voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement New and Remove SsoGroup cmdlets.

Browse Source 
Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
Dimitar Milov
2021-05-25 19:11:15 +03:00
parent 09fad317e1
commit 04b0807ed5
11 changed files with 1259 additions and 841 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
Modules/VMware.vSphere.SsoAdmin/Group.ps1
View File

@@ -2,6 +2,152 @@
Copyright 2020-2021 VMware, Inc. Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause SPDX-License-Identifier: BSD-2-Clause
#> #>
function New-SsoGroup {
<#
.NOTES
===========================================================================
Created on: 5/25/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.SYNOPSIS
Creates Local Sso Group
.DESCRIPTION
Creates Local Sso Group
.PARAMETER Name
Specifies the name of the group.
.PARAMETER Description
Specifies optionaldescription of the group.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
New-SsoGroup -Name 'myGroup' -Description 'My Group Description'
Creates local groupwith user 'myGroup' and description 'My Group Description'
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Specifies the name of the group')]
[string]
$Name,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Specifies the description of the group')]
[string]
$Description,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
# Output is the result of 'CreateLocalGroup'
try {
$connection.Client.CreateLocalGroup(
$Name,
$Description
)
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
}
function Set-SsoGroup {
}
function Remove-SsoGroup {
<#
.NOTES
===========================================================================
Created on: 5/25/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function removes existing local group.
.PARAMETER Group
Specifies the Group instance to remove.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
$myNewGroup = New-SsoGroup -Server $ssoAdminConnection -Name 'myGroup'
Remove-SsoGroup -Group $myNewGroup
Remove plocal group with name 'myGroup'
#>
[CmdletBinding(ConfirmImpact = 'High')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Group instance you want to remove from specified servers')]
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
$Group)
Process {
try {
foreach ($g in $Group) {
$ssoAdminClient = $g.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$g' is from disconnected server"
continue
}
$ssoAdminClient.RemoveLocalGroup($g)
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Add-PrincipalToSsoGroup {
}
function Remove-PrincipalFromSsoGroup {
}
function Get-SsoGroup { function Get-SsoGroup {
<# <#
.NOTES .NOTES

11
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
View File

@@ -11,7 +11,7 @@
RootModule = 'VMware.vSphere.SsoAdmin.psm1' RootModule = 'VMware.vSphere.SsoAdmin.psm1'
# Version number of this module. # Version number of this module.
ModuleVersion = '1.2.3' ModuleVersion = '1.3.0'
# ID used to uniquely identify this module # ID used to uniquely identify this module
GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b' GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -34,7 +34,14 @@ RequiredModules = @(
) )
# Functions to export from this module # Functions to export from this module
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword') FunctionsToExport = @(
'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer',
'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Set-SsoSelfPersonUserPassword'
'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup', 'Add-PrincipalToSsoGroup', 'Remove-PrincipalFromSsoGroup'
'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy',
'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy',
'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime',
'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource')
# Cmdlets to export from this module # Cmdlets to export from this module
CmdletsToExport = @() CmdletsToExport = @()

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

2
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
View File

@@ -103,7 +103,7 @@ namespace VMware.vSphere.SsoAdminClient.Tests
var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
// Act // Act
var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group { var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group(ssoAdminClient) {
Name = "Administrators", Name = "Administrators",
Domain = "vsphere.local" Domain = "vsphere.local"
}).ToArray(); }).ToArray();

15
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs
View File

@@ -11,10 +11,23 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
{ {
public class Group public class Group
{ {
SsoAdminClient _client;
public Group(SsoAdminClient client)
{
_client = client;
}
public string Name { get; set; } public string Name { get; set; }
public string Domain { get; set; } public string Domain { get; set; }
public string Description { get; set; }
public override string ToString() { public SsoAdminClient GetClient()
{
return _client;
}
public override string ToString()
{
return $"{Name}@{Domain}"; return $"{Name}@{Domain}";
} }
} }

