• State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 60 subscribers
  • Views 4107 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Modify Credential Resource Mapping with a script.

aaron.glover
over 5 years ago

Hi, I am trying to automate the creation of agents to monitor Linux servers. I have a script that runs external to foglight, that gets a list of all the servers, then compares it to all the agents already running, and if there is a server with out an agent, it calls the rest api to run a script to create the agent and set the agent properties. It then does another rest api call to run a script that activates the agent. This part work, but then the agent shuts itself down, and has the below errors in the logs.

Unable to connect to host "XXX.XX.XXX.XXX"
com.quest.glue.api.services.NoCredentialsException: No credentials were provided to establish a connection to host XXX.XX.XXX.XXX

I think this means it is not picking up the credentials. So I manually edited the resource mapping in the credentials to include the ip address of some of the servers, and the agent for those started working. I am now trying to write a script internal to foglight that will edit the resource mapping of the credential, with the intent of running it through the rest api, and passing it the ip that needs to be added. I have tried sever things with out any luck. It seems like I need to be able to get the object of the credential I want to modify, but I am don't know how to do that. It seems like I should be using the methods in the CredentialDataAccessService CredentialDataQuery interfaces but I can't get them to work. Below is how is seems to me is should be laid out to get the creds, but I can not get it to work.

CredentialDataAccessService.createRequesterInfo()
CredentialDataAccessService.createQuery(RequesterInfo clientInfo)
CredentialDataQuery.setSourceAddress(java.net.InetAddress address)
CredentialDataAccessService.executeQuery(CredentialDataQuery query)

I think if I can get those working I should have the object for the credentials right? I should then be able to use other methods that require the credentials id. How do I do this? Am I even going about is the right way?

Parents
  • +1 over 5 years ago in reply to breavehao

    Below is the script that seems to be working for this, but be warned, it is not thoroughly tested yet.

    ipAddress = 'XXX.XXX.XXX.XXX'
    svcAccount = "Credential Name"
    credMan = server.CredentialManagementService
    credsQuery = credMan.createProtectedCredentialQuery()
    credList = server.CredentialManagementService.listCredentials(credsQuery)

    /*Getting ID of Credential to be edited*/
    credList.each{
    credName = "$it.name"
    if(credName == svcAccount){
    credId = "$it.credentialId"
    }
    }

    /*Getting Credential Object to be edited*/
    cred = credMan.getCredential(credId)

    /*Getting Resource Mapping Object of the Credential*/
    map = server.CredentialManagementService.getResourceMapping(cred)

    /*Getting Records of the Resource Mapping*/
    recordsList = map.getMappingRecords()

    /*Checking if IP Address already exist in the Credential. If IP Address is found, end the script*/
    for (record in recordsList){

    for(condition in record.conditions){

    if(condition.field.id == "target.host.address"){

    for(conIp in condition.modelValue){

    if(conIp == ipAddress){
    println(ipAddress + " Found in Credential, Exiting Script")
    return
    }
    }
    }
    }
    }

    /*Getting the Lockbox of that contains the Credential (This was only tested with the System Lockbox)*/
    lockbox = credMan.getLockbox(cred.lockboxId.toString())

    /*Creating a Credential Editor*/
    credEditor = credMan.createCredentialEditor(lockbox)

    /*Adding a new Mapping Record to the Credential*/
    newRecord = map.addResourceMappingRecord()

    /*Setting Condition Type to STRING_EXACT_MATCH as a ResourceMappingConditionType*/
    com.quest.nitro.service.sl.interfaces.credentials.mapping.ResourceMappingConditionType conditionType = "STRING_EXACT_MATCH"

    /*Looping through the available fields the Resource Mapping Object to find the fields purpose and target.host.address*/
    map.fields.eachWithIndex{ it, index ->
    /*When purpose is found, add a new condition to the new Mapping record for UnixOS*/
    /*When target.host.address is found, add a new condition to the new Mapping record for IP Address*/
    if("$it.id" == "purpose") {
    index = "$index".toInteger()
    newCond1 = newRecord.addCondition(map.fields[index], conditionType)
    newCond1.modelValue = ['UnixOS']
    } else if("$it.id" == "target.host.address") {
    index = "$index".toInteger()
    newCond2 = newRecord.addCondition(map.fields[index], conditionType)
    newCond2.modelValue = [ipAddress]
    }
    }

    /*Apply and Commit Update to the Credential*/
    credentialUpdate= credEditor.beginUpdate(cred)
    credMan.updateResourceMapping(map)
    credEditor.endUpdate(credentialUpdate)

Reply
  • +1 over 5 years ago in reply to breavehao

    Below is the script that seems to be working for this, but be warned, it is not thoroughly tested yet.

    ipAddress = 'XXX.XXX.XXX.XXX'
    svcAccount = "Credential Name"
    credMan = server.CredentialManagementService
    credsQuery = credMan.createProtectedCredentialQuery()
    credList = server.CredentialManagementService.listCredentials(credsQuery)

    /*Getting ID of Credential to be edited*/
    credList.each{
    credName = "$it.name"
    if(credName == svcAccount){
    credId = "$it.credentialId"
    }
    }

    /*Getting Credential Object to be edited*/
    cred = credMan.getCredential(credId)

    /*Getting Resource Mapping Object of the Credential*/
    map = server.CredentialManagementService.getResourceMapping(cred)

    /*Getting Records of the Resource Mapping*/
    recordsList = map.getMappingRecords()

    /*Checking if IP Address already exist in the Credential. If IP Address is found, end the script*/
    for (record in recordsList){

    for(condition in record.conditions){

    if(condition.field.id == "target.host.address"){

    for(conIp in condition.modelValue){

    if(conIp == ipAddress){
    println(ipAddress + " Found in Credential, Exiting Script")
    return
    }
    }
    }
    }
    }

    /*Getting the Lockbox of that contains the Credential (This was only tested with the System Lockbox)*/
    lockbox = credMan.getLockbox(cred.lockboxId.toString())

    /*Creating a Credential Editor*/
    credEditor = credMan.createCredentialEditor(lockbox)

    /*Adding a new Mapping Record to the Credential*/
    newRecord = map.addResourceMappingRecord()

    /*Setting Condition Type to STRING_EXACT_MATCH as a ResourceMappingConditionType*/
    com.quest.nitro.service.sl.interfaces.credentials.mapping.ResourceMappingConditionType conditionType = "STRING_EXACT_MATCH"

    /*Looping through the available fields the Resource Mapping Object to find the fields purpose and target.host.address*/
    map.fields.eachWithIndex{ it, index ->
    /*When purpose is found, add a new condition to the new Mapping record for UnixOS*/
    /*When target.host.address is found, add a new condition to the new Mapping record for IP Address*/
    if("$it.id" == "purpose") {
    index = "$index".toInteger()
    newCond1 = newRecord.addCondition(map.fields[index], conditionType)
    newCond1.modelValue = ['UnixOS']
    } else if("$it.id" == "target.host.address") {
    index = "$index".toInteger()
    newCond2 = newRecord.addCondition(map.fields[index], conditionType)
    newCond2.modelValue = [ipAddress]
    }
    }

    /*Apply and Commit Update to the Credential*/
    credentialUpdate= credEditor.beginUpdate(cred)
    credMan.updateResourceMapping(map)
    credEditor.endUpdate(credentialUpdate)

Children
No Data