diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index d93b603..e71ba83 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -34,13 +34,13 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = '*' +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer') # Cmdlets to export from this module CmdletsToExport = @() # Variables to export from this module -VariablesToExport = '*' +VariablesToExport = '$global:DefaultSsoAdminServers' # Aliases to export from this module AliasesToExport = '*' diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index 7176e4b..e58f998 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -25,4 +25,135 @@ $subModule = Import-Module -Name $subModulePath -PassThru # When the module is unloaded, remove the nested binary module that was loaded with it $PSModule.OnRemove = { Remove-Module -ModuleInfo $subModule +} + +# Global variables +$global:DefaultSsoAdminServers = New-Object System.Collections.ArrayList + +# Module Advanced Functions Implementation + +function Connect-SsoAdminServer { +<# + .NOTES + =========================================================================== + Created on: 9/29/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function establishes a connection to a vSphere SSO Admin server. + + .PARAMETER Server + Specifies the IP address or the DNS name of the vSphere server to which you want to connect. + + .PARAMETER User + Specifies the user name you want to use for authenticating with the server. + + .PARAMETER Password + Specifies the password you want to use for authenticating with the server. + + .PARAMETER SkipCertificateCheck + Specifies whether server Tls certificate validation will be skipped + + .EXAMPLE + Connect-SsoAdminServer -Server my.vc.server -User myAdmin@vsphere.local -Password MyStrongPa$$w0rd + + Connects 'myAdmin@vsphere.local' user to Sso Admin server 'my.vc.server' +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='IP address or the DNS name of the vSphere server')] + [string] + $Server, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='User name you want to use for authenticating with the server')] + [string] + $User, + + [Parameter( + Mandatory=$true, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Password you want to use for authenticating with the server')] + [string] + $Password, + + [Parameter( + Mandatory=$false, + HelpMessage='Skips server Tls certificate validation')] + [switch] + $SkipCertificateCheck) + + Process { + $certificateValidator = $null + if ($SkipCertificateCheck) { + $certificateValidator = New-Object 'VMware.vSphere.SsoAdmin.Utils.AcceptAllX509CertificateValidator' + } + + $ssoAdminServer = New-Object ` + 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' ` + -ArgumentList @( + $Server, + $User, + (ConvertTo-SecureString -String $Password -AsPlainText -Force), + $certificateValidator) + + # Update $global:DefaultSsoAdminServers varaible + $global:DefaultSsoAdminServers.Add($ssoAdminServer) | Out-Null + + # Function Output + Write-Output $ssoAdminServer + } +} + +function Disconnect-SsoAdminServer { +<# + .NOTES + =========================================================================== + Created on: 9/29/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function closes the connection to a vSphere SSO Admin server. + + .PARAMETER Server + Specifies the vSphere SSO Admin systems you want to disconnect from + + .EXAMPLE + $mySsoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User myAdmin@vsphere.local -Password MyStrongPa$$w0rd + Disconnect-SsoAdminServer -Server $mySsoAdminConnection + + Disconnect a SSO Admin connection stored in 'mySsoAdminConnection' varaible +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$false, + HelpMessage='SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + + Process { + if ($global:DefaultSsoAdminServers.Contains($Server)) { + $global:DefaultSsoAdminServers.Remove($Server) + } + + if ($Server.IsConnected) { + $Server.Disconnect() + } + } } \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll index 5e5db1b..e457b31 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Client.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Client.dll deleted file mode 100644 index f8d5563..0000000 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Client.dll and /dev/null differ diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.psd1 index 2e500b9..3aaae69 100644 --- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.psd1 @@ -46,7 +46,7 @@ ProcessorArchitecture = '' # Assemblies that must be loaded prior to importing this module RequiredAssemblies = @( 'VMware.vSphere.SsoAdmin.Utils.dll', -'VMware.vSphere.SsoAdmin.Client.dll', +'VMware.vSphere.SsoAdminClient.dll', 'VMware.vSphere.LsClient.dll' ) diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 5ef3a93..4611b73 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.LsClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.LsClient.dll index 5e5db1b..e457b31 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.LsClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.LsClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Client.