voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement New and Remove SsoGroup cmdlets.

Browse Source 
Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
Dimitar Milov
2021-05-25 19:11:15 +03:00
parent 09fad317e1
commit 04b0807ed5
11 changed files with 1259 additions and 841 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
Modules/VMware.vSphere.SsoAdmin/Group.ps1
View File

@@ -2,6 +2,152 @@
Copyright 2020-2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function New-SsoGroup {
<#
.NOTES
===========================================================================
Created on: 5/25/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.SYNOPSIS
Creates Local Sso Group
.DESCRIPTION
Creates Local Sso Group
.PARAMETER Name
Specifies the name of the group.
.PARAMETER Description
Specifies optionaldescription of the group.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
New-SsoGroup -Name 'myGroup' -Description 'My Group Description'
Creates local groupwith user 'myGroup' and description 'My Group Description'
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Specifies the name of the group')]
[string]
$Name,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Specifies the description of the group')]
[string]
$Description,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
# Output is the result of 'CreateLocalGroup'
try {
$connection.Client.CreateLocalGroup(
$Name,
$Description
)
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
}
function Set-SsoGroup {
}
function Remove-SsoGroup {
<#
.NOTES
===========================================================================
Created on: 5/25/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function removes existing local group.
.PARAMETER Group
Specifies the Group instance to remove.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
$myNewGroup = New-SsoGroup -Server $ssoAdminConnection -Name 'myGroup'
Remove-SsoGroup -Group $myNewGroup
Remove plocal group with name 'myGroup'
#>
[CmdletBinding(ConfirmImpact = 'High')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Group instance you want to remove from specified servers')]
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
$Group)
Process {
try {
foreach ($g in $Group) {
$ssoAdminClient = $g.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$g' is from disconnected server"
continue
}
$ssoAdminClient.RemoveLocalGroup($g)
}
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
function Add-PrincipalToSsoGroup {
}
function Remove-PrincipalFromSsoGroup {
}
function Get-SsoGroup {
<#
.NOTES

11
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
View File

@@ -11,7 +11,7 @@
RootModule = 'VMware.vSphere.SsoAdmin.psm1'
# Version number of this module.
ModuleVersion = '1.2.3'
ModuleVersion = '1.3.0'
# ID used to uniquely identify this module
GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -34,7 +34,14 @@ RequiredModules = @(
)
# Functions to export from this module
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword')
FunctionsToExport = @(
'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer',
'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Set-SsoSelfPersonUserPassword'
'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup', 'Add-PrincipalToSsoGroup', 'Remove-PrincipalFromSsoGroup'
'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy',
'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy',
'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime',
'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource')
# Cmdlets to export from this module
CmdletsToExport = @()

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

2
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
View File

@@ -103,7 +103,7 @@ namespace VMware.vSphere.SsoAdminClient.Tests
var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
// Act
var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group {
var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group(ssoAdminClient) {
Name = "Administrators",
Domain = "vsphere.local"
}).ToArray();

15
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs
View File

@@ -11,10 +11,23 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
{
public class Group
{
SsoAdminClient _client;
public Group(SsoAdminClient client)
{
_client = client;
}
public string Name { get; set; }
public string Domain { get; set; }
public string Description { get; set; }
public override string ToString() {
public SsoAdminClient GetClient()
{
return _client;
}
public override string ToString()
{
return $"{Name}@{Domain}";
}
}

