Plugins/BlueCat.ps1

function Get-CurrentPluginType { 'dns-01' }

function Add-DnsTxt {
    [CmdletBinding(DefaultParameterSetName='Secure')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword','')]
    param(
        [Parameter(Mandatory, Position = 0)]
        [string]$RecordName,
        [Parameter(Mandatory, Position = 1)]
        [string]$TxtValue,
        [Parameter(ParameterSetName='Secure', Mandatory, Position = 2)]
        [pscredential]$BlueCatCredential,
        [Parameter(ParameterSetName='DeprecatedInsecure', Mandatory, Position = 2)]
        [string]$BlueCatUsername,
        [Parameter(ParameterSetName='DeprecatedInsecure', Mandatory, Position = 3)]
        [string]$BlueCatPassword,
        [Parameter(Mandatory)]
        [string]$BlueCatUri,
        [Parameter(Mandatory)]
        [string]$BlueCatConfig,
        [Parameter(Mandatory)]
        [string]$BlueCatView,
        [Parameter(Mandatory)]
        [string[]]$BlueCatDeployTargets,
        [Parameter(ValueFromRemainingArguments)]
        $ExtraParams
    )

    # Until PS Core gets New-WebServiceProxy, this will be a Desktop only plugin
    if (-not $PSVersionTable.PSEdition -or $PSVersionTable.PSEdition -ne "Desktop") {
        throw "The BlueCat plugin requires Windows PowerShell and is not supported on PowerShell Core."
    }

    # extract the plain text credentials
    if ('Secure' -eq $PSCmdlet.ParameterSetName) {
        $BlueCatUsername = $BlueCatCredential.UserName
        $BlueCatPassword = $BlueCatCredential.GetNetworkCredential().Password
    }

    $proxy = Get-BlueCatWsdlProxy -Username $BlueCatUsername -Password $BlueCatPassword -Uri $BlueCatUri
    $view = Get-View -ConfigurationName $BlueCatConfig -ViewName $BlueCatView -BlueCatProxy $proxy
    $parentZone = Get-ParentZone -AbsoluteName $RecordName -ViewId $view.id -BlueCatProxy $proxy
    $props = HashtableToString -Hashtable @{parentZoneName = $parentZone.absoluteName}
    $proxy.addTxtRecord($view.id, $RecordName, $TxtValue, -1, $props)

    <#
    .SYNOPSIS
        Add a DNS TXT record to BlueCat.

    .DESCRIPTION
        Use the BAM API to add a TXT record.

    .PARAMETER RecordName
        The fully qualified name of the TXT record.

    .PARAMETER TxtValue
        The value of the TXT record.

    .PARAMETER BlueCatCredential
        BlueCat Username and Password.

    .PARAMETER BlueCatUsername
        (DEPRECATED) BlueCat Username.

    .PARAMETER BlueCatPassword
        (DEPRECATED) BlueCat Password.

    .PARAMETER BlueCatUri
        BlueCat API uri.

    .PARAMETER BlueCatConfig
        BlueCat Configuration name.

    .PARAMETER BlueCatView
        BlueCat DNS View name.

    .PARAMETER BlueCatDeployTargets
        List of BlueCat servers to deploy.

    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.

    .EXAMPLE
        $cred = Get-Credential
        Add-DnsTxt '_acme-challenge.example.com' 'txt-value' -BlueCatCredential $cred -BlueCatUri 'https://FQDN//Services/API' -BlueCatConfig 'foobar' -BlueCatView 'foobaz'

        Adds a TXT record for the specified site with the specified value.
    #>

}

function Remove-DnsTxt {
    [CmdletBinding(DefaultParameterSetName='Secure')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword','')]
    param(
        [Parameter(Mandatory, Position = 0)]
        [string]$RecordName,
        [Parameter(Mandatory, Position = 1)]
        [string]$TxtValue,
        [Parameter(ParameterSetName='Secure', Mandatory, Position = 2)]
        [pscredential]$BlueCatCredential,
        [Parameter(ParameterSetName='DeprecatedInsecure', Mandatory, Position = 2)]
        [string]$BlueCatUsername,
        [Parameter(ParameterSetName='DeprecatedInsecure', Mandatory, Position = 3)]
        [string]$BlueCatPassword,
        [Parameter(Mandatory)]
        [string]$BlueCatUri,
        [Parameter(Mandatory)]
        [string]$BlueCatConfig,
        [Parameter(Mandatory)]
        [string]$BlueCatView,
        [Parameter(Mandatory)]
        [string[]]$BlueCatDeployTargets,
        [Parameter(ValueFromRemainingArguments)]
        $ExtraParams
    )

