-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Local User (Add/Set/Remove) #190
base: master
Are you sure you want to change the base?
Changes from all commits
2eedd9e
070363a
49f169b
4a3e9c1
8b6ecab
47f1908
05bb94b
22f31e4
e87556e
2ac35df
c4942c8
31604f3
9d74fec
f3e4229
1586014
c626d4f
fd45029
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,6 +5,129 @@ | |
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
|
||
function Add-FGTUserLocal { | ||
|
||
<# | ||
.SYNOPSIS | ||
Add a FortiGate Local User | ||
|
||
.DESCRIPTION | ||
Add a FortiGate Local User (Name, Password, MFA) | ||
|
||
.EXAMPLE | ||
Add-FGTUserLocal -Name FGT -password MyFGT -status | ||
|
||
Add Local User object name FGT, password MyFGT and enable it | ||
|
||
.EXAMPLE | ||
Add-FGTUserLocal -Name FGT -password MyFGT -status -two_factor email -two_factor_authentication email -email_to powerfgt@fgt.power | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. add a .EXAMPLE with (forti)token ? |
||
|
||
Add Local User object name FGT, password MyFGT and enable it, with two factor authentication by email | ||
#> | ||
|
||
Param( | ||
[Parameter (Mandatory = $true)] | ||
[string]$name, | ||
[Parameter (Mandatory = $false)] | ||
[switch]$status, | ||
[Parameter (Mandatory = $false, ParameterSetName = "local")] | ||
[SecureString]$password, | ||
[Parameter (Mandatory = $false, ParameterSetName = "radius")] | ||
[string]$radius_server, | ||
[Parameter (Mandatory = $false, ParameterSetName = "tacacs")] | ||
[string]$tacacs_server, | ||
[Parameter (Mandatory = $false)] | ||
[ValidateSet("fortitoken", "email", "sms", "disable", "fortitoken-cloud")] | ||
[string]$two_factor, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can't be merge with two_factor_authentication There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. avoid duplicate entry... |
||
[Parameter (Mandatory = $false)] | ||
[ValidateSet("fortitoken", "email", "sms")] | ||
[string]$two_factor_authentication, | ||
[Parameter (Mandatory = $false)] | ||
[string]$two_factor_notification, | ||
[Parameter (Mandatory = $false)] | ||
[string]$fortitoken, | ||
[Parameter (Mandatory = $false)] | ||
[string]$email_to, | ||
[Parameter (Mandatory = $false)] | ||
[string]$sms_server, | ||
[Parameter(Mandatory = $false)] | ||
[String[]]$vdom, | ||
[Parameter(Mandatory = $false)] | ||
[psobject]$connection = $DefaultFGTConnection | ||
) | ||
|
||
Begin { | ||
} | ||
|
||
Process { | ||
|
||
$invokeParams = @{ } | ||
if ( $PsBoundParameters.ContainsKey('vdom') ) { | ||
$invokeParams.add( 'vdom', $vdom ) | ||
} | ||
|
||
if ( Get-FGTUserLocal @invokeParams -name $name -connection $connection) { | ||
Throw "Already an Local User object using the same name" | ||
} | ||
|
||
$uri = "api/v2/cmdb/user/local" | ||
|
||
$Local_User = new-Object -TypeName PSObject | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. only $local ? (New-Object :p) |
||
|
||
$Local_User | add-member -name "name" -membertype NoteProperty -Value $name | ||
|
||
if ($status) { | ||
$Local_User | add-member -name "status" -membertype NoteProperty -Value "enable" | ||
} | ||
else { | ||
$Local_User | add-member -name "status" -membertype NoteProperty -Value "disable" | ||
} | ||
|
||
switch ( $PSCmdlet.ParameterSetName ) { | ||
"local" { | ||
$Local_User | add-member -name "type" -membertype NoteProperty -Value "password" | ||
$Local_User | add-member -name "passwd" -membertype NoteProperty -Value $password | ||
} | ||
"radius" { | ||
$Local_User | add-member -name "type" -membertype NoteProperty -Value "radius" | ||
$Local_User | add-member -name "radius-server" -membertype NoteProperty -Value $radius_server | ||
} | ||
"tacacs" { | ||
$Local_User | add-member -name "type" -membertype NoteProperty -Value "tacacs" | ||
$Local_User | add-member -name "tacacs+-server" -membertype NoteProperty -Value $tacacs_server | ||
} | ||
default { } | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('two_factor') ) { | ||
$Local_User | add-member -name "two-factor" -membertype NoteProperty -Value $two_factor | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('two_factor_authentication') ) { | ||
$Local_User | add-member -name "two-factor-authentication" -membertype NoteProperty -Value $two_factor_authentication | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('fortitoken') ) { | ||
$Local_User | add-member -name "fortitoken" -membertype NoteProperty -Value $fortitoken | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('email_to') ) { | ||
$Local_User | add-member -name "email-to" -membertype NoteProperty -Value $email_to | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('sms_server') ) { | ||
$Local_User | add-member -name "sms-server" -membertype NoteProperty -Value $sms_server | ||
} | ||
|
||
Invoke-FGTRestMethod -method "POST" -body $Local_User -uri $uri -connection $connection @invokeParams | out-Null | ||
|
||
Get-FGTUserLocal -connection $connection @invokeParams -name $name | ||
} | ||
|
||
End { | ||
} | ||
} | ||
|
||
function Get-FGTUserLocal { | ||
|
||
<# | ||
|
@@ -103,6 +226,200 @@ function Get-FGTUserLocal { | |
$reponse.results | ||
} | ||
|
||
End { | ||
} | ||
} | ||
|
||
function Set-FGTUserLocal { | ||
|
||
<# | ||
.SYNOPSIS | ||
Configure a FortiGate Local User | ||
|
||
.DESCRIPTION | ||
Change a FortiGate Local User (ip, mask, comment, associated interface... ) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ip, mask, comment ?? |
||
|
||
.EXAMPLE | ||
$MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal | ||
PS C:\>$MyFGTUserLocal | Set-FGTUserLocal -status $false | ||
|
||
Change MyFGTUserLocal to status disable | ||
|
||
.EXAMPLE | ||
$MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal | ||
PS C:\>$MyFGTUserLocal | Set-FGTUserLocal -password MyFGTUserLocalPassword | ||
|
||
Change MyFGTUserLocal to value (Password) MyFGTUserLocalPassword | ||
|
||
.EXAMPLE | ||
$MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal | ||
PS C:\>$MyFGTUserLocal | Set-FGTUserLocal -email_to newpowerfgt@fgt.power | ||
|
||
Change MyFGTUserLocal to set email to newpowerfgt@fgt.power | ||
|
||
#> | ||
|
||
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] | ||
Param( | ||
[Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] | ||
[ValidateScript( { Confirm-FGTAddress $_ })] | ||
[psobject]$userlocal, | ||
[Parameter (Mandatory = $false)] | ||
[string]$name, | ||
[Parameter (Mandatory = $false)] | ||
[switch]$status, | ||
[Parameter (Mandatory = $false, ParameterSetName = "local")] | ||
[SecureString]$password, | ||
[Parameter (Mandatory = $false, ParameterSetName = "radius")] | ||
[string]$radius_server, | ||
[Parameter (Mandatory = $false, ParameterSetName = "tacacs")] | ||
[string]$tacacs_server, | ||
[Parameter (Mandatory = $false)] | ||
[ValidateSet("fortitoken", "email", "sms", "disable", "fortitoken-cloud")] | ||
[string]$two_factor, | ||
[Parameter (Mandatory = $false)] | ||
[ValidateSet("fortitoken", "email", "sms")] | ||
[string]$two_factor_authentication, | ||
[Parameter (Mandatory = $false)] | ||
[string]$two_factor_notification, | ||
[Parameter (Mandatory = $false)] | ||
[string]$fortitoken, | ||
[Parameter (Mandatory = $false)] | ||
[string]$email_to, | ||
[Parameter (Mandatory = $false)] | ||
[string]$sms_server, | ||
[Parameter(Mandatory = $false)] | ||
[String[]]$vdom, | ||
[Parameter(Mandatory = $false)] | ||
[psobject]$connection = $DefaultFGTConnection | ||
) | ||
|
||
Begin { | ||
} | ||
|
||
Process { | ||
|
||
$invokeParams = @{ } | ||
if ( $PsBoundParameters.ContainsKey('vdom') ) { | ||
$invokeParams.add( 'vdom', $vdom ) | ||
} | ||
|
||
$uri = "api/v2/cmdb/user/local/$($userlocal.name)" | ||
|
||
$_userlocal = new-Object -TypeName PSObject | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. only $_local |
