Public/Get-EdgeRefreshedAdminToken.ps1
|
# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. Function Get-EdgeRefreshedAdminToken { <# .SYNOPSIS Gets an OAuth token for Edge Administration. .DESCRIPTION Gets an OAuth token for Edge Administration. This works only with Edge SaaS. You must have previously called Set-EdgeConnection to specify the user + password. .PARAMETER SsoZone Optional. The SSO Zone for your user. By default there is no zone. This value will affect the SSO Login URL. If you pass in "zone1" then the login url will become https://zone1.login.apigee.com/ . If you would like to explicitly specify the SSO URL, then omit this parameter and set the SsoUrl parameter. Specify at most one of SsoZone and SsoUrl. .PARAMETER SsoUrl Optional. This defaults to 'https://login.apigee.com'. If you are using SAML Sign in, then specify https://YOURZONE.login.apigee.com/ for this parameter. Specify at most one of SsoZone and SsoUrl. .PARAMETER UserToken Required. The user token to refresh. .LINK Set-EdgeConnection .LINK Get-EdgeNewAdminToken .LINK Get-EdgeStashedAdminToken .FUNCTIONALITY ApigeeEdge #> [cmdletbinding()] PARAM( [string]$SsoZone, [string]$SsoUrl, [System.Management.Automation.PSNoteProperty] $UserToken ) PROCESS { if ($PSBoundParameters['Debug']) { $DebugPreference = 'Continue' } if (!$UserToken) { throw [System.ArgumentNullException] "You must pass a usertoken [PSNoteProperty]." } $BaseLoginUrl = $(if ($PSBoundParameters['SsoZone']) { [string]::Format('https://{0}.login.apigee.com/', $SsoZone ) } elseif ($PSBoundParameters['SsoUrl']) { $SsoUrl } else { 'https://login.apigee.com' }) $User = $MyInvocation.MyCommand.Module.PrivateData.Connection['User'] # $MgmtUri = $MyInvocation.MyCommand.Module.PrivateData.Connection['MgmtUri'] # if (! $MgmtUri.Equals("https://api.enterprise.apigee.com") ) { # throw [System.InvalidOperationException] "You can get a token only when connecting to Edge SaaS." # } $IRMParams = @{ Uri = $(Join-Parts -Separator '/' -Parts $BaseLoginUrl, 'oauth','token' ) Method = 'POST' Headers = @{ Accept = 'application/json' Authorization = 'Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0' } Body = @{ refresh_token = $UserToken.Value.refresh_token grant_type = "refresh_token" } } Write-Debug ( "Running $($MyInvocation.MyCommand).`n" + "Invoke-RestMethod parameters:`n$($IRMParams | Format-List | Out-String)" ) Try { $TokenResult = Invoke-RestMethod @IRMParams Write-Debug "Raw:`n$($TokenResult | Out-String)" Write-Debug ("TokenResult type: " + $TokenResult.GetType().ToString()) if ($TokenResult -and $TokenResult.psobject -and $TokenResult.psobject.properties) { Add-Member -InputObject $TokenResult -MemberType NoteProperty -Name "issued_at" -Value $(Get-NowMilliseconds) Write-Debug "Updated:`n$($TokenResult | Out-String)" Write-EdgeTokenStash -User $User -NewToken $TokenResult $MyInvocation.MyCommand.Module.PrivateData.Connection['MostRecentRefresh'] = $(Get-NowMilliseconds) } } Catch { Throw $_ } Finally { Remove-Variable UserToken } Get-EdgeStashedAdminToken } } |