Implement Enable/Disable Person Uer account in the Set-SsoPersonUser cmdlet (#471)

Signed-off-by: Dimitar Milov <dmilov@vmware.com>

Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1

@@ -290,11 +290,14 @@ function Set-SsoPersonUser {
     Specifies user will be removed from the spcified group.
 
     .PARAMETER Unlock
-    Specifies user will be unloacked.
+    Specifies user will be unlocked.
 
     .PARAMETER NewPassword
     Specifies new password for the specified user.
 
+    .PARAMETER Enable
+    Specifies user to be enabled or disabled.
+
     .EXAMPLE
     Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
 
@@ -310,6 +313,11 @@ function Set-SsoPersonUser {
 
     Unlocks $myPersonUser
 
+     .EXAMPLE
+    Set-SsoPersonUser -User $myPersonUser -Enable $false -Server $ssoAdminConnection
+
+    Disable user account
+
     .EXAMPLE
     Set-SsoPersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
 
@@ -366,7 +374,14 @@ function Set-SsoPersonUser {
             Mandatory = $true,
             HelpMessage = 'Specifies to unlock user account.')]
         [switch]
-        $Unlock)
+        $Unlock,
+
+        [Parameter(
+            ParameterSetName = 'EnableDisableUserAccount',
+            Mandatory = $true,
+            HelpMessage = 'Specifies to enable or disable user account.')]
+        [bool]
+        $Enable)
 
     Process {
         try {
@@ -402,6 +417,19 @@ function Set-SsoPersonUser {
                     $ssoAdminClient.ResetPersonUserPassword($u, $NewPassword)
                     Write-Output $u
                 }
+
+                if ($PSBoundParameters.ContainsKey('Enable')) {
+                    $result = $false
+                    if ($Enable) {
+                        $result = $ssoAdminClient.EnablePersonUser($u)
+                    } else {
+                        $result = $ssoAdminClient.DisablePersonUser($u)
+                    }
+                    if ($result) {
+                        # Return update person user
+                        Write-Output ($ssoAdminClient.GetLocalUsers($u.Name, $u.Domain))
+                    }
+                }
             }
         }
         catch {

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1

@@ -16,7 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.3.1'
+ModuleVersion = '1.3.2'
 
 # ID used to uniquely identify this module
 GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs

@@ -700,6 +700,50 @@ namespace VMware.vSphere.SsoAdminClient
                      })).Result;
         }
 
+        public bool EnablePersonUser(PersonUser user)
+        {
+            // Create Authorization Invocation Context
+            var authorizedInvocationContext =
+               CreateAuthorizedInvocationContext();
+
+            // Invoke SSO Admin EnableUserAccountAsync operation
+            return authorizedInvocationContext.
+               InvokeOperation(() =>
+                  _ssoAdminBindingClient.EnableUserAccountAsync(
+                     new ManagedObjectReference
+                     {
+                         type = "SsoAdminPrincipalManagementService",
+                         Value = "principalManagementService"
+                     },
+                     new SsoPrincipalId
+                     {
+                         name = user.Name,
+                         domain = user.Domain
+                     })).Result;
+        }
+
+        public bool DisablePersonUser(PersonUser user)
+        {
+            // Create Authorization Invocation Context
+            var authorizedInvocationContext =
+               CreateAuthorizedInvocationContext();
+
+            // Invoke SSO Admin DisableUserAccountAsync operation
+            return authorizedInvocationContext.
+               InvokeOperation(() =>
+                  _ssoAdminBindingClient.DisableUserAccountAsync(
+                     new ManagedObjectReference
+                     {
+                         type = "SsoAdminPrincipalManagementService",
+                         Value = "principalManagementService"
+                     },
+                     new SsoPrincipalId
+                     {
+                         name = user.Name,
+                         domain = user.Domain
+                     })).Result;
+        }
+
         public PasswordPolicy GetPasswordPolicy()
         {
             PasswordPolicy result = null;

Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1

@@ -406,6 +406,41 @@ Describe "PersonUser Tests" {
          # Assert
          $actual | Should -Be $null
       }
+
+      It 'Disables and enables person user' {
+        # Arrange
+        $userName = "TestEnablePersonUserName"
+        $userPassword = '$tr0NG_TestPa$$w0rd'
+        $connection = Connect-SsoAdminServer `
+           -Server $VcAddress `
+           -User $User `
+           -Password $Password `
+           -SkipCertificateCheck
+
+        $personUserToUpdate = New-SsoPersonUser `
+           -UserName $userName `
+           -Password $userPassword `
+           -Server $connection
+
+        $script:usersToCleanup += $personUserToUpdate
+
+        # Act
+        $personUserToUpdate.Disabled | Should -Be $false
+        $actual = Set-SsoPersonUser `
+           -User $personUserToUpdate `
+           -Enable $false
+
+        # Assert
+        $actual.Disabled | Should -Be $true
+
+        # Act
+        $actual = Set-SsoPersonUser `
+           -User $actual `
+           -Enable $true
+
+        # Assert
+        $actual.Disabled | Should -Be $false
+     }
    }
 
    Context "Remove-SsoPersonUser" {