diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index 7cb5c4c..cd05667 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -11,7 +11,7 @@ RootModule = 'VMware.vSphere.SsoAdmin.psm1' # Version number of this module. -ModuleVersion = '1.2.2' +ModuleVersion = '1.2.3' # ID used to uniquely identify this module GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b' @@ -34,7 +34,7 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword') +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index 6dad614..fe06936 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -394,6 +394,11 @@ function Get-SsoPersonUser { Get-SsoPersonUser -Name admin -Domain vsphere.local Gets person user accounts which contain name 'admin' in 'vsphere.local' domain + + .EXAMPLE + Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser + + Gets person user accounts members of 'Administrators' group #> [CmdletBinding()] param( @@ -406,6 +411,7 @@ function Get-SsoPersonUser { $Name, [Parameter( + ParameterSetName = 'ByNameAndDomain', Mandatory=$false, ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, @@ -413,6 +419,15 @@ function Get-SsoPersonUser { [string] $Domain = 'localos', + [Parameter( + ParameterSetName = 'ByGroup', + Mandatory=$true, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Searches members of the specified group')] + [VMware.vSphere.SsoAdminClient.DataTypes.Group] + $Group, + [Parameter( Mandatory=$false, ValueFromPipeline=$false, @@ -439,21 +454,31 @@ function Get-SsoPersonUser { continue } - foreach ($personUser in $connection.Client.GetLocalUsers( - (RemoveWildcardSymbols $Name), - $Domain)) { + $personUsers = $null + if ($Group -ne $null) { + $personUsers = $connection.Client.GetPersonUsersInGroup( + (RemoveWildcardSymbols $Name), + $Group) + } else { + $personUsers = $connection.Client.GetLocalUsers( + (RemoveWildcardSymbols $Name), + $Domain) + } - if ([string]::IsNullOrEmpty($Name) ) { - Write-Output $personUser - } else { - # Apply Name filtering - if ((HasWildcardSymbols $Name) -and ` - $personUser.Name -like $Name) { - Write-Output $personUser - } elseif ($personUser.Name -eq $Name) { - # Exactly equal + if ($personUsers -ne $null) { + foreach ($personUser in $personUsers) { + if ([string]::IsNullOrEmpty($Name) ) { Write-Output $personUser + } else { + # Apply Name filtering + if ((HasWildcardSymbols $Name) -and ` + $personUser.Name -like $Name) { + Write-Output $personUser + } elseif ($personUser.Name -eq $Name) { + # Exactly equal + Write-Output $personUser + } } } } @@ -1808,6 +1833,7 @@ Process { $IdentitySource.Name, $IdentitySource.FriendlyName, $IdentitySource.PrimaryUrl, + $IdentitySource.FailoverUrl, $IdentitySource.UserBaseDN, $IdentitySource.GroupBaseDN, $Certificates); @@ -1917,4 +1943,72 @@ function Get-IdentitySource { $resultIdentitySources } } + +function Remove-IdentitySource { +<# + .NOTES + =========================================================================== + Created on: 03/19/2021 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function removes Identity Source. + + .PARAMETER IdentitySource + The identity source to remove + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + .EXAMPLE + Get-IdentitySource -External | Remove-IdentitySource + + Removes all external domain identity source +#> +[CmdletBinding()] + param( + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Identity source to remove')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource] + $IdentitySource, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + +Process { + + $serversToProcess = $global:DefaultSsoAdminServers.ToArray() + if ($Server -ne $null) { + $serversToProcess = $Server + } + + + try { + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + $connection.Client.DeleteDomain($IdentitySource.Name) + } + } catch { + Write-Error (FormatError $_.Exception) + } +} +} #endregion \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll index 281189a..e68d484 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll index 4ff7741..74f1c26 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 2e3cc7d..11a2ca1 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll index d93ffe8..e0157ac 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll index 8c8f94e..0f6bdae 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll index b127653..c06dbf2 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs index b769e4c..0ed5620 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs @@ -97,6 +97,23 @@ namespace VMware.vSphere.SsoAdminClient.Tests Assert.AreEqual("localos", actual[0].Domain); } + [Test] + public void GetPersonUsersInGroup() { + // Arrange + var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); + + // Act + var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group { + Name = "Administrators", + Domain = "vsphere.local" + }).ToArray(); + + // Assert + Assert.NotNull(actual); + Assert.GreaterOrEqual(actual.Length, 1); + Assert.AreEqual("vsphere.local", actual[0].Domain); + } + [Test] public void AddRemoveUserFromGroup() { // Arrange diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/ActiveDirectoryIdentitySource.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/ActiveDirectoryIdentitySource.cs index 6aa2b7c..cb01a3c 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/ActiveDirectoryIdentitySource.