Merge branch 'master' into ifw_api_arguments

Author: LordHepipud

README.md

@@ -1,3 +1,10 @@
+[![PowerShell Version](https://img.shields.io/badge/PowerShell-5.1-777BB4?logo=PowerSHell)](https://learn.microsoft.com/en-US/powershell/scripting/install/installing-powershell-on-windows?view=powershell-5.1)
+[![GitHub Tag](https://img.shields.io/github/tag/Icinga/icinga-powershell-framework.svg)](https://github.com/Icinga/icinga-powershell-framework/releases/latest)
+[![GitHub Issues](https://img.shields.io/github/issues-search?query=repo%3Aicinga%2Ficinga-powershell-framework%20is%3Aopen%20is%3Aissue&label=Issues&color=red
+)](https://github.com/Icinga/icinga-powershell-framework/issues)
+[![GitHub Pull Requests](https://img.shields.io/github/issues-search?query=repo%3Aicinga%2Ficinga-powershell-framework%20is%3Aopen%20is%3Apr&label=Pull%20Requests&color=green
+)](https://github.com/Icinga/icinga-powershell-framework/pulls)
+
 Icinga PowerShell Framework
 ==============
 

doc/100-General/10-Changelog.md

@@ -18,12 +18,18 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 * [#615](https://github.com/Icinga/icinga-powershell-framework/issues/615) Fixes the framework migration tasks which fails in case multiple versions of the framework are installed, printing warnings in case there is
 * [#617](https://github.com/Icinga/icinga-powershell-framework/issues/617) Fixes failing calls for plugins which use a switch argument like `-NoPerfData`, which is followed directly by the `-ThresholdInterval` argument
 * [#621](https://github.com/Icinga/icinga-powershell-framework/pull/621) Fixes `-ThresholdInterval` key detection on newer systems
+* [#645](https://github.com/Icinga/icinga-powershell-framework/pull/645) Fixes error and exception handling while using API-Checks, which now will in most cases always return a proper check-result object and also abort while running into plugin execution errors, in case a server is not reachable by the time sync plugin for example
 
 ### Enhancements
 
+* [#544](https://github.com/Icinga/icinga-powershell-framework/issues/544) Adds support to configure the Icinga Director JSON string for registering hosts via self-service API
 * [#619](https://github.com/Icinga/icinga-powershell-framework/pull/619) Adds feature to securely read enum provider values with new function `Get-IcingaProviderEnumData`
 * [#623](https://github.com/Icinga/icinga-powershell-framework/issues/623) Adds support to provide the Icinga service user written as `user@domain`
 * [#633](https://github.com/Icinga/icinga-powershell-framework/pull/633) Adds support for Icinga 2.14.0 native Icinga for Windows API communication
+* [#635](https://github.com/Icinga/icinga-powershell-framework/pull/635) Adds support for `Write-IcingaAgentApiConfig` function to configure the Icinga Agent TLS cipher list setting by new argument `-CipherList`
+* [#640](https://github.com/Icinga/icinga-powershell-framework/issues/640) Adds support to set the flag `-NoSSLValidation` for Cmdlets `icinga` and `Install-Icinga`, to ignore errors on self-signed certificates within the environment
+* [#643](https://github.com/Icinga/icinga-powershell-framework/pull/643) Adds support for `-RebuildCache` flag on `icinga` cmd to rebuild component cache as well
+* [#644](https://github.com/Icinga/icinga-powershell-framework/pull/644) Adds progress bar output to repository interaction (sync, update, new) instead of plain text output
 
 ## 1.10.1 (2022-12-20)
 

doc/110-Installation/01-Getting-Started.md

@@ -6,7 +6,7 @@ Icinga for Windows provides tools and functionality to entirely manage itself. T
 
 * Windows 2012 R2 or later
 * PowerShell Version 4.0 or later
-* [Execution Policies](https://docs.microsoft.com/de-de/powershell/module/microsoft.powershell.core/about/about_execution_policies) allowing module/script execution
+* [Execution Policies](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies) allowing module/script execution
 * Access to [packages.icinga.com](https://packages.icinga.com) at least from one location
 
 ## Installation Dependencies

doc/130-JEA/01-JEA-Profiles.md

@@ -2,7 +2,7 @@
 
 Starting with Icinga for Windows v1.6.0, we are supporting JEA profiles and provide all required tools to build a profile based on installed Icinga for Windows components.
 
