MetasysRestClient

2.0.0-alpha1

Connect-MetasysAccount.ps1

                                
[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "", Justification = "The access token comes back in plain text, to convert to secure string I must use -AsPlainText", Scope = 'Function', Target = 'Connect-MetasysAccount')]

param()

Set-StrictMode -Version 3

Set-Variable -Name LatestVersion -Value 4 -Option Constant

function Connect-MetasysAccount {

    <#

    .Synopsis

    Connect to Metasys with an authenticated account for use with functions in MetasysRestClient module

    .DESCRIPTION

    The `Connect-MetasysAccount` function connects to a Metasys site with an authenticated account for use with

    functions from the MetasysRestClient PowerShell module.

    .Example

    Connect-MetasysAccount

    Prompts for `MetasysHost`, `UserName` and `Password` and attempts to authenticate with the host using

    the username and password as credentials.

    .Example

    $password = Read-Host -Prompt "password" -AsSecureString

    Connect-MetasysAccount -MetasysHost oas -UserName userName -Password $password

    After prompting for a password (stored as a secure string), connects the host named `oas` with

    the specified user name and password.

    #>

    [CmdLetBinding(PositionalBinding = $false)]

    param(

        # A hostname or ip address. This is the device `Connect-MetasysAccount` will athenticated with.

        #

        # Aliases: -h, -host, -SiteHost

        [Alias("h", "host", "SiteHost")]

        [String]$MetasysHost,

        # The username of an account on the host

        #

        # Alias: -u

        [Alias("u")]

        [String]$UserName,

        # The password of an account on the host. Note: `Password` takes a `SecureString`

        #

        # Alias: -p

        [Alias("p")]

        [SecureString]$Password,

        # The API version to use on the host.

        #

        # Alias: -v

        [Alias("v")]

        [ValidateRange(2, 4)]

        [Int32]$Version = 4,

        # Skips certificate validation checks. This includes all validations

        # such as expiration, revocation, trusted root authority, etc.

        # [!WARNING] Using this parameter is not secure and is not recommended.

        # This switch is only intended to be used against known hosts using a

        # self-signed certificate for testing purposes. Use at your own risk.

        [Switch]$SkipCertificateCheck

    )

    Clear-MetasysEnvVariables | Out-Null

    if (!$MetasysHost) {

        Write-Information "No MetasysHost specified. Prompting for value."

        $MetasysHost = Read-Host -Prompt "Metasys Host"

    }

    if (!$UserName) {

        Write-Information "No UserName specified. Searching secret management."

        $users = Get-SavedMetasysUsers -SiteHost $MetasysHost

        if ($users -and $users.Count -eq 1) {

            Write-Information "A single matching user account found for $MetasysHost"

            $UserName = $users | Select-Object -ExpandProperty UserName

        }

        else {

            Write-Information "Multiple matching user accounts found for $MetasysHost. Prompting for value for UserName."

            $UserName = Read-Host -Prompt "UserName"

        }

    }

    if (!$Password) {

        Write-Information "No Password specified. Search secret management for user $UserName on $MetasysHost and if none found prompting for value."

        $Password = (Get-SavedMetasysPassword -SiteHost $MetasysHost -UserName $UserName) ?? (Read-Host -Prompt "Password" -AsSecureString)

    }

    if (!$Version) {

        Write-Information "No version specified. Defaulting to v$LatestVersion"

        $Version = $LatestVersion

    }

    $body = @{

        username = $UserName;

        password = ConvertFrom-SecureString -AsPlainText $Password

    } | ConvertTo-Json

    $uri = "https://$MetasysHost/api/v$Version/login"

    try {

        Write-Information "Invoke-RestMethod -Uri $uri -Method Post -ContentType 'application/json' -Body '{ `"username`": `"$UserName`", `"password`": `"********`" }' -SkipCertificateCheck:`$$SkipCertificateCheck"

        $response = Invoke-RestMethod -Uri $uri -Method Post -ContentType 'application/json' -Body $body -SkipCertificateCheck:$SkipCertificateCheck

    }

    catch {

        Write-Error $_

        return

    }

    Write-Information "Login was successful. Saving environment variables."

    [MetasysEnvVars]::setExpires($response.expires)

    [MetasysEnvVars]::setTokenAsPlainText($response.accessToken)

    [MetasysEnvVars]::setSiteHost($MetasysHost)

    [MetasysEnvVars]::setVersion($Version)

    Write-Information "Saving credentials to vault"

    Set-SavedMetasysPassword -SiteHost $MetasysHost -UserName $UserName -Password $Password

}

Set-Alias -Name cma -Value Connect-MetasysAccount

Export-ModuleMember -Function Connect-MetasysAccount

Export-ModuleMember -Alias cma