@itentialopensource/adapter-aruba_central 2.2.4 → 2.2.6

package/AUTH.md

@@ -1,6 +1,6 @@
 ## Authenticating Aruba Central Adapter 
 
-This document will go through the steps for authenticating the Aruba Central adapter with Static Token Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication <a href="https://docs.itential.com/opensource/docs/authentication" target="_blank">HERE</a>. 
+This document will go through the steps for authenticating the Aruba Central adapter with Static Token Authentication and Multi Step Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication <a href="https://docs.itential.com/opensource/docs/authentication" target="_blank">HERE</a>. 
 
 Companies periodically change authentication methods to provide better security. As this happens this section should be updated and contributed/merge back into the adapter repository.
 
@@ -24,6 +24,85 @@ you can leave all of the other properties in the authentication section, they wi
 
 4. Restart the adapter. If your properties were set correctly, the adapter should go online. 
 
+### Multi Step Authentication
+The Aruba Central adapter also supports Multi Step Authentication. You can read more about Aruba Central OAuth <a href="https://developer.arubanetworks.com/hpe-aruba-networking-central/docs/api-oauth-access-token" target="_blank">here</a>. If you change authentication methods, you should change this section accordingly and merge it back into the adapter repository.
+
+STEPS  
+1. Ensure you have access to a Aruba Central server and that it is running
+2. Follow the steps in the README.md to import the adapter into IAP if you have not already done so
+3. Use the properties below for the ```properties.authentication``` field
+```json
+"authentication": {
+  "auth_method": "multi_step_authentication",
+  "multiStepAuthCalls": [
+    {
+      "name": "getFirstToken",
+      "requestFields": {
+        "query.client_id": "<your_client_id>",
+        "username": "<your_username>",
+        "password": "<your_password>"
+      },
+      "responseFields": {
+        "csrftoken": "set-cookie.csrftoken",
+        "session": "set-cookie.session"
+      },
+      "successfullResponseCode": 200
+    },
+    {
+      "name": "getSecondToken",
+      "requestFields": {
+        "query.client_id": "<your_client_id>",
+        "query.response_type": "code",
+        "query.scope": "all",
+        "header.Cookie": "session={getFirstToken.responseFields.session}",
+        "header.X-CSRF-Token": "{getFirstToken.responseFields.csrftoken}",
+        "customer_id": "<your_customer_id>"
+      },
+      "responseFields": {
+        "authCode": "auth_code"
+      },
+      "successfullResponseCode": 200
+    },
+    {
+      "name": "getThirdToken",
+      "requestFields": {
+        "client_id": "<your_client_id>",
+        "client_secret": "<your_client_secret>",
+        "grant_type": "authorization_code",
+        "code": "{getSecondToken.responseFields.authCode}"
+      },
+      "responseFields": {
+        "token": "access_token"
+      },
+      "successfullResponseCode": 200
+    }
+  ],
+  "token_timeout": 100000,
+  "token_cache": "local",
+  "invalid_token_error": 401,
+  "auth_field": "header.headers.Authorization",
+  "auth_field_format": "Bearer {token}",
+  "auth_logging": true
+}
+```
+
+4. Use the properties below for the ```properties.authentication.refresh_token_request``` field if you want to refresh the access token when it expires, instead of making multiple requests to obtain a new access token
+```json
+"refresh_token_request": {
+  "requestFields": {
+    "query.client_id": "<your_client_id>",
+    "query.client_secret": "<your_client_secret>",
+    "query.grant_type": "refresh_token"
+  },
+  "refresh_token": {
+    "placement": "query",
+    "token_timeout": 1296000000
+  }
+}
+```
+
+5. Restart the adapter. If your properties were set correctly, the adapter should go online. 
+
 ### Troubleshooting
 - Make sure you copied over the correct token.
 - Turn on debug level logs for the adapter in IAP Admin Essentials.

package/CHANGELOG.md

@@ -1,4 +1,20 @@
 
+## 2.2.6 [10-15-2024]
+
+* Changes made at 2024.10.14_19:49PM
+
+See merge request itentialopensource/adapters/adapter-aruba_central!16
+
+---
+
+## 2.2.5 [10-08-2024]
+
+* Add config for msa and refresh token
+
+See merge request itentialopensource/adapters/adapter-aruba_central!14
+
+---
+
 ## 2.2.4 [08-23-2024]
 