450
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
View File

@@ -29,7 +29,8 @@ namespace VMware.vSphere.SsoAdminClient
private SsoPortTypeClient _ssoAdminBindingClient;
private UserPassSecurityContext _securityContext;
public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator) {
public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator)
{
if (hostname == null) throw new ArgumentNullException(nameof(hostname));
if (user == null) throw new ArgumentNullException(nameof(user));
if (password == null) throw new ArgumentNullException(nameof(password));
@@ -51,7 +52,8 @@ namespace VMware.vSphere.SsoAdminClient
var serverAuthentication = GetServerAuthentication(serverCertificateValidator);
if (serverAuthentication != null) {
if (serverAuthentication != null)
{
_ssoAdminBindingClient
.ChannelFactory
.Credentials
@@ -61,9 +63,12 @@ namespace VMware.vSphere.SsoAdminClient
}
#region Private Helpers
private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator) {
if (serverCertificateValidator != null) {
return new X509ServiceCertificateAuthentication {
private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator)
{
if (serverCertificateValidator != null)
{
return new X509ServiceCertificateAuthentication
{
CertificateValidationMode = X509CertificateValidationMode.Custom,
CustomCertificateValidator = serverCertificateValidator
};
@@ -73,14 +78,17 @@ namespace VMware.vSphere.SsoAdminClient
return null;
}
private static MessageEncodingBindingElement GetWcfEncoding() {
private static MessageEncodingBindingElement GetWcfEncoding()
{
// VMware STS requires SOAP version 1.1
return new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
}
private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy) {
private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy)
{
// Communication with the STS is over https
HttpsTransportBindingElement transport = new HttpsTransportBindingElement {
HttpsTransportBindingElement transport = new HttpsTransportBindingElement
{
RequireClientCertificate = false
};
@@ -91,7 +99,8 @@ namespace VMware.vSphere.SsoAdminClient
return transport;
}
private static CustomBinding GetBinding() {
private static CustomBinding GetBinding()
{
// There is no build-in WCF binding capable of communicating
// with VMware STS, so we create a plain custom one.
@@ -108,12 +117,14 @@ namespace VMware.vSphere.SsoAdminClient
return binding;
}
private WsSecurityContext CreateAuthorizedInvocationContext() {
private WsSecurityContext CreateAuthorizedInvocationContext()
{
// Issue Bearer token to authorize create solution user to SSO Admin service
var bearerToken = _securityContext.GetToken();
// Set WS Trust Header Serialization with issued bearer SAML token
var securityContext = new WsSecurityContext {
var securityContext = new WsSecurityContext
{
ClientChannel = _ssoAdminBindingClient.InnerChannel,
Properties = {
Credentials = {
@@ -124,12 +135,16 @@ namespace VMware.vSphere.SsoAdminClient
return securityContext;
}
String SecureStringToString(SecureString value) {
String SecureStringToString(SecureString value)
{
IntPtr valuePtr = IntPtr.Zero;
try {
try
{
valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
return Marshal.PtrToStringUni(valuePtr);
} finally {
}
finally
{
Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
}
}
@@ -146,7 +161,8 @@ namespace VMware.vSphere.SsoAdminClient
string description = null,
string emailAddress = null,
string firstName = null,
string lastName = null) {
string lastName = null)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
@@ -156,12 +172,14 @@ namespace VMware.vSphere.SsoAdminClient
var ssoPrincipalId = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.CreateLocalPersonUserAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
userName,
new SsoAdminPersonDetails {
new SsoAdminPersonDetails
{
description = description,
emailAddress = emailAddress,
firstName = firstName,
@@ -172,20 +190,24 @@ namespace VMware.vSphere.SsoAdminClient
return GetLocalUsers(ssoPrincipalId.name, ssoPrincipalId.domain, authorizedInvocationContext);
}
private PersonUser GetLocalUsers(string userName, string domain, WsSecurityContext wsSecurityContext) {
private PersonUser GetLocalUsers(string userName, string domain, WsSecurityContext wsSecurityContext)
{
// Invoke SSO Admin FindPersonUserAsync operation
var personUser = wsSecurityContext.
InvokeOperation(() =>
_ssoAdminBindingClient.FindPersonUserAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService"
},
new SsoPrincipalId {
new SsoPrincipalId
{
name = userName,
domain = domain
})).Result;
return new PersonUser(this) {
return new PersonUser(this)
{
Name = personUser.id.name,
Domain = personUser.id.domain,
Description = personUser.details.description,
@@ -197,7 +219,8 @@ namespace VMware.vSphere.SsoAdminClient
};
}
public IEnumerable<PersonUser> GetLocalUsers(string searchString, string domain) {
