2021-10-26 03:30:57 -04:00
|
|
|
function New-IcingaForWindowsRESTApi()
|
|
|
|
|
{
|
|
|
|
|
# Allow us to parse the framework global data to this thread
|
|
|
|
|
param (
|
2021-11-16 10:28:00 -05:00
|
|
|
[string]$Address = '',
|
2021-10-26 03:30:57 -04:00
|
|
|
$Port,
|
|
|
|
|
$CertFile,
|
|
|
|
|
$CertThumbprint,
|
|
|
|
|
$RequireAuth
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$RESTEndpoints = Invoke-IcingaNamespaceCmdlets -Command 'Register-IcingaRESTAPIEndpoint*';
|
|
|
|
|
Write-IcingaDebugMessage -Message (
|
|
|
|
|
[string]::Format(
|
|
|
|
|
'Loading configuration for REST-Endpoints{0}{1}',
|
|
|
|
|
(New-IcingaNewLine),
|
|
|
|
|
($RESTEndpoints | Out-String)
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
2021-12-09 11:42:06 -05:00
|
|
|
Write-IcingaDebugMessage -Message ($Global:Icinga.Public.Daemons.RESTApi | Out-String);
|
2021-10-26 03:30:57 -04:00
|
|
|
|
|
|
|
|
foreach ($entry in $RESTEndpoints.Values) {
|
2021-12-09 11:42:06 -05:00
|
|
|
[bool]$Success = Add-IcingaHashtableItem `
|
|
|
|
|
-Hashtable $Global:Icinga.Public.Daemons.RESTApi.RegisteredEndpoints `
|
|
|
|
|
-Key $entry.Alias `
|
|
|
|
|
-Value $entry.Command;
|
2021-11-17 13:06:09 -05:00
|
|
|
|
2021-10-26 03:30:57 -04:00
|
|
|
if ($Success -eq $FALSE) {
|
|
|
|
|
Write-IcingaEventMessage `
|
|
|
|
|
-EventId 2100 `
|
|
|
|
|
-Namespace 'RESTApi' `
|
|
|
|
|
-Objects ([string]::Format('Adding duplicated REST endpoint "{0}" with command "{1}', $entry.Alias, $entry.Command)), $RESTEndpoints;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$CommandAliases = Invoke-IcingaNamespaceCmdlets -Command 'Register-IcingaRESTApiCommandAliases*';
|
|
|
|
|
|
|
|
|
|
foreach ($entry in $CommandAliases.Values) {
|
|
|
|
|
foreach ($component in $entry.Keys) {
|
2021-12-09 11:42:06 -05:00
|
|
|
[bool]$Success = Add-IcingaHashtableItem `
|
|
|
|
|
-Hashtable $Global:Icinga.Public.Daemons.RESTApi.CommandAliases `
|
|
|
|
|
-Key $component `
|
|
|
|
|
-Value $entry[$component];
|
2021-11-17 13:06:09 -05:00
|
|
|
|
2021-10-26 03:30:57 -04:00
|
|
|
if ($Success -eq $FALSE) {
|
|
|
|
|
Write-IcingaEventMessage `
|
|
|
|
|
-EventId 2101 `
|
|
|
|
|
-Namespace 'RESTApi' `
|
|
|
|
|
-Objects ([string]::Format('Adding duplicated REST command aliases "{0}" for namespace "{1}', $entry[$component], $component)), $CommandAliases;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-09 11:42:06 -05:00
|
|
|
Write-IcingaDebugMessage -Message ($Global:Icinga.Public.Daemons.RESTApi.RegisteredEndpoints | Out-String);
|
2021-10-26 03:30:57 -04:00
|
|
|
|
2024-04-02 14:12:56 -04:00
|
|
|
$Global:Icinga.Public.SSL.CertFile = $CertFile;
|
|
|
|
|
$Global:Icinga.Public.SSL.CertThumbprint = $CertThumbprint;
|
|
|
|
|
|
2024-03-12 11:59:18 -04:00
|
|
|
while ($TRUE) {
|
2024-04-02 14:12:56 -04:00
|
|
|
if ($null -eq $Global:Icinga.Public.SSL.Certificate) {
|
|
|
|
|
# In case we are not inside a JEA context, use the SSLCertForSocket function to create the certificate file on the fly
|
|
|
|
|
# while maintaining the new wait feature. This fix is required, as the NetworkService user has no permssion
|
|
|
|
|
# to read the icingaforwindows.pfx file with the private key
|
|
|
|
|
if ([string]::IsNullOrEmpty((Get-IcingaJEAContext))) {
|
|
|
|
|
$Global:Icinga.Public.SSL.Certificate = Get-IcingaSSLCertForSocket `
|
|
|
|
|
-CertFile $Global:Icinga.Public.SSL.CertFile `
|
|
|
|
|
-CertThumbprint $Global:Icinga.Public.SSL.CertThumbprint;
|
|
|
|
|
} else {
|
|
|
|
|
$Global:Icinga.Public.SSL.Certificate = Get-IcingaForWindowsCertificate;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($null -ne $Global:Icinga.Public.SSL.Certificate) {
|
2024-03-12 11:59:18 -04:00
|
|
|
break;
|
2021-10-26 03:30:57 -04:00
