diff --git a/Modules/VMware.vSphere.SsoAdmin/Group.ps1 b/Modules/VMware.vSphere.SsoAdmin/Group.ps1 index 2348a52..6f04d33 100644 --- a/Modules/VMware.vSphere.SsoAdmin/Group.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/Group.ps1 @@ -264,6 +264,7 @@ function Remove-SsoGroup { Twitter: @dimitar_milov Github: https://github.com/dmilov =========================================================================== + .DESCRIPTION This function removes existing local group. @@ -305,8 +306,302 @@ function Remove-SsoGroup { } } -function Add-PrincipalToSsoGroup { +function Add-GroupToSsoGroup { + <# + .NOTES + =========================================================================== + Created on: 5/26/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + + + .SYNOPSIS + Adds a group to another group + + .DESCRIPTION + Adds the specified group on $Group parameter to target group specified on $TargetGroup parameter + + .PARAMETER Group + A Group instance to be added to the $TargetGroup + + .PARAMETER TargetGroup + A target group to which the $Group will be added. + + .EXAMPLE + $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + Get-SsoGroup -Name 'TestGroup' -Domain 'MyDomain' | Add-GroupToSsoGroup -TargetGroup $administratosGroup + + Adds 'TestGroup' from 'MyDomain' domain to vsphere.local Administrators group. + #> + [CmdletBinding(ConfirmImpact = 'Medium')] + param( + [Parameter( + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'SsoGroup instance you want to add to the target group')] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $Group, + + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Target SsoGroup instance where the $Group wtill be added')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $TargetGroup) + + Process { + try { + foreach ($g in $Group) { + $ssoAdminClient = $g.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$g' is from disconnected server" + continue + } + + if ($g.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) { + Write-Error "Group '$g' is not from the same server as the target group" + continue + } + + $result = $ssoAdminClient.AddGroupToGroup($g, $TargetGroup) + if (-not $result) { + Write-Error "Group '$g' was not added to the target group. The Server operation result doesn't indicate success" + continue + } + } + } + catch { + Write-Error (FormatError $_.Exception) + } + } } -function Remove-PrincipalFromSsoGroup { +function Remove-GroupFromSsoGroup { + <# + .NOTES + =========================================================================== + Created on: 5/26/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + + + .SYNOPSIS + Removes a group to another group + + .DESCRIPTION + Removes the specified group on $Group parameter from target group specified on $TargetGroup parameter + + .PARAMETER Group + A Group instance to be removed from the $TargetGroup + + .PARAMETER TargetGroup + A target group from which the $Group will be removed. + + .EXAMPLE + $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + Get-SsoGroup -Name 'TestGroup' -Domain 'MyDomain' | Remove-GroupFromSsoGroup -TargetGroup $administratosGroup + + Removes 'TestGroup' from 'MyDomain' domain from vsphere.local Administrators group. + #> + [CmdletBinding(ConfirmImpact = 'Medium')] + param( + [Parameter( + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'SsoGroup instance you want to remove from the target group')] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $Group, + + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Target SsoGroup instance from which the $Group wtill be removed')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $TargetGroup) + + Process { + try { + foreach ($g in $Group) { + $ssoAdminClient = $g.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$g' is from disconnected server" + continue + } + + if ($g.