Data ONTAP Discussions

Re: OCUM - how to extract all active events?

Thank you, @mbeattie !  That is exactly what I needed.  Took me a little while to figure out what you were doing, but I think the 

.GetNetworkCredential().

was the piece I was missing. 

Re: OCUM - how to extract all active events?

Hi Jim,

 

Yes that's it, use the .GetNetworkCredential() method of the [System.Management.Automation.PSCredential]. If you don't want to pass credentials as an input paramater (IE you running your script on a server as a scheduled task then you can cache and encrypt the credentials either locally to a file or to the registry then decrypt the credentials using the Windows Data Protection API). I can post an example if that's what you are trying to do?

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: OCUM - how to extract all active events?

@mbeattie , yep, that is exactly what I'm trying to do.  I got it working, but if you have a different way of doing it, I would be interested in seeing it.  For the record, I'm just trying to pull a list of clusters that are in OCUM.  I thought it would be a good way to pull a list of controllers to run PS scripts against, since all active controllers should always be added to OCUM once they are in production.

So, I first created a secure password file:

(Get-Credential).Password | ConvertFrom-SecureString | Out-File "C:\OCUM-Password.txt"


Then I create a PS object from that in line 4.  Then use the Get-NetCredential to pull the password from the PS Credentials like in your example.

$url = "https://ocum-server-dns/rest/clusters?limit=200"
$User = "ocum-admin"
$File = "C:\OCUM-Password.txt"
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $File | ConvertTo-SecureString)

# Ignore certificate requests from OCUM server
Add-Type @"
   using System.Net;
   using System.Security.Cryptography.X509Certificates;
   public class TrustAllCertsPolicy : ICertificatePolicy {
   public bool CheckValidationResult(
   ServicePoint srvPoint, X509Certificate certificate,
   WebRequest request, int certificateProblem) {
      return true;
   }
}
"@
[String]$username = $Credentials.GetNetworkCredential().UserName
[String]$password = $Credentials.GetNetworkCredential().Password

[System.Net.ServicePointManager]::SecurityProtocol  = [System.Net.SecurityProtocolType]'Tls12'
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$encodedCredentials = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$username`:$password"))
$headers = @{
   "Authorization" = "Basic " + $encodedCredentials
   "Accept"        = "application/vnd.netapp.object.inventory.hal+json"
}

$clusters = Invoke-RestMethod  -Headers $headers -Uri $url

foreach ($cluster in $clusters._embedded."netapp:clusterInventoryList")
{
    Write-Host $cluster.cluster.label
}


The only downside I am seeing right now is that the password file will only be readable by me on the server that I created it on (at least that is my understanding from what I've read).  If I want others to be able to read it, it's looking like I will have to setup a secure key for the file.

Thanks again!

Re: OCUM - how to extract all active events?

Hi Jim,

 

There are a few options:

 

  • Encrypt credentials to a file
  • Encrypt credentials to the registry
  • Cache credentials using "Add-NcCredential" (See Get-Help Add-NcCredentials)

Here is an example using the cached credential method demonstrating how to add and retrieve credentials from the cache.

 

Param(
   [Parameter(Mandatory=$True, HelpMessage="The hostname, IP Address or FQDN of the system to cache credentials for")]
   [String]$HostName
)
#'------------------------------------------------------------------------------
#'Add credentials to the cache.
#'------------------------------------------------------------------------------
Import-Module -Name DataONTAP -ErrorAction SilentlyContinue
Try{
   Add-NcCredential -Name $HostName -Credential $(Get-Credential) -ErrorAction Stop
   Write-Host "Added Credentials for ""$HostName"""
}Catch{
   Write-Warning -Message $("Failed Adding Credentials for ""$HostName"". Error " + $_.Exception.Message)
Break; } #'------------------------------------------------------------------------------ #'Enumerate the credentials from the cache. #'------------------------------------------------------------------------------ Try{ $credentials = Get-NcCredential -Name $HostName -ErrorAction Stop }Catch{ Write-Warning -Message $("Failed enumerating Credentials for ""$HostName"". Error " + $_.Exception.Message) Break; } [String]$username = $credentials.Credential.GetNetworkCredential().UserName [String]$password = $credentials.Credential.GetNetworkCredential().Password Write-Host "Username`: $username. Password`: $password" #'------------------------------------------------------------------------------

Encrypting credentials to the registry is slightly more abstracted and offers some advantage to encrypting to a file (IE it avoids risk of the credential file being accidently deleted and your automation potentially failing as a result of a missing credential file). Caching credentials using the PSTK is the simplest method. If you don't have the Data ONTAP powershell toolkit (PSTK) you can download it here:

 

https://mysupport.netapp.com/tools/info/ECMLP2310788I.html?productID=61926&pcfContentID=ECMLP2310788

 

Hope that's useful.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Forums