Implement Get/Set-PasswordPolicy cmdlets

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1

@@ -34,7 +34,7 @@ RequiredModules = @(
 )
 
 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy')
 
 # Cmdlets to export from this module
 CmdletsToExport = @()

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1

@@ -418,21 +418,12 @@ function Set-PersonUser {
    .DESCRIPTION
    Updates person user account.
 
-   Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
-   If you specify PersonUser and on the server there is user with same Id it will be deleted.
-
    .PARAMETER User
    Specifies the PersonUser instance to update.
 
-   Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
-   If you specify PersonUser and on the server there is user with same Id it will be deleted.
-
    .PARAMETER Group
    Specifies the Group you want to add or remove PwersonUser from.
 
-   Nota Bene! Have in mind Group objects don't carry information about the connection.
-   If you specify Group and on the server there is user with same Id it will be deleted.
-
    .PARAMETER Add
    Specifies user will be added to the spcified group.
 
@@ -445,10 +436,6 @@ function Set-PersonUser {
    .PARAMETER NewPassword
    Specifies new password for the specified user.
 
-   .PARAMETER Server
-   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
-   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
-
    .EXAMPLE
    Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
 
@@ -520,53 +507,40 @@ function Set-PersonUser {
       Mandatory=$true,
       HelpMessage='Specifies to unlock user account.')]
    [switch]
-   $Unlock,
+   $Unlock)
-
-   [Parameter(
-      Mandatory=$false,
-      ValueFromPipeline=$false,
-      ValueFromPipelineByPropertyName=$false,
-      HelpMessage='Connected SsoAdminServer object')]
-   [ValidateNotNull()]
-   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
-   $Server)
 
    Process {
-      $serversToProcess = $global:DefaultSsoAdminServers
+      foreach ($u in $User) {
-      if ($Server -ne $null) {
+         $ssoAdminClient = $u.GetClient()
-         $serversToProcess = $Server
+         if ((-not $ssoAdminClient)) {
-      }
+            Write-Error "Object '$u' is from disconnected server"
-
-      foreach ($connection in $serversToProcess) {
-         if (-not $connection.IsConnected) {
-            Write-Error "Server $connection is disconnected"
             continue
          }
 
          if ($Add) {
-            $result = $connection.Client.AddPersonUserToGroup($User, $Group)
+            $result = $ssoAdminClient.AddPersonUserToGroup($u, $Group)
             if ($result) {
-               Write-Output $User
+               Write-Output $u
             }
          }
 
          if ($Remove) {
-            $result = $connection.Client.RemovePersonUserFromGroup($User, $Group)
+            $result = $ssoAdminClient.RemovePersonUserFromGroup($u, $Group)
             if ($result) {
-               Write-Output $User
+               Write-Output $u
             }
          }
 
          if ($Unlock) {
-            $result = $connection.Client.UnlockPersonUser($User)
+            $result = $ssoAdminClient.UnlockPersonUser($u)
             if ($result) {
-               Write-Output $User
+               Write-Output $u
             }
          }
 
          if ($NewPassword) {
-            $connection.Client.ResetPersonUserPassword($User, $NewPassword)
+            $ssoAdminClient.ResetPersonUserPassword($u, $NewPassword)
-            Write-Output $User
+            Write-Output $u
          }
       }
    }
@@ -584,23 +558,13 @@ function Remove-PersonUser {
    .DESCRIPTION
    This function removes existing person user account.
 
-   Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
-   If you specify PersonUser and on the server there is user with same Id it will be deleted.
-
    .PARAMETER User
    Specifies the PersonUser instance to remove.
 
-   Nota Bene! Have in mind PersonUser objects don't carry information about the connection.
-   If you specify PersonUser and on the server there is user with same Id it will be deleted.
-
-   .PARAMETER Server
-   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
-   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
-
    .EXAMPLE
    $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
    $myNewPersonUser = New-PersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
-   Remove-PersonUser -User $myNewPersonUser -Server $ssoAdminConnection
+   Remove-PersonUser -User $myNewPersonUser
 
    Remove person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd'
 
@@ -617,30 +581,17 @@ function Remove-PersonUser {
       ValueFromPipelineByPropertyName=$false,
       HelpMessage='Person User instance you want to remove from specified servers')]
    [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
-   $User,
+   $User)
-
-   [Parameter(
-      Mandatory=$false,
-      ValueFromPipeline=$false,
-      ValueFromPipelineByPropertyName=$false,
-      HelpMessage='Connected SsoAdminServer object')]
-   [ValidateNotNull()]
-   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
-   $Server)
 
