diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index 735cc3e..a1b08ff 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -34,7 +34,7 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy', 'Get-LockoutPolicy', 'Set-LockoutPolicy') +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy', 'Get-LockoutPolicy', 'Set-LockoutPolicy', 'Get-TokenLifetime', 'Set-TokenLifetime') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index 932a9ad..b6f39e2 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -1092,4 +1092,120 @@ function Set-LockoutPolicy { } } } +#endregion + +#region TokenLifetime cmdlets +function Get-TokenLifetime { +<# + .NOTES + =========================================================================== + Created on: 9/30/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function gets HoK and Bearer Token lifetime settings. + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + .EXAMPLE + Get-TokenLifetime + + Gets HoK and Bearer Token lifetime settings for the server connections available in $global:defaultSsoAdminServers +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + + Process { + $serversToProcess = $global:DefaultSsoAdminServers + if ($Server -ne $null) { + $serversToProcess = $Server + } + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + $connection.Client.GetTokenLifetime(); + } + } +} + +function Set-TokenLifetime { +<# + .NOTES + =========================================================================== + Created on: 9/30/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function updates HoK or Bearer token lifetime settings. + + .PARAMETER TokenLifetime + Specifies the TokenLifetime instance to update. + + .PARAMETER MaxHoKTokenLifetime + + .PARAMETER MaxBearerTokenLifetime + + .EXAMPLE + Get-TokenLifetime | Set-TokenLifetime -MaxHoKTokenLifetime 60 + + Updates HoK token lifetime setting +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$false, + HelpMessage='TokenLifetime instance you want to update')] + [VMware.vSphere.SsoAdminClient.DataTypes.TokenLifetime] + $TokenLifetime, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int64]] + $MaxHoKTokenLifetime, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int64]] + $MaxBearerTokenLifetime) + + Process { + + foreach ($tl in $TokenLifetime) { + + $ssoAdminClient = $tl.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$tl' is from disconnected server" + continue + } + + $ssoAdminClient.SetTokenLifetime( + $MaxHoKTokenLifetime, + $MaxBearerTokenLifetime + ); + } + } +} #endregion \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 1f73a75..ccd44ab 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll index 50c208d..744f948 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/TokenLifetime.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/TokenLifetime.cs new file mode 100644 index 0000000..c5d7cf0 --- /dev/null +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/TokenLifetime.cs @@ -0,0 +1,27 @@ +// ************************************************************************** +// Copyright (c) VMware, Inc. All rights reserved. -- VMware Confidential. +// ************************************************************************** + +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +namespace VMware.vSphere.SsoAdminClient.DataTypes +{ + public class TokenLifetime + { + SsoAdminClient _client; + public TokenLifetime(SsoAdminClient client) { + _client = client; + } + + public SsoAdminClient GetClient() { + return _client; + } + + public long MaxHoKTokenLifetime { get; set; } + public long MaxBearerTokenLifetime { get; set; } + } +} diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index ce3bcb9..c7caac1 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -556,6 +556,67 @@ namespace VMware.vSphere.SsoAdminClient return GetLockoutPolicy(); } + + public TokenLifetime GetTokenLifetime() { + + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + var maxHoKTokenLifetime = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.GetMaximumHoKTokenLifetimeAsync( + new ManagedObjectReference { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + })).Result; + + var maxBearerTokenLifetime = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.GetMaximumBearerTokenLifetimeAsync( + new ManagedObjectReference { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + })).Result; + + return new TokenLifetime(this) { + MaxHoKTokenLifetime = maxHoKTokenLifetime, + MaxBearerTokenLifetime = maxBearerTokenLifetime + }; + } + + public TokenLifetime SetTokenLifetime( + long? maxHoKTokenLifetime, + long? maxBearerTokenLifetime) { + + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + if (maxHoKTokenLifetime != null) { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.SetMaximumHoKTokenLifetimeAsync( + new ManagedObjectReference { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + }, + maxHoKTokenLifetime.Value)).Wait(); + } + + if (maxBearerTokenLifetime != null) { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.SetMaximumBearerTokenLifetimeAsync( + new ManagedObjectReference { + type = "SsoAdminConfigurationManagementService", + Value = "configurationManagementService" + }, + maxBearerTokenLifetime.Value)).Wait(); + } + + + return GetTokenLifetime(); + } #endregion } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/TokenLifetime.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/TokenLifetime.Tests.ps1 new file mode 100644 index 0000000..89f42a4 --- /dev/null +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/TokenLifetime.Tests.ps1 @@ -0,0 +1,75 @@ +#************************************************************************** +# Copyright (c) VMware, Inc. All rights reserved. +#************************************************************************** + +param( + [Parameter(Mandatory = $true)] + [string] + $VcAddress, + + [Parameter(Mandatory = $true)] + [string] + $User, + + [Parameter(Mandatory = $true)] + [string] + $Password +) + +# Import Vmware.vSphere.SsoAdmin Module +$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1" +Import-Module $modulePath + +Describe "TokenLifetime Tests" { + BeforeEach { + Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + } + + AfterEach { + $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() + foreach ($connection in $connectionsToCleanup) { + Disconnect-SsoAdminServer -Server $connection + } + } + + Context "Get-TokenLifetime" { + It 'Gets token lifetime settings' { + # Act + $actual = Get-TokenLifetime + + # Assert + $actual | Should Not Be $null + $actual.MaxHoKTokenLifetime | Should BeGreaterThan 0 + $actual.MaxBearerTokenLifetime | Should BeGreaterThan 0 + } + } + + Context "Set-TokenLifetime" { + It 'Updates MaxHoKTokenLifetime and MaxBearerTokenLifetime' { + # Arrange + $tokenLifetimeToUpdate = Get-TokenLifetime + $expectedMaxHoKTokenLifetime = 60 + $expectedMaxBearerTokenLifetime = 30 + + # Act + $actual = Set-TokenLifetime ` + -TokenLifetime $tokenLifetimeToUpdate ` + -MaxHoKTokenLifetime $expectedMaxHoKTokenLifetime ` + -MaxBearerTokenLifetime $expectedMaxBearerTokenLifetime + + # Assert + $actual | Should Not Be $null + $actual.MaxHoKTokenLifetime | Should Be $expectedMaxHoKTokenLifetime + $actual.MaxBearerTokenLifetime | Should Be $expectedMaxBearerTokenLifetime + + # Cleanup + $tokenLifetimeToUpdate | Set-TokenLifetime ` + -MaxHoKTokenLifetime $tokenLifetimeToUpdate.MaxHoKTokenLifetime ` + -MaxBearerTokenLifetime $tokenLifetimeToUpdate.MaxBearerTokenLifetime + } + } +} \ No newline at end of file