
# Proxmox VE Module 1.0
# Generated OpenApiDescription to render Modules via OpenapiGenerator
# Version: 0.1
# Contact:
# Generated by OpenAPI Generator:


Get the configuration object 'PVEConfiguration'.


function Get-PVEConfiguration{

    if(($Script:Configuration.Count -eq 0) -and (Test-Path ($env:USERPROFILE + '\PVESettings.txt'))){
            $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR((Get-Content ($env:USERPROFILE + '\PVESettings.txt') | ConvertTo-SecureString))
            $Unsecure = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
            $Script:Configuration = $Unsecure | ConvertFrom-Json -AsHashtable
            $Credential = New-Object System.Management.Automation.PSCredential($Script:Configuration["Credential"].UserName, (ConvertTo-SecureString $Script:Configuration["Credential"].Password))
            Invoke-PVELogin -Silent
            return $Script:Configuration

    $Configuration = $Script:Configuration

    if ([string]::IsNullOrEmpty($Configuration["BaseUrl"])){
        $Configuration["BaseUrl"] = "http://localhost";

    if (!$Configuration.containsKey("Credential")){
        $Configuration["Credential"] = $null

    if (!$Configuration.containsKey("TokenId")){
        $Configuration["TokenId"] = $null

    if (!$Configuration.containsKey("ApiToken")){
        $Configuration["ApiToken"] = $null

    if (!$Configuration["DefaultHeaders"]){
        $Configuration["DefaultHeaders"] = @{}

    if (!$Configuration.containsKey("SkipCertificateCheck")){
        $Configuration["SkipCertificateCheck"] = $false

    if (!$Configuration.containsKey("Proxy")){
        $Configuration["Proxy"] = $null
    Return $Configuration


Set the configuration.


Base URL of the HTTP endpoints

API Key for authentication/authorization

Cookie for authentication/authorization

.PARAMETER AccessToken
Access token for authentication/authorization

.PARAMETER SkipCertificateCheck
Skip certificate verification

.PARAMETER DefaultHeaders
Default HTTP headers to be included in the HTTP request

Proxy setting in the HTTP request, e.g.

$proxy = [System.Net.WebRequest]::GetSystemWebProxy()
$proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials

Return an object of the Configuration



function Set-PVEConfiguration{

        [PSCredential] $Credential,
        [string] $LoginMethod,


            # validate URL
            $URL = $BaseUrl -as [System.URI]
            if (!($null -ne $URL.AbsoluteURI -and $URL.Scheme -match '[http|https]')){
                throw "Invalid URL '$($BaseUrl)' cannot be used in the base URL."
            $Script:Configuration["BaseUrl"] = $BaseUrl

            $Script:Configuration['Credential'] = $Credential

            $Script:Configuration['LoginMethod'] = $LoginMethod

        if ($DefaultHeaders){
            $Script:Configuration['DefaultHeaders'] = $DefaultHeaders

        if ($Proxy -ne $null){
            if ($Proxy.GetType().FullName -ne "System.Net.SystemWebProxy" -and $Proxy.GetType().FullName -ne "System.Net.WebRequest+WebProxyWrapperOpaque"){
                throw "Incorrect Proxy type '$($Proxy.GetType().FullName)'. Must be System.Net.SystemWebProxy or System.Net.WebRequest+WebProxyWrapperOpaque."
            $Script:Configuration['Proxy'] = $Proxy
        } else{
            $Script:Configuration['Proxy'] = $null
        if ($Persistent){
            $SaveConfig = $Script:Configuration
            $SaveConfig["Credential"] = @{
                UserName = $Script:Configuration["Credential"].UserName
                Password = (ConvertFrom-SecureString -String $Script:Configuration["Credential"].Password)
            $SaveConfig | ConvertTo-Json -Compress | ConvertTo-SecureString -AsPlainText | ConvertFrom-SecureString  | set-content ($env:USERPROFILE + '\PVESettings.txt')

