validation_utils.ps1

$PUBLIC_KEY = ('{0}/ZertoPublicKey.pem' -f $psScriptRoot)
$PASSWORD_REGEX = [regex]"^(?=.*[A-Z])(?=.*[^A-Za-z])(?=.*\d)(?=.*[\W_]).{8,}$"
$UNSUPPORTED_LETTERS_IN_PASSWORD_REGEX = [regex]'[\$"\s]'
$UNSUPPORTED_FIRST_LETTER_IN_PASSWORD = "[]{}>|*&!%#`@,"

function Validate-FileBySignature {
    param (
        [Parameter(Mandatory = $true, HelpMessage = "File to verify")]
        [string]$FilePath,

        [Parameter(Mandatory = $true, HelpMessage = "Signature file to verify")]
        [string]$SignatureFilePath
    )

    process {
        Write-Host "Verifying signature for $FilePath"
        Write-Host "The verification process might take a while, please wait..."

        $isVerified = (openssl dgst -sha256 -verify $PUBLIC_KEY -signature $SignatureFilePath $FilePath 2>&1) -join ";"

        if ($isVerified -eq "Verified OK") {
            Write-Host "File signature was verified successfully for $FilePath by $SignatureFilePath"
            return $true
        }
        else {
            Write-Host "Could not verify $FilePath signature by $SignatureFilePath"
            return $false
        }
    }
}

function Validate-NetworkSettings {
    param (
        [Parameter(Mandatory = $true, HelpMessage = "ZVML ip address")]
        [string]
        $ZvmlIp,

        [Parameter(Mandatory = $true, HelpMessage = "SubnetMask address.")]
        [string]
        $SubnetMask,

        [Parameter(Mandatory = $true, HelpMessage = "Default gateway.")]
        [string]
        $DefaultGateway,

        [Parameter(Mandatory = $true, HelpMessage = "DNS server address.")]
        [string]
        $DNS
    )

    process {
        $IpSettingsValidated = $true

        Write-Host "Validating ZVML IP $ZvmlIp"
        if ((Validate-IpAddress $ZvmlIp) -eq $false) {
            $IpSettingsValidated = $false
            $Message = "ZVM could not be configured with the specified IP address $ZvmlIp, due to invalid IP format."
            Write-Host $Message
            Write-Error $Message
        }

        Write-Host "Validating SubnetMask $SubnetMask"
        if ((Validate-IpAddress $SubnetMask) -eq $false) {
            $IpSettingsValidated = $false
            $Message = "ZVM could not be configured with the specified subnet mask $SubnetMask, due to invalid IP format."
            Write-Host $Message
            Write-Error $Message
        }

        Write-Host "Validating DNS IP $DNS"
        if ((Validate-IpAddress $DNS) -eq $false) {
            $IpSettingsValidated = $false
            $Message = "ZVM could not be configured with the specified DNS $DNS, due to invalid IP format."
            Write-Host $Message
            Write-Error $Message
        }

        Write-Host "Validating DefaultGateway IP $DefaultGateway"
        if ((Validate-IpAddress $DefaultGateway) -eq $false) {
            $IpSettingsValidated = $false
            $Message = "ZVM could not be configured with the specified default gateway $DefaultGateway, due to invalid IP format."
            Write-Host $Message
            Write-Error $Message
        }

        if ($IpSettingsValidated -eq $false) {
            Write-Error "provided IP addresses format is invalid" -ErrorAction Stop
        }
    }
}

function Validate-IpAddress {
    param (
        [Parameter(Mandatory = $true, HelpMessage = "ip address")]
        [string]$ip
    )

    process {
        Write-Host "Starting $($MyInvocation.MyCommand)..."

        try {
            if (([ipaddress]$ip).IPAddressToString -eq ("" + $ip)) {
                Write-Host "IP address $ip is valid"
                return $true
            }
            else {
                Write-Host "ZVM could not be configured with the specified address $ip, due to wrong format. $_"
                return $false
            }
        }
        catch {
            Write-Host "ZVM could not be configured with the specified address $ip, due to wrong format. $_"
            return $false
        }
    }
}

function Validate-VcEnvParams {
    param(
        [Parameter(Mandatory = $true, HelpMessage = "Datastore Name")]
        [string]$DatastoreName,

        [Parameter(Mandatory = $true, HelpMessage = "Network Name")]
        [string]$NetworkName,

        [Parameter(Mandatory = $true,    HelpMessage = "ZVM IP")]
        [string]$ZVMLIp,

        [Parameter(Mandatory = $true, HelpMessage = "Subnet Mask")]
        [string]$SubnetMask,

        [Parameter(Mandatory = $true, HelpMessage = "Default Gateway")]
        [string]$DefaultGateway,

        [Parameter(Mandatory = $true, HelpMessage = "DNS Address")]
        [string]$DNS
    )

    process {

        Write-Host "Starting $($MyInvocation.MyCommand)..."

