voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement Add/Remove User to/from Group

Browse Source
This commit is contained in:
dmilov
2020-09-29 16:52:17 +03:00
parent 0cf0626f4c
commit 5fb63bb345
7 changed files with 264 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
View File

@@ -34,7 +34,7 @@ RequiredModules = @(
) )
# Functions to export from this module # Functions to export from this module
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Remove-PersonUser', 'Get-Group') FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group')
# Cmdlets to export from this module # Cmdlets to export from this module
CmdletsToExport = @() CmdletsToExport = @()

123
Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
View File

@@ -406,6 +406,129 @@ function Get-PersonUser {
} }
} }
function Set-PersonUser {
<#
.NOTES
===========================================================================
Created on: 9/29/2020
Created by: Dimitar Milov
Twitter: @dimitar_milov
Github: https://github.com/dmilov
===========================================================================
.DESCRIPTION
Updates person user account.
Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
If you specify PersonUser and on the server there is user with same Id it will be deleted.
.PARAMETER User
Specifies the PersonUser instance to update.
Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
If you specify PersonUser and on the server there is user with same Id it will be deleted.
.PARAMETER Group
Specifies the Group you want to add or remove PwersonUser from.
Nota Bene! Have in mind Group objects don't carry information about the connection.
If you specify Group and on the server there is user with same Id it will be deleted.
.PARAMETER Add
Specifies user will be added to the spcified group.
.PARAMETER Remove
Specifies user will be removed from the spcified group.
.PARAMETER Server
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
.EXAMPLE
Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
Adds $myPersonUser to $myExampleGroup
.EXAMPLE
Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection
Removec $myPersonUser from $myExampleGroup
#>
[CmdletBinding(ConfirmImpact='Medium')]
param(
[Parameter(
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Person User instance you want to update')]
[VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
$User,
[Parameter(
ParameterSetName = 'AddToGroup',
Mandatory=$true,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Group instance you want user to be added to or removed from')]
[Parameter(
ParameterSetName = 'RemoveFromGroup',
Mandatory=$true,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Group instance you want user to be added to or removed from')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
$Group,
[Parameter(
ParameterSetName = 'AddToGroup',
Mandatory=$true)]
[switch]
$Add,
[Parameter(
ParameterSetName = 'RemoveFromGroup',
Mandatory=$true)]
[switch]
$Remove,
[Parameter(
Mandatory=$false,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$false,
HelpMessage='Connected SsoAdminServer object')]
[ValidateNotNull()]
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
$Server)
Process {
$serversToProcess = $global:DefaultSsoAdminServers
if ($Server -ne $null) {
$serversToProcess = $Server
}
foreach ($connection in $serversToProcess) {
if (-not $connection.IsConnected) {
Write-Error "Server $connection is disconnected"
continue
}
if ($Add) {
$result = $connection.Client.AddPersonUserToGroup($User, $Group)
if ($result) {
Write-Output $User
}
}
if ($Remove) {
$result = $connection.Client.RemovePersonUserFromGroup($User, $Group)
if ($result) {
Write-Output $User
}
}
}
}
}
function Remove-PersonUser { function Remove-PersonUser {
<# <#
.NOTES .NOTES

BIN
Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

BIN
Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll
View File

Binary file not shown.

26
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
View File

@@ -93,5 +93,31 @@ namespace VMware.vSphere.SsoAdminClient.Tests
Assert.Greater(actual.Length, 1); Assert.Greater(actual.Length, 1);
Assert.AreEqual("localos", actual[0].Domain); Assert.AreEqual("localos", actual[0].Domain);
} }
[Test]
public void AddRemoveUserFromGroup() {
// Arrange
var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
var expectedUserName = "test-user5";
var expectedPassword = "te$tPa$sW0rd";
var newUser = ssoAdminClient.CreateLocalUser(
expectedUserName,
expectedPassword);
var group = ssoAdminClient.GetGroups("administrators", newUser.Domain).FirstOrDefault<Group>();
// Act
var addActual = ssoAdminClient.AddPersonUserToGroup(newUser, group);
var removeActual = ssoAdminClient.RemovePersonUserFromGroup(newUser, group);
// Assert
Assert.IsTrue(addActual);
Assert.IsTrue(removeActual);
// Cleanup
ssoAdminClient.DeleteLocalUser(
newUser);
}
} }
} }

40
Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
View File

@@ -262,6 +262,46 @@ namespace VMware.vSphere.SsoAdminClient
} }
} }
} }
public bool AddPersonUserToGroup(PersonUser user, DataTypes.Group group) {
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin AddUserToLocalGroupAsync operation
return authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.AddUserToLocalGroupAsync(
new ManagedObjectReference {
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
new SsoPrincipalId {
name = user.Name,
domain = user.Domain
},
group.Name)).Result;
}
public bool RemovePersonUserFromGroup(PersonUser user, DataTypes.Group group) {
// Create Authorization Invocation Context
var authorizedInvocationContext =
CreateAuthorizedInvocationContext();
// Invoke SSO Admin RemoveFromLocalGroupAsync operation
return authorizedInvocationContext.
InvokeOperation(() =>
_ssoAdminBindingClient.RemoveFromLocalGroupAsync(
new ManagedObjectReference {
type = "SsoAdminPrincipalManagementService",
Value = "principalManagementService"
},
new SsoPrincipalId {
name = user.Name,
domain = user.Domain
},
group.Name)).Result;
}
#endregion #endregion
} }
} }

74
Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1
View File

@@ -262,6 +262,80 @@ Describe "PersonUser Tests" {
} }
} }
Context "Set-PersonUser Add/Remove Group" {
It 'Adds person user to group' {
# Arrange
$userName = "TestAddGroupPersonUserName"
$userPassword = '$tr0NG_TestPa$$w0rd'
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $User `
-Password $Password `
-SkipCertificateCheck
$personUserToUpdate = New-PersonUser `
-UserName $userName `
-Password $userPassword `
-Server $connection
$script:usersToCleanup += $personUserToUpdate
$groupUserToBeAddedTo = Get-Group `
-Name 'Administrators' `
-Domain $personUserToUpdate.Domain `
-Server $connection
# Act
$actual = Set-PersonUser `
-User $personUserToUpdate `
-Group $groupUserToBeAddedTo `
-Add `
-Server $connection
# Assert
$actual | Should Not Be $null
}
It 'Removes person user from group' {
# Arrange
$userName = "TestRemoveGroupPersonUserName"
$userPassword = '$tr0NG_TestPa$$w0rd'
$connection = Connect-SsoAdminServer `
-Server $VcAddress `
-User $User `
-Password $Password `
-SkipCertificateCheck
$personUserToUpdate = New-PersonUser `
-UserName $userName `
-Password $userPassword `
-Server $connection
$script:usersToCleanup += $personUserToUpdate
$groupToBeUsed = Get-Group `
-Name 'Administrators' `
-Domain $personUserToUpdate.Domain `
-Server $connection
Set-PersonUser `
-User $personUserToUpdate `
-Group $groupToBeUsed `
-Add `
-Server $connection | Out-Null
# Act
$actual = Set-PersonUser `
-User $personUserToUpdate `
-Group $groupToBeUsed `
-Remove `
-Server $connection
# Assert
$actual | Should Not Be $null
}
}
Context "Remove-PersonUser" { Context "Remove-PersonUser" {
It 'Removes person user' { It 'Removes person user' {
# Arrange # Arrange