Skip to content

Adding sample perl and shell script for CA migration api's #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Adding sample perl and shell script for CA migration api's #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
487184c
Adding sample script for CA migration api's
Jun 1, 2020
4dc9d9f
some ractification
Jun 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
123 changes: 123 additions & 0 deletions snippets/curl/activate_migration.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
#!/bin/sh

#####################n#####################################################

# This script demonstrates how to activate the new CA.
# To activate the CA migration, a user needs to have proper permissions.

# This script requires jq command-line JSON parser
# if your system does not have jq installed, this will not work.
# jq can be downloaded from here: https://github.com/stedolan/jq/releases

###########################################################################

port=1556
master_server=""
login_username=""
login_password=""
login_domainname=""
login_domaintype=""
force=0
reason=""

showHelp()
{
echo ""
echo "Invalid command parameters"
echo "Usage:"
echo "./activate_migration.sh -nbmaster <master_server> -login_username <login_username> -login_password <login_password> -login_domainname <login_domain_name> -login_domaintype <login_domaintype> [-reason | -r <reason_for_migration>] [-force | -f]"
echo "-nbmaster : Name of the NetBackup master server"
echo "-login_username : User name of the user performing action"
echo "-login_password : Password of the user performing action"
echo "-login_domainname : Domain name of the user performing action"
echo "-login_domaintype : Domain type of the user performing action"
echo "-reason | -r : Reason for activation of the new CA"
echo "-force | -f : Forcefully activate the new CA"
echo ""
exit 1
}

parseArguments()
{
if [ $# -lt 10 ] && [ $# -gt 14 ]; then
showHelp
fi

while [ "$1" != "" ]; do
case $1 in
-nbmaster)
master_server=$2
;;
-login_username)
login_username=$2
;;
-login_password)
login_password=$2
;;
-login_domainname)
login_domainname=$2
;;
-login_domaintype)
login_domaintype=$2
;;
-force|-f)
force=1
;;
-reason|-r)
reason=$2
;;
*)
showHelp
;;
esac
shift 2
done

if [ -z "$master_server" ] || [ -z "$login_username" ] || [ -z "$login_password" ] || [ -z "$login_domainname" ] || [ -z "$login_domaintype" ]; then
showHelp
fi

if [ "${login_domaintype^^}" = "WINDOWS" ] || [ "${login_domaintype^^}" = "NT" ]; then
login_domaintype="nt"
fi
}

###############main############

parseArguments "$@"

basepath="https://$master_server:$port/netbackup"
content_header='content-type:application/json'

##############login#############

uri="$basepath/login"

data=$(jq --arg name $login_username --arg pass $login_password --arg dname $login_domainname --arg dtype $login_domaintype \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quote the shell parameters. No idea what crazy characters might be in any of those.

Suggested change
data=$(jq --arg name $login_username --arg pass $login_password --arg dname $login_domainname --arg dtype $login_domaintype \
data=$(jq --arg name "$login_username" --arg pass "$login_password" --arg dname "$login_domainname" --arg dtype "$login_domaintype" \

--null-input '{userName: $name, password: $pass, domainName: $dname, domainType: $dtype}')

jwt=$(curl --silent -k -X POST $uri -H $content_header -d "$data" | jq --raw-output '.token')

##############jobs##############
auth_header="authorization:$jwt"
content_header='content-type:application/vnd.netbackup+json;version=4.0'
uri="$basepath/security/certificate-authorities/activate"

# Construct request body
request_body="{"
request_body="${request_body}\"data\": {"
request_body="${request_body}\"type\": \"nbcaMigrationActivateRequest\","
request_body="${request_body}\"attributes\": {"
if [ $force == 1 ]; then
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The == operator is a Bash extension. Standard Posix uses = for comparisons.

request_body="${request_body}\"force\" : \"true\""
fi
request_body="${request_body}}}}"
Comment on lines +107 to +114
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since you already know you have jq, you may as well use it to generate syntactically valid JSON without a bunch of string concatenations.

Suggested change
request_body="{"
request_body="${request_body}\"data\": {"
request_body="${request_body}\"type\": \"nbcaMigrationActivateRequest\","
request_body="${request_body}\"attributes\": {"
if [ $force == 1 ]; then
request_body="${request_body}\"force\" : \"true\""
fi
request_body="${request_body}}}}"
request_body=$(jq -n --argjson force "$force" '{
data: {
type: "nbcaMigrationActivateRequest",
attributes: {
force: (if $force == 1 then "true" else "false"),
},
}
}')


if [ -z $reason ]; then
curl --silent -k -X POST "$uri" -H "$content_header" -H "$auth_header" -d "$request_body" | jq
else
audit_reason="X-NetBackup-Audit-Reason:$reason";
curl --silent -k -X POST "$uri" -H "$content_header" -H "$auth_header" -H "$audit_reason" -d "$request_body" | jq
fi

exit 0
122 changes: 122 additions & 0 deletions snippets/curl/complete_migration.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
#!/bin/sh

