I've successfully downloaded a file from Artifactory (Generic Repo) via a WebClient object. I'm having troubles uploading a file via the same method. I'm trying to figure out the simplest method for uploading via Powershell to our server.
Please note that installing other utilities like Curl is not an option at this point. I'm writing automation scripts and want to stick with a basic Windows 2008 r2 server, no installing other utilities since I can't count on them being there across all the servers.
If someone has an example script utilizing the Rest API, that would be perfect!
Example of the download code (this works):
$SOURCE = "https://artifactory.example.com/artifactory/net-generic-local/APP/BF_1.0.zip"
$DESTINATION = ".\BF_1.0.zip"
$AF_USER ="user"
$AF_PWD ="password"
$WebClient = New-Object System.Net.WebClient
$WebClient.Credentials = New-Object System.Net.NetworkCredential($AF_USER,$AF_PWD)
$WebClient.DownloadFile($SOURCE,$DESTINATION)
This is an example of the upload code (does not work):
$SOURCE = ".\BF_2.0.zip"
$DESTINATION = "https://artifactory.example.com/artifactory/net-generic-local/APP/BF_2.0.zip"
$AF_USER ="user"
$AF_PWD ="password"
$WebClient = New-Object System.Net.WebClient
$WebClient.Credentials = New-Object System.Net.NetworkCredential($AF_USER, $AF_PWD)
$URI = New-Object System.Uri($DESTINATION)
$WebClient.UploadFile($URI,$SOURCE)
This is the error I'm getting from the upload:
Exception calling "UploadFile" with "2" argument(s): "The remote server returned an error: (405) Method Not Allowed."
At E:\transient\af_put.ps1:8 char:1
+ $WebClient.UploadFile($URI,$SOURCE)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
I tried the Invoke-WebRequest option and was able to get this to work:
$URI = New-Object System.Uri("https://artifactory.example.com/artifactory/net-generic-local/APP/BF_2.0.zip")
$SOURCE = ".\BF_2.0.zip"
$AF_USER = "user"
$AF_PWD = ConvertTo-SecureString "password" -AsPlainText -Force
$CREDS = New-Object System.Management.Automation.PSCredential ($AF_USER, $AF_PWD)
Invoke-WebRequest -Uri $URI -InFile $SOURCE -Method Put -Credential $CREDS
Had to create a PSCrendential object so it would not prompt for the user password. But other then that, this work exactly as I needed.
The reason for your issue is HTTP method used by UploadFile.
By default UploadFile uses POST, while to upload file to Artifactory you need to use PUT method. That is why you get 405 "Method Not Allowed" response.
To fix this use UploadFile overload with three parameters like shown here:
https://msdn.microsoft.com/en-us/library/ms144230(v=vs.110).aspx
So the correct version of the code will look like:
$SOURCE = ".\BF_2.0.zip"
$DESTINATION = "https://artifactory.example.com/artifactory/net-generic-local/APP/BF_2.0.zip"
$AF_USER ="user"
$AF_PWD ="password"
$WebClient = New-Object System.Net.WebClient
$WebClient.Credentials = New-Object System.Net.NetworkCredential($AF_USER, $AF_PWD)
$URI = New-Object System.Uri($DESTINATION)
$METHOD = "PUT"
$WebClient.UploadFile($URI, $METHOD, $SOURCE)
I don't have Artifactory handy, but you might want to try the Invoke-RestMethod PowerShell cmdlet, available in box from PowerShell v3 and higher. Here's a sample of how to do that.
You'll need credentials, and based on their REST documentation, basic authentication of the type we can get with the -Credential param of Invoke-RestMethod should cover us there.
You'll also need to provide a message $body with your request. Look at the JSON sample here from their docs, and then edit the $body I've given as a starting point.
