voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement feature issue #472 (#474)

Browse Source 
Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
dmilov
2021-07-28 16:23:54 +03:00
committed by GitHub
parent 0cbd85190c
commit 2b62d20d13
11 changed files with 1896 additions and 1228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

329
Modules/VMware.vSphere.SsoAdmin/AuthenticationPolicy.ps1 Normal file
View File

@@ -0,0 +1,329 @@
<#
Copyright 2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
function Get-SsoAuthenticationPolicy {
<#
.NOTES
===========================================================================
Created on: 7/28/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.SYNOPSIS
Gets Authentication Policy
.DESCRIPTION
Gets Authentication Policy.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-SsoAuthenticationPolicy
Gets the Authentication Policy for the connected servers
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
if ($null -ne $Server) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
# Output is the result of 'GetAuthenticationPolicy'
try {
$connection.Client.GetAuthenticationPolicy()
}
catch {
Write-Error (FormatError $_.Exception)
}
}
}
}
function Set-SsoAuthenticationPolicy {
<#
.NOTES
===========================================================================
Created on: 7/28/2021
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.SYNOPSIS
Updates Authentication Policy
.DESCRIPTION
Updates Authentication Policy settings
.PARAMETER AuthenticationPolicy
An AuthenticationPolicy to update retrieved from Set-SsoAuthenticationPolicy cmdlet
.PARAMETER PasswordAuthnEnabled
Enables or disables Password Authentication
.PARAMETER WindowsAuthnEnabled
Enables or disables Windows Authentication
.PARAMETER SmartCardAuthnEnabled
Enables or disables Smart Card Authentication
.PARAMETER CRLCacheSize
Specifies CRL Cache size
.PARAMETER CRLUrl
Specifies CRL Url
.PARAMETER OCSPEnabled
Enables or disables OCSP
.PARAMETER OCSPResponderSigningCert
OCSP Responder Signing Certificate
.PARAMETER OCSPUrl
.PARAMETER OIDs
.PARAMETER SendOCSPNonce
.PARAMETER TrustedCAs
.PARAMETER UseCRLAsFailOver,
.PARAMETER UseInCertCRL
.EXAMPLE
$myServer = Connect-SsoAdminServer -Server MyServer -User myUser -Password myPassword
Get-SsoAuthenticationPolicy -Server $myServer | Set-SsoAuthenticationPolicy -SmartCardAuthnEnabled $true
Enables SmartCard Authnetication on server $myServer
#>
[CmdletBinding(ConfirmImpact = 'Medium')]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'AuthenticationPolicy object to update')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.AuthenticationPolicy]
$AuthenticationPolicy,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Enables or disables Password Authentication')]
[bool]
$PasswordAuthnEnabled,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Enables or disables Windows Authentication')]
[bool]
$WindowsAuthnEnabled,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Enables or disables Smart Card Authentication')]
