Rubrik : Updating Framework with Token auth



Background

I've spent few years creating PhP functions to help with my script journey, but since few releases, Rubrik is pushing to switch the API auth to service account and tokens which means many of my functions are about to die. It was a massive work, I do not want to lose the benefit of it.

Let's fix this!

I have identified 5 different ways to send API calls to the CDM endpoint : 
  • Standard way using the username password
  • a GET method
  • a POST method
  • a DELETE method
  • and a PATCH method
It means all function using the above method need to be re-written adding the possibility to use a token or the old way with username / password.

The new connection array is declared this way : 

$connect=array(
        ["ip"]="192.168.x.x",
        ["username"]="User:::c7235a4[...]be5a-d365eb6ca2cc";
["password"]="dsfsdfOnocajsklqj[...]R20ddke7b2+2un82JsQ";
        ["token"]="LCJhbGc[...]JzdWIiOiJjLTQxZmUtYmU1YS1kMzY1fo";
);

With this, it is time to re-write all functions using API calls.

The GET method will be changed this way : 

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

}

As you can see, I'm checking if a "token" field exists in the connection array. If so, it means we are using token-based authentication. If not, we are using the legacy connection string with username and password. It allows me to maintain retro compatibility with former usage of the framework on older CDM version.

The POST will follow this logic : 

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS,$config_params);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS,$config_params);
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Accept: application/json'));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}

The DELETE same philosophy :

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}

And of course, the PATCH will be converted this way : 

if(isset($clusterConnect["token"]))
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PATCH");
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json','Content-Length: ' . strlen($config_params),'Authorization: Bearer '.$clusterConnect["token"]));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}
else
{
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
    curl_setopt($curl, CURLOPT_USERPWD, $clusterConnect["username"].":".$clusterConnect["password"]);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_URL, "https://".$clusterConnect["ip"].$API);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
}

I must admit it took me a couple of long evenings / nights to update all the 114 functions I created in the framework, but I think I'm good. Hopefully my existing scripts are running fine so far, that's the most important.

The Framework has been updated and the rkExecSum.php script is using it as a proof of concept.

You can find the Framework updated here and the rkExecSum.php is alos on GitHub here.

I hope you find this inspiring for your own scripts. It all started by looking at what others are doing and then you learn by examples.

I hope this helps ;)





Comments

What's hot ?

Wallbox : Get The Most Of It (with API)

Nutanix CE : How to reduce the CVM memory