Solved: APIC-EM REST (GET) call via PoweShell

ymeloch · ‎07-11-2017

Hi Team,

I'm trying to execute an APIC-EM REST (GET) call via a PowerShell script.

The APIC is self-certified hence I had to use the first bulk of code lines (the actual code is in Green color):

[System.Net.ServicePointManager]::CheckCertificateRevocationList = $false;

Add-Type @"

using System;

using System.Net;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

public class ServerCertificateValidationCallback

{

public static void Ignore()

{

ServicePointManager.ServerCertificateValidationCallback +=

delegate

(

Object obj,

X509Certificate certificate,

X509Chain chain,

SslPolicyErrors errors

)

{

return true;

};

}

"@

[ServerCertificateValidationCallback]::Ignore();

[System.Net.ServicePointManager]::CheckCertificateRevocationList = $false;

;

$Splat = @{

Method = 'GET'

Uri = 'https://10.122.6.150/api/v1/discovery/1'

ContentType = "application/json"

Headers = @{authorization = "X-Auth-Token:ST-3166-nHrsi63Rbvkwze5aznoN-cas" }

}

$response = Invoke-RestMethod @Splat

After running the script (in PS admin window), I'm getting the following error:

Invoke-RestMethod : { "response":{"errorCode":"RBAC","message":"Failed to provide a CAS service ticket to validate","detail":"Failed to provide a CAS service ticket to validate"}, "version":"1.0"} At C:\psScripts\rest2.ps1:38 char:13

+ $response = Invoke-RestMethod @Splat

+ ~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException

+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

The Token is working when running a query from through Postman (see screenshot)

Thanks much in advance,

Yossi

aradford · ‎07-11-2017

Hi Yosef,

the header is called "x-auth-token", not "authorisation". Did you try:

Headers = @{X-Auth-Token = "ST-3166-nHrsi63Rbvkwze5aznoN-cas" }

Adam

View solution in original post

aradford · ‎07-11-2017

Hi Yosef,

the header is called "x-auth-token", not "authorisation". Did you try:

Headers = @{X-Auth-Token = "ST-3166-nHrsi63Rbvkwze5aznoN-cas" }

Adam

ymeloch · ‎07-11-2017

Thanks for the prompt reply!

I changed that to the following and it worked well (command: https://10.122.6.150/api/v1/discovery/count)

Headers = @{“X-Auth-Token” = "ST-3166-nHrsi63Rbvkwze5aznoN-cas" }

So the updated script is:

::CheckCertificateRevocationList = $false;

Add-Type @"

using System;

using System.Net;

using System.Net.Security;

using System.Security.Cryptography.X509Certificates;

public class ServerCertificateValidationCallback

{

public static void Ignore()

{

ServicePointManager.ServerCertificateValidationCallback +=

delegate

(

Object obj,

X509Certificate certificate,

X509Chain chain,

SslPolicyErrors errors

)

{

return true;

};

}

"@

::Ignore();

::CheckCertificateRevocationList = $false;

;

$Splat = @{

Method = 'GET'

Uri = 'https://10.122.6.150/api/v1/discovery/count'

ContentType = "application/json"

Headers = @{"X-Auth-Token" = "ST-3166-nHrsi63Rbvkwze5aznoN-cas" }

}

$response = Invoke-RestMethod @Splat

Write-Host $response

Now, I wonder why I’m getting:

“@{response=; version=1.0}” when I query for https://10.122.6.150/api/v1/discovery/1

Or

“@{response=System.Object[]; version=1.0}” when I query for https://10.122.6.150/api/v1/network-device

Probably something w/ the $response statement export…

Thanks!

ymeloch · ‎07-11-2017

I changed the “Write-Host $response” to “Write-output $response” and I do see additional lines, yet, many other lines are missing…

The expected response:

And for each key:

BTW, I do know that the $response contain all the info

aradford · ‎07-11-2017

It looks pretty close. Not all fields will be populated.

It should match the postman output?

Adam

ymeloch · ‎07-11-2017

Since the “$response” variable contain all the date, I would think so…

Darren Starr · ‎07-25-2017

I started a Powershell for APIC-EM module today. I am building it to automate deployment of 18,000 remote sites via PnP and templates.

https://github.com/darrenstarr/APICEMPowershell

I've only been working on it for a few hours so far, but it should be able to automate the entire process of claiming new devices, filling in template variables and deploying them by this time tomorrow. I hope to add a far more advanced templating system by the same time the following day. It's all MIT license and will be available as "Find-Module -Name 'APICEMPowerShell' | Install-Module" as soon as I find a work around in PSScriptAnalyzer for handling clear text passwords as function parameters.

I'll post some coding guidelines for submitting pull requests soon.

You may or may not find the code to be a good solution for you and I would welcome contributions.

P.S. I'm doing the project for free because I needed an excuse to do it anyway. I'll also implement a PowerShell DSC resource to automate the full installation as well as some automation of management of APIC-EM once I find a good solution for rebuilding Linux ISO files on Windows. I'm experimenting with automating the process on ISE with Ubuntu subsystem for Windows.

P.P.S. I'm automating the entire process of rolling out a Windows Server 2016 and Cisco infrastructure based on Microsoft Network Controller, PowerShell DSC, Docker, APIC-EM, MS R&RAS and ISE on UCS at : https://github.com/darrenstarr/cDayZeroDeploy this too is open source.

P.P.P.S. If you're wondering why... it's bet than watching TV.

aradford · ‎07-25-2017

Awesome Darren,

let me know if you need any help with the APIC-EM API calls.

Adam

ymeloch · ‎07-25-2017

Super cool!

Let me know if I can help.