Scripts/View/Add-CohesityViewShareAllowlist.ps1
|
function Add-CohesityViewShareAllowlist { <# .SYNOPSIS Add allowlist IP(s) for a given share. .DESCRIPTION Add allowlist IP(s) for a given share. .NOTES Published by Cohesity .LINK https://cohesity.github.io/cohesity-powershell-module/#/README .EXAMPLE Add-CohesityViewShareAllowlist -ShareName view1Share1 -IPAllowlist "1.1.1.1", "2.2.2.2" -NetmaskIP4 "255.255.255.0" Add allowlist IP(s) an override global allowlist for a given share. .EXAMPLE Add-CohesityViewShareAllowlist -ShareName view1Share1 -IPAllowlist "1.1.1.1", "2.2.2.2" -NetmaskIP4 "255.255.255.0" -NFSRootSquash -NFSAccess "kReadWrite" -NFSAllSquash -SMBAccess "kReadWrite" Add allowlist IP(s) an override global allowlist for a given share with optional parameters #> [OutputType('System.Object')] [CmdletBinding(SupportsShouldProcess = $True, ConfirmImpact = "High")] Param( [Parameter(Mandatory = $true)] # Specifies share name. [string]$ShareName, [Parameter(Mandatory = $true)] # Specifies IPv4 addresses or FQDNs. [string[]]$IPAllowlist, [Parameter(Mandatory = $true)] # Specifies the netmask using an IP4 address. The netmask can only be set using netmaskIp4 if the IP address is an IPv4 address. [string]$NetmaskIP4, [Parameter(Mandatory = $false)] # Specifies whether clients from this subnet can mount as root on NFS. [switch]$NFSRootSquash, [Parameter(Mandatory = $false)] [ValidateSet("kDisabled", "kReadOnly", "kReadWrite")] # Specifies whether clients from this subnet can mount using NFS protocol. [string]$NFSAccess = "kReadWrite", [Parameter(Mandatory = $false)] # Specifies whether all clients from this subnet can map view with view_all_squash_uid/view_all_squash_gid configured in the view. [switch]$NFSAllSquash, [Parameter(Mandatory = $false)] [ValidateSet("kDisabled", "kReadOnly", "kReadWrite")] # Specifies whether clients from this subnet can mount using SMB protocol. [string]$SMBAccess = "kReadWrite" ) Begin { $cohesitySession = CohesityUserProfile $cohesityCluster = $cohesitySession.ClusterUri $cohesityToken = $cohesitySession.Accesstoken.Accesstoken } Process { $response = Get-CohesityViewShareAllowlist -ShareName $ShareName if (-not $response) { Write-Output "Could not proceed, share name '$ShareName' not found." return } $foundShareObject = $response | Where-Object { $_.AliasName -eq $ShareName } | Select-Object -first 1 if (-not $foundShareObject) { Write-Output "Share name '$ShareName' not found" return } if ($PSCmdlet.ShouldProcess($ShareName)) { $property = Get-Member -InputObject $foundShareObject -Name SubnetWhitelist if (-not $property) { $foundShareObject | Add-Member -NotePropertyName SubnetWhitelist -NotePropertyValue @() } $propertyAliasName = Get-Member -InputObject $foundShareObject -Name aliasName if (-not $propertyAliasName) { $foundShareObject | Add-Member -NotePropertyName 'aliasName' -NotePropertyValue $ShareName } $allowList = @() foreach ($ip in $IPAllowlist) { $newIP = @{ ip = $ip netmaskIp4 = $NetmaskIP4 nfsRootSquash = $NFSRootSquash.IsPresent nfsAccess = $NFSAccess smbAccess = $SMBAccess nfsAllSquash = $NFSAllSquash.IsPresent } $allowList += $newIP } $foundShareObject.SubnetWhitelist += $allowList $cohesityClusterURL = $cohesityCluster + '/irisservices/api/v1/public/viewAliases' $cohesityHeaders = @{'Authorization' = 'Bearer ' + $cohesityToken } $payloadJson = $foundShareObject | ConvertTo-Json -Depth 100 $resp = Invoke-RestApi -Method Put -Uri $cohesityClusterURL -Headers $cohesityHeaders -Body $payloadJson if ($resp) { $resp } else { $errorMsg = "View share allowlist : Failed to add" Write-Output $errorMsg CSLog -Message $errorMsg } } } End { } } |