diff --git a/Modules/VMware.vSphere.SsoAdmin/Group.ps1 b/Modules/VMware.vSphere.SsoAdmin/Group.ps1 index f6ea15a..d534302 100644 --- a/Modules/VMware.vSphere.SsoAdmin/Group.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/Group.ps1 @@ -2,6 +2,152 @@ Copyright 2020-2021 VMware, Inc. SPDX-License-Identifier: BSD-2-Clause #> + +function New-SsoGroup { + <# + .NOTES + =========================================================================== + Created on: 5/25/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + + .SYNOPSIS + Creates Local Sso Group + + .DESCRIPTION + Creates Local Sso Group + + .PARAMETER Name + Specifies the name of the group. + + .PARAMETER Description + Specifies optionaldescription of the group. + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + .EXAMPLE + New-SsoGroup -Name 'myGroup' -Description 'My Group Description' + + Creates local groupwith user 'myGroup' and description 'My Group Description' + + #> + + [CmdletBinding()] + param( + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Specifies the name of the group')] + [string] + $Name, + + [Parameter( + Mandatory = $false, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Specifies the description of the group')] + [string] + $Description, + + [Parameter( + Mandatory = $false, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + + Process { + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() + if ($Server -ne $null) { + $serversToProcess = $Server + } + + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + # Output is the result of 'CreateLocalGroup' + try { + $connection.Client.CreateLocalGroup( + $Name, + $Description + ) + } + catch { + Write-Error (FormatError $_.Exception) + } + } + } +} + +function Set-SsoGroup { +} + +function Remove-SsoGroup { + <# + .NOTES + =========================================================================== + Created on: 5/25/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function removes existing local group. + + .PARAMETER Group + Specifies the Group instance to remove. + + .EXAMPLE + $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd' + $myNewGroup = New-SsoGroup -Server $ssoAdminConnection -Name 'myGroup' + Remove-SsoGroup -Group $myNewGroup + + Remove plocal group with name 'myGroup' +#> + [CmdletBinding(ConfirmImpact = 'High')] + param( + [Parameter( + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Group instance you want to remove from specified servers')] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $Group) + + Process { + try { + foreach ($g in $Group) { + $ssoAdminClient = $g.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$g' is from disconnected server" + continue + } + + $ssoAdminClient.RemoveLocalGroup($g) + } + } + catch { + Write-Error (FormatError $_.Exception) + } + } +} + +function Add-PrincipalToSsoGroup { +} + +function Remove-PrincipalFromSsoGroup { +} + function Get-SsoGroup { <# .NOTES diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index cd05667..1d83b2f 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -11,7 +11,7 @@ RootModule = 'VMware.vSphere.SsoAdmin.psm1' # Version number of this module. -ModuleVersion = '1.2.3' +ModuleVersion = '1.3.0' # ID used to uniquely identify this module GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b' @@ -34,7 +34,14 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword') +FunctionsToExport = @( + 'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', + 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Set-SsoSelfPersonUserPassword' + 'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup', 'Add-PrincipalToSsoGroup', 'Remove-PrincipalFromSsoGroup' + 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', + 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', + 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', + 'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll index 25a22d4..99a6d0c 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 0a89d33..47dd9ad 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll index 8735324..a94c1da 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll index b2153b6..9048ffc 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs index 0ed5620..ff6f1d8 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs @@ -103,7 +103,7 @@ namespace VMware.vSphere.SsoAdminClient.Tests var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); // Act - var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group { + var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group(ssoAdminClient) { Name = "Administrators", Domain = "vsphere.local" }).ToArray(); diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs index c0edc38..9a0d469 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs @@ -9,13 +9,26 @@ using System.Threading.Tasks; namespace VMware.vSphere.SsoAdminClient.DataTypes { - public class Group - { - public string Name { get; set; } - public string Domain { get; set; } + public class Group + { + SsoAdminClient _client; + public Group(SsoAdminClient client) + { + _client = client; + } - public override string ToString() { - return $"{Name}@{Domain}"; - } - } + public string Name { get; set; } + public string Domain { get; set; } + public string Description { get; set; } + + public SsoAdminClient GetClient() + { + return _client; + } + + public override string ToString() + { + return $"{Name}@{Domain}"; + } + } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index e23ad13..34f8d1a 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -22,871 +22,1069 @@ using VMware.vSphere.SsoAdminClient.SsoAdminServiceReference2; namespace VMware.vSphere.SsoAdminClient { - public class SsoAdminClient - { - private const int WEB_OPERATION_TIMEOUT_SECONDS = 30; + public class SsoAdminClient + { + private const int WEB_OPERATION_TIMEOUT_SECONDS = 30; - private SsoPortTypeClient _ssoAdminBindingClient; - private UserPassSecurityContext _securityContext; + private SsoPortTypeClient _ssoAdminBindingClient; + private UserPassSecurityContext _securityContext; - public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator) { - if (hostname == null) throw new ArgumentNullException(nameof(hostname)); - if (user == null) throw new ArgumentNullException(nameof(user)); - if (password == null) throw new ArgumentNullException(nameof(password)); + public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator) + { + if (hostname == null) throw new ArgumentNullException(nameof(hostname)); + if (user == null) throw new ArgumentNullException(nameof(user)); + if (password == null) throw new ArgumentNullException(nameof(password)); - var lsClient = new LookupServiceClient(hostname, serverCertificateValidator); + var lsClient = new LookupServiceClient(hostname, serverCertificateValidator); - // Create STS Client - var stsUri = lsClient.GetStsEndpointUri(); - _securityContext = new UserPassSecurityContext(user, password, stsUri, serverCertificateValidator); - // Initialize security context with Saml token by username and password - _securityContext.GetToken(); + // Create STS Client + var stsUri = lsClient.GetStsEndpointUri(); + _securityContext = new UserPassSecurityContext(user, password, stsUri, serverCertificateValidator); + // Initialize security context with