$credential = Get-Credential
$body = #{action="Upload";param2="Data";param3="Data";} | ConvertTo-Json
Invoke-RestMethod -uri "http://localhost:8080/artifactory/api/build" `
-ContentType "application/json" -method POST -body $body -Credential
I must say, this is one of the more complex examples of a REST API that I've seen, so to make this easier, I would install curl on a machine and use Fiddler to capture a trace successfully uploading a file. To make things even easier, you could also do this using the Artifactory UI from a browser to upload a file, and simple record a trace of the upload step. Then, grab the JSON in the request and use that as a starting point.
My answer is certainly derivative, but this is what worked for me when pushing something to my Artifactory repo from powershell using an API token for authentication:
$credential_bytes = [System.Text.Encoding]::UTF8.GetBytes($username + ":" + $api_token)
$credentials = [System.Convert]::ToBase64String($credential_bytes)
$credential_header = "Basic " + $credentials
Invoke-WebRequest -Uri $artifactory_dest_url -InFile "my_file.zip" -Method Put -Headers #{"Authorization"="$credential_header"}
Sigh. I regret that I'm using Powershell. What am I doing with my life? Anyway, it works. Moving on.
Props to FoxDeploy and Maclnos.
The JFrog knowledgebase offers an example upload to Artifactory via PowerShell. This example uses Invoke-RestMethod as in FoxDeploy's previous answer, but uses an -InFile parameter and a different content type, as follows:
Invoke-RestMethod -uri <complete URI to where the artifact will be in Artifactory>
-Method Put -InFile <path of file to upload> -Credential <PS creds>
-ContentType "multipart/form-data" -TimeoutSec <in seconds>
Related
So my organization has tasked me with cleaning up some of the security issues in regards to some automated scripts that have hard coded passwords within the scripts that are running as automated tasks. One such task contains SFTP scripts that export and import files to and from with the password, host name, credentials, port, and everything exposed within the script. As a result, I would like to first see about how to call such credentials within a separate file that can be hidden and two see about encryption and salting it later. But my main focus is getting them out of the script in case traffic is every intercepted. Here is what the PowerShell code looks like:
param (
$localPath = 'E:\FTP\SchooLinks\course_requests.csv',
$remotePath = '/schoolinks_exports/course_planning/course_requests.csv'
)
try
{
# Load WinSCP .NET assembly
Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll"
# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property #{
Protocol = [WinSCP.Protocol]::Sftp
HostName = "<domain_name>"
UserName = "<username>"
Password = "<password>"
SshHostKeyFingerprint = "<fingerprint>"
}
$session = New-Object WinSCP.Session
try
{
# Connect
$session.Open($sessionOptions)
# Upload files
$transferOptions = New-Object WinSCP.TransferOptions
$transferOptions.TransferMode = [WinSCP.TransferMode]::Binary
$transferResult =
$session.GetFiles($remotePath, $localPath, $False, $transferOptions)
# Throw on any error
$transferResult.Check()
# Print results
foreach ($transfer in $transferResult.Transfers)
{
Write-Host "Download of $($transfer.FileName) succeeded"
}
}
finally
{
# Disconnect, clean up
$session.Dispose()
}
exit 0
}
catch
{
Write-Host "Error: $($_.Exception.Message)"
exit 1
}
Another one that we have looks like this:
param (
$localPath = 'E:\FTP\TalentEd\SkywardApplicantExportSQL.txt',
$remotePath = '/SkywardApplicantExportSQL.txt'
)
try
{
# Load WinSCP .NET assembly
Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll"
# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property #{
Protocol = [WinSCP.Protocol]::Sftp
HostName = "<domain>"
UserName = "<username>"
Password = "<password>"
SshHostKeyFingerprint = "<sha_fingerprint>"
}
$session = New-Object WinSCP.Session
try
{
# Connect
$session.Open($sessionOptions)
# Upload files
$transferOptions = New-Object WinSCP.TransferOptions
$transferOptions.TransferMode = [WinSCP.TransferMode]::Binary
$transferResult =
$session.GetFiles($remotePath, $localPath, $False, $transferOptions)
# Throw on any error
$transferResult.Check()
# Print results
foreach ($transfer in $transferResult.Transfers)
{
Write-Host "Download of $($transfer.FileName) succeeded"
}
}
finally
{
# Disconnect, clean up
$session.Dispose()
}
exit 0
}
catch
{
Write-Host "Error: $($_.Exception.Message)"
exit 1
}
I am familiar with Python and json and calling stuff within a json file similar to the following:
import json
with open('secrets.json','r') as f:
config = json.load(f)
and calling it with (config['object']['nested_element']) within the Python script.
I would like to do something similar with PowerShell, however I have very limited knowledge to PowerShell.
Yeppers, of course, never store creds in clear text in files.
There are several ways to store credentials for use. Secure file (xml, etc..), the registry, or Windows Credential Manager and this is well documented on Microsoft sites, as well as in many articles all over the web and via Q&A's on StackOverflow.
Just search for 'securely store credentials PowerShell'
Sample results...
Working with Passwords, Secure Strings and Credentials in Windows
PowerShell
How to run a PowerShell script against multiple Active Directory
domains with different credentials
Accessing Windows Credentials Manager from PowerShell
Save Encrypted Passwords to Registry for PowerShell
...and/or the modules via the MS powershellgallery.com directly installable from your PowerShell environments.
Find-Module -Name '*cred*' |
Format-Table -AutoSize
<#
# Results
Version Name Repository Description
------- ---- ---------- -----------
2.0 CredentialManager PSGallery Provides access to credentials in the Windows Credential Manager
2.0.168 VcRedist PSGallery A module for lifecycle management of the Microsoft Visual C++ Redistributables. Downloads the supp...
1.3.0.0 xCredSSP PSGallery Module with DSC Resources for WSMan CredSSP.
1.1 VPNCredentialsHelper PSGallery A simple module to set the username and password for a VPN connection through PowerShell. Huge tha...
1.0.11 pscredentialmanager PSGallery This module allows management and automation of Windows cached credentials.
4.5 BetterCredentials PSGallery A (compatible) major upgrade for Get-Credential, including support for storing credentials in Wind...
1.0.4 WindowsCredential PSGallery Management module for Windows Credential Store.
...
#>
So many thanks to #postanote and #Martin Prikryl I was able to figure this out.
You can basically use a config.xml file with contents similar to this:
<Configuration>
<localPath>insert_local_file_path</localPath>
<remotePath>insert_remote_file_path</remotePath>
<Protocol>[WinSCP.Protocol]::Sftp</Protocol>
<HostName>insert_hostname</HostName>
<UserName>username</UserName>
<Password>mypassword</Password>
<SshHostKeyFingerPrint>fingerprint</SshHostKeyFingerPrint>
</Configuration>
From here you can use the following at the beginning of your template:
# Read XML configuration file
[xml]$config = Get-Content ".\config.xml"
param (
$localPath = $config.Configuration.localPath
$remotePath = $config.Configuration.remotePath
)
try
{
# Load WinSCP .NET assembly
Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll"
# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property #{
Protocol = $config.Configuration.Protocol
HostName = $config.Configuration.HostName
UserName = $config.Configuration.UserName
Password = $config.Configuration.Password
SshHostKeyFingerprint = $config.Configuration.SshHostKeyFingerprint
}
I have more SFTP templates here people can use at
https://github.com/Richard-Barrett/ITDataServicesInfra/tree/master/SFTP
This is my url
https://webmail.fasttrackteam.com/Login.aspx
I am able to open this path in IE.
but unable to set loginid & password.
Also dont know how to fire click event.
following is code that I have tried.
$ie = New-Object -com InternetExplorer.Application
$ie.Navigate("https://webmail.fasttrackteam.com/Login.aspx")
$ie.visible = $true
$doc = $ie.document
$user = $doc.getElementById("ctl00_MPH_txtUserName")
$password = $doc.getElementById("ctl00_MPH_txtPassword")
$submit = $doc.getElementById("ctl00_MPH_btnEnterClick")
$user.value = "emailid"
$password.value = "password"
$submit.Click();
$ie.Quit();
$ie.Document.body | Out-File -FilePath C:\Users\amol.kshirsagar\Documents\FastTrack\Work\Extra\AutoLogin\log.txt
EDIT
This is error that I am getting,
You cannot call a method on a null-valued expression.
You call the Quit() method before accessing the Document.body member. As the Quit() call, well, quits the application, don't you think it should be somewhat peculiar to access its data afterwards?
Try accessing the member first, then quitting the browser instance.
Here is a PowerShell script to trigger Internet Explorer, open LinkedIn login page and enter some text in the username text field.
$ie = New-Object -Com "InternetExplorer.Application"
$ie.Navigate("www.linkedIn.com")
$ie.Visible = $true
$doc = $ie.document
$usernameElement = $doc.getElementByTagName("input") | Where-Object {$_.id = "session_key-login""}
$usernameElement.Click()
Get-Process iexplore | Foreach-Object {$_.CloseMainWindow()}
Unfortunately, I keep getting the following error:
You cannot call a method on a null-valued expression.
At C:\Users\Pinku\Desktop\Untitled1.ps1:7 char:23
+ $usernameElement.Click <<<< ()
+ CategoryInfo : InvalidOperation: (Click:String) [], RuntimeExcepti
on
+ FullyQualifiedErrorId : InvokeMethodOnNull
I have tried but have not been able to alleviate myself from this issue.Please suggest!
Instead of using $doc.getElementsByTagName("input") and then trying to filter through the results, try retrieving the ID directly using getElementById:
$usernameElement = $doc.getElementById("session_key-login")
$usernameElement.Click()
---Edit---
Response to still getting the null-valued expression after using the above:
The error message is that it can't find any elements called "session_key-login", and so it returns $null, and hence, when you try to invoke the Click() method, it throws the error. Some things to try:
-Check to see if the id exists. Run the following code after creating your $ie object, and see if there is an ID that matches "session_key-login":
$ie = New-Object -Com "InternetExplorer.Application"
$ie.Navigate("www.linkedIn.com")
$ie.Visible = $true
$doc = $ie.document
$doc.getElementsByTagName("Input") | Select Id, Name
-Try running your PowerShell session as Administrator. I know I wasn't able to launch IE properly until I ran PowerShell as Administrator. For ex. even though the iexplore process was created, the physical Internet Explorer window didn't open for me.
When executing this code, I received the error below:
$filesExist = Test-Path($file)
if ($filesExist) {
$shell_app=new-object -com shell.application
$zip_file = Get-Item "$mindCrackFolder\files.zip"
$destination = Get-Item $mindCrackFolder
$destination.Copyhere($zip_file.items(), 0x14)
#Remove-Item "$zip_file"
#Remove-Item "install.ps1"
}
Error:
Method invocation failed because [System.IO.FileInfo] doesn't contain a method named 'items'.
At C:\Users\User1\Desktop\ps install\install.ps1:33 char:5
+ $destination.Copyhere($zip_file.items(), 0x14)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
But I already convertered $destination into a IO object to be manipulated? Can I get any help, this my first time experimenting with PS.
This has nothing do with $destination. $zip_file.items() is evaluated first and the error message is telling you that the .NET System.IO.FileInfo object returned by Get-Item has no Items() method. Get-Item only returns an object that provides information about a file - size, last write time, readonly or not, etc. You can't use Get-Item to access the contents of a ZIP file.
If you need to extract the contents of the ZIP file, consider using the PowerShell Community Exensions' Expand-Archive cmdlet.
The errors is talking about the object you use the items() method on = $zip_file. Powershell doesn't have built-in zip support, you gotta create it(using shell.application com-object, google it) or add a .net library. $zip_file is just a simple FileInfo object just as the ones you get from dir(Get-ChildItem). It does not contain an items() method.
Solution: as previously said, google powershell zip files to read about how you can use zip files in powershell. My suggestion is DotNetZip
I don't know what and where you learned these, but you seem to have copied some code wrongly and made changes ad-hoc. Try the below script which does what you want:
$shell_app=new-object -com shell.application
$filename = "test.zip"
$zip_file = $shell_app.namespace((Get-Location).Path + "\$filename")
$destination = $shell_app.namespace((Get-Location).Path)
$destination.Copyhere($zip_file.items(), 0x14)
The items and copyHere method are not available on FileInfo objects, which is what you get from Get-Item. Use them as shown above.
I am running this script as Admin and It does create the folders requred, just does not set the appropriate permissions.
$Users = Get-Content "D:\New_Users.txt"
ForEach ($user in $users)
{
$newPath = Join-Path "F:\Users" -childpath $user
New-Item $newPath -type directory
$UserObj = New-Object System.Security.Principal.NTAccount("DOMAIN",$user)
$acl = Get-Acl $newpath
$acl.SetAccessRuleProtection($True, $False)
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("O1OAK\$user","AppendData,CreateDirectories,CreateFiles,DeleteSubdirectoriesAndFiles,ExecuteFile,ListDirectory,Modify,Read,ReadAndExecute,ReadAttributes,ReadData,ReadExtendedAttributes,ReadPermissions,Synchronize,Traverse,Write,WriteAttributes,WriteData,WriteExtendedAttributes","ContainerInherit, ObjectInherit","None","Allow")
$acl.SetAccessRule($accessRule)
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","ContainerInherit, ObjectInherit","None","Allow")
$acl.SetAccessRule($accessRule)
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators","FullControl","ContainerInherit, ObjectInherit","None","Allow")
$acl.SetAccessRule($accessRule)
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("1OAK\$user","Delete","ContainerInherit, ObjectInherit","None","Allow")
$acl.removeAccessRule($accessRule)
$acl.SetOwner($UserObj)
$acl | Set-Acl $newpath
}
The first error in a string of 3 that I get is below. I think it is the most important and will fix the other 2.
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At D:\DOMAIN\IT\IT Private\User Drives\user_folders.ps1:12 char:20
+ $acl.SetAccessRule <<<< ($accessRule)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
The error is pretty self explanatory: Some or all identity references could not be translated.
This means the account couldn't be found. So what you have to do is verify your accounts. Since you're adding 4 ACE's, you'll need to identify which is invalid.
The easiest way to do this is to debug through, line by line using the ISE or PowerGUI.
I tried your code with "NT AUTHORITY\SYSTEM" and "BUILTIN\Administrators" and it works so the issue is with "O1OAK\$user" or "1OAK\$user". You likely have an invalid account in your text file.
a gotch with the user ID is that AD truncates the username, so a user with a long name "j_reallylongname" will have a samid (Security Account Manager (SAM) account name) which is truncated. (j_reallylong)
so when fetching usernames, make sure you verify against the AD before using it.
When i've got the upns, so i run a dsget query to get the samid then use that to build the identity reference.
Adding this in case any C#/ASP.NET developers get this (which is my scenario, and I found this post).
I am using .NET Core in a corporate environment, and I need to check UserGroups as part of security. The code is like (where "user" is a ClaimsPrincipal):
var windowsIdentity = user.Identity as WindowsIdentity;
if( windowsIdentity is null )
throw new Exception( $"Invalid Windows Identity {user.Identity.Name}" );
return windowsIdentity.Groups
.Select( g => g.Translate( typeof( NTAccount ) ).Value );
Anyway, someone in charge of groups deleted a group I was part of, and the AD replication lag caused me to get the error in the title. A logoff and/or reboot worked just fine.
For me it was a case of where i verified whether the script execution knew the password by using $user = Get-Credential "username". i had to turn my $user into $user.UserName To give the script parameters the value they were expecting