voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update VAMI.psm1

Browse Source 
Fixes #536.  The fullname vs. full_name options appear to have changed between the techpreview and GA of the API and have been accounted for in this update.  Additionally, after making a change so that the error message was present, the second issue showed to be type casting related.  For example, the input parameter for PasswordExpires is a switch, but the API was expecting a string.  This has been resolved with this commit.

When testing New-VAMIUser, I wanted to confirm success using Get-VAMIUser, but found a new bug where passing in a specific user through the Name property would fail with a vSphere 7 test environment.  This commit also includes a fix for that issue.

Changes to New-VAMIUser and Get-VAMIUser have been tested against 6.5, 6.7, and 7.0 environments and should function as expected.

Signed-off-by: Brian Wuchner <brian.wuchner@gmail.com>
This commit is contained in:
Brian Wuchner
2022-02-09 21:17:39 -05:00
parent 7a43b1096b
commit 9964e16338
1 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
Modules/VAMI/VAMI.psm1
View File

@@ -655,38 +655,46 @@ Function Get-VAMIUser {
$userAPI = Get-VAMIServiceAPI -NameFilter "accounts" $userAPI = Get-VAMIServiceAPI -NameFilter "accounts"
$UserResults = @() $UserResults = @()
if (($Name -ne "") -and ($null -ne $Name)) { # Get a list of users
try { try {
$Users = $UserAPI.get($name)
} catch {
Write-Error $Error[0].exception.Message
}
} else {
$Users = $UserAPI.list() $Users = $UserAPI.list()
} catch {
write-error $_
} }
# Apply filtering if Name input is provided
if ($Name -ne '' -AND $Name -ne $null) {
# For 6.5 API, the username is part of the list returnset; for 6.7/7.x API the value from the list is the username. Because of this we will use an OR filter to account for either case.
$Users = $Users | Where-Object {$_.username -eq $name -OR $_.value -eq $name}
}
if ($Users.status) { if ($Users.status) {
# This is for 6.5 API, which has a status property; in newer API response there is an enabled property with values of True/False
foreach ($User in $Users) { foreach ($User in $Users) {
$UserString = [pscustomobject] @{ $UserString = [pscustomobject] @{
User = $User.username User = $User.username
Name = $User.fullname Name = $User.fullname
Email = $User.email Email = $User.email
Status = $User.status Enabled = if ($User.status -eq 'enabled' ) { $true } else { $false }
LastPasswordChange = 'Unknown'
PasswordExpiresAt = 'Unknown'
PasswordStatus = $User.passwordstatus PasswordStatus = $User.passwordstatus
Roles = @($User.role) Roles = @($User.role)
} }
$UserResults += $UserString $UserResults += $UserString
} }
} else { } else {
# This is for 6.7/7.0+ API response
foreach ($User in $Users) { foreach ($User in $Users) {
$UserInfo = $userAPI.get($user) $UserInfo = $userAPI.get($User.Value)
$UserString = [pscustomobject] @{ $UserString = [pscustomobject] @{
User = $User.value User = $User.value
Name = $UserInfo.fullname Name = $UserInfo.fullname
Email = $UserInfo.email Email = $UserInfo.email
Status = $UserInfo.enabled Enabled = $UserInfo.enabled
LastPasswordChange = $UserInfo.last_password_change LastPasswordChange = $UserInfo.last_password_change
PasswordExpiresAt = $UserInfo.password_expires_at PasswordExpiresAt = $UserInfo.password_expires_at
PasswordStatus = if ($UserInfo.has_password) { if ((!!$UserInfo.password_expires_at) -and ([datetime]$UserInfo.password_expires_at -lt (get-date))) {"good"} else {"expired"}} else { "notset"} PasswordStatus = if ($UserInfo.has_password) { if ((!!$UserInfo.password_expires_at) -and ( (Get-Date) -lt [datetime]$UserInfo.password_expires_at)) {'valid'} else {'expired'}} else { 'notset'}
Roles = $UserInfo.roles Roles = $UserInfo.roles
} }
$UserResults += $UserString $UserResults += $UserString
@@ -741,18 +749,19 @@ Function New-VAMIUser {
$userAPI = Get-VAMIServiceAPI -NameFilter "accounts" $userAPI = Get-VAMIServiceAPI -NameFilter "accounts"
if ($userAPI.name -eq 'com.vmware.appliance.techpreview.localaccounts.user') { if ($userAPI.name -eq 'com.vmware.appliance.techpreview.localaccounts.user') {
$CreateSpec = $UserAPI.Help.add.config.CreateExample() $CreateSpec = $UserAPI.Help.add.config.Create()
} else { } else {
$CreateSpec = $UserAPI.Help.create.config.CreateExample() $CreateSpec = $UserAPI.Help.create.config.Create()
} }
$CreateSpec.fullname = $FullName
$CreateSpec.role = $Role
$CreateSpec.email = $Email $CreateSpec.email = $Email
$CreateSpec.password = [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$Password $CreateSpec.password = [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$Password
if ($CreateSpec.psobject.properties.name -contains "username") { if ($CreateSpec.psobject.properties.name -contains "username") {
# This is for 6.5 API
$CreateSpec.username = $Name $CreateSpec.username = $Name
$CreateSpec.fullname = $FullName
$CreateSpec.role = $Role
try { try {
Write-Host "Creating new user $Name ..." Write-Host "Creating new user $Name ..."
$UserAPI.add($CreateSpec) $UserAPI.add($CreateSpec)
@@ -760,14 +769,17 @@ Function New-VAMIUser {
Write-Error $Error[0].exception.Message Write-Error $Error[0].exception.Message
} }
} else { } else {
$CreateSpec.password_expires = $PasswordExpires # This is for 6.7/7.0+ API
$CreateSpec.full_name = $FullName
$CreateSpec.roles = @($Role)
$CreateSpec.password_expires = [string]$PasswordExpires
$CreateSpec.password_expires_at = $PasswordExpiresAt $CreateSpec.password_expires_at = $PasswordExpiresAt
$CreateSpec.max_days_between_password_change = $MaxPasswordAge $CreateSpec.max_days_between_password_change = $MaxPasswordAge
try { try {
Write-Host "Creating new user $Name ..." Write-Host "Creating new user $Name ..."
$UserAPI.create($Name, $CreateSpec) $UserAPI.create($Name, $CreateSpec)
} catch { } catch {
Write-Error $Error[0].exception.Message Write-Error $_
} }
} }
} }