450
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
View File

@@ -29,7 +29,8 @@ namespace VMware.vSphere.SsoAdminClient
private SsoPortTypeClient _ssoAdminBindingClient; private SsoPortTypeClient _ssoAdminBindingClient;
private UserPassSecurityContext _securityContext; private UserPassSecurityContext _securityContext;
public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator) { public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator)
{
if (hostname == null) throw new ArgumentNullException(nameof(hostname)); if (hostname == null) throw new ArgumentNullException(nameof(hostname));
if (user == null) throw new ArgumentNullException(nameof(user)); if (user == null) throw new ArgumentNullException(nameof(user));
if (password == null) throw new ArgumentNullException(nameof(password)); if (password == null) throw new ArgumentNullException(nameof(password));
@@ -51,7 +52,8 @@ namespace VMware.vSphere.SsoAdminClient
var serverAuthentication = GetServerAuthentication(serverCertificateValidator); var serverAuthentication = GetServerAuthentication(serverCertificateValidator);
if (serverAuthentication != null) { if (serverAuthentication != null)
{
_ssoAdminBindingClient _ssoAdminBindingClient
.ChannelFactory .ChannelFactory
.Credentials .Credentials
@@ -61,9 +63,12 @@ namespace VMware.vSphere.SsoAdminClient
} }
#region Private Helpers #region Private Helpers
private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator) { private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator)
if (serverCertificateValidator != null) { {
return new X509ServiceCertificateAuthentication { if (serverCertificateValidator != null)
{
return new X509ServiceCertificateAuthentication
{
CertificateValidationMode = X509CertificateValidationMode.Custom, CertificateValidationMode = X509CertificateValidationMode.Custom,
CustomCertificateValidator = serverCertificateValidator CustomCertificateValidator = serverCertificateValidator
}; };
@@ -73,14 +78,17 @@ namespace VMware.vSphere.SsoAdminClient
return null; return null;
} }
private static MessageEncodingBindingElement GetWcfEncoding() { private static MessageEncodingBindingElement GetWcfEncoding()
{
// VMware STS requires SOAP version 1.1 // VMware STS requires SOAP version 1.1
return new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); return new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
} }
private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy) { private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy)
{
// Communication with the STS is over https // Communication with the STS is over https
HttpsTransportBindingElement transport = new HttpsTransportBindingElement { HttpsTransportBindingElement transport = new HttpsTransportBindingElement
{
RequireClientCertificate = false RequireClientCertificate = false
}; };
@@ -91,7 +99,8 @@ namespace VMware.vSphere.SsoAdminClient
return transport; return transport;
} }
private static CustomBinding GetBinding() { private static CustomBinding GetBinding()
{
// There is no build-in WCF binding capable of communicating // There is no build-in WCF binding capable of communicating
// with VMware STS, so we create a plain custom one. // with VMware STS, so we create a plain custom one.
@@ -108,12 +117,14 @@ namespace VMware.vSphere.SsoAdminClient
return binding; return binding;
} }
private WsSecurityContext CreateAuthorizedInvocationContext() { private WsSecurityContext CreateAuthorizedInvocationContext()
{
// Issue Bearer token to authorize create solution user to SSO Admin service // Issue Bearer token to authorize create solution user to SSO Admin service
var bearerToken = _securityContext.GetToken(); var bearerToken = _securityContext.GetToken();
// Set WS Trust Header Serialization with issued bearer SAML token // Set WS Trust Header Serialization with issued bearer SAML token
var securityContext = new WsSecurityContext { var securityContext = new WsSecurityContext
{
ClientChannel = _ssoAdminBindingClient.InnerChannel, ClientChannel = _ssoAdminBindingClient.InnerChannel,
Properties = { Properties = {
Credentials = { Credentials = {
@@ -124,12 +135,16 @@ namespace VMware.vSphere.SsoAdminClient
return securityContext; return securityContext;
} }
String SecureStringToString(SecureString value) { String SecureStringToString(SecureString value)
{
IntPtr valuePtr = IntPtr.Zero; IntPtr valuePtr = IntPtr.Zero;
try { try
{
valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value); valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
return Marshal.PtrToStringUni(valuePtr); return Marshal.PtrToStringUni(valuePtr);
} finally { }
finally
{
Marshal.ZeroFreeGlobalAllocUnicode(valuePtr); Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
} }
} }
@@ -146,7 +161,8 @@ namespace VMware.vSphere.SsoAdminClient
string description = null, string description = null,
string emailAddress = null, string emailAddress = null,
string firstName = null, string firstName = null,
string lastName = null) { string lastName = null)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
@@ -156,12 +172,14 @@ namespace VMware.vSphere.SsoAdminClient
var ssoPrincipalId = authorizedInvocationContext. var ssoPrincipalId = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.CreateLocalPersonUserAsync( _ssoAdminBindingClient.CreateLocalPersonUserAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService", type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService" Value = "principalManagementService"
}, },
userName, userName,
new SsoAdminPersonDetails { new SsoAdminPersonDetails
{
description = description, description = description,
emailAddress = emailAddress, emailAddress = emailAddress,
firstName = firstName, firstName = firstName,
@@ -172,20 +190,24 @@ namespace VMware.vSphere.SsoAdminClient
return GetLocalUsers(ssoPrincipalId.name, ssoPrincipalId.domain, authorizedInvocationContext); return GetLocalUsers(ssoPrincipalId.name, ssoPrincipalId.domain, authorizedInvocationContext);
} }