-JEA stands for "Just Enough Administration" and you can read more about it on the [Microsoft Docs](https://docs.microsoft.com/de-de/powershell/scripting/learn/remoting/jea/overview).
+JEA stands for "Just Enough Administration" and you can read more about it on the [Microsoft Docs](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/overview).
 
 In short, JEA allows you to limit the access to certain Cmdlets, Functions and Binaries on the system. In addition, you can grant additional privileges to users to perform tasks, which are permitted to Administrators only in general.
 

icinga-powershell-framework.psm1

@@ -243,12 +243,13 @@ function Invoke-IcingaCommand()
     [CmdletBinding()]
     param (
         $ScriptBlock,
-        [switch]$SkipHeader    = $FALSE,
-        [switch]$Manage        = $FALSE, # Only for backwards compatibility, has no use at all
-        [switch]$Shell         = $FALSE,
-        [switch]$RebuildCache  = $FALSE,
-        [switch]$DeveloperMode = $FALSE,
-        [array]$ArgumentList   = @()
+        [switch]$SkipHeader      = $FALSE,
+        [switch]$Manage          = $FALSE, # Only for backwards compatibility, has no use at all
+        [switch]$Shell           = $FALSE,
+        [switch]$NoSSLValidation = $FALSE,
+        [switch]$RebuildCache    = $FALSE,
+        [switch]$DeveloperMode   = $FALSE,
+        [array]$ArgumentList     = @()
     );
 
     Import-LocalizedData `
@@ -280,6 +281,7 @@ function Invoke-IcingaCommand()
     }
 
     if ($RebuildCache -Or $DeveloperMode) {
+        Copy-IcingaFrameworkCacheTemplate;
         Write-IcingaFrameworkCodeCache -DeveloperMode:$DeveloperMode;
     }
 
@@ -304,10 +306,19 @@ function Invoke-IcingaCommand()
         $Shell           = $args[3];
         $IcingaShellArgs = $args[4];
         $DeveloperMode   = $args[5];
+        $NoSSLValidation = $args[6];
 
         # Load our Icinga Framework
         Use-Icinga;
 
+        # Always ensure we use the proper TLS Version
+        Set-IcingaTLSVersion;
+
+        # Ignore SSL validation in case we set the flag
+        if ($NoSSLValidation) {
+            Enable-IcingaUntrustedCertificateValidation;
+        }
+
         if ($DeveloperMode) {
             $Global:Icinga.Protected.DeveloperMode = $TRUE;
             Copy-IcingaFrameworkCacheTemplate;
@@ -336,7 +347,7 @@ function Invoke-IcingaCommand()
             return "> "
         }
 
-    } -Args $ScriptBlock, $PSScriptRoot, $IcingaFrameworkData.PrivateData.Version, ([bool]$Shell), $ArgumentList, ([bool]$DeveloperMode);
+    } -Args $ScriptBlock, $PSScriptRoot, $IcingaFrameworkData.PrivateData.Version, ([bool]$Shell), $ArgumentList, ([bool]$DeveloperMode), ([bool]$NoSSLValidation);
 
     # In case we close the newly created PowerShell, ensure we set the script root back to the Framework folder
     if (Test-Path $PSScriptRoot) {
@@ -349,13 +360,14 @@ function Invoke-IcingaCommand()
 
