Merge pull request #414 from dmilov/topic/dmilov/ssoadmin-externaldomain

New features and bug fixes
2021-02-11 11:44:14 +02:00
parent 29c2cc0221 f5a4dbf4cd
commit ec2ffb87ae
11 changed files with 364 additions and 249 deletions
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
@@ -11,7 +11,7 @@
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'

 # Version number of this module.
-ModuleVersion = '1.0.0'
+ModuleVersion = '1.1.0'

 # ID used to uniquely identify this module
 GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -34,7 +34,7 @@ RequiredModules = @(
 )

 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Add-ActiveDirectoryIdentitySource', 'Get-IdentitySource')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Add-ExternalDomainIdentitySource', 'Get-IdentitySource')

 # Cmdlets to export from this module
 CmdletsToExport = @()
@@ -43,5 +43,5 @@ CmdletsToExport = @()
 VariablesToExport = ''

 # Aliases to export from this module
-AliasesToExport = '*'
+AliasesToExport = @('Add-ActiveDirectoryIdentitySource')
 }
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
@@ -54,6 +54,22 @@ param(
   }
 }

+function FormatError {
+param(
+   [System.Exception]
+   $exception
+)
+   if ($exception -ne $null) {
+      if ($exception.InnerException -ne $null) {
+         $exception = $exception.InnerException
+      }
+
+      # result
+      $exception.Message
+   }
+
+}
+
 # Global variables
 $global:DefaultSsoAdminServers = New-Object System.Collections.Generic.List[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]

@@ -128,6 +144,8 @@ function Connect-SsoAdminServer {
         $certificateValidator = New-Object 'VMware.vSphere.SsoAdmin.Utils.AcceptAllX509CertificateValidator'
      }

+      $ssoAdminServer = $null
+      try {
         $ssoAdminServer = New-Object `
            'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
            -ArgumentList @(
@@ -135,10 +153,19 @@ function Connect-SsoAdminServer {
            $User,
            $Password,
            $certificateValidator)
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }

      if ($ssoAdminServer -ne $null) {
+         $existingConnectionIndex = $global:DefaultSsoAdminServers.IndexOf($ssoAdminServer)
+         if ($existingConnectionIndex -ge 0) {
+            $global:DefaultSsoAdminServers[$existingConnectionIndex].RefCount++
+            $ssoAdminServer = $global:DefaultSsoAdminServers[$existingConnectionIndex]
+         } else {
            # Update $global:DefaultSsoAdminServers varaible
            $global:DefaultSsoAdminServers.Add($ssoAdminServer) | Out-Null
+         }

         # Function Output
         Write-Output $ssoAdminServer
@@ -194,13 +221,13 @@ function Disconnect-SsoAdminServer {
      }

      foreach ($requestedServer in $Server) {
-         if ($global:DefaultSsoAdminServers.Contains($requestedServer)) {
-            $global:DefaultSsoAdminServers.Remove($requestedServer) | Out-Null
-         }
-
         if ($requestedServer.IsConnected) {
            $requestedServer.Disconnect()
         }
+
+         if ($global:DefaultSsoAdminServers.Contains($requestedServer) -and $requestedServer.RefCount -eq 0) {
+            $global:DefaultSsoAdminServers.Remove($requestedServer) | Out-Null
+         }
      }
   }
 }
@@ -324,6 +351,7 @@ function New-SsoPersonUser {
         }

         # Output is the result of 'CreateLocalUser'
+         try {
            $connection.Client.CreateLocalUser(
               $UserName,
               $Password,
@@ -332,6 +360,9 @@ function New-SsoPersonUser {
               $FirstName,
               $LastName
            )
+         } catch {
+            Write-Error (FormatError $_.Exception)
+         }
      }
   }
 }
@@ -401,6 +432,7 @@ function Get-SsoPersonUser {
         $Name = [string]::Empty
      }

+      try {
         foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
               Write-Error "Server $connection is disconnected"
@@ -426,6 +458,9 @@ function Get-SsoPersonUser {
               }
            }
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }

@@ -533,6 +568,7 @@ function Set-SsoPersonUser {
   $Unlock)

   Process {
+      try {
         foreach ($u in $User) {
            $ssoAdminClient = $u.GetClient()
            if ((-not $ssoAdminClient)) {
@@ -566,6 +602,9 @@ function Set-SsoPersonUser {
               Write-Output $u
            }
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }

@@ -602,6 +641,7 @@ function Remove-SsoPersonUser {
   $User)

   Process {
+      try {
         foreach ($u in $User) {
            $ssoAdminClient = $u.GetClient()
            if ((-not $ssoAdminClient)) {
@@ -611,6 +651,9 @@ function Remove-SsoPersonUser {

            $ssoAdminClient.DeleteLocalUser($u)
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }
 #endregion
@@ -681,6 +724,7 @@ function Get-SsoGroup {
         $Name = [string]::Empty
      }

+      try {
         foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
               Write-Error "Server $connection is disconnected"
@@ -706,6 +750,9 @@ function Get-SsoGroup {
               }
            }
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }
 #endregion
@@ -748,6 +795,7 @@ function Get-SsoPasswordPolicy {
      if ($Server -ne $null) {
         $serversToProcess = $Server
      }
+      try {
         foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
               Write-Error "Server $connection is disconnected"
@@ -756,6 +804,9 @@ function Get-SsoPasswordPolicy {

            $connection.Client.GetPasswordPolicy();
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }

@@ -891,6 +942,7 @@ function Set-SsoPasswordPolicy {

   Process {

+      try {
         foreach ($pp in $PasswordPolicy) {

            $ssoAdminClient = $pp.GetClient()
@@ -956,6 +1008,9 @@ function Set-SsoPasswordPolicy {
              $MinLowercaseCount,
              $PasswordLifetimeDays);
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }
 #endregion
@@ -998,6 +1053,8 @@ function Get-SsoLockoutPolicy {
      if ($Server -ne $null) {
         $serversToProcess = $Server
      }
+
+      try {
         foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
               Write-Error "Server $connection is disconnected"
@@ -1006,6 +1063,9 @@ function Get-SsoLockoutPolicy {

            $connection.Client.GetLockoutPolicy();
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }

@@ -1077,7 +1137,7 @@ function Set-SsoLockoutPolicy {
   $MaxFailedAttempts)

   Process {
-
+      try {
         foreach ($lp in $LockoutPolicy) {

            $ssoAdminClient = $lp.GetClient()
@@ -1108,6 +1168,9 @@ function Set-SsoLockoutPolicy {
              $FailedAttemptIntervalSec,
              $MaxFailedAttempts);
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }
 #endregion
@@ -1150,6 +1213,8 @@ function Get-SsoTokenLifetime {
      if ($Server -ne $null) {
         $serversToProcess = $Server
      }
+
+      try {
         foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
               Write-Error "Server $connection is disconnected"
@@ -1158,6 +1223,9 @@ function Get-SsoTokenLifetime {

            $connection.Client.GetTokenLifetime();
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }

@@ -1211,6 +1279,7 @@ function Set-SsoTokenLifetime {

   Process {

+      try {
         foreach ($tl in $TokenLifetime) {

            $ssoAdminClient = $tl.GetClient()
@@ -1224,22 +1293,25 @@ function Set-SsoTokenLifetime {
               $MaxBearerTokenLifetime
            );
         }
+      } catch {
+         Write-Error (FormatError $_.Exception)
+      }
   }
 }
 #endregion

 #region IdentitySource
-function Add-ActiveDirectoryIdentitySource {
+function Add-ExternalDomainIdentitySource {
 <#
   .NOTES
   ===========================================================================
-   Created on:   	9/30/2020
+   Created on:   	2/11/2021
   Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
   ===========================================================================
   .DESCRIPTION
-   This function adds Identity Source of ActiveDirectory type.
+   This function adds Identity Source of ActiveDirectory, OpenLDAP or NIS type.

   .PARAMETER Name
   Name of the identity source
@@ -1269,8 +1341,12 @@ function Add-ActiveDirectoryIdentitySource {
   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.

+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
   .EXAMPLE
-   Add-ActiveDirectoryIdentitySource `
+   Add-ExternalDomainIdentitySource `
      -Name 'sof-powercli' `
      -DomainName 'sof-powercli.vmware.com' `
      -DomainAlias 'sof-powercli' `
@@ -1280,9 +1356,22 @@ function Add-ActiveDirectoryIdentitySource {
      -Username 'sofPowercliAdmin' `
      -Password '$up3R$Tr0Pa$$w0rD'

-   Adds ActiveDirectory identity source
+    .EXAMPLE
+   Add-ExternalDomainIdentitySource `
+      -Name 'sof-powercli' `
+      -DomainName 'sof-powercli.vmware.com' `
+      -DomainAlias 'sof-powercli' `
+      -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
+      -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
+      -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
+      -Username 'sofPowercliAdmin' `
+      -Password '$up3R$Tr0Pa$$w0rD' `
+      -ServerType 'OpenLDAP'
+
+   Adds External Identity Source
 #>
 [CmdletBinding()]
+[Alias("Add-ActiveDirectoryIdentitySource")]
 param(
   [Parameter(
      Mandatory=$true,
@@ -1352,6 +1441,15 @@ function Add-ActiveDirectoryIdentitySource {
   [string]
   $Password,

+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='External domain server type')]
+   [ValidateSet('ActiveDirectory','OpenLdap','NIS')]
+   [string]
+   $DomainServerType = 'ActiveDirectory',
+
   [Parameter(
      Mandatory=$false,
      ValueFromPipeline=$false,
@@ -1365,6 +1463,8 @@ function Add-ActiveDirectoryIdentitySource {
   if ($Server -ne $null) {
      $serversToProcess = $Server
   }
+
+   try {
      foreach ($connection in $serversToProcess) {
         if (-not $connection.IsConnected) {
            Write-Error "Server $connection is disconnected"
@@ -1379,7 +1479,11 @@ function Add-ActiveDirectoryIdentitySource {
            $BaseDNUsers,
            $BaseDNGroups,
            $Username,
-         $Password);
+            $Password,
+            $DomainServerType);
+      }
+   } catch {
+      Write-Error (FormatError $_.Exception)
   }
 }

--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.LsClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.LsClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs
@@ -30,6 +30,7 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
            password,
            serverCertificateValidator);

+         RefCount = 1;
         Id = $"/SsoAdminServer={NormalizeUserName()}@{Name}";
      }

@@ -50,10 +51,13 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes
      public string Id { get; set; }
      public bool IsConnected => _client != null;
      public SsoAdminClient Client => _client;
+      public int RefCount { get; set; }

      public void Disconnect() {
+         if (--RefCount == 0) {
            _client = null;
         }            
+      }

      public override string ToString() {
         return Name;
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
@@ -627,9 +627,9 @@ namespace VMware.vSphere.SsoAdminClient
         string baseDNUsers,
         string baseDNGroups,
         string authenticationUserName,
-         string authenticationPassword) {
+         string authenticationPassword,
+         string serverType) {
         
-         string serverType = "ActiveDirectory";
         string authenticationType = "password";
         var authorizedInvocationContext =
            CreateAuthorizedInvocationContext();
--- a/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1
@@ -52,7 +52,8 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
            -Server $VcAddress `
            -User $User `
            -Password ($Password + "invalid") `
-            -SkipCertificateCheck } | `
+            -SkipCertificateCheck `
+            -ErrorAction Stop } | `
         Should Throw "Invalid credentials"
      }

@@ -62,7 +63,8 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
         { Connect-SsoAdminServer `
            -Server $VcAddress `
            -User $User `
-            -Password $Password} | `
+            -Password $Password `
+            -ErrorAction Stop } | `
         Should Throw "The SSL connection could not be established, see inner exception."
      }
   }
@@ -102,43 +104,48 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {

      It 'Diconnect-SsoAdminServer does not disconnect if connected to more than 1 SSO server' {
         # Arrange
-         $expected += @(Connect-SsoAdminServer `
+         $connection1 = Connect-SsoAdminServer `
               -Server $VcAddress `
               -User $User `
               -Password $Password `
-               -SkipCertificateCheck)
-         $expected += @(Connect-SsoAdminServer `
+               -SkipCertificateCheck
+         $connection2 = Connect-SsoAdminServer `
               -Server $VcAddress `
               -User $User `
               -Password $Password `
-               -SkipCertificateCheck)
+               -SkipCertificateCheck

         # Act

         # Assert
-         {Disconnect-SsoAdminServer} | should -Throw 'Connected to more than 1 SSO server, please specify a SSO server via -Server parameter'
-         (Compare-Object $global:DefaultSsoAdminServers $expected -IncludeEqual).Count | Should Be 2
-         $expected.IsConnected | Should -Contain $true
+         $connection2 | Should Be $connection1
+         $connection2.RefCount | Should Be 2
+
+         Disconnect-SsoAdminServer
+
+         $connection2.IsConnected | Should -Contain $true
+         $connection2.RefCount | Should Be 1
      }

      It 'Diconnect-SsoAdminServer does disconnect via pipeline if connected to more than 1 SSO server' {
         # Arrange
-         $expected += @(Connect-SsoAdminServer `
+         $connection1 = Connect-SsoAdminServer `
               -Server $VcAddress `
               -User $User `
               -Password $Password `
-               -SkipCertificateCheck)
-         $expected += @(Connect-SsoAdminServer `
+               -SkipCertificateCheck
+         $connection2 = Connect-SsoAdminServer `
               -Server $VcAddress `
               -User $User `
               -Password $Password `
-               -SkipCertificateCheck)
+               -SkipCertificateCheck

         # Act
-         $expected | Disconnect-SsoAdminServer
+         $connection1, $connection2 | Disconnect-SsoAdminServer
         # Assert
-         $global:DefaultSsoAdminServers.count | Should Be 0
-         $expected.IsConnected | Should -not -Contain $true
+         $global:DefaultSsoAdminServers.Count | Should Be 0
+         $connection1.IsConnected | Should Be $false
+         $connection2.IsConnected | Should Be $false
      }

      It 'Disconnects disconnected object' {