Implement Add/Remove User to/from Group
This commit is contained in:
dmilov
@@ -34,7 +34,7 @@ RequiredModules = @(
|
||||
)
|
||||
|
||||
# Functions to export from this module
|
||||
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Remove-PersonUser', 'Get-Group')
|
||||
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group')
|
||||
|
||||
# Cmdlets to export from this module
|
||||
CmdletsToExport = @()
|
||||
|
||||
@@ -406,6 +406,129 @@ function Get-PersonUser {
|
||||
}
|
||||
}
|
||||
|
||||
function Set-PersonUser {
|
||||
<#
|
||||
.NOTES
|
||||
===========================================================================
|
||||
Created on: 9/29/2020
|
||||
Created by: Dimitar Milov
|
||||
Twitter: @dimitar_milov
|
||||
Github: https://github.com/dmilov
|
||||
===========================================================================
|
||||
.DESCRIPTION
|
||||
Updates person user account.
|
||||
|
||||
Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
|
||||
If you specify PersonUser and on the server there is user with same Id it will be deleted.
|
||||
|
||||
.PARAMETER User
|
||||
Specifies the PersonUser instance to update.
|
||||
|
||||
Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
|
||||
If you specify PersonUser and on the server there is user with same Id it will be deleted.
|
||||
|
||||
.PARAMETER Group
|
||||
Specifies the Group you want to add or remove PwersonUser from.
|
||||
|
||||
Nota Bene! Have in mind Group objects don't carry information about the connection.
|
||||
If you specify Group and on the server there is user with same Id it will be deleted.
|
||||
|
||||
.PARAMETER Add
|
||||
Specifies user will be added to the spcified group.
|
||||
|
||||
.PARAMETER Remove
|
||||
Specifies user will be removed from the spcified group.
|
||||
|
||||
.PARAMETER Server
|
||||
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
|
||||
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
|
||||
|
||||
.EXAMPLE
|
||||
Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
|
||||
|
||||
Adds $myPersonUser to $myExampleGroup
|
||||
|
||||
.EXAMPLE
|
||||
Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection
|
||||
|
||||
Removec $myPersonUser from $myExampleGroup
|
||||
#>
|
||||
[CmdletBinding(ConfirmImpact='Medium')]
|
||||
param(
|
||||
[Parameter(
|
||||
Mandatory=$true,
|
||||
ValueFromPipeline=$true,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
HelpMessage='Person User instance you want to update')]
|
||||
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
|
||||
$User,
|
||||
|
||||
[Parameter(
|
||||
ParameterSetName = 'AddToGroup',
|
||||
Mandatory=$true,
|
||||
ValueFromPipeline=$false,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
HelpMessage='Group instance you want user to be added to or removed from')]
|
||||
[Parameter(
|
||||
ParameterSetName = 'RemoveFromGroup',
|
||||
Mandatory=$true,
|
||||
ValueFromPipeline=$false,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
HelpMessage='Group instance you want user to be added to or removed from')]
|
||||
[ValidateNotNull()]
|
||||
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
|
||||
$Group,
|
||||
|
||||
[Parameter(
|
||||
ParameterSetName = 'AddToGroup',
|
||||
Mandatory=$true)]
|
||||
[switch]
|
||||
$Add,
|
||||
|
||||
[Parameter(
|
||||
ParameterSetName = 'RemoveFromGroup',
|
||||
Mandatory=$true)]
|
||||
[switch]
|
||||
$Remove,
|
||||
|
||||
[Parameter(
|
||||
Mandatory=$false,
|
||||
ValueFromPipeline=$false,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
HelpMessage='Connected SsoAdminServer object')]
|
||||
[ValidateNotNull()]
|
||||
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
|
||||
$Server)
|
||||
|
||||
Process {
|
||||
$serversToProcess = $global:DefaultSsoAdminServers
|
||||
if ($Server -ne $null) {
|
||||
$serversToProcess = $Server
|
||||
}
|
||||
|
||||
foreach ($connection in $serversToProcess) {
|
||||
if (-not $connection.IsConnected) {
|
||||
Write-Error "Server $connection is disconnected"
|
||||
continue
|
||||
}
|
||||
|
||||
if ($Add) {
|
||||
$result = $connection.Client.AddPersonUserToGroup($User, $Group)
|
||||
if ($result) {
|
||||
Write-Output $User
|
||||
}
|
||||
}
|
||||
|
||||
if ($Remove) {
|
||||
$result = $connection.Client.RemovePersonUserFromGroup($User, $Group)
|
||||
if ($result) {
|
||||
Write-Output $User
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function Remove-PersonUser {
|
||||
<#
|
||||
.NOTES
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -93,5 +93,31 @@ namespace VMware.vSphere.SsoAdminClient.Tests
|
||||
Assert.Greater(actual.Length, 1);
|
||||
Assert.AreEqual("localos", actual[0].Domain);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void AddRemoveUserFromGroup() {
|
||||
// Arrange
|
||||
var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
|
||||
|
||||
var expectedUserName = "test-user5";
|
||||
var expectedPassword = "te$tPa$sW0rd";
|
||||
var newUser = ssoAdminClient.CreateLocalUser(
|
||||
expectedUserName,
|
||||
expectedPassword);
|
||||
|
||||
var group = ssoAdminClient.GetGroups("administrators", newUser.Domain).FirstOrDefault<Group>();
|
||||
|
||||
// Act
|
||||
var addActual = ssoAdminClient.AddPersonUserToGroup(newUser, group);
|
||||
var removeActual = ssoAdminClient.RemovePersonUserFromGroup(newUser, group);
|
||||
|
||||
// Assert
|
||||
Assert.IsTrue(addActual);
|
||||
Assert.IsTrue(removeActual);
|
||||
|
||||
// Cleanup
|
||||
ssoAdminClient.DeleteLocalUser(
|
||||
newUser);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -262,6 +262,46 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group) {
|
||||
// Create Authorization Invocation Context
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
// Invoke SSO Admin AddUserToLocalGroupAsync operation
|
||||
return authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.AddUserToLocalGroupAsync(
|
||||
new ManagedObjectReference {
|
||||
type = "SsoAdminPrincipalManagementService",
|
||||
Value = "principalManagementService"
|
||||
},
|
||||
new SsoPrincipalId {
|
||||
name = user.Name,
|
||||
domain = user.Domain
|
||||
},
|
||||
group.Name)).Result;
|
||||
}
|
||||
|
||||
public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) {
|
||||
// Create Authorization Invocation Context
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
// Invoke SSO Admin RemoveFromLocalGroupAsync operation
|
||||
return authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.RemoveFromLocalGroupAsync(
|
||||
new ManagedObjectReference {
|
||||
type = "SsoAdminPrincipalManagementService",
|
||||
Value = "principalManagementService"
|
||||
},
|
||||
new SsoPrincipalId {
|
||||
name = user.Name,
|
||||
domain = user.Domain
|
||||
},
|
||||
group.Name)).Result;
|
||||
}
|
||||
#endregion
|
||||
}
|
||||
}
|
||||
|
||||
@@ -262,6 +262,80 @@ Describe "PersonUser Tests" {
|
||||
}
|
||||
}
|
||||
|
||||
Context "Set-PersonUser Add/Remove Group" {
|
||||
It 'Adds person user to group' {
|
||||
# Arrange
|
||||
$userName = "TestAddGroupPersonUserName"
|
||||
$userPassword = '$tr0NG_TestPa$$w0rd'
|
||||
$connection = Connect-SsoAdminServer `
|
||||
-Server $VcAddress `
|
||||
-User $User `
|
||||
-Password $Password `
|
||||
-SkipCertificateCheck
|
||||
|
||||
$personUserToUpdate = New-PersonUser `
|
||||
-UserName $userName `
|
||||
-Password $userPassword `
|
||||
-Server $connection
|
||||
|
||||
$script:usersToCleanup += $personUserToUpdate
|
||||
|
||||
$groupUserToBeAddedTo = Get-Group `
|
||||
-Name 'Administrators' `
|
||||
-Domain $personUserToUpdate.Domain `
|
||||
-Server $connection
|
||||
|
||||
# Act
|
||||
$actual = Set-PersonUser `
|
||||
-User $personUserToUpdate `
|
||||
-Group $groupUserToBeAddedTo `
|
||||
-Add `
|
||||
-Server $connection
|
||||
|
||||
# Assert
|
||||
$actual | Should Not Be $null
|
||||
}
|
||||
|
||||
It 'Removes person user from group' {
|
||||
# Arrange
|
||||
$userName = "TestRemoveGroupPersonUserName"
|
||||
$userPassword = '$tr0NG_TestPa$$w0rd'
|
||||
$connection = Connect-SsoAdminServer `
|
||||
-Server $VcAddress `
|
||||
-User $User `
|
||||
-Password $Password `
|
||||
-SkipCertificateCheck
|
||||
|
||||
$personUserToUpdate = New-PersonUser `
|
||||
-UserName $userName `
|
||||
-Password $userPassword `
|
||||
-Server $connection
|
||||
|
||||
$script:usersToCleanup += $personUserToUpdate
|
||||
|
||||
$groupToBeUsed = Get-Group `
|
||||
-Name 'Administrators' `
|
||||
-Domain $personUserToUpdate.Domain `
|
||||
-Server $connection
|
||||
|
||||
Set-PersonUser `
|
||||
-User $personUserToUpdate `
|
||||
-Group $groupToBeUsed `
|
||||
-Add `
|
||||
-Server $connection | Out-Null
|
||||
|
||||
# Act
|
||||
$actual = Set-PersonUser `
|
||||
-User $personUserToUpdate `
|
||||
-Group $groupToBeUsed `
|
||||
-Remove `
|
||||
-Server $connection
|
||||
|
||||
# Assert
|
||||
$actual | Should Not Be $null
|
||||
}
|
||||
}
|
||||
|
||||
Context "Remove-PersonUser" {
|
||||
It 'Removes person user' {
|
||||
# Arrange
|
||||
|
||||
Reference in New Issue
Block a user