Saml token by username and password + _securityContext.GetToken(); - // Create SSO Admin Binding Client - var ssoAdminUri = lsClient.GetSsoAdminEndpointUri(); - ServiceUri = ssoAdminUri; - User = user; - _ssoAdminBindingClient = new SsoPortTypeClient(GetBinding(), new EndpointAddress(ssoAdminUri)); - _ssoAdminBindingClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior()); + // Create SSO Admin Binding Client + var ssoAdminUri = lsClient.GetSsoAdminEndpointUri(); + ServiceUri = ssoAdminUri; + User = user; + _ssoAdminBindingClient = new SsoPortTypeClient(GetBinding(), new EndpointAddress(ssoAdminUri)); + _ssoAdminBindingClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior()); - var serverAuthentication = GetServerAuthentication(serverCertificateValidator); + var serverAuthentication = GetServerAuthentication(serverCertificateValidator); - if (serverAuthentication != null) { - _ssoAdminBindingClient - .ChannelFactory - .Credentials - .ServiceCertificate - .SslCertificateAuthentication = serverAuthentication; - } - } + if (serverAuthentication != null) + { + _ssoAdminBindingClient + .ChannelFactory + .Credentials + .ServiceCertificate + .SslCertificateAuthentication = serverAuthentication; + } + } - #region Private Helpers - private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator) { - if (serverCertificateValidator != null) { - return new X509ServiceCertificateAuthentication { - CertificateValidationMode = X509CertificateValidationMode.Custom, - CustomCertificateValidator = serverCertificateValidator + #region Private Helpers + private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator) + { + if (serverCertificateValidator != null) + { + return new X509ServiceCertificateAuthentication + { + CertificateValidationMode = X509CertificateValidationMode.Custom, + CustomCertificateValidator = serverCertificateValidator + }; + } + + // Default .NET behavior for TLS certificate validation + return null; + } + + private static MessageEncodingBindingElement GetWcfEncoding() + { + // VMware STS requires SOAP version 1.1 + return new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); + } + + private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy) + { + // Communication with the STS is over https + HttpsTransportBindingElement transport = new HttpsTransportBindingElement + { + RequireClientCertificate = false }; - } - // Default .NET behavior for TLS certificate validation - return null; - } + transport.UseDefaultWebProxy = useSystemProxy; + transport.MaxBufferSize = 2147483647; + transport.MaxReceivedMessageSize = 2147483647; - private static MessageEncodingBindingElement GetWcfEncoding() { - // VMware STS requires SOAP version 1.1 - return new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); - } + return transport; + } - private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy) { - // Communication with the STS is over https - HttpsTransportBindingElement transport = new HttpsTransportBindingElement { - RequireClientCertificate = false - }; + private static CustomBinding GetBinding() + { - transport.UseDefaultWebProxy = useSystemProxy; - transport.MaxBufferSize = 2147483647; - transport.MaxReceivedMessageSize = 2147483647; + // There is no build-in WCF binding capable of communicating + // with VMware STS, so we create a plain custom one. + // This binding does not provide support for WS-Trust, + // that support is currently implemented as a WCF endpoint behaviour. + var binding = new CustomBinding(GetWcfEncoding(), GetWcfTransport(true)); - return transport; - } + var timeout = TimeSpan.FromSeconds(WEB_OPERATION_TIMEOUT_SECONDS); + binding.CloseTimeout = timeout; + binding.OpenTimeout = timeout; + binding.ReceiveTimeout = timeout; + binding.SendTimeout = timeout; - private static CustomBinding GetBinding() { + return binding; + } - // There is no build-in WCF binding capable of communicating - // with VMware STS, so we create a plain custom one. - // This binding does not provide support for WS-Trust, - // that support is currently implemented as a WCF endpoint behaviour. - var binding = new CustomBinding(GetWcfEncoding(), GetWcfTransport(true)); + private WsSecurityContext CreateAuthorizedInvocationContext() + { + // Issue Bearer token to authorize create solution user to SSO Admin service + var bearerToken = _securityContext.GetToken(); - var timeout = TimeSpan.FromSeconds(WEB_OPERATION_TIMEOUT_SECONDS); - binding.CloseTimeout = timeout; - binding.OpenTimeout = timeout; - binding.ReceiveTimeout = timeout; - binding.SendTimeout = timeout; - - return binding; - } - - private WsSecurityContext CreateAuthorizedInvocationContext() { - // Issue Bearer token to authorize create solution user to SSO Admin service - var bearerToken = _securityContext.GetToken(); - - // Set WS Trust Header Serialization with issued bearer SAML token - var securityContext = new WsSecurityContext { - ClientChannel = _ssoAdminBindingClient.InnerChannel, - Properties = { + // Set WS Trust Header Serialization with issued bearer SAML token + var securityContext = new WsSecurityContext + { + ClientChannel = _ssoAdminBindingClient.InnerChannel, + Properties = { Credentials = { BearerToken = bearerToken } } - }; - return securityContext; - } - - String SecureStringToString(SecureString value) { - IntPtr valuePtr = IntPtr.Zero; - try { - valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value); - return Marshal.PtrToStringUni(valuePtr); - } finally { - Marshal.ZeroFreeGlobalAllocUnicode(valuePtr); - } - } - #endregion - - #region Public interface - - public Uri ServiceUri { get; } - public string User { get; } - - public PersonUser CreateLocalUser( - string userName, - string password, - string description = null, - string emailAddress = null, - string firstName = null, - string lastName = null) { - - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin CreateLocalSolutionUser operation - var ssoPrincipalId = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.CreateLocalPersonUserAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalManagementService", - Value = "principalManagementService" - }, - userName, - new SsoAdminPersonDetails { - description = description, - emailAddress = emailAddress, - firstName = firstName, - lastName = lastName - }, - password)).Result; - - return GetLocalUsers(ssoPrincipalId.name, ssoPrincipalId.domain, authorizedInvocationContext); - } - - private PersonUser GetLocalUsers(string userName, string domain, WsSecurityContext wsSecurityContext) { - // Invoke SSO Admin FindPersonUserAsync operation - var personUser = wsSecurityContext. - InvokeOperation(() => - _ssoAdminBindingClient.FindPersonUserAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalDiscoveryService", - Value = "principalDiscoveryService" - }, - new SsoPrincipalId { - name = userName, - domain = domain - })).Result; - return new PersonUser(this) { - Name = personUser.id.name, - Domain = personUser.id.domain, - Description = personUser.details.description, - FirstName = personUser.details.firstName, - LastName = personUser.details.lastName, - EmailAddress = personUser.details.emailAddress, - Locked = personUser.locked, - Disabled = personUser.disabled - }; - } - - public IEnumerable GetLocalUsers(string searchString, string