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) { + Write-Error "Group '$g' is not from the same server as the target group" + continue + } + + $result = $ssoAdminClient.RemoveGroupFromGroup($g, $TargetGroup) + if (-not $result) { + Write-Error "Group '$g' was not removed to the target group. The Server operation result doesn't indicate success" + continue + } + } + } + catch { + Write-Error (FormatError $_.Exception) + } + } +} + +function Add-UserToSsoGroup { + <# + .NOTES + =========================================================================== + Created on: 5/26/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + + + .SYNOPSIS + Adds an user to a group + + .DESCRIPTION + Adds the user on $User parameter to target group specified on $TargetGroup parameter + + .PARAMETER User + A PersonUser instance to be added to the $TargetGroup + + .PARAMETER TargetGroup + A target group to which the $User will be added. + + .EXAMPLE + $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + Get-SsoPersonUser -Name 'TestUser' -Domain 'MyDomain' | Add-UserToSsoGroup -TargetGroup $administratosGroup + + Adds 'TestUser' from 'MyDomain' domain to vsphere.local Administrators group. + #> + [CmdletBinding(ConfirmImpact = 'Medium')] + param( + [Parameter( + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'PersonUser instance you want to add to the target group')] + [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser] + $User, + + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Target SsoGroup instance where the $Group wtill be added')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $TargetGroup) + + Process { + try { + foreach ($u in $User) { + $ssoAdminClient = $u.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$u' is from disconnected server" + continue + } + + if ($u.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) { + Write-Error "User '$u' is not from the same server as the target group" + continue + } + + $result = $ssoAdminClient.AddPersonUserToGroup($u, $TargetGroup) + if (-not $result) { + Write-Error "User '$u' was not added to the target group. The Server operation result doesn't indicate success" + continue + } + } + } + catch { + Write-Error (FormatError $_.Exception) + } + } +} + +function Remove-UserFromSsoGroup { + <# + .NOTES + =========================================================================== + Created on: 5/26/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + + + .SYNOPSIS + Removes a person user from group + + .DESCRIPTION + Removes the specified person user on $User parameter from target group specified on $TargetGroup parameter + + .PARAMETER User + A PersonUser instance to be removed from the $TargetGroup + + .PARAMETER TargetGroup + A target group from which the $User will be removed. + + .EXAMPLE + $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + Get-SsoPersonUser -Name 'TestUser' -Domain 'MyDomain' | Remove-UserFromSsoGroup -TargetGroup $administratosGroup + + Removes 'TestUser' from 'MyDomain' domain from vsphere.local Administrators group. + #> + [CmdletBinding(ConfirmImpact = 'Medium')] + param( + [Parameter( + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'PersonUser instance you want to remove from the target group')] + [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser] + $User, + + [Parameter( + Mandatory = $true, + ValueFromPipeline = $false, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Target SsoGroup instance from which the $User wtill be removed')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $TargetGroup) + + Process { + try { + foreach ($u in $User) { + $ssoAdminClient = $u.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$u' is from disconnected server" + continue + } + + if ($u.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) { + Write-Error "User '$u' is not from the same server as the target group" + continue + } + + $result = $ssoAdminClient.RemovePersonUserFromGroup($u, $TargetGroup) + if (-not $result) { + Write-Error "User '$u' was not removed to the target group. The Server operation result doesn't indicate success" + continue + } + } + } + catch { + Write-Error (FormatError $_.Exception) + } + } } diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index 1d83b2f..096afa3 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -37,7 +37,7 @@ RequiredModules = @( FunctionsToExport = @( 'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Set-SsoSelfPersonUserPassword' - 'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup', 'Add-PrincipalToSsoGroup', 'Remove-PrincipalFromSsoGroup' + 'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup', 'Add-GroupToSsoGroup', 'Remove-GroupFromSsoGroup', 'Add-UserToSsoGroup', 'Remove-UserFromSsoGroup' 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll index 97e1748..e686b49 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 4c0a426..04f65e3 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll index 4266670..1e8a71e 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll index 9c2c9c6..864158a 