function psfivecerthandler
    if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
    $certCallback = @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
        public static void Ignore()
            if(ServicePointManager.ServerCertificateValidationCallback ==null)
                ServicePointManager.ServerCertificateValidationCallback +=
                        Object obj,
                        X509Certificate certificate,
                        X509Chain chain,
                        SslPolicyErrors errors
                        return true;

    Add-Type $certCallback
    # ensure TLS12 is in use. We set it back when disconnect-act is run
    $env:CUR_PROTS = [System.Net.ServicePointManager]::SecurityProtocol
    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

function Connect-AGM
    Connects to AGM to create a Session ID
    The Connect-AGM connects to AGM to get a session ID to use on all subsequent calls
    Written by Anthony Vandewerdt
    Connect-AGM -agmip -agmuser admin
    This will connect to AGM with a username of "admin" to the IP address
    The prompt will request a secure password.
    Connect-AGM -agmip -agmuser admin -i
    This will connect to AGM with a username of "admin" to the IP address
    The prompt will securely request a password.
    Because -i is specified certificate validation of the AGM is ignored
    Connect-AGM -agmip -agmuser admin -passwordfile av.key
    This will connect to AGM with a username of "admin" to the IP address
    The password will be provided by using a previously created password file using Save-AGMPassword
    Connect-AGM -agmip -agmuser -oauth2ClientId
    Connects to a Google Cloud Backup and DR Management Console. The key difference is that rather than a password, an oauth2ClientId is specified instead

    Param([String]$agmip,[String]$agmuser,[String]$agmpassword,[String]$oauth2ClientId,[String]$passwordfile,[switch][alias("q")]$quiet, [switch][alias("p")]$printsession,[switch][alias("i")]$ignorecerts,[int]$actmaxapilimit,[int]$agmtimeout)

    # max objects returned will be unlimited. Otherwise user can supply a limit
    if (!($agmmaxapilimit))
        $agmmaxapilimit = 0
    $GLOBAL:agmmaxapilimit = $agmmaxapilimit

    if (!($agmip))
    $agmip = Read-Host "IP or Name of AGM"

    if (!($agmuser))
    $agmuser = Read-Host "AGM user"

    if (!($agmtimeout))
        [int]$agmtimeout = 300

    if ((!($agmpassword)) -and (!($passwordfile)) -and (!($oauth2ClientId)))
        if ($agmip | select-string "backupdr")
            $oauth2ClientId = Read-Host "oauth2ClientId"

    # based on the action, do the right thing.
    if ( $certaction -eq "i" -or $certaction -eq "I" )
        $hostVersionInfo = (get-host).Version.Major
        if ( $hostVersionInfo -lt "6" )
            # set IGNOREAGMCERTS so that we ignore self-signed certs
            $GLOBAL:IGNOREAGMCERTS = "y"

    # OATH handling
    if ($oauth2ClientId)
        # first we get a token
        $Url = "$agmuser" +":generateIdToken"
        $body = '{"audience": "' +$oauth2ClientId +'", "includeEmail":"true"}'
        $RestError = $null
            $resp = Invoke-RestMethod -Method POST -Headers @{ Authorization = "Bearer $(gcloud auth print-access-token)" }  -body $body -ContentType "application/json" -Uri $url
            $RestError = $_
        if ($RestError)
            $loginfailedsniff = Test-AGMJSON $RestError
        elseif ($resp.token)
            $token = $resp.token
            Get-AGMErrorMessage -messagetoprint "Failed to get a token"
        # now we get a sessionID

        $Url = "https://" +$agmip +"/actifio/session"
            $resp = Invoke-RestMethod -Method POST -Headers @{ Authorization = "Bearer $token" } -Uri $Url
            $RestError = $_
        if ($RestError)
            $loginfailedsniff = Test-AGMJSON $RestError
        elseif ($
            $GLOBAL:AGMSESSIONID = $
            $GLOBAL:AGMIP = $agmip
            $GLOBAL:AGMTimezone = "local"
            $GLOBAL:AGMToken = $token
            $GLOBAL:AGMTIMEOUT = $agmtimeout
            if ($quiet)
            elseif ($printsession)
                Write-Host "$agmsessionid"
                Write-Host "Login Successful!"
            Get-AGMErrorMessage -messagetoprint "Failed to get a sessionid"

    # start 10.x AGM from below
    if ($ignorecerts)
        $hostVersionInfo = (get-host).Version.Major
        if ( $hostVersionInfo -lt "6" )
            $GLOBAL:IGNOREAGMCERTS = "y"
            $resp = Invoke-RestMethod -Uri https://$agmip -TimeoutSec 60
            $RestError = $_
        if ($RestError -like "The operation was canceled.")
            Get-AGMErrorMessage -messagetoprint "No response was received from $agmip after $agmtimeout seconds"
        elseif ($RestError -like "Connection refused")
            Get-AGMErrorMessage -messagetoprint "Connection refused received from $agmip"
        elseif ($RestError)
            Write-Host -ForeGroundColor Yellow "The SSL certificate from https://$agmip is not trusted. Please choose one of the following options";
            Write-Host -ForeGroundColor Yellow "(I)gnore & continue";
            Write-Host -ForeGroundColor Yellow "(C)ancel";
            $validresp = ("i", "I", "c", "C");
            $certaction = $null