private PersonUser GetLocalUsers(string userName, string domain, WsSecurityContext wsSecurityContext) { private PersonUser GetLocalUsers(string userName, string domain, WsSecurityContext wsSecurityContext)
{
// Invoke SSO Admin FindPersonUserAsync operation // Invoke SSO Admin FindPersonUserAsync operation
var personUser = wsSecurityContext. var personUser = wsSecurityContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.FindPersonUserAsync( _ssoAdminBindingClient.FindPersonUserAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService", type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService" Value = "principalDiscoveryService"
}, },
new SsoPrincipalId { new SsoPrincipalId
{
name = userName, name = userName,
domain = domain domain = domain
})).Result; })).Result;
return new PersonUser(this) { return new PersonUser(this)
{
Name = personUser.id.name, Name = personUser.id.name,
Domain = personUser.id.domain, Domain = personUser.id.domain,
Description = personUser.details.description, Description = personUser.details.description,
@@ -197,7 +219,8 @@ namespace VMware.vSphere.SsoAdminClient
}; };
} }
public IEnumerable<PersonUser> GetLocalUsers(string searchString, string domain) { public IEnumerable<PersonUser> GetLocalUsers(string searchString, string domain)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -206,19 +229,24 @@ namespace VMware.vSphere.SsoAdminClient
var personUsers = authorizedInvocationContext. var personUsers = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.FindPersonUsersAsync( _ssoAdminBindingClient.FindPersonUsersAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService", type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService" Value = "principalDiscoveryService"
}, },
new SsoAdminPrincipalDiscoveryServiceSearchCriteria { new SsoAdminPrincipalDiscoveryServiceSearchCriteria
{
searchString = searchString, searchString = searchString,
domain = domain domain = domain
}, },
int.MaxValue)).Result.returnval; int.MaxValue)).Result.returnval;
if (personUsers != null) { if (personUsers != null)
foreach (var personUser in personUsers) { {
yield return new PersonUser(this) { foreach (var personUser in personUsers)
{
yield return new PersonUser(this)
{
Name = personUser.id.name, Name = personUser.id.name,
Domain = personUser.id.domain, Domain = personUser.id.domain,
Description = personUser.details.description, Description = personUser.details.description,
@@ -233,7 +261,8 @@ namespace VMware.vSphere.SsoAdminClient
} }
public IEnumerable<PersonUser> GetPersonUsersInGroup(string searchString, DataTypes.Group group) { public IEnumerable<PersonUser> GetPersonUsersInGroup(string searchString, DataTypes.Group group)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -242,20 +271,25 @@ namespace VMware.vSphere.SsoAdminClient
var personUsers = authorizedInvocationContext. var personUsers = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.FindPersonUsersInGroupAsync( _ssoAdminBindingClient.FindPersonUsersInGroupAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService", type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService" Value = "principalDiscoveryService"
}, },
new SsoPrincipalId { new SsoPrincipalId
{
name = group.Name, name = group.Name,
domain = group.Domain domain = group.Domain
}, },
searchString, searchString,
int.MaxValue)).Result.returnval; int.MaxValue)).Result.returnval;
if (personUsers != null) { if (personUsers != null)
foreach (var personUser in personUsers) { {
yield return new PersonUser(this) { foreach (var personUser in personUsers)
{
yield return new PersonUser(this)
{
Name = personUser.id.name, Name = personUser.id.name,
Domain = personUser.id.domain, Domain = personUser.id.domain,
Description = personUser.details.description, Description = personUser.details.description,
@@ -270,7 +304,8 @@ namespace VMware.vSphere.SsoAdminClient
} }
public void DeleteLocalUser( public void DeleteLocalUser(
PersonUser principal) { PersonUser principal)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
@@ -280,14 +315,91 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.DeleteLocalPrincipalAsync( _ssoAdminBindingClient.DeleteLocalPrincipalAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService", type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService" Value = "principalManagementService"
}, },
principal.Name)); principal.Name));
} }
public IEnumerable<DataTypes.Group> GetGroups(string searchString, string domain) { private DataTypes.Group FindGroup(string name, string domain, WsSecurityContext wsSecurityContext)
{
// Invoke SSO Admin FindGroupAsync operation
var group = wsSecurityContext.
InvokeOperation(() =>
_ssoAdminBindingClient.FindGroupAsync(
new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService"
},
new SsoPrincipalId
{
name = name,
domain = domain
})).Result;
return new DataTypes.Group(this)
{
Name = group.id.name,
Domain = group.id.domain,
Description = group.details.description
};
}
public DataTypes.Group CreateLocalGroup(string name, string description)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin FindGroupsAsync operation
var ssoAdminGroup = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.CreateLocalGroupAsync(
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
name,
new SsoAdminGroupDetails
{
description = description
})).Result;
if (ssoAdminGroup != null)
{
return FindGroup(ssoAdminGroup.name, ssoAdminGroup.domain, authorizedInvocationContext);
}
else
{
return null;
}
}
public void RemoveLocalGroup(DataTypes.Group group)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin DeleteLocalPrincipal operation
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.DeleteLocalPrincipalAsync(
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
group.Name));
}
public IEnumerable<DataTypes.Group> GetGroups(string searchString, string domain)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -296,27 +408,29 @@ namespace VMware.vSphere.SsoAdminClient
var ssoAdminGroups = authorizedInvocationContext. var ssoAdminGroups = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.FindGroupsAsync( _ssoAdminBindingClient.FindGroupsAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService", type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService" Value = "principalDiscoveryService"
