-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGrant-F5APIAccess.ps1
61 lines (53 loc) · 2.16 KB
/
Grant-F5APIAccess.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# This code grants access to the F5 API, which by default is only accessible to full admins
# Set variables...
$User = "<f5-admin>"
$Pass = "<f5-admin-password>"
$F5ManagementAddress = "<f5-management-ip-or-dns>"
$APIUser = "<apiuser>" # The user who'll be granted access to the F5 API. This user account must already exist.
# Generate authentication token
$Pair = "$($User):$($Pass)"
$EncodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Pair))
$BasicAuthValue = "Basic $EncodedCreds"
$Headers = @{
Authorization = $BasicAuthValue
}
# Use this section if your F5 management management interface doesn't use a trusted TLS cert.
# If you use valid certificates - well done! You can comment out or delete this section...
### START ignore invalid TLS certificate block ###
If (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$CertCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $CertCallback
}
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
[ServerCertificateValidationCallback]::Ignore()
### END ignore invalid TLS certificate block ###
$URI = "https://$f5managementaddress/mgmt/shared/authz/roles/iControl_REST_API_User"
$Body = '{ "userReferences": [{"link":"https://localhost/mgmt/shared/authz/users/' + $apiuser + '"}] }'
$Result = Invoke-RestMethod -Uri $URI -Headers $Headers -Method Patch -Body $Body
$Result