Developer

 View Only
last person joined: 15 hours ago 

Expand all | Collapse all

Use Powershell to call ArubaOS 8.7.x.x API no modules allowed

This thread has been viewed 24 times
  • 1.  Use Powershell to call ArubaOS 8.7.x.x API no modules allowed

    Posted Dec 02, 2022 12:39 PM

    Hello Community!

    I'm making first steps to use API on ArubaOS Mobility Master. I've seen some posts for Powershell but none of it suits my requirements.
    Due to corporate rightlines I'm unable to install PowerArubaSW module, Python or Postman. Only standard stuff for Microsoft Server 2016...
    I'm experiencing problems after this script:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    $UriLogon = "https://<MOBILITY_MASTER>:4343/v1/api/login"
    $password = "FigureITout"
    $Arubabody = "username=<USER>&password=$password"
    $Response = Invoke-WebRequest -Uri $UriLogon -Body $Arubabody -Method Post -ContentType application/json -SessionVariable session
    $response.StatusCode 
    $response.StatusDescription 

    I'm unable to parse the X-CSRF-Token from Invoke-Webrequest, with Invoke-RestMethod I get the Token:

    $REST = Invoke-RestMethod -Uri $UriLogon -Body $ArubaBody -Method Post -SessionVariable session -ContentType application/json
    $REST._global_result.'X-CSRF-Token'
    So far so good... Now I'm trying to get some configuration but the out is "(401) Unauthorized":
    $GetURL = "https://<MOBILITY_MASTER>:4343/v1/configuration/object/ssid_prof?config_path=%2Fmd%2F<COMPANY>"
    $GET_API = Invoke-RestMethod -Uri $GetURL -Method GET -Headers $Token -ContentType application/json

    I think it can have something to do with the cookie which should be provided on each call after logon, but I've found no way to give it to API...
    Any suggestions are appreciated!

    Best Regards,



  • 2.  RE: Use Powershell to call ArubaOS 8.7.x.x API no modules allowed

    EMPLOYEE
    Posted Dec 05, 2022 09:18 AM
    I would think that you will have a hard time if you can't install modules, as these make APIs accessible. Maybe if you can deploy a VM, Win10/11 client probably is enough, without those restrictions, that may help you further.

    But @alagoutte may have a better answer.


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Use Powershell to call ArubaOS 8.7.x.x API no modules allowed

    MVP GURU
    Posted Dec 05, 2022 03:16 PM
    It is PowerArubaMC for Mobility Controller (and not SW)

    You can look the source of connection (and copy/paste the function ^^)

    https://github.com/PowerAruba/PowerArubaMC/blob/master/PowerArubaMC/Public/Connection.ps1#L117

    i don't remember there is a CSRF for MC API but it will be easy to add (i can look if needed)

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 4.  RE: Use Powershell to call ArubaOS 8.7.x.x API no modules allowed

    Posted Dec 06, 2022 03:44 AM

    Hi alagoutte!


    Thanks for your reply! I've readed your source code, looks very nice :-). Variable $connection has aside other subparams the connection.uidaruba parameter.
    The question is how to use it for further calls? I've used it this way, but once again 401, header with $connection.session gives an error...
    $GET_API = Invoke-RestMethod -Uri $GetURL -ContentType application/json -Headers $connection -Method Get

    Should I add something to your $headers? I've tried this, once again 401:
    $headers = @{ Accept = "application/json"; "Content-type" = "application/json"; "Cookie" = $arubamc }
    $GET_API = Invoke-RestMethod -Uri $GetURL -ContentType application/json -Headers $headers -Method Get
    I've also tried:
    $headers = @{ Accept = "application/json"; "Content-type" = "application/json"; "Cookie" = "SESSION= " + $arubamc }
    ...and also:
    $session = $arubamc.Cookies.GetCookies($UriLogon)
    $headers = @{ Accept = "application/json"; "Content-type" = "application/json"; "Cookie" = $session }

    No luck :-(

    Best Regards,




  • 5.  RE: Use Powershell to call ArubaOS 8.7.x.x API no modules allowed
    Best Answer

    MVP GURU
    Posted Dec 06, 2022 09:45 AM
    Hi,

    You can look Invoke-ArubaMCRestMethod => https://github.com/PowerAruba/PowerArubaMC/blob/master/PowerArubaMC/Private/RestMethod.ps1

    i add the uidaruba to the uri/url

    https://github.com/PowerAruba/PowerArubaMC/blob/master/PowerArubaMC/Private/RestMethod.ps1#L63

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 6.  RE: Use Powershell to call ArubaOS 8.7.x.x API no modules allowed

    Posted Dec 07, 2022 03:58 AM

    Hi,

    Good news! Added following:
    $GetURL += "&UIDARUBA="+$connection.uidaruba
    changed as follow:

    $GET_API = Invoke-RestMethod -Uri $GetURL -Method Get -WebSession $connection.session
    Call succeeded! After that I got my stuff in JSON, the information about configured ESSID's.

    Alagoutte thank you for your kindly help! Here my full code - someone might find it handy, could be better and safer (credentials clear in var!) coded but at least good for a start:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    $UriLogon = "https://<Aruba_MM-IP>:4343/v1/api/login"
    $password = "your password"
    $Arubabody = "username=<username>&password=$password"
    $headers = @{ Accept = "application/json"; "Content-type" = "application/json" }
    $response = Invoke-RestMethod $UriLogon -Method POST -Body $Arubabody -SessionVariable arubamc -headers $headers
    $connection = @{session = ""; uidaruba = "" }
    $connection.session = $arubamc
    $connection.uidaruba = $response._global_result.uidaruba
    $GetURL = "https://<Aruba_MM-IP>:4343/v1/configuration/object/ssid_prof?config_path=%2Fmd%2F<Config_Path>"
    $GetURL += "&UIDARUBA="+$connection.uidaruba
    $session = $arubamc.Cookies.GetCookies($UriLogon)
    $headers = @{ Accept = "application/json"; "Content-type" = "application/json"; "Cookie" = $session }
    $GET_API = Invoke-RestMethod -Uri $GetURL -Method Get -WebSession $connection.session
    $GET_API._data.ssid_prof | ConvertTo-Json