|
|
|
}
|
|
|
|
|
|
2024-03-12 11:59:18 -04:00
|
|
|
# Wait 5 minutes and try again
|
2024-04-02 14:12:56 -04:00
|
|
|
Write-IcingaEventMessage -EventId 2002 -Namespace 'RESTApi' -Objects ($Global:Icinga.Public.SSL.Certificate | Out-String), $Global:Icinga.Public.SSL.CertFile, $Global:Icinga.Public.SSL.CertThumbprint;
|
2024-03-12 11:59:18 -04:00
|
|
|
Start-Sleep -Seconds (60 * 5);
|
2021-10-26 03:30:57 -04:00
|
|
|
}
|
|
|
|
|
|
2024-03-12 11:59:18 -04:00
|
|
|
# Create a background thread to renew the certificate on a regular basis
|
|
|
|
|
Start-IcingaForWindowsCertificateThreadTask;
|
2021-10-26 03:30:57 -04:00
|
|
|
|
|
|
|
|
$Socket = New-IcingaTCPSocket -Address $Address -Port $Port -Start;
|
|
|
|
|
|
|
|
|
|
# Keep our code executed as long as the PowerShell service is
|
|
|
|
|
# being executed. This is required to ensure we will execute
|
|
|
|
|
# the code frequently instead of only once
|
|
|
|
|
while ($TRUE) {
|
2021-11-17 13:06:09 -05:00
|
|
|
|
|
|
|
|
# Force Icinga for Windows Garbage Collection
|
2022-03-17 04:31:32 -04:00
|
|
|
Optimize-IcingaForWindowsMemory -ClearErrorStack -SmartGC;
|
2021-11-17 13:06:09 -05:00
|
|
|
|
2021-10-26 03:30:57 -04:00
|
|
|
$Connection = Open-IcingaTCPClientConnection `
|
|
|
|
|
-Client (New-IcingaTCPClient -Socket $Socket) `
|
2024-04-02 14:12:56 -04:00
|
|
|
-Certificate $Global:Icinga.Public.SSL.Certificate;
|
2021-10-26 03:30:57 -04:00
|
|
|
|
2023-11-15 08:31:40 -05:00
|
|
|
if ($Connection.Client -eq $null -Or $Connection.Stream -eq $null) {
|
|
|
|
|
Close-IcingaTCPConnection -Connection $Connection;
|
|
|
|
|
$Connection = $null;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-09 11:42:06 -05:00
|
|
|
if (Test-IcingaRESTClientBlacklisted -Client $Connection.Client -ClientList $Global:Icinga.Public.Daemons.RESTApi.ClientBlacklist) {
|
2021-10-26 03:30:57 -04:00
|
|
|
Write-IcingaDebugMessage -Message 'A remote client which is trying to connect was blacklisted' -Objects $Connection.Client.Client;
|
2023-11-15 08:31:40 -05:00
|
|
|
Close-IcingaTCPConnection -Connection $Connection;
|
2023-07-24 11:51:33 -04:00
|
|
|
$Connection = $null;
|
2021-10-26 03:30:57 -04:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((Test-IcingaRESTClientConnection -Connection $Connection) -eq $FALSE) {
|
2023-07-24 11:51:33 -04:00
|
|
|
$Connection = $null;
|
2021-10-26 03:30:57 -04:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# API not yet ready
|
2021-12-09 11:42:06 -05:00
|
|
|
if ($Global:Icinga.Public.Daemons.RESTApi.ApiRequests.Count -eq 0) {
|
2023-11-15 08:31:40 -05:00
|
|
|
Close-IcingaTCPConnection -Connection $Connection;
|
2023-07-24 11:51:33 -04:00
|
|
|
$Connection = $null;
|
2021-10-26 03:30:57 -04:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
$NextRESTApiThreadId = (Get-IcingaNextRESTApiThreadId);
|
|
|
|
|
|
2024-03-29 08:22:16 -04:00
|
|
|
Write-IcingaDebugMessage -Message 'Scheduling Icinga for Windows API request' -Objects 'REST-Thread Id', $NextRESTApiThreadId;
|
|
|
|
|
|
2021-12-09 11:42:06 -05:00
|
|
|
if ($Global:Icinga.Public.Daemons.RESTApi.ApiRequests.ContainsKey($NextRESTApiThreadId) -eq $FALSE) {
|
2023-11-15 08:31:40 -05:00
|
|
|
Close-IcingaTCPConnection -Connection $Connection;
|
2023-07-24 11:51:33 -04:00
|
|
|
$Connection = $null;
|
2021-10-26 03:30:57 -04:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-18 12:19:07 -04:00
|
|
|
$Global:Icinga.Public.Daemons.RESTApi.ApiRequests.$NextRESTApiThreadId.Add($Connection);
|
2021-10-26 03:30:57 -04:00
|
|
|
} catch {
|
2021-12-09 11:42:06 -05:00
|
|
|
Write-IcingaEventMessage -Namespace 'RESTApi' -EvenId 2050 -ExceptionObject $_;
|
2021-10-26 03:30:57 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
