akamai / akamaipowershell Goto Github PK
View Code? Open in Web Editor NEWPowershell module for Akamai {OPEN} APIs
License: Apache License 2.0
Powershell module for Akamai {OPEN} APIs
License: Apache License 2.0
When Invoke-AkamaiRestMethod throws an error, the detailed reason of the web call failure (the underlying Invoke-RestMethod failure body) is stored in the $_.ErrorDetails object. When the below code is run, there is no way to tell why the call may have failed (if it failed for example because their was no more licenses for enrollments)
Invoke-AkamaiRestMethod -Method GET -Path "$($enrollment.changes[0])/input/info/third-party-csr" -EdgeRCFile ..\TestData\edgerc -AdditionalHeaders @{Accept="application/vnd.akamai.cps.csr.v1+json"}
Returning the entire error object allows the calling functions to determine why the call failed and respond gracefully to the failure.
AkamaiPowershell.psm1 is throwing an error on line 43 with PowerShell 5.1
Current line:
Remove-Variable $LatestVersion
should be:
Remove-Variable -Name LatestVersion
Additional Information:
Exception
Remove-Variable : Cannot bind argument to parameter 'Name' because it is null.
At C:\Users\<removed>\<removed>\Documents\WindowsPowerShell\Modules\AkamaiPowershell\1.12.0\AkamaiPowershell.psm1:43 char:21
+ Remove-Variable $LatestVersion
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Remove-Variable], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.RemoveVariableCommand
PowerShell Version
PSVersion 5.1.19041.4046
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.4046
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Some operations such as Edge DNS - Create a change list use a POST request with an empty Body. Attempting to do this with Invoke-AkamaiRestMethod
currently results in a 401 error complaining that, "The signature does not match".
I tried the following two variations with the same 401 error result.
Invoke-AkamaiRestMethod POST 'config-dns/v2/changelists?zone=example.com&overwrite=stale'
Invoke-AkamaiRestMethod POST 'config-dns/v2/changelists?zone=example.com&overwrite=stale' -Body ''
I also tried a variation with the body set to an empty JSON object that did work. Though, this seems like an unnecessary workaround.
Invoke-AkamaiRestMethod POST 'config-dns/v2/changelists?zone=example.com&overwrite=stale' -Body '{}'
I think the problem revolves around lines 157-183 here:
https://github.com/akamai-contrib/akamaipowershell/blob/e76b8bd26afcc938ffd8df4397d94f09b603a7c7/shared/Invoke-AkamaiRestMethod.ps1#L157-L183
When using POST without a $Body
or $InputFile
defined, the final 3 tab characters are never added to $SignatureData
like they are when other verbs are used.
The incorrect method is used for Invoke-AkamaiRestMethod. DELETE should be used, not GET
... try {
$Result = Invoke-AkamaiRestMethod -Method GET ...
Attempting to use Get-MasterZoneFile
currently throws a WebException error due to an HTTP 406 Not Acceptable response by the server. Depending on the PowerShell version, it may also include the JSON response body that gives a better indication of what's wrong.
{
"type": "https://problems.luna.akamaiapis.net/authoritative-dns/notAcceptable",
"title": "Unable to\r\nrespect Accept header",
"instance": "1539501e-fce1-4998-8dc1-2e1a03fcd02a",
"status": 406,
"detail": "The content type you\r\nrequested cannot be produced.",
"supportedContentTypes": [
"application/json"
],
"requestedContentType": "text/dns"
}
Apparently not all endpoints support sending application/json
responses. So Invoke-AkamaiRestMethod
needs to be modified to support a configurable Accept header.
As per appsec api documentation : https://techdocs.akamai.com/application-security/reference/get-selectable-hostnames-per-config
this API call should call following path : /appsec/v1/contracts/{contractId}/groups/{groupId}/selectable-hostnames
However the powershell script List-appsecselectablehostnames is calling following path :
$Path = "/appsec/v1/configs/$ConfigID/versions/$VersionNumber/selectable-hostnames"
The goal of this API call is to list the hostnames for a given contract and group that we can add to an existing configuration.
Similar to Terraform, the idea would be to support an extra key in the .edgerc
like so:
[a2s]
access_token = xxx
client_secret = xxx
client_token = xxx
host = xxx
account_key = B-C-1ED34DK:1-8BYUX
The value is that we can specify the section and get the switch key for free on the command line.
Thanks!
Importing the module into a PowerShell session will always spit a warning out when there are verbs used on command names that are not part of the approved list from Microsoft/PowerShell team. It is a general practice to stick with the approved verbs that are found via Get-Verb
.
A common practice to get around it and ensure the warning messages are not observed by users is to create the command in the module using an approved verb, and add the desired command name as an alias.
