diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index 49bb6b2..d37b9fe 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -34,7 +34,7 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Remove-PersonUser') +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Remove-PersonUser', 'Get-Group') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index b0abcfb..fa317fe 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -478,4 +478,99 @@ function Remove-PersonUser { } } } +#endregion + +#region Group cmdlets +function Get-Group { +<# + .NOTES + =========================================================================== + Created on: 9/29/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function gets domain groups. + + .PARAMETER Name + Specifies Name to filter on when searching for groups. + + .PARAMETER Domain + Specifies the Domain in which search will be applied, default is 'localos'. + + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + .EXAMPLE + Get-Group -Name administrators -Domain vsphere.local + + Gets 'adminsitrators' group in 'vsphere.local' domain +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Name filter to be applied when searching for group')] + [string] + $Name, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Domain name to search in, default is "localos"')] + [string] + $Domain = 'localos', + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + + Process { + $serversToProcess = $global:DefaultSsoAdminServers + if ($Server -ne $null) { + $serversToProcess = $Server + } + + if ($Name -eq $null) { + $Name = [string]::Empty + } + + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + foreach ($group in $connection.Client.GetGroups( + (RemoveWildcardSymbols $Name), + $Domain)) { + + + if ([string]::IsNullOrEmpty($Name) ) { + Write-Output $group + } else { + # Apply Name filtering + if ((HasWildcardSymbols $Name) -and ` + $group.Name -like $Name) { + Write-Output $group + } elseif ($group.Name -eq $Name) { + # Exactly equal + Write-Output $group + } + } + } + } + } +} #endregion \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index a6fd312..43815c1 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll index 67c2349..5ff53b1 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs index 127587c..ab613b7 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs @@ -79,5 +79,19 @@ namespace VMware.vSphere.SsoAdminClient.Tests Assert.AreEqual("root", actual[0].Name); Assert.AreEqual("localos", actual[0].Domain); } + + [Test] + public void GetRootLocalOsGroups() { + // Arrange + var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); + + // Act + var actual = ssoAdminClient.GetGroups("", "localos").ToArray(); + + // Assert + Assert.NotNull(actual); + Assert.Greater(actual.Length, 1); + Assert.AreEqual("localos", actual[0].Domain); + } } } \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs new file mode 100644 index 0000000..cb561c0 --- /dev/null +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs @@ -0,0 +1,21 @@ +// ************************************************************************** +// Copyright (c) VMware, Inc. All rights reserved. -- VMware Confidential. +// ************************************************************************** +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +namespace VMware.vSphere.SsoAdminClient.DataTypes +{ + public class Group + { + public string Name { get; set; } + public string Domain { get; set; } + + public override string ToString() { + return $"{Name}@{Domain}"; + } + } +} diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index 185d2f0..58b0772 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -234,6 +234,34 @@ namespace VMware.vSphere.SsoAdminClient principal.Name)); } + public IEnumerable GetGroups(string searchString, string domain) { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin FindGroupsAsync operation + var ssoAdminGroups = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindGroupsAsync( + new ManagedObjectReference { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoAdminPrincipalDiscoveryServiceSearchCriteria { + searchString = searchString, + domain = domain + }, + int.MaxValue)).Result.returnval; + + if (ssoAdminGroups != null) { + foreach (var group in ssoAdminGroups) { + yield return new DataTypes.Group { + Name = group.id.name, + Domain = group.id.domain + }; + } + } + } #endregion } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 index 572c752..cdce1ba 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 @@ -114,12 +114,12 @@ function Test { if (-not [string]::IsNullOrEmpty($TestVc) -and ` -not [string]::IsNullOrEmpty($TestVcUser) -and ` -not [string]::IsNullOrEmpty($TestVcPassword)) { - + # Run Tests in external process because it will load build output binaries LogInfo "Run VC integration tests" $usePowerShell = (Get-Process -Id $pid).ProcessName $testLauncherScript = Join-Path (Join-Path $PSScriptRoot 'test') 'RunTests.ps1' - $arguments = "-Command $testLauncherScript -VcAddress $TestVc -VcUser $TestVcUser -VcUserPassword $TestVcPassword" + $arguments = "-Command $testLauncherScript -VcAddress $TestVc -User $TestVcUser -Password $TestVcPassword" Start-Process ` -FilePath $usePowerShell ` diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 index 8be69b8..ce643a2 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 @@ -9,11 +9,11 @@ param( [Parameter(Mandatory = $true)] [string] - $VcUser, + $User, [Parameter(Mandatory = $true)] [string] - $VcUserPassword + $Password ) # Import Vmware.vSphere.SsoAdmin Module @@ -27,14 +27,14 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" { Disconnect-SsoAdminServer -Server $connection } } - + Context "Connect-SsoAdminServer" { It 'Connect-SsoAdminServer returns SsoAdminServer object and updates DefaultSsoAdminServers variable' { # Act $actual = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck # Assert @@ -50,8 +50,8 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" { # Assert { Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password ($VcUserPassword + "invalid") ` + -User $User ` + -Password ($Password + "invalid") ` -SkipCertificateCheck } | ` Should Throw "Invalid credentials" } @@ -61,43 +61,43 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" { # Assert { Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword} | ` + -User $User ` + -Password $Password} | ` Should Throw "The SSL connection could not be established, see inner exception." } } - + Context "Disconnect-SsoAdminServer" { It 'Diconnect-SsoAdminServer removes server from DefaultSsoAdminServers and makes the object not connected' { # Arrange $expected = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck - + # Act $expected | Disconnect-SsoAdminServer - + # Assert $global:DefaultSsoAdminServers | Should Not Contain $expected $expected.IsConnected | Should Be $false } - + It 'Disconnects disconnected object' { # Arrange $expected = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck - + $expected | Disconnect-SsoAdminServer - + # Act { Disconnect-SsoAdminServer -Server $expected } | ` Should Not Throw - + # Assert $global:DefaultSsoAdminServers | Should Not Contain $expected $expected.IsConnected | Should Be $false diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 new file mode 100644 index 0000000..2da9d37 --- /dev/null +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1 @@ -0,0 +1,76 @@ +#************************************************************************** +# Copyright (c) VMware, Inc. All rights reserved. +#************************************************************************** + +param( + [Parameter(Mandatory = $true)] + [string] + $VcAddress, + + [Parameter(Mandatory = $true)] + [string] + $User, + + [Parameter(Mandatory = $true)] + [string] + $Password +) + +# Import Vmware.vSphere.SsoAdmin Module +$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1" +Import-Module $modulePath + +Describe "Get-Group Tests" { + BeforeEach { + Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + } + + AfterEach { + $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() + foreach ($connection in $connectionsToCleanup) { + Disconnect-SsoAdminServer -Server $connection + } + } + + Context "Get-Group" { + It 'Gets groups without filters' { + # Act + $actual = Get-Group + + # Assert + $actual | Should Not Be $null + $actual.Count | Should BeGreaterThan 0 + $actual[0].Name | Should Not Be $null + $actual[0].Domain | Should Be 'localos' + } + + It 'Gets groups for default domain' { + # Arrange + $newUserName = "NewUser1" + $password = '$tr0NG_TestPa$$w0rd' + + ## Create Person User to determine default domain name + ## Person Users are created in the default domain + $newPersonUser = New-PersonUser ` + -UserName $newUserName ` + -Password $password + + # Act + $actual = Get-Group ` + -Domain $newPersonUser.Domain + + # Assert + $actual | Should Not Be $null + $actual.Count | Should BeGreaterThan 0 + $actual[0].Name | Should Not Be $null + $actual[0].Domain | Should Be $newPersonUser.Domain + + # Cleanup + Remove-PersonUser -User $newPersonUser + } + } +} \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/LsClient.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/LsClient.Tests.ps1 index de1cdf6..8ed5956 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/LsClient.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/LsClient.Tests.ps1 @@ -9,11 +9,11 @@ param( [Parameter(Mandatory = $true)] [string] - $VcUser, + $User, [Parameter(Mandatory = $true)] [string] - $VcUserPassword + $Password ) # Import Vmware.vSphere.SsoAdmin Module @@ -28,13 +28,13 @@ Describe "Lookup Service Client Integration Tests" { ## Create LsClient $skipCertificateCheckValidator = New-Object ` 'VMware.vSphere.SsoAdmin.Utils.AcceptAllX509CertificateValidator' - + $script:lsClient = New-Object ` 'VMware.vSphere.LsClient.LookupServiceClient' ` -ArgumentList @($VCAddress, $skipCertificateCheckValidator) - + } - + It 'Gets SsoAdmin API Url' { # Act $actual = $script:lsClient.GetSsoAdminEndpointUri() @@ -43,7 +43,7 @@ Describe "Lookup Service Client Integration Tests" { $actual | Should Not Be $null $actual.ToString().StartsWith("https://$VCAddress/sso-adminserver/sdk/") | Should Be $true } - + It 'Gets STS API Url' { # Act $actual = $script:lsClient.GetStsEndpointUri() diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 index 36f5f5e..7a1c445 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 @@ -9,24 +9,24 @@ param( [Parameter(Mandatory = $true)] [string] - $VcUser, + $User, [Parameter(Mandatory = $true)] [string] - $VcUserPassword + $Password ) # Import Vmware.vSphere.SsoAdmin Module $modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1" Import-Module $modulePath -Describe "New-PersonUser, Remove-PersonUser Tests" { +Describe "PersonUser Tests" { BeforeEach { $script:usersToCleanup = @() } AfterEach { - foreach ($user in $script:usersToCleanup) { - Remove-PersonUser -User $user + foreach ($personUser in $script:usersToCleanup) { + Remove-PersonUser -User $personUser } $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() @@ -46,8 +46,8 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { $expectedLastName = "User" $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck # Act @@ -79,8 +79,8 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { $expectedPassword = '$tr0NG_TestPa$$w0rd' $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck # Act @@ -101,9 +101,6 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { $actual.LastName | Should Be $null $actual.EmailAddress | Should Be $null } - - It 'Try create person against disconnected server' { - } } Context "Get-PersonUser" { @@ -111,8 +108,8 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { # Arrange $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck # Act @@ -129,8 +126,8 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { # Arrange $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck $expectedUserName = "TestPersonUser3" @@ -166,8 +163,8 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { # Arrange $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck $expectedUserName = "TestPersonUser3" @@ -203,8 +200,8 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { # Arrange $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck $expectedUserName = "TestPersonUser3" @@ -240,8 +237,8 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { # Arrange $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck $expectedUserName = "TestPersonUser3" @@ -269,17 +266,17 @@ Describe "New-PersonUser, Remove-PersonUser Tests" { It 'Removes person user' { # Arrange $userName = "TestPersonUser4" - $password = '$tr0NG_TestPa$$w0rd' + $userPassword = '$tr0NG_TestPa$$w0rd' $connection = Connect-SsoAdminServer ` -Server $VcAddress ` - -User $VcUser ` - -Password $VcUserPassword ` + -User $User ` + -Password $Password ` -SkipCertificateCheck $personUserToRemove = New-PersonUser ` -UserName $userName ` - -Password $password ` + -Password $userPassword ` -Server $connection # Act diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/RunTests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/RunTests.ps1 index e6ca288..ebbbdfd 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/RunTests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/RunTests.ps1 @@ -9,11 +9,11 @@ param( [Parameter(Mandatory = $true)] [string] - $VcUser, + $User, [Parameter(Mandatory = $true)] [string] - $VcUserPassword + $Password ) function Test-PesterIsAvailable() { @@ -32,7 +32,7 @@ Invoke-Pester ` Path = $PSScriptRoot Parameters = @{ VcAddress = $VcAddress - VcUser = $VcUser - VcUserPassword = $VcUserPassword + User = $User + Password = $Password } } \ No newline at end of file