From 80e47b2e2d6d6861e2d1412570a65ea62ed57a30 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 27 Nov 2017 22:21:52 +0100 Subject: [PATCH 01/17] cliSettings: Add Get-NsxcliSettings cmdlets --- module/Include.ps1 | 1 + module/PowerNSX.psm1 | 46 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/module/Include.ps1 b/module/Include.ps1 index e39a81d1..9aa49d0d 100644 --- a/module/Include.ps1 +++ b/module/Include.ps1 @@ -99,6 +99,7 @@ $FunctionsToExport = @( 'Get-NsxEdgeStatus', 'Enable-NsxEdgeSsh', 'Disable-NsxEdgeSsh', + 'Get-NsxcliSettings', 'Set-NsxEdgeNat', 'Get-NsxEdgeNat', 'Get-NsxEdgeNatRule', diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 89d45d71..6d5ec0f1 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14210,6 +14210,52 @@ function Disable-NsxEdgeSsh { } +function Get-NsxcliSettings { + + <# + .SYNOPSIS + Gets cliSettings (userName, Status, ssh banner...) of a ESG + + .DESCRIPTION + An NSX Edge Service Gateway provides all NSX Edge services such as firewall, + NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual + appliance can have a total of ten uplink and internal network interfaces and + up to 200 subinterfaces. Multiple external IP addresses can be configured + for load balancer, site‐to‐site VPN, and NAT services. + + The Get-NsxcliSettings cmdlet retreives the cli Settings of the ESG + + .EXAMPLE + Get-NsxEdge Edge01 | Get-NsxcliSettings + + Get current cli Settings + + #> + + param ( + + [Parameter (Mandatory=$true,ValueFromPipeline=$true,Position=1)] + [ValidateScript({ ValidateEdge $_ })] + [System.Xml.XmlElement]$Edge + ) + + begin { + + } + + process { + + #We append the Edge-id to the associated config XML to enable pipeline workflows and + #consistent readable output + + $_cliSettings = $Edge.cliSettings.CloneNode($True) + Add-XmlElement -xmlRoot $_cliSettings -xmlElementName "edgeId" -xmlElementText $Edge.Id + $_cliSettings + } + + end {} +} + ######### ######### # Edge NAT related functions From d3f4e5bf416e1c391f75f99f06595b092b8199af Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 28 Nov 2017 21:13:51 +0100 Subject: [PATCH 02/17] cliSettings: Add Set-NsxcliSettings cmdlet --- module/Include.ps1 | 1 + module/PowerNSX.psm1 | 156 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 157 insertions(+) diff --git a/module/Include.ps1 b/module/Include.ps1 index 9aa49d0d..406dc835 100644 --- a/module/Include.ps1 +++ b/module/Include.ps1 @@ -100,6 +100,7 @@ $FunctionsToExport = @( 'Enable-NsxEdgeSsh', 'Disable-NsxEdgeSsh', 'Get-NsxcliSettings', + 'Set-NsxcliSettings', 'Set-NsxEdgeNat', 'Get-NsxEdgeNat', 'Get-NsxEdgeNatRule', diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 6d5ec0f1..b1bee854 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -3464,6 +3464,39 @@ Function ValidateEdgeDns { else { throw "Specify a valid Edge DNS object." } + +} + +function ValidateCliSettings { + Param ( + [Parameter (Mandatory=$true)] + [object]$argument + ) + + if ($argument -is [System.Xml.XmlElement] ) { + + if ( -not ( $argument | get-member -name edgeId -Membertype Properties)) { + throw "XML Element specified does not contain an edgeId property." + } + + if ( -not ( $argument | get-member -name remoteAccess -Membertype Properties)) { + throw "XML Element specified does not contain an remoteAccess property." + } + + if ( -not ( $argument | get-member -name sshLoginBannerText -Membertype Properties)) { + throw "XML Element specified does not contain an sshLoginBannerText property." + } + + if ( -not ( $argument | get-member -name passwordExpiry -Membertype Properties)) { + throw "XML Element specified does not contain an passwordExpiry property." + } + + $true + } + else { + throw "Specify a valid CliSettings Configuration object." + } + } Function ValidateIPsec { @@ -14256,6 +14289,129 @@ function Get-NsxcliSettings { end {} } +function Set-NsxcliSettings { + + <# + .SYNOPSIS + Set cliSettings (userName, Status, ssh banner...) of a ESG + + .DESCRIPTION + An NSX Edge Service Gateway provides all NSX Edge services such as firewall, + NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual + appliance can have a total of ten uplink and internal network interfaces and + up to 200 subinterfaces. Multiple external IP addresses can be configured + for load balancer, site‐to‐site VPN, and NAT services. + + The Set-NsxcliSettings cmdlet configure the cli Settings of the ESG + it is mandatory to specified the password... + + .EXAMPLE + Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! + + Change the SSH Password + + .EXAMPLE + Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -remoteAccess:$true + + Enable the SSH on ESG (you can use also use Enable-NsxSSHEdgeSSH) + + .EXAMPLE + Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -username PowerNSX + + Set the SSH username to PowerNSX + + .EXAMPLE + Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -sshLoginBannerText "My Login Banner" + + Change the SSH Login Banner + + .EXAMPLE + Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! - + + Change the SSH Login Banner + + #> + + [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidDefaultValueSwitchParameter","")] # Cant remove without breaking backward compatibility + param ( + + [Parameter (Mandatory=$true,ValueFromPipeline=$true,Position=1)] + [ValidateScript({ ValidateCliSettings $_ })] + [System.Xml.XmlElement]$cliSettings, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [String]$userName, + [Parameter (Mandatory=$true)] + [ValidateNotNullorEmpty()] + [String]$password, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [boolean]$remoteAccess, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [ValidateRange(1,99999)] + [int]$passwordExpiry, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [string]$sshLoginBannerText, + [Parameter (Mandatory=$False)] + #PowerNSX Connection object + [ValidateNotNullOrEmpty()] + [PSCustomObject]$Connection=$defaultNSXConnection + + ) + + begin { + + } + + process { + + #Create private xml element + $_cliSettings = $cliSettings.CloneNode($true) + + #Store the edgeId and remove it from the XML as we need to post it... + $edgeId = $_cliSettings.edgeId + $_cliSettings.RemoveChild( $((Invoke-XPathQuery -QueryMethod SelectSingleNode -Node $_cliSettings -Query 'descendant::edgeId')) ) | out-null + + #Using PSBoundParamters.ContainsKey lets us know if the user called us with a given parameter. + #If the user did not specify a given parameter, we dont want to modify from the existing value. + + if ( $PsBoundParameters.ContainsKey('userName') ) { + $_cliSettings.username = $userName + } + + #You need ALWAYS to specified the password... + Add-XmlElement -xmlRoot $_cliSettings -xmlElementName "password" -xmlElementText $password + + if ( $PsBoundParameters.ContainsKey('remoteAccess') ) { + if ( $remoteAccess ) { + $_cliSettings.remoteAccess = "true" + } else { + $_cliSettings.remoteAccess = "false" + } + } + + if ( $PsBoundParameters.ContainsKey('passwordExpiry') ) { + $_cliSettings.passwordExpiry = $passwordExpiry + } + + if ( $PsBoundParameters.ContainsKey('sshLoginBannerText') ) { + $_cliSettings.sshLoginBannerText = $sshLoginBannerText + } + + $URI = "/api/4.0/edges/$($EdgeId)/clisettings" + $body = $_cliSettings.OuterXml + + Write-Progress -activity "Update Edge Services Gateway (cliSettings) $($edgeId)" + $response = invoke-nsxwebrequest -method "put" -uri $URI -body $body -connection $connection + Write-Progress -activity "Update Edge Services Gateway (cliSettings) $($edgeId)" -completed + Get-NsxEdge -objectId $($edgeId) -connection $connection | Get-NsxcliSettings + } + + end {} +} + ######### ######### # Edge NAT related functions From 1842e13e971e97548bdcf3a06f99b180bcb3a790 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 20 Dec 2017 22:03:53 +0100 Subject: [PATCH 03/17] cliSettings: Add Edge Tests suites for Get/Set-NsxCliSettings --- tests/integration/04.Edge.Tests.ps1 | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tests/integration/04.Edge.Tests.ps1 b/tests/integration/04.Edge.Tests.ps1 index 00ec6cbc..4867a99f 100644 --- a/tests/integration/04.Edge.Tests.ps1 +++ b/tests/integration/04.Edge.Tests.ps1 @@ -726,6 +726,49 @@ Describe "Edge" { } } + Context "CliSettings" { + + it "Can disable SSH" { + $edge = Get-NsxEdge $name + #When deploy pstester ESG, the SSH is enabled + $edge.cliSettings.remoteAccess | should be "true" + #Need Always to set a password to change cliSettings + Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -remoteAccess:$false + $edge = Get-NsxEdge $name + $edge.cliSettings.remoteAccess | should be "false" + } + + it "Can enable SSH" { + Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -remoteAccess:$true + $edge = Get-NsxEdge $name + $edge.cliSettings.remoteAccess | should be "true" + } + + it "Change (SSH) username" { + $edge = Get-NsxEdge $name + #By default it is admin + $edge.cliSettings.userName | should be "admin" + Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -userName powernsx + $edge = Get-NsxEdge $name + $edge.cliSettings.userName | should be "powernsx" + } + + it "Change Password Expiry" { + $edge = Get-NsxEdge $name + #By default it is 99999 + $edge.cliSettings.passwordExpiry | should be "99999" + Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -passwordExpiry 42 + $edge = Get-NsxEdge $name + $edge.cliSettings.passwordExpiry | should be "42" + } + + it "Change sshLoginBannerText" { + Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -sshLoginBannerText "Secure ESG SSH Access don't connect !" + $edge = Get-NsxEdge $name + $edge.cliSettings.sshLoginBannerText | should be "Secure ESG SSH Access don't connect !" + } + } + Context "Misc" { it "Can enable firewall via Set-NsxEdge" { From ab5d54308f00de3fb2199a77c1a4d256b5c7298c Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Thu, 21 Dec 2017 22:23:00 +0100 Subject: [PATCH 04/17] cliSettings: fix typo on examples the SSH username need to be only lowercase and fix missing example for -passwordExpiry --- module/PowerNSX.