 * update dependencies and metadata

package/TAB2.md

@@ -11,7 +11,7 @@
 ## Specific Adapter Information
 ### Authentication
 
-This document will go through the steps for authenticating the Aruba Central adapter with Static Token Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication <a href="https://docs.itential.com/opensource/docs/authentication" target="_blank">HERE</a>. 
+This document will go through the steps for authenticating the Aruba Central adapter with Static Token Authentication and Multi Step Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication <a href="https://docs.itential.com/opensource/docs/authentication" target="_blank">HERE</a>. 
 
 Companies periodically change authentication methods to provide better security. As this happens this section should be updated and contributed/merge back into the adapter repository.
 
@@ -35,6 +35,85 @@ you can leave all of the other properties in the authentication section, they wi
 
 4. Restart the adapter. If your properties were set correctly, the adapter should go online. 
 
+#### Multi Step Authentication
+The Aruba Central adapter also supports Multi Step Authentication. You can read more about Aruba Central OAuth <a href="https://developer.arubanetworks.com/hpe-aruba-networking-central/docs/api-oauth-access-token" target="_blank">here</a>. If you change authentication methods, you should change this section accordingly and merge it back into the adapter repository.
+
+STEPS  
+1. Ensure you have access to a Aruba Central server and that it is running
+2. Follow the steps in the README.md to import the adapter into IAP if you have not already done so
+3. Use the properties below for the ```properties.authentication``` field
+```json
+"authentication": {
+  "auth_method": "multi_step_authentication",
+  "multiStepAuthCalls": [
+    {
+      "name": "getFirstToken",
+      "requestFields": {
+        "query.client_id": "<your_client_id>",
+        "username": "<your_username>",
+        "password": "<your_password>"
+      },
+      "responseFields": {
+        "csrftoken": "set-cookie.csrftoken",
+        "session": "set-cookie.session"
+      },
+      "successfullResponseCode": 200
+    },
+    {
+      "name": "getSecondToken",
+      "requestFields": {
+        "query.client_id": "<your_client_id>",
+        "query.response_type": "code",
+        "query.scope": "all",
+        "header.Cookie": "session={getFirstToken.responseFields.session}",
+        "header.X-CSRF-Token": "{getFirstToken.responseFields.csrftoken}",
+        "customer_id": "<your_customer_id>"
+      },
+      "responseFields": {
+        "authCode": "auth_code"
+      },
+      "successfullResponseCode": 200
+    },
+    {
+      "name": "getThirdToken",
+      "requestFields": {
+        "client_id": "<your_client_id>",
+        "client_secret": "<your_client_secret>",
+        "grant_type": "authorization_code",
+        "code": "{getSecondToken.responseFields.authCode}"
+      },
+      "responseFields": {
+        "token": "access_token"
+      },
+      "successfullResponseCode": 200
+    }
+  ],
+  "token_timeout": 100000,
+  "token_cache": "local",
+  "invalid_token_error": 401,
+  "auth_field": "header.headers.Authorization",
+  "auth_field_format": "Bearer {token}",
+  "auth_logging": true
+}
+```
+
+4. Use the properties below for the ```properties.authentication.refresh_token_request``` field if you want to refresh the access token when it expires, instead of making multiple requests to obtain a new access token
+```json
+"refresh_token_request": {
+  "requestFields": {
+    "query.client_id": "<your_client_id>",
+    "query.client_secret": "<your_client_secret>",
+    "query.grant_type": "refresh_token"
+  },
+  "refresh_token": {
+    "placement": "query",
+    "token_timeout": 1296000000
+  }
+}
+```
+
+5. Restart the adapter. If your properties were set correctly, the adapter should go online. 
+
 #### Troubleshooting
 - Make sure you copied over the correct token.
 - Turn on debug level logs for the adapter in IAP Admin Essentials.

