Implement Get/Set-LockoutPolicy cmdlets

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1

@@ -34,7 +34,7 @@ RequiredModules = @(
 )
 
 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy', 'Get-LockoutPolicy', 'Set-LockoutPolicy')
 
 # Cmdlets to export from this module
 CmdletsToExport = @()

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1

@@ -941,3 +941,155 @@ function Set-PasswordPolicy {
    }
 }
 #endregion
+
+#region LockoutPolicy cmdlets
+function Get-LockoutPolicy {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	9/30/2020
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function gets lockout policy.
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+   .EXAMPLE
+   Get-LockoutPolicy
+
+   Gets lockout policy for the server connections available in $global:defaultSsoAdminServers
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+   Process {
+      $serversToProcess = $global:DefaultSsoAdminServers
+      if ($Server -ne $null) {
+         $serversToProcess = $Server
+      }
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.GetLockoutPolicy();
+      }
+   }
+}
+
+function Set-LockoutPolicy {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	9/30/2020
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function updates lockout policy settings.
+
+   .PARAMETER LockoutPolicy
+   Specifies the LockoutPolicy instance which will be used as original policy. If some properties are not specified they will be updated with the properties from this object.
+
+   .PARAMETER Description
+
+   .PARAMETER AutoUnlockIntervalSec
+
+   .PARAMETER FailedAttemptIntervalSec
+
+   .PARAMETER MaxFailedAttempts
+
+   .EXAMPLE
+   Get-LockoutPolicy | Set-LockoutPolicy -AutoUnlockIntervalSec 15 -MaxFailedAttempts 4
+
+   Updates lockout policy auto unlock interval seconds and maximum failed attempts
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$true,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='LockoutPolicy instance you want to update')]
+   [VMware.vSphere.SsoAdminClient.DataTypes.LockoutPolicy]
+   $LockoutPolicy,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='LockoutPolicy description')]
+   [string]
+   $Description,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int64]]
+   $AutoUnlockIntervalSec,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int64]]
+   $FailedAttemptIntervalSec,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MaxFailedAttempts)
+
+   Process {
+
+      foreach ($lp in $LockoutPolicy) {
+
+         $ssoAdminClient = $lp.GetClient()
+         if ((-not $ssoAdminClient)) {
+            Write-Error "Object '$lp' is from disconnected server"
+            continue
+         }
+
+         if ([string]::IsNullOrEmpty($Description)) {
+            $Description = $lp.Description
+         }
+
+         if ($AutoUnlockIntervalSec -eq $null) {
+            $AutoUnlockIntervalSec = $lp.AutoUnlockIntervalSec
+         }
+
+         if ($FailedAttemptIntervalSec -eq $null) {
+            $FailedAttemptIntervalSec = $lp.FailedAttemptIntervalSec
+         }
+
+         if ($MaxFailedAttempts -eq $null) {
+            $MaxFailedAttempts = $lp.MaxFailedAttempts
+         }
+
+         $ssoAdminClient.SetLockoutPolicy(
+           $Description,
+           $AutoUnlockIntervalSec,
+           $FailedAttemptIntervalSec,
+           $MaxFailedAttempts);
+      }
+   }
+}
+#endregion

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs

@@ -10,7 +10,7 @@ namespace VMware.vSphere.SsoAdminClient.Tests
    {
       private string _vc = "<vc>";
       private string _user = "<user>";
-      private string _rawPassword = "<password>";
+      private string _rawPassword = "<password";
       private SecureString _password;
       [SetUp]
       public void Setup() {
@@ -216,5 +216,50 @@ namespace VMware.vSphere.SsoAdminClient.Tests
             minLowercaseCount: originalPasswordPolicy.MinLowercaseCount,
             passwordLifetimeDays: originalPasswordPolicy.PasswordLifetimeDays);
       }
+
+      [Test]
+      public void GetLockoutPolicy() {
+         // Arrange
+         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
+
+         // Act
+         var actual = ssoAdminClient.GetLockoutPolicy();
+
+         // Assert
+         Assert.NotNull(actual);
+      }
+
+      [Test]
+      public void SetLockoutPolicy() {
+         // Arrange
+         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
+         var originalLockoutPolicy = ssoAdminClient.GetLockoutPolicy();
+         var expectedDescription = "TestDescription";
+         var expectedAutoUnlockIntervalSec = 20;
+         var expectedFailedAttemptIntervalSec = 30;
+         var expectedMaxFailedAttempts = 5;
+
+         // Act
+         var actual = ssoAdminClient.SetLockoutPolicy(
+            expectedDescription,
+            expectedAutoUnlockIntervalSec,
+            expectedFailedAttemptIntervalSec,
+            expectedMaxFailedAttempts);
+
+         // Assert
+         Assert.NotNull(actual);
+         Assert.AreEqual(expectedDescription, actual.Description);
+         Assert.AreEqual(expectedAutoUnlockIntervalSec, actual.AutoUnlockIntervalSec);
+         Assert.AreEqual(expectedFailedAttemptIntervalSec, actual.FailedAttemptIntervalSec);
+         Assert.AreEqual(expectedMaxFailedAttempts, actual.MaxFailedAttempts);
+
+         // Cleanup
+         ssoAdminClient.SetLockoutPolicy(
+            originalLockoutPolicy.Description,
+            originalLockoutPolicy.AutoUnlockIntervalSec,
+            originalLockoutPolicy.FailedAttemptIntervalSec,
+            originalLockoutPolicy.MaxFailedAttempts       
+            );
+      }
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/LockoutPolicy.cs

