Dune

1.0.4

Private/Invoke-DuneApiAuthCredential.ps1

                                <#

.SYNOPSIS

Authenticate to the Dune API using username and password credentials.

.DESCRIPTION

Posts credentials to the Dune auth endpoint and establishes a session with a web request session cookie. Uses `-SkipCertificateCheck` for Local instances. Stores the session in the script-scoped DuneSession variable.

.PARAMETER DuneInstance

The target Dune instance. Valid values: Prod, Dev, Test, Local.

.PARAMETER Tenant

The tenant name to authenticate against.

.PARAMETER Credential

A PSCredential object containing the username and password.

.EXAMPLE

PS> $cred = Get-Credential

PS> Invoke-DuneApiAuthCredential -DuneInstance Dev -Tenant "yendico" -Credential $cred

Authenticates with credentials against the Dev instance.

#>

function Invoke-DuneApiAuthCredential () {

    [CmdletBinding()]

    param (

        [Parameter(Mandatory)]

        [ValidateSet("Prod", "Dev","Test","Local")]

        [string]$DuneInstance,

        [Parameter(Mandatory)]

        [string]$Tenant,

        [Parameter(Mandatory)]

        [PSCredential]$Credential

    )

    $DuneApiUrl = Get-DuneApiUrl -DuneInstance $DuneInstance

    # Save websession/jwt/pass

    $AuthUrl = "{0}{1}" -f $DuneApiUrl, "/auth/credentials"

    $Headers = @{

        "Accept"       = "application/json"

        "Content-Type" = "application/json"

        "X-Tenant"     = $Tenant

    }

    Write-Debug "$($MyInvocation.MyCommand)|process|Getting new session ..."

    $UserName = $Credential.UserName

    if ($DuneInstance -eq 'Local') {

        $Response = Invoke-WebRequest -Uri $AuthUrl -Method POST -Headers $Headers -Body (@{UserName = $UserName; Password = (Get-PlainPasswordFromCredential -Credential $credential) } | ConvertTo-Json) -UseBasicParsing -SessionVariable AuthSession -SkipCertificateCheck #UseBasicParsing needed for Az Automation (otherwise internet explorer first launch errorappears) / SkipCertificateCheck not available on Azure

    }

    else {

        $Response = Invoke-WebRequest -Uri $AuthUrl -Method POST -Headers $Headers -Body (@{UserName = $UserName; Password = (Get-PlainPasswordFromCredential -Credential $credential) } | ConvertTo-Json) -UseBasicParsing -SessionVariable AuthSession #UseBasicParsing needed for Az Automation (otherwise internet explorer first launch errorappears) / SkipCertificateCheck not available on Azure

    }

    if ($Response.StatusCode -ne 200) {

        throw "Something went wrong with the web request ..."

    }

    if ($null -eq $AuthSession) {

        Write-Warning "AuthSession not returned"

    }

    else{

        Write-Verbose "Successfully established dune AuthSession"

    }

    # save auth info

    if ($AuthSession -and (-not $DuneSession.AuthSession)) {

        $Script:DuneSession = [PSCustomObject]@{

            Type         = 'Credential'

            DuneApiUrl   = $DuneApiUrl

            AuthSession  = $AuthSession

            SessionUser  = $UserName

            Tenant       = $Tenant

        }

    }

    else {

        Write-Warning "Skipped writing new DuneSession, as Session already exists" # workaround as AuthSession is not available on second invocation (on sequential workflow)

    }

}