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Client.dll deleted file mode 100644 index c96dd13..0000000 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Client.dll and /dev/null differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Utils.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Utils.dll index c62c015..901a8f6 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Utils.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.Utils.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.psd1 index e6aa9af..1c71895 100644 --- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdmin.psd1 @@ -43,7 +43,7 @@ ProcessorArchitecture = '' # Assemblies that must be loaded prior to importing this module RequiredAssemblies = @( 'VMware.vSphere.SsoAdmin.Utils.dll', -'VMware.vSphere.SsoAdmin.Client.dll', +'VMware.vSphere.SsoAdminClient.dll', 'VMware.vSphere.LsClient.dll' ) diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll index de97b92..946cd16 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs index 07dd6de..1ac597a 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs @@ -45,9 +45,14 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes } public string Name { get; } - public Uri ServiceUri => _client.ServiceUri; - public string User => _client.User; + public Uri ServiceUri => _client?.ServiceUri; + public string User => _client?.User; public string Id { get; set; } + public bool IsConnected => _client != null; + + public void Disconnect() { + _client = null; + } public override string ToString() { return Name; diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs index 74dd890..b33e489 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs @@ -35,6 +35,8 @@ namespace VMware.vSphere.SsoAdminClient // Create STS Client var stsUri = lsClient.GetStsEndpointUri(); _securityContext = new UserPassSecurityContext(user, password, stsUri, serverCertificateValidator); + // Initialize security context with Saml token by username and password + _securityContext.GetToken(); // Create SSO Admin Binding Client var ssoAdminUri = lsClient.GetSsoAdminEndpointUri(); diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 new file mode 100644 index 0000000..6e8e985 --- /dev/null +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1 @@ -0,0 +1,105 @@ +#************************************************************************** +# Copyright (c) VMware, Inc. All rights reserved. +#************************************************************************** + +param( + [Parameter(Mandatory = $true)] + [string] + $VcAddress, + + [Parameter(Mandatory = $true)] + [string] + $VcUser, + + [Parameter(Mandatory = $true)] + [string] + $VcUserPassword +) + +# Import Vmware.vSphere.SsoAdmin Module +$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1" +Import-Module $modulePath + +Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" { + AfterEach { + $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() + foreach ($connection in $connectionsToCleanup) { + Disconnect-SsoAdminServer -Server $connection + } + } + + Context "Connect-SsoAdminServer" { + It 'Connect-SsoAdminServer returns SsoAdminServer object and updates DefaultSsoAdminServers variable' { + # Act + $actual = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $VcUser ` + -Password $VcUserPassword ` + -SkipCertificateCheck + + # Assert + $actual | Should Not Be $null + $actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' + $actual.IsConnected | Should Be $true + $global:DefaultSsoAdminServers | Should Contain $actual + } + + It 'Connect-SsoAdminServer throws error on invalid password' { + # Act + # Assert + { Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $VcUser ` + -Password ($VcUserPassword + "invalid") ` + -SkipCertificateCheck } | ` + Should Throw "Invalid credentials" + } + + It 'Connect-SsoAdminServer throws error on invalid Tls Certificate' { + # Act + # Assert + { Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $VcUser ` + -Password $VcUserPassword} | ` + Should Throw "The SSL connection could not be established, see inner exception." + } + } + + Context "Disconnect-SsoAdminServer" { + It 'Diconnect-SsoAdminServer removes server from DefaultSsoAdminServers and makes the object not connected' { + # Arrange + $expected = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $VcUser ` + -Password $VcUserPassword ` + -SkipCertificateCheck + + # Act + $expected | Disconnect-SsoAdminServer + + # Assert + $global:DefaultSsoAdminServers | Should Not Contain $expected + $expected.IsConnected | Should Be $false + } + + It 'Disconnects disconnected object' { + # Arrange + $expected = Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $VcUser ` + -Password $VcUserPassword ` + -SkipCertificateCheck + + $expected | Disconnect-SsoAdminServer + + # Act + { Disconnect-SsoAdminServer -Server $expected } | ` + Should Not Throw + + # Assert + $global:DefaultSsoAdminServers | Should Not Contain $expected + $expected.IsConnected | Should Be $false + } + } +} \ No newline at end of file