||
|
||
if ( $PsBoundParameters.ContainsKey('name') ) { | ||
#TODO check if there is no already a object with this name ? | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. an object |
||
$_userlocal | add-member -name "name" -membertype NoteProperty -Value $name | ||
$userlocal.name = $name | ||
} | ||
|
||
if ( $PSCmdlet.ParameterSetName -ne "default" -and $userlocal.type -ne $PSCmdlet.ParameterSetName ) { | ||
throw "Address type ($($userlocal.type)) need to be on the same type ($($PSCmdlet.ParameterSetName))" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Address type ? |
||
} | ||
|
||
if ($status) { | ||
$_userlocal | add-member -name "status" -membertype NoteProperty -Value "enable" | ||
} | ||
else { | ||
$_userlocal | add-member -name "status" -membertype NoteProperty -Value "disable" | ||
} | ||
|
||
switch ( $PSCmdlet.ParameterSetName ) { | ||
"local" { | ||
$_userlocal | add-member -name "passwd" -membertype NoteProperty -Value $password | ||
} | ||
"radius" { | ||
$_userlocal | add-member -name "radius-server" -membertype NoteProperty -Value $radius_server | ||
} | ||
"tacacs" { | ||
$_userlocal | add-member -name "tacacs+-server" -membertype NoteProperty -Value $tacacs_server | ||
} | ||
default { } | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('two_factor') ) { | ||
$_userlocal | add-member -name "two-factor" -membertype NoteProperty -Value $two_factor | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('two_factor_authentication') ) { | ||
$_userlocal | add-member -name "two-factor-authentication" -membertype NoteProperty -Value $two_factor_authentication | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('fortitoken') ) { | ||
$_userlocal | add-member -name "fortitoken" -membertype NoteProperty -Value $fortitoken | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('email_to') ) { | ||
$_userlocal | add-member -name "email-to" -membertype NoteProperty -Value $email_to | ||
} | ||
|
||
if ( $PsBoundParameters.ContainsKey('sms_server') ) { | ||
$_userlocal | add-member -name "sms-server" -membertype NoteProperty -Value $sms_server | ||
} | ||
|
||
if ($PSCmdlet.ShouldProcess($userlocal.name, 'Configure User Local')) { | ||
Invoke-FGTRestMethod -method "PUT" -body $_userlocal -uri $uri -connection $connection @invokeParams | out-Null | ||
|
||
Get-FGTUserLocal -connection $connection @invokeParams -name $userlocal.name | ||
} | ||
} | ||
|
||
End { | ||
} | ||
} | ||
|
||
function Remove-FGTUserLocal { | ||
|
||
<# | ||
.SYNOPSIS | ||
Remove a FortiGate Local User | ||
|
||
.DESCRIPTION | ||
Remove a local user object on the FortiGate | ||
|
||
.EXAMPLE | ||
$MyFGTUserLocal = Get-FGTUserLocal -name FGT | ||
PS C:\>$MyFGTUserLocal | Remove-FGTUserLocal | ||
|
||
Remove user object $MyFGTUserLocal | ||
|
||
.EXAMPLE | ||
$MyFGTUserLocal = Get-FGTUserLocal -name MyFGTUserLocal | ||
PS C:\>$MyFGTUserLocal | Remove-FGTUserLocal -confirm:$false | ||
|
||
Remove UserLocal object $MyFGTUserLocal with no confirmation | ||
|
||
#> | ||
|
||
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] | ||
Param( | ||
[Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] | ||
[ValidateScript( { Confirm-FGTUserLocal $_ })] | ||
[psobject]$userlocal, | ||
[Parameter(Mandatory = $false)] | ||
[String[]]$vdom, | ||
[Parameter(Mandatory = $false)] | ||
[psobject]$connection = $DefaultFGTConnection | ||
) | ||
|
||
Begin { | ||
} | ||
|
||
Process { | ||
|
||
$invokeParams = @{ } | ||
if ( $PsBoundParameters.ContainsKey('vdom') ) { | ||
$invokeParams.add( 'vdom', $vdom ) | ||
} | ||
|
||
$uri = "api/v2/cmdb/user/local/$($userlocal.name)" | ||
|
||
if ($PSCmdlet.ShouldProcess($userlocal.name, 'Remove User Local')) { | ||
$null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams | ||
} | ||
} | ||
|
||
End { | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
an email