}, },
new SsoAdminPrincipalDiscoveryServiceSearchCriteria { new SsoAdminPrincipalDiscoveryServiceSearchCriteria
{
searchString = searchString, searchString = searchString,
domain = domain domain = domain
}, },
int.MaxValue)).Result.returnval; int.MaxValue)).Result.returnval;
if (ssoAdminGroups != null) { if (ssoAdminGroups != null)
foreach (var group in ssoAdminGroups) { {
yield return new DataTypes.Group { foreach (var group in ssoAdminGroups)
Name = group.id.name, {
Domain = group.id.domain yield return FindGroup(group.id.name, group.id.domain, authorizedInvocationContext);
};
} }
} }
} }
public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group) { public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -325,18 +439,21 @@ namespace VMware.vSphere.SsoAdminClient
return authorizedInvocationContext. return authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.AddUserToLocalGroupAsync( _ssoAdminBindingClient.AddUserToLocalGroupAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService", type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService" Value = "principalManagementService"
}, },
new SsoPrincipalId { new SsoPrincipalId
{
name = user.Name, name = user.Name,
domain = user.Domain domain = user.Domain
}, },
group.Name)).Result; group.Name)).Result;
} }
public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) { public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -345,18 +462,21 @@ namespace VMware.vSphere.SsoAdminClient
return authorizedInvocationContext. return authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.RemoveFromLocalGroupAsync( _ssoAdminBindingClient.RemoveFromLocalGroupAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService", type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService" Value = "principalManagementService"
}, },
new SsoPrincipalId { new SsoPrincipalId
{
name = user.Name, name = user.Name,
domain = user.Domain domain = user.Domain
}, },
group.Name)).Result; group.Name)).Result;
} }
public void ResetPersonUserPassword(PersonUser user, string newPassword) { public void ResetPersonUserPassword(PersonUser user, string newPassword)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -365,7 +485,8 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync( _ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService", type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService" Value = "principalManagementService"
}, },
@@ -373,7 +494,8 @@ namespace VMware.vSphere.SsoAdminClient
newPassword)).Wait(); newPassword)).Wait();
} }
public void ResetSelfPersonUserPassword(SecureString newPassword) { public void ResetSelfPersonUserPassword(SecureString newPassword)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -382,14 +504,16 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.ResetSelfLocalPersonUserPasswordAsync( _ssoAdminBindingClient.ResetSelfLocalPersonUserPasswordAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService", type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService" Value = "principalManagementService"
}, },
SecureStringToString(newPassword))).Wait(); SecureStringToString(newPassword))).Wait();
} }
public bool UnlockPersonUser(PersonUser user) { public bool UnlockPersonUser(PersonUser user)
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
@@ -398,17 +522,20 @@ namespace VMware.vSphere.SsoAdminClient
return authorizedInvocationContext. return authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.UnlockUserAccountAsync( _ssoAdminBindingClient.UnlockUserAccountAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService", type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService" Value = "principalManagementService"
}, },
new SsoPrincipalId { new SsoPrincipalId
{
name = user.Name, name = user.Name,
domain = user.Domain domain = user.Domain
})).Result; })).Result;
} }
public PasswordPolicy GetPasswordPolicy() { public PasswordPolicy GetPasswordPolicy()
{
PasswordPolicy result = null; PasswordPolicy result = null;
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
@@ -418,13 +545,16 @@ namespace VMware.vSphere.SsoAdminClient
var ssoAdminPasswordPolicy = authorizedInvocationContext. var ssoAdminPasswordPolicy = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.GetLocalPasswordPolicyAsync( _ssoAdminBindingClient.GetLocalPasswordPolicyAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPasswordPolicyService", type = "SsoAdminPasswordPolicyService",
Value = "passwordPolicyService" Value = "passwordPolicyService"
})).Result; })).Result;
if (ssoAdminPasswordPolicy != null) { if (ssoAdminPasswordPolicy != null)
result = new PasswordPolicy(this) { {
result = new PasswordPolicy(this)
{
Description = ssoAdminPasswordPolicy.description, Description = ssoAdminPasswordPolicy.description,
ProhibitedPreviousPasswordsCount = ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount, ProhibitedPreviousPasswordsCount = ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount,
MinLength = ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength, MinLength = ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength,
@@ -453,7 +583,8 @@ namespace VMware.vSphere.SsoAdminClient
int? minAlphabeticCount = null, int? minAlphabeticCount = null,
int? minUppercaseCount = null, int? minUppercaseCount = null,
int? minLowercaseCount = null, int? minLowercaseCount = null,
int? passwordLifetimeDays = null) { int? passwordLifetimeDays = null)
{
if (description != null || if (description != null ||
prohibitedPreviousPasswordsCount != null || prohibitedPreviousPasswordsCount != null ||
@@ -465,17 +596,20 @@ namespace VMware.vSphere.SsoAdminClient
minAlphabeticCount != null || minAlphabeticCount != null ||
minUppercaseCount != null || minUppercaseCount != null ||
minLowercaseCount != null || minLowercaseCount != null ||
passwordLifetimeDays != null) { passwordLifetimeDays != null)
{
