Skip to content
Permalink
Browse files

Get-DbaComputerSystem updates - Improve Handling for TLS (#5203)

- Added CPU information
- Addressed TLS for accessing AWS metadata
  • Loading branch information...
sheldonhull authored and wsmelton committed Mar 15, 2019
1 parent 6e3393f commit 705253c53259187420186f394ce662f57353e5c4
@@ -71,8 +71,10 @@ function Get-DbaComputerSystem {

if (Test-Bound "Credential") {
$computerSystem = Get-DbaCmObject -ClassName Win32_ComputerSystem -ComputerName $computerResolved -Credential $Credential
$computerProcessor = Get-DbaCmObject -ClassName Win32_Processor -ComputerName $computerResolved -Credential $Credential
} else {
$computerSystem = Get-DbaCmObject -ClassName Win32_ComputerSystem -ComputerName $computerResolved
$computerProcessor = Get-DbaCmObject -ClassName Win32_Processor -ComputerName $computerResolved
}

$adminPasswordStatus =
@@ -100,22 +102,25 @@ function Get-DbaComputerSystem {
}

if ($IncludeAws) {
$isAws = Invoke-Command2 -ComputerName $computerResolved -Credential $Credential -ScriptBlock { ((Invoke-TlsWebRequest -TimeoutSec 15 -Uri 'http://169.254.169.254').StatusCode) -eq 200 } -Raw
try {
$isAws = Invoke-Command2 -ComputerName $computerResolved -Credential $Credential -ScriptBlock { ((Invoke-TlsRestMethod -TimeoutSec 15 -Uri 'http://169.254.169.254').StatusCode) -eq 200 } -Raw
} catch [System.Net.WebException] {
$isAws = $false
Write-Message -Level Warning -Message "$computerResolved was not found to be an EC2 instance. Verify http://169.254.169.254 is accessible on the computer."
}

if ($isAws) {
$scriptBlock = {
[PSCustomObject]@{
AmiId = (Invoke-TlsWebRequest -Uri 'http://169.254.169.254/latest/meta-data/ami-id').Content
IamRoleArn = ((Invoke-TlsWebRequest -Uri 'http://169.254.169.254/latest/meta-data/iam/info').Content | ConvertFrom-Json).InstanceProfileArn
InstanceId = (Invoke-TlsWebRequest -Uri 'http://169.254.169.254/latest/meta-data/instance-id').Content
InstanceType = (Invoke-TlsWebRequest -Uri 'http://169.254.169.254/latest/meta-data/instance-type').Content
AvailabilityZone = (Invoke-TlsWebRequest -Uri 'http://169.254.169.254/latest/meta-data/placement/availability-zone').Content
PublicHostname = (Invoke-TlsWebRequest -Uri 'http://169.254.169.254/latest/meta-data/public-hostname').Content
AmiId = (Invoke-TlsRestMethod -Uri 'http://169.254.169.254/latest/meta-data/ami-id')
IamRoleArn = ((Invoke-TlsRestMethod -Uri 'http://169.254.169.254/latest/meta-data/iam/info').InstanceProfileArn)
InstanceId = (Invoke-TlsRestMethod -Uri 'http://169.254.169.254/latest/meta-data/instance-id')
InstanceType = (Invoke-TlsRestMethod -Uri 'http://169.254.169.254/latest/meta-data/instance-type')
AvailabilityZone = (Invoke-TlsRestMethod -Uri 'http://169.254.169.254/latest/meta-data/placement/availability-zone')
PublicHostname = (Invoke-TlsRestMethod -Uri 'http://169.254.169.254/latest/meta-data/public-hostname')
}
}
$awsProps = Invoke-Command2 -ComputerName $computerResolved -Credential $Credential -ScriptBlock $scriptBlock
} else {
Write-Message -Level Warning -Message "$computerResolved was not found to be an EC2 instance. Verify http://169.254.169.254 is accessible on the computer."
}
}
$inputObject = [PSCustomObject]@{
@@ -127,6 +132,9 @@ function Get-DbaComputerSystem {
SystemFamily = $computerSystem.SystemFamily
SystemSkuNumber = $computerSystem.SystemSKUNumber
SystemType = $computerSystem.SystemType
ProcessorName = $computerProcessor.Name
ProcessorCaption = $computerProcessor.Caption
ProcessorMaxClockSpeed = $computerProcessor.MaxClockSpeed
NumberLogicalProcessors = $computerSystem.NumberOfLogicalProcessors
NumberProcessors = $computerSystem.NumberOfProcessors
IsHyperThreading = $isHyperThreading
@@ -152,4 +160,4 @@ function Get-DbaComputerSystem {
}
}
}
}
}
@@ -0,0 +1,18 @@
function Invoke-TlsRestMethod {
<#
Internal utility that mimics invoke-RestMethod
but enables all tls available version
rather than the default, which on a lot
of standard installations is just TLS 1.0
#>
$currentVersionTls = [Net.ServicePointManager]::SecurityProtocol
$currentSupportableTls = [Math]::Max($currentVersionTls.value__, [Net.SecurityProtocolType]::Tls.value__)
$availableTls = [enum]::GetValues('Net.SecurityProtocolType') | Where-Object { $_ -gt $currentSupportableTls }
$availableTls | ForEach-Object {
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_
}

Invoke-RestMethod @Args

[Net.ServicePointManager]::SecurityProtocol = $currentVersionTls
}
@@ -1,4 +1,5 @@
function Invoke-TlsWebRequest {

<#
Internal utility that mimics invoke-webrequest
but enables all tls available version

0 comments on commit 705253c

Please sign in to comment.
You can’t perform that action at this time.