Rubrik : Updating Framework with Token auth



Background

I've spent few years creating PhP functions to help with my script journey, but since few releases, Rubrik is pushing to switch the API auth to service account and tokens which means many of my functions are about to die. It was a massive work, I do not want to lose the benefit of it.

Let's fix this!

I have identified 5 different ways to send API calls to the CDM endpoint : 
  • Standard way using the username password
  • a GET method
  • a POST method
  • a DELETE method
  • and a PATCH method
It means all function using the above method need to be re-written adding the possibility to use a token or the old way with username / password.

The new connection array is declared this way : 

$connect=array(
        ["ip"]="192.168.x.x",
        ["username"]="User:::c7235a4[...]be5a-d365eb6ca2cc";
["password"]="dsfsdfOnocajsklqj[...]R20ddke7b2+2un82JsQ";
        ["token"]="LCJhbGc[...]JzdWIiOiJjLTQxZmUtYmU1YS1kMzY1fo";
);

With this, it is time to re-write all functions using API calls.

The GET method will be changed this way : 

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

}

As you can see, I'm checking if a "token" field exists in the connection array. If so, it means we are using token-based authentication. If not, we are using the legacy connection string with username and password. It allows me to maintain retro compatibility with former usage of the framework on older CDM version.

The POST will follow this logic : 

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS,$config_params);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS,$config_params);
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Accept: application/json'));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}

The DELETE same philosophy :

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}

And of course, the PATCH will be converted this way : 

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PATCH");
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}

I must admit it took me a couple of long evenings / nights to update all the 114 functions I created in the framework, but I think I'm good. Hopefully my existing scripts are running fine so far, that's the most important.

The Framework has been updated and the rkExecSum.php script is using it as a proof of concept.

You can find the Framework updated here and the rkExecSum.php is alos on GitHub here.

I hope you find this inspiring for your own scripts. It all started by looking at what others are doing and then you learn by examples.

I hope this helps ;)





Comments

Post a Comment

Thank you for your message, it has been sent to the moderator for review...

What's hot ?

ShredOS : HDD degaussing with style

Image
Background Have you ever had the need to properly erase HDD or SSD before disposing them ? Or selling them ? You do not want to have someone else playing around with your data right ? What we usually do is using a bootable Linux Live CD and use dd style command to write random data on the disk right ? But what if you have 10 disks in your machine ? What if you need a report to proof the world that wiping is a success ? I came across this challenge recently.
Read more

Mac OS X : Display images in-line with terminal

Image
Backgound This time, this is a MacOS tip ! You have a list of files in the terminal window in front of you, some are pictures, some are texts. For text files, this is easy to quickly issue a "more" or "cat" so you immediately figure out what it is. For a picture, this is another story, you need an image viewer. Whatever the speed and simplicity of this editor, you need to load a 3rd party application and switch to it, this is not very handy. What if you could see this image directly from the terminal ? 
Read more