        if ((Validate-DatastoreName -DatastoreName $DatastoreName) -ne $true) {
            Write-Error "Datastore=$DatastoreName does not exist. Validation failed" -ErrorAction Stop
        }

        if ((Validate-NetworkName -NetworkName $NetworkName) -ne $true) {
            Write-Error "Network=$NetworkName does not exist. Validation failed" -ErrorAction Stop
        }

        Validate-NetworkSettings -ZvmlIp $ZVMLIp -SubnetMask $SubnetMask -DefaultGateway $DefaultGateway -DNS $DNS

        Write-Host "Validations finished"
    }
}

function Get-ValidatedHostName ($HostName, $NetworkName, $DatastoreName) {
    Write-Host "Starting $($MyInvocation.MyCommand)..."

    $allValidMatchingHostsNames = Select-ValidMatchingHostsNames -NetworkName $NetworkName -DatastoreName $DatastoreName

    if ($HostName) {
        if ($allValidMatchingHostsNames -contains $HostName) {
            Write-Host "Host provided by the user is valid: $HostName"
            return $HostName
        }
        else {
            throw "Host provided by the user is not valid or does not match the specified network and datastore: $HostName"
        }
    }
    else {
        $validHostName = $allValidMatchingHostsNames | Select-Object -First 1
        Write-Host "No host provided by the user. A host selected automatically: $validHostName"
        return $validHostName
    }

}

function Select-ValidMatchingHostsNames ($NetworkName, $DatastoreName) {
    Write-Host "Starting $($MyInvocation.MyCommand)..."

    $datastore = Get-Datastore -Name $DatastoreName
    $network = Get-View -ViewType Network -Property Name -Filter @{"Name" = $NetworkName }

    $hosts = Get-VMHost | Where-Object {
        # Select hot state
        ($_.ConnectionState -eq "Connected" -and $_.PowerState -eq "PoweredOn") -and
        # Check if the host has access to the datastore
        ($_.ExtensionData.Datastore -contains $datastore.ExtensionData.MoRef) -and
        # Check if the host has access to the network
        ($_.ExtensionData.Network -contains $network.MoRef)
    }
    if ($hosts.Count -eq 0) {
        throw "No powered-on hosts with access to both datastore '$DatastoreName' and network '$NetworkName' were found."
    }
    Write-Host "Total number of hosts with access to both datastore '$DatastoreName' and network '$NetworkName': $($hosts.Count)"

    $hostsNames = $hosts | Sort-Object -Property Name | Select-Object -ExpandProperty Name

    return $hostsNames
}

function Validate-ZertoPassword {
    param (
        [Parameter(Mandatory = $true)]
        [SecureString]$Password
    )
    process {
        $pass = ConvertFrom-SecureString -SecureString $Password -AsPlainText
        if ($pass -notmatch $PASSWORD_REGEX) {
            throw "Zerto password requirements are not met. Password should contain at least one uppercase letter, one digit, one non-alphanumeric character, and be at least 8 characters long."
        }
        if ($pass -match $UNSUPPORTED_LETTERS_IN_PASSWORD_REGEX) {
            throw 'Zerto password requirements are not met. Password should not contain $, ", or a space characters.'
        }
        if ($UNSUPPORTED_FIRST_LETTER_IN_PASSWORD.Contains($pass[0])) {
            throw "Zerto password requirements are not met. Password should not begin with the following characters $UNSUPPORTED_FIRST_LETTER_IN_PASSWORD ."
        }
    }
}

function Test-VmExists {
    param(
        [Parameter(Mandatory = $true, HelpMessage = "VM name pattern")]
        [string]$VmName
    )
    process {
        Write-Host "Starting $($MyInvocation.MyCommand)..."

        $vm = Get-VM -Name $VmName -ErrorAction SilentlyContinue | Select-Object -First 1
        if ($null -eq $vm) {
            Write-Host "'$VmName' VM does not exist"
            return $false
        }
        else {
            Write-Host "'$($vm.Name)' VM exists"
            return $true
        }
    }
}

function Validate-BiosUUID {
    param(
        [Parameter(Mandatory = $true, HelpMessage = "Valid Datastore name")]
        [string]$DatastoreName,
        [Parameter(Mandatory = $true, HelpMessage = "Host BIOS UUID || mob-> Property Path: host.hardware.systemInfo.uuid")]
        [string]$BiosUuid # The parameter expects <BIOS UUID without hyphens>_<Host name> format
    )
    process {
        Write-Host "Starting $($MyInvocation.MyCommand)..."

