Use ambari rest-api using powershell

Question

As our monitoring is done from Windows platform, we would like to use powershell to retrieve info from ambari-rest-api.

In a browser the api can be explored. First login, then the used url can be pasted: https://someazurenode.westeurope.cloudapp.azure.com/ambari/api/v1/clusters It just shows the json response in the browser.

In curl:

curl --user myusr:mypwd --insecure -i -H 'X-Requested-By:ambari' -X GET https://someazurenode.westeurope.cloudapp.azure.com/ambari/api/v1/clusters

Works fine

In powershell (after disabling ssl-verification**):

$cred = New-Object System.Management.Automation.PSCredential ("myusr", (ConvertTo-SecureString "mypwd" -AsPlainText -Force))
Invoke-WebRequest -Method Get `
  -UseBasicParsing `
  -Uri "https://someazurenode.westeurope.cloudapp.azure.com/api/v1/clusters" -Headers @{"X-Requested-By"="Ambari"} `
  -Credential $cred

--> 404

It seems something with authorisation, therefore I tried the option below (**):

Invoke-WebRequest -Method GET `
  -Uri "https://someazurenode.westeurope.cloudapp.azure.com/api/v1/clusters" `
  -Headers @{Authorization =[Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes('myusr:mypwd'))}

--> 404 Not found

** Inspiration for ignoring ssl-verification: Ignoring Self-Signed Certificates from Powershell Invoke-RestMethod doesn't work (it's changed again...)

** Inspiration for handling basic authentication Use Invoke-WebRequest with a username and password for basic authentication on the GitHub API

`https://someaz...re.com/ambari/api/v1/clusters` vs. `https://someaz...re.com/api/v1/clusters` — Ansgar Wiechers, Sep 13 '18 at 20:00
I should use an other URL in Powershell then in curl/browser?!? I would like to do be able to do exactly the same in powershell as in curl/browser. — gjh71, Sep 14 '18 at 15:15
Umm... no, you ***are*** using a different URL in the PowerShell statements. You ***should*** be using the same URL. — Ansgar Wiechers, Sep 14 '18 at 15:24
My bad. It happened in the copy-past-anonimize action... :-( — gjh71, Sep 19 '18 at 09:55

score 0 · Answer 1 · answered Sep 19 '18 at 10:02

Found the issue, finally... In our case we needed to fix the connection in 3 steps:

Ignore the certicate-error (sorry, we did not yet implement a neat certificate)
Use basic-authentication instead of the 'normal' powershell credentials
Force the TLS version.

From there it's easy to retrieve info.

function Disable-SslVerification
{
    if (-not ([System.Management.Automation.PSTypeName]"TrustEverything").Type)
    {
        Add-Type -TypeDefinition  @"
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public static class TrustEverything
{
    private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain,
        SslPolicyErrors sslPolicyErrors) { return true; }
    public static void SetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; }
    public static void UnsetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; }
}
"@
    }
    [TrustEverything]::SetCallback()
}
function Enable-SslVerification
{
    if (([System.Management.Automation.PSTypeName]"TrustEverything").Type)
    {
        [TrustEverything]::UnsetCallback()
    }
}

$domain = "my-cluster.westeurope.cloudapp.azure.com/ambari"
$usernm = "myusr"
$userpwd = "mypwd"

Disable-SslVerification
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$uri = "https://{0}/api/v1/clusters" -f $domain
Write-Output $uri

$credstring = "{0}:{1}" -f $usernm, $userpwd
$credbytes = [System.Text.Encoding]::ASCII.GetBytes($credstring)
$credbase64 = [System.Convert]::ToBase64String($credbytes)
$credAuthValue = "Basic {0}" -f $credbase64
$headers = @{ Authorization = $credAuthValue}

$result = "-"
$result = Invoke-RestMethod -Method Get -UseBasicParsing -Uri $uri -Headers $headers
$result

Use ambari rest-api using powershell

1 Answers1