var ssoAdminPasswordPolicy = new SsoAdminPasswordPolicy(); var ssoAdminPasswordPolicy = new SsoAdminPasswordPolicy();
ssoAdminPasswordPolicy.description = description; ssoAdminPasswordPolicy.description = description;
if (passwordLifetimeDays != null) { if (passwordLifetimeDays != null)
{
ssoAdminPasswordPolicy.passwordLifetimeDays = passwordLifetimeDays.Value; ssoAdminPasswordPolicy.passwordLifetimeDays = passwordLifetimeDays.Value;
ssoAdminPasswordPolicy.passwordLifetimeDaysSpecified = true; ssoAdminPasswordPolicy.passwordLifetimeDaysSpecified = true;
} }
if (prohibitedPreviousPasswordsCount != null) { if (prohibitedPreviousPasswordsCount != null)
{
ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount = prohibitedPreviousPasswordsCount.Value; ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount = prohibitedPreviousPasswordsCount.Value;
} }
@@ -487,30 +621,37 @@ namespace VMware.vSphere.SsoAdminClient
minSpecialCharCount != null || minSpecialCharCount != null ||
minAlphabeticCount != null || minAlphabeticCount != null ||
minUppercaseCount != null || minUppercaseCount != null ||
minLowercaseCount != null) { minLowercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat = new SsoAdminPasswordFormat(); ssoAdminPasswordPolicy.passwordFormat = new SsoAdminPasswordFormat();
if (maxIdenticalAdjacentCharacters != null) { if (maxIdenticalAdjacentCharacters != null)
{
ssoAdminPasswordPolicy.passwordFormat.maxIdenticalAdjacentCharacters = maxIdenticalAdjacentCharacters.Value; ssoAdminPasswordPolicy.passwordFormat.maxIdenticalAdjacentCharacters = maxIdenticalAdjacentCharacters.Value;
} }
if (minNumericCount != null) { if (minNumericCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.minNumericCount = minNumericCount.Value; ssoAdminPasswordPolicy.passwordFormat.minNumericCount = minNumericCount.Value;
} }
if (minSpecialCharCount != null) { if (minSpecialCharCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.minSpecialCharCount = minSpecialCharCount.Value; ssoAdminPasswordPolicy.passwordFormat.minSpecialCharCount = minSpecialCharCount.Value;
} }
// Update LengthRestriction if needed // Update LengthRestriction if needed
if (minLength != null || if (minLength != null ||
maxLength != null) { maxLength != null)
{
ssoAdminPasswordPolicy.passwordFormat.lengthRestriction = new SsoAdminPasswordFormatLengthRestriction(); ssoAdminPasswordPolicy.passwordFormat.lengthRestriction = new SsoAdminPasswordFormatLengthRestriction();
if (maxLength != null) { if (maxLength != null)
{
ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.maxLength = maxLength.Value; ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.maxLength = maxLength.Value;
} }
if (minLength != null) { if (minLength != null)
{
ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength = minLength.Value; ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength = minLength.Value;
} }
} }
@@ -518,18 +659,22 @@ namespace VMware.vSphere.SsoAdminClient
// Update AlphabeticRestriction if needed // Update AlphabeticRestriction if needed
if (minAlphabeticCount != null || if (minAlphabeticCount != null ||
minUppercaseCount != null || minUppercaseCount != null ||
minLowercaseCount != null) { minLowercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction = new SsoAdminPasswordFormatAlphabeticRestriction(); ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction = new SsoAdminPasswordFormatAlphabeticRestriction();
if (minAlphabeticCount != null) { if (minAlphabeticCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minAlphabeticCount = minAlphabeticCount.Value; ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minAlphabeticCount = minAlphabeticCount.Value;
} }
if (minUppercaseCount != null) { if (minUppercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minUppercaseCount = minUppercaseCount.Value; ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minUppercaseCount = minUppercaseCount.Value;
} }
if (minLowercaseCount != null) { if (minLowercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minLowercaseCount = minLowercaseCount.Value; ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minLowercaseCount = minLowercaseCount.Value;
} }
} }
@@ -543,7 +688,8 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.UpdateLocalPasswordPolicyAsync( _ssoAdminBindingClient.UpdateLocalPasswordPolicyAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminPasswordPolicyService", type = "SsoAdminPasswordPolicyService",
Value = "passwordPolicyService" Value = "passwordPolicyService"
}, },
@@ -553,7 +699,8 @@ namespace VMware.vSphere.SsoAdminClient
return GetPasswordPolicy(); return GetPasswordPolicy();
} }
public LockoutPolicy GetLockoutPolicy() { public LockoutPolicy GetLockoutPolicy()
{
LockoutPolicy result = null; LockoutPolicy result = null;
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
@@ -563,13 +710,16 @@ namespace VMware.vSphere.SsoAdminClient
var ssoAdminLockoutPolicy = authorizedInvocationContext. var ssoAdminLockoutPolicy = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.GetLockoutPolicyAsync( _ssoAdminBindingClient.GetLockoutPolicyAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminLockoutPolicyService", type = "SsoAdminLockoutPolicyService",
Value = "lockoutPolicyService" Value = "lockoutPolicyService"
})).Result; })).Result;
if (ssoAdminLockoutPolicy != null) { if (ssoAdminLockoutPolicy != null)
result = new LockoutPolicy(this) { {
result = new LockoutPolicy(this)
{
Description = ssoAdminLockoutPolicy.description, Description = ssoAdminLockoutPolicy.description,
AutoUnlockIntervalSec = ssoAdminLockoutPolicy.autoUnlockIntervalSec, AutoUnlockIntervalSec = ssoAdminLockoutPolicy.autoUnlockIntervalSec,
FailedAttemptIntervalSec = ssoAdminLockoutPolicy.failedAttemptIntervalSec, FailedAttemptIntervalSec = ssoAdminLockoutPolicy.failedAttemptIntervalSec,
@@ -584,26 +734,31 @@ namespace VMware.vSphere.SsoAdminClient
string description, string description,
long? autoUnlockIntervalSec, long? autoUnlockIntervalSec,
long? failedAttemptIntervalSec, long? failedAttemptIntervalSec,
int? maxFailedAttempts) { int? maxFailedAttempts)
{
