Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add EfficientIP SOLIDServer plugin #582

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add EfficientIP SOLIDServer plugin #582

wants to merge 6 commits into from
+467 −0

Conversation

jamiekowalczik
Copy link

This is my first pull request, I apologize if I am doing it incorrectly. As recently previously stated in your Issues by someone else, the quality and documentation you have put into this project is truly amazing.

@rmbolger rmbolger self-assigned this Nov 9, 2024
@rmbolger rmbolger added the enhancement New feature or request label Nov 9, 2024
@rmbolger rmbolger changed the title Create EfficientIP.ps1 Add EfficientIP plugin Nov 9, 2024
@rmbolger
Copy link
Owner

Just a heads up. I reached out to EfficientIP to see if I could procure some sort of trial/demo. Still waiting on a response.

@rmbolger
Copy link
Owner

Adding a quick link to #486 which this PR would address.

@jamiekowalczik
Copy link
Author

Thank you for contacting them. I hope they see the value in it.

@jamiekowalczik
Copy link
Author

I created a support ticket to request approval of your inquiry. Maybe if others interested do the same, that will help. Thanks again for all of your great work on Posh-ACME.

@rmbolger
Copy link
Owner

I've still heard nothing but crickets from EfficientIP about a demo/trial. I'm tempted to reach out from my work address, but that probably wouldn't happen until the new year.

Might you have access to installation media that could somehow find its way to me? I don't know how licensing works, so it may be pointless if it doesn't work without some sort of keys though. We run Infoblox at work which uses 60-day trial licenses by default. So I'm hoping there's something like that baked in.

@jamiekowalczik
Copy link
Author

My case was closed on 12/31 noting that they will reach back out to me in Q1 with an update and also provided an email address for a Project Manager.

At the moment, until I hear back from them, I will be unable to provide any bits they have behind their paywall - I'm sorry but will continue to follow-up. At the very least, I'll attempt to request the ability for me to setup a lab with temp license and give you access. No idea what the timeline will look like for that.

If any others out there using EfficientIP SOLIDServer are reading this - feel free to open up a support ticket as it will likely get more traction with more requests.

@alexissavin
Copy link

@rmbolger could be get in touch privately ?

I can certainly share access to a temporary public SOLIDserver instance.

Kind regards

@jamiekowalczik
Copy link
Author

jamiekowalczik commented Jan 15, 2025
edited
Loading

Thank you so much Alexis! The SOAP/REST API guide will be a good doc to share with Ryan as well. I really appreciate you helping out with this request!

@rmbolger
Copy link
Owner

@alexissavin Sure. my email is ryan-oss {at} xyto.cc.

@jamiekowalczik
Update EfficientIP.ps1
dc20bab 
Resolved issue with Entrust wildcard certificate acquisition noted here.
rmbolger#567
@rmbolger
Copy link
Owner

Hey @jamiekowalczik. Just letting you know @alexissavin got me access to a test instance and I've started digging in a bit. One thing we discussed on our call was likely renaming the plugin to SOLIDServer instead of EfficientIP to align better with their branding of the product. "EfficientIP" will still be in the docs though.

Other things I'm thinking about as I start poking around:

  • Probably going to combine the username/password params into a single PSCredential param.

  • Going to try and implement their Token authentication option if I can. The tricky part is that it requires SHA3_256 hashing support which only has native PowerShell support in in very recent PowerShell versions and relatively recent versions of Windows 11 and Linux. We'll see how that goes.

@jamiekowalczik
Copy link
Author

jamiekowalczik commented Jan 29, 2025 via email
edited
Loading

alexissavin
alexissavin reviewed Jan 29, 2025
View reviewed changes
Copy link

@alexissavin alexissavin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Valuable proposal :)

I just made some comments in the code that I hope will be useful.

Additionally, one thing could be improved: validate that the DNS server specified can actually be used to push the change. Ideally write operation should only be done on the smart, or one standalone server. This can be achieved by considering the value of the vdns_parent_id property of all objects server/view/zone/rr.

Kind regards

@rmbolger
Copy link
Owner

rmbolger commented Jan 29, 2025
edited
Loading

Thanks for the suggestions, @alexissavin. In my local copy, I've already added a way to make cert validation and the View optional. I was considering trying to make the Server/dns_name parameter optional as well and find the zone via one or more dns_zone_list calls.

Regarding the parent id property, would it be safe to only allow zones where vdns_parent_id = 0 indicating the parent is either not managed by Smart or is Smart itself?

The goal is that the View and Server only become mandatory if the user's environment has multiple copies of the same zone (like Internal and External) that would make picking one automatically ambiguous.

@rmbolger
Copy link
Owner

Interesting observation as I was messing with stuff tonight. If you do a dns_rr_add with no dns server or view specified and happen to have two copies of a zone that would match (like an internal and external copy), the add will succeed and create the record in both copies of the zone. But the response from the API will only return the ret_oid value of the last one created.

Seems like a potential bug. Feels like it should either throwing an error when the add parameters would be make the destination zone ambiguous or return all IDs of the records created.

@rmbolger rmbolger changed the title Add EfficientIP plugin Add EfficientIP SOLIDServer plugin Jan 31, 2025
@rmbolger
Copy link
Owner

I managed to get token auth working despite the SHA3-256 library limitations by falling back to BouncyCastle for environments that don't support the .NET native version. You can basically just use your API Token+Secret as the username and password for the SolidCredential parameter as long as you also set the SolidTokenAuth switch as well. The available parameters now look like this:

Parameter       Type            IsMandatory
---------       ----            -----------
SolidCredential PSCredential    True
SolidAPIHost    String          True
SolidDNSServer  String          False
SolidView       String          False
SolidIgnoreCert SwitchParameter False
SolidTokenAuth  SwitchParameter False

I'm pretty happy with the overall state of the plugin at this point. Now I just need to write the user guide.

@rmbolger
Copy link
Owner

Before I merge this, @jamiekowalczik can you test the updated version in your environment and let me know if everything still works for you? Also pinging @amckinney92 and @tall27 who were also interested in this over in #486. I'd love to get more testing in as many real environments as I can.

@jamiekowalczik
Copy link
Author

Thanks @rmbolger. I confirmed that username/password as well as token auth both work well in my environment!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexissavin alexissavin alexissavin left review comments

Assignees

@rmbolger rmbolger

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamiekowalczik @rmbolger @alexissavin