            # prompt until we get a proper response.
            while ( $validresp.Contains($certaction) -eq $false )
                $certaction = Read-Host "Please select an option";
            # based on the action, do the right thing.
            if ( $certaction -eq "i" -or $certaction -eq "I" )
                $hostVersionInfo = (get-host).Version.Major
                if ( $hostVersionInfo -lt "6" )
                    $GLOBAL:IGNOREAGMCERTS = "y"
            elseif ( $certaction -eq "c" -or $certaction -eq "C" )
                # just exit

    if (!($passwordfile))
        if (!($agmpassword))
            # prompt for a password
            [SecureString]$passwordenc = Read-Host -AsSecureString "Password";
            [SecureString]$passwordenc = (ConvertTo-SecureString $agmpassword -AsPlainText -Force)
        # if the password file provided is relative or absolute doesn't matter. Test for it first
        if ( Test-Path $passwordfile )
            [SecureString]$passwordenc = Get-Content $passwordfile | ConvertTo-SecureString;
            Get-AGMErrorMessage -messagetoprint "Password file: $passwordfile could not be opened."

    $Url = "https://$agmip/actifio/session"
    $creds = New-Object System.Management.Automation.PSCredential ("$agmuser", $passwordenc)

    $RestError = $null
        $hostVersionInfo = (get-host).Version.Major
        if ( $hostVersionInfo -lt "6" )
            $resp = Invoke-RestMethod -Method POST -Uri $Url -Credential $creds -TimeoutSec 60
            $resp = Invoke-RestMethod -SkipCertificateCheck -Method POST -Uri $Url -Credential $creds -TimeoutSec 60
        $RestError = $_
    if ($RestError -like "The operation was canceled.")
        Get-AGMErrorMessage -messagetoprint "No response was received from $agmip after 60 seconds"
    elseif ($RestError -like "Connection refused")
        Get-AGMErrorMessage -messagetoprint "Connection refused received from $agmip"
    elseif ($RestError)
        $loginfailedsniff = Test-AGMJSON $RestError
        if ($loginfailedsniff.err_code -eq "10011")
            $agmerror = @()
            $agmerrorcol = "" | Select-Object err_code,errormessage
            [int]$agmerrorcol.err_code = "10011"
            $agmerrorcol.errormessage = "Login failed. Check your username and password."
            $agmerror = $agmerror + $agmerrorcol
        elseif ($loginfailedsniff.errorcode -eq "10017")
            $agmerror = @()
            $agmerrorcol = "" | Select-Object err_code,errormessage
            [int]$agmerrorcol.err_code = "10017"
            $agmerrorcol.errormessage = "Login failed. You appear to be logging into a VDP Appliance, rather than an AGM."
            $agmerror = $agmerror + $agmerrorcol
        $GLOBAL:AGMSESSIONID = $resp.session_id
        $GLOBAL:AGMIP = $agmip
        $GLOBAL:AGMTimezone = "local"
        $GLOBAL:AGMTIMEOUT = $agmtimeout
        if ($quiet)
        elseif ($printsession)
            Write-Host "$agmsessionid"
            Write-Host "Login Successful!"

function Disconnect-AGM
    Connects to AGM to delete a Session ID
    The Disconnect-AGM connects to AGM to delete a session ID
    Written by Anthony Vandewerdt


    if ( (!($AGMSESSIONID)) -or (!($AGMIP)) )
        Get-AGMErrorMessage -messagetoprint "Not logged in or session expired. Please login using Connect-AGM"
    $RestError = $null
            $resp = Invoke-RestMethod -Method DELETE -SkipCertificateCheck -Headers @{ Authorization = "Actifio $AGMSESSIONID" } -Uri "https://$AGMIP/actifio/session/$AGMSESSIONID"
            if ($AGMToken)
                $resp = Invoke-RestMethod -Method DELETE -Headers @{ Authorization = "Bearer $AGMToken"; "backupdr-management-session" = "Actifio $AGMSESSIONID" } -Uri "https://$AGMIP/actifio/session/$AGMSESSIONID"
                $resp = Invoke-RestMethod -Method DELETE -Headers @{ Authorization = "Actifio $AGMSESSIONID" } -Uri "https://$AGMIP/actifio/session/$AGMSESSIONID"
        $RestError = $_
    if ($RestError) 
        Test-AGMJSON "$RestError"
        if ($quiet)
            $GLOBAL:AGMSESSIONID = ""
        elseif ($printsession) 
            Write-Host "Successfully deleted session ID $AGMSESSIONID"   
            $GLOBAL:AGMSESSIONID = ""
            Write-Host "Success!"   
            $GLOBAL:AGMSESSIONID = ""