#####################n#####################################################

# This script demonstrates how to complete the CA migration.

# This script requires jq command-line JSON parser
# if your system does not have jq installed, this will not work.
# jq can be downloaded from here: https://github.com/stedolan/jq/releases

###########################################################################

port=1556
master_server=""
login_username=""
login_password=""
login_domainname=""
login_domaintype=""
reason=""
force=0

showHelp()
{
echo ""
echo "Invalid command parameters"
echo "Usage:"
echo "./complete_migration.sh -nbmaster <master_server> -login_username <login_username> -login_password <login_password> -login_domainname <login_domain_name> -login_domaintype <login_domaintype> [-reason | -r <reason_for_migration>] [-force | -f]"
echo "-nbmaster : Name of the NetBackup master server"
echo "-login_username : User name of the user performing action"
echo "-login_password : Password of the user performing action"
echo "-login_domainname : Domain name of the user performing action"
echo "-login_domaintype : Domain type of the user performing action"
echo "-reason | -r : Reason for completing the CA migration"
echo "-force | -f : Forcefully complete the CA migration"
echo ""
exit 1
}

parseArguments()
{
if [ $# -ne 10 ] && [ $# -ne 11 ] && [ $# -ne 12 ] && [ $# -ne 13 ]; then
showHelp
fi

while [ "$1" != "" ]; do
case $1 in
-nbmaster)
master_server=$2
;;
-login_username)
login_username=$2
;;
-login_password)
login_password=$2
;;
-login_domainname)
login_domainname=$2
;;
-login_domaintype)
login_domaintype=$2
;;
-force|-f)
force=1
Comment on lines +62 to +63
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since -force doesn't consume $2, it must be the final parameter on the command line. I realize it's also listed last in the synopsis, but that's a really subtle detail. Most programs will accept options in any order, and indeed, this program accepts all the other options in any order.

You can fix this by using shift in each case branch according to how many arguments each branch consumes, instead of assuming each branch always consumes two arguments.

;;
-reason|-r)
reason=$2
;;
*)
showHelp
;;
esac
shift 2
done

if [ -z "$master_server" ] || [ -z "$login_username" ] || [ -z "$login_password" ] || [ -z "$login_domainname" ] || [ -z "$login_domaintype" ]; then
showHelp
fi

if [ "${login_domaintype^^}" = "WINDOWS" ] || [ "${login_domaintype^^}" = "NT" ]; then
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The shebang line says this runs as /bin/sh, but the ^^ parameter-expansion modifier is a Bash extension. It's not in standard sh. You can use something like tr '[:lower:]' '[:upper:]' to convert a string to uppercase.

login_domaintype="nt"
fi
}

###############main############

parseArguments "$@"

basepath="https://$master_server:$port/netbackup"
content_header='content-type:application/json'

##############login#############

uri="$basepath/login"

data=$(jq --arg name $login_username --arg pass $login_password --arg dname $login_domainname --arg dtype $login_domaintype \
--null-input '{userName: $name, password: $pass, domainName: $dname, domainType: $dtype}')

jwt=$(curl --silent -k -X POST $uri -H $content_header -d "$data" | jq --raw-output '.token')

##############jobs##############
auth_header="authorization:$jwt"
content_header='content-type:application/vnd.netbackup+json;version=4.0'
uri="$basepath/security/certificate-authorities/migration-complete"

# Construct request body
request_body="{"
request_body="${request_body}\"data\": {"
request_body="${request_body}\"type\": \"nbcaMigrationCompleteRequest\","
request_body="${request_body}\"attributes\": {"
if [ $force == 1 ]; then
request_body="${request_body}\"force\" : \"true\""
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think force is documented to be a Boolean, but this sends it as a string.

fi
request_body="${request_body}}}}"

if [ -z $reason ]; then
curl --silent -k -X POST "$uri" -H "$content_header" -H "$auth_header" -d "$request_body" | jq
else
audit_reason="X-NetBackup-Audit-Reason:$reason";
curl --silent -k -X POST "$uri" -H "$content_header" -H "$auth_header" -H "$audit_reason" -d "$request_body" | jq
fi

exit 0
121 changes: 121 additions & 0 deletions snippets/curl/initiate_migration.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
#!/bin/sh

#####################n#####################################################

# This script demonstrates how to initiate CA migration.
# To initiate the CA migration, a user needs to have proper permissions.