        if ($PassThru){

function Invoke-PVELogin {

            throw "Error: BaseUrl not set in Configuration"
            $Script:Configuration["BaseUrl"] = Read-Host "BaseUrl not set. Please insert the BaseUrl to your PVE Api. e.G. https://pve.local:8006/api2/json"
    $oldLoginMethod = $script:Configuration["LoginMethod"]
        $script:Configuration["LoginMethod"] = $LoginMethod
        $LoginMethod = $Script:Configuration["LoginMethod"]
            Write-Host "Using login method $LoginMethod set via configuration."
            throw "Error: Login Method not given in Configuration but needed in Silent mode. Please set the LoginMethod with the Set-Configuration cmdlet."
        $AskMethod = $true
        $AskCount = 0
            $UserChoice = Read-Host -Prompt "LoginMethod not set, please choose one of the following by inserting: [token]|ticket"
            $LoginMethod = (!$UserChoice) ? "token" : $UserChoice
            $AskMethod = $LoginMethod -notmatch "token|ticket"
                Write-Host "Wrong input. Please type: 'token' or 'ticket'. Leave it blank to choose token."
                if(++$AskCount -eq 5){
                    Write-Host "Aborting."
                $Script:Configuration["LoginMethod"] = $LoginMethod
    $UserChoice = "y"
    if($script:Configuration["Credential"] -and !$Silent -and $oldLoginMethod -eq $LoginMethod){
        $AskCount = 0
        $AskCreds = $true
            $UserChoice = Read-Host -Prompt "Credential already given in Configuration, insert new one? [y]|n"
            $UserChoice = (!$UserChoice) ? "y" : $UserChoice
            $AskCreds = $UserChoice -notmatch "y|n|yes|no"
                Write-Host "Wrong input. Please type: 'y' for yes or 'n' for no. Leave it blank to choose yes."
                if(++$AskCount -eq 5){
                    Write-Host "Aborting."
    if($UserChoice -eq "y"){
            { $_ -eq "token" }{
                Write-Host "Login method 'Token' chosen. Please insert your Proxmox TokenId <USER@REALM>!<GROUP> as Username and your Proxmox VE ApiToken as Password."
                Write-Host ""
            { $_ -eq "ticket" }{
                Write-Host "Login method 'Ticket' chosen. Please insert your Proxmox Credentials."
                Write-Host ""
        $script:Configuration["Credential"] = (Get-Credential -Message "Proxmox VE $($LoginMethod -replace "^t","T") Authentication:")
    if($LoginMethod -eq "ticket"){
            $LoginUri = "$($Script:Configuration["BaseUrl"])/access/ticket"
            $crds = $Script:Configuration["Credential"]
            $LoginResponse = Invoke-WebRequest `
                                -Uri $LoginUri `
                                -Method Post `
                                -Body @{ 
                                    username = $crds.UserName
                                    password = (DecryptSecureString -SecureString $crds.Password)
                                } `
                                -ContentType "application/x-www-form-urlencoded" `
                                -ErrorAction Stop
            if($LoginResponse.StatusCode -eq 200){
                $LoginData = $LoginResponse.Content | ConvertFrom-Json
                $script:AuthData["Ticket"] = (ConvertTo-SecureString -String $ -AsPlainText -Force)
                $script:AuthData["CSRFPreventionToken"] = (ConvertTo-SecureString -String $ -AsPlainText -Force)
                    throw "Login failed: $($LoginResponse.Content)"
                    Write-Host "Login failed:" -ForegroundColor Red
                    Write-Host $LoginResponse.Content -ForegroundColor Red
                throw "Login failed: $($_.Exception.Message)"
                Write-Host "Login failed:" -ForegroundColor Red
                Write-Host $_.Exception.Message -ForegroundColor Red
    if($LoginMethod -eq "token"){
        $AuthHeaders = @{
            Authorization = ("PVEAPIToken {0}={1}" -f $Script:Configuration["Credential"].UserName,(DecryptSecureString -SecureString $Script:Configuration["Credential"].Password))
            $LoginResponse = Invoke-WebRequest -Uri $Script:Configuration["BaseUrl"] -Method Get -Headers $AuthHeaders
            if($LoginResponse.StatusCode -eq 200){
                $Script:AuthData["PVEAPIToken"] = (ConvertTo-SecureString -String $AuthHeaders.Authorization -AsPlainText -Force)
                    throw "Login failed: $($LoginResponse.Content)"
                    Write-Host "Login failed:" -ForegroundColor Red
                    Write-Host $LoginResponse.Content -ForegroundColor Red
                throw "Login failed: $($_.Exception.Message)"
                Write-Host "Login failed:" -ForegroundColor Red
                Write-Host $_.Exception.Message -ForegroundColor Red
    $Script:AuthData["LoggedIn"] = $true
        Write-Host -ForegroundColor Green "Login successful"
        $SaveLoginData = Read-Host -Prompt "Save login data to persistent Configuration? y|[n]"
        if(!$SaveLoginData){ $SaveLoginData = "n" }
        $AskAgain = $SaveLoginData -notmatch "y|n"
        $AskCount = 0
            Write-Host "Wrong input. Please type: 'y' for yes or 'n' for no. Leave it blank to choose 'no'."
            if(++$AskCount -eq 5){
                Write-Host "Abort. Didn't save login data in Configuration"
        if($SaveLoginData -eq "y"){
            Set-PVEConfiguration -Persistent
            Write-Host "done."
        return $true

Sets the configuration for http signing.

