTUserLocal { throw "Element specified does not contain a sms-server property." } - $true \ No newline at end of file + $true + +} \ No newline at end of file From 2ac35dfebe1f010fb66d2d44be33988fc4db47cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:20:35 +0200 Subject: [PATCH 10/17] Fix typo --- Tests/integration/UserLocal.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 index af4c70f3..e2477b58 100644 --- a/Tests/integration/UserLocal.Tests.ps1 +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -41,7 +41,7 @@ Describe "Get User Local" { It "Get userlocal ($pester_userlocal) and confirm (via Confirm-FGTUserLocal)" { $userlocal = Get-FGTUserLocal -name $pester_userlocal - Confirm-FGTuserlocal ($userlocal) | Should -Be $true + Confirm-FGTUserLocal ($userlocal) | Should -Be $true } Context "Search" { From c4942c8d136c7878ff2369f1943ba0b14252e596 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:22:52 +0200 Subject: [PATCH 11/17] Fix Tests (Add two-factor) --- Tests/integration/UserLocal.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 index e2477b58..648b33ef 100644 --- a/Tests/integration/UserLocal.Tests.ps1 +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -80,7 +80,7 @@ Describe "Add User Local" { $userlocal.name | Should -Be $pester_userlocal $userlocal.status | Should -Be "enable" $userlocal.'email-to' | Should -BeNullOrEmpty - $userlocal.'two-factor' | Should -BeNullOrEmpty + $userlocal.'two-factor' | Should -Be "disable" } It "Add userlocal $pester_userlocal email to" { @@ -89,7 +89,7 @@ Describe "Add User Local" { $userlocal.name | Should -Be $pester_userlocal $userlocal.status | Should -Be "disable" $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" - $userlocal.'two-factor' | Should -BeNullOrEmpty + $userlocal.'two-factor' | Should -Be "disable" } It "Add userlocal $pester_userlocal MFA" { From 31604f3585fc8452a93ed1b290204212bd1aa85b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:25:38 +0200 Subject: [PATCH 12/17] Fix set function and tests --- PowerFGT/Public/cmdb/user/local.ps1 | 2 +- Tests/integration/UserLocal.Tests.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/local.ps1 b/PowerFGT/Public/cmdb/user/local.ps1 index aec8e914..476cdeb0 100644 --- a/PowerFGT/Public/cmdb/user/local.ps1 +++ b/PowerFGT/Public/cmdb/user/local.ps1 @@ -264,7 +264,7 @@ function Set-FGTUserLocal { [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] #[ValidateScript( { Confirm-FGTAddress $_ })] [psobject]$userlocal, - [Parameter (Mandatory = $true)] + [Parameter (Mandatory = $false)] [string]$name, [Parameter (Mandatory = $false)] [switch]$status, diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 index 648b33ef..010d7fbb 100644 --- a/Tests/integration/UserLocal.Tests.ps1 +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -96,7 +96,7 @@ Describe "Add User Local" { Add-FGTUserLocal -Name $pester_userlocal -status -two_factor email -email_to "powerfgt@power.fgt" -password $pester_userlocalpassword $userlocal = Get-FGTUserLocal -name $pester_userlocal $userlocal.name | Should -Be $pester_userlocal - $userlocal.status | Should -Be "disable" + $userlocal.status | Should -Be "enable" $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" $userlocal.'two-factor' | Should -Be "email" } @@ -105,7 +105,7 @@ Describe "Add User Local" { #Add first userlocal Add-FGTUserLocal -Name $pester_userlocal -status -password $pester_userlocalpassword #Add Second userlocal with same name - { Add-FGTUserLocal -Name $pester_userlocal -status -password $pester_userlocalpassword } | Should -Throw "Already a user object using the same name" + { Add-FGTUserLocal -Name $pester_userlocal -status -password $pester_userlocalpassword } | Should -Throw "Already an Local User object using the same name" } } From 9d74fec856465b9c0b90c5cb99014caab8acf481 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:34:23 +0200 Subject: [PATCH 13/17] Fix tests --- Tests/integration/UserLocal.