    Process {
-      $serversToProcess = $global:DefaultSsoAdminServers
+      foreach ($u in $User) {
-      if ($Server -ne $null) {
+         $ssoAdminClient = $u.GetClient()
-         $serversToProcess = $Server
+         if ((-not $ssoAdminClient)) {
-      }
+            Write-Error "Object '$u' is from disconnected server"
-
-      foreach ($connection in $serversToProcess) {
-         if (-not $connection.IsConnected) {
-            Write-Error "Server $connection is disconnected"
             continue
          }
 
-         $connection.Client.DeleteLocalUser($User)
+         $ssoAdminClient.DeleteLocalUser($u)
       }
    }
 }
@@ -739,4 +690,254 @@ function Get-Group {
       }
    }
 }
+#endregion
+
+#region PasswordPolicy cmdlets
+function Get-PasswordPolicy {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	9/30/2020
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function gets password policy.
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+   .EXAMPLE
+   Get-PasswordPolicy
+
+   Gets password policy for the server connections available in $global:defaultSsoAdminServers
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+   Process {
+      $serversToProcess = $global:DefaultSsoAdminServers
+      if ($Server -ne $null) {
+         $serversToProcess = $Server
+      }
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.GetPasswordPolicy();
+      }
+   }
+}
+
+function Set-PasswordPolicy {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	9/30/2020
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function updates password policy settings.
+
+   .PARAMETER PasswordPolicy
+   Specifies the PasswordPolicy instance which will be used as original policy. If some properties are not specified they will be updated with the properties from this object.
+
+   .PARAMETER Description
+
+   .PARAMETER ProhibitedPreviousPasswordsCount
+
+   .PARAMETER MinLength
+
+   .PARAMETER MaxLength
+
+   .PARAMETER MaxIdenticalAdjacentCharacters
+
+   .PARAMETER MinNumericCount
+
+   .PARAMETER MinSpecialCharCount
+
+   .PARAMETER MinAlphabeticCount
+
+   .PARAMETER MinUppercaseCount
+
+   .PARAMETER MinLowercaseCount
+
+   .PARAMETER PasswordLifetimeDays
+
+   .EXAMPLE
+   Get-PasswordPolicy | Set-PasswordPolicy -MinLength 10 -PasswordLifetimeDays 45
+
+   Updates password policy setting minimum password length to 10 symbols and password lifetime to 45 days
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$true,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='PasswordPolicy instance you want to update')]
+   [VMware.vSphere.SsoAdminClient.DataTypes.PasswordPolicy]
+   $PasswordPolicy,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='PasswordPolicy description')]
+   [string]
+   $Description,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $ProhibitedPreviousPasswordsCount,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MinLength,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MaxLength,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MaxIdenticalAdjacentCharacters,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MinNumericCount,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MinSpecialCharCount,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MinAlphabeticCount,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MinUppercaseCount,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $MinLowercaseCount,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [Nullable[System.Int32]]
+   $PasswordLifetimeDays)
+
+   Process {
+
+      foreach ($pp in $PasswordPolicy) {
+
+         $ssoAdminClient = $pp.GetClient()
+         if ((-not $ssoAdminClient)) {
+            Write-Error "Object '$pp' is from disconnected server"
+            continue
+         }
+
+         if ([string]::IsNullOrEmpty($Description)) {
+            $Description = $pp.Description
+         }
+
+         if ($ProhibitedPreviousPasswordsCount -eq $null) {
+            $ProhibitedPreviousPasswordsCount = $pp.ProhibitedPreviousPasswordsCount
+         }
+
+         if ($MinLength -eq $null) {
+            $MinLength = $pp.MinLength
+         }
+
+         if ($MaxLength -eq $null) {
+            $MaxLength = $pp.MaxLength
+         }
+
+         if ($MaxIdenticalAdjacentCharacters -eq $null) {
+            $MaxIdenticalAdjacentCharacters = $pp.MaxIdenticalAdjacentCharacters
+         }
+
+         if ($MinNumericCount -eq $null) {
+            $MinNumericCount = $pp.MinNumericCount
+         }
+
+         if ($MinSpecialCharCount -eq $null) {
+            $MinSpecialCharCount = $pp.MinSpecialCharCount
+         }
+
+         if ($MinAlphabeticCount -eq $null) {
+            $MinAlphabeticCount = $pp.MinAlphabeticCount
+         }
+
+         if ($MinUppercaseCount -eq $null) {
+            $MinUppercaseCount = $pp.MinUppercaseCount
+         }
+
+         if ($MinLowercaseCount -eq $null) {
+            $MinLowercaseCount = $pp.MinLowercaseCount
+         }
+
+         if ($PasswordLifetimeDays -eq $null) {
+            $PasswordLifetimeDays = $pp.PasswordLifetimeDays
+         }
+
+         $ssoAdminClient.SetPasswordPolicy(
+           $Description,
+           $ProhibitedPreviousPasswordsCount,
+           $MinLength,
+           $MaxLength,
+           $MaxIdenticalAdjacentCharacters,
+           $MinNumericCount,
+           $MinSpecialCharCount,
+           $MinAlphabeticCount,
+           $MinUppercaseCount,
+           $MinLowercaseCount,
+           $PasswordLifetimeDays);
+      }
+   }
+}
 #endregion