domain) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin FindPersonUsersAsync operation - var personUsers = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.FindPersonUsersAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalDiscoveryService", - Value = "principalDiscoveryService" - }, - new SsoAdminPrincipalDiscoveryServiceSearchCriteria { - searchString = searchString, - domain = domain - }, - int.MaxValue)).Result.returnval; - - if (personUsers != null) { - foreach (var personUser in personUsers) { - yield return new PersonUser(this) { - Name = personUser.id.name, - Domain = personUser.id.domain, - Description = personUser.details.description, - FirstName = personUser.details.firstName, - LastName = personUser.details.lastName, - EmailAddress = personUser.details.emailAddress, - Locked = personUser.locked, - Disabled = personUser.disabled - }; - } - } - - } - - public IEnumerable GetPersonUsersInGroup(string searchString, DataTypes.Group group) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin FindPersonUsersAsync operation - var personUsers = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.FindPersonUsersInGroupAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalDiscoveryService", - Value = "principalDiscoveryService" - }, - new SsoPrincipalId { - name = group.Name, - domain = group.Domain - }, - searchString, - int.MaxValue)).Result.returnval; - - if (personUsers != null) { - foreach (var personUser in personUsers) { - yield return new PersonUser(this) { - Name = personUser.id.name, - Domain = personUser.id.domain, - Description = personUser.details.description, - FirstName = personUser.details.firstName, - LastName = personUser.details.lastName, - EmailAddress = personUser.details.emailAddress, - Locked = personUser.locked, - Disabled = personUser.disabled - }; - } - } - } - - public void DeleteLocalUser( - PersonUser principal) { - - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin DeleteLocalPrincipal operation - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.DeleteLocalPrincipalAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalManagementService", - Value = "principalManagementService" - }, - principal.Name)); - } - - public IEnumerable GetGroups(string searchString, string domain) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin FindGroupsAsync operation - var ssoAdminGroups = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.FindGroupsAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalDiscoveryService", - Value = "principalDiscoveryService" - }, - new SsoAdminPrincipalDiscoveryServiceSearchCriteria { - searchString = searchString, - domain = domain - }, - int.MaxValue)).Result.returnval; - - if (ssoAdminGroups != null) { - foreach (var group in ssoAdminGroups) { - yield return new DataTypes.Group { - Name = group.id.name, - Domain = group.id.domain - }; - } - } - } - - public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin AddUserToLocalGroupAsync operation - return authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.AddUserToLocalGroupAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalManagementService", - Value = "principalManagementService" - }, - new SsoPrincipalId { - name = user.Name, - domain = user.Domain - }, - group.Name)).Result; - } - - public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin RemoveFromLocalGroupAsync operation - return authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.RemoveFromLocalGroupAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalManagementService", - Value = "principalManagementService" - }, - new SsoPrincipalId { - name = user.Name, - domain = user.Domain - }, - group.Name)).Result; - } - - public void ResetPersonUserPassword(PersonUser user, string newPassword) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalManagementService", - Value = "principalManagementService" - }, - user.Name, - newPassword)).Wait(); - } - - public void ResetSelfPersonUserPassword(SecureString newPassword) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.ResetSelfLocalPersonUserPasswordAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalManagementService", - Value = "principalManagementService" - }, - SecureStringToString(newPassword))).Wait(); - } - - public bool UnlockPersonUser(PersonUser user) { - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin UnlockUserAccountAsync operation - return authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.UnlockUserAccountAsync( - new ManagedObjectReference { - type = "SsoAdminPrincipalManagementService", - Value = "principalManagementService" - }, - new SsoPrincipalId { - name = user.Name, - domain = user.Domain - })).Result; - } - - public PasswordPolicy GetPasswordPolicy() { - PasswordPolicy result = null; - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin GetLocalPasswordPolicyAsync operation - var ssoAdminPasswordPolicy = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.GetLocalPasswordPolicyAsync( - new ManagedObjectReference { - type = "SsoAdminPasswordPolicyService", - Value = "passwordPolicyService" - })).Result; - - if (ssoAdminPasswordPolicy != null) { - result = new PasswordPolicy(this) { - Description = ssoAdminPasswordPolicy.description, - ProhibitedPreviousPasswordsCount = ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount, - MinLength = ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength, - MaxLength = ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.maxLength, - MaxIdenticalAdjacentCharacters = ssoAdminPasswordPolicy.passwordFormat.maxIdenticalAdjacentCharacters, - MinNumericCount = ssoAdminPasswordPolicy.passwordFormat.minNumericCount, - MinSpecialCharCount = ssoAdminPasswordPolicy.passwordFormat.minSpecialCharCount, - MinAlphabeticCount = ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minAlphabeticCount, - MinUppercaseCount = ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minUppercaseCount, - MinLowercaseCount = ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minLowercaseCount, - PasswordLifetimeDays = ssoAdminPasswordPolicy.passwordLifetimeDays }; - } + return securityContext; + } - return result; - } + String SecureStringToString(SecureString value) + { + IntPtr valuePtr = IntPtr.Zero; + try + { + valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value); + return Marshal.PtrToStringUni(valuePtr); + } + finally + { + Marshal.ZeroFreeGlobalAllocUnicode(valuePtr); + } + } + #endregion - public PasswordPolicy SetPasswordPolicy( + #region Public interface + + public Uri ServiceUri { get; } + public string User { get; } + + public PersonUser CreateLocalUser( + string userName, + string password, string description = null, - int? prohibitedPreviousPasswordsCount = null, - int? minLength = null, - int? maxLength = null, - int? maxIdenticalAdjacentCharacters = null, - int? minNumericCount = null, - int? minSpecialCharCount = null, - int? minAlphabeticCount = null, - int? minUppercaseCount = null, - int? minLowercaseCount = null, - int? passwordLifetimeDays = null) { + string emailAddress = null, + string firstName = null, + string lastName = null) + { - if (description != null || - prohibitedPreviousPasswordsCount != null || - minLength != null || - maxLength != null || - maxIdenticalAdjacentCharacters != null || - minNumericCount != null || - minSpecialCharCount != null || - minAlphabeticCount != null || - minUppercaseCount != null || - minLowercaseCount != null || - passwordLifetimeDays != null) { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); - var ssoAdminPasswordPolicy = new SsoAdminPasswordPolicy(); - ssoAdminPasswordPolicy.description = description; + // Invoke SSO Admin CreateLocalSolutionUser operation + var ssoPrincipalId = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.CreateLocalPersonUserAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + userName, + new SsoAdminPersonDetails + { + description = description, + emailAddress = emailAddress, + firstName = firstName, + lastName = lastName + }, + password)).Result; - if (passwordLifetimeDays != null) { - ssoAdminPasswordPolicy.passwordLifetimeDays = passwordLifetimeDays.Value; - ssoAdminPasswordPolicy.passwordLifetimeDaysSpecified = true; + return GetLocalUsers(ssoPrincipalId.name, ssoPrincipalId.domain, authorizedInvocationContext); + } + + private PersonUser GetLocalUsers(string userName, string domain, WsSecurityContext wsSecurityContext) + { + // Invoke SSO Admin FindPersonUserAsync operation + var personUser = wsSecurityContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindPersonUserAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoPrincipalId + { + name = userName, + domain = domain + })).Result; + return new PersonUser(this) + { + Name = personUser.id.name, + Domain = personUser.id.domain, + Description = personUser.details.description, + FirstName = personUser.details.firstName, + LastName = personUser.details.lastName, + EmailAddress = personUser.details.emailAddress, + Locked = personUser.locked, + Disabled = personUser.disabled + }; + } + + public IEnumerable GetLocalUsers(string searchString, string domain) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin FindPersonUsersAsync operation + var personUsers = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindPersonUsersAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoAdminPrincipalDiscoveryServiceSearchCriteria + { + searchString = searchString, + domain = domain + }, + int.MaxValue)).Result.returnval; + + if (personUsers != null) + { + foreach (var personUser in personUsers) + { + yield return new PersonUser(this) + { + Name = personUser.id.name, + Domain = personUser.id.domain, + Description = personUser.details.description, + FirstName = personUser.details.firstName, + LastName = personUser.details.lastName, + EmailAddress = personUser.details.emailAddress, + Locked = personUser.locked, + Disabled = personUser.disabled + }; + } } - if (prohibitedPreviousPasswordsCount != null) { - ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount = prohibitedPreviousPasswordsCount.Value; + } + + public IEnumerable GetPersonUsersInGroup(string searchString, DataTypes.Group group) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin FindPersonUsersAsync operation + var personUsers = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindPersonUsersInGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoPrincipalId + { + name = group.Name, + domain = group.Domain + }, + searchString, + int.MaxValue)).Result.returnval; + + if (personUsers != null) + { + foreach (var personUser in personUsers) + { + yield return new PersonUser(this) + { + Name = personUser.id.name, + Domain = personUser.id.domain, + Description = personUser.details.description, + FirstName = personUser.details.firstName, + LastName = personUser.details.lastName, + EmailAddress = personUser.details.emailAddress, + Locked = personUser.locked, + Disabled = personUser.disabled + }; + } + } + } + + public void DeleteLocalUser( + PersonUser principal) + { + + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin DeleteLocalPrincipal operation + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.DeleteLocalPrincipalAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + principal.Name)); + } + + private DataTypes.Group FindGroup(string name, string domain, WsSecurityContext wsSecurityContext) + { + // Invoke SSO Admin FindGroupAsync operation + var group = wsSecurityContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoPrincipalId + { + name = name, + domain = domain + })).Result; + + return new DataTypes.Group(this) + { + Name = group.id.name, + Domain = group.id.domain, + Description = group.details.description + }; + } + + public DataTypes.Group CreateLocalGroup(string name, string description) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin FindGroupsAsync operation + var ssoAdminGroup = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.CreateLocalGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + name, + new SsoAdminGroupDetails + { + description = description + })).Result; + + if (ssoAdminGroup != null) + { + return FindGroup(ssoAdminGroup.name, ssoAdminGroup.domain, authorizedInvocationContext); + } + else + { + return null; + } + } + + + public void RemoveLocalGroup(DataTypes.Group group) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin DeleteLocalPrincipal operation + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.DeleteLocalPrincipalAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + group.Name)); + } + + public IEnumerable GetGroups(string searchString, string domain) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin FindGroupsAsync operation + var ssoAdminGroups = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindGroupsAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoAdminPrincipalDiscoveryServiceSearchCriteria + { + searchString = searchString, + domain = domain + }, + int.MaxValue)).Result.returnval; + + if (ssoAdminGroups != null) + { + foreach (var group in ssoAdminGroups) + { + yield return FindGroup(group.id.name, group.id.domain, authorizedInvocationContext); + } + } + } + + public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin AddUserToLocalGroupAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.AddUserToLocalGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId + { + name = user.Name, + domain = user.Domain + }, + group.Name)).Result; + } + + public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin RemoveFromLocalGroupAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.RemoveFromLocalGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId + { + name = user.Name, + domain = user.Domain + }, + group.Name)).Result; + } + + public void ResetPersonUserPassword(PersonUser user, string newPassword) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + user.Name, + newPassword)).Wait(); + } + + public void ResetSelfPersonUserPassword(SecureString newPassword) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.ResetSelfLocalPersonUserPasswordAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + SecureStringToString(newPassword))).Wait(); + } + + public bool UnlockPersonUser(PersonUser user) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin UnlockUserAccountAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.UnlockUserAccountAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId + { + name = user.Name, + domain = user.Domain + })).Result; + } + + public PasswordPolicy