diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index d37b9fe..bf40eee 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -34,7 +34,7 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Remove-PersonUser', 'Get-Group') +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index fa317fe..3cae7f6 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -406,6 +406,129 @@ function Get-PersonUser { } } +function Set-PersonUser { +<# + .NOTES + =========================================================================== + Created on: 9/29/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + Updates person user account. + + Nota Bene! Have in mind PersonUser objects don't carry information about the connection. + If you specify PersonUser and on the server there is user with same Id it will be deleted. + + .PARAMETER User + Specifies the PersonUser instance to update. + + Nota Bene! Have in mind PersonUser objects don't carry information about the connection. + If you specify PersonUser and on the server there is user with same Id it will be deleted. + + .PARAMETER Group + Specifies the Group you want to add or remove PwersonUser from. + + Nota Bene! Have in mind Group objects don't carry information about the connection. + If you specify Group and on the server there is user with same Id it will be deleted. + + .PARAMETER Add + Specifies user will be added to the spcified group. + + .PARAMETER Remove + Specifies user will be removed from the spcified group. + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + .EXAMPLE + Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection + + Adds $myPersonUser to $myExampleGroup + + .EXAMPLE + Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection + + Removec $myPersonUser from $myExampleGroup +#> +[CmdletBinding(ConfirmImpact='Medium')] + param( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Person User instance you want to update')] + [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser] + $User, + + [Parameter( + ParameterSetName = 'AddToGroup', + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Group instance you want user to be added to or removed from')] + [Parameter( + ParameterSetName = 'RemoveFromGroup', + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Group instance you want user to be added to or removed from')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $Group, + + [Parameter( + ParameterSetName = 'AddToGroup', + Mandatory=$true)] + [switch] + $Add, + + [Parameter( + ParameterSetName = 'RemoveFromGroup', + Mandatory=$true)] + [switch] + $Remove, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + + Process { + $serversToProcess = $global:DefaultSsoAdminServers + if ($Server -ne $null) { + $serversToProcess = $Server + } + + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + if ($Add) { + $result = $connection.Client.AddPersonUserToGroup($User, $Group) + if ($result) { + Write-Output $User + } + } + + if ($Remove) { + $result = $connection.Client.RemovePersonUserFromGroup($User, $Group) + if ($result) { + Write-Output $User + } + } + } + } +} + function Remove-PersonUser { <# .NOTES diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 43815c1..f25b151 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll index 5ff53b1..20ea038 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs index ab613b7..f1b7ba5 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs @@ -93,5 +93,31 @@ namespace VMware.vSphere.SsoAdminClient.Tests Assert.Greater(actual.Length, 1); Assert.AreEqual("localos", actual[0].Domain); } + + [Test] + public void AddRemoveUserFromGroup() { + // Arrange + var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); + + var expectedUserName = "test-user5"; + var expectedPassword = "te$tPa$sW0rd"; + var newUser = ssoAdminClient.CreateLocalUser( + expectedUserName, + expectedPassword); + + var group = ssoAdminClient.GetGroups("administrators", newUser.Domain).FirstOrDefault(); + + // Act + var addActual = ssoAdminClient.AddPersonUserToGroup(newUser, group); + var removeActual = ssoAdminClient.RemovePersonUserFromGroup(newUser, group); + + // Assert + Assert.IsTrue(addActual); + Assert.IsTrue(removeActual); + + // Cleanup + ssoAdminClient.DeleteLocalUser( + newUser); + } } } \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index 58b0772..a1ad646 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -262,6 +262,46 @@ namespace VMware.vSphere.SsoAdminClient } } } + + public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group) { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin AddUserToLocalGroupAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.AddUserToLocalGroupAsync( + new ManagedObjectReference { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId { + name = user.Name, + domain = user.Domain + }, + group.Name)).Result; + } + + public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin RemoveFromLocalGroupAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.RemoveFromLocalGroupAsync( + new ManagedObjectReference { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId { + name = user.Name, + domain = user.Domain + }, + group.Name)).Result; + } #endregion } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 index 7a1c445..829e61e 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 @@ -262,6 +262,80 @@ Describe "PersonUser Tests" { } } + Context "Set-PersonUser Add/Remove Group" { + It 'Adds person user to group' { + # Arrange + $userName = "TestAddGroupPersonUserName" + $userPassword = '$tr0NG_TestPa$$w0rd' + $connection = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + + $personUserToUpdate = New-PersonUser ` + -UserName $userName ` + -Password $userPassword ` + -Server $connection + + $script:usersToCleanup += $personUserToUpdate + + $groupUserToBeAddedTo = Get-Group ` + -Name 'Administrators' ` + -Domain $personUserToUpdate.Domain ` + -Server $connection + + # Act + $actual = Set-PersonUser ` + -User $personUserToUpdate ` + -Group $groupUserToBeAddedTo ` + -Add ` + -Server $connection + + # Assert + $actual | Should Not Be $null + } + + It 'Removes person user from group' { + # Arrange + $userName = "TestRemoveGroupPersonUserName" + $userPassword = '$tr0NG_TestPa$$w0rd' + $connection = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + + $personUserToUpdate = New-PersonUser ` + -UserName $userName ` + -Password $userPassword ` + -Server $connection + + $script:usersToCleanup += $personUserToUpdate + + $groupToBeUsed = Get-Group ` + -Name 'Administrators' ` + -Domain $personUserToUpdate.Domain ` + -Server $connection + + Set-PersonUser ` + -User $personUserToUpdate ` + -Group $groupToBeUsed ` + -Add ` + -Server $connection | Out-Null + + # Act + $actual = Set-PersonUser ` + -User $personUserToUpdate ` + -Group $groupToBeUsed ` + -Remove ` + -Server $connection + + # Assert + $actual | Should Not Be $null + } + } + Context "Remove-PersonUser" { It 'Removes person user' { # Arrange