Function Save-AGMPassword([string]$filename,[string]$password)
    Save credentials so that scripting is easy and interactive login is no longer needed.
    Save-AGMPassword -filename admin-pass.key
    Save the password for use later.
    Save-AGMPassword -filename ./5b-admin-pass -password "passw0rd"
    Save the specified plaintext password to the specified file name
    Store the credentials in a file which can be used to login to AGM.
    Providing a AGM IP and a AGM User will prompt for a password which will then be
    stored in the file location provided.
    To change the credentials, simply re-run the cmdlet.
    .PARAMETER filename
    Required. Absolute or relative location where the file should be saved.
    example: .\actpass
    example: C:\Users\admin\actpass

    # if no file is provided, prompt for one
    if (!($filename))
        $filename = Read-Host "Filename";

    # if the filename already exists. don't overwrite it. error and exit.
    if ( Test-Path $filename ) 
        Get-AGMErrorMessage -messagetoprint "The file: $filename already exists. Please delete it first.";

    # prompt for password
    if (!($password))
        $passwordenc = Read-Host -AsSecureString "Password"
        $passwordenc | ConvertFrom-SecureString | Out-File $filename
        $passwordenc = $password | ConvertTo-SecureString -AsPlainText -Force
        $passwordenc | ConvertFrom-SecureString | Out-File $filename

    if ( $? )
        write-host "Password saved to $filename."
        write-host "You may now use -passwordfile with Connect-AGM to provide a saved password file."
        Get-AGMErrorMessage -messagetoprint "An error occurred in saving the password";

# offer a way to limit the maximum number of results in a single lookup
function Set-AGMAPILimit([Parameter(Mandatory = $true)]
[ValidateRange(0, [int]::MaxValue)][int]$userapilimit )
    Offers a way to globally limit the number of objects returned by any API get request.
    The AGM GUI by default displays a fixed number of objects per page, limiting the amount of data fetched when a page is displayed.
    By default the PowerShell module will get every object available for the Get being used, unless the user specifies a limit with that get command.
    For object types like job history this can result in possibly millions of objects (jobs) being returned.
    So if you are exploring the API then setting a global limit can allow you to issue gets without concern about how many objects will be fetched.
    Written by Anthony Vandewerdt
    Set-AGMAPILimit 10
    This means that every Get command supplied by the base module will only return 10 objects maxium, unless the -limit option is used
    Set-AGMAPILimit 0
    This resets the global limit to 0 which is unlimited, meaning AGM will return every object that it has for the relevant Get.

    $GLOBAL:agmmaxapilimit = $userapilimit

function Get-AGMAPILimit

# offer a way to control timezone used in output. By default we use User local time for all data
function Set-AGMTimeZoneHandling ([switch][alias("l")]$local,[switch][alias("u")]$utc)
    Offers a way to change which timezone timestamps are shown in.
    By default the PowerShell module shows all timestamp in the local timezone of the powershell session.
    You can validate which timezone that is with: Get-TimeZone
    You can validate whether the AGM Module is using local or UTC with: Get-AGMTimeZoneHandling
    Written by Anthony Vandewerdt
    Set-AGMTimeZoneHandling -l
    Show all timestamps in the local timezone of the PowerShell session.
    Set-AGMTimeZoneHandling -u
    Show all timestamps in UTC (GMT).

    if ((!($local)) -and (!($utc)))
        Get-AGMErrorMessage -messagetoprint "Please specify either -local or -utc"

    if ($utc)
        $GLOBAL:AGMTimezone = "UTC"
    if ($local)
        $GLOBAL:AGMTimezone = "local"

function Get-AGMTimeZoneHandling 
    Offers a way to display how timezones are being handled.
    By default the PowerShell module shows all timestamp in the local timezone of the powershell session.
    You can validate which timezone that is with: Get-TimeZone
    You can change whether the AGM Module is using local or UTC with: Set-AGMTimeZoneHandling
    Written by Anthony Vandewerdt
    Show whether the AGM Module is using local or UTC

    if (($AGMTimezone -eq "local") -or (!($AGMTimezone)))
        $currentlocal = Get-TimeZone
        Write-Host "Currently timezone in use is local timezone which is $currentlocal"
        Write-Host "Currently timezone in use is $GLOBAL:AGMTimezone"

function Get-GoogleCloudBackupDRConsole ([string]$project,[string]$location)
    Displays details of Google Cloud Backup and DR Management Console
    The user needs to specify a project ID and region
    Written by Anthony Vandewerdt
    Get-GoogleCloudBackupDRConsole -project project1 -location asia-southeast1

    if (!($project))
        Get-AGMErrorMessage -messagetoprint "Please specify project with -project"
    if (!($location))
        Get-AGMErrorMessage -messagetoprint "Please specify -location"
        $resp = Invoke-RestMethod -Method GET -Headers @{ Authorization = "Bearer $(gcloud auth print-access-token)" } -Uri "$project/locations/$location/managementServers"
        $RestError = $_
    if ($RestError) 
        Test-AGMJSON "$RestError"
    elseif ($resp.managementServers)