public IEnumerable<PersonUser> GetLocalUsers(string searchString, string domain)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -206,19 +229,24 @@ namespace VMware.vSphere.SsoAdminClient
var personUsers = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.FindPersonUsersAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService"
},
new SsoAdminPrincipalDiscoveryServiceSearchCriteria {
new SsoAdminPrincipalDiscoveryServiceSearchCriteria
{
searchString = searchString,
domain = domain
},
int.MaxValue)).Result.returnval;
if (personUsers != null) {
foreach (var personUser in personUsers) {
yield return new PersonUser(this) {
if (personUsers != null)
{
foreach (var personUser in personUsers)
{
yield return new PersonUser(this)
{
Name = personUser.id.name,
Domain = personUser.id.domain,
Description = personUser.details.description,
@@ -233,7 +261,8 @@ namespace VMware.vSphere.SsoAdminClient
}
public IEnumerable<PersonUser> GetPersonUsersInGroup(string searchString, DataTypes.Group group) {
public IEnumerable<PersonUser> GetPersonUsersInGroup(string searchString, DataTypes.Group group)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -242,20 +271,25 @@ namespace VMware.vSphere.SsoAdminClient
var personUsers = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.FindPersonUsersInGroupAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService"
},
new SsoPrincipalId {
new SsoPrincipalId
{
name = group.Name,
domain = group.Domain
},
searchString,
int.MaxValue)).Result.returnval;
if (personUsers != null) {
foreach (var personUser in personUsers) {
yield return new PersonUser(this) {
if (personUsers != null)
{
foreach (var personUser in personUsers)
{
yield return new PersonUser(this)
{
Name = personUser.id.name,
Domain = personUser.id.domain,
Description = personUser.details.description,
@@ -270,7 +304,8 @@ namespace VMware.vSphere.SsoAdminClient
}
public void DeleteLocalUser(
PersonUser principal) {
PersonUser principal)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
@@ -280,14 +315,91 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.DeleteLocalPrincipalAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
principal.Name));
}
public IEnumerable<DataTypes.Group> GetGroups(string searchString, string domain) {
private DataTypes.Group FindGroup(string name, string domain, WsSecurityContext wsSecurityContext)
{
// Invoke SSO Admin FindGroupAsync operation
var group = wsSecurityContext.
InvokeOperation(() =>
_ssoAdminBindingClient.FindGroupAsync(
new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService"
},
new SsoPrincipalId
{
name = name,
domain = domain
})).Result;
return new DataTypes.Group(this)
{
Name = group.id.name,
Domain = group.id.domain,
Description = group.details.description
};
}
public DataTypes.Group CreateLocalGroup(string name, string description)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin FindGroupsAsync operation
var ssoAdminGroup = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.CreateLocalGroupAsync(
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
name,
new SsoAdminGroupDetails
{
description = description
})).Result;
if (ssoAdminGroup != null)
{
return FindGroup(ssoAdminGroup.name, ssoAdminGroup.domain, authorizedInvocationContext);
}
else
{
return null;
}
}
public void RemoveLocalGroup(DataTypes.Group group)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin DeleteLocalPrincipal operation
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.DeleteLocalPrincipalAsync(
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
group.Name));
}
public IEnumerable<DataTypes.Group> GetGroups(string searchString, string domain)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -296,27 +408,29 @@ namespace VMware.vSphere.SsoAdminClient
var ssoAdminGroups = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.FindGroupsAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalDiscoveryService",
Value = "principalDiscoveryService"
},
new SsoAdminPrincipalDiscoveryServiceSearchCriteria {
new SsoAdminPrincipalDiscoveryServiceSearchCriteria
{
searchString = searchString,
domain = domain
},
int.MaxValue)).Result.returnval;
if (ssoAdminGroups != null) {
foreach (var group in ssoAdminGroups) {
yield return new DataTypes.Group {
Name = group.id.name,
Domain = group.id.domain
};
if (ssoAdminGroups != null)
{
foreach (var group in ssoAdminGroups)
{
yield return FindGroup(group.id.name, group.id.domain, authorizedInvocationContext);
}
}
}
public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group) {
public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -325,18 +439,21 @@ namespace VMware.vSphere.SsoAdminClient
return authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.AddUserToLocalGroupAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
new SsoPrincipalId {
new SsoPrincipalId
{
name = user.Name,
domain = user.Domain
},
group.Name)).Result;
}