if (description != null || if (description != null ||
autoUnlockIntervalSec != null || autoUnlockIntervalSec != null ||
failedAttemptIntervalSec != null || failedAttemptIntervalSec != null ||
maxFailedAttempts != null) { maxFailedAttempts != null)
{
var ssoAdminLockoutPolicy = new SsoAdminLockoutPolicy(); var ssoAdminLockoutPolicy = new SsoAdminLockoutPolicy();
ssoAdminLockoutPolicy.description = description; ssoAdminLockoutPolicy.description = description;
if (autoUnlockIntervalSec != null) { if (autoUnlockIntervalSec != null)
{
ssoAdminLockoutPolicy.autoUnlockIntervalSec = autoUnlockIntervalSec.Value; ssoAdminLockoutPolicy.autoUnlockIntervalSec = autoUnlockIntervalSec.Value;
} }
if (failedAttemptIntervalSec != null) { if (failedAttemptIntervalSec != null)
{
ssoAdminLockoutPolicy.failedAttemptIntervalSec = failedAttemptIntervalSec.Value; ssoAdminLockoutPolicy.failedAttemptIntervalSec = failedAttemptIntervalSec.Value;
} }
if (maxFailedAttempts != null) { if (maxFailedAttempts != null)
{
ssoAdminLockoutPolicy.maxFailedAttempts = maxFailedAttempts.Value; ssoAdminLockoutPolicy.maxFailedAttempts = maxFailedAttempts.Value;
} }
@@ -615,7 +770,8 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.UpdateLockoutPolicyAsync( _ssoAdminBindingClient.UpdateLockoutPolicyAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminLockoutPolicyService", type = "SsoAdminLockoutPolicyService",
Value = "lockoutPolicyService" Value = "lockoutPolicyService"
}, },
@@ -626,7 +782,8 @@ namespace VMware.vSphere.SsoAdminClient
return GetLockoutPolicy(); return GetLockoutPolicy();
} }
public TokenLifetime GetTokenLifetime() { public TokenLifetime GetTokenLifetime()
{
// Create Authorization Invocation Context // Create Authorization Invocation Context
var authorizedInvocationContext = var authorizedInvocationContext =
@@ -635,7 +792,8 @@ namespace VMware.vSphere.SsoAdminClient
var maxHoKTokenLifetime = authorizedInvocationContext. var maxHoKTokenLifetime = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.GetMaximumHoKTokenLifetimeAsync( _ssoAdminBindingClient.GetMaximumHoKTokenLifetimeAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService", type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService" Value = "configurationManagementService"
})).Result; })).Result;
@@ -643,12 +801,14 @@ namespace VMware.vSphere.SsoAdminClient
var maxBearerTokenLifetime = authorizedInvocationContext. var maxBearerTokenLifetime = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.GetMaximumBearerTokenLifetimeAsync( _ssoAdminBindingClient.GetMaximumBearerTokenLifetimeAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService", type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService" Value = "configurationManagementService"
})).Result; })).Result;
return new TokenLifetime(this) { return new TokenLifetime(this)
{
MaxHoKTokenLifetime = maxHoKTokenLifetime, MaxHoKTokenLifetime = maxHoKTokenLifetime,
MaxBearerTokenLifetime = maxBearerTokenLifetime MaxBearerTokenLifetime = maxBearerTokenLifetime
}; };
@@ -656,27 +816,32 @@ namespace VMware.vSphere.SsoAdminClient
public TokenLifetime SetTokenLifetime( public TokenLifetime SetTokenLifetime(
long? maxHoKTokenLifetime, long? maxHoKTokenLifetime,
long? maxBearerTokenLifetime) { long? maxBearerTokenLifetime)
{
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
if (maxHoKTokenLifetime != null) { if (maxHoKTokenLifetime != null)
{
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.SetMaximumHoKTokenLifetimeAsync( _ssoAdminBindingClient.SetMaximumHoKTokenLifetimeAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService", type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService" Value = "configurationManagementService"
}, },
maxHoKTokenLifetime.Value)).Wait(); maxHoKTokenLifetime.Value)).Wait();
} }
if (maxBearerTokenLifetime != null) { if (maxBearerTokenLifetime != null)
{
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.SetMaximumBearerTokenLifetimeAsync( _ssoAdminBindingClient.SetMaximumBearerTokenLifetimeAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService", type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService" Value = "configurationManagementService"
}, },
@@ -696,7 +861,8 @@ namespace VMware.vSphere.SsoAdminClient
string baseDNGroups, string baseDNGroups,
string authenticationUserName, string authenticationUserName,
string authenticationPassword, string authenticationPassword,
string serverType) { string serverType)
{
string authenticationType = "password"; string authenticationType = "password";
var authorizedInvocationContext = var authorizedInvocationContext =
@@ -705,21 +871,24 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.AddExternalDomainAsync( _ssoAdminBindingClient.AddExternalDomainAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminDomainManagementService", type = "SsoAdminDomainManagementService",
Value = "domainManagementService" Value = "domainManagementService"
}, },
serverType, serverType,
domainName, domainName,
domainAlias, domainAlias,
new SsoAdminExternalDomainDetails { new SsoAdminExternalDomainDetails
{
friendlyName = friendlyName, friendlyName = friendlyName,
primaryUrl = primaryUrl, primaryUrl = primaryUrl,
userBaseDn = baseDNUsers, userBaseDn = baseDNUsers,
groupBaseDn = baseDNGroups groupBaseDn = baseDNGroups
}, },
authenticationType, authenticationType,
new SsoAdminDomainManagementServiceAuthenticationCredentails { new SsoAdminDomainManagementServiceAuthenticationCredentails
{
username = authenticationUserName, username = authenticationUserName,
password = authenticationPassword password = authenticationPassword
})).Wait(); })).Wait();
@@ -736,13 +905,15 @@ namespace VMware.vSphere.SsoAdminClient
string authenticationUserName, string authenticationUserName,
string authenticationPassword, string authenticationPassword,
string serverType, string serverType,
X509Certificate2[] ldapCertificates) { X509Certificate2[] ldapCertificates)
{
string authenticationType = "password"; string authenticationType = "password";
