Merge pull request #441 from dmilov/dmilov/new-ssoadmin-features

Add new features in Get-SsoPersonUser and new cmdlet Remove-IdentitySource

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1

@@ -11,7 +11,7 @@
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.2.2'
+ModuleVersion = '1.2.3'
 
 # ID used to uniquely identify this module
 GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -34,7 +34,7 @@ RequiredModules = @(
 )
 
 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword')
 
 # Cmdlets to export from this module
 CmdletsToExport = @()

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1

@@ -394,6 +394,11 @@ function Get-SsoPersonUser {
    Get-SsoPersonUser -Name admin -Domain vsphere.local
 
    Gets person user accounts which contain name 'admin' in 'vsphere.local' domain
+
+   .EXAMPLE
+   Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
+
+   Gets person user accounts members of 'Administrators' group
 #>
 [CmdletBinding()]
  param(
@@ -406,6 +411,7 @@ function Get-SsoPersonUser {
    $Name,
 
    [Parameter(
+      ParameterSetName = 'ByNameAndDomain',
       Mandatory=$false,
       ValueFromPipeline=$false,
       ValueFromPipelineByPropertyName=$false,
@@ -413,6 +419,15 @@ function Get-SsoPersonUser {
    [string]
    $Domain = 'localos',
 
+   [Parameter(
+      ParameterSetName = 'ByGroup',
+      Mandatory=$true,
+      ValueFromPipeline=$true,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Searches members of the specified group')]
+   [VMware.vSphere.SsoAdminClient.DataTypes.Group]
+   $Group,
+
    [Parameter(
       Mandatory=$false,
       ValueFromPipeline=$false,
@@ -439,21 +454,31 @@ function Get-SsoPersonUser {
                continue
             }
 
-            foreach ($personUser in $connection.Client.GetLocalUsers(
+            $personUsers = $null
-               (RemoveWildcardSymbols $Name),
-               $Domain)) {
 
+            if ($Group -ne $null) {
+               $personUsers = $connection.Client.GetPersonUsersInGroup(
+                  (RemoveWildcardSymbols $Name),
+                  $Group)
+            } else {
+               $personUsers = $connection.Client.GetLocalUsers(
+                  (RemoveWildcardSymbols $Name),
+                  $Domain)
+            }
 
-               if ([string]::IsNullOrEmpty($Name) ) {
+            if ($personUsers -ne $null) {
-                  Write-Output $personUser
+               foreach ($personUser in $personUsers) {
-               } else {
+                  if ([string]::IsNullOrEmpty($Name) ) {
-                  # Apply Name filtering
-                  if ((HasWildcardSymbols $Name) -and `
-                      $personUser.Name -like $Name) {
-                      Write-Output $personUser
-                  } elseif ($personUser.Name -eq $Name) {
-                     # Exactly equal
                      Write-Output $personUser
+                  } else {
+                     # Apply Name filtering
+                     if ((HasWildcardSymbols $Name) -and `
+                         $personUser.Name -like $Name) {
+                         Write-Output $personUser
+                     } elseif ($personUser.Name -eq $Name) {
+                        # Exactly equal
+                        Write-Output $personUser
+                     }
                   }
                }
             }
@@ -1808,6 +1833,7 @@ Process {
             $IdentitySource.Name,
             $IdentitySource.FriendlyName,
             $IdentitySource.PrimaryUrl,
+            $IdentitySource.FailoverUrl,
             $IdentitySource.UserBaseDN,
             $IdentitySource.GroupBaseDN,
             $Certificates);
@@ -1917,4 +1943,72 @@ function Get-IdentitySource {
       $resultIdentitySources
    }
 }
+
+function Remove-IdentitySource {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   03/19/2021
+   Created by:   Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function removes Identity Source.
+
+   .PARAMETER IdentitySource
+   The identity source to remove
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+   .EXAMPLE
+   Get-IdentitySource -External | Remove-IdentitySource
+
+   Removes all external domain identity source
+#>
+[CmdletBinding()]
+ param(
+
+  [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$true,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Identity source to remove')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
+   $IdentitySource,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+Process {
+
+   $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
+   if ($Server -ne $null) {
+      $serversToProcess = $Server
+   }
+
+
+   try {
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.DeleteDomain($IdentitySource.Name)
+      }
+   } catch {
+      Write-Error (FormatError $_.Exception)
+   }
+}
+}
 #endregion

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs

@@ -97,6 +97,23 @@ namespace VMware.vSphere.SsoAdminClient.Tests
          Assert.AreEqual("localos", actual[0].Domain);
       }
 
+      [Test]
+      public void GetPersonUsersInGroup() {
+         // Arrange
+         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
+
+         // Act
+         var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group { 
+            Name = "Administrators",
+            Domain = "vsphere.local"
+         }).ToArray();
+
+         // Assert
+         Assert.NotNull(actual);
+         Assert.GreaterOrEqual(actual.Length, 1);
+         Assert.AreEqual("vsphere.local", actual[0].Domain);
+      }
+
       [Test]
       public void AddRemoveUserFromGroup() {
          // Arrange

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/ActiveDirectoryIdentitySource.cs

@@ -20,6 +20,7 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
 
       public string FriendlyName { get; set; }
       public string PrimaryUrl { get; set; }
+      public string FailoverUrl { get; set; }
       public string UserBaseDN { get; set; }
       public string GroupBaseDN { get; set; }
    }

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs

@@ -22,6 +22,8 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
       public string FirstName { get; set; }
       public string LastName { get; set; }
       public string EmailAddress { get; set; }
+      public bool Locked { get; set; }
+      public bool Disabled { get; set; }
 
       public SsoAdminClient GetClient() {
          return _client;

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs

@@ -191,7 +191,9 @@ namespace VMware.vSphere.SsoAdminClient
             Description = personUser.details.description,
             FirstName = personUser.details.firstName,
             LastName = personUser.details.lastName,
-            EmailAddress = personUser.details.emailAddress
+            EmailAddress = personUser.details.emailAddress,
+            Locked = personUser.locked,
+            Disabled = personUser.disabled
          };
       }
 
@@ -222,13 +224,51 @@ namespace VMware.vSphere.SsoAdminClient
                   Description = personUser.details.description,
                   FirstName = personUser.details.firstName,
                   LastName = personUser.details.lastName,
-                  EmailAddress = personUser.details.emailAddress
+                  EmailAddress = personUser.details.emailAddress,
+                  Locked = personUser.locked,
+                  Disabled = personUser.disabled
                };
             }
          }
 
       }
 
+      public IEnumerable<PersonUser> GetPersonUsersInGroup(string searchString, DataTypes.Group group) {
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin FindPersonUsersAsync operation
+         var personUsers = authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.FindPersonUsersInGroupAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminPrincipalDiscoveryService",
+                     Value = "principalDiscoveryService"
+                  },
+                  new SsoPrincipalId {
+                     name = group.Name,
+                     domain = group.Domain
+                  },
+                  searchString,
+                  int.MaxValue)).Result.returnval;
+
+         if (personUsers != null) {
+            foreach (var personUser in personUsers) {
+               yield return new PersonUser(this) {
+                  Name = personUser.id.name,
+                  Domain = personUser.id.domain,
+                  Description = personUser.details.description,
+                  FirstName = personUser.details.firstName,
+                  LastName = personUser.details.lastName,
+                  EmailAddress = personUser.details.emailAddress,
+                  Locked = personUser.locked,
+                  Disabled = personUser.disabled
+               };
+            }
+         }
+      }
+
       public void DeleteLocalUser(
          PersonUser principal) {
 
@@ -747,6 +787,7 @@ namespace VMware.vSphere.SsoAdminClient
          string name,         
          string friendlyName,
          string primaryUrl,
+         string failoverUrl,
          string baseDNUsers,
          string baseDNGroups,         
          X509Certificate2[] ldapCertificates) {
@@ -757,6 +798,7 @@ namespace VMware.vSphere.SsoAdminClient
          var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
             friendlyName = friendlyName,
             primaryUrl = primaryUrl,
+            failoverUrl = failoverUrl,
             userBaseDn = baseDNUsers,
             groupBaseDn = baseDNGroups
          };
@@ -818,6 +860,7 @@ namespace VMware.vSphere.SsoAdminClient
                   extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username;
                   extIdentitySource.FriendlyName = externalDomain.details?.friendlyName;
                   extIdentitySource.PrimaryUrl = externalDomain.details?.primaryUrl;
+                  extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl;
                   extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn;
                   extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn;
                   yield return extIdentitySource;
@@ -825,6 +868,25 @@ namespace VMware.vSphere.SsoAdminClient
             }
          }
       }
+
+      public void DeleteDomain(string name) {
+
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         try {
+            authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.DeleteAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminIdentitySourceManagementService",
+                     Value = "identitySourceManagementService"
+                  },
+                  name)).Wait();
+         } catch (AggregateException e) {
+            throw e.InnerException;
+         }
+      }
       #endregion
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/build.ps1

@@ -145,9 +145,6 @@ function PrepareForRelease {
    $sourceDir = Split-Path $PSScriptRoot
    Get-ChildItem -Path $sourceDir  -Exclude src, README.md, $targetRootDirName | `
    Copy-Item -Recurse -Destination $releaseDir
-
-   $catalogFilePath = Join-path $releaseDir ((Get-Item $releaseDir).Name + ".cat")
-   New-FileCatalog -Path $releaseDir -CatalogFilePath $catalogFilePath | Out-Null
 }
 
 # 1. Test Build Tools

Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1

@@ -260,6 +260,24 @@ Describe "PersonUser Tests" {
          # Assert
          $actual | Should -Be $null
       }
+
+      It 'Gets person users members of Administrators group' {
+         # Arrange
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+
+         # Act
+         $actual = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
+
+         # Assert
+         $actual | Should -Not -Be $null
+         $actual.Count | Should -BeGreaterThan 0
+         $actual[0].Name | Should -Not -Be $null
+         $actual[0].Domain | Should -Be 'vsphere.local'
+      }
    }
 
    Context "Set-SsoPersonUser" {