Merge pull request #441 from dmilov/dmilov/new-ssoadmin-features
Add new features in Get-SsoPersonUser and new cmdlet Remove-IdentitySource
This commit is contained in:
dmilov
GitHub
@@ -11,7 +11,7 @@
|
||||
RootModule = 'VMware.vSphere.SsoAdmin.psm1'
|
||||
|
||||
# Version number of this module.
|
||||
ModuleVersion = '1.2.2'
|
||||
ModuleVersion = '1.2.3'
|
||||
|
||||
# ID used to uniquely identify this module
|
||||
GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
|
||||
@@ -34,7 +34,7 @@ RequiredModules = @(
|
||||
)
|
||||
|
||||
# Functions to export from this module
|
||||
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword')
|
||||
FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword')
|
||||
|
||||
# Cmdlets to export from this module
|
||||
CmdletsToExport = @()
|
||||
|
||||
@@ -394,6 +394,11 @@ function Get-SsoPersonUser {
|
||||
Get-SsoPersonUser -Name admin -Domain vsphere.local
|
||||
|
||||
Gets person user accounts which contain name 'admin' in 'vsphere.local' domain
|
||||
|
||||
.EXAMPLE
|
||||
Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
|
||||
|
||||
Gets person user accounts members of 'Administrators' group
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
@@ -406,6 +411,7 @@ function Get-SsoPersonUser {
|
||||
$Name,
|
||||
|
||||
[Parameter(
|
||||
ParameterSetName = 'ByNameAndDomain',
|
||||
Mandatory=$false,
|
||||
ValueFromPipeline=$false,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
@@ -413,6 +419,15 @@ function Get-SsoPersonUser {
|
||||
[string]
|
||||
$Domain = 'localos',
|
||||
|
||||
[Parameter(
|
||||
ParameterSetName = 'ByGroup',
|
||||
Mandatory=$true,
|
||||
ValueFromPipeline=$true,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
HelpMessage='Searches members of the specified group')]
|
||||
[VMware.vSphere.SsoAdminClient.DataTypes.Group]
|
||||
$Group,
|
||||
|
||||
[Parameter(
|
||||
Mandatory=$false,
|
||||
ValueFromPipeline=$false,
|
||||
@@ -439,21 +454,31 @@ function Get-SsoPersonUser {
|
||||
continue
|
||||
}
|
||||
|
||||
foreach ($personUser in $connection.Client.GetLocalUsers(
|
||||
(RemoveWildcardSymbols $Name),
|
||||
$Domain)) {
|
||||
$personUsers = $null
|
||||
|
||||
if ($Group -ne $null) {
|
||||
$personUsers = $connection.Client.GetPersonUsersInGroup(
|
||||
(RemoveWildcardSymbols $Name),
|
||||
$Group)
|
||||
} else {
|
||||
$personUsers = $connection.Client.GetLocalUsers(
|
||||
(RemoveWildcardSymbols $Name),
|
||||
$Domain)
|
||||
}
|
||||
|
||||
if ([string]::IsNullOrEmpty($Name) ) {
|
||||
Write-Output $personUser
|
||||
} else {
|
||||
# Apply Name filtering
|
||||
if ((HasWildcardSymbols $Name) -and `
|
||||
$personUser.Name -like $Name) {
|
||||
Write-Output $personUser
|
||||
} elseif ($personUser.Name -eq $Name) {
|
||||
# Exactly equal
|
||||
if ($personUsers -ne $null) {
|
||||
foreach ($personUser in $personUsers) {
|
||||
if ([string]::IsNullOrEmpty($Name) ) {
|
||||
Write-Output $personUser
|
||||
} else {
|
||||
# Apply Name filtering
|
||||
if ((HasWildcardSymbols $Name) -and `
|
||||
$personUser.Name -like $Name) {
|
||||
Write-Output $personUser
|
||||
} elseif ($personUser.Name -eq $Name) {
|
||||
# Exactly equal
|
||||
Write-Output $personUser
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1808,6 +1833,7 @@ Process {
|
||||
$IdentitySource.Name,
|
||||
$IdentitySource.FriendlyName,
|
||||
$IdentitySource.PrimaryUrl,
|
||||
$IdentitySource.FailoverUrl,
|
||||
$IdentitySource.UserBaseDN,
|
||||
$IdentitySource.GroupBaseDN,
|
||||
$Certificates);
|
||||
@@ -1917,4 +1943,72 @@ function Get-IdentitySource {
|
||||
$resultIdentitySources
|
||||
}
|
||||
}
|
||||
|
||||
function Remove-IdentitySource {
|
||||
<#
|
||||
.NOTES
|
||||
===========================================================================
|
||||
Created on: 03/19/2021
|
||||
Created by: Dimitar Milov
|
||||
Twitter: @dimitar_milov
|
||||
Github: https://github.com/dmilov
|
||||
===========================================================================
|
||||
.DESCRIPTION
|
||||
This function removes Identity Source.
|
||||
|
||||
.PARAMETER IdentitySource
|
||||
The identity source to remove
|
||||
|
||||
.PARAMETER Server
|
||||
Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
|
||||
If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
|
||||
|
||||
.EXAMPLE
|
||||
Get-IdentitySource -External | Remove-IdentitySource
|
||||
|
||||
Removes all external domain identity source
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
|
||||
[Parameter(
|
||||
Mandatory=$true,
|
||||
ValueFromPipeline=$true,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
HelpMessage='Identity source to remove')]
|
||||
[ValidateNotNull()]
|
||||
[VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
|
||||
$IdentitySource,
|
||||
|
||||
[Parameter(
|
||||
Mandatory=$false,
|
||||
ValueFromPipeline=$false,
|
||||
ValueFromPipelineByPropertyName=$false,
|
||||
HelpMessage='Connected SsoAdminServer object')]
|
||||
[ValidateNotNull()]
|
||||
[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
|
||||
$Server)
|
||||
|
||||
Process {
|
||||
|
||||
$serversToProcess = $global:DefaultSsoAdminServers.ToArray()
|
||||
if ($Server -ne $null) {
|
||||
$serversToProcess = $Server
|
||||
}
|
||||
|
||||
|
||||
try {
|
||||
foreach ($connection in $serversToProcess) {
|
||||
if (-not $connection.IsConnected) {
|
||||
Write-Error "Server $connection is disconnected"
|
||||
continue
|
||||
}
|
||||
|
||||
$connection.Client.DeleteDomain($IdentitySource.Name)
|
||||
}
|
||||
} catch {
|
||||
Write-Error (FormatError $_.Exception)
|
||||
}
|
||||
}
|
||||
}
|
||||
#endregion
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -97,6 +97,23 @@ namespace VMware.vSphere.SsoAdminClient.Tests
|
||||
Assert.AreEqual("localos", actual[0].Domain);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void GetPersonUsersInGroup() {
|
||||
// Arrange
|
||||
var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
|
||||
|
||||
// Act
|
||||
var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group {
|
||||
Name = "Administrators",
|
||||
Domain = "vsphere.local"
|
||||
}).ToArray();
|
||||
|
||||
// Assert
|
||||
Assert.NotNull(actual);
|
||||
Assert.GreaterOrEqual(actual.Length, 1);
|
||||
Assert.AreEqual("vsphere.local", actual[0].Domain);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void AddRemoveUserFromGroup() {
|
||||
// Arrange
|
||||
|
||||
@@ -20,6 +20,7 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
|
||||
|
||||
public string FriendlyName { get; set; }
|
||||
public string PrimaryUrl { get; set; }
|
||||
public string FailoverUrl { get; set; }
|
||||
public string UserBaseDN { get; set; }
|
||||
public string GroupBaseDN { get; set; }
|
||||
}
|
||||
|
||||
@@ -22,6 +22,8 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
|
||||
public string FirstName { get; set; }
|
||||
public string LastName { get; set; }
|
||||
public string EmailAddress { get; set; }
|
||||
public bool Locked { get; set; }
|
||||
public bool Disabled { get; set; }
|
||||
|
||||
public SsoAdminClient GetClient() {
|
||||
return _client;
|
||||
|
||||
@@ -191,7 +191,9 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
Description = personUser.details.description,
|
||||
FirstName = personUser.details.firstName,
|
||||
LastName = personUser.details.lastName,
|
||||
EmailAddress = personUser.details.emailAddress
|
||||
EmailAddress = personUser.details.emailAddress,
|
||||
Locked = personUser.locked,
|
||||
Disabled = personUser.disabled
|
||||
};
|
||||
}
|
||||
|
||||
@@ -222,13 +224,51 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
Description = personUser.details.description,
|
||||
FirstName = personUser.details.firstName,
|
||||
LastName = personUser.details.lastName,
|
||||
EmailAddress = personUser.details.emailAddress
|
||||
EmailAddress = personUser.details.emailAddress,
|
||||
Locked = personUser.locked,
|
||||
Disabled = personUser.disabled
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public IEnumerable<PersonUser> GetPersonUsersInGroup(string searchString, DataTypes.Group group) {
|
||||
// Create Authorization Invocation Context
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
// Invoke SSO Admin FindPersonUsersAsync operation
|
||||
var personUsers = authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.FindPersonUsersInGroupAsync(
|
||||
new ManagedObjectReference {
|
||||
type = "SsoAdminPrincipalDiscoveryService",
|
||||
Value = "principalDiscoveryService"
|
||||
},
|
||||
new SsoPrincipalId {
|
||||
name = group.Name,
|
||||
domain = group.Domain
|
||||
},
|
||||
searchString,
|
||||
int.MaxValue)).Result.returnval;
|
||||
|
||||
if (personUsers != null) {
|
||||
foreach (var personUser in personUsers) {
|
||||
yield return new PersonUser(this) {
|
||||
Name = personUser.id.name,
|
||||
Domain = personUser.id.domain,
|
||||
Description = personUser.details.description,
|
||||
FirstName = personUser.details.firstName,
|
||||
LastName = personUser.details.lastName,
|
||||
EmailAddress = personUser.details.emailAddress,
|
||||
Locked = personUser.locked,
|
||||
Disabled = personUser.disabled
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void DeleteLocalUser(
|
||||
PersonUser principal) {
|
||||
|
||||
@@ -747,6 +787,7 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
string name,
|
||||
string friendlyName,
|
||||
string primaryUrl,
|
||||
string failoverUrl,
|
||||
string baseDNUsers,
|
||||
string baseDNGroups,
|
||||
X509Certificate2[] ldapCertificates) {
|
||||
@@ -757,6 +798,7 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
|
||||
friendlyName = friendlyName,
|
||||
primaryUrl = primaryUrl,
|
||||
failoverUrl = failoverUrl,
|
||||
userBaseDn = baseDNUsers,
|
||||
groupBaseDn = baseDNGroups
|
||||
};
|
||||
@@ -818,6 +860,7 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username;
|
||||
extIdentitySource.FriendlyName = externalDomain.details?.friendlyName;
|
||||
extIdentitySource.PrimaryUrl = externalDomain.details?.primaryUrl;
|
||||
extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl;
|
||||
extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn;
|
||||
extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn;
|
||||
yield return extIdentitySource;
|
||||
@@ -825,6 +868,25 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void DeleteDomain(string name) {
|
||||
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
try {
|
||||
authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.DeleteAsync(
|
||||
new ManagedObjectReference {
|
||||
type = "SsoAdminIdentitySourceManagementService",
|
||||
Value = "identitySourceManagementService"
|
||||
},
|
||||
name)).Wait();
|
||||
} catch (AggregateException e) {
|
||||
throw e.InnerException;
|
||||
}
|
||||
}
|
||||
#endregion
|
||||
}
|
||||
}
|
||||
|
||||
@@ -145,9 +145,6 @@ function PrepareForRelease {
|
||||
$sourceDir = Split-Path $PSScriptRoot
|
||||
Get-ChildItem -Path $sourceDir -Exclude src, README.md, $targetRootDirName | `
|
||||
Copy-Item -Recurse -Destination $releaseDir
|
||||
|
||||
$catalogFilePath = Join-path $releaseDir ((Get-Item $releaseDir).Name + ".cat")
|
||||
New-FileCatalog -Path $releaseDir -CatalogFilePath $catalogFilePath | Out-Null
|
||||
}
|
||||
|
||||
# 1. Test Build Tools
|
||||
|
||||
@@ -260,6 +260,24 @@ Describe "PersonUser Tests" {
|
||||
# Assert
|
||||
$actual | Should -Be $null
|
||||
}
|
||||
|
||||
It 'Gets person users members of Administrators group' {
|
||||
# Arrange
|
||||
$connection = Connect-SsoAdminServer `
|
||||
-Server $VcAddress `
|
||||
-User $User `
|
||||
-Password $Password `
|
||||
-SkipCertificateCheck
|
||||
|
||||
# Act
|
||||
$actual = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
|
||||
|
||||
# Assert
|
||||
$actual | Should -Not -Be $null
|
||||
$actual.Count | Should -BeGreaterThan 0
|
||||
$actual[0].Name | Should -Not -Be $null
|
||||
$actual[0].Domain | Should -Be 'vsphere.local'
|
||||
}
|
||||
}
|
||||
|
||||
Context "Set-SsoPersonUser" {
|
||||
|
||||
Reference in New Issue
Block a user