[bool]
$SmartCardAuthnEnabled,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'CRL Cache size')]
[int]
$CRLCacheSize,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'CRL Url')]
[string]
$CRLUrl,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Enables or disables OCSP')]
[bool]
$OCSPEnabled,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'OCSP Responder Signing Certificate')]
[System.Security.Cryptography.X509Certificates.X509Certificate2]
$OCSPResponderSigningCert,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'OCSP Url')]
[string]
$OCSPUrl,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'OIDs')]
[string[]]
$OIDs,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Enables or disables seinding OCSP Nonce')]
[bool]
$SendOCSPNonce,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'List of trusted CAs')]
[string[]]
$TrustedCAs,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Specifies whether to use CRL fail over')]
[bool]
$UseCRLAsFailOver,
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false,
HelpMessage = 'Specifiеs whether to use CRL from certificate')]
[bool]
$UseInCertCRL)
Process {
try {
foreach ($a in $AuthenticationPolicy) {
$ssoAdminClient = $a.GetClient()
if ((-not $ssoAdminClient)) {
Write-Error "Object '$a' is from disconnected server"
continue
}
if (-not $PSBoundParameters.ContainsKey('PasswordAuthnEnabled')) {
$PasswordAuthnEnabled = $a.PasswordAuthnEnabled
}
if (-not $PSBoundParameters.ContainsKey('WindowsAuthnEnabled')) {
$WindowsAuthnEnabled = $a.WindowsAuthnEnabled
}
if (-not $PSBoundParameters.ContainsKey('SmartCardAuthnEnabled')) {
$SmartCardAuthnEnabled = $a.SmartCardAuthnEnabled
}
if (-not $PSBoundParameters.ContainsKey('CRLCacheSize')) {
$CRLCacheSize = $a.CRLCacheSize
}
if (-not $PSBoundParameters.ContainsKey('CRLUrl')) {
$CRLUrl = $a.CRLUrl
}
if (-not $PSBoundParameters.ContainsKey('OCSPEnabled')) {
$OCSPEnabled = $a.OCSPEnabled
}
if (-not $PSBoundParameters.ContainsKey('OCSPResponderSigningCert')) {
$OCSPResponderSigningCert = $a.OCSPResponderSigningCert
}
if (-not $PSBoundParameters.ContainsKey('OCSPUrl')) {
$OCSPUrl = $a.OCSPUrl
}
if (-not $PSBoundParameters.ContainsKey('OIDs')) {
$OIDs = $a.OIDs
}
if (-not $PSBoundParameters.ContainsKey('SendOCSPNonce')) {
$SendOCSPNonce = $a.SendOCSPNonce
}
if (-not $PSBoundParameters.ContainsKey('TrustedCAs')) {
$TrustedCAs = $a.TrustedCAs
}
if (-not $PSBoundParameters.ContainsKey('UseCRLAsFailOver')) {
$UseCRLAsFailOver = $a.UseCRLAsFailOver
}
if (-not $PSBoundParameters.ContainsKey('UseInCertCRL')) {
$UseInCertCRL = $a.UseInCertCRL
}
$ssoAdminClient.SetAuthenticationPolicy(
$PasswordAuthnEnabled,
$WindowsAuthnEnabled,
$SmartCardAuthnEnabled,
$CRLCacheSize,
$CRLUrl,
$OCSPEnabled,
$OCSPResponderSigningCert,
$OCSPUrl,
$OIDs,
$SendOCSPNonce,
$TrustedCAs,
$UseCRLAsFailOver,
$UseInCertCRL
)
# Output updated policy
Write-Output ($ssoAdminClient.GetAuthenticationPolicy())
}
} catch {
Write-Error (FormatError $_.Exception)
}
}
}