@@ -0,0 +1,30 @@
+// **************************************************************************
+//  Copyright (c) VMware, Inc.  All rights reserved. -- VMware Confidential.
+// **************************************************************************
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.ServiceModel.Security;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace VMware.vSphere.SsoAdminClient.DataTypes
+{
+   public class LockoutPolicy
+   {
+      SsoAdminClient _client;
+      public LockoutPolicy(SsoAdminClient client) {
+         _client = client;
+      }
+
+      public SsoAdminClient GetClient() {
+         return _client;
+      }
+
+      public string Description { get; set; }
+      public long AutoUnlockIntervalSec { get; set; }
+      public long FailedAttemptIntervalSec { get; set; }
+      public int MaxFailedAttempts { get; set; }
+   }
+}

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs

@@ -483,6 +483,79 @@ namespace VMware.vSphere.SsoAdminClient
 
          return GetPasswordPolicy();         
       }
+
+      public LockoutPolicy GetLockoutPolicy() {
+         LockoutPolicy result = null;
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin GetLockoutPolicyAsync operation
+         var ssoAdminLockoutPolicy = authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.GetLockoutPolicyAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminLockoutPolicyService",
+                     Value = "lockoutPolicyService"
+                  })).Result;
+
+         if (ssoAdminLockoutPolicy != null) {
+            result = new LockoutPolicy(this) {               
+               Description = ssoAdminLockoutPolicy.description,
+               AutoUnlockIntervalSec = ssoAdminLockoutPolicy.autoUnlockIntervalSec,
+               FailedAttemptIntervalSec = ssoAdminLockoutPolicy.failedAttemptIntervalSec,
+               MaxFailedAttempts = ssoAdminLockoutPolicy.maxFailedAttempts
+            };
+         }
+
+         return result;
+      }
+
+      public LockoutPolicy SetLockoutPolicy(
+         string description,
+         long? autoUnlockIntervalSec,
+         long? failedAttemptIntervalSec,
+         int? maxFailedAttempts) {
+
+         if (description != null ||
+            autoUnlockIntervalSec != null ||
+            failedAttemptIntervalSec != null ||
+            maxFailedAttempts != null) {
+
+            var ssoAdminLockoutPolicy = new SsoAdminLockoutPolicy();
+
+            ssoAdminLockoutPolicy.description = description;
+
+            if (autoUnlockIntervalSec != null) {
+               ssoAdminLockoutPolicy.autoUnlockIntervalSec = autoUnlockIntervalSec.Value;
+            }
+
+            if (failedAttemptIntervalSec != null) {
+               ssoAdminLockoutPolicy.failedAttemptIntervalSec = failedAttemptIntervalSec.Value;
+            }
+
+            if (maxFailedAttempts != null) {
+               ssoAdminLockoutPolicy.maxFailedAttempts = maxFailedAttempts.Value;
+            }
+
+            // Create Authorization Invocation Context
+            var authorizedInvocationContext =
+               CreateAuthorizedInvocationContext();
+
+            // Invoke SSO Admin GetLockoutPolicyAsync operation
+            authorizedInvocationContext.
+               InvokeOperation(() =>
+                  _ssoAdminBindingClient.UpdateLockoutPolicyAsync(
+                     new ManagedObjectReference {
+                        type = "SsoAdminLockoutPolicyService",
+                        Value = "lockoutPolicyService"
+                     },
+                     ssoAdminLockoutPolicy)).Wait();
+
+         }         
+
+         return GetLockoutPolicy();
+      }
       #endregion
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/test/LockoutPolicy.Tests.ps1

@@ -0,0 +1,73 @@
+#**************************************************************************
+# Copyright (c) VMware, Inc. All rights reserved.
+#**************************************************************************
+
+param(
+    [Parameter(Mandatory = $true)]
+    [string]
+    $VcAddress,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $User,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $Password
+)
+
+# Import Vmware.vSphere.SsoAdmin Module
+$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
+Import-Module $modulePath
+
+Describe "LockoutPolicy Tests" {
+   BeforeEach {
+      Connect-SsoAdminServer `
+         -Server $VcAddress `
+         -User $User `
+         -Password $Password `
+         -SkipCertificateCheck
+   }
+
+   AfterEach {
+      $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
+      foreach ($connection in $connectionsToCleanup) {
+         Disconnect-SsoAdminServer -Server $connection
+      }
+   }
+
+   Context "Get-LockoutPolicy" {
+      It 'Gets lockout policy' {
+         # Act
+         $actual = Get-LockoutPolicy
+
+         # Assert
+         $actual | Should Not Be $null
+      }
+   }
+
+   Context "Set-LockoutPolicy" {
+      It 'Updates lockout policy AutoUnlockIntervalSec and MaxFailedAttempts' {
+         # Arrange
+         $lockoutPolicyToUpdate = Get-LockoutPolicy
+         $expectedAutoUnlockIntervalSec = 33
+         $expectedMaxFailedAttempts = 7
+
+         # Act
+         $actual = Set-LockoutPolicy `
+            -LockoutPolicy $lockoutPolicyToUpdate `
+            -AutoUnlockIntervalSec $expectedAutoUnlockIntervalSec `
+            -MaxFailedAttempts $expectedMaxFailedAttempts
+
+         # Assert
+         $actual | Should Not Be $null
+         $actual.AutoUnlockIntervalSec | Should Be $expectedAutoUnlockIntervalSec
+         $actual.MaxFailedAttempts | Should Be $expectedMaxFailedAttempts
+         $actual.FailedAttemptIntervalSec | Should Be $lockoutPolicyToUpdate.FailedAttemptIntervalSec
+         $actual.Description | Should Be $lockoutPolicyToUpdate.Description
+
+         # Cleanup
+         $lockoutPolicyToUpdate | Set-LockoutPolicy
+      }
+   }
+}