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs

@@ -143,5 +143,78 @@ namespace VMware.vSphere.SsoAdminClient.Tests
          ssoAdminClient.DeleteLocalUser(
             newUser);
       }
+
+      [Test]
+      public void GetPasswordPolicy() {
+         // Arrange
+         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
+
+         // Act
+         var actual = ssoAdminClient.GetPasswordPolicy();
+
+         // Assert
+         Assert.NotNull(actual);
+      }
+
+      [Test]
+      public void SetPasswordPolicy() {
+         // Arrange
+         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
+
+         var originalPasswordPolicy = ssoAdminClient.GetPasswordPolicy();
+
+         var expectedDescription = "TestDescription";
+         var expectedProhibitedPreviousPasswordsCount = originalPasswordPolicy.ProhibitedPreviousPasswordsCount + 1;
+         var expectedMinLength = originalPasswordPolicy.MinLength + 1;
+         var expectedMaxLength = originalPasswordPolicy.MaxLength + 1;
+         var exptectedMaxIdenticalAdjacentCharacters = originalPasswordPolicy.MaxIdenticalAdjacentCharacters + 1;
+         var expectedMinNumericCount = originalPasswordPolicy.MinNumericCount + 1;
+         var expectedMinSpecialCharCount = originalPasswordPolicy.MinSpecialCharCount + 1;
+         var expectedMinAlphabeticCount = originalPasswordPolicy.MinAlphabeticCount + 2;
+         var expectedMinUppercaseCount = 0;
+         var expectedMinLowercaseCount = originalPasswordPolicy.MinLowercaseCount + 2;
+         var expectedPasswordLifetimeDays = originalPasswordPolicy.PasswordLifetimeDays - 2;
+
+         // Act
+         var actual = ssoAdminClient.SetPasswordPolicy(
+            description: expectedDescription,
+            prohibitedPreviousPasswordsCount: expectedProhibitedPreviousPasswordsCount,
+            minLength: expectedMinLength,
+            maxLength: expectedMaxLength,
+            maxIdenticalAdjacentCharacters: exptectedMaxIdenticalAdjacentCharacters,
+            minNumericCount: expectedMinNumericCount,
+            minSpecialCharCount: expectedMinSpecialCharCount,
+            minAlphabeticCount: expectedMinAlphabeticCount,
+            minUppercaseCount: expectedMinUppercaseCount,
+            minLowercaseCount: expectedMinLowercaseCount,
+            passwordLifetimeDays: expectedPasswordLifetimeDays);
+
+         // Assert
+         Assert.NotNull(actual);
+         Assert.AreEqual(expectedDescription, actual.Description);
+         Assert.AreEqual(expectedProhibitedPreviousPasswordsCount, actual.ProhibitedPreviousPasswordsCount);
+         Assert.AreEqual(expectedMinLength, actual.MinLength);
+         Assert.AreEqual(expectedMaxLength, actual.MaxLength);
+         Assert.AreEqual(exptectedMaxIdenticalAdjacentCharacters, actual.MaxIdenticalAdjacentCharacters);
+         Assert.AreEqual(expectedMinNumericCount, actual.MinNumericCount);
+         Assert.AreEqual(expectedMinAlphabeticCount, actual.MinAlphabeticCount);
+         Assert.AreEqual(expectedMinUppercaseCount, actual.MinUppercaseCount);
+         Assert.AreEqual(expectedMinLowercaseCount, actual.MinLowercaseCount);
+         Assert.AreEqual(expectedPasswordLifetimeDays, actual.PasswordLifetimeDays);
+
+         // Cleanup
+         ssoAdminClient.SetPasswordPolicy(
+            description: originalPasswordPolicy.Description,
+            prohibitedPreviousPasswordsCount: originalPasswordPolicy.ProhibitedPreviousPasswordsCount,
+            minLength: originalPasswordPolicy.MinLength,
+            maxLength: originalPasswordPolicy.MaxLength,
+            maxIdenticalAdjacentCharacters: originalPasswordPolicy.MaxIdenticalAdjacentCharacters,
+            minNumericCount: originalPasswordPolicy.MinNumericCount,
+            minSpecialCharCount: originalPasswordPolicy.MinSpecialCharCount,
+            minAlphabeticCount: originalPasswordPolicy.MinAlphabeticCount,
+            minUppercaseCount: originalPasswordPolicy.MinUppercaseCount,
+            minLowercaseCount: originalPasswordPolicy.MinLowercaseCount,
+            passwordLifetimeDays: originalPasswordPolicy.PasswordLifetimeDays);
+      }
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PasswordPolicy.cs