package/entities/.system/action.json

@@ -25,11 +25,96 @@
         }
       ]
     },
+    {
+      "name": "getRefreshToken",
+      "protocol": "REST",
+      "method": "POST",
+      "entitypath": "{base_path}/{version}/oauth2/token",
+      "requestSchema": "refreshTokenRequest.json",
+      "responseSchema": "schemaTokenResp_MFA_Step_3.json",
+      "timeout": 0,
+      "sendEmpty": false,
+      "requestDatatype": "URLENCODE",
+      "responseDatatype": "JSON",
+      "headers": {},
+      "sso": {
+        "protocol": "",
+        "host": "",
+        "port": 0
+      },
+      "responseObjects": [
+        {
+          "type": "default",
+          "key": "",
+          "mockFile": "mockdatafiles/getRefreshToken-default.json"
+        }
+      ]
+    },
+    {
+      "name": "MFA_Step_1",
+      "protocol": "REST",
+      "method": "POST",
+      "entitypath": "/oauth2/authorize/central/api/login",
+      "requestSchema": "schemaTokenReq_MFA_Step_1.json",
+      "responseSchema": "schemaTokenResp_MFA_Step_1.json",
+      "timeout": 0,
+      "sendEmpty": false,
+      "requestDatatype": "JSON",
+      "responseDatatype": "JSON",
+      "headers": {},
+      "responseObjects": [
+        {
+          "type": "default",
+          "key": "",
+          "mockFile": "mockdatafiles/MFA_Step_1-default.json"
+        }
+      ]
+    },
+    {
+      "name": "MFA_Step_2",
+      "protocol": "REST",
+      "method": "POST",
+      "entitypath": "/oauth2/authorize/central/api",
+      "requestSchema": "schemaTokenReq_MFA_Step_2.json",
+      "responseSchema": "schemaTokenResp_MFA_Step_2.json",
+      "timeout": 0,
+      "sendEmpty": false,
+      "requestDatatype": "JSON",
+      "responseDatatype": "JSON",
+      "headers": {},
+      "responseObjects": [
+        {
+          "type": "default",
+          "key": "",
+          "mockFile": "mockdatafiles/MFA_Step_2-default.json"
+        }
+      ]
+    },
+    {
+      "name": "MFA_Step_3",
+      "protocol": "REST",
+      "method": "POST",
+      "entitypath": "/oauth2/token",
+      "requestSchema": "schemaTokenReq_MFA_Step_3.json",
+      "responseSchema": "schemaTokenResp_MFA_Step_3.json",
+      "timeout": 0,
+      "sendEmpty": false,
+      "requestDatatype": "JSON",
+      "responseDatatype": "JSON",
+      "headers": {},
+      "responseObjects": [
+        {
+          "type": "default",
+          "key": "",
+          "mockFile": "mockdatafiles/MFA_Step_3-default.json"
+        }
+      ]
+    },
     {
       "name": "healthcheck",
       "protocol": "REST",
       "method": "GET",
-      "entitypath": "{base_path}/{version}/healthcheck?{query}",
+      "entitypath": "{base_path}/{version}/monitoring/v2/networks?{query}",
       "requestSchema": "schema.json",
       "responseSchema": "schema.json",
       "timeout": 0,

package/entities/.system/mockdatafiles/MFA_Step_1-default.json

@@ -0,0 +1,3 @@
+{
+  "Set-Cookie": "csrftoken=csrf123;session=session123"
+}

package/entities/.system/mockdatafiles/MFA_Step_2-default.json

@@ -0,0 +1,3 @@
+{
+  "auth_code": "authcode123"
+}

package/entities/.system/mockdatafiles/MFA_Step_3-default.json

@@ -0,0 +1,6 @@
+{
+  "refresh_token":"refreshtoken",
+  "token_type":"bearer",
+  "access_token":"accesstoken",
+  "expires_in":7200
+}

package/entities/.system/mockdatafiles/getRefreshToken-default.json

@@ -0,0 +1,6 @@
+{
+  "refresh_token":"newrefreshtoken",
+  "token_type":"bearer",
+  "access_token":"newaccesstoken",
+  "expires_in":7200
+}

