voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement Get/New/Remove-PersonUser

Browse Source
This commit is contained in:
dmilov
2020-09-29 14:39:30 +03:00
parent bac4cf704c
commit 48df3710fd
8 changed files with 657 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
View File

@@ -34,7 +34,7 @@ RequiredModules = @(
) )
# Functions to export from this module # Functions to export from this module
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer') FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Remove-PersonUser')
# Cmdlets to export from this module # Cmdlets to export from this module
CmdletsToExport = @() CmdletsToExport = @()

352
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
View File

@@ -27,21 +27,45 @@ $PSModule.OnRemove = {
Remove-Module -ModuleInfo $subModule Remove-Module -ModuleInfo $subModule
} }
# Internal helper functions
function HasWildcardSymbols {
param(
[string]
$stringToVerify
)
(-not [string]::IsNullOrEmpty($stringToVerify) -and `
($stringToVerify -match '\*' -or `
$stringToVerify -match '\?'))
}
function RemoveWildcardSymbols {
param(
[string]
$stringToProcess
)
if (-not [string]::IsNullOrEmpty($stringToProcess)) {
$stringToProcess.Replace('*','').Replace('?','')
} else {
[string]::Empty
}
}
# Global variables # Global variables
$global:DefaultSsoAdminServers = New-Object System.Collections.ArrayList $global:DefaultSsoAdminServers = New-Object System.Collections.ArrayList
# Module Advanced Functions Implementation # Module Advanced Functions Implementation
#region Connection Management
function Connect-SsoAdminServer { function Connect-SsoAdminServer {
<# <#
.NOTES .NOTES
=========================================================================== ===========================================================================
Created on: 9/29/2020 Created on: 9/29/2020
Created by: Dimitar Milov Created by: Dimitar Milov
Twitter: @dimitar_milov Twitter: @dimitar_milov
Github: https://github.com/dmilov Github: https://github.com/dmilov
=========================================================================== ===========================================================================
.DESCRIPTION .DESCRIPTION
This function establishes a connection to a vSphere SSO Admin server. This function establishes a connection to a vSphere SSO Admin server.
.PARAMETER Server .PARAMETER Server
@@ -117,21 +141,21 @@ function Connect-SsoAdminServer {
function Disconnect-SsoAdminServer { function Disconnect-SsoAdminServer {
<# <#
.NOTES .NOTES
=========================================================================== ===========================================================================
Created on: 9/29/2020 Created on: 9/29/2020
Created by: Dimitar Milov Created by: Dimitar Milov
Twitter: @dimitar_milov Twitter: @dimitar_milov
Github: https://github.com/dmilov Github: https://github.com/dmilov
=========================================================================== ===========================================================================
.DESCRIPTION .DESCRIPTION
This function closes the connection to a vSphere SSO Admin server. This function closes the connection to a vSphere SSO Admin server.
.PARAMETER Server .PARAMETER Server
Specifies the vSphere SSO Admin systems you want to disconnect from Specifies the vSphere SSO Admin systems you want to disconnect from
.EXAMPLE .EXAMPLE
$mySsoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User myAdmin@vsphere.local -Password MyStrongPa$$w0rd $mySsoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
Disconnect-SsoAdminServer -Server $mySsoAdminConnection Disconnect-SsoAdminServer -Server $mySsoAdminConnection
Disconnect a SSO Admin connection stored in 'mySsoAdminConnection' varaible Disconnect a SSO Admin connection stored in 'mySsoAdminConnection' varaible
@@ -157,3 +181,301 @@ function Disconnect-SsoAdminServer {
} }
} }
} }
#endregion
#region Person User Management
function New-PersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function creates new person user account.
.PARAMETER UserName
Specifies the UserName of the requested person user account.
.PARAMETER Password
Specifies the Password of the requested person user account.
.PARAMETER Description
Specifies the Description of the requested person user account.
.PARAMETER EmailAddress
Specifies the EmailAddress of the requested person user account.
.PARAMETER FirstName
Specifies the FirstName of the requested person user account.
.PARAMETER LastName
Specifies the FirstName of the requested person user account.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
New-PersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
Creates person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd'
.EXAMPLE
New-PersonUser -User myAdmin -Password 'MyStrongPa$$w0rd' -EmailAddress 'myAdmin@mydomain.com' -FirstName 'My' -LastName 'Admin'
Creates person user account with user name 'myAdmin', password 'MyStrongPa$$w0rd', and details against connections available in 'DefaultSsoAdminServers'
#>
[CmdletBinding(ConfirmImpact='Low')]
param(
[Parameter(
Mandatory=$true,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='User name of the new person user account')]
[string]
$UserName,
[Parameter(
Mandatory=$true,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Password of the new person user account')]
[string]
$Password,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Description of the new person user account')]
[string]
$Description,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='EmailAddress of the new person user account')]
[string]
$EmailAddress,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='FirstName of the new person user account')]
[string]
$FirstName,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='LastName of the new person user account')]
[string]
$LastName,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
# Output is the result of 'CreateLocalUser'
$connection.Client.CreateLocalUser(
$UserName,
$Password,
$Description,
$EmailAddress,
$FirstName,
$LastName
)
}
}
}
function Get-PersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function gets new person user account.
.PARAMETER Name
Specifies Name to filter on when searching for person user accounts.
.PARAMETER Domain
Specifies the Domain in which search will be applied, default is 'localos'.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Get-PersonUser -Name admin -Domain vsphere.local
Gets person user accounts which contain name 'admin' in 'vsphere.local' domain
#>
[CmdletBinding()]
param(
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Name filter to be applied when searching for person user accounts')]
[string]
$Name,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Domain name to search in, default is "localos"')]
[string]
$Domain = 'localos',
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers
if ($Server -ne $null) {
$serversToProcess = $Server
}
if ($Name -eq $null) {
$Name = [string]::Empty
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
foreach ($personUser in $connection.Client.GetLocalUsers(
(RemoveWildcardSymbols $Name),
$Domain)) {
if ([string]::IsNullOrEmpty($Name) ) {
Write-Output $personUser
} else {
# Apply Name filtering
if ((HasWildcardSymbols $Name) -and `
$personUser.Name -like $Name) {
Write-Output $personUser
} elseif ($personUser.Name -eq $Name) {
# Exactly equal
Write-Output $personUser
}
}
}
}
}
}
function Remove-PersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
This function removes existing person user account.
Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
If you specify PersonUser and on the server there is user with same Id it will be deleted.
.PARAMETER User
Specifies the PersonUser instance to remove.
Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
If you specify PersonUser and on the server there is user with same Id it will be deleted.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
$ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
$myNewPersonUser = New-PersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
Remove-PersonUser -User $myNewPersonUser -Server $ssoAdminConnection
Remove person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd'
.EXAMPLE
New-PersonUser -User myAdmin -Password 'MyStrongPa$$w0rd' -EmailAddress 'myAdmin@mydomain.com' -FirstName 'My' -LastName 'Admin'
Creates person user account with user name 'myAdmin', password 'MyStrongPa$$w0rd', and details against connections available in 'DefaultSsoAdminServers'
#>
[CmdletBinding(ConfirmImpact='High')]
param(
[Parameter(
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Person User instance you want to remove from specified servers')]
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
$User,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
$connection.Client.DeleteLocalUser($User)
}
}
}
#endregion

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

1
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs
View File

@@ -49,6 +49,7 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
public string User => _client?.User; public string User => _client?.User;
public string Id { get; set; } public string Id { get; set; }
public bool IsConnected => _client != null; public bool IsConnected => _client != null;
public SsoAdminClient Client => _client;
public void Disconnect() { public void Disconnect() {
_client = null; _client = null;

1
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
View File

@@ -10,6 +10,7 @@ using System.ServiceModel;
using System.ServiceModel.Channels; using System.ServiceModel.Channels;
using System.ServiceModel.Security; using System.ServiceModel.Security;
using System.Text; using System.Text;
using System.Text.RegularExpressions;
using VMware.Binding.WsTrust; using VMware.Binding.WsTrust;
using VMware.Binding.WsTrust.SecurityContext; using VMware.Binding.WsTrust.SecurityContext;
using VMware.vSphere.LsClient; using VMware.vSphere.LsClient;

1
Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1
View File

@@ -41,6 +41,7 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
$actual | Should Not Be $null $actual | Should Not Be $null
$actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' $actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer'
$actual.IsConnected | Should Be $true $actual.IsConnected | Should Be $true
$actual.Name | Should Be $VcAddress
$global:DefaultSsoAdminServers | Should Contain $actual $global:DefaultSsoAdminServers | Should Contain $actual
} }

297
Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 Normal file
View File

@@ -0,0 +1,297 @@
#**************************************************************************
# Copyright (c) VMware, Inc. All rights reserved.
#**************************************************************************
param(
[Parameter(Mandatory = $true)]
[string]
$VcAddress,
[Parameter(Mandatory = $true)]
[string]
$VcUser,
[Parameter(Mandatory = $true)]
[string]
$VcUserPassword
)
# Import Vmware.vSphere.SsoAdmin Module
$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
Import-Module $modulePath
Describe "New-PersonUser, Remove-PersonUser Tests" {
BeforeEach {
$script:usersToCleanup = @()
}
AfterEach {
foreach ($user in $script:usersToCleanup) {
Remove-PersonUser -User $user
}
$connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
foreach ($connection in $connectionsToCleanup) {
Disconnect-SsoAdminServer -Server $connection
}
}
Context "New-PersonUser" {
It 'Creates person user with details' {
# Arrange
$expectedUserName = "TestPersonUser1"
$expectedPassword = '$tr0NG_TestPa$$w0rd'
$expectedDescription = "Test Description"
$expectedEmailAddress = "testuser@testdomain.com"
$expectedFirstName = "Test"
$expectedLastName = "User"
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
# Act
$actual = New-PersonUser `
-Server $connection `
-UserName $expectedUserName `
-Password $expectedPassword `
-Description $expectedDescription `
-EmailAddress $expectedEmailAddress `
-FirstName $expectedFirstName `
-LastName $expectedLastName
$script:usersToCleanup += $actual
# Assert
$actual | Should Not Be $null
$actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.PersonUser'
$actual.Name | Should Be $expectedUserName
$actual.Domain | Should Not Be $null
$actual.Description | Should Be $expectedDescription
$actual.FirstName | Should Be $expectedFirstName
$actual.LastName | Should Be $expectedLastName
$actual.EmailAddress | Should Be $expectedEmailAddress
}
It 'Creates person user without details' {
# Arrange
$expectedUserName = "TestPersonUser2"
$expectedPassword = '$tr0NG_TestPa$$w0rd'
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
# Act
$actual = New-PersonUser `
-Server $connection `
-UserName $expectedUserName `
-Password $expectedPassword
$script:usersToCleanup += $actual
# Assert
$actual | Should Not Be $null
$actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.PersonUser'
$actual.Name | Should Be $expectedUserName
$actual.Domain | Should Not Be $null
$actual.Description | Should Be $null
$actual.FirstName | Should Be $null
$actual.LastName | Should Be $null
$actual.EmailAddress | Should Be $null
}
It 'Try create person against disconnected server' {
}
}
Context "Get-PersonUser" {
It 'Gets person users without filters' {
# Arrange
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
# Act
$actual = Get-PersonUser
# Assert
$actual | Should Not Be $null
$actual.Count | Should BeGreaterThan 0
$actual[0].Name | Should Not Be $null
$actual[0].Domain | Should Be 'localos'
}
It 'Gets person users by name (exact match) and domain filters' {
# Arrange
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
$expectedUserName = "TestPersonUser3"
$secondUserName = "TestPersonUser4"
$password = '$tr0NG_TestPa$$w0rd'
$personUserToSearch = New-PersonUser `
-UserName $expectedUserName `
-Password $password `
-Server $connection
$script:usersToCleanup += $personUserToSearch
$secondPersonUserToSearch = New-PersonUser `
-UserName $secondUserName `
-Password $password `
-Server $connection
$script:usersToCleanup += $secondPersonUserToSearch
# Act
$actual = Get-PersonUser `
-Name $expectedUserName `
-Domain $personUserToSearch.Domain `
-Server $connection
# Assert
$actual | Should Not Be $null
$actual.Name | Should Be $expectedUserName
$actual.Domain | Should Not Be $null
$actual.Domain | Should Be $personUserToSearch.Domain
}
It 'Gets person users by name (* wildcard match) and domain filters' {
# Arrange
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
$expectedUserName = "TestPersonUser3"
$secondUserName = "TestPersonUser4"
$password = '$tr0NG_TestPa$$w0rd'
$personUserToSearch = New-PersonUser `
-UserName $expectedUserName `
-Password $password `
-Server $connection
$script:usersToCleanup += $personUserToSearch
$secondPersonUserToSearch = New-PersonUser `
-UserName $secondUserName `
-Password $password `
-Server $connection
$script:usersToCleanup += $secondPersonUserToSearch
# Act
$actual = Get-PersonUser `
-Name "Test*" `
-Domain $personUserToSearch.Domain `
-Server $connection
# Assert
$actual | Should Not Be $null
$actual.Count | Should Be 2
$actual.Name | Should Contain $expectedUserName
$actual.Name | Should Contain $secondUserName
}
It 'Gets person users by name (? wildcard match) and domain filters' {
# Arrange
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
$expectedUserName = "TestPersonUser3"
$secondUserName = "TestPersonUser4"
$password = '$tr0NG_TestPa$$w0rd'
$personUserToSearch = New-PersonUser `
-UserName $expectedUserName `
-Password $password `
-Server $connection
$script:usersToCleanup += $personUserToSearch
$secondPersonUserToSearch = New-PersonUser `
-UserName $secondUserName `
-Password $password `
-Server $connection
$script:usersToCleanup += $secondPersonUserToSearch
# Act
$actual = Get-PersonUser `
-Name "TestPersonUser?" `
-Domain $personUserToSearch.Domain `
-Server $connection
# Assert
$actual | Should Not Be $null
$actual.Count | Should Be 2
$actual.Name | Should Contain $expectedUserName
$actual.Name | Should Contain $secondUserName
}
It 'Gets person users by unexisting name does not return' {
# Arrange
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
$expectedUserName = "TestPersonUser3"
$password = '$tr0NG_TestPa$$w0rd'
$personUserToSearch = New-PersonUser `
-UserName $expectedUserName `
-Password $password `
-Server $connection
$script:usersToCleanup += $personUserToSearch
# Act
$actual = Get-PersonUser `
-Name "TestPersonUser" `
-Domain $personUserToSearch.Domain `
-Server $connection
# Assert
$actual | Should Be $null
}
}
Context "Remove-PersonUser" {
It 'Removes person user' {
# Arrange
$userName = "TestPersonUser4"
$password = '$tr0NG_TestPa$$w0rd'
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $VcUser `
-Password $VcUserPassword `
-SkipCertificateCheck
$personUserToRemove = New-PersonUser `
-UserName $userName `
-Password $password `
-Server $connection
# Act
Remove-PersonUser -User $personUserToRemove -Server $connection
# Assert
$personUserToRemove | Should Not Be $null
$userFromServer = Get-PersonUser `
-Name $personUserToRemove.Name `
-Domain $personUserToRemove.Domain `
-Server $connection
$userFromServer | Should Be $null
}
}
}