Implement Get/Set-TokenLifetime

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1

@@ -34,7 +34,7 @@ RequiredModules = @(
 )
 
 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy', 'Get-LockoutPolicy', 'Set-LockoutPolicy')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy', 'Get-LockoutPolicy', 'Set-LockoutPolicy', 'Get-TokenLifetime', 'Set-TokenLifetime')
 
 # Cmdlets to export from this module
 CmdletsToExport = @()

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1

@@ -1092,4 +1092,120 @@ function Set-LockoutPolicy {
       }
    }
 }
+#endregion
+
+#region TokenLifetime cmdlets
+function Get-TokenLifetime {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	9/30/2020
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function gets HoK and Bearer Token lifetime settings.
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+   .EXAMPLE
+   Get-TokenLifetime
+
+   Gets HoK and Bearer Token lifetime settings for the server connections available in $global:defaultSsoAdminServers
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+   Process {
+      $serversToProcess = $global:DefaultSsoAdminServers
+      if ($Server -ne $null) {
+         $serversToProcess = $Server
+      }
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.GetTokenLifetime();
+      }
+   }
+}
+
+function Set-TokenLifetime {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	9/30/2020
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function updates HoK or Bearer token lifetime settings.
+
+   .PARAMETER TokenLifetime
+   Specifies the TokenLifetime instance to update.
+
+   .PARAMETER MaxHoKTokenLifetime
+
+   .PARAMETER MaxBearerTokenLifetime
+
+   .EXAMPLE
+   Get-TokenLifetime | Set-TokenLifetime -MaxHoKTokenLifetime 60
+
+   Updates HoK token lifetime setting
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$true,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='TokenLifetime instance you want to update')]
+   [VMware.vSphere.SsoAdminClient.DataTypes.TokenLifetime]
+   $TokenLifetime,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int64]]
+   $MaxHoKTokenLifetime,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int64]]
+   $MaxBearerTokenLifetime)
+
+   Process {
+
+      foreach ($tl in $TokenLifetime) {
+
+         $ssoAdminClient = $tl.GetClient()
+         if ((-not $ssoAdminClient)) {
+            Write-Error "Object '$tl' is from disconnected server"
+            continue
+         }
+
+         $ssoAdminClient.SetTokenLifetime(
+            $MaxHoKTokenLifetime,
+            $MaxBearerTokenLifetime
+         );
+      }
+   }
+}
 #endregion

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/TokenLifetime.cs

@@ -0,0 +1,27 @@
+// **************************************************************************
+//  Copyright (c) VMware, Inc.  All rights reserved. -- VMware Confidential.
+// **************************************************************************
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace VMware.vSphere.SsoAdminClient.DataTypes
+{
+   public class TokenLifetime
+   {
+      SsoAdminClient _client;
+      public TokenLifetime(SsoAdminClient client) {
+         _client = client;
+      }
+
+      public SsoAdminClient GetClient() {
+         return _client;
+      }
+
+      public long MaxHoKTokenLifetime { get; set; }
+      public long MaxBearerTokenLifetime { get; set; }
+   }
+}

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs

@@ -556,6 +556,67 @@ namespace VMware.vSphere.SsoAdminClient
 
          return GetLockoutPolicy();
       }
+
+      public TokenLifetime GetTokenLifetime() {
+
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         var maxHoKTokenLifetime = authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.GetMaximumHoKTokenLifetimeAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminConfigurationManagementService",
+                     Value = "configurationManagementService"
+                  })).Result;
+
+         var maxBearerTokenLifetime = authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.GetMaximumBearerTokenLifetimeAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminConfigurationManagementService",
+                     Value = "configurationManagementService"
+                  })).Result;
+
+         return new TokenLifetime(this) {
+            MaxHoKTokenLifetime = maxHoKTokenLifetime,
+            MaxBearerTokenLifetime = maxBearerTokenLifetime
+         };
+      }
+
+      public TokenLifetime SetTokenLifetime(
+         long? maxHoKTokenLifetime,
+         long? maxBearerTokenLifetime) {
+         
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         if (maxHoKTokenLifetime != null) {
+            authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.SetMaximumHoKTokenLifetimeAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminConfigurationManagementService",
+                     Value = "configurationManagementService"
+                  },
+                  maxHoKTokenLifetime.Value)).Wait();
+         }
+
+         if (maxBearerTokenLifetime != null) {
+            authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.SetMaximumBearerTokenLifetimeAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminConfigurationManagementService",
+                     Value = "configurationManagementService"
+                  },
+                  maxBearerTokenLifetime.Value)).Wait();
+         }
+
+
+         return GetTokenLifetime();
+      }
       #endregion
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/test/TokenLifetime.Tests.ps1

@@ -0,0 +1,75 @@
+#**************************************************************************
+# Copyright (c) VMware, Inc. All rights reserved.
+#**************************************************************************
+
+param(
+    [Parameter(Mandatory = $true)]
+    [string]
+    $VcAddress,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $User,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $Password
+)
+
+# Import Vmware.vSphere.SsoAdmin Module
+$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
+Import-Module $modulePath
+
+Describe "TokenLifetime Tests" {
+   BeforeEach {
+      Connect-SsoAdminServer `
+         -Server $VcAddress `
+         -User $User `
+         -Password $Password `
+         -SkipCertificateCheck
+   }
+
+   AfterEach {
+      $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
+      foreach ($connection in $connectionsToCleanup) {
+         Disconnect-SsoAdminServer -Server $connection
+      }
+   }
+
+   Context "Get-TokenLifetime" {
+      It 'Gets token lifetime settings' {
+         # Act
+         $actual = Get-TokenLifetime
+
+         # Assert
+         $actual | Should Not Be $null
+         $actual.MaxHoKTokenLifetime | Should BeGreaterThan 0
+         $actual.MaxBearerTokenLifetime | Should BeGreaterThan 0
+      }
+   }
+
+   Context "Set-TokenLifetime" {
+      It 'Updates MaxHoKTokenLifetime and MaxBearerTokenLifetime' {
+         # Arrange
+         $tokenLifetimeToUpdate = Get-TokenLifetime
+         $expectedMaxHoKTokenLifetime = 60
+         $expectedMaxBearerTokenLifetime = 30
+
+         # Act
+         $actual = Set-TokenLifetime `
+            -TokenLifetime $tokenLifetimeToUpdate `
+            -MaxHoKTokenLifetime $expectedMaxHoKTokenLifetime `
+            -MaxBearerTokenLifetime $expectedMaxBearerTokenLifetime
+
+         # Assert
+         $actual | Should Not Be $null
+         $actual.MaxHoKTokenLifetime | Should Be $expectedMaxHoKTokenLifetime
+         $actual.MaxBearerTokenLifetime | Should Be $expectedMaxBearerTokenLifetime
+
+         # Cleanup
+         $tokenLifetimeToUpdate | Set-TokenLifetime `
+            -MaxHoKTokenLifetime $tokenLifetimeToUpdate.MaxHoKTokenLifetime `
+            -MaxBearerTokenLifetime $tokenLifetimeToUpdate.MaxBearerTokenLifetime
+      }
+   }
+}