public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) {
public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -345,18 +462,21 @@ namespace VMware.vSphere.SsoAdminClient
return authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.RemoveFromLocalGroupAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
new SsoPrincipalId {
new SsoPrincipalId
{
name = user.Name,
domain = user.Domain
},
group.Name)).Result;
}
public void ResetPersonUserPassword(PersonUser user, string newPassword) {
public void ResetPersonUserPassword(PersonUser user, string newPassword)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -365,7 +485,8 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
@@ -373,7 +494,8 @@ namespace VMware.vSphere.SsoAdminClient
newPassword)).Wait();
}
public void ResetSelfPersonUserPassword(SecureString newPassword) {
public void ResetSelfPersonUserPassword(SecureString newPassword)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -382,14 +504,16 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.ResetSelfLocalPersonUserPasswordAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
SecureStringToString(newPassword))).Wait();
}
public bool UnlockPersonUser(PersonUser user) {
public bool UnlockPersonUser(PersonUser user)
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
@@ -398,17 +522,20 @@ namespace VMware.vSphere.SsoAdminClient
return authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.UnlockUserAccountAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
new SsoPrincipalId {
new SsoPrincipalId
{
name = user.Name,
domain = user.Domain
})).Result;
}
public PasswordPolicy GetPasswordPolicy() {
public PasswordPolicy GetPasswordPolicy()
{
PasswordPolicy result = null;
// Create Authorization Invocation Context
var authorizedInvocationContext =
@@ -418,13 +545,16 @@ namespace VMware.vSphere.SsoAdminClient
var ssoAdminPasswordPolicy = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.GetLocalPasswordPolicyAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPasswordPolicyService",
Value = "passwordPolicyService"
})).Result;
if (ssoAdminPasswordPolicy != null) {
result = new PasswordPolicy(this) {
if (ssoAdminPasswordPolicy != null)
{
result = new PasswordPolicy(this)
{
Description = ssoAdminPasswordPolicy.description,
ProhibitedPreviousPasswordsCount = ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount,
MinLength = ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength,
@@ -453,7 +583,8 @@ namespace VMware.vSphere.SsoAdminClient
int? minAlphabeticCount = null,
int? minUppercaseCount = null,
int? minLowercaseCount = null,
int? passwordLifetimeDays = null) {
int? passwordLifetimeDays = null)
{
if (description != null ||
prohibitedPreviousPasswordsCount != null ||
@@ -465,17 +596,20 @@ namespace VMware.vSphere.SsoAdminClient
minAlphabeticCount != null ||
minUppercaseCount != null ||
minLowercaseCount != null ||
passwordLifetimeDays != null) {
passwordLifetimeDays != null)
{
var ssoAdminPasswordPolicy = new SsoAdminPasswordPolicy();
ssoAdminPasswordPolicy.description = description;
if (passwordLifetimeDays != null) {
if (passwordLifetimeDays != null)
{
ssoAdminPasswordPolicy.passwordLifetimeDays = passwordLifetimeDays.Value;
ssoAdminPasswordPolicy.passwordLifetimeDaysSpecified = true;
}
if (prohibitedPreviousPasswordsCount != null) {
if (prohibitedPreviousPasswordsCount != null)
{
ssoAdminPasswordPolicy.prohibitedPreviousPasswordsCount = prohibitedPreviousPasswordsCount.Value;
}
@@ -487,30 +621,37 @@ namespace VMware.vSphere.SsoAdminClient
minSpecialCharCount != null ||
minAlphabeticCount != null ||
minUppercaseCount != null ||
minLowercaseCount != null) {
minLowercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat = new SsoAdminPasswordFormat();
if (maxIdenticalAdjacentCharacters != null) {
if (maxIdenticalAdjacentCharacters != null)
{
ssoAdminPasswordPolicy.passwordFormat.maxIdenticalAdjacentCharacters = maxIdenticalAdjacentCharacters.Value;
}
if (minNumericCount != null) {
if (minNumericCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.minNumericCount = minNumericCount.Value;
}
if (minSpecialCharCount != null) {
if (minSpecialCharCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.minSpecialCharCount = minSpecialCharCount.Value;
}
// Update LengthRestriction if needed
if (minLength != null ||
maxLength != null) {
maxLength != null)
{
ssoAdminPasswordPolicy.passwordFormat.lengthRestriction = new SsoAdminPasswordFormatLengthRestriction();
if (maxLength != null) {
if (maxLength != null)
{
ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.maxLength = maxLength.Value;
}
if (minLength != null) {
if (minLength != null)
{
ssoAdminPasswordPolicy.passwordFormat.lengthRestriction.minLength = minLength.Value;
}
}
@@ -518,18 +659,22 @@ namespace VMware.vSphere.SsoAdminClient
// Update AlphabeticRestriction if needed
if (minAlphabeticCount != null ||
minUppercaseCount != null ||
minLowercaseCount != null) {
minLowercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction = new SsoAdminPasswordFormatAlphabeticRestriction();
if (minAlphabeticCount != null) {
if (minAlphabeticCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minAlphabeticCount = minAlphabeticCount.Value;
}
if (minUppercaseCount != null) {
if (minUppercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minUppercaseCount = minUppercaseCount.Value;
}
if (minLowercaseCount != null) {
if (minLowercaseCount != null)
{
ssoAdminPasswordPolicy.passwordFormat.alphabeticRestriction.minLowercaseCount = minLowercaseCount.Value;
}
}
@@ -543,7 +688,8 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.UpdateLocalPasswordPolicyAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminPasswordPolicyService",
Value = "passwordPolicyService"
},
@@ -553,7 +699,8 @@ namespace VMware.vSphere.SsoAdminClient
return GetPasswordPolicy();
}
public LockoutPolicy GetLockoutPolicy() {
public LockoutPolicy GetLockoutPolicy()
{
LockoutPolicy result = null;
// Create Authorization Invocation Context
var authorizedInvocationContext =
@@ -563,13 +710,16 @@ namespace VMware.vSphere.SsoAdminClient
var ssoAdminLockoutPolicy = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.GetLockoutPolicyAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminLockoutPolicyService",
Value = "lockoutPolicyService"
})).Result;
if (ssoAdminLockoutPolicy != null) {
result = new LockoutPolicy(this) {
if (ssoAdminLockoutPolicy != null)
{
result = new LockoutPolicy(this)
{
Description = ssoAdminLockoutPolicy.description,
AutoUnlockIntervalSec = ssoAdminLockoutPolicy.autoUnlockIntervalSec,
FailedAttemptIntervalSec = ssoAdminLockoutPolicy.failedAttemptIntervalSec,
@@ -584,26 +734,31 @@ namespace VMware.vSphere.SsoAdminClient
string description,
long? autoUnlockIntervalSec,
long? failedAttemptIntervalSec,
int? maxFailedAttempts) {
int? maxFailedAttempts)
{
if (description != null ||
autoUnlockIntervalSec != null ||
failedAttemptIntervalSec != null ||
maxFailedAttempts != null) {
maxFailedAttempts != null)
{
var ssoAdminLockoutPolicy = new SsoAdminLockoutPolicy();
ssoAdminLockoutPolicy.description = description;
if (autoUnlockIntervalSec != null) {
if (autoUnlockIntervalSec != null)
{
ssoAdminLockoutPolicy.autoUnlockIntervalSec = autoUnlockIntervalSec.Value;
}
if (failedAttemptIntervalSec != null) {
if (failedAttemptIntervalSec != null)
{
ssoAdminLockoutPolicy.failedAttemptIntervalSec = failedAttemptIntervalSec.Value;
}
if (maxFailedAttempts != null) {
if (maxFailedAttempts != null)
{
ssoAdminLockoutPolicy.maxFailedAttempts = maxFailedAttempts.Value;
}
@@ -615,7 +770,8 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.UpdateLockoutPolicyAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminLockoutPolicyService",
Value = "lockoutPolicyService"
},
@@ -626,7 +782,8 @@ namespace VMware.vSphere.SsoAdminClient
return GetLockoutPolicy();
}
public TokenLifetime GetTokenLifetime() {
public TokenLifetime GetTokenLifetime()
{
// Create Authorization Invocation Context
var authorizedInvocationContext =
@@ -635,7 +792,8 @@ namespace VMware.vSphere.SsoAdminClient
var maxHoKTokenLifetime = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.GetMaximumHoKTokenLifetimeAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService"
})).Result;
@@ -643,12 +801,14 @@ namespace VMware.vSphere.SsoAdminClient
var maxBearerTokenLifetime = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.GetMaximumBearerTokenLifetimeAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService"
})).Result;
return new TokenLifetime(this) {
return new TokenLifetime(this)
{
MaxHoKTokenLifetime = maxHoKTokenLifetime,
MaxBearerTokenLifetime = maxBearerTokenLifetime
};
@@ -656,27 +816,32 @@ namespace VMware.vSphere.SsoAdminClient
public TokenLifetime SetTokenLifetime(
long? maxHoKTokenLifetime,
long? maxBearerTokenLifetime) {
long? maxBearerTokenLifetime)
{
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
if (maxHoKTokenLifetime != null) {
if (maxHoKTokenLifetime != null)
{
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.SetMaximumHoKTokenLifetimeAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService"
},
maxHoKTokenLifetime.Value)).Wait();
}
if (maxBearerTokenLifetime != null) {
if (maxBearerTokenLifetime != null)
{
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.SetMaximumBearerTokenLifetimeAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService"
},
@@ -696,7 +861,8 @@ namespace VMware.vSphere.SsoAdminClient
string baseDNGroups,
string authenticationUserName,
string authenticationPassword,
string serverType) {
string serverType)
{
string authenticationType = "password";
var authorizedInvocationContext =
@@ -705,21 +871,24 @@ namespace VMware.vSphere.SsoAdminClient
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.AddExternalDomainAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminDomainManagementService",