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 index 010d7fbb..a2f4e743 100644 --- a/Tests/integration/UserLocal.Tests.ps1 +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -126,7 +126,7 @@ Describe "Configure User Local" { $userlocal.name | Should -Be $pester_userlocal $userlocal.status | Should -Be "enable" $userlocal.'email-to' | Should -BeNullOrEmpty - $userlocal.'two-factor' | Should -BeNullOrEmpty + $userlocal.'two-factor' | Should -Be "disable" } It "Change email to" { @@ -135,7 +135,7 @@ Describe "Configure User Local" { $userlocal.name | Should -Be $pester_userlocal $userlocal.status | Should -Be "disable" $userlocal.'email-to' | Should -Be "powerfgt@power.fgt" - $userlocal.'two-factor' | Should -BeNullOrEmpty + $userlocal.'two-factor' | Should -Be "disable" } It "Change MFA" { From f3e4229be358d6b09bd4ad2855ca61b2629e9bb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:37:31 +0200 Subject: [PATCH 14/17] Add Confirm-FGTUserLocal to set and remove --- PowerFGT/Public/cmdb/user/local.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PowerFGT/Public/cmdb/user/local.ps1 b/PowerFGT/Public/cmdb/user/local.ps1 index 476cdeb0..a093d5c2 100644 --- a/PowerFGT/Public/cmdb/user/local.ps1 +++ b/PowerFGT/Public/cmdb/user/local.ps1 @@ -262,7 +262,7 @@ function Set-FGTUserLocal { [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] Param( [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] - #[ValidateScript( { Confirm-FGTAddress $_ })] + [ValidateScript( { Confirm-FGTAddress $_ })] [psobject]$userlocal, [Parameter (Mandatory = $false)] [string]$name, @@ -395,7 +395,7 @@ function Remove-FGTUserLocal { [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] Param( [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] - #[ValidateScript( { Confirm-FGTUserLocal $_ })] + [ValidateScript( { Confirm-FGTUserLocal $_ })] [psobject]$userlocal, [Parameter(Mandatory = $false)] [String[]]$vdom, From 1586014300db0af29a455d2f1c903bbfe5a63eaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:47:17 +0200 Subject: [PATCH 15/17] Change password to securestring --- PowerFGT/Public/cmdb/user/local.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PowerFGT/Public/cmdb/user/local.ps1 b/PowerFGT/Public/cmdb/user/local.ps1 index a093d5c2..dd25b239 100644 --- a/PowerFGT/Public/cmdb/user/local.ps1 +++ b/PowerFGT/Public/cmdb/user/local.ps1 @@ -31,7 +31,7 @@ function Add-FGTUserLocal { [Parameter (Mandatory = $false)] [switch]$status, [Parameter (Mandatory = $false, ParameterSetName = "local")] - [string]$password, + [SecureString]$password, [Parameter (Mandatory = $false, ParameterSetName = "radius")] [string]$radius_server, [Parameter (Mandatory = $false, ParameterSetName = "tacacs")] From c626d4fc4efcd68147826e4227de759b219a6a77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:49:56 +0200 Subject: [PATCH 16/17] Change password to securestring on set function --- PowerFGT/Public/cmdb/user/local.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PowerFGT/Public/cmdb/user/local.ps1 b/PowerFGT/Public/cmdb/user/local.ps1 index dd25b239..485f4409 100644 --- a/PowerFGT/Public/cmdb/user/local.ps1 +++ b/PowerFGT/Public/cmdb/user/local.ps1 @@ -269,7 +269,7 @@ function Set-FGTUserLocal { [Parameter (Mandatory = $false)] [switch]$status, [Parameter (Mandatory = $false, ParameterSetName = "local")] - [string]$password, + [SecureString]$password, [Parameter (Mandatory = $false, ParameterSetName = "radius")] [string]$radius_server, [Parameter (Mandatory = $false, ParameterSetName = "tacacs")] From fd45029f1542bfab1e27c596be3be09efdc99f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 31 May 2022 11:54:25 +0200 Subject: [PATCH 17/17] remove variable not used --- Tests/integration/UserLocal.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/integration/UserLocal.Tests.ps1 b/Tests/integration/UserLocal.Tests.ps1 index a2f4e743..ca855587 100644 --- a/Tests/integration/UserLocal.Tests.ps1 +++ b/Tests/integration/UserLocal.Tests.ps1 @@ -117,7 +117,7 @@ Describe "Configure User Local" { Context "local" { BeforeAll { - $userlocal = Add-FGTUserLocal -Name $pester_userlocal -password $pester_userlocalpassword + Add-FGTUserLocal -Name $pester_userlocal -password $pester_userlocalpassword } It "Change status userlocal" {