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/ActiveDirectoryIdentitySource.cs @@ -20,6 +20,7 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes public string FriendlyName { get; set; } public string PrimaryUrl { get; set; } + public string FailoverUrl { get; set; } public string UserBaseDN { get; set; } public string GroupBaseDN { get; set; } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs index 9d0e388..35e9522 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs @@ -22,6 +22,8 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes public string FirstName { get; set; } public string LastName { get; set; } public string EmailAddress { get; set; } + public bool Locked { get; set; } + public bool Disabled { get; set; } public SsoAdminClient GetClient() { return _client; diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index 35b698f..e23ad13 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -191,7 +191,9 @@ namespace VMware.vSphere.SsoAdminClient Description = personUser.details.description, FirstName = personUser.details.firstName, LastName = personUser.details.lastName, - EmailAddress = personUser.details.emailAddress + EmailAddress = personUser.details.emailAddress, + Locked = personUser.locked, + Disabled = personUser.disabled }; } @@ -222,13 +224,51 @@ namespace VMware.vSphere.SsoAdminClient Description = personUser.details.description, FirstName = personUser.details.firstName, LastName = personUser.details.lastName, - EmailAddress = personUser.details.emailAddress + EmailAddress = personUser.details.emailAddress, + Locked = personUser.locked, + Disabled = personUser.disabled }; } } } + public IEnumerable GetPersonUsersInGroup(string searchString, DataTypes.Group group) { + // Create Authorization Invocation Context + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + // Invoke SSO Admin FindPersonUsersAsync operation + var personUsers = authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.FindPersonUsersInGroupAsync( + new ManagedObjectReference { + type = "SsoAdminPrincipalDiscoveryService", + Value = "principalDiscoveryService" + }, + new SsoPrincipalId { + name = group.Name, + domain = group.Domain + }, + searchString, + int.MaxValue)).Result.returnval; + + if (personUsers != null) { + foreach (var personUser in personUsers) { + yield return new PersonUser(this) { + Name = personUser.id.name, + Domain = personUser.id.domain, + Description = personUser.details.description, + FirstName = personUser.details.firstName, + LastName = personUser.details.lastName, + EmailAddress = personUser.details.emailAddress, + Locked = personUser.locked, + Disabled = personUser.disabled + }; + } + } + } + public void DeleteLocalUser( PersonUser principal) { @@ -747,6 +787,7 @@ namespace VMware.vSphere.SsoAdminClient string name, string friendlyName, string primaryUrl, + string failoverUrl, string baseDNUsers, string baseDNGroups, X509Certificate2[] ldapCertificates) { @@ -757,6 +798,7 @@ namespace VMware.vSphere.SsoAdminClient var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails { friendlyName = friendlyName, primaryUrl = primaryUrl, + failoverUrl = failoverUrl, userBaseDn = baseDNUsers, groupBaseDn = baseDNGroups }; @@ -818,6 +860,7 @@ namespace VMware.vSphere.SsoAdminClient extIdentitySource.AuthenticationUsername = externalDomain.authenticationDetails?.username; extIdentitySource.FriendlyName = externalDomain.details?.friendlyName; extIdentitySource.PrimaryUrl = externalDomain.details?.primaryUrl; + extIdentitySource.FailoverUrl = externalDomain.details?.failoverUrl; extIdentitySource.GroupBaseDN = externalDomain.details?.groupBaseDn; extIdentitySource.UserBaseDN = externalDomain.details?.userBaseDn; yield return extIdentitySource; @@ -825,6 +868,25 @@ namespace VMware.vSphere.SsoAdminClient } } } + + public void DeleteDomain(string name) { + + var authorizedInvocationContext = + CreateAuthorizedInvocationContext(); + + try { + authorizedInvocationContext. + InvokeOperation(() => + _ssoAdminBindingClient.DeleteAsync( + new ManagedObjectReference { + type = "SsoAdminIdentitySourceManagementService", + Value = "identitySourceManagementService" + }, + name)).Wait(); + } catch (AggregateException e) { + throw e.InnerException; + } + } #endregion } } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 index 3f53a22..b7a5816 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/build.ps1 @@ -145,9 +145,6 @@ function PrepareForRelease { $sourceDir = Split-Path $PSScriptRoot Get-ChildItem -Path $sourceDir -Exclude src, README.md, $targetRootDirName | ` Copy-Item -Recurse -Destination $releaseDir - - $catalogFilePath = Join-path $releaseDir ((Get-Item $releaseDir).Name + ".cat") - New-FileCatalog -Path $releaseDir -CatalogFilePath $catalogFilePath | Out-Null } # 1. Test Build Tools diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 index f8ed9db..22127b6 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 @@ -260,6 +260,24 @@ Describe "PersonUser Tests" { # Assert $actual | Should -Be $null } + + It 'Gets person users members of Administrators group' { + # Arrange + $connection = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + + # Act + $actual = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser + + # Assert + $actual | Should -Not -Be $null + $actual.Count | Should -BeGreaterThan 0 + $actual[0].Name | Should -Not -Be $null + $actual[0].Domain | Should -Be 'vsphere.local' + } } Context "Set-SsoPersonUser" {