Value = "domainManagementService"
},
serverType,
domainName,
domainAlias,
new SsoAdminExternalDomainDetails {
new SsoAdminExternalDomainDetails
{
friendlyName = friendlyName,
primaryUrl = primaryUrl,
userBaseDn = baseDNUsers,
groupBaseDn = baseDNGroups
},
authenticationType,
new SsoAdminDomainManagementServiceAuthenticationCredentails {
new SsoAdminDomainManagementServiceAuthenticationCredentails
{
username = authenticationUserName,
password = authenticationPassword
})).Wait();
@@ -736,13 +905,15 @@ namespace VMware.vSphere.SsoAdminClient
string authenticationUserName,
string authenticationPassword,
string serverType,
X509Certificate2[] ldapCertificates) {
X509Certificate2[] ldapCertificates)
{
string authenticationType = "password";
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails
{
friendlyName = friendlyName,
primaryUrl = primaryUrl,
failoverUrl = failoverUrl,
@@ -750,22 +921,27 @@ namespace VMware.vSphere.SsoAdminClient
groupBaseDn = baseDNGroups
};
if (ldapCertificates != null && ldapCertificates.Length > 0) {
if (ldapCertificates != null && ldapCertificates.Length > 0)
{
var certificates = new List<string>();
foreach (var ldapCert in ldapCertificates) {
foreach (var ldapCert in ldapCertificates)
{
certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
}
if (certificates.Count > 0) {
if (certificates.Count > 0)
{
adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
}
}
try {
try
{
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.RegisterLdapAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminIdentitySourceManagementService",
Value = "identitySourceManagementService"
},
@@ -774,11 +950,14 @@ namespace VMware.vSphere.SsoAdminClient
domainAlias,
adminLdapIdentitySourceDetails,
authenticationType,
new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials {
new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials
{
username = authenticationUserName,
password = authenticationPassword
})).Wait();
} catch (AggregateException e) {
}
catch (AggregateException e)
{
throw e.InnerException;
}
}
@@ -790,12 +969,14 @@ namespace VMware.vSphere.SsoAdminClient
string failoverUrl,
string baseDNUsers,
string baseDNGroups,
X509Certificate2[] ldapCertificates) {
X509Certificate2[] ldapCertificates)
{
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails
{
friendlyName = friendlyName,
primaryUrl = primaryUrl,
failoverUrl = failoverUrl,
@@ -803,45 +984,55 @@ namespace VMware.vSphere.SsoAdminClient
groupBaseDn = baseDNGroups
};
if (ldapCertificates != null && ldapCertificates.Length > 0) {
if (ldapCertificates != null && ldapCertificates.Length > 0)
{
var certificates = new List<string>();
foreach (var ldapCert in ldapCertificates) {
foreach (var ldapCert in ldapCertificates)
{
certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
}
if (certificates.Count > 0) {
if (certificates.Count > 0)
{
adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
}
}
try {
try
{
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.UpdateLdapAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminIdentitySourceManagementService",
Value = "identitySourceManagementService"
},
name,
adminLdapIdentitySourceDetails)).Wait();
} catch (AggregateException e) {
}
catch (AggregateException e)
{
throw e.InnerException;
}
}
public IEnumerable<IdentitySource> GetDomains() {
public IEnumerable<IdentitySource> GetDomains()
{
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
var domains = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.GetDomainsAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminDomainManagementService",
Value = "domainManagementService"
})).Result;
if (domains != null) {
if (domains != null)
{
var localos = new LocalOSIdentitySource();
localos.Name = domains.localOSDomainName;
yield return localos;
@@ -850,8 +1041,10 @@ namespace VMware.vSphere.SsoAdminClient
system.Name = domains.systemDomainName;
yield return system;
if (domains.externalDomains != null && domains.externalDomains.Length > 0) {
foreach (var externalDomain in domains.externalDomains) {
if (domains.externalDomains != null && domains.externalDomains.Length > 0)
{
foreach (var externalDomain in domains.externalDomains)
{
var extIdentitySource = new ActiveDirectoryIdentitySource();
extIdentitySource.Name = externalDomain.name;
extIdentitySource.Alias = externalDomain.alias;
@@ -869,21 +1062,26 @@ namespace VMware.vSphere.SsoAdminClient
}
}
public void DeleteDomain(string name) {
public void DeleteDomain(string name)
{
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
try {
try
{
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.DeleteAsync(
new ManagedObjectReference {
new ManagedObjectReference
{
type = "SsoAdminIdentitySourceManagementService",
Value = "identitySourceManagementService"
},
name)).Wait();
} catch (AggregateException e) {
}
catch (AggregateException e)
{
throw e.InnerException;
}
}

