diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 index bf40eee..271ff64 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1 @@ -34,7 +34,7 @@ RequiredModules = @( ) # Functions to export from this module -FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group') +FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-PersonUser', 'Get-PersonUser', 'Set-PersonUser', 'Remove-PersonUser', 'Get-Group', 'Get-PasswordPolicy', 'Set-PasswordPolicy') # Cmdlets to export from this module CmdletsToExport = @() diff --git a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 index 6f6f86c..9f06eee 100644 --- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 +++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1 @@ -418,21 +418,12 @@ function Set-PersonUser { .DESCRIPTION Updates person user account. - Nota Bene! Have in mind PersonUser objects don't carry information about the connection. - If you specify PersonUser and on the server there is user with same Id it will be deleted. - .PARAMETER User Specifies the PersonUser instance to update. - Nota Bene! Have in mind PersonUser objects don't carry information about the connection. - If you specify PersonUser and on the server there is user with same Id it will be deleted. - .PARAMETER Group Specifies the Group you want to add or remove PwersonUser from. - Nota Bene! Have in mind Group objects don't carry information about the connection. - If you specify Group and on the server there is user with same Id it will be deleted. - .PARAMETER Add Specifies user will be added to the spcified group. @@ -445,10 +436,6 @@ function Set-PersonUser { .PARAMETER NewPassword Specifies new password for the specified user. - .PARAMETER Server - Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. - If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. - .EXAMPLE Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection @@ -520,53 +507,40 @@ function Set-PersonUser { Mandatory=$true, HelpMessage='Specifies to unlock user account.')] [switch] - $Unlock, - - [Parameter( - Mandatory=$false, - ValueFromPipeline=$false, - ValueFromPipelineByPropertyName=$false, - HelpMessage='Connected SsoAdminServer object')] - [ValidateNotNull()] - [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] - $Server) + $Unlock) Process { - $serversToProcess = $global:DefaultSsoAdminServers - if ($Server -ne $null) { - $serversToProcess = $Server - } - - foreach ($connection in $serversToProcess) { - if (-not $connection.IsConnected) { - Write-Error "Server $connection is disconnected" + foreach ($u in $User) { + $ssoAdminClient = $u.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$u' is from disconnected server" continue } if ($Add) { - $result = $connection.Client.AddPersonUserToGroup($User, $Group) + $result = $ssoAdminClient.AddPersonUserToGroup($u, $Group) if ($result) { - Write-Output $User + Write-Output $u } } if ($Remove) { - $result = $connection.Client.RemovePersonUserFromGroup($User, $Group) + $result = $ssoAdminClient.RemovePersonUserFromGroup($u, $Group) if ($result) { - Write-Output $User + Write-Output $u } } if ($Unlock) { - $result = $connection.Client.UnlockPersonUser($User) + $result = $ssoAdminClient.UnlockPersonUser($u) if ($result) { - Write-Output $User + Write-Output $u } } if ($NewPassword) { - $connection.Client.ResetPersonUserPassword($User, $NewPassword) - Write-Output $User + $ssoAdminClient.ResetPersonUserPassword($u, $NewPassword) + Write-Output $u } } } @@ -584,23 +558,13 @@ function Remove-PersonUser { .DESCRIPTION This function removes existing person user account. - Nota Bene! Have in mind PersonUser objects don't carry information about the connection. - If you specify PersonUser and on the server there is user with same Id it will be deleted. - .PARAMETER User Specifies the PersonUser instance to remove. - Nota Bene! Have in mind PersonUser objects don't carry information about the connection. - If you specify PersonUser and on the server there is user with same Id it will be deleted. - - .PARAMETER Server - Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. - If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. - .EXAMPLE $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd' $myNewPersonUser = New-PersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd' - Remove-PersonUser -User $myNewPersonUser -Server $ssoAdminConnection + Remove-PersonUser -User $myNewPersonUser Remove person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd' @@ -617,30 +581,17 @@ function Remove-PersonUser { ValueFromPipelineByPropertyName=$false, HelpMessage='Person User instance you want to remove from specified servers')] [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser] - $User, - - [Parameter( - Mandatory=$false, - ValueFromPipeline=$false, - ValueFromPipelineByPropertyName=$false, - HelpMessage='Connected SsoAdminServer object')] - [ValidateNotNull()] - [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] - $Server) + $User) Process { - $serversToProcess = $global:DefaultSsoAdminServers - if ($Server -ne $null) { - $serversToProcess = $Server - } - - foreach ($connection in $serversToProcess) { - if (-not $connection.IsConnected) { - Write-Error "Server $connection is disconnected" + foreach ($u in $User) { + $ssoAdminClient = $u.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$u' is from disconnected server" continue } - $connection.Client.DeleteLocalUser($User) + $ssoAdminClient.DeleteLocalUser($u) } } } @@ -739,4 +690,254 @@ function Get-Group { } } } +#endregion + +#region PasswordPolicy cmdlets +function Get-PasswordPolicy { +<# + .NOTES + =========================================================================== + Created on: 9/30/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function gets password policy. + + .PARAMETER Server + Specifies the vSphere Sso Admin Server on which you want to run the cmdlet. + If not specified the servers available in $global:DefaultSsoAdminServers variable will be used. + + .EXAMPLE + Get-PasswordPolicy + + Gets password policy for the server connections available in $global:defaultSsoAdminServers +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='Connected SsoAdminServer object')] + [ValidateNotNull()] + [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer] + $Server) + + Process { + $serversToProcess = $global:DefaultSsoAdminServers + if ($Server -ne $null) { + $serversToProcess = $Server + } + foreach ($connection in $serversToProcess) { + if (-not $connection.IsConnected) { + Write-Error "Server $connection is disconnected" + continue + } + + $connection.Client.GetPasswordPolicy(); + } + } +} + +function Set-PasswordPolicy { +<# + .NOTES + =========================================================================== + Created on: 9/30/2020 + Created by: Dimitar Milov + Twitter: @dimitar_milov + Github: https://github.com/dmilov + =========================================================================== + .DESCRIPTION + This function updates password policy settings. + + .PARAMETER PasswordPolicy + Specifies the PasswordPolicy instance which will be used as original policy. If some properties are not specified they will be updated with the properties from this object. + + .PARAMETER Description + + .PARAMETER ProhibitedPreviousPasswordsCount + + .PARAMETER MinLength + + .PARAMETER MaxLength + + .PARAMETER MaxIdenticalAdjacentCharacters + + .PARAMETER MinNumericCount + + .PARAMETER MinSpecialCharCount + + .PARAMETER MinAlphabeticCount + + .PARAMETER MinUppercaseCount + + .PARAMETER MinLowercaseCount + + .PARAMETER PasswordLifetimeDays + + .EXAMPLE + Get-PasswordPolicy | Set-PasswordPolicy -MinLength 10 -PasswordLifetimeDays 45 + + Updates password policy setting minimum password length to 10 symbols and password lifetime to 45 days +#> +[CmdletBinding()] + param( + [Parameter( + Mandatory=$true, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$false, + HelpMessage='PasswordPolicy instance you want to update')] + [VMware.vSphere.SsoAdminClient.DataTypes.PasswordPolicy] + $PasswordPolicy, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false, + HelpMessage='PasswordPolicy description')] + [string] + $Description, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $ProhibitedPreviousPasswordsCount, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MinLength, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MaxLength, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MaxIdenticalAdjacentCharacters, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MinNumericCount, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MinSpecialCharCount, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MinAlphabeticCount, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MinUppercaseCount, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $MinLowercaseCount, + + [Parameter( + Mandatory=$false, + ValueFromPipeline=$false, + ValueFromPipelineByPropertyName=$false)] + [Nullable[System.Int32]] + $PasswordLifetimeDays) + + Process { + + foreach ($pp in $PasswordPolicy) { + + $ssoAdminClient = $pp.GetClient() + if ((-not $ssoAdminClient)) { + Write-Error "Object '$pp' is from disconnected server" + continue + } + + if ([string]::IsNullOrEmpty($Description)) { + $Description = $pp.Description + } + + if ($ProhibitedPreviousPasswordsCount -eq $null) { + $ProhibitedPreviousPasswordsCount = $pp.ProhibitedPreviousPasswordsCount + } + + if ($MinLength -eq $null) { + $MinLength = $pp.MinLength + } + + if ($MaxLength -eq $null) { + $MaxLength = $pp.MaxLength + } + + if ($MaxIdenticalAdjacentCharacters -eq $null) { + $MaxIdenticalAdjacentCharacters = $pp.MaxIdenticalAdjacentCharacters + } + + if ($MinNumericCount -eq $null) { + $MinNumericCount = $pp.MinNumericCount + } + + if ($MinSpecialCharCount -eq $null) { + $MinSpecialCharCount = $pp.MinSpecialCharCount + } + + if ($MinAlphabeticCount -eq $null) { + $MinAlphabeticCount = $pp.MinAlphabeticCount + } + + if ($MinUppercaseCount -eq $null) { + $MinUppercaseCount = $pp.MinUppercaseCount + } + + if ($MinLowercaseCount -eq $null) { + $MinLowercaseCount = $pp.MinLowercaseCount + } + + if ($PasswordLifetimeDays -eq $null) { + $PasswordLifetimeDays = $pp.PasswordLifetimeDays + } + + $ssoAdminClient.SetPasswordPolicy( + $Description, + $ProhibitedPreviousPasswordsCount, + $MinLength, + $MaxLength, + $MaxIdenticalAdjacentCharacters, + $MinNumericCount, + $MinSpecialCharCount, + $MinAlphabeticCount, + $MinUppercaseCount, + $MinLowercaseCount, + $PasswordLifetimeDays); + } + } +} #endregion \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll index 1e42dc5..67323cd 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll index d0b8976..2227ff4 100644 Binary files a/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll and b/Modules/VMware.vSphere.SsoAdmin/netcoreapp2.0/VMware.vSphere.SsoAdminClient.dll differ diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs index 6693c81..db923c2 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs @@ -143,5 +143,78 @@ namespace VMware.vSphere.SsoAdminClient.Tests ssoAdminClient.DeleteLocalUser( newUser); } + + [Test] + public void GetPasswordPolicy() { + // Arrange + var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); + + // Act + var actual = ssoAdminClient.GetPasswordPolicy(); + + // Assert + Assert.NotNull(actual); + } + + [Test] + public void SetPasswordPolicy() { + // Arrange + var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator()); + + var originalPasswordPolicy = ssoAdminClient.GetPasswordPolicy(); + + var expectedDescription = "TestDescription"; + var expectedProhibitedPreviousPasswordsCount = originalPasswordPolicy.ProhibitedPreviousPasswordsCount + 1; + var expectedMinLength = originalPasswordPolicy.MinLength + 1; + var expectedMaxLength = originalPasswordPolicy.MaxLength + 1; