Posts From December, 2017

Obfuscate username and passwords in Powershell

There are a whole host of blogs on how to encrypt passwords using PowerShell.  For the best security, those approaches should be followed, not this approach.  I wanted to not include my password and username information in scripts, yet also not go through the setup required for encryption to work (from what I gathered, this encryption is machine and user specific -- not the setup tasks that I wanted to pursue.)

The steps are similar -- create a file with the text coded, then read that file and decode the text to use in the PowerShell script.

PowerShell to code text to a file:

#this is simple obfuscation method for password not appearing as clear text in powershell script
 
# change the three items below to satisfy your needs
$acc = "myaccount"
$pass = "mypassword"
$filelocation = "E:\folder_where_files_are_saved"
 
[System.Text.Encoding]::Unicode.GetBytes($acc) | Set-Content $filelocation'\am.txt' 
[System.Text.Encoding]::Unicode.GetBytes($pass) | Set-Content $filelocation'\amp.txt' 
 
 
Then, in a PowerShell script to use the saved files, add these rows to retreive the username and password:
$filelocation = "E:\folder_where_files_are_saved"
 
# Get username and password from files created by obfuscation method
$gu = Get-Content $filelocation'\am.txt'  -ReadCount 0
$username = [system.text.encoding]::Unicode.GetString($gu)
 
$gp = Get-Content $filelocation'\amp.txt'  -ReadCount 0
$password = [system.text.encoding]::Unicode.GetString($gp)
Gravatar

Tableau Server refresh all extracts using REST API

Just worked through the 10.3 REST API for refreshing data extracts on the server.  The documentation language was all there, just not tremedously clear as the explanation paragraphs state that some parameters need to appear, yet the example doesn't reflect those parameters being present.  The missing piece -- adding the -ContentType parameter to the invoke statement is alluded to in the instructions, but as stated before, not present in the example.

I work with PowerShell to invoke the REST API as PowerShell comes with every Windows PC, which is what use.  The syntax shown below would need to be changed if some other shell language were used.

 

Some caveats to get PowerShell to run a script on your PC:


1. If you want to run this as a script from a saved file (extension to save PowerShell script files is .ps1), then you find that the PowerShell won't run the script, it is likely due to the PC having Restricted the ability to Execute scripts.  This must be changed in order to run a script from a file.  Some people suggest resetting the script Execution policy to unrestricted, but that opens the PC up to unknowns when also browsing the internet.  Instead, setting the policy to 'remotesigned' permits only local scripts and signed internet scripts to run.  After running your local scripts on a PC, for safety, you can also just set the Execution policy back to 'restricted'.

 

To reset the Execution policy, the logged in person must have PC admin rights AND the Windows PowerShell ISE must be launched with the 'Run as Administrator' option.

Then run these two command -- the first is to obtain the policy as it currently exists (should you want to revert) and the second changes the policy.  The policy cannot be changed from within a script, so these commands must be run manually.

$original_policy = Get-ExecutionPolicy

Set-ExecutionPolicy remotesigned

 

2. The default TLS protocols on Windows 10 PC's doesn't typically enable all the protocols needed for the WebMethods to work properly.  Enable all three TLS protocols (TLS, TLS1.1, TLS1.2) by also running this PowerShell command while you are in 'Run as Administrator' mode.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

 

Powershell to Kickoff Tableau Server Extract Refresh - all extracts:

 

#Tableau Server - where data resides and extracts need refreshing

# Setup to connect

$server = "http://tableauserver"

$s = Invoke-RestMethod -Uri $server/api/2.4/serverinfo -Method get #works on server version 10.1 and later

$api = $s.tsResponse.serverInfo.restApiVersion  #10.3 server

 

$username = “some_tableau_admin_username”

$password = “password for above user”

$sitelogin = "mysite"  #site name where extracts exist

 

# generate body for sign in

$signin_body = (’<tsRequest>

  <credentials name=“’ + $username + ’” password=“’+ $password + ’” >

    <site contentUrl="'+$sitelogin +'" />

  </credentials>

</tsRequest>’)

$response = Invoke-RestMethod -Uri $server/api/$api/auth/signin -Body $signin_body -Method post

# save the auth token, site id and my user id

$authToken = $response.tsResponse.credentials.token

$siteID = $response.tsResponse.credentials.site.id

$myUserID = $response.tsResponse.credentials.user.id

$siteURL = $response.tsResponse.credentials.site.contentUrl

 

# set up header fields with auth token

$headers = New-Object “System.Collections.Generic.Dictionary[[String],[String]]”

 

# add X-Tableau-Auth header with our auth token

$headers.Add(“X-Tableau-Auth”, $authToken)

 

#tests whether logged in user is an Administrator  (site or server)

$loginUserid = Invoke-RestMethod -Uri $server/api/$api/sites/$siteID/users/$myUserID -Headers $headers -Method Get

$admin = $loginUserid.tsResponse.user.siteRole -like "*Administrator"

 

#create body element required for refresh extract POST

$refresh_body = (

’<tsRequest>

</tsRequest>’

)

 

# only admin can perform extractRefresh, so this next set of commands only execute when logged in user is an admin

if ($admin)

{

#get list of extract tasks from server -- Tableau 10.3 REST API can only kick off an extract task, not an individual Extract refresh

#this gets list of all extracts -- no filter applied to select a schedule, owner, priority, workbook, etc.

$extractlist = Invoke-RestMethod -Uri $server/api/$api/sites/$siteID/tasks/extractRefreshes -Headers $headers -Method Get

 

Foreach ($taskid in $extractlist.tsResponse.tasks.task.extractrefresh.id)

{

$runnow = Invoke-RestMethod -Uri $server/api/$api/sites/$siteID/tasks/extractRefreshes/$taskid/runNow -Headers $headers -Body $refresh_body -ContentType "application/xml" -Method POST

}

}

Gravatar
Copyright© Brad Earle
Site Map | Printable View | © 2008 - 2021 KB Earle Associates LLC | |