GetPasswordPolicy() + { + PasswordPolicy result = null; + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin GetLocalPasswordPolicyAsync operation + var ssoAdminPasswordPolicy = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.GetLocalPasswordPolicyAsync( + new ManagedObjectReference + { + type = "SsoAdminPasswordPolicyService", + Value = "passwordPolicyService" + })).Result; + + if (ssoAdminPasswordPolicy != null) + { + result = new PasswordPolicy(this) + { + Description = ssoAdminPasswordPolicy.description, + ProhibitedPreviousPasswordsCount = ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount, + MinLength = ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength, + MaxLength = ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.maxLength, + MaxIdenticalAdjacentCharacters = ssoAdminPasswordPolicy.passwordFormat.maxIdenticalAdjacentCharacters, + MinNumericCount = ssoAdminPasswordPolicy.passwordFormat.minNumericCount, + MinSpecialCharCount = ssoAdminPasswordPolicy.passwordFormat.minSpecialCharCount, + MinAlphabeticCount = ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minAlphabeticCount, + MinUppercaseCount = ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minUppercaseCount, + MinLowercaseCount = ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minLowercaseCount, + PasswordLifetimeDays = ssoAdminPasswordPolicy.passwordLifetimeDays + }; } - // Update SsoAdminPasswordFormat if needed - if (minLength != null || + return result; + } + + public PasswordPolicy SetPasswordPolicy( + string description = null, + int? prohibitedPreviousPasswordsCount = null, + int? minLength = null, + int? maxLength = null, + int? maxIdenticalAdjacentCharacters = null, + int? minNumericCount = null, + int? minSpecialCharCount = null, + int? minAlphabeticCount = null, + int? minUppercaseCount = null, + int? minLowercaseCount = null, + int? passwordLifetimeDays = null) + { + + if (description != null || + prohibitedPreviousPasswordsCount != null || + minLength != null || maxLength != null || maxIdenticalAdjacentCharacters != null || minNumericCount != null || minSpecialCharCount != null || minAlphabeticCount != null || minUppercaseCount != null || - minLowercaseCount != null) { + minLowercaseCount != null || + passwordLifetimeDays != null) + { - ssoAdminPasswordPolicy.passwordFormat = new SsoAdminPasswordFormat(); + var ssoAdminPasswordPolicy = new SsoAdminPasswordPolicy(); + ssoAdminPasswordPolicy.description = description; - if (maxIdenticalAdjacentCharacters != null) { - ssoAdminPasswordPolicy.passwordFormat.maxIdenticalAdjacentCharacters = maxIdenticalAdjacentCharacters.Value; - } + if (passwordLifetimeDays != null) + { + ssoAdminPasswordPolicy.passwordLifetimeDays = passwordLifetimeDays.Value; + ssoAdminPasswordPolicy.passwordLifetimeDaysSpecified = true; + } - if (minNumericCount != null) { - ssoAdminPasswordPolicy.passwordFormat.minNumericCount = minNumericCount.Value; - } + if (prohibitedPreviousPasswordsCount != null) + { + ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount = prohibitedPreviousPasswordsCount.Value; + } - if (minSpecialCharCount != null) { - ssoAdminPasswordPolicy.passwordFormat.minSpecialCharCount = minSpecialCharCount.Value; - } + // Update SsoAdminPasswordFormat if needed + if (minLength != null || + maxLength != null || + maxIdenticalAdjacentCharacters != null || + minNumericCount != null || + minSpecialCharCount != null || + minAlphabeticCount != null || + minUppercaseCount != null || + minLowercaseCount != null) + { - // Update LengthRestriction if needed - if (minLength != null || - maxLength != null) { - ssoAdminPasswordPolicy.passwordFormat.lengthRestriction = new SsoAdminPasswordFormatLengthRestriction(); - if (maxLength != null) { - ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.maxLength = maxLength.Value; - } - if (minLength != null) { - ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength = minLength.Value; - } - } + ssoAdminPasswordPolicy.passwordFormat = new SsoAdminPasswordFormat(); - // Update AlphabeticRestriction if needed - if (minAlphabeticCount != null || - minUppercaseCount != null || - minLowercaseCount != null) { - ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction = new SsoAdminPasswordFormatAlphabeticRestriction(); + if (maxIdenticalAdjacentCharacters != null) + { + ssoAdminPasswordPolicy.passwordFormat.maxIdenticalAdjacentCharacters = maxIdenticalAdjacentCharacters.Value; + } - if (minAlphabeticCount != null) { - ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minAlphabeticCount = minAlphabeticCount.Value; - } + if (minNumericCount != null) + { + ssoAdminPasswordPolicy.passwordFormat.minNumericCount = minNumericCount.Value; + } - if (minUppercaseCount != null) { - ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minUppercaseCount = minUppercaseCount.Value; - } + if (minSpecialCharCount != null) + { + ssoAdminPasswordPolicy.passwordFormat.minSpecialCharCount = minSpecialCharCount.Value; + } - if (minLowercaseCount != null) { - ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minLowercaseCount = minLowercaseCount.Value; - } - } + // Update LengthRestriction if needed + if (minLength != null || + maxLength != null) + { + ssoAdminPasswordPolicy.passwordFormat.lengthRestriction = new SsoAdminPasswordFormatLengthRestriction(); + if (maxLength != null) + { + ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.maxLength = maxLength.Value; + } + if (minLength != null) + { + ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength = minLength.Value; + } + } + + // Update AlphabeticRestriction if needed + if (minAlphabeticCount != null || + minUppercaseCount != null || + minLowercaseCount != null) + { + ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction = new SsoAdminPasswordFormatAlphabeticRestriction(); + + if (minAlphabeticCount != null) + { + ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minAlphabeticCount = minAlphabeticCount.Value; + } + + if (minUppercaseCount != null) + { + ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minUppercaseCount = minUppercaseCount.Value; + } + + if (minLowercaseCount != null) + { + ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minLowercaseCount = minLowercaseCount.Value; + } + } + } + + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin UpdateLocalPasswordPolicyAsync operation + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.UpdateLocalPasswordPolicyAsync( + new ManagedObjectReference + { + type = "SsoAdminPasswordPolicyService", + Value = "passwordPolicyService" + }, + ssoAdminPasswordPolicy)).Wait(); } - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin UpdateLocalPasswordPolicyAsync operation - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.UpdateLocalPasswordPolicyAsync( - new ManagedObjectReference { - type = "SsoAdminPasswordPolicyService", - Value = "passwordPolicyService" - }, - ssoAdminPasswordPolicy)).Wait(); - } - - return GetPasswordPolicy(); - } - - public LockoutPolicy GetLockoutPolicy() { - LockoutPolicy result = null; - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - // Invoke SSO Admin GetLockoutPolicyAsync operation - var ssoAdminLockoutPolicy = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.GetLockoutPolicyAsync( - new