Implement Set Default Identity Source and Get Default Identity Source (#545)

Signed-off-by: Dimitar Milov <dmilov@vmware.com>
2022-02-25 11:26:10 +02:00
parent 9a302e0473
commit 829307318f
7 changed files with 203 additions and 2 deletions
--- a/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1
@@ -42,6 +42,9 @@ function Add-ExternalDomainIdentitySource {
       .PARAMETER DomainServerType
       Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'

+       .PARAMETER Default
+       Sets the Identity Source as the defualt for the SSO
+
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
@@ -139,6 +142,14 @@ function Add-ExternalDomainIdentitySource {
        [string]
        $DomainServerType = 'ActiveDirectory',

+        [Parameter(
+            Mandatory = $false,
+            ValueFromPipeline = $false,
+            ValueFromPipelineByPropertyName = $false,
+            HelpMessage = 'Sets the Identity Source as default')]
+        [Switch]
+        $Default,
+
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
@@ -170,6 +181,10 @@ function Add-ExternalDomainIdentitySource {
                $Username,
                $Password,
                $DomainServerType);
+
+            if ($Default) {
+                $connection.Client.SetDefaultIdentitySource($Name)
+            }
        }
    }
    catch {
@@ -225,6 +240,9 @@ function Add-LDAPIdentitySource {
       .PARAMETER Certificates
       List of X509Certicate2 LDAP certificates

+       .PARAMETER Default
+       Sets the Identity Source as the defualt for the SSO
+
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
@@ -349,6 +367,14 @@ function Add-LDAPIdentitySource {
        [string]
        $ServerType = 'ActiveDirectory',

+        [Parameter(
+            Mandatory = $false,
+            ValueFromPipeline = $false,
+            ValueFromPipelineByPropertyName = $false,
+            HelpMessage = 'Sets the Identity Source as default')]
+        [Switch]
+        $Default,
+
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
@@ -392,6 +418,10 @@ function Add-LDAPIdentitySource {
                $authenticationPassword,
                $ServerType,
                $Certificates);
+
+            if ($Default) {
+                $connection.Client.SetDefaultIdentitySource($Name)
+            }
        }
    }
    catch {
@@ -426,6 +456,9 @@ function Set-LDAPIdentitySource {
       .PARAMETER Credential
       Domain authentication credential

+       .PARAMETER Default
+       Sets the Identity Source as the defualt for the SSO
+
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
@@ -499,6 +532,15 @@ function Set-LDAPIdentitySource {
        [PSCredential]
        $Credential,

+        [Parameter(
+            Mandatory = $false,
+            ValueFromPipeline = $false,
+            ValueFromPipelineByPropertyName = $false,
+            ParameterSetName = 'SetAsDefault',
+            HelpMessage = 'Sets the Identity Source as default')]
+        [Switch]
+        $Default,
+
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
@@ -549,6 +591,92 @@ function Set-LDAPIdentitySource {
                        $authenticationUserName,
                        $authenticationPassword);
                }
+
+                if ($Default) {
+                    $connection.Client.SetDefaultIdentitySource($IdentitySource.Name)
+                }
+            }
+        }
+        catch {
+            Write-Error (FormatError $_.Exception)
+        }
+    }
+}
+
+function Set-IdentitySource {
+    <#
+       .NOTES
+       ===========================================================================
+       Created on:   	2/25/2022
+       Created by:   	Dimitar Milov
+        Twitter:       @dimitar_milov
+        Github:        https://github.com/dmilov
+       ===========================================================================
+       .DESCRIPTION
+       Updates IDentitySource
+
+       .PARAMETER IdentitySource
+       Identity Source to update
+
+       .PARAMETER Default
+       Sets the Identity Source as the defualt for the SSO
+
+       .PARAMETER Server
+       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+       Updates LDAP Identity Source
+
+       .EXAMPLE
+
+       Updates certificate of a LDAP identity source
+
+       Get-IdentitySource -External | Set-IdentitySource -Default
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(
+            Mandatory = $true,
+            ValueFromPipeline = $true,
+            ValueFromPipelineByPropertyName = $false,
+            HelpMessage = 'Identity source to update')]
+        [ValidateNotNull()]
+        [VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
+        $IdentitySource,
+
+        [Parameter(
+            Mandatory = $false,
+            ValueFromPipeline = $false,
+            ValueFromPipelineByPropertyName = $false,
+            HelpMessage = 'Sets the Identity Source as default')]
+        [Switch]
+        $Default,
+
+        [Parameter(
+            Mandatory = $false,
+            ValueFromPipeline = $false,
+            ValueFromPipelineByPropertyName = $false,
+            HelpMessage = 'Connected SsoAdminServer object')]
+        [ValidateNotNull()]
+        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+        $Server)
+
+    Process {
+        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
+        if ($null -ne $Server) {
+            $serversToProcess = $Server
+        }
+
+        try {
+            foreach ($connection in $serversToProcess) {
+                if (-not $connection.IsConnected) {
+                    Write-Error "Server $connection is disconnected"
+                    continue
+                }
+
+                if ($Default) {
+                    $connection.Client.SetDefaultIdentitySource($IdentitySource.Name)
+                }
            }
        }
        catch {
@@ -578,6 +706,9 @@ function Get-IdentitySource {
       .PARAMETER External
       Filter parameter to return only the external domain identity sources

