Question

Powershell Orch - Call a pre-built scripts and pass params

  • 16 November 2022
  • 4 replies
  • 65 views

Badge

Hi there

 

Im wondering if its possible for the powershell orch app to be able to call a pre-built script and pass parameters to it.

I have a few scripts that would be ideal to now turn into Service requests but the scripts all have built in creds (using encrytion), which ive seen the Powershell App struggles with.  But if i can call my script and simply pass some parameters to it then it “should” work.  The scripts are stored on the Server we installed FS Orch on

and egample of what im looking for is
execute command

.\nameofscript.ps {{ticket.id}} {{ticket.from_email}}

this would call the script and pass “ticket id” and “Ticket from Email” as the params


4 replies

Userlevel 7
Badge +14

Hello @Chris.Armitage I am in the process of setting up some powershell scripts inside of a custom object. I bet you could try and pass in placeholders that are associate to the ticket that calls the custom object and ultimately runs the script. Would be cool if that worked. Will need to test it.

Badge

yeah ideally in my head you should be able to potentially use invoke-command call the script from a share and pass the params at the end ie 

 

invoke-command -filepath \\<server>\<share>\<script.ps1> <param from ticket> <param from ticket>

You could also use invoke-expression id guess but so far ive had no luck. 

while i could simply copy and paste the scripts into teh command box i find the box is way too small to really work in plus im not comfortable with storing credentials there.

currently ive been looking at a solution where by we have a token from Github stored in a keyvault in azure and account can access that with an encrypted key password to then access Github grab teh required script save it to a temp file and then pass parameters to the temp script, once done it’ll remove the temp.  Early testing this works well but would be a manual task with someone running a script and filling in a couple of bits from teh ticket/SR, which isnt ideal

Userlevel 7
Badge +14

yeah ideally in my head you should be able to potentially use invoke-command call the script from a share and pass the params at the end ie 

 

invoke-command -filepath \\<server>\<share>\<script.ps1> <param from ticket> <param from ticket>

You could also use invoke-expression id guess but so far ive had no luck. 

while i could simply copy and paste the scripts into teh command box i find the box is way too small to really work in plus im not comfortable with storing credentials there.

currently ive been looking at a solution where by we have a token from Github stored in a keyvault in azure and account can access that with an encrypted key password to then access Github grab teh required script save it to a temp file and then pass parameters to the temp script, once done it’ll remove the temp.  Early testing this works well but would be a manual task with someone running a script and filling in a couple of bits from teh ticket/SR, which isnt ideal

Wow that is clever!!! I am not a big advocate for how authenticating works in orchestration applications in general. Anyone with admin access to freshservice could potentially wreak havoc on servers. My hope is that we can segregate levels of access to admin modules on a more granular level. Then maybe we could use “Credentials” module to store credentials and leave access to creating and changing those credentials to operational admins.

Badge

@zachary.king yes i agree thats why our scripts have encypted passwords etc

also the added bonus of being a created script is that ive manged to secure within our Gthub using the token but you cant get access to that other than in our azure…. also i set tokens for a limted time BUT all that really means is once i renew a token i update our keyvault rather than have to update each script that needs the token access

another feature that would be handy within FreshService is if we could output the required fields from a ticket/SR to a sharepointList

as tbh then we could use power automate to monitor the list and once it gets a new entry it would just kick a script/automation off

 

EDIT: in fact ive just found THIS and wondered if you could share more info or direct me in right direction? as this could solve a lot of mine and my colleagues problems, and at least get us started on automating a fair bit of stuff

Reply