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index eb64fe2..3e1f40c 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -487,6 +487,29 @@ namespace VMware.vSphere.SsoAdminClient group.Name)).Result; } + public bool AddGroupToGroup(DataTypes.Group groupToAdd, DataTypes.Group destinationGroup) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin AddGroupToLocalGroupAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.AddGroupToLocalGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId + { + name = groupToAdd.Name, + domain = groupToAdd.Domain + }, + destinationGroup.Name)).Result; + } + public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) { // Create Authorization Invocation Context @@ -510,6 +533,29 @@ namespace VMware.vSphere.SsoAdminClient group.Name)).Result; } + public bool RemoveGroupFromGroup(DataTypes.Group groupToRemove, DataTypes.Group group) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin RemoveFromLocalGroupAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.RemoveFromLocalGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId + { + name = groupToRemove.Name, + domain = groupToRemove.Domain + }, + group.Name)).Result; + } + public void ResetPersonUserPassword(PersonUser user, string newPassword) { // Create Authorization Invocation Context diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 index 80ee7dc..29b5d3c 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 @@ -29,6 +29,7 @@ Describe "SsoGroup Tests" { -SkipCertificateCheck $script:testGroupsToDelete = @() + $script:testUsersToDelete = @() } AfterEach { @@ -37,6 +38,10 @@ Describe "SsoGroup Tests" { Remove-SsoGroup -Group $group } + foreach ($user in $script:testUsersToDelete) { + Remove-SsoPersonUser -User $user + } + $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() foreach ($connection in $connectionsToCleanup) { Disconnect-SsoAdminServer -Server $connection @@ -106,7 +111,7 @@ Describe "SsoGroup Tests" { $actual = New-SsoGroup -Name $expectedName -Description $expectedDescription # Assert - $actual | Should -Not -Be $ + $actual | Should -Not -Be $null $script:testGroupsToDelete += $actual $actual.Name | Should -Be $expectedName $actual.Domain | Should -Be 'vsphere.local' @@ -144,4 +149,74 @@ Describe "SsoGroup Tests" { $actual.Description | Should -Be $expectedDescription } } + + Context "Add-GroupToSsoGroup" { + It 'Should add a newly created SsoGroup to another SsoGroup' { + # Arrange + $groupName = 'TestGroup5' + $groupToAdd = New-SsoGroup -Name $groupName + $script:testGroupsToDelete += $groupToAdd + + $targetGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + + # Act + $groupToAdd | Add-GroupToSsoGroup -TargetGroup $targetGroup + + # Assert + ## TODO: Implement Get Group Members and verify + } + } + + Context "Remove-GroupFromSsoGroup" { + It 'Should remove a SsoGroup from another SsoGroup' { + # Arrange + $groupName = 'TestGroup6' + $groupToRemove = New-SsoGroup -Name $groupName + $script:testGroupsToDelete += $groupToRemove + + $targetGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + $groupToRemove | Add-GroupToSsoGroup -TargetGroup $targetGroup + + # Act + $groupToRemove | Remove-GroupFromSsoGroup -TargetGroup $targetGroup + + # Assert + ## TODO: Implement Get Group Members and verify + } + } + + Context "Add-UserToSsoGroup" { + It 'Should add a newly created PersonUser to SsoGroup' { + # Arrange + $expectedUser = New-SsoPersonUser -User 'GroupTestUser1' -Password 'MyStrongPa$$w0rd' + $script:testUsersToDelete += $expectedUser + + $targetGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + + # Act + $expectedUser | Add-UserToSsoGroup -TargetGroup $targetGroup + + # Assert + $actualUsers = $targetGroup | Get-SsoPersonUser + $actualUsers | Where-Object { $_.Name -eq $expectedUser.Name} | Should -Not -Be $null + } + } + + Context "Remove-GroupFromSsoGroup" { + It 'Should remove a SsoGroup from another SsoGroup' { + # Arrange + $expectedUser = New-SsoPersonUser -User 'GroupTestUser2' -Password 'MyStrongPa$$w0rd' + $script:testUsersToDelete += $expectedUser + + $targetGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' + $expectedUser | Add-UserToSsoGroup -TargetGroup $targetGroup + + # Act + $expectedUser | Remove-UserFromSsoGroup -TargetGroup $targetGroup + + # Assert + $actualUsers = $targetGroup | Get-SsoPersonUser + $actualUsers | Where-Object { $_.Name -eq $expectedUser.Name} | Should -Be $null + } + } } \ No newline at end of file