135
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
View File

@@ -1,22 +1,21 @@
<#
Copyright 2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
# #
# Module manifest for module 'VMware.vSphere.SsoAdmin' # Module manifest for module 'VMware.vSphere.SsoAdmin'
# #
# Generated by: dmilov@vmware.com # Generated by: Dimitar Milov
#
# Generated on: 7/28/2021
# #
# Generated on: 9/25/20
@{ @{
# Script module or binary module file associated with this manifest # Script module or binary module file associated with this manifest.
RootModule = 'VMware.vSphere.SsoAdmin.psm1' RootModule = 'VMware.vSphere.SsoAdmin.psm1'
# Version number of this module. # Version number of this module.
ModuleVersion = '1.3.2' ModuleVersion = '1.3.3'
# Supported PSEditions
# CompatiblePSEditions = @()
# ID used to uniquely identify this module # ID used to uniquely identify this module
GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b' GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -33,27 +32,111 @@ Copyright = 'Copyright (c) VMware, Inc. All rights reserved.'
# Description of the functionality provided by this module # Description of the functionality provided by this module
Description = 'PowerShell Module for Managing VMware vSphere SSO Admin functionality.' Description = 'PowerShell Module for Managing VMware vSphere SSO Admin functionality.'
# Minimum version of the PowerShell engine required by this module
# PowerShellVersion = ''
# Name of the PowerShell host required by this module
# PowerShellHostName = ''
# Minimum version of the PowerShell host required by this module
# PowerShellHostVersion = ''
# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# DotNetFrameworkVersion = ''
# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# ClrVersion = ''
# Processor architecture (None, X86, Amd64) required by this module
# ProcessorArchitecture = ''
# Modules that must be imported into the global environment prior to importing this module # Modules that must be imported into the global environment prior to importing this module
RequiredModules = @( RequiredModules = @(@{ModuleName = 'VMware.VimAutomation.Common'; ModuleVersion = '12.0.0.15939652'; })
@{"ModuleName"="VMware.VimAutomation.Common";"ModuleVersion"="12.0.0.15939652"}
)
# Functions to export from this module # Assemblies that must be loaded prior to importing this module
FunctionsToExport = @( # RequiredAssemblies = @()
'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer',
'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Set-SsoSelfPersonUserPassword'
'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup', 'Add-GroupToSsoGroup', 'Remove-GroupFromSsoGroup', 'Add-UserToSsoGroup', 'Remove-UserFromSsoGroup'
'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy',
'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy',
'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime',
'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource')
# Cmdlets to export from this module # Script files (.ps1) that are run in the caller's environment prior to importing this module.
# ScriptsToProcess = @()
# Type files (.ps1xml) to be loaded when importing this module
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
# FormatsToProcess = @()
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer',
'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser',
'Remove-SsoPersonUser', 'Set-SsoSelfPersonUserPassword',
'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup',
'Add-GroupToSsoGroup', 'Remove-GroupFromSsoGroup',
'Add-UserToSsoGroup', 'Remove-UserFromSsoGroup',
'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy',
'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy',
'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource',
'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource',
'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource',
'Get-SsoAuthenticationPolicy', 'Set-SsoAuthenticationPolicy'
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @() CmdletsToExport = @()
# Variables to export from this module # Variables to export from this module
VariablesToExport = '' # VariablesToExport = @()
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = 'Add-ActiveDirectoryIdentitySource'
# DSC resources to export from this module
# DscResourcesToExport = @()
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
# Tags = @()
# A URL to the license for this module.
# LicenseUri = ''
# A URL to the main website for this project.
# ProjectUri = ''
# A URL to an icon representing this module.
IconUri = 'https://blogs.vmware.com/PowerCLI/files/2020/10/PowerCLI.png'
# ReleaseNotes of this module
# ReleaseNotes = ''
# Prerelease string of this module
# Prerelease = ''
# Flag to indicate whether the module requires explicit user acceptance for install/update/save
# RequireLicenseAcceptance = $false
# External dependent modules of this module
# ExternalModuleDependencies = @()
} # End of PSData hashtable
} # End of PrivateData hashtable
# HelpInfo URI of this module
# HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}
# Aliases to export from this module
AliasesToExport = @('Add-ActiveDirectoryIdentitySource')
}

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

36
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/AuthenticationPolicy.cs Normal file
View File

@@ -0,0 +1,36 @@
/*
Copyright 2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
*/
using System.Security.Cryptography.X509Certificates;
namespace VMware.vSphere.SsoAdminClient.DataTypes
{
public class AuthenticationPolicy
{
SsoAdminClient _client;
public AuthenticationPolicy(SsoAdminClient client) {
_client = client;
}
public SsoAdminClient GetClient() {
return _client;
}
public bool PasswordAuthnEnabled { get; internal set; }
public bool WindowsAuthnEnabled { get; internal set; }
public bool SmartCardAuthnEnabled { get; internal set; }
public bool OCSPEnabled { get; internal set; }
public bool UseCRLAsFailOver { get; internal set; }
public bool SendOCSPNonce { get; internal set; }
public string OCSPUrl { get; internal set; }
public X509Certificate2 OCSPResponderSigningCert { get; internal set; }
public bool UseInCertCRL { get; internal set; }
public string CRLUrl { get; internal set; }
public int CRLCacheSize { get; internal set; }
public string[] Oids { get; internal set; }
public string[] TrustedCAs { get; internal set; }
}
}