        $Datastore = Get-Datastore -Name $DatastoreName | Select-Object -first 1

        $TEMP_DRIVE = "TEMP_DRIVE"
        New-PSDrive -Name $TEMP_DRIVE -Location $Datastore -PSProvider VimDatastore -Root '/' | Out-Null
        $exists = Test-Path "$($TEMP_DRIVE):/zagentid/$BiosUuid"
        Remove-PSDrive -Name $TEMP_DRIVE | Out-Null

        if ($exists) {
            Write-Host "BiosUuid '$BiosUuid' exists. Validation successful."
            return $true
        }
        else {
            Write-Host "BiosUuid '$BiosUuid' does not exist. Validation failed."
            return $false
        }

    }
}

function Validate-DigitsOnly {
    param(
        [Parameter(Mandatory = $true,
            HelpMessage = "Input string to validate all the characters are numeric")]
        [string]$InputString
    )

    process {
        Write-Host "Starting $($MyInvocation.MyCommand)..."

        if ($InputString -match "^\d+$") {
            Write-Host "InputString=$InputString contains digits only"
            return $true
        }

        Write-Error "Validation failed. InputString=$InputString contains non-numeric characters"
        return $false
    }
}

function Validate-DatastoreName {
    param(
        [Parameter(Mandatory = $true, HelpMessage = "Datastore Name")]
        [string]$DatastoreName
    )
    process {
        Write-Host "Starting $($MyInvocation.MyCommand)..."

        $Datastore = Get-Datastore -Name $DatastoreName -ErrorAction SilentlyContinue | Select-Object -first 1
        if ($null -eq $Datastore) {
            Write-Host "Datastore=$DatastoreName does not exist. Validation failed."
            return $false
        }

        Write-Host "Datastore=$DatastoreName exists. Validation successful."
        return $true
    }
}

function Validate-NetworkName {
    param(
        [Parameter(Mandatory = $true, HelpMessage = "Network Name")]
        [string]$NetworkName
    )
    process {
        Write-Host "Starting $($MyInvocation.MyCommand)..."

        $Network = Get-VirtualNetwork -Name $NetworkName -ErrorAction SilentlyContinue | Select-Object -first 1
        if ($null -eq $Network) {
            Write-Host "Network=$NetworkName does not exist. Validation failed."
            return $false
        }

        Write-Host "Network=$NetworkName exists. Validation successful"
        return $true
    }
}

function Validate-AvsParams {
    param (
        [Parameter(Mandatory = $true, HelpMessage = "Tenant ID")][string] $TenantId,
        [Parameter(Mandatory = $true, HelpMessage = "Cleint ID")][string] $ClientId,
        [Parameter(Mandatory = $true, HelpMessage = "Client Secret")][SecureString] $ClientSecret,
        [Parameter(Mandatory = $true, HelpMessage = "Subscription ID")][string] $SubscriptionId,
        [Parameter(Mandatory = $true, HelpMessage = "Resource Group Name")][string] $ResourceGroupName,
        [Parameter(Mandatory = $true, HelpMessage = "Avs Cloud Name")][string] $AvsCloudName
    )
    process {
        Write-Host "Starting $($MyInvocation.MyCommand)"

        $body = @{
            'client_id'     = $ClientId
            'client_secret' = (ConvertFrom-SecureString -SecureString $ClientSecret -AsPlainText)
            'grant_type'    = "client_credentials"
            'resource'      = "https://management.core.windows.net/"
        }
        try {
            $authResponse = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$TenantId/oauth2/token" `
                -Body $body -ContentType "application/x-www-form-urlencoded"
        }
        catch {
            Write-Error "Authorization failed for Azure. Please check the values of the TenantID-ClientID-ClientSecret combintaion." `
                -ErrorAction Stop
        }

        $authToken = $authResponse.access_token

        $subscriptionUri = "https://management.azure.com/subscriptions/$SubscriptionId/?api-version=2020-01-01"
        try {
            [void] (Invoke-RestMethod -Method Get -Headers @{Authorization = ("Bearer " + $authToken) } -Uri $subscriptionUri)
        }
        catch {
            Write-Error "The subscription '$SubscriptionId' could not be found for the tenant '$TenantId'." -ErrorAction Stop
        }

        $avsCloudNameUri = "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.AVS/privateClouds/$AvsCloudName/?api-version=2020-03-20"
        try {
            [void] (Invoke-RestMethod -Method Get -Headers @{Authorization = ("Bearer " + $authToken) } -Uri $avsCloudNameUri)
        }
        catch {
            Write-Error "The private cloud '$AvsCloudName' could not be found for the tenant '$TenantId'." -ErrorAction Stop
        }

        Write-Host "AVS parameters are valid"
    }
}

function Assert-ReconfigurationToken ($Token) {
    Write-Host "Starting $($MyInvocation.MyCommand)"
    try {
        $Url = "https://www.zerto.com/myzerto/wp-json/services/zerto/s3-ova-employee?key=" + $Token
        $response = Invoke-WebRequest -Uri $Url -ErrorAction Stop -TimeoutSec 1800
        $content = $response.Content
        if ($content -ne '{"success":true}') {
            throw "Reconfiguration token is invalid."
        }
        Write-Host "Reconfiguration token is valid"
    }
    catch {
        throw "Reconfiguration token is invalid."
    }
}