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index b1bee854..ac9c776f 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14316,7 +14316,7 @@ function Set-NsxcliSettings { Enable the SSH on ESG (you can use also use Enable-NsxSSHEdgeSSH) .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -username PowerNSX + Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -username powernsx Set the SSH username to PowerNSX @@ -14326,9 +14326,9 @@ function Set-NsxcliSettings { Change the SSH Login Banner .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! - + Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -passwordExpiry 30 - Change the SSH Login Banner + Change the SSH Password Expiration to 30 (days) #> From 48399b5896ace4237396790ec908b19f638b1ef6 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sun, 28 Jan 2018 15:35:20 +0100 Subject: [PATCH 05/17] cliSettings: Remove (kill) whitespace --- module/PowerNSX.psm1 | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index ac9c776f..45949ba6 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14266,18 +14266,14 @@ function Get-NsxcliSettings { #> param ( - [Parameter (Mandatory=$true,ValueFromPipeline=$true,Position=1)] [ValidateScript({ ValidateEdge $_ })] [System.Xml.XmlElement]$Edge ) - begin { - - } + begin {} process { - #We append the Edge-id to the associated config XML to enable pipeline workflows and #consistent readable output @@ -14334,7 +14330,6 @@ function Set-NsxcliSettings { [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidDefaultValueSwitchParameter","")] # Cant remove without breaking backward compatibility param ( - [Parameter (Mandatory=$true,ValueFromPipeline=$true,Position=1)] [ValidateScript({ ValidateCliSettings $_ })] [System.Xml.XmlElement]$cliSettings, @@ -14358,15 +14353,11 @@ function Set-NsxcliSettings { #PowerNSX Connection object [ValidateNotNullOrEmpty()] [PSCustomObject]$Connection=$defaultNSXConnection - ) - begin { - - } + begin { } process { - #Create private xml element $_cliSettings = $cliSettings.CloneNode($true) From 1da0749a798363f2b28cb1b2d09ca96beaf6dc48 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sun, 28 Jan 2018 15:45:22 +0100 Subject: [PATCH 06/17] cliSettings: use $variable.ToString().ToLower() instead of the if/else --- module/PowerNSX.psm1 | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 45949ba6..414c7249 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14376,11 +14376,7 @@ function Set-NsxcliSettings { Add-XmlElement -xmlRoot $_cliSettings -xmlElementName "password" -xmlElementText $password if ( $PsBoundParameters.ContainsKey('remoteAccess') ) { - if ( $remoteAccess ) { - $_cliSettings.remoteAccess = "true" - } else { - $_cliSettings.remoteAccess = "false" - } + $_cliSettings.remoteAccess = $remoteAccess.ToString().ToLower() } if ( $PsBoundParameters.ContainsKey('passwordExpiry') ) { From 4df8029cf1e11d522646c753e293c3a56496192b Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sun, 28 Jan 2018 15:58:41 +0100 Subject: [PATCH 07/17] cliSettings: Always check there is XML node before change value --- module/PowerNSX.psm1 | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 414c7249..9bfe84fc 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14369,22 +14369,42 @@ function Set-NsxcliSettings { #If the user did not specify a given parameter, we dont want to modify from the existing value. if ( $PsBoundParameters.ContainsKey('userName') ) { - $_cliSettings.username = $userName + if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::userName" ) { + $_cliSettings.username = $userName + } else { + Add-XmlElement -xmlroot $_cliSettings -xmlElementName "userName" -xmlElementText $userName + } } #You need ALWAYS to specified the password... - Add-XmlElement -xmlRoot $_cliSettings -xmlElementName "password" -xmlElementText $password + if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::password" ) { + $_cliSettings.password = $password + } else { + Add-XmlElement -xmlRoot $_cliSettings -xmlElementName "password" -xmlElementText $password + } if ( $PsBoundParameters.ContainsKey('remoteAccess') ) { + if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::remoteAccess" ) { $_cliSettings.remoteAccess = $remoteAccess.ToString().ToLower() + } else { + Add-XmlElement -xmlroot $_cliSettings -xmlElementName "remoteAccess" -xmlElementText $remoteAccess.ToString().ToLower() + } } if ( $PsBoundParameters.ContainsKey('passwordExpiry') ) { - $_cliSettings.passwordExpiry = $passwordExpiry + if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::passwordExpiry" ) { + $_cliSettings.passwordExpiry = $passwordExpiry + } else { + Add-XmlElement -xmlroot $_cliSettings -xmlElementName "passwordExpiry" -xmlElementText $passwordExpiry + } } if ( $PsBoundParameters.ContainsKey('sshLoginBannerText') ) { - $_cliSettings.sshLoginBannerText = $sshLoginBannerText + if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::sshLoginBannerText" ) { + $_cliSettings.sshLoginBannerText = $sshLoginBannerText + } else { + Add-XmlElement -xmlroot $_cliSettings -xmlElementName "sshLoginBannerText" -xmlElementText $sshLoginBannerText + } } $URI = "/api/4.0/edges/$($EdgeId)/clisettings" From 31fc2042f40df301eb59c007ea3f22d8fe4c2e82 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 30 Jan 2018 23:19:47 +0100 Subject: [PATCH 08/17] cliSettings (Tests): Check before it is possible to retrieve cliSettings --- tests/integration/04.Edge.Tests.ps1 | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/tests/integration/04.Edge.Tests.ps1 b/tests/integration/04.Edge.Tests.ps1 index 4867a99f..cd0f9d39 100644 --- a/tests/integration/04.Edge.Tests.ps1 +++ b/tests/integration/04.Edge.Tests.ps1 @@ -728,10 +728,17 @@ Describe "Edge" { Context "CliSettings" { + it "Can retrieve cliSettings" { + $cliSettings = Get-NsxEdge $name | Get-NsxcliSettings + $cliSettings | should not be NULL + #By default it is admin + $cliSettings.userName | should be "admin" + #By default it is 99999 + $cliSettings.passwordExpiry | should be "99999" + + } it "Can disable SSH" { $edge = Get-NsxEdge $name - #When deploy pstester ESG, the SSH is enabled - $edge.cliSettings.remoteAccess | should be "true" #Need Always to set a password to change cliSettings Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -remoteAccess:$false $edge = Get-NsxEdge $name @@ -745,18 +752,12 @@ Describe "Edge" { } it "Change (SSH) username" { - $edge = Get-NsxEdge $name - #By default it is admin - $edge.cliSettings.userName | should be "admin" Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -userName powernsx $edge = Get-NsxEdge $name $edge.cliSettings.userName | should be "powernsx" } it "Change Password Expiry" { - $edge = Get-NsxEdge $name - #By default it is 99999 - $edge.cliSettings.passwordExpiry | should be "99999" Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -passwordExpiry 42 $edge = Get-NsxEdge $name $edge.cliSettings.passwordExpiry | should be "42" From 72256528473b8c32f11ff941f36402d58fb15e21 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sun, 4 Feb 2018 21:45:19 +0100 Subject: [PATCH 09/17] cliSettings: Add cliSettings to Set-NsxEdge --- module/PowerNSX.psm1 | 60 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 9bfe84fc..e6e098a6 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -13959,6 +13959,25 @@ function Set-NsxEdge { [Parameter (Mandatory=$False)] #Prompt for confirmation. Specify as -confirm:$false to disable confirmation prompt [switch]$Confirm=$true, + + #cliSettings + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [String]$userName, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [String]$password, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [boolean]$remoteAccess, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [ValidateRange(1,99999)] + [int]$passwordExpiry, + [Parameter (Mandatory=$false)] + [ValidateNotNullorEmpty()] + [string]$sshLoginBannerText, + [Parameter (Mandatory=$False)] #PowerNSX Connection object [ValidateNotNullOrEmpty()] @@ -13980,6 +13999,47 @@ function Set-NsxEdge { $_Edge.RemoveChild($edgeSummary) | out-null } + #cliSettings + if ( $PsBoundParameters.ContainsKey('userName') ) { + if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/userName" ) { + $_Edge.cliSettings.username = $userName + } else { + Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "userName" -xmlElementText $userName + } + } + + if ( $PsBoundParameters.ContainsKey('password') ) { + if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/password" ) { + $_Edge.cliSettings.password = $password + } else { + Add-XmlElement -xmlRoot $_Edge.cliSettings -xmlElementName "password" -xmlElementText $password + } + } + + if ( $PsBoundParameters.ContainsKey('remoteAccess') ) { + if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/remoteAccess" ) { + $_Edge.cliSettings.remoteAccess = $remoteAccess.ToString().ToLower() + } else { + Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "remoteAccess" -xmlElementText $remoteAccess.ToString().ToLower() + } + } + + if ( $PsBoundParameters.ContainsKey('passwordExpiry') ) { + if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/passwordExpiry" ) { + $_Edge.cliSettings.passwordExpiry = $passwordExpiry + } else { + Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "passwordExpiry" -xmlElementText $passwordExpiry + } + } + + if ( $PsBoundParameters.ContainsKey('sshLoginBannerText') ) { + if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/sshLoginBannerText" ) { + $_Edge.cliSettings.sshLoginBannerText = $sshLoginBannerText + } else { + Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "sshLoginBannerText" -xmlElementText $sshLoginBannerText + } + } + $URI = "/api/4.0/edges/$($_Edge.Id)" $body = $_Edge.OuterXml From b96366ccc5d5badd6fb1647f7d5220422c386cdb Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sun, 4 Feb 2018 22:37:18 +0100 Subject: [PATCH 10/17] cliSettings: Add testsuite (via Set-NsxEdge) --- tests/integration/04.Edge.Tests.ps1 | 36 +++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tests/integration/04.Edge.Tests.ps1 b/tests/integration/04.Edge.Tests.ps1 index cd0f9d39..a8fc577f 100644 --- a/tests/integration/04.Edge.Tests.ps1 +++ b/tests/integration/04.Edge.Tests.ps1 @@ -768,6 +768,42 @@ Describe "Edge" { $edge = Get-NsxEdge $name $edge.cliSettings.sshLoginBannerText | should be "Secure ESG SSH Access don't connect !" } + + it "Can disable SSH via Set-NsxEdge" { + $edge = Get-NsxEdge $name + Get-NsxEdge $name | Set-NsxEdge -remoteAccess:$false -confirm:$false + $edge = Get-NsxEdge $name + $edge.cliSettings.remoteAccess | should be "false" + } + + it "Can enable SSH via Set-NsxEdge" { + Get-NsxEdge $name | Set-NsxEdge -remoteAccess:$true -confirm:$false + $edge = Get-NsxEdge $name + $edge.cliSettings.remoteAccess | should be "true" + } + + it "Change (SSH) username via Set-NsxEdge" { + Get-NsxEdge $name | Set-NsxEdge -userName powernsxviasetnsxedge -confirm:$false + $edge = Get-NsxEdge $name + $edge.cliSettings.userName | should be "powernsxviasetnsxedge" + } + + it "Change Password Expiry via Set-NsxEdge" { + Get-NsxEdge $name | Set-NsxEdge -passwordExpiry 4242 -confirm:$false + $edge = Get-NsxEdge $name + $edge.cliSettings.passwordExpiry | should be "4242" + } + + it "Change sshLoginBannerText via Set-NsxEdge" { + Get-NsxEdge $name | Set-NsxEdge -sshLoginBannerText "Secured by Set-NsxEdge" -confirm:$false + $edge = Get-NsxEdge $name + $edge.cliSettings.sshLoginBannerText | should be "Secured by Set-NsxEdge" + } + + it "Change Password via Set-NsxEdge" { + Get-NsxEdge $name | Set-NsxEdge -Password "Vmware1!Vmware1!" -confirm:$false + #There is no really check if the value is changed... + } } Context "Misc" { From 09bf088fedba584283e528abb3a7de7a12a5862a Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 5 Feb 2018 18:54:37 +0100 Subject: [PATCH 11/17] cliSettings: You need to change on the sametime userName and Password... Bug or feature ? --- module/PowerNSX.psm1 | 10 +++++++--- tests/integration/04.Edge.Tests.ps1 | 11 ++++------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index e6e098a6..39836f5e 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14001,10 +14001,14 @@ function Set-NsxEdge { #cliSettings if ( $PsBoundParameters.ContainsKey('userName') ) { - if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/userName" ) { - $_Edge.cliSettings.username = $userName + if ( $PsBoundParameters.ContainsKey('password') ) { + if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/userName" ) { + $_Edge.cliSettings.username = $userName + } else { + Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "userName" -xmlElementText $userName + } } else { - Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "userName" -xmlElementText $userName + throw "You need to specify a password for change username..." } } diff --git a/tests/integration/04.Edge.Tests.ps1 b/tests/integration/04.Edge.Tests.ps1 index a8fc577f..0a151e60 100644 --- a/tests/integration/04.Edge.Tests.ps1 +++ b/tests/integration/04.Edge.Tests.ps1 @@ -782,10 +782,12 @@ Describe "Edge" { $edge.cliSettings.remoteAccess | should be "true" } - it "Change (SSH) username via Set-NsxEdge" { - Get-NsxEdge $name | Set-NsxEdge -userName powernsxviasetnsxedge -confirm:$false + it "Change (SSH) username (and Password) via Set-NsxEdge" { + #it is mandatory to change username (and Password) on the same time (bug or feature ?) + Get-NsxEdge $name | Set-NsxEdge -userName powernsxviasetnsxedge -Password "Vmware1!Vmware1!" -confirm:$false $edge = Get-NsxEdge $name $edge.cliSettings.userName | should be "powernsxviasetnsxedge" + #It is impossible to check if the password is modified... } it "Change Password Expiry via Set-NsxEdge" { @@ -799,11 +801,6 @@ Describe "Edge" { $edge = Get-NsxEdge $name $edge.cliSettings.sshLoginBannerText | should be "Secured by Set-NsxEdge" } - - it "Change Password via Set-NsxEdge" { - Get-NsxEdge $name | Set-NsxEdge -Password "Vmware1!Vmware1!" -confirm:$false - #There is no really check if the value is changed... - } } Context "Misc" { From 927dc142061f20e5b030f6b379c0f2095e18d1e4 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 6 Feb 2018 07:49:25 +0100 Subject: [PATCH 12/17] cliSettings: Add example for cliSettings with Set-NsxEdge --- module/PowerNSX.psm1 | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 39836f5e..8559df8d 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -13947,6 +13947,31 @@ function Set-NsxEdge { Disable the Edge Firewall on ESG Edge01 + .EXAMPLE + Get-NsxEdge Edge01 | Set-NsxEdge -password Vmware1!Vmware1! + + Change the SSH Password + + .EXAMPLE + Get-NsxEdge Edge01 | Set-NsxEdge -remoteAccess:$true + + Enable the SSH on ESG (you can use also use Enable-NsxSSHEdgeSSH) + + .EXAMPLE + Get-NsxEdge Edge01 | Set-NsxEdge -username powernsx -password Vmware1!Vmware1! + + Set the SSH username to PowerNSX (You need to change/set the password on the sametime) + + .EXAMPLE + Get-NsxEdge Edge01 | Set-NsxEdge -sshLoginBannerText "My Login Banner" + + Change the SSH Login Banner + + .EXAMPLE + Get-NsxEdge Edge01 | Set-NsxEdge -passwordExpiry 30 + + Change the SSH Password Expiration to 30 (days) + #> [CmdletBinding()] From 9af0e787d034ccdc44a800d78acb3b3f45a6de65 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 16 Mar 2018 11:42:05 +0100 Subject: [PATCH 13/17] cliSettings: Remove test-suite for [Get|Set]-NsxcliSettings --- tests/integration/04.Edge.Tests.ps1 | 50 ++++++----------------------- 1 file changed, 9 insertions(+), 41 deletions(-) diff --git a/tests/integration/04.Edge.Tests.ps1 b/tests/integration/04.Edge.Tests.ps1 index 0a151e60..076ff1c9 100644 --- a/tests/integration/04.Edge.Tests.ps1 +++ b/tests/integration/04.Edge.Tests.ps1 @@ -729,60 +729,28 @@ Describe "Edge" { Context "CliSettings" { it "Can retrieve cliSettings" { - $cliSettings = Get-NsxEdge $name | Get-NsxcliSettings - $cliSettings | should not be NULL + $edge = Get-NsxEdge $name + $edge.cliSettings | should not be NULL #By default it is admin - $cliSettings.userName | should be "admin" + $edge.cliSettings.userName | should be "admin" #By default it is 99999 - $cliSettings.passwordExpiry | should be "99999" - - } - it "Can disable SSH" { - $edge = Get-NsxEdge $name - #Need Always to set a password to change cliSettings - Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -remoteAccess:$false - $edge = Get-NsxEdge $name - $edge.cliSettings.remoteAccess | should be "false" - } - - it "Can enable SSH" { - Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -remoteAccess:$true - $edge = Get-NsxEdge $name - $edge.cliSettings.remoteAccess | should be "true" - } - - it "Change (SSH) username" { - Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -userName powernsx - $edge = Get-NsxEdge $name - $edge.cliSettings.userName | should be "powernsx" + $edge.cliSettings.passwordExpiry | should be "99999" } - it "Change Password Expiry" { - Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -passwordExpiry 42 - $edge = Get-NsxEdge $name - $edge.cliSettings.passwordExpiry | should be "42" - } - - it "Change sshLoginBannerText" { - Get-NsxEdge $name | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -sshLoginBannerText "Secure ESG SSH Access don't connect !" - $edge = Get-NsxEdge $name - $edge.cliSettings.sshLoginBannerText | should be "Secure ESG SSH Access don't connect !" - } - - it "Can disable SSH via Set-NsxEdge" { + it "Can disable SSH" { $edge = Get-NsxEdge $name Get-NsxEdge $name | Set-NsxEdge -remoteAccess:$false -confirm:$false $edge = Get-NsxEdge $name $edge.cliSettings.remoteAccess | should be "false" } - it "Can enable SSH via Set-NsxEdge" { + it "Can enable SSH" { Get-NsxEdge $name | Set-NsxEdge -remoteAccess:$true -confirm:$false $edge = Get-NsxEdge $name $edge.cliSettings.remoteAccess | should be "true" } - it "Change (SSH) username (and Password) via Set-NsxEdge" { + it "Change (SSH) username (and Password)" { #it is mandatory to change username (and Password) on the same time (bug or feature ?) Get-NsxEdge $name | Set-NsxEdge -userName powernsxviasetnsxedge -Password "Vmware1!Vmware1!" -confirm:$false $edge = Get-NsxEdge $name @@ -790,13 +758,13 @@ Describe "Edge" { #It is impossible to check if the password is modified... } - it "Change Password Expiry via Set-NsxEdge" { + it "Change Password Expiry" { Get-NsxEdge $name | Set-NsxEdge -passwordExpiry 4242 -confirm:$false $edge = Get-NsxEdge $name $edge.cliSettings.passwordExpiry | should be "4242" } - it "Change sshLoginBannerText