2
Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1
View File

@@ -65,7 +65,7 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
-User $User `
-Password $Password `
-ErrorAction Stop } | `
Should -Throw "The SSL connection could not be established, see inner exception."
Should -Throw "*The SSL connection could not be established, see inner exception.*"
}
}

56
Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1
View File

@@ -20,16 +20,23 @@ param(
$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
Import-Module $modulePath
Describe "Get-SsoGroup Tests" {
Describe "SsoGroup Tests" {
BeforeEach {
Connect-SsoAdminServer `
-Server $VcAddress `
-User $User `
-Password $Password `
-SkipCertificateCheck
$script:testGroupsToDelete = @()
}
AfterEach {
foreach ($group in $script:testGroupsToDelete) {
Remove-SsoGroup -Group $group
}
$connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
foreach ($connection in $connectionsToCleanup) {
Disconnect-SsoAdminServer -Server $connection
@@ -73,4 +80,51 @@ Describe "Get-SsoGroup Tests" {
Remove-SsoPersonUser -User $newPersonUser
}
}
Context "New-SsoGroup" {
It 'Should create SsoGroup specifying only the name of the group' {
# Arrange
$expectedName = 'TestGroup1'
# Act
$actual = New-SsoGroup -Name $expectedName
# Assert
$actual | Should -Not -Be $null
$script:testGroupsToDelete += $actual
$actual.Name | Should -Be $expectedName
$actual.Domain | Should -Be 'vsphere.local'
$actual.Description | Should -Be ([string]::Empty)
}
It 'Should create SsoGroup specifying name and description' {
# Arrange
$expectedName = 'TestGroup2'
$expectedDescription = 'Test Description 2'
# Act
$actual = New-SsoGroup -Name $expectedName -Description $expectedDescription
# Assert
$actual | Should -Not -Be $
$script:testGroupsToDelete += $actual
$actual.Name | Should -Be $expectedName
$actual.Domain | Should -Be 'vsphere.local'
$actual.Description | Should -Be $expectedDescription
}
}
Context "Remove-SsoGroup" {
It 'Should remove SsoGroup' {
# Arrange
$groupName = 'TestGroup3'
$groupToRemove = New-SsoGroup -Name $groupName
# Act
$groupToRemove | Remove-SsoGroup
# Assert
Get-SsoGroup -Name $groupName -Domain 'vsphere.local' | Should -Be $null
}
}
}