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails { var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails
{
friendlyName = friendlyName, friendlyName = friendlyName,
primaryUrl = primaryUrl, primaryUrl = primaryUrl,
failoverUrl = failoverUrl, failoverUrl = failoverUrl,
@@ -750,22 +921,27 @@ namespace VMware.vSphere.SsoAdminClient
groupBaseDn = baseDNGroups groupBaseDn = baseDNGroups
}; };
if (ldapCertificates != null && ldapCertificates.Length > 0) { if (ldapCertificates != null && ldapCertificates.Length > 0)
{
var certificates = new List<string>(); var certificates = new List<string>();
foreach (var ldapCert in ldapCertificates) { foreach (var ldapCert in ldapCertificates)
{
certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
} }
if (certificates.Count > 0) { if (certificates.Count > 0)
{
adminLdapIdentitySourceDetails.certificates = certificates.ToArray(); adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
} }
} }
try { try
{
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.RegisterLdapAsync( _ssoAdminBindingClient.RegisterLdapAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminIdentitySourceManagementService", type = "SsoAdminIdentitySourceManagementService",
Value = "identitySourceManagementService" Value = "identitySourceManagementService"
}, },
@@ -774,11 +950,14 @@ namespace VMware.vSphere.SsoAdminClient
domainAlias, domainAlias,
adminLdapIdentitySourceDetails, adminLdapIdentitySourceDetails,
authenticationType, authenticationType,
new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials { new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials
{
username = authenticationUserName, username = authenticationUserName,
password = authenticationPassword password = authenticationPassword
})).Wait(); })).Wait();
} catch (AggregateException e) { }
catch (AggregateException e)
{
throw e.InnerException; throw e.InnerException;
} }
} }
@@ -790,12 +969,14 @@ namespace VMware.vSphere.SsoAdminClient
string failoverUrl, string failoverUrl,
string baseDNUsers, string baseDNUsers,
string baseDNGroups, string baseDNGroups,
X509Certificate2[] ldapCertificates) { X509Certificate2[] ldapCertificates)
{
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails { var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails
{
friendlyName = friendlyName, friendlyName = friendlyName,
primaryUrl = primaryUrl, primaryUrl = primaryUrl,
failoverUrl = failoverUrl, failoverUrl = failoverUrl,
@@ -803,45 +984,55 @@ namespace VMware.vSphere.SsoAdminClient
groupBaseDn = baseDNGroups groupBaseDn = baseDNGroups
}; };
if (ldapCertificates != null && ldapCertificates.Length > 0) { if (ldapCertificates != null && ldapCertificates.Length > 0)
{
var certificates = new List<string>(); var certificates = new List<string>();
foreach (var ldapCert in ldapCertificates) { foreach (var ldapCert in ldapCertificates)
{
certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
} }
if (certificates.Count > 0) { if (certificates.Count > 0)
{
adminLdapIdentitySourceDetails.certificates = certificates.ToArray(); adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
} }
} }
try { try
{
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.UpdateLdapAsync( _ssoAdminBindingClient.UpdateLdapAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminIdentitySourceManagementService", type = "SsoAdminIdentitySourceManagementService",
Value = "identitySourceManagementService" Value = "identitySourceManagementService"
}, },
name, name,
adminLdapIdentitySourceDetails)).Wait(); adminLdapIdentitySourceDetails)).Wait();
} catch (AggregateException e) { }
catch (AggregateException e)
{
throw e.InnerException; throw e.InnerException;
} }
} }
public IEnumerable<IdentitySource> GetDomains() { public IEnumerable<IdentitySource> GetDomains()
{
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
var domains = authorizedInvocationContext. var domains = authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.GetDomainsAsync( _ssoAdminBindingClient.GetDomainsAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminDomainManagementService", type = "SsoAdminDomainManagementService",
Value = "domainManagementService" Value = "domainManagementService"
})).Result; })).Result;
if (domains != null) { if (domains != null)
{
var localos = new LocalOSIdentitySource(); var localos = new LocalOSIdentitySource();
localos.Name = domains.localOSDomainName; localos.Name = domains.localOSDomainName;
yield return localos; yield return localos;
@@ -850,8 +1041,10 @@ namespace VMware.vSphere.SsoAdminClient
system.Name = domains.systemDomainName; system.Name = domains.systemDomainName;
yield return system; yield return system;
if (domains.externalDomains != null && domains.externalDomains.Length > 0) { if (domains.externalDomains != null && domains.externalDomains.Length > 0)
foreach (var externalDomain in domains.externalDomains) { {
foreach (var externalDomain in domains.externalDomains)
{
var extIdentitySource = new ActiveDirectoryIdentitySource(); var extIdentitySource = new ActiveDirectoryIdentitySource();
extIdentitySource.Name = externalDomain.name; extIdentitySource.Name = externalDomain.name;
extIdentitySource.Alias = externalDomain.alias; extIdentitySource.Alias = externalDomain.alias;
@@ -869,21 +1062,26 @@ namespace VMware.vSphere.SsoAdminClient
} }
} }
public void DeleteDomain(string name) { public void DeleteDomain(string name)
{
var authorizedInvocationContext = var authorizedInvocationContext =
CreateAuthorizedInvocationContext(); CreateAuthorizedInvocationContext();
try { try
{
authorizedInvocationContext. authorizedInvocationContext.
InvokeOperation(() => InvokeOperation(() =>
_ssoAdminBindingClient.DeleteAsync( _ssoAdminBindingClient.DeleteAsync(
new ManagedObjectReference { new ManagedObjectReference
{
type = "SsoAdminIdentitySourceManagementService", type = "SsoAdminIdentitySourceManagementService",
Value = "identitySourceManagementService" Value = "identitySourceManagementService"
}, },
name)).Wait(); name)).Wait();
} catch (AggregateException e) { }
catch (AggregateException e)
{
throw e.InnerException; throw e.InnerException;
} }
} }