    # Until PS Core gets New-WebServiceProxy, this will be a Desktop only plugin
    if (-not $PSVersionTable.PSEdition -or $PSVersionTable.PSEdition -ne "Desktop") {
        throw "The BlueCat plugin requires Windows PowerShell and is not supported on PowerShell Core."
    }

    # extract the plain text credentials
    if ('Secure' -eq $PSCmdlet.ParameterSetName) {
        $BlueCatUsername = $BlueCatCredential.UserName
        $BlueCatPassword = $BlueCatCredential.GetNetworkCredential().Password
    }

    $proxy = Get-BlueCatWsdlProxy -Username $BlueCatUsername -Password $BlueCatPassword -Uri $BlueCatUri
    $view = Get-View -ConfigurationName $BlueCatConfig -ViewName $BlueCatView -BlueCatProxy $proxy
    $parentZone = Get-ParentZone -AbsoluteName $RecordName -ViewId $view.id -BlueCatProxy $proxy
    $txtRecordName = $RecordName -ireplace "\.?$([regex]::Escape($parentZone.absoluteName.TrimEnd('.')))$",''
    $txtRecords = $proxy.getEntitiesByName($parentZone.id, $txtRecordName, "TXTRecord", 0, [int16]::MaxValue)
    $txtRecords = $txtRecords | ForEach-Object { (ConvertPSObjectToHashtable -InputObject $_) + (StringToHashtable -String $_.properties) }
    $txtRecord = $txtRecords | Where-Object { $_.txt -eq $TxtValue }
    if (!$txtRecord.name) {
        throw ("No text record found!")
    }
    $proxy.delete($txtRecord.id)

    <#
    .SYNOPSIS
        Remove a DNS TXT record from BlueCat.

    .DESCRIPTION
        Use the BAM API to remove a TXT record.

    .PARAMETER RecordName
        The fully qualified name of the TXT record.

    .PARAMETER TxtValue
        The value of the TXT record.

    .PARAMETER BlueCatCredential
        BlueCat Username and Password.

    .PARAMETER BlueCatUsername
        (DEPRECATED) BlueCat Username.

    .PARAMETER BlueCatPassword
        (DEPRECATED) BlueCat Password.

    .PARAMETER BlueCatUri
        BlueCat API uri.

    .PARAMETER BlueCatConfig
        BlueCat Configuration name.

    .PARAMETER BlueCatView
        BlueCat DNS View name.

    .PARAMETER BlueCatDeployTargets
        List of BlueCat servers to deploy.

    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.

    .EXAMPLE
        $cred = Get-Credential
        Remove-DnsTxt '_acme-challenge.example.com' 'txt-value' -BlueCatCredential $cred -BlueCatUri 'https://FQDN//Services/API' -BlueCatConfig 'foobar' -BlueCatView 'foobaz'

        Removes a TXT record for the specified site with the specified value.
    #>

}

function Save-DnsTxt {
    [CmdletBinding(DefaultParameterSetName='Secure')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword','')]
    param(
        [Parameter(ParameterSetName='Secure', Mandatory, Position = 2)]
        [pscredential]$BlueCatCredential,
        [Parameter(ParameterSetName='DeprecatedInsecure', Mandatory, Position = 2)]
        [string]$BlueCatUsername,
        [Parameter(ParameterSetName='DeprecatedInsecure', Mandatory, Position = 3)]
        [string]$BlueCatPassword,
        [Parameter(Mandatory)]
        [string]$BlueCatUri,
        [Parameter(Mandatory)]
        [string]$BlueCatConfig,
        [Parameter(Mandatory)]
        [string]$BlueCatView,
        [Parameter(Mandatory)]
        [string[]]$BlueCatDeployTargets,
        [Parameter(ValueFromRemainingArguments)]
        $ExtraParams
    )

    # Until PS Core gets New-WebServiceProxy, this will be a Desktop only plugin
    if (-not $PSVersionTable.PSEdition -or $PSVersionTable.PSEdition -ne "Desktop") {
        throw "The BlueCat plugin requires Windows PowerShell and is not supported on PowerShell Core."
    }

    # extract the plain text credentials
    if ('Secure' -eq $PSCmdlet.ParameterSetName) {
        $BlueCatUsername = $BlueCatCredential.UserName
        $BlueCatPassword = $BlueCatCredential.GetNetworkCredential().Password
    }

    $proxy = Get-BlueCatWsdlProxy -Username $BlueCatUsername -Password $BlueCatPassword -Uri $BlueCatUri
    $config = $proxy.getEntityByName(0, $BlueCatConfig, "Configuration")
    Foreach ($ServerFQDN in $BlueCatDeployTargets) {
        $server = $proxy.getEntityByName($config.id, $ServerFQDN, "Server")
        $props = HashtableToString -Hashtable @{"services" = "DNS"}
        $proxy.deployServerConfig($server.id, $props)
    }

    <#
    .SYNOPSIS
        Deploy BlueCat changes to server(s).