ManagedObjectReference { - type = "SsoAdminLockoutPolicyService", - Value = "lockoutPolicyService" - })).Result; - - if (ssoAdminLockoutPolicy != null) { - result = new LockoutPolicy(this) { - Description = ssoAdminLockoutPolicy.description, - AutoUnlockIntervalSec = ssoAdminLockoutPolicy.autoUnlockIntervalSec, - FailedAttemptIntervalSec = ssoAdminLockoutPolicy.failedAttemptIntervalSec, - MaxFailedAttempts = ssoAdminLockoutPolicy.maxFailedAttempts - }; - } - - return result; - } - - public LockoutPolicy SetLockoutPolicy( - string description, - long? autoUnlockIntervalSec, - long? failedAttemptIntervalSec, - int? maxFailedAttempts) { - - if (description != null || - autoUnlockIntervalSec != null || - failedAttemptIntervalSec != null || - maxFailedAttempts != null) { - - var ssoAdminLockoutPolicy = new SsoAdminLockoutPolicy(); - - ssoAdminLockoutPolicy.description = description; - - if (autoUnlockIntervalSec != null) { - ssoAdminLockoutPolicy.autoUnlockIntervalSec = autoUnlockIntervalSec.Value; - } - - if (failedAttemptIntervalSec != null) { - ssoAdminLockoutPolicy.failedAttemptIntervalSec = failedAttemptIntervalSec.Value; - } - - if (maxFailedAttempts != null) { - ssoAdminLockoutPolicy.maxFailedAttempts = maxFailedAttempts.Value; - } + return GetPasswordPolicy(); + } + public LockoutPolicy GetLockoutPolicy() + { + LockoutPolicy result = null; // Create Authorization Invocation Context var authorizedInvocationContext = CreateAuthorizedInvocationContext(); // Invoke SSO Admin GetLockoutPolicyAsync operation - authorizedInvocationContext. + var ssoAdminLockoutPolicy = authorizedInvocationContext. InvokeOperation(() => - _ssoAdminBindingClient.UpdateLockoutPolicyAsync( - new ManagedObjectReference { - type = "SsoAdminLockoutPolicyService", - Value = "lockoutPolicyService" - }, - ssoAdminLockoutPolicy)).Wait(); + _ssoAdminBindingClient.GetLockoutPolicyAsync( + new ManagedObjectReference + { + type = "SsoAdminLockoutPolicyService", + Value = "lockoutPolicyService" + })).Result; - } - - return GetLockoutPolicy(); - } - - public TokenLifetime GetTokenLifetime() { - - // Create Authorization Invocation Context - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - var maxHoKTokenLifetime = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.GetMaximumHoKTokenLifetimeAsync( - new ManagedObjectReference { - type = "SsoAdminConfigurationManagementService", - Value = "configurationManagementService" - })).Result; - - var maxBearerTokenLifetime = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.GetMaximumBearerTokenLifetimeAsync( - new ManagedObjectReference { - type = "SsoAdminConfigurationManagementService", - Value = "configurationManagementService" - })).Result; - - return new TokenLifetime(this) { - MaxHoKTokenLifetime = maxHoKTokenLifetime, - MaxBearerTokenLifetime = maxBearerTokenLifetime - }; - } - - public TokenLifetime SetTokenLifetime( - long? maxHoKTokenLifetime, - long? maxBearerTokenLifetime) { - - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - if (maxHoKTokenLifetime != null) { - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.SetMaximumHoKTokenLifetimeAsync( - new ManagedObjectReference { - type = "SsoAdminConfigurationManagementService", - Value = "configurationManagementService" - }, - maxHoKTokenLifetime.Value)).Wait(); - } - - if (maxBearerTokenLifetime != null) { - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.SetMaximumBearerTokenLifetimeAsync( - new ManagedObjectReference { - type = "SsoAdminConfigurationManagementService", - Value = "configurationManagementService" - }, - maxBearerTokenLifetime.Value)).Wait(); - } - - - return GetTokenLifetime(); - } - - public void AddActiveDirectoryExternalDomain( - string domainName, - string domainAlias, - string friendlyName, - string primaryUrl, - string baseDNUsers, - string baseDNGroups, - string authenticationUserName, - string authenticationPassword, - string serverType) { - - string authenticationType = "password"; - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.AddExternalDomainAsync( - new ManagedObjectReference { - type = "SsoAdminDomainManagementService", - Value = "domainManagementService" - }, - serverType, - domainName, - domainAlias, - new SsoAdminExternalDomainDetails { - friendlyName = friendlyName, - primaryUrl = primaryUrl, - userBaseDn = baseDNUsers, - groupBaseDn = baseDNGroups - }, - authenticationType, - new SsoAdminDomainManagementServiceAuthenticationCredentails { - username = authenticationUserName, - password = authenticationPassword - })).Wait(); - } - - public void AddLdapIdentitySource( - string domainName, - string domainAlias, - string friendlyName, - string primaryUrl, - string failoverUrl, - string baseDNUsers, - string baseDNGroups, - string authenticationUserName, - string authenticationPassword, - string serverType, - X509Certificate2[] ldapCertificates) { - - string authenticationType = "password"; - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); - - var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails { - friendlyName = friendlyName, - primaryUrl = primaryUrl, - failoverUrl = failoverUrl, - userBaseDn = baseDNUsers, - groupBaseDn = baseDNGroups - }; - - if (ldapCertificates != null && ldapCertificates.Length > 0) { - var certificates = new List(); - foreach (var ldapCert in ldapCertificates) { - certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); + if (ssoAdminLockoutPolicy != null) + { + result = new LockoutPolicy(this) + { + Description = ssoAdminLockoutPolicy.description, + AutoUnlockIntervalSec = ssoAdminLockoutPolicy.autoUnlockIntervalSec, + FailedAttemptIntervalSec = ssoAdminLockoutPolicy.failedAttemptIntervalSec, + MaxFailedAttempts = ssoAdminLockoutPolicy.maxFailedAttempts + }; } - if (certificates.Count > 0) { - adminLdapIdentitySourceDetails.certificates = certificates.ToArray(); - } - } + return result; + } + + public LockoutPolicy SetLockoutPolicy( + string description, + long? autoUnlockIntervalSec, + long? failedAttemptIntervalSec, + int? maxFailedAttempts) + { + + if (description != null || + autoUnlockIntervalSec != null || + failedAttemptIntervalSec != null || + maxFailedAttempts != null) + { + + var ssoAdminLockoutPolicy = new SsoAdminLockoutPolicy(); + + ssoAdminLockoutPolicy.description = description; + + if (autoUnlockIntervalSec != null) + { + ssoAdminLockoutPolicy.autoUnlockIntervalSec = autoUnlockIntervalSec.Value; + } + + if (failedAttemptIntervalSec != null) + { + ssoAdminLockoutPolicy.failedAttemptIntervalSec = failedAttemptIntervalSec.Value; + } + + if (maxFailedAttempts != null) + { + ssoAdminLockoutPolicy.maxFailedAttempts = maxFailedAttempts.Value; + } + + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin GetLockoutPolicyAsync operation + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.UpdateLockoutPolicyAsync( + new ManagedObjectReference + { + type = "SsoAdminLockoutPolicyService", + Value = "lockoutPolicyService" + }, + ssoAdminLockoutPolicy)).Wait(); + + } + + return GetLockoutPolicy(); + } + + public TokenLifetime GetTokenLifetime() + { + + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + var maxHoKTokenLifetime = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.GetMaximumHoKTokenLifetimeAsync( + new ManagedObjectReference + { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + })).Result; + + var maxBearerTokenLifetime = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.GetMaximumBearerTokenLifetimeAsync( + new ManagedObjectReference + { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + })).Result; + + return new TokenLifetime(this) + { + MaxHoKTokenLifetime = maxHoKTokenLifetime, + MaxBearerTokenLifetime = maxBearerTokenLifetime + }; + } + + public TokenLifetime SetTokenLifetime( + long? maxHoKTokenLifetime, + long? maxBearerTokenLifetime) + { + + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + if (maxHoKTokenLifetime != null) + { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.SetMaximumHoKTokenLifetimeAsync( + new ManagedObjectReference + { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + }, + maxHoKTokenLifetime.Value)).Wait(); + } + + if (maxBearerTokenLifetime != null) + { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.SetMaximumBearerTokenLifetimeAsync( + new ManagedObjectReference + { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + }, + maxBearerTokenLifetime.Value)).Wait(); + } + + + return GetTokenLifetime(); + } + + public void AddActiveDirectoryExternalDomain( + string domainName, + string domainAlias, + string friendlyName, + string primaryUrl, + string baseDNUsers, + string baseDNGroups, + string authenticationUserName, + string authenticationPassword, + string serverType) + { + + string authenticationType = "password"; + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); - try { authorizedInvocationContext. InvokeOperation(() => - _ssoAdminBindingClient.RegisterLdapAsync( - new ManagedObjectReference { - type = "SsoAdminIdentitySourceManagementService", - Value = "identitySourceManagementService" + _ssoAdminBindingClient.AddExternalDomainAsync( + new ManagedObjectReference + { + type = "SsoAdminDomainManagementService", + Value = "domainManagementService" }, serverType, domainName, domainAlias, - adminLdapIdentitySourceDetails, + new SsoAdminExternalDomainDetails + { + friendlyName = friendlyName, + primaryUrl = primaryUrl, + userBaseDn = baseDNUsers, + groupBaseDn = baseDNGroups + }, authenticationType, - new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials { - username = authenticationUserName, - password = authenticationPassword + new SsoAdminDomainManagementServiceAuthenticationCredentails + { + username = authenticationUserName, + password = authenticationPassword })).Wait(); - } catch (AggregateException e) { - throw e.InnerException; - } - } + } - public void UpdateLdapIdentitySource( - string name, - string friendlyName, - string primaryUrl, - string failoverUrl, - string baseDNUsers, - string baseDNGroups, - X509Certificate2[] ldapCertificates) { - - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); + public void AddLdapIdentitySource( + string domainName, + string domainAlias, + string friendlyName, + string primaryUrl, + string failoverUrl, + string baseDNUsers, + string baseDNGroups, + string authenticationUserName, + string authenticationPassword, + string serverType, + X509Certificate2[] ldapCertificates) + { - var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails { - friendlyName = friendlyName, - primaryUrl = primaryUrl, - failoverUrl = failoverUrl, - userBaseDn = baseDNUsers, - groupBaseDn = baseDNGroups - }; + string authenticationType = "password"; + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); - if (ldapCertificates != null && ldapCertificates.Length > 0) { - var certificates = new List(); - foreach (var ldapCert in ldapCertificates) { - certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); + var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails + { + friendlyName = friendlyName, + primaryUrl = primaryUrl, + failoverUrl = failoverUrl, + userBaseDn = baseDNUsers, + groupBaseDn = baseDNGroups + }; + + if (ldapCertificates != null && ldapCertificates.Length > 0) + { + var certificates = new List(); + foreach (var ldapCert in ldapCertificates) + { + certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); + } + + if (certificates.Count > 0) + { + adminLdapIdentitySourceDetails.certificates = certificates.ToArray(); + } } - if (certificates.Count > 0) { - adminLdapIdentitySourceDetails.certificates = certificates.ToArray(); + try + { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.RegisterLdapAsync( + new ManagedObjectReference + { + type = "SsoAdminIdentitySourceManagementService", + Value = "identitySourceManagementService" + }, + serverType, + domainName, + domainAlias, + adminLdapIdentitySourceDetails, + authenticationType, + new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials + { + username = authenticationUserName, + password = authenticationPassword + })).Wait(); } - } + catch (AggregateException e) + { + throw e.InnerException; + } + } - try { - authorizedInvocationContext. + public void UpdateLdapIdentitySource( + string name, + string friendlyName, + string primaryUrl, + string failoverUrl, + string baseDNUsers, + string baseDNGroups, + X509Certificate2[] ldapCertificates) + { + + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails + { + friendlyName = friendlyName, + primaryUrl = primaryUrl, + failoverUrl = failoverUrl, + userBaseDn = baseDNUsers, + groupBaseDn = baseDNGroups + }; + + if (ldapCertificates != null && ldapCertificates.Length > 0) + { + var certificates = new List(); + foreach (var ldapCert in ldapCertificates) + { + certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); + } + + if (certificates.Count > 0) + { + adminLdapIdentitySourceDetails.certificates = certificates.ToArray(); + } + } + + try + { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.UpdateLdapAsync( + new ManagedObjectReference + { + type = "SsoAdminIdentitySourceManagementService", + Value = "identitySourceManagementService" + }, + name, + adminLdapIdentitySourceDetails)).Wait(); + } + catch (AggregateException e) + { + throw e.InnerException; + } + } + + public IEnumerable GetDomains() + { + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + var domains = authorizedInvocationContext. InvokeOperation(() => - _ssoAdminBindingClient.UpdateLdapAsync( - new ManagedObjectReference { - type = "SsoAdminIdentitySourceManagementService", - Value = "identitySourceManagementService" - }, - name, - adminLdapIdentitySourceDetails)).Wait(); - } catch (AggregateException e) { - throw e.InnerException; - } - } + _ssoAdminBindingClient.GetDomainsAsync( + new ManagedObjectReference + { + type = "SsoAdminDomainManagementService", + Value = "domainManagementService" + })).Result; - public IEnumerable GetDomains() { - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); + if (domains != null) + { + var localos = new LocalOSIdentitySource(); + localos.Name = domains.localOSDomainName; + yield return localos; - var domains = authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.GetDomainsAsync( - new ManagedObjectReference { - type = "SsoAdminDomainManagementService", - Value = "domainManagementService" - })).Result; + var system = new SystemIdentitySource(); + system.Name = domains.systemDomainName; + yield return system; - if (domains != null) { - var localos = new LocalOSIdentitySource(); - localos.Name = domains.localOSDomainName; - yield