via Set-NsxEdge" { + it "Change sshLoginBannerText" { Get-NsxEdge $name | Set-NsxEdge -sshLoginBannerText "Secured by Set-NsxEdge" -confirm:$false $edge = Get-NsxEdge $name $edge.cliSettings.sshLoginBannerText | should be "Secured by Set-NsxEdge" From 225dc21cf61c38368b9e18a344bf6223e48dca35 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 16 Mar 2018 11:52:39 +0100 Subject: [PATCH 14/17] cliSettings: Remove [Get|Set]-NsxcliSettings use Set-NsxEdge for modify cliSettings --- module/Include.ps1 | 2 - module/PowerNSX.psm1 | 176 ------------------------------------------- 2 files changed, 178 deletions(-) diff --git a/module/Include.ps1 b/module/Include.ps1 index 406dc835..e39a81d1 100644 --- a/module/Include.ps1 +++ b/module/Include.ps1 @@ -99,8 +99,6 @@ $FunctionsToExport = @( 'Get-NsxEdgeStatus', 'Enable-NsxEdgeSsh', 'Disable-NsxEdgeSsh', - 'Get-NsxcliSettings', - 'Set-NsxcliSettings', 'Set-NsxEdgeNat', 'Get-NsxEdgeNat', 'Get-NsxEdgeNatRule', diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 8559df8d..6f52d687 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14332,182 +14332,6 @@ function Disable-NsxEdgeSsh { } -function Get-NsxcliSettings { - - <# - .SYNOPSIS - Gets cliSettings (userName, Status, ssh banner...) of a ESG - - .DESCRIPTION - An NSX Edge Service Gateway provides all NSX Edge services such as firewall, - NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual - appliance can have a total of ten uplink and internal network interfaces and - up to 200 subinterfaces. Multiple external IP addresses can be configured - for load balancer, site‐to‐site VPN, and NAT services. - - The Get-NsxcliSettings cmdlet retreives the cli Settings of the ESG - - .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings - - Get current cli Settings - - #> - - param ( - [Parameter (Mandatory=$true,ValueFromPipeline=$true,Position=1)] - [ValidateScript({ ValidateEdge $_ })] - [System.Xml.XmlElement]$Edge - ) - - begin {} - - process { - #We append the Edge-id to the associated config XML to enable pipeline workflows and - #consistent readable output - - $_cliSettings = $Edge.cliSettings.CloneNode($True) - Add-XmlElement -xmlRoot $_cliSettings -xmlElementName "edgeId" -xmlElementText $Edge.Id - $_cliSettings - } - - end {} -} - -function Set-NsxcliSettings { - - <# - .SYNOPSIS - Set cliSettings (userName, Status, ssh banner...) of a ESG - - .DESCRIPTION - An NSX Edge Service Gateway provides all NSX Edge services such as firewall, - NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual - appliance can have a total of ten uplink and internal network interfaces and - up to 200 subinterfaces. Multiple external IP addresses can be configured - for load balancer, site‐to‐site VPN, and NAT services. - - The Set-NsxcliSettings cmdlet configure the cli Settings of the ESG - it is mandatory to specified the password... - - .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! - - Change the SSH Password - - .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -remoteAccess:$true - - Enable the SSH on ESG (you can use also use Enable-NsxSSHEdgeSSH) - - .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -username powernsx - - Set the SSH username to PowerNSX - - .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -sshLoginBannerText "My Login Banner" - - Change the SSH Login Banner - - .EXAMPLE - Get-NsxEdge Edge01 | Get-NsxcliSettings | Set-NsxCliSettings -password Vmware1!Vmware1! -passwordExpiry 30 - - Change the SSH Password Expiration to 30 (days) - - #> - - [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidDefaultValueSwitchParameter","")] # Cant remove without breaking backward compatibility - param ( - [Parameter (Mandatory=$true,ValueFromPipeline=$true,Position=1)] - [ValidateScript({ ValidateCliSettings $_ })] - [System.Xml.XmlElement]$cliSettings, - [Parameter (Mandatory=$false)] - [ValidateNotNullorEmpty()] - [String]$userName, - [Parameter (Mandatory=$true)] - [ValidateNotNullorEmpty()] - [String]$password, - [Parameter (Mandatory=$false)] - [ValidateNotNullorEmpty()] - [boolean]$remoteAccess, - [Parameter (Mandatory=$false)] - [ValidateNotNullorEmpty()] - [ValidateRange(1,99999)] - [int]$passwordExpiry, - [Parameter (Mandatory=$false)] - [ValidateNotNullorEmpty()] - [string]$sshLoginBannerText, - [Parameter (Mandatory=$False)] - #PowerNSX Connection object - [ValidateNotNullOrEmpty()] - [PSCustomObject]$Connection=$defaultNSXConnection - ) - - begin { } - - process { - #Create private xml element - $_cliSettings = $cliSettings.CloneNode($true) - - #Store the edgeId and remove it from the XML as we need to post it... - $edgeId = $_cliSettings.edgeId - $_cliSettings.RemoveChild( $((Invoke-XPathQuery -QueryMethod SelectSingleNode -Node $_cliSettings -Query 'descendant::edgeId')) ) | out-null - - #Using PSBoundParamters.ContainsKey lets us know if the user called us with a given parameter. - #If the user did not specify a given parameter, we dont want to modify from the existing value. - - if ( $PsBoundParameters.ContainsKey('userName') ) { - if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::userName" ) { - $_cliSettings.username = $userName - } else { - Add-XmlElement -xmlroot $_cliSettings -xmlElementName "userName" -xmlElementText $userName - } - } - - #You need ALWAYS to specified the password... - if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::password" ) { - $_cliSettings.password = $password - } else { - Add-XmlElement -xmlRoot $_cliSettings -xmlElementName "password" -xmlElementText $password - } - - if ( $PsBoundParameters.ContainsKey('remoteAccess') ) { - if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::remoteAccess" ) { - $_cliSettings.remoteAccess = $remoteAccess.ToString().ToLower() - } else { - Add-XmlElement -xmlroot $_cliSettings -xmlElementName "remoteAccess" -xmlElementText $remoteAccess.ToString().ToLower() - } - } - - if ( $PsBoundParameters.ContainsKey('passwordExpiry') ) { - if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::passwordExpiry" ) { - $_cliSettings.passwordExpiry = $passwordExpiry - } else { - Add-XmlElement -xmlroot $_cliSettings -xmlElementName "passwordExpiry" -xmlElementText $passwordExpiry - } - } - - if ( $PsBoundParameters.ContainsKey('sshLoginBannerText') ) { - if ( invoke-xpathquery -node $_cliSettings -querymethod SelectSingleNode -Query "child::sshLoginBannerText" ) { - $_cliSettings.sshLoginBannerText = $sshLoginBannerText - } else { - Add-XmlElement -xmlroot $_cliSettings -xmlElementName "sshLoginBannerText" -xmlElementText $sshLoginBannerText - } - } - - $URI = "/api/4.0/edges/$($EdgeId)/clisettings" - $body = $_cliSettings.OuterXml - - Write-Progress -activity "Update Edge Services Gateway (cliSettings) $($edgeId)" - $response = invoke-nsxwebrequest -method "put" -uri $URI -body $body -connection $connection - Write-Progress -activity "Update Edge Services Gateway (cliSettings) $($edgeId)" -completed - Get-NsxEdge -objectId $($edgeId) -connection $connection | Get-NsxcliSettings - } - - end {} -} - ######### ######### # Edge NAT related functions From 42b4005e204792c535e38086cf73bf42cea6fd7c Mon Sep 17 00:00:00 2001 From: Dale Coghlan Date: Sat, 3 Aug 2019 09:21:57 +1000 Subject: [PATCH 15/17] Updated edge test to fix failures fixed correct usage of $null --- tests/integration/04.Edge.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/04.Edge.Tests.ps1 b/tests/integration/04.Edge.Tests.ps1 index 076ff1c9..4591d47d 100644 --- a/tests/integration/04.Edge.Tests.ps1 +++ b/tests/integration/04.Edge.Tests.ps1 @@ -730,7 +730,7 @@ Describe "Edge" { it "Can retrieve cliSettings" { $edge = Get-NsxEdge $name - $edge.cliSettings | should not be NULL + $edge.cliSettings | should not be $null #By default it is admin $edge.cliSettings.userName | should be "admin" #By default it is 99999 From 0a4544ff5565845a96c0cbac3162e9dc71f69835 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 5 Aug 2019 23:40:57 +0200 Subject: [PATCH 16/17] Set-NsxEdge(cliSettings): fix passwordExpiry (need to be ToString()) --- module/PowerNSX.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index 6f52d687..d27822cb 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14057,7 +14057,7 @@ function Set-NsxEdge { if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/passwordExpiry" ) { $_Edge.cliSettings.passwordExpiry = $passwordExpiry } else { - Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "passwordExpiry" -xmlElementText $passwordExpiry + Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "passwordExpiry" -xmlElementText $passwordExpiry.ToString() } } From 65290c1d19dad13acc58ca62e0aa956d891d4082 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Mon, 12 Aug 2019 12:31:12 +0200 Subject: [PATCH 17/17] Set-NsxEdge(cliSettings): fix passwordExpiry (need to be ToString()) Part 2... --- module/PowerNSX.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/PowerNSX.psm1 b/module/PowerNSX.psm1 index d27822cb..de210211 100644 --- a/module/PowerNSX.psm1 +++ b/module/PowerNSX.psm1 @@ -14055,7 +14055,7 @@ function Set-NsxEdge { if ( $PsBoundParameters.ContainsKey('passwordExpiry') ) { if ( invoke-xpathquery -node $_Edge -querymethod SelectSingleNode -Query "child::cliSettings/passwordExpiry" ) { - $_Edge.cliSettings.passwordExpiry = $passwordExpiry + $_Edge.cliSettings.passwordExpiry = $passwordExpiry.ToString() } else { Add-XmlElement -xmlroot $_Edge.cliSettings -xmlElementName "passwordExpiry" -xmlElementText $passwordExpiry.ToString() }