@@ -0,0 +1,36 @@
+// **************************************************************************
+//  Copyright (c) VMware, Inc.  All rights reserved. -- VMware Confidential.
+// **************************************************************************
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace VMware.vSphere.SsoAdminClient.DataTypes
+{
+   public class PasswordPolicy
+   {
+      SsoAdminClient _client;
+      public PasswordPolicy(SsoAdminClient client) {
+         _client = client;
+      }
+
+      public string Description { get; set; }
+      public int ProhibitedPreviousPasswordsCount { get; set; }
+      public int MinLength { get; set; }
+      public int MaxLength { get; set; }
+      public int MinNumericCount { get; set; }
+      public int MinSpecialCharCount { get; set; }
+      public int MaxIdenticalAdjacentCharacters { get; set; }
+      public int MinAlphabeticCount { get; set; }
+      public int MinUppercaseCount { get; set; }
+      public int MinLowercaseCount { get; set; }
+      public int PasswordLifetimeDays { get; set; }
+
+      public SsoAdminClient GetClient() {
+         return _client;
+      }
+   }
+}

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs

@@ -11,6 +11,11 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
    public class PersonUser
    {
+      SsoAdminClient _client;
+      public PersonUser(SsoAdminClient client) {
+         _client = client;
+      }
+
       public string Name { get; set; }
       public string Domain { get; set; }
       public string Description { get; set; }
@@ -18,6 +23,10 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
       public string LastName { get; set; }
       public string EmailAddress { get; set; }
 
+      public SsoAdminClient GetClient() {
+         return _client;
+      }
+
       public override string ToString() {
          return $"{Name}@{Domain}";
       }

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/UserPassSecurityContext.cs

@@ -42,7 +42,7 @@ namespace VMware.vSphere.SsoAdminClient
 
       private void RenewIfNeeded() {
          if (_validToken == null ||
-             _validToken.Expires < (DateTime.Now - new TimeSpan(0, 0, 30))) {
+             _validToken.Expires < (DateTime.Now + new TimeSpan(0, 0, 30))) {
             _validToken = _stsClient.IssueBearerTokenByUserCredential(
               _user,
               _password);

