diff --git a/Modules/VMware.vSphere.SsoAdmin/Group.ps1 b/Modules/VMware.vSphere.SsoAdmin/Group.ps1 index 6f04d33..9e0da4f 100644 --- a/Modules/VMware.vSphere.SsoAdmin/Group.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/Group.ps1 @@ -107,6 +107,8 @@ function Get-SsoGroup { .PARAMETER Domain Specifies the Domain in which search will be applied, default is 'localos'. + .PARAMETER Group + Specifies the group in which search for person user members will be applied. .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. @@ -128,6 +130,7 @@ function Get-SsoGroup { $Name, [Parameter( + ParameterSetName = 'ByNameAndDomain', Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, @@ -136,6 +139,16 @@ function Get-SsoGroup { $Domain = 'localos', [Parameter( + ParameterSetName = 'ByGroup', + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $false, + HelpMessage = 'Searches group members of the specified group')] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $Group, + + [Parameter( + ParameterSetName = 'ByNameAndDomain', Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, @@ -146,38 +159,70 @@ function Get-SsoGroup { Process { $serversToProcess = $global:DefaultSsoAdminServers.ToArray() - if ($Server -ne $null) { + if ($null -ne $Server) { $serversToProcess = $Server } - if ($Name -eq $null) { + if ($null -eq $Name) { $Name = [string]::Empty } try { - foreach ($connection in $serversToProcess) { - if (-not $connection.IsConnected) { - Write-Error "Server $connection is disconnected" - continue + if ($null -ne $Group) { + + foreach ($g in $Group) { + $ssoAdminClient = $g.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$g' is from disconnected server" + continue + } + + foreach ($resultGroup in $ssoAdminClient.GetGroupsInGroup( + (RemoveWildcardSymbols $Name), + $Group)) { + + if ([string]::IsNullOrEmpty($Name) ) { + Write-Output $resultGroup + } + else { + # Apply Name filtering + if ((HasWildcardSymbols $Name) -and ` + $resultGroup.Name -like $Name) { + Write-Output $resultGroup + } + elseif ($resultGroup.Name -eq $Name) { + # Exactly equal + Write-Output $resultGroup + } + } + } } - foreach ($group in $connection.Client.GetGroups( - (RemoveWildcardSymbols $Name), - $Domain)) { - - - if ([string]::IsNullOrEmpty($Name) ) { - Write-Output $group + } else { + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue } - else { - # Apply Name filtering - if ((HasWildcardSymbols $Name) -and ` - $group.Name -like $Name) { - Write-Output $group + + foreach ($resultGroup in $connection.Client.GetGroups( + (RemoveWildcardSymbols $Name), + $Domain)) { + + + if ([string]::IsNullOrEmpty($Name) ) { + Write-Output $resultGroup } - elseif ($group.Name -eq $Name) { - # Exactly equal - Write-Output $group + else { + # Apply Name filtering + if ((HasWildcardSymbols $Name) -and ` + $resultGroup.Name -like $Name) { + Write-Output $resultGroup + } + elseif ($resultGroup.Name -eq $Name) { + # Exactly equal + Write-Output $resultGroup + } } } } @@ -205,7 +250,7 @@ function Set-SsoGroup { .DESCRIPTION Updates Local Sso Group details - .PARAMETER Gtoup + .PARAMETER Group Specifies the group instace to update. .PARAMETER Description diff --git a/Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1 b/Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1 index 305e66f..ffe39cd 100644 --- a/Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1 @@ -155,6 +155,8 @@ function Get-SsoPersonUser { .PARAMETER Domain Specifies the Domain in which search will be applied, default is 'localos'. + .PARAMETER Group + Specifies the group in which search for person user members will be applied. .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll index e686b49..596e661 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 04f65e3..e05ae44 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll index 1e8a71e..ca8d14b 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll index 864158a..4f3958c 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index 3e1f40c..8f4ccfa 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -348,6 +348,43 @@ namespace VMware.vSphere.SsoAdminClient }; } + public IEnumerable GetGroupsInGroup(string searchString, DataTypes.Group group) + { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin FindGroupsInGroupResponse operation + var groups = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindGroupsInGroupAsync( + new ManagedObjectReference + { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoPrincipalId + { + name = group.Name, + domain = group.Domain + }, + searchString, + int.MaxValue)).Result.returnval; + + if (groups != null) + { + foreach (var g in groups) + { + yield return new DataTypes.Group(this) + { + Name = g.id.name, + Domain = g.id.domain, + Description = g.details.description + }; + } + } + } + public DataTypes.Group CreateLocalGroup(string name, string description) { // Create Authorization Invocation Context diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 index 29b5d3c..311673a 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 @@ -153,35 +153,35 @@ Describe "SsoGroup Tests" { Context "Add-GroupToSsoGroup" { It 'Should add a newly created SsoGroup to another SsoGroup' { # Arrange - $groupName = 'TestGroup5' - $groupToAdd = New-SsoGroup -Name $groupName - $script:testGroupsToDelete += $groupToAdd + $expectedGroup = New-SsoGroup -Name 'TestGroup5' + $script:testGroupsToDelete += $expectedGroup $targetGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' # Act - $groupToAdd | Add-GroupToSsoGroup -TargetGroup $targetGroup + $expectedGroup | Add-GroupToSsoGroup -TargetGroup $targetGroup # Assert - ## TODO: Implement Get Group Members and verify + $actualGroups = $targetGroup | Get-SsoGroup + $actualGroups | Where-Object { $_.Name -eq $expectedGroup.Name} | Should -Not -Be $null } } Context "Remove-GroupFromSsoGroup" { It 'Should remove a SsoGroup from another SsoGroup' { # Arrange - $groupName = 'TestGroup6' - $groupToRemove = New-SsoGroup -Name $groupName - $script:testGroupsToDelete += $groupToRemove + $expectedGroup = New-SsoGroup -Name 'TestGroup6' + $script:testGroupsToDelete += $expectedGroup $targetGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' - $groupToRemove | Add-GroupToSsoGroup -TargetGroup $targetGroup + $expectedGroup | Add-GroupToSsoGroup -TargetGroup $targetGroup # Act - $groupToRemove | Remove-GroupFromSsoGroup -TargetGroup $targetGroup + $expectedGroup | Remove-GroupFromSsoGroup -TargetGroup $targetGroup # Assert - ## TODO: Implement Get Group Members and verify + $actualGroups = $targetGroup | Get-SsoGroup + $actualGroups | Where-Object { $_.Name -eq $expectedGroup.Name} | Should -Be $null } }