diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index 3cae7f6..6f6f86c 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -439,6 +439,12 @@ function Set-PersonUser { .PARAMETER Remove Specifies user will be removed from the spcified group. + .PARAMETER Unlock + Specifies user will be unloacked. + + .PARAMETER NewPassword + Specifies new password for the specified user. + .PARAMETER Server Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. @@ -451,7 +457,17 @@ function Set-PersonUser { .EXAMPLE Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection - Removec $myPersonUser from $myExampleGroup + Removes $myPersonUser from $myExampleGroup + + .EXAMPLE + Set-PersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection + + Unlocks $myPersonUser + + .EXAMPLE + Set-PersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection + + Resets $myPersonUser password #> [CmdletBinding(ConfirmImpact='Medium')] param( @@ -491,6 +507,21 @@ function Set-PersonUser { [switch] $Remove, + [Parameter( + ParameterSetName = 'ResetPassword', + Mandatory=$true, + HelpMessage='New password for the specified user.')] + [ValidateNotNull()] + [string] + $NewPassword, + + [Parameter( + ParameterSetName = 'UnlockUser', + Mandatory=$true, + HelpMessage='Specifies to unlock user account.')] + [switch] + $Unlock, + [Parameter( Mandatory=$false, ValueFromPipeline=$false, @@ -525,6 +556,18 @@ function Set-PersonUser { Write-Output $User } } + + if ($Unlock) { + $result = $connection.Client.UnlockPersonUser($User) + if ($result) { + Write-Output $User + } + } + + if ($NewPassword) { + $connection.Client.ResetPersonUserPassword($User, $NewPassword) + Write-Output $User + } } } } diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index f25b151..1e42dc5 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll index 20ea038..d0b8976 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs index f1b7ba5..6693c81 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs @@ -115,6 +115,30 @@ namespace VMware.vSphere.SsoAdminClient.Tests Assert.IsTrue(addActual); Assert.IsTrue(removeActual); + // Cleanup + ssoAdminClient.DeleteLocalUser( + newUser); + } + + [Test] + public void ResetUserPassword() { + // Arrange + var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); + + var expectedUserName = "test-user6"; + var expectedPassword = "te$tPa$sW0rd"; + var updatePassword = "TE$tPa$sW0rd"; + var newUser = ssoAdminClient.CreateLocalUser( + expectedUserName, + expectedPassword); + + // Act + // Assert + Assert.DoesNotThrow(() => { + ssoAdminClient.ResetPersonUserPassword(newUser, updatePassword); + }); + + // Cleanup ssoAdminClient.DeleteLocalUser( newUser); diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index a1ad646..8e66368 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -302,6 +302,42 @@ namespace VMware.vSphere.SsoAdminClient }, group.Name)).Result; } + + public void ResetPersonUserPassword(PersonUser user, string newPassword) { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync( + new ManagedObjectReference { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + user.Name, + newPassword)).Wait(); + } + + public bool UnlockPersonUser(PersonUser user) { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin UnlockUserAccountAsync operation + return authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.UnlockUserAccountAsync( + new ManagedObjectReference { + type = "SsoAdminPrincipalManagementService", + Value = "principalManagementService" + }, + new SsoPrincipalId { + name = user.Name, + domain = user.Domain + })).Result; + } #endregion } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 index 829e61e..b758979 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 @@ -262,7 +262,7 @@ Describe "PersonUser Tests" { } } - Context "Set-PersonUser Add/Remove Group" { + Context "Set-PersonUser" { It 'Adds person user to group' { # Arrange $userName = "TestAddGroupPersonUserName" @@ -334,6 +334,61 @@ Describe "PersonUser Tests" { # Assert $actual | Should Not Be $null } + + It 'Resets person user password' { + # Arrange + $userName = "TestResetPassPersonUserName" + $userPassword = '$tr0NG_TestPa$$w0rd' + $newPassword = 'Update_TestPa$$w0rd' + $connection = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + + $personUserToUpdate = New-PersonUser ` + -UserName $userName ` + -Password $userPassword ` + -Server $connection + + $script:usersToCleanup += $personUserToUpdate + + # Act + $actual = Set-PersonUser ` + -User $personUserToUpdate ` + -NewPassword $newPassword ` + -Server $connection + + # Assert + $actual | Should Not Be $null + } + + It 'Unlocks not locked person user' { + # Arrange + $userName = "TestResetPassPersonUserName" + $userPassword = '$tr0NG_TestPa$$w0rd' + $connection = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + + $personUserToUpdate = New-PersonUser ` + -UserName $userName ` + -Password $userPassword ` + -Server $connection + + $script:usersToCleanup += $personUserToUpdate + + # Act + $actual = Set-PersonUser ` + -User $personUserToUpdate ` + -Unlock ` + -Server $connection + + # Assert + $actual | Should Be $null + } } Context "Remove-PersonUser" {