Modules/VMware.vSphere.SsoAdmin/src/test/PasswordPolicy.Tests.ps1

@@ -0,0 +1,109 @@
+#**************************************************************************
+# Copyright (c) VMware, Inc. All rights reserved.
+#**************************************************************************
+
+param(
+    [Parameter(Mandatory = $true)]
+    [string]
+    $VcAddress,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $User,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $Password
+)
+
+# Import Vmware.vSphere.SsoAdmin Module
+$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1"
+Import-Module $modulePath
+
+Describe "PasswordPolicy Tests" {
+   BeforeEach {
+      Connect-SsoAdminServer `
+         -Server $VcAddress `
+         -User $User `
+         -Password $Password `
+         -SkipCertificateCheck
+   }
+
+   AfterEach {
+      $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray()
+      foreach ($connection in $connectionsToCleanup) {
+         Disconnect-SsoAdminServer -Server $connection
+      }
+   }
+
+   Context "Get-PasswordPolicy" {
+      It 'Gets password policy' {
+         # Act
+         $actual = Get-PasswordPolicy
+
+         # Assert
+         $actual | Should Not Be $null
+      }
+   }
+
+   Context "Set-PasswordPolicy" {
+      It 'Updates password policy MaxLength and PasswordLifetimeDays' {
+         # Arrange
+         $passwordPolicyToUpdate = Get-PasswordPolicy
+         $expectedMaxLength = 17
+         $expectedPasswordLifetimeDays = 77
+
+         # Act
+         $actual = Set-PasswordPolicy `
+            -PasswordPolicy $passwordPolicyToUpdate `
+            -MaxLength $expectedMaxLength `
+            -PasswordLifetimeDays $expectedPasswordLifetimeDays
+
+         # Assert
+         $actual | Should Not Be $null
+         $actual.MaxLength | Should Be $expectedMaxLength
+         $actual.PasswordLifetimeDays | Should Be $expectedPasswordLifetimeDays
+         $actual.Description | Should Be $passwordPolicyToUpdate.Description
+         $actual.ProhibitedPreviousPasswordsCount | Should Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount
+         $actual.MinLength | Should Be $passwordPolicyToUpdate.MinLength
+         $actual.MaxIdenticalAdjacentCharacters | Should Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters
+         $actual.MinNumericCount | Should Be $passwordPolicyToUpdate.MinNumericCount
+         $actual.MinSpecialCharCount | Should Be $passwordPolicyToUpdate.MinSpecialCharCount
+         $actual.MinAlphabeticCount | Should Be $passwordPolicyToUpdate.MinAlphabeticCount
+         $actual.MinUppercaseCount | Should Be $passwordPolicyToUpdate.MinUppercaseCount
+         $actual.MinLowercaseCount | Should Be $passwordPolicyToUpdate.MinLowercaseCount
+
+         # Cleanup
+         $passwordPolicyToUpdate | Set-PasswordPolicy
+      }
+
+      It 'Updates password policy Description and MinUppercaseCount' {
+         # Arrange
+         $passwordPolicyToUpdate = Get-PasswordPolicy
+         $expectedMinUppercaseCount = 0
+         $expectedDescription = "Test Description"
+
+         # Act
+         $actual = $passwordPolicyToUpdate | Set-PasswordPolicy `
+            -Description $expectedDescription `
+            -MinUppercaseCount $expectedMinUppercaseCount
+
+         # Assert
+         $actual | Should Not Be $null
+         $actual.Description | Should Be $expectedDescription
+         $actual.MinUppercaseCount | Should Be $expectedMinUppercaseCount
+         $actual.MaxLength | Should Be $passwordPolicyToUpdate.MaxLength
+         $actual.PasswordLifetimeDays | Should Be $passwordPolicyToUpdate.PasswordLifetimeDays
+         $actual.ProhibitedPreviousPasswordsCount | Should Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount
+         $actual.MinLength | Should Be $passwordPolicyToUpdate.MinLength
+         $actual.MaxIdenticalAdjacentCharacters | Should Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters
+         $actual.MinNumericCount | Should Be $passwordPolicyToUpdate.MinNumericCount
+         $actual.MinSpecialCharCount | Should Be $passwordPolicyToUpdate.MinSpecialCharCount
+         $actual.MinAlphabeticCount | Should Be $passwordPolicyToUpdate.MinAlphabeticCount
+         $actual.MinLowercaseCount | Should Be $passwordPolicyToUpdate.MinLowercaseCount
+
+         # Cleanup
+         $passwordPolicyToUpdate | Set-PasswordPolicy
+      }
+   }
+}

Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1

@@ -289,8 +289,7 @@ Describe "PersonUser Tests" {
          $actual = Set-PersonUser `
             -User $personUserToUpdate `
             -Group $groupUserToBeAddedTo `
-            -Add `
+            -Add
-            -Server $connection
 
          # Assert
          $actual | Should Not Be $null
@@ -321,15 +320,13 @@ Describe "PersonUser Tests" {
          Set-PersonUser `
             -User $personUserToUpdate `
             -Group $groupToBeUsed `
-            -Add `
+            -Add
-            -Server $connection | Out-Null
 
          # Act
          $actual = Set-PersonUser `
             -User $personUserToUpdate `
             -Group $groupToBeUsed `
-            -Remove `
+            -Remove
-            -Server $connection
 
          # Assert
          $actual | Should Not Be $null
@@ -356,8 +353,7 @@ Describe "PersonUser Tests" {
          # Act
          $actual = Set-PersonUser `
             -User $personUserToUpdate `
-            -NewPassword $newPassword `
+            -NewPassword $newPassword
-            -Server $connection
 
          # Assert
          $actual | Should Not Be $null
@@ -383,8 +379,7 @@ Describe "PersonUser Tests" {
          # Act
          $actual = Set-PersonUser `
             -User $personUserToUpdate `
-            -Unlock `
+            -Unlock
-            -Server $connection
 
          # Assert
          $actual | Should Be $null
@@ -409,7 +404,7 @@ Describe "PersonUser Tests" {
             -Server $connection
 
          # Act
-         Remove-PersonUser -User $personUserToRemove -Server $connection
+         Remove-PersonUser -User $personUserToRemove
 
          # Assert
          $personUserToRemove | Should Not Be $null