125
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
View File

@@ -1296,5 +1296,130 @@ namespace VMware.vSphere.SsoAdminClient
} }
} }
#endregion #endregion
#region AuthenticationConfiguration
public DataTypes.AuthenticationPolicy GetAuthenticationPolicy() {
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
var authnPolicy = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.GetAuthnPolicyAsync(
new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService"
})).Result;
return new DataTypes.AuthenticationPolicy(this)
{
PasswordAuthnEnabled = authnPolicy.PasswordAuthnEnabled,
WindowsAuthnEnabled = authnPolicy.WindowsAuthEnabled,
SmartCardAuthnEnabled = authnPolicy.CertAuthEnabled,
CRLCacheSize = authnPolicy.clientCertPolicy.crlCacheSize,
CRLUrl = authnPolicy.clientCertPolicy.crlUrl,
OCSPEnabled = authnPolicy.clientCertPolicy.ocspEnabled,
OCSPResponderSigningCert = string.IsNullOrEmpty(authnPolicy.clientCertPolicy.ocspResponderSigningCert) ? null : new X509Certificate2(authnPolicy.clientCertPolicy.ocspResponderSigningCert),
OCSPUrl = authnPolicy.clientCertPolicy.ocspUrl,
Oids = authnPolicy.clientCertPolicy.oids,
SendOCSPNonce = authnPolicy.clientCertPolicy.sendOCSPNonce,
TrustedCAs = authnPolicy.clientCertPolicy.trustedCAs,
UseCRLAsFailOver = authnPolicy.clientCertPolicy.useCRLAsFailOver,
UseInCertCRL = authnPolicy.clientCertPolicy.useInCertCRL
};
}
public void SetAuthenticationPolicy(
bool passwordAuthnEnabled,
bool windowsAuthnEnabled,
bool smartCardAuthnEnabled,
int crlCacheSize,
string crlUrl,
bool ocspEnabled,
X509Certificate2 ocspResponderSigningCert,
string ocspUrl,
string[] oids,
bool sendOCSPNonce,
string[] trustedCAs,
bool useCRLAsFailOver,
bool useInCertCRL
) {
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
var ssoAdminAuthnPolicy = new SsoAdminAuthnPolicy{
PasswordAuthnEnabled = passwordAuthnEnabled,
WindowsAuthEnabled = windowsAuthnEnabled,
CertAuthEnabled = smartCardAuthnEnabled,
clientCertPolicy = new SsoAdminClientCertPolicy {
enabled = smartCardAuthnEnabled,
crlCacheSize = crlCacheSize,
crlUrl = crlUrl,
ocspEnabled = ocspEnabled,
ocspUrl = ocspUrl,
oids = oids,
sendOCSPNonce = sendOCSPNonce,
trustedCAs = trustedCAs,
useCRLAsFailOver = useCRLAsFailOver,
useInCertCRL = useInCertCRL
}
};
if (ocspResponderSigningCert != null) {
ssoAdminAuthnPolicy.clientCertPolicy.ocspResponderSigningCert = Convert.ToBase64String(ocspResponderSigningCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks);
}
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.SetAuthnPolicyAsync(
new ManagedObjectReference
{
type = "SsoAdminConfigurationManagementService",
Value = "configurationManagementService"
},
ssoAdminAuthnPolicy
)).Wait();
}
#endregion
#region Global Permission
public void SetRoleForUser(DataTypes.PersonUser user, string role) {
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
var authnPolicy = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.SetRoleAsync(
new ManagedObjectReference
{
type = "SsoAdminRoleManagementService",
Value = "roleManagementService"
},
new SsoPrincipalId{
domain = user.Domain,
name = user.Name
},
role)).Result;
}
public void SetRoleForGroup(DataTypes.Group group, string role) {
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
var authnPolicy = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.SetRoleAsync(
new ManagedObjectReference
{
type = "SsoAdminRoleManagementService",
Value = "roleManagementService"
},
new SsoPrincipalId{
domain = group.Domain,
name = group.Name
},
role)).Result;
}
#endregion
} }
} }

2404
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminServiceReference/Reference.cs
View File

File diff suppressed because it is too large Load Diff

BIN
Modules/VMware.vSphere.SsoAdmin/src/resources/powercli.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

95
Modules/VMware.vSphere.SsoAdmin/src/test/AuthenticationPolicy.Tests.ps1 Normal file
View File

@@ -0,0 +1,95 @@
<#
Copyright 2021 VMware, Inc.
SPDX-License-Identifier: BSD-2-Clause
#>
param(
[Parameter(Mandatory = $true)]
[string]
$VcAddress,
[Parameter(Mandatory = $true)]
[string]
$User,
[Parameter(Mandatory = $true)]
[string]
$Password
)
# Import Vmware.vSphere.SsoAdmin Module
$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
Import-Module $modulePath
Describe "AuthentcicationPolicy Tests" {
BeforeEach {
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $User `
-Password $Password `
-SkipCertificateCheck
}
AfterEach {
$connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
foreach ($connection in $connectionsToCleanup) {
Disconnect-SsoAdminServer -Server $connection
}
}
Context "Get-SsoAuthenticationPolicy" {
It 'Retrieves Authentication Policy' {
# Act
$actual = Get-SsoAuthenticationPolicy
# Assert
$actual | Should -Not -Be $null
$actual.GetType().FullName | Should -Be 'VMware.vSphere.SsoAdminClient.DataTypes.AuthenticationPolicy'
$actual.PasswordAuthnEnabled | Should -Be $true
}
}
Context "Set-SsoAuthenticationPolicy" {
It 'Updates AuthenticationPolicy enabling and disabling Smart Card authetication' {
# Arrange
$expected = Get-SsoAuthenticationPolicy
# Act
$actual = $expected | Set-SsoAuthenticationPolicy -SmartCardAuthnEnabled $true
# Assert
$actual | Should -Not -Be $null
$actual.GetType().FullName | Should -Be 'VMware.vSphere.SsoAdminClient.DataTypes.AuthenticationPolicy'
$actual.SmartCardAuthnEnabled | Should -Be $true
## Assert other properties are not modified
$actual.PasswordAuthnEnabled | Should -Be $expected.PasswordAuthnEnabled
$actual.WindowsAuthnEnabled | Should -Be $expected.WindowsAuthnEnabled
$actual.CRLCacheSize | Should -Be $expected.CRLCacheSize
$actual.CRLUrl | Should -Be $expected.CRLUrl
$actual.OCSPEnabled | Should -Be $expected.OCSPEnabled
$actual.OCSPResponderSigningCert | Should -Be $expected.OCSPResponderSigningCert
$actual.OCSPUrl | Should -Be $expected.OCSPUrl
$actual.OIDs | Should -Be $expected.OIDs
$actual.SendOCSPNonce | Should -Be $expected.SendOCSPNonce
$actual.TrustedCAs | Should -Be $expected.TrustedCAs
$actual.UseCRLAsFailOver | Should -Be $expected.UseCRLAsFailOver
$actual.UseInCertCRL | Should -Be $expected.UseInCertCRL
# Revert SmartCardAuthnEnabled to $false
$actual = $actual | Set-SsoAuthenticationPolicy -SmartCardAuthnEnabled $false
$actual.SmartCardAuthnEnabled | Should -Be $false
## Assert other properties are not modified
$actual.PasswordAuthnEnabled | Should -Be $expected.PasswordAuthnEnabled
$actual.WindowsAuthnEnabled | Should -Be $expected.WindowsAuthnEnabled
$actual.CRLCacheSize | Should -Be $expected.CRLCacheSize
$actual.CRLUrl | Should -Be $expected.CRLUrl
$actual.OCSPEnabled | Should -Be $expected.OCSPEnabled
$actual.OCSPResponderSigningCert | Should -Be $expected.OCSPResponderSigningCert
$actual.OCSPUrl | Should -Be $expected.OCSPUrl
$actual.OIDs | Should -Be $expected.OIDs
$actual.SendOCSPNonce | Should -Be $expected.SendOCSPNonce
$actual.TrustedCAs | Should -Be $expected.TrustedCAs
$actual.UseCRLAsFailOver | Should -Be $expected.UseCRLAsFailOver
$actual.UseInCertCRL | Should -Be $expected.UseInCertCRL
}
}
}