Output received:
[2] > ipmo C:\Modules\AkamaiPowershell\
WARNING: The names of some imported commands from the module 'AkamaiPowershell' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
I am trying to use the Set-CPReportingGroup cmdlet to add a CP Code to an existing reporting group. Here's how I'm attempting to do this:
I first get the existing reporting group information by running:
$Group = Get-CPReportingGroup -ReportingGroupID 123456
Next, I update the list of CP Codes like this:
$Group.contracts[0].cpcodes += [pscustomobject]@{cpcodeId=7654321;cpcodeName='test.com.search'}
Finally, I submit the changes:
Set-CPReportingGroup -ReportingGroupID 123456 -Body $Group
This results in a generic 400 error with no additional information:
The remote server returned an error: (400) Bad Request.
Unfortunately there isn't any help or other info on how to use these cmdlets, so I'm not sure where to go from here. I've tried other methods of modifying the $Group object but everything I've tried has resulted in a 400. Any ideas or suggestions? Thanks in advance.
Hi Team, I just added this new pwsh function to ensure that this API call is handled: https://techdocs.akamai.com/application-security/reference/get-selectable-hostnames-per-config
This function allows to lists the hostnames for a given contract and group.
Hello,
It seems the PowerShell module doesn't follow best practices when it comes to using proper verbs.
PowerShell provides a list of "approved verbs" that you can find out using:
Get-Verb
Using List-XXX
is not on the approved list. While technically PowerShell doesn't care it does give warning on importing PowerShell module.
I'm specifically rereferring to:
Usually you would use Get-RecordSets, but I see there's already Get-RecordSet, so you may need to find something else.
You can find out which commands should be renamed using:
Import-Module AkamaiPowershell -Verbose -Force
To not introduce breaking changes what you can do is rename the functions, but set aliases for them for people who have automation in place using non-approved verbs.
When I try to use the Invoke-AkamaiRestMethod to upload a certificate and it's chain, I get
Invoke-RestMethod : {
"type": "https://problems.luna.akamaiapis.net/-/pep-authn/deny",
"title": "Not authorized",
"status": 401,
"detail": "The signature does not match",
....
}
Does this mean that the Invoke-AkamaiRestMethod is creating the signature incorrectly for this large payload? All other calls to the api seem to work fine.
A feature for consideration: Get all the authentication information from a script level variable that was set from a vault or passed in from the calling application.
When using Venafi Trust Protection Platform the administrator wants to update the certificates on the Akamai CPS through script. Venafi TPP can store and retrieve the credentials from it's secret store on any server that has the script installed. The Venafi TPP executable automatically starts a PowerShell process and passes the credentials to the script. The script uses the passed in credentials to invoke Akamai PowerShell commands.
Passing the credential could be as simple as giving a setter function like
New-AkamaiSession -ClientSecret "mysecret..." -Host "server" -AccessToken "Tokenasdfas" -ClientToken "tokenASDFads"
Which would set the $Script:AkamaiSession variable to the variable information or optionally return session variable containing the info. This script wide variable could be used by the Invoke-AkamaiRestMethod instead of the .edgerc file if the EdgeRCFile variable is intentionally left null.
To make the process more flexible, the New-AkamaiSession function could use a -PassThrough that would not set the script scoped variable, but only return a new variable in the right format. Also a function Set-AkamaiSession could be used to switch session context with a variable containing the return of a New-AkamaiSession -Passthrough
If a group only hold one property, this property is not listed in the output. Reason is that in line 31 the "$PropertiesToAdd.Count" will not be 1 if there is only one property in that list.
I fixed it for myself with "elseif(($PropertiesToAdd | Measure-Object).Count -eq 1)"
Apologies in advance if I'm missing something obvious, but are there any release notes for 0.12.0 of the AkamaiPowershell module?
From what I can see in the PowerShell gallery (here), 0.12.0 was released three months ago - but the latest release I am seeing in this Github project (here) is 0.11.0?
I'd appreciate it if someone could point me in the right direction.
Hi
Similar to what we do on line 229 on /shared/Invoke-AkamaiRestMethod.ps1 I would like to have added the following lines or something similar.
if ($null -ne $ENV:proxy_use_default_credentials) { $params.ProxyUseDefaultCredentials = $true }
Problem statement:
As a user who uses proxies, I would like to be able to enable use default credentials similarly to how the enabled use of proxy through environment variables.
Hi there
Not sure if this issue makes sense here.
Using the PowerShell Module I am able to make Requests (also the one mentioned below).
But because I am in an environment where I should not really use a Module and all the many many functions in there I tried extracting the necessary files (Invoke-AkamaiRestMethod, Crypto, Get-AkamaiCredentials and Sanitize-QueryString)
I am then trying to create a new group in Identity Management with the following body
$Body= @{ groupName = $groupName } | ConvertTo-Json
Analyzing the code everything seems to be working fine. Auth Header is created correctly including the timestamp in UTC format, nonce and signature. I did not change anything in the files mentioned above.
Running $newGroup = Invoke-AkamaiRestMethod -Method POST -EdgeRCFile $EdgeRCFile -Path "/identity-management/v3/user-admin/groups/$parentGroupID" -Body $Body
then ends in my 401 error.
Am I missing something? Thank you so much for your assistance.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.