package/entities/.system/refreshTokenRequest.json

@@ -0,0 +1,63 @@
+{
+  "$id": "refreshTokenRequest.json",
+  "type": "object",
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "translate": true,
+  "dynamicfields": false,
+  "properties": {
+    "ph_request_type": {
+      "type": "string",
+      "description": "type of request (internal to adapter)",
+      "default": "getRefreshToken",
+      "enum": [
+        "getRefreshToken"
+      ],
+      "external_name": "ph_request_type"
+    },
+    "grant_type": {
+      "type": "string",
+      "description": "type of auth",
+      "parse": false,
+      "encode": false,
+      "encrypt": {
+        "type": "AES",
+        "key": ""
+      },
+      "external_name": "grant_type"
+    },
+    "client_secret": {
+      "type": "string",
+      "description": "secret used during login",
+      "parse": false,
+      "encode": false,
+      "encrypt": {
+        "type": "AES",
+        "key": ""
+      },
+      "external_name": "client_secret"
+    },
+    "client_id": {
+      "type": "string",
+      "description": "client application id",
+      "parse": false,
+      "encode": false,
+      "encrypt": {
+        "type": "AES",
+        "key": ""
+      },
+      "external_name": "client_id"
+    },
+    "refreshToken": {
+      "type": "string",
+      "description": "refresh token",
+      "parse": false,
+      "encode": false,
+      "encrypt": {
+        "type": "AES",
+        "key": ""
+      },
+      "external_name": "refresh_token"
+    }
+  },
+  "definitions": {}
+}

package/entities/.system/schemaTokenReq_MFA_Step_1.json

@@ -0,0 +1,19 @@
+{
+  "$id": ".system-schemaTokenReq_MFA_Step_1.json",
+  "type": "object",
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "translate": true,
+  "dynamicfields": true,
+  "properties": {
+    "ph_request_type": {
+      "type": "string",
+      "description": "type of request (internal to adapter)",
+      "default": "MFA_Step_1",
+      "enum": [
+        "MFA_Step_1"
+      ],
+      "external_name": "ph_request_type"
+    }
+  },
+  "definitions": {}
+}

package/entities/.system/schemaTokenReq_MFA_Step_2.json

@@ -0,0 +1,19 @@
+{
+  "$id": ".system-schemaTokenReq_MFA_Step_2.json",
+  "type": "object",
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "translate": true,
+  "dynamicfields": true,
+  "properties": {
+    "ph_request_type": {
+      "type": "string",
+      "description": "type of request (internal to adapter)",
+      "default": "MFA_Step_2",
+      "enum": [
+        "MFA_Step_2"
+      ],
+      "external_name": "ph_request_type"
+    }
+  },
+  "definitions": {}
+}

package/entities/.system/schemaTokenReq_MFA_Step_3.json

@@ -0,0 +1,19 @@
+{
+  "$id": ".system-schemaTokenReq_MFA_Step_3.json",
+  "type": "object",
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "translate": true,
+  "dynamicfields": true,
+  "properties": {
+    "ph_request_type": {
+      "type": "string",
+      "description": "type of request (internal to adapter)",
+      "default": "MFA_Step_3",
+      "enum": [
+        "MFA_Step_3"
+      ],
+      "external_name": "ph_request_type"
+    }
+  },
+  "definitions": {}
+}

package/entities/.system/schemaTokenResp_MFA_Step_1.json

@@ -0,0 +1,38 @@
+{
+  "$id": ".system-schemaTokenResp_MFA_Step_1.json",
+  "type": "object",
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "translate": true,
+  "dynamicfields": true,
+  "properties": {
+    "ph_request_type": {
+      "type": "string",
+      "description": "type of request (internal to adapter)",
+      "default": "MFA_Step_1",
+      "enum": [
+        "MFA_Step_1"
+      ],
+      "external_name": "ph_request_type"
+    },
+    "token": {
+      "type": "string",
+      "description": "token returned by system",
+      "parse": false,
+      "encode": false,
+      "placement": "HEADER",
+      "encrypt": {
+        "type": "AES",
+        "key": ""
+      },
+      "external_name": "set-cookie.csrftoken"
+    },
+    "tokenp2": {
+      "description": "second token returned by system",
+      "parse": false,
+      "encode": false,
+      "placement": "HEADER",
+      "external_name": "set-cookie.session"
+    }
+  },
+  "definitions": {}
+}