    .DESCRIPTION
        Use the BAM API to deploy DNS changes.

    .PARAMETER BlueCatCredential
        BlueCat Username and Password.

    .PARAMETER BlueCatUsername
        (DEPRECATED) BlueCat Username.

    .PARAMETER BlueCatPassword
        (DEPRECATED) BlueCat Password.

    .PARAMETER BlueCatUri
        BlueCat API uri.

    .PARAMETER BlueCatConfig
        BlueCat Configuration name.

    .PARAMETER BlueCatView
        BlueCat DNS View name.

    .PARAMETER BlueCatDeployTargets
        List of BlueCat servers to deploy.

    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.

    .EXAMPLE
        Save-DnsTxt -BlueCatUsername 'xxxxxxxx' -BlueCatPassword 'xxxxxxxx' `
        -BlueCatUri 'https://FQDN//Services/API' -BlueCatConfig 'foobar' -BlueCatDeployTargets @('FQDN1', 'FQDN2', 'FQDN3')
    #>

}

############################
# Helper Functions
############################

function Get-BlueCatWsdlProxy {
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword','')]
    param(
        [Parameter(Mandatory)]
        [String]$Username,
        [Parameter(Mandatory)]
        [String]$Password,
        [Parameter(Mandatory)]
        [String]$Uri
    )
    $wsdlProxy = New-WebServiceProxy -Uri "$($Uri)?wsdl"
    $wsdlProxy.url = $Uri
    $cookieContainer = New-Object System.Net.CookieContainer
    $wsdlProxy.CookieContainer = $cookieContainer
    $wsdlProxy.login($Username, $Password)
    return $wsdlProxy
}

function HashtableToString {
    param(
        [Parameter(Mandatory)]
        [Hashtable]$Hashtable
    )

    $str = ""
    foreach ($i in $Hashtable.GetEnumerator()) {
        $str += "$($i.Name)=$($i.Value)|"
    }
    return $str
}

function StringToHashtable {
    param(
        [Parameter(Mandatory)]
        [String]$String
    )

    $hashtable = @{}
    $pairs = $String.split("|")
    foreach ($kv in $pairs) {
        $hashtable += ConvertFrom-StringData -StringData $kv
    }
    return $hashtable
}

function ConvertPSObjectToHashtable {
    param (
        [Parameter(Mandatory)]
        $InputObject
    )

    $hashtable = @{}
    foreach ($property in $InputObject.PSObject.Properties) {
        $hashtable[$property.Name] = $property.Value
    }
    return $hashtable
}

function Get-View {
    param (
        [Parameter(Mandatory)]
        [String]$ConfigurationName,
        [Parameter(Mandatory)]
        [String]$ViewName,
        [Parameter(Mandatory)]
        [System.Web.Services.Protocols.SoapHttpClientProtocol]$BlueCatProxy
    )

    $config = $BlueCatProxy.getEntityByName(0, $ConfigurationName, "Configuration")
    $BlueCatProxy.getEntityByName($config.id, $ViewName, "View")
}

function Get-ParentZone {
    param (
        [Parameter(Mandatory)]
        [String]$AbsoluteName,
        [Parameter(Mandatory)]
        [String]$ViewId,
        [Parameter(Mandatory)]
        [System.Web.Services.Protocols.SoapHttpClientProtocol]$BlueCatProxy
    )

    $zones = $AbsoluteName.split(".")
    [array]::Reverse($zones)
    $parentZone = @{ "id" = $ViewId }

    foreach ($el in $zones) {
        $zone = $BlueCatProxy.getEntityByName($parentZone.id, $el, "Zone")
        if (!$zone.id) {
            break
        }
        $parentZone = (ConvertPSObjectToHashtable -InputObject $zone) + (StringToHashtable -String $zone.properties)
    }

    if (!$parentZone.name) {
        throw ("No parent zone found!")
    }
    return $parentZone
}