# This script requires jq command-line JSON parser
# if your system does not have jq installed, this will not work.
# jq can be downloaded from here: https://github.com/stedolan/jq/releases

###########################################################################

port=1556
master_server=""
login_username=""
login_password=""
login_domainname=""
login_domaintype=""
keysize=""
reason=""

showHelp()
{
echo ""
echo "Invalid command parameters"
echo "Usage:"
echo "./initiate_migration.sh -nbmaster <master_server> -login_username <login_username> -login_password <login_password> -login_domainname <login_domain_name> -login_domaintype <login_domaintype> -keysize | -k <key_size> [-reason | -r <reason_for_migration>]"
echo "-nbmaster : Name of the NetBackup master server"
echo "-login_username : User name of the user performing action"
echo "-login_password : Password of the user performing action"
echo "-login_domainname : Domain name of the user performing action"
echo "-login_domaintype : Domain type of the user performing action"
echo "-keysize | -k : NetBackup CA key strength"
echo "-reason | -r : Reason for initiating CA migration"
echo ""
exit 1
}

parseArguments()
{
if [ $# -ne 12 ] && [ $# -ne 14 ]; then
showHelp
fi

while [ "$1" != "" ]; do
case $1 in
-nbmaster)
master_server=$2
;;
-login_username)
login_username=$2
;;
-login_password)
login_password=$2
;;
-login_domainname)
login_domainname=$2
;;
-login_domaintype)
login_domaintype=$2
;;
-keysize | -k)
keysize=$2
;;
-reason | -r)
reason=$2
;;
*)
showHelp
;;
esac
shift 2
done

if [ -z "$master_server" ] || [ -z "$login_username" ] || [ -z "$login_password" ] || [ -z "$login_domainname" ] || [ -z "$login_domaintype" ] || [ -z "$keysize" ]; then
showHelp
fi

if [ "${login_domaintype^^}" = "WINDOWS" ] || [ "${login_domaintype^^}" = "NT" ]; then
login_domaintype="nt"
fi
}

###############main############

parseArguments "$@"

basepath="https://$master_server:$port/netbackup"
content_header='content-type:application/json'

##############login#############

uri="$basepath/login"

data=$(jq --arg name $login_username --arg pass $login_password --arg dname $login_domainname --arg dtype $login_domaintype \
--null-input '{userName: $name, password: $pass, domainName: $dname, domainType: $dtype}')

jwt=$(curl --silent -k -X POST $uri -H $content_header -d "$data" | jq --raw-output '.token')

##############jobs##############
auth_header="authorization:$jwt"
content_header='content-type:application/vnd.netbackup+json;version=4.0'
uri="$basepath/security/certificate-authorities/initiate-migration"

# Construct request body
request_body="{"
request_body="${request_body}\"data\": {"
request_body="${request_body}\"type\": \"initiateCAMigrationRequest\","
request_body="${request_body}\"attributes\": {"
request_body="${request_body}\"keySize\" : \"${keysize}\""
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think keySize is documented to be an integer, but this sends it as a string.

request_body="${request_body}}}}"

if [ -z $reason ]; then
curl --silent -k -X POST "$uri" -H "$content_header" -H "$auth_header" -d "$request_body" | jq
else
audit_reason="X-NetBackup-Audit-Reason:$reason";
curl --silent -k -X POST "$uri" -H "$content_header" -H "$auth_header" -H "$audit_reason" -d "$request_body" | jq
fi

exit 0
12 changes: 12 additions & 0 deletions snippets/perl/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,3 +126,15 @@ API key Details:

- Use the following command to use API key instead of JWT to trigger a NetBackup REST API on your NetBackup Master server:
- `perl apikey_usage.pl -nbmaster <master_server> -apikey <apikey> [--verbose]`

CA Migration Details:

- Use the following command to initiate the NetBackup CA migration on your NetBackup Master server:
- `perl initiate-migration.pl -nbmaster <master_server> -login_username <login_username> -login_password <login_password> [-login_domainname <login_domain_name> -login_domaintype <domain_type>] -keysize <keysize> [-reason <reason>] [--verbose]`

- Use the following command to activate the new NetBackup CA on your NetBackup Master server:
- `perl activate_migration.pl -nbmaster <master_server> -login_username <login_username> -login_password <login_password> [-login_domainname <login_domain_name> -login_domaintype <domain_type>] [-reason <reason>] [--force] [--verbose]`

- Use the following command to complete the NetBackup CA migration on your NetBackup Master server:
- `perl complete_migration.pl -nbmaster <master_server> -login_username <login_username> -login_password <login_password> [-login_domainname <login_domain_name> -login_domaintype <domain_type>] [-reason <reason>] [--force] [--verbose]`
Comment on lines +133 to +139
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why using single dash for some options and double dash for others?


Loading