         # Use the same arguments again to open the IMC
         $IMCReopenArguments = @{
-            'ScriptBlock'   = $ScriptBlock;
-            'SkipHeader'    = $SkipHeader;
-            'Manage'        = $Manage;
-            'Shell'         = $Shell;
-            'RebuildCache'  = $RebuildCache;
-            'DeveloperMode' = $DeveloperMode;
-            'ArgumentList'  = $ArgumentList;
+            'ScriptBlock'     = $ScriptBlock;
+            'SkipHeader'      = $SkipHeader;
+            'Manage'          = $Manage;
+            'Shell'           = $Shell;
+            'NoSSLValidation' = $NoSSLValidation;
+            'RebuildCache'    = $RebuildCache;
+            'DeveloperMode'   = $DeveloperMode;
+            'ArgumentList'    = $ArgumentList;
         };
 
         Invoke-IcingaCommand @IMCReopenArguments;

lib/apis/Register-IcingaDirectorSelfServiceHost.psm1

@@ -61,8 +61,26 @@ function Register-IcingaDirectorSelfServiceHost()
         }
     }
 
-    $Interface          = Get-IcingaNetworkInterface $Endpoint;
-    $DirectorConfigJson = [string]::Format('{0} "address":"{2}" {1}', '{', '}', $Interface);
+    $Interface = Get-IcingaNetworkInterface $Endpoint;
+
+    if ($null -eq $Global:Icinga.InstallWizard.DirectorSelfServiceConfig) {
+        $DirectorConfigJson = [string]::Format('{{ "address": "{0}" }}', $Interface);
+    } else {
+        try {
+            $DirectorConfigJson = ConvertTo-Json -InputObject $Global:Icinga.InstallWizard.DirectorSelfServiceConfig -Compress -ErrorAction Stop;
+            $DirectorConfigJson = $DirectorConfigJson.Replace('$ifw.hostaddress$', $Interface);
+            $DirectorConfigJson = $DirectorConfigJson.Replace('$ifw.hostname.tolower$', (Get-IcingaHostname -AutoUseHostname 1 -LowerCase 1));
+            $DirectorConfigJson = $DirectorConfigJson.Replace('$ifw.hostname.toupper$', (Get-IcingaHostname -AutoUseHostname 1 -UpperCase 1));
+            $DirectorConfigJson = $DirectorConfigJson.Replace('$ifw.hostname$', (Get-IcingaHostname -AutoUseHostname 1));
+            $DirectorConfigJson = $DirectorConfigJson.Replace('$ifw.hostfqdn.tolower$', (Get-IcingaHostname -AutoUseFQDN 1 -LowerCase 1));
+            $DirectorConfigJson = $DirectorConfigJson.Replace('$ifw.hostfqdn.toupper$', (Get-IcingaHostname -AutoUseFQDN 1 -UpperCase 1));
+            $DirectorConfigJson = $DirectorConfigJson.Replace('$ifw.hostfqdn$', (Get-IcingaHostname -AutoUseFQDN 1));
+         } catch {
+            # Fallback to default
+            Write-IcingaConsosoleError 'Failed to deserialize your custom Icinga Director Self-Service configuration. Using Icinga for Windows defaults.'
+            $DirectorConfigJson = [string]::Format('{{ "address": "{0}" }}', $Interface);
+        }
+    }
 
     $EndpointUrl = Join-WebPath -Path $DirectorUrl -ChildPath ([string]::Format('/self-service/register-host?name={0}&key={1}', $Hostname, $ApiKey));
 

lib/core/icingaagent/writers/Write-IcingaAgentApiConfig.psm1

@@ -1,7 +1,8 @@
 function Write-IcingaAgentApiConfig()
 {
-    param(
-        [int]$Port = 5665
+    param (
+        [int]$Port          = 5665,
+        [string]$CipherList = $null
     );
 
     [string]$ApiConf = '';
@@ -11,6 +12,9 @@ function Write-IcingaAgentApiConfig()
     $ApiConf = [string]::Format('{0}    accept_config = true;{1}', $ApiConf, "`r`n");
     $ApiConf = [string]::Format('{0}    bind_host = "::";{1}', $ApiConf, "`r`n");
     $ApiConf = [string]::Format('{0}    bind_port = {1};{2}', $ApiConf, $Port, "`r`n");
+    if ([string]::IsNullOrEmpty($CipherList) -eq $FALSE) {
+        $ApiConf = [string]::Format('{0}    cipher_list = "{1}";{2}', $ApiConf, $CipherList, "`r`n");
+    }
     $ApiConf = [string]::Format('{0}{1}{2}{2}', $ApiConf, '}', "`r`n");
 
     $ApiConf = $ApiConf.Substring(0, $ApiConf.Length - 4);

lib/core/installer/Install-Icinga.psm1

@@ -1,45 +1,55 @@
 function Install-Icinga()
 {
     param (
-        [string]$InstallCommand = $null,
-        [string]$InstallFile    = ''
+        [string]$InstallCommand  = $null,
+        [string]$InstallFile     = '',
+        [switch]$NoSSLValidation = $FALSE
     );
 
     if ($null -eq $global:Icinga) {
         $global:Icinga = @{ };
     }
 
+    # Always ensure we use the proper TLS Version
+    Set-IcingaTLSVersion;
+
+    # Ignore SSL validation in case we set the flag
+    if ($NoSSLValidation) {
+        Enable-IcingaUntrustedCertificateValidation;
+    }
+
     if ($global:Icinga.ContainsKey('InstallWizard') -eq $FALSE) {
         $global:Icinga.Add(
             'InstallWizard', @{
-                'AdminShell'             = (Test-AdministrativeShell);
-                'LastInput'              = '';
-                'LastNotice'             = '';
-                'LastWarning'            = @();
-                'LastError'              = @();
-                'DirectorError'          = '';
-                'HeaderPreview'          = '';
-                'DirectorSelfService'    = $FALSE;
-                'DirectorRegisteredHost' = $FALSE;
-                'DirectorInstallError'   = $FALSE;
-                'LastParent'             = [System.Collections.ArrayList]@();
-                'LastValues'             = @();
-                'DisabledEntries'        = @{ };
-                'Config'                 = @{ };
-                'ConfigSwap'             = @{ };
-                'ParentConfig'           = $null;
-                'Menu'                   = 'Install-Icinga';
-                'NextCommand'            = '';
-                'NextArguments'          = $null;
-                'HeaderSelection'        = $null;
-                'DisplayAdvanced'        = $FALSE;
-                'ShowAdvanced'           = $FALSE;
-                'ShowHelp'               = $FALSE;
-                'ShowCommand'            = $FALSE;
-                'DeleteValues'           = $FALSE;
-                'HeaderPrint'            = $FALSE;
-                'JumpToSummary'          = $FALSE;
-                'Closing'                = $FALSE;
+                'AdminShell'                = (Test-AdministrativeShell);
+                'LastInput'                 = '';
+                'LastNotice'                = '';
+                'LastWarning'               = @();
+                'LastError'                 = @();
+                'DirectorError'             = '';
+                'HeaderPreview'             = '';
+                'DirectorSelfServiceConfig' = $null;
+                'DirectorSelfService'       = $FALSE;
+                'DirectorRegisteredHost'    = $FALSE;
+                'DirectorInstallError'      = $FALSE;
+                'LastParent'                = [System.Collections.ArrayList]@();
+                'LastValues'                = @();
+                'DisabledEntries'           = @{ };
+                'Config'                    = @{ };
+                'ConfigSwap'                = @{ };
+                'ParentConfig'              = $null;
+                'Menu'                      = 'Install-Icinga';
+                'NextCommand'               = '';
+                'NextArguments'             = $null;
+                'HeaderSelection'           = $null;
+                'DisplayAdvanced'           = $FALSE;
+                'ShowAdvanced'              = $FALSE;
+                'ShowHelp'                  = $FALSE;
+                'ShowCommand'               = $FALSE;
+                'DeleteValues'              = $FALSE;
+                'HeaderPrint'               = $FALSE;
+                'JumpToSummary'             = $FALSE;
+                'Closing'                   = $FALSE;
             }
         );
     } else {

lib/core/installer/menu/installation/AdvancedEntries.psm1

@@ -31,6 +31,7 @@ function Add-IcingaForWindowsInstallationAdvancedEntries()
     Show-IcingaForWindowsInstallationMenuEnterIcingaCAServer -Automated -Advanced;
     Show-IcingaForWindowsInstallerMenuSelectInstallApiChecks -Automated -Advanced;
     Show-IcingaForWindowsInstallerMenuSelectServiceRecovery -Automated -Advanced;
+    Show-IcingaForWindowsManagementConsoleInstallationEnterDirectorSelfServiceConfig -Automated -Advanced;
 