2
Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1
View File

@@ -65,7 +65,7 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
-User $User ` -User $User `
-Password $Password ` -Password $Password `
-ErrorAction Stop } | ` -ErrorAction Stop } | `
Should -Throw "The SSL connection could not be established, see inner exception." Should -Throw "*The SSL connection could not be established, see inner exception.*"
} }
} }

56
Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1
View File

@@ -20,16 +20,23 @@ param(
$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1" $modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
Import-Module $modulePath Import-Module $modulePath
Describe "Get-SsoGroup Tests" { Describe "SsoGroup Tests" {
BeforeEach { BeforeEach {
Connect-SsoAdminServer ` Connect-SsoAdminServer `
-Server $VcAddress ` -Server $VcAddress `
-User $User ` -User $User `
-Password $Password ` -Password $Password `
-SkipCertificateCheck -SkipCertificateCheck
$script:testGroupsToDelete = @()
} }
AfterEach { AfterEach {
foreach ($group in $script:testGroupsToDelete) {
Remove-SsoGroup -Group $group
}
$connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
foreach ($connection in $connectionsToCleanup) { foreach ($connection in $connectionsToCleanup) {
Disconnect-SsoAdminServer -Server $connection Disconnect-SsoAdminServer -Server $connection
@@ -73,4 +80,51 @@ Describe "Get-SsoGroup Tests" {
Remove-SsoPersonUser -User $newPersonUser Remove-SsoPersonUser -User $newPersonUser
} }
} }
Context "New-SsoGroup" {
It 'Should create SsoGroup specifying only the name of the group' {
# Arrange
$expectedName = 'TestGroup1'
# Act
$actual = New-SsoGroup -Name $expectedName
# Assert
$actual | Should -Not -Be $null
$script:testGroupsToDelete += $actual
$actual.Name | Should -Be $expectedName
$actual.Domain | Should -Be 'vsphere.local'
$actual.Description | Should -Be ([string]::Empty)
}
It 'Should create SsoGroup specifying name and description' {
# Arrange
$expectedName = 'TestGroup2'
$expectedDescription = 'Test Description 2'
# Act
$actual = New-SsoGroup -Name $expectedName -Description $expectedDescription
# Assert
$actual | Should -Not -Be $
$script:testGroupsToDelete += $actual
$actual.Name | Should -Be $expectedName
$actual.Domain | Should -Be 'vsphere.local'
$actual.Description | Should -Be $expectedDescription
}
}
Context "Remove-SsoGroup" {
It 'Should remove SsoGroup' {
# Arrange
$groupName = 'TestGroup3'
$groupToRemove = New-SsoGroup -Name $groupName
# Act
$groupToRemove | Remove-SsoGroup
# Assert
Get-SsoGroup -Name $groupName -Domain 'vsphere.local' | Should -Be $null
}
}
} }