voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update SaltStackConfig.psm1

Browse Source 
In the previous version of Connect-SscServer, we assumed that the SaltStack Config master node has an SSL certificate from an authority trusted by the powershell client and that the client supports the same TLS version as the server.  However, this may not be the case.  Therefore this commit adds support for a switch parameter named SkipCertificateCheck which ignores untrusted certificates and sets support for various TLS versions.  All SSC servers I've tested with have only supported Tls12, but lower levels were added to this function for backwards compatibility.

Signed-off-by: Brian Wuchner <brian.wuchner@gmail.com>
This commit is contained in:
Brian Wuchner
2022-01-21 15:11:17 -05:00
parent db96e946f3
commit 4e9093d0e5
1 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Modules/SaltStackConfig/SaltStackConfig.psm1
View File

@@ -35,7 +35,8 @@ Function Connect-SscServer {
[Parameter(Mandatory=$true, ParameterSetName='PlainText', Position=1)][string]$username,
[Parameter(Mandatory=$true, ParameterSetName='PlainText', Position=2)][ValidateNotNullOrEmpty()][string]$password,
[Parameter(Mandatory=$false, Position=3)][string]$AuthSource='internal',
[Parameter(Mandatory=$false, ParameterSetName='Credential')][PSCredential]$Credential
[Parameter(Mandatory=$false, ParameterSetName='Credential')][PSCredential]$Credential,
[Parameter(Mandatory=$false)][Switch]$SkipCertificateCheck
)
if ($PSCmdlet.ParameterSetName -eq 'Credential' -AND $Credential -eq $null) { $Credential = Get-Credential}
@@ -43,6 +44,23 @@ Function Connect-SscServer {
$username = $Credential.GetNetworkCredential().username
$password = $Credential.GetNetworkCredential().password
}
if ($SkipCertificateCheck) {
# This if statement is using example code from https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
} # end if SkipCertificate Check
$loginBody = @{'username'=$username; 'password'=$password; 'config_name'=$AuthSource}
try {