package/entities/.system/schemaTokenResp_MFA_Step_2.json

@@ -0,0 +1,26 @@
+{
+  "$id": ".system-schemaTokenResp_MFA_Step_2.json",
+  "type": "object",
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "translate": true,
+  "dynamicfields": true,
+  "properties": {
+    "ph_request_type": {
+      "type": "string",
+      "description": "type of request (internal to adapter)",
+      "default": "MFA_Step_2",
+      "enum": [
+        "MFA_Step_2"
+      ],
+      "external_name": "ph_request_type"
+    },
+    "token": {
+      "description": "token returned by system",
+      "parse": false,
+      "encode": false,
+      "placement": "BODY",
+      "external_name": "auth_code"
+    }
+  },
+  "definitions": {}
+}

package/entities/.system/schemaTokenResp_MFA_Step_3.json

@@ -0,0 +1,39 @@
+{
+  "$id": ".system-schemaTokenResp_MFA_Step_3.json",
+  "type": "object",
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "translate": true,
+  "dynamicfields": true,
+  "properties": {
+    "ph_request_type": {
+      "type": "string",
+      "description": "type of request (internal to adapter)",
+      "default": "MFA_Step_3",
+      "enum": [
+        "MFA_Step_3",
+        "getRefreshToken"
+      ],
+      "external_name": "ph_request_type"
+    },
+    "token": {
+      "description": "token returned by system",
+      "parse": false,
+      "encode": false,
+      "placement": "BODY",
+      "external_name": "access_token"
+    },
+    "refreshToken": {
+      "type": "string",
+      "description": "refresh token returned by system",
+      "parse": false,
+      "encode": false,
+      "placement": "BODY",
+      "encrypt": {
+        "type": "AES",
+        "key": ""
+      },
+      "external_name": "refresh_token"
+    }
+  },
+  "definitions": {}
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@itentialopensource/adapter-aruba_central",
-  "version": "2.2.4",
+  "version": "2.2.6",
   "description": "This adapter integrates with system described as: arubaCentralAllMethods.",
   "main": "adapter.js",
   "wizardVersion": "2.44.7",
@@ -52,7 +52,7 @@
   "author": "Itential",
   "homepage": "https://gitlab.com/itentialopensource/adapters/adapter-aruba_central#readme",
   "dependencies": {
-    "@itentialopensource/adapter-utils": "^5.7.0",
+    "@itentialopensource/adapter-utils": "^5.9.4",
     "acorn": "^8.12.1",
     "ajv": "^8.17.1",
     "axios": "^1.7.4",

package/propertiesSchema.json

@@ -213,7 +213,7 @@
           "description": "How long a token is valid (in milliseconds), -1 (always get token), 0 use expiration returned with token",
           "default": -1,
           "minimum": -1,
-          "maximum": 3600000
+          "maximum": 7200000
         },
         "token_cache": {
           "type": "string",
@@ -341,6 +341,29 @@
               }
             }
           }
+        },
+        "refresh_token_request": {
+          "type": "object",
+          "properties": {
+            "requestFields": {
+              "type": "object",
+              "description": "Params used in the refresh token call"
+            },
+            "refresh_token": {
+              "type": "object",
+              "description": "Refresh token fields",
+              "properties": {
+                "placement": {
+                  "type": "string",
+                  "description": "Where to place refresh token"
+                },
+                "token_timeout": {
+                  "type": "integer",
+                  "description": "How long a token is valid (in milliseconds)"
+                }
+              }
+            }
+          }
         }
       },
       "required": [

package/compliance-report.json

@@ -1,9 +0,0 @@
-{
-  "ComplianceEntries": [
-    {
-      "name": "Compliance Summary",
-      "numInvalidProjects": 0,
-      "numValidProjects": 0
-    }
-  ]
-}

package/compliance-report.txt

@@ -1,5 +0,0 @@
----------------------------------------------------------------------------------------------
-**** Project Compliance Summary ****
-0 project(s) are not valid
-0 project(s) are valid
----------------------------------------------------------------------------------------------