3 Replies Latest reply on Feb 19, 2019 9:27 PM by 8paul

    Starting a 2nd template after job of 1st template is done

    swg

      Hello everyone,

       

      We use a template to create an AD user.

       

      If the job has finished we would like to immediately open a second template for different other things e.g. create a security group right after

       

      Or is it possible to put CreateNewUser  and  CreateNewGroup  inside one template which creates both user and the group?

       

       

      Thanks

        • Re: Starting a 2nd template after job of 1st template is done
          8paul

          Hi swg,

           

          the way to do that would be to execute a call against the Web API from the attached script execution. There are methods in the API that allow you to create Objects either by template or without (and also a bit more other stuff).

          Please ask your rep for documentation.

           

          Regards

          Paul

            • Re: Starting a 2nd template after job of 1st template is done
              paddy75

              I have the same question. It would be nice to open a second template then an open order for example.

              @8paul, do you have some examples how to emplement it?

              Regards,
              Patrick

                • Re: Starting a 2nd template after job of 1st template is done
                  8paul

                  Hi Patrick,

                   

                  i dont have an example that´s calling a template based function right now. I hope the following works as a general example, the different methods and parameters should be available in the docs. At the moment I am not aware of any method to call OpenTemplates through the API though.

                  Here is an example of how to use the API with powershell to add an account to a group (log in with username and password):

                   

                   

                  $baseUrl = "https://localhost"

                  $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession

                  $loginUrl = $baseUrl + '/Session/login?username=demoadmin&domain=8man-demo&password=Passw0rd'

                   

                   

                  $webrequest = Invoke-RestMethod -uri $loginUrl -Method Get -SessionVariable websession

                  $webrequest

                  $cookies = $websession.Cookies.GetCookies($loginUrl)

                  $cookies

                  $session.Cookies.Add($cookies);

                   

                   

                  $body = '{"groupAccountDn":"CN=Clean - Marketing,OU=clean!,DC=8man-demo,DC=local","accountDnsToAdd":["CN=testuser,OU=Sales,OU=Berlin,DC=8man-demo,DC=local"],"comment":"blub"}'

                  $changeGM_URI= $baseUrl + "/api/v1/account/groupmember"

                   

                   

                  $webrequest = Invoke-RestMethod -Uri $changeGM_URI -WebSession $session -Method Post -Body $body -ContentType "application/json"

                  Invoke-WebRequest -Uri $changeGM_URI -WebSession $session -Method Post -Body $body -ContentType "application/json"

                   

                  When calling the API through a script that has been executed by ARM itself like in the suggested scenario you can also define {authZtoken} as an additional parameter and use that token value to authenticate to the API like this:

                   

                  param(

                  [string] $authZToken,

                  [string] $groupname,

                  ...

                  )

                   

                       ....

                   

                      $baseUrl = "https://localhost"

                      $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession

                      $loginUrl = $baseUrl + "/Session/loginWithToken?token=$authZToken"

                   

                       ...

                   

                   

                  If you are using a self signed or untrusted SSL certificate you might also run into certificate verification errors using the above code. To temporarily disable the SSL verification you can execute this function:

                   

                  function Disable-SslVerification

                  {

                      if (-not ([System.Management.Automation.PSTypeName]"TrustEverything").Type)

                      {

                          Add-Type -TypeDefinition  @"

                  using System.Net.Security;

                  using System.Security.Cryptography.X509Certificates;

                  public static class TrustEverything

                  {

                      private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain,

                          SslPolicyErrors sslPolicyErrors) { return true; }

                      public static void SetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; }

                      public static void UnsetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; }

                  }

                  "@

                      }

                      [TrustEverything]::SetCallback()

                  }

                   

                  To enable it again you can use this function:

                   

                  function Enable-SslVerification

                  {

                      if (([System.Management.Automation.PSTypeName]"TrustEverything").Type)

                      {

                          [TrustEverything]::UnsetCallback()

                      }

                  }

                   

                  Best

                  8Paul