+       .PARAMETER Default
+       Filter parameter to return only the default domain identity sources
+
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
@@ -614,6 +745,14 @@ function Get-IdentitySource {
        [Switch]
        $External,

+        [Parameter(
+            Mandatory = $false,
+            ValueFromPipeline = $false,
+            ValueFromPipelineByPropertyName = $false,
+            HelpMessage = 'Returns only the default domain identity sources')]
+        [Switch]
+        $Default,
+
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
@@ -652,6 +791,12 @@ function Get-IdentitySource {
            $resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource] }
        }

+        if ($Default) {
+            $resultIdentitySources = @()
+            $defaultDomainName = $connection.Client.GetDefaultIdentitySourceDomainName()
+            $resultIdentitySources = $allIdentitySources | Where-Object { $_.Name -eq $defaultDomainName }
+        }
+
        #Return result
        $resultIdentitySources
    }
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
@@ -12,7 +12,7 @@
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'

 # Version number of this module.
-ModuleVersion = '1.3.7'
+ModuleVersion = '1.3.8'

 # Supported PSEditions
 # CompatiblePSEditions = @()
@@ -77,7 +77,7 @@ FunctionsToExport = 'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer',
               'Add-UserToSsoGroup', 'Remove-UserFromSsoGroup',
               'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy',
               'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy',
-               'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource',
+               'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Set-IdentitySource',
               'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource',
               'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource',
               'Get-SsoAuthenticationPolicy', 'Set-SsoAuthenticationPolicy'
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
@@ -1316,6 +1316,62 @@ namespace VMware.vSphere.SsoAdminClient
            }
        }

+        public void SetDefaultIdentitySource(string domainName)
+        {
+            var authorizedInvocationContext =
+               CreateAuthorizedInvocationContext();
+
+            var setDefaultDomainRequest = new IdS_setDefaultDomainsRequest
+            {
+                domainNames = new string[]{domainName}
+            };
+
+            try
+            {
+                authorizedInvocationContext.
+                InvokeOperation(() =>
+                   _ssoAdminBindingClient.IdS_setDefaultDomainsAsync(
+                      new ManagedObjectReference
+                      {
+                          type = "SsoAdminIdentitySourceManagementService",
+                          Value = "identitySourceManagementService"
+                      },
+                      new string[]{domainName})).Wait();
+            }
+            catch (AggregateException e)
+            {
+                throw e.InnerException;
+            }
+        }
+
+        public string GetDefaultIdentitySourceDomainName()
+        {
+            string result = null;
+            var authorizedInvocationContext =
+               CreateAuthorizedInvocationContext();
+
+            try
+            {
+                var response = authorizedInvocationContext.
+                InvokeOperation(() =>
+                   _ssoAdminBindingClient.IdS_getDefaultDomainsAsync(
+                      new ManagedObjectReference
+                      {
+                          type = "SsoAdminIdentitySourceManagementService",
+                          Value = "identitySourceManagementService"
+                      })).Result;
+                if (response != null && response.returnval != null && response.returnval.Length > 0) {
+                    result = response.returnval[0];
+                }
+            }
+            catch (AggregateException e)
+            {
+                throw e.InnerException;
+            }
+
+            return result;
+        }
+
        public void DeleteDomain(string name)
        {