     Enable-IcingaFrameworkConsoleOutput;
 

lib/core/installer/menu/installation/director/SelfServiceConfig.psm1

@@ -0,0 +1,65 @@
+function Show-IcingaForWindowsManagementConsoleInstallationEnterDirectorSelfServiceConfig()
+{
+    param (
+        [array]$Value          = @(),
+        [string]$DefaultInput  = 'c',
+        [switch]$JumpToSummary = $FALSE,
+        [switch]$Automated     = $FALSE,
+        [switch]$Advanced      = $FALSE
+    );
+
+    # Ensure we simply set the global variable for the Config in case we run in automation mode
+    if ($Automated) {
+        if ($null -ne $Value -And $null -ne $Value[0]) {
+            $Global:Icinga.InstallWizard.DirectorSelfServiceConfig = ConvertFrom-Json -InputObject $Value[0] -ErrorAction Stop;
+            return;
+        }
+    }
+
+    # Set the default if no value ist set
+    if ($Value -IsNot [array] -Or $null -eq $Value -or $Value.Count -eq 0) {
+        $Value.Clear();
+        if ($null -eq $Global:Icinga.InstallWizard.DirectorSelfServiceConfig) {
+            $Value += '{ "address": "$ifw.hostaddress$" }';
+        } else {
+            $Value += ConvertTo-Json -InputObject $Global:Icinga.InstallWizard.DirectorSelfServiceConfig -Depth 100 -Compress;
+        }
+    }
+
+    Show-IcingaForWindowsInstallerMenu `
+        -Header 'You can update the Icinga Director Self-Service config in this section. USE WITH CARE!' `
+        -Entries @(
+            @{
+                'Command' = 'Show-IcingaForWindowsInstallerConfigurationSummary';
+                'Help'    = 'This is the configuration JSON-Object for the Icinga Director Self-Service API. You can set a custom IP-Address or define the display name of an object with "display_name" as key. Use this methid with caution! Not all configuration elements in general possible are accessible by using the Self-Service keys.';
+            }
+        ) `
+        -DefaultIndex $DefaultInput `
+        -AddConfig `
+        -ConfigLimit 1 `
+        -DefaultValues @( $Value ) `
+        -MandatoryValue `
+        -JumpToSummary:$JumpToSummary `
+        -ConfigElement `
+        -Automated:$Automated `
+        -Advanced:$Advanced;
+
+    # Fetch the current JSON-String inserted by the user
+    [string]$ConfigString = Get-IcingaForWindowsInstallerValuesFromStep;
+
+    if ([string]::IsNullOrEmpty($ConfigString) -eq $FALSE) {
+        try {
+            # Validate that our JSON is correct
+            $Global:Icinga.InstallWizard.DirectorSelfServiceConfig = ConvertFrom-Json -InputObject $ConfigString -ErrorAction Stop;
+        } catch {
+            # Set some defaults to ensure we don't break the installer
+            Write-IcingaConsoleError ([string]::Format('The provided Icinga Director Self Service configuration "{0}" does not appear to be a valid JSON-String. E.g.: {{ "address": "$ifw.hostaddress$" }} without leading and ending "" before and after {{ }}', $ConfigString));
+            $Global:Icinga.InstallWizard.DirectorSelfServiceConfig = $null;
+            Set-IcingaForWindowsInstallerValuesFromStep -Values @( '{ }' );
+        }
+    } else {
+        $Global:Icinga.InstallWizard.DirectorSelfServiceConfig = $null;
+    }
+}
+
+Set-Alias -Name 'IfW-DirectorSelfServiceConfig' -Value 'Show-IcingaForWindowsManagementConsoleInstallationEnterDirectorSelfServiceConfig';