Sets the configuration for the HTTP signature security scheme.
The HTTP signature security scheme is used to sign HTTP requests with a key
which is in possession of the API client.
An 'Authorization' header is calculated by creating a hash of select headers,
and optionally the body of the HTTP request, then signing the hash value using
a key. The 'Authorization' header is added to outbound HTTP requests.


KeyId for HTTP signing

KeyFilePath for HTTP signing

.PARAMETER KeyPassPhrase
KeyPassPhrase, if the HTTP signing key is protected

.PARAMETER HttpSigningHeader
HttpSigningHeader list of HTTP headers used to calculate the signature. The two special signature headers '(request-target)' and '(created)'
SHOULD be included.
    The '(created)' header expresses when the signature was created.
    The '(request-target)' header is a concatenation of the lowercased :method, an
    ASCII space, and the :path pseudo-headers.
If no headers are specified then '(created)' sets as default.

.PARAMETER HashAlgorithm
HashAlgorithm to calculate the hash, Supported values are "sha256" and "sha512"

.PARAMETER SigningAlgorithm
SigningAlgorithm specifies the signature algorithm, supported values are "RSASSA-PKCS1-v1_5" and "RSASSA-PSS"
RSA key : Supported values "RSASSA-PKCS1-v1_5" and "RSASSA-PSS", for ECDSA key this parameter is not applicable

.PARAMETER SignatureValidityPeriod
SignatureValidityPeriod specifies the signature maximum validity time in seconds. It accepts integer value



function Set-PVEConfigurationHttpSigning{
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $false)]
        [Parameter(Mandatory = $false)]
        [string[]] $HttpSigningHeader = @("(created)"),
        [Parameter(Mandatory = $false)]
        [ValidateSet("sha256", "sha512")]
        [string] $HashAlgorithm = "sha256",
        [Parameter(Mandatory = $false)]
        [ValidateSet("RSASSA-PKCS1-v1_5", "RSASSA-PSS")]
        [string]$SigningAlgorithm ,
        [Parameter(Mandatory = $false)]

        $httpSignatureConfiguration = @{ }

        if (Test-Path -Path $KeyFilePath){
            $httpSignatureConfiguration["KeyId"] = $KeyId
            $httpSignatureConfiguration["KeyFilePath"] = $KeyFilePath
            throw "Private key file path does not exist"

        $keyType = Get-PVEKeyTypeFromFile -KeyFilePath $KeyFilePath
        if ([String]::IsNullOrEmpty($SigningAlgorithm)){
            if ($keyType -eq "RSA"){
                $SigningAlgorithm = "RSASSA-PKCS1-v1_5"

        if ($keyType -eq "RSA" -and
            ($SigningAlgorithm -ne "RSASSA-PKCS1-v1_5" -and $SigningAlgorithm -ne "RSASSA-PSS" )){
            throw "Provided Key and SigningAlgorithm : $SigningAlgorithm is not compatible."

        if ($HttpSigningHeader -contains "(expires)" -and $SignatureValidityPeriod -le 0){
            throw "SignatureValidityPeriod must be greater than 0 seconds."

        if ($HttpSigningHeader -contains "(expires)"){
            $httpSignatureConfiguration["SignatureValidityPeriod"] = $SignatureValidityPeriod
        if ($null -ne $HttpSigningHeader -and $HttpSigningHeader.Length -gt 0){
            $httpSignatureConfiguration["HttpSigningHeader"] = $HttpSigningHeader

        if ($null -ne $HashAlgorithm ){
            $httpSignatureConfiguration["HashAlgorithm"] = $HashAlgorithm

        if ($null -ne $SigningAlgorithm){
            $httpSignatureConfiguration["SigningAlgorithm"] = $SigningAlgorithm

        if ($null -ne $KeyPassPhrase){
            $httpSignatureConfiguration["KeyPassPhrase"] = $KeyPassPhrase

        $Script:Configuration["HttpSigning"] = New-Object -TypeName PSCustomObject -Property $httpSignatureConfiguration


Get the configuration object 'PVEConfigurationHttpSigning'.


function Get-PVEConfigurationHttpSigning{

    $httpSignatureConfiguration = $Script:Configuration["HttpSigning"]
    return $httpSignatureConfiguration

Decrypts a SecureString and returns a String.

function DecryptSecureString {
    $Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($SecureString)
    $Value = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)