return localos; - - var system = new SystemIdentitySource(); - system.Name = domains.systemDomainName; - yield return system; - - if (domains.externalDomains != null && domains.externalDomains.Length > 0) { - foreach (var externalDomain in domains.externalDomains) { - var extIdentitySource = new ActiveDirectoryIdentitySource(); - extIdentitySource.Name = externalDomain.name; - extIdentitySource.Alias = externalDomain.alias; - extIdentitySource.Type = externalDomain.type; - extIdentitySource.AuthenticationType = externalDomain.authenticationDetails?.authenticationType; - extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username; - extIdentitySource.FriendlyName = externalDomain.details?.friendlyName; - extIdentitySource.PrimaryUrl = externalDomain.details?.primaryUrl; - extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl; - extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn; - extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn; - yield return extIdentitySource; - } + if (domains.externalDomains != null && domains.externalDomains.Length > 0) + { + foreach (var externalDomain in domains.externalDomains) + { + var extIdentitySource = new ActiveDirectoryIdentitySource(); + extIdentitySource.Name = externalDomain.name; + extIdentitySource.Alias = externalDomain.alias; + extIdentitySource.Type = externalDomain.type; + extIdentitySource.AuthenticationType = externalDomain.authenticationDetails?.authenticationType; + extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username; + extIdentitySource.FriendlyName = externalDomain.details?.friendlyName; + extIdentitySource.PrimaryUrl = externalDomain.details?.primaryUrl; + extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl; + extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn; + extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn; + yield return extIdentitySource; + } + } } - } - } + } - public void DeleteDomain(string name) { + public void DeleteDomain(string name) + { - var authorizedInvocationContext = - CreateAuthorizedInvocationContext(); + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); - try { - authorizedInvocationContext. - InvokeOperation(() => - _ssoAdminBindingClient.DeleteAsync( - new ManagedObjectReference { - type = "SsoAdminIdentitySourceManagementService", - Value = "identitySourceManagementService" - }, - name)).Wait(); - } catch (AggregateException e) { - throw e.InnerException; - } - } - #endregion - } + try + { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.DeleteAsync( + new ManagedObjectReference + { + type = "SsoAdminIdentitySourceManagementService", + Value = "identitySourceManagementService" + }, + name)).Wait(); + } + catch (AggregateException e) + { + throw e.InnerException; + } + } + #endregion + } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 index 7a69809..222c610 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 @@ -65,7 +65,7 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" { -User $User ` -Password $Password ` -ErrorAction Stop } | ` - Should -Throw "The SSL connection could not be established, see inner exception." + Should -Throw "*The SSL connection could not be established, see inner exception.*" } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 index 7eda354..613c864 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 @@ -20,57 +20,111 @@ param( $modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1" Import-Module $modulePath -Describe "Get-SsoGroup Tests" { - BeforeEach { - Connect-SsoAdminServer ` - -Server $VcAddress ` - -User $User ` - -Password $Password ` - -SkipCertificateCheck - } +Describe "SsoGroup Tests" { + BeforeEach { + Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck - AfterEach { - $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() - foreach ($connection in $connectionsToCleanup) { - Disconnect-SsoAdminServer -Server $connection - } - } + $script:testGroupsToDelete = @() + } - Context "Get-SsoGroup" { - It 'Gets groups without filters' { - # Act - $actual = Get-SsoGroup + AfterEach { - # Assert - $actual | Should -Not -Be $null - $actual.Count | Should -BeGreaterThan 0 - $actual[0].Name | Should -Not -Be $null - $actual[0].Domain | Should -Be 'localos' - } + foreach ($group in $script:testGroupsToDelete) { + Remove-SsoGroup -Group $group + } - It 'Gets groups for default domain' { - # Arrange - $newUserName = "NewUser1" - $password = '$tr0NG_TestPa$$w0rd' + $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() + foreach ($connection in $connectionsToCleanup) { + Disconnect-SsoAdminServer -Server $connection + } + } - ## Create Person User to determine default domain name - ## Person Users are created in the default domain - $newPersonUser = New-SsoPersonUser ` - -UserName $newUserName ` - -Password $password + Context "Get-SsoGroup" { + It 'Gets groups without filters' { + # Act + $actual = Get-SsoGroup - # Act - $actual = Get-SsoGroup ` - -Domain $newPersonUser.Domain + # Assert + $actual | Should -Not -Be $null + $actual.Count | Should -BeGreaterThan 0 + $actual[0].Name | Should -Not -Be $null + $actual[0].Domain | Should -Be 'localos' + } - # Assert - $actual | Should -Not -Be $null - $actual.Count | Should -BeGreaterThan 0 - $actual[0].Name | Should -Not -Be $null - $actual[0].Domain | Should -Be $newPersonUser.Domain + It 'Gets groups for default domain' { + # Arrange + $newUserName = "NewUser1" + $password = '$tr0NG_TestPa$$w0rd' - # Cleanup - Remove-SsoPersonUser -User $newPersonUser - } - } + ## Create Person User to determine default domain name + ## Person Users are created in the default domain + $newPersonUser = New-SsoPersonUser ` + -UserName $newUserName ` + -Password $password + + # Act + $actual = Get-SsoGroup ` + -Domain $newPersonUser.Domain + + # Assert + $actual | Should -Not -Be $null + $actual.Count | Should -BeGreaterThan 0 + $actual[0].Name | Should -Not -Be $null + $actual[0].Domain | Should -Be $newPersonUser.Domain + + # Cleanup + Remove-SsoPersonUser -User $newPersonUser + } + } + + Context "New-SsoGroup" { + It 'Should create SsoGroup specifying only the name of the group' { + # Arrange + $expectedName = 'TestGroup1' + + # Act + $actual = New-SsoGroup -Name $expectedName + + # Assert + $actual | Should -Not -Be $null + $script:testGroupsToDelete += $actual + $actual.Name | Should -Be $expectedName + $actual.Domain | Should -Be 'vsphere.local' + $actual.Description | Should -Be ([string]::Empty) + } + + It 'Should create SsoGroup specifying name and description' { + # Arrange + $expectedName = 'TestGroup2' + $expectedDescription = 'Test Description 2' + + # Act + $actual = New-SsoGroup -Name $expectedName -Description $expectedDescription + + # Assert + $actual | Should -Not -Be $ + $script:testGroupsToDelete += $actual + $actual.Name | Should -Be $expectedName + $actual.Domain | Should -Be 'vsphere.local' + $actual.Description | Should -Be $expectedDescription + } + } + + Context "Remove-SsoGroup" { + It 'Should remove SsoGroup' { + # Arrange + $groupName = 'TestGroup3' + $groupToRemove = New-SsoGroup -Name $groupName + + # Act + $groupToRemove | Remove-SsoGroup + + # Assert + Get-SsoGroup -Name $groupName -Domain 'vsphere.local' | Should -Be $null + } + } } \ No newline at end of file