Implement ResetPassword and Unlock for PersonUser accounts.

2020-09-29 17:16:47 +03:00
parent 5fb63bb345
commit b8030e4272
6 changed files with 160 additions and 2 deletions
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
@@ -439,6 +439,12 @@ function Set-PersonUser {
   .PARAMETER Remove
   Specifies user will be removed from the spcified group.

+   .PARAMETER Unlock
+   Specifies user will be unloacked.
+
+   .PARAMETER NewPassword
+   Specifies new password for the specified user.
+
   .PARAMETER Server
   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
@@ -451,7 +457,17 @@ function Set-PersonUser {
   .EXAMPLE
   Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection

-   Removec $myPersonUser from $myExampleGroup
+   Removes $myPersonUser from $myExampleGroup
+
+   .EXAMPLE
+   Set-PersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection
+
+   Unlocks $myPersonUser
+
+   .EXAMPLE
+   Set-PersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
+
+   Resets $myPersonUser password
 #>
 [CmdletBinding(ConfirmImpact='Medium')]
 param(
@@ -491,6 +507,21 @@ function Set-PersonUser {
   [switch]
   $Remove,

+   [Parameter(
+      ParameterSetName = 'ResetPassword',
+      Mandatory=$true,
+      HelpMessage='New password for the specified user.')]
+   [ValidateNotNull()]
+   [string]
+   $NewPassword,
+
+   [Parameter(
+      ParameterSetName = 'UnlockUser',
+      Mandatory=$true,
+      HelpMessage='Specifies to unlock user account.')]
+   [switch]
+   $Unlock,
+
   [Parameter(
      Mandatory=$false,
      ValueFromPipeline=$false,
@@ -525,6 +556,18 @@ function Set-PersonUser {
               Write-Output $User
            }
         }
+
+         if ($Unlock) {
+            $result = $connection.Client.UnlockPersonUser($User)
+            if ($result) {
+               Write-Output $User
+            }
+         }
+
+         if ($NewPassword) {
+            $connection.Client.ResetPersonUserPassword($User, $NewPassword)
+            Write-Output $User
+         }
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
@@ -115,6 +115,30 @@ namespace VMware.vSphere.SsoAdminClient.Tests
         Assert.IsTrue(addActual);
         Assert.IsTrue(removeActual);

+         // Cleanup
+         ssoAdminClient.DeleteLocalUser(
+            newUser);
+      }
+
+      [Test]
+      public void ResetUserPassword() {
+         // Arrange
+         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
+
+         var expectedUserName = "test-user6";
+         var expectedPassword = "te$tPa$sW0rd";
+         var updatePassword = "TE$tPa$sW0rd";
+         var newUser = ssoAdminClient.CreateLocalUser(
+            expectedUserName,
+            expectedPassword);
+
+         // Act
+         // Assert
+         Assert.DoesNotThrow(() => { 
+            ssoAdminClient.ResetPersonUserPassword(newUser, updatePassword); 
+         });         
+
+
         // Cleanup
         ssoAdminClient.DeleteLocalUser(
            newUser);
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
@@ -302,6 +302,42 @@ namespace VMware.vSphere.SsoAdminClient
                  },
                  group.Name)).Result;
      }
+
+      public void ResetPersonUserPassword(PersonUser user, string newPassword) {
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation
+         authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminPrincipalManagementService",
+                     Value = "principalManagementService"
+                  },
+                  user.Name,
+                  newPassword)).Wait();
+      }
+
+      public bool UnlockPersonUser(PersonUser user) {
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin UnlockUserAccountAsync operation
+         return authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.UnlockUserAccountAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminPrincipalManagementService",
+                     Value = "principalManagementService"
+                  },
+                  new SsoPrincipalId {
+                     name = user.Name,
+                     domain = user.Domain
+                  })).Result;
+      }
      #endregion
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1
@@ -262,7 +262,7 @@ Describe "PersonUser Tests" {
      }
   }

-   Context "Set-PersonUser Add/Remove Group" {
+   Context "Set-PersonUser" {
      It 'Adds person user to group' {
         # Arrange
         $userName = "TestAddGroupPersonUserName"
@@ -334,6 +334,61 @@ Describe "PersonUser Tests" {
         # Assert
         $actual | Should Not Be $null
      }
+
+      It 'Resets person user password' {
+         # Arrange
+         $userName = "TestResetPassPersonUserName"
+         $userPassword = '$tr0NG_TestPa$$w0rd'
+         $newPassword = 'Update_TestPa$$w0rd'
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+
+         $personUserToUpdate = New-PersonUser `
+            -UserName $userName `
+            -Password $userPassword `
+            -Server $connection
+
+         $script:usersToCleanup += $personUserToUpdate
+
+         # Act
+         $actual = Set-PersonUser `
+            -User $personUserToUpdate `
+            -NewPassword $newPassword `
+            -Server $connection
+
+         # Assert
+         $actual | Should Not Be $null
+      }
+
+      It 'Unlocks not locked person user' {
+         # Arrange
+         $userName = "TestResetPassPersonUserName"
+         $userPassword = '$tr0NG_TestPa$$w0rd'
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+
+         $personUserToUpdate = New-PersonUser `
+            -UserName $userName `
+            -Password $userPassword `
+            -Server $connection
+
+         $script:usersToCleanup += $personUserToUpdate
+
+         # Act
+         $actual = Set-PersonUser `
+            -User $personUserToUpdate `
+            -Unlock `
+            -Server $connection
+
+         # Assert
+         $actual | Should Be $null
+      }
   }

   Context "Remove-PersonUser" {