voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement Get/Set-LockoutPolicy cmdlets

Browse Source
This commit is contained in:
dmilov
2020-09-30 13:48:01 +03:00
parent 88648e2db2
commit 5abdbe9702
8 changed files with 375 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
View File

@@ -10,7 +10,7 @@ namespace VMware.vSphere.SsoAdminClient.Tests
{
private string _vc = "<vc>";
private string _user = "<user>";
private string _rawPassword = "<password>";
private string _rawPassword = "<password";
private SecureString _password;
[SetUp]
public void Setup() {
@@ -216,5 +216,50 @@ namespace VMware.vSphere.SsoAdminClient.Tests
minLowercaseCount: originalPasswordPolicy.MinLowercaseCount,
passwordLifetimeDays: originalPasswordPolicy.PasswordLifetimeDays);
}
[Test]
public void GetLockoutPolicy() {
// Arrange
var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
// Act
var actual = ssoAdminClient.GetLockoutPolicy();
// Assert
Assert.NotNull(actual);
}
[Test]
public void SetLockoutPolicy() {
// Arrange
var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
var originalLockoutPolicy = ssoAdminClient.GetLockoutPolicy();
var expectedDescription = "TestDescription";
var expectedAutoUnlockIntervalSec = 20;
var expectedFailedAttemptIntervalSec = 30;
var expectedMaxFailedAttempts = 5;
// Act
var actual = ssoAdminClient.SetLockoutPolicy(
expectedDescription,
expectedAutoUnlockIntervalSec,
expectedFailedAttemptIntervalSec,
expectedMaxFailedAttempts);
// Assert
Assert.NotNull(actual);
Assert.AreEqual(expectedDescription, actual.Description);
Assert.AreEqual(expectedAutoUnlockIntervalSec, actual.AutoUnlockIntervalSec);
Assert.AreEqual(expectedFailedAttemptIntervalSec, actual.FailedAttemptIntervalSec);
Assert.AreEqual(expectedMaxFailedAttempts, actual.MaxFailedAttempts);
// Cleanup
ssoAdminClient.SetLockoutPolicy(
originalLockoutPolicy.Description,
originalLockoutPolicy.AutoUnlockIntervalSec,
originalLockoutPolicy.FailedAttemptIntervalSec,
originalLockoutPolicy.MaxFailedAttempts
);
}
}
}

30
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/LockoutPolicy.cs Normal file
View File

@@ -0,0 +1,30 @@
// **************************************************************************
// Copyright (c) VMware, Inc. All rights reserved. -- VMware Confidential.
// **************************************************************************
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Security;
using System.Text;
using System.Threading.Tasks;
namespace VMware.vSphere.SsoAdminClient.DataTypes
{
public class LockoutPolicy
{
SsoAdminClient _client;
public LockoutPolicy(SsoAdminClient client) {
_client = client;
}
public SsoAdminClient GetClient() {
return _client;
}
public string Description { get; set; }
public long AutoUnlockIntervalSec { get; set; }
public long FailedAttemptIntervalSec { get; set; }
public int MaxFailedAttempts { get; set; }
}
}

73
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
View File

@@ -483,6 +483,79 @@ namespace VMware.vSphere.SsoAdminClient
return GetPasswordPolicy();
}
public LockoutPolicy GetLockoutPolicy() {
LockoutPolicy result = null;
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin GetLockoutPolicyAsync operation
var ssoAdminLockoutPolicy = authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.GetLockoutPolicyAsync(
new ManagedObjectReference {
type = "SsoAdminLockoutPolicyService",
Value = "lockoutPolicyService"
})).Result;
if (ssoAdminLockoutPolicy != null) {
result = new LockoutPolicy(this) {
Description = ssoAdminLockoutPolicy.description,
AutoUnlockIntervalSec = ssoAdminLockoutPolicy.autoUnlockIntervalSec,
FailedAttemptIntervalSec = ssoAdminLockoutPolicy.failedAttemptIntervalSec,
MaxFailedAttempts = ssoAdminLockoutPolicy.maxFailedAttempts
};
}
return result;
}
public LockoutPolicy SetLockoutPolicy(
string description,
long? autoUnlockIntervalSec,
long? failedAttemptIntervalSec,
int? maxFailedAttempts) {
if (description != null ||
autoUnlockIntervalSec != null ||
failedAttemptIntervalSec != null ||
maxFailedAttempts != null) {
var ssoAdminLockoutPolicy = new SsoAdminLockoutPolicy();
ssoAdminLockoutPolicy.description = description;
if (autoUnlockIntervalSec != null) {
ssoAdminLockoutPolicy.autoUnlockIntervalSec = autoUnlockIntervalSec.Value;
}
if (failedAttemptIntervalSec != null) {
ssoAdminLockoutPolicy.failedAttemptIntervalSec = failedAttemptIntervalSec.Value;
}
if (maxFailedAttempts != null) {
ssoAdminLockoutPolicy.maxFailedAttempts = maxFailedAttempts.Value;
}
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin GetLockoutPolicyAsync operation
authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.UpdateLockoutPolicyAsync(
new ManagedObjectReference {
type = "SsoAdminLockoutPolicyService",
Value = "lockoutPolicyService"
},
ssoAdminLockoutPolicy)).Wait();
}
return GetLockoutPolicy();
}
#endregion
}
}

73
Modules/VMware.vSphere.SsoAdmin/src/test/LockoutPolicy.Tests.ps1 Normal file
View File

@@ -0,0 +1,73 @@
#**************************************************************************
# Copyright (c) VMware, Inc. All rights reserved.
#**************************************************************************
param(
[Parameter(Mandatory = $true)]
[string]
$VcAddress,
[Parameter(Mandatory = $true)]
[string]
$User,
[Parameter(Mandatory = $true)]
[string]
$Password
)
# Import Vmware.vSphere.SsoAdmin Module
$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
Import-Module $modulePath
Describe "LockoutPolicy Tests" {
BeforeEach {
Connect-SsoAdminServer `
-Server $VcAddress `
-User $User `
-Password $Password `
-SkipCertificateCheck
}
AfterEach {
$connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
foreach ($connection in $connectionsToCleanup) {
Disconnect-SsoAdminServer -Server $connection
}
}
Context "Get-LockoutPolicy" {
It 'Gets lockout policy' {
# Act
$actual = Get-LockoutPolicy
# Assert
$actual | Should Not Be $null
}
}
Context "Set-LockoutPolicy" {
It 'Updates lockout policy AutoUnlockIntervalSec and MaxFailedAttempts' {
# Arrange
$lockoutPolicyToUpdate = Get-LockoutPolicy
$expectedAutoUnlockIntervalSec = 33
$expectedMaxFailedAttempts = 7
# Act
$actual = Set-LockoutPolicy `
-LockoutPolicy $lockoutPolicyToUpdate `
-AutoUnlockIntervalSec $expectedAutoUnlockIntervalSec `
-MaxFailedAttempts $expectedMaxFailedAttempts
# Assert
$actual | Should Not Be $null
$actual.AutoUnlockIntervalSec | Should Be $expectedAutoUnlockIntervalSec
$actual.MaxFailedAttempts | Should Be $expectedMaxFailedAttempts
$actual.FailedAttemptIntervalSec | Should Be $lockoutPolicyToUpdate.FailedAttemptIntervalSec
$actual.Description | Should Be $lockoutPolicyToUpdate.Description
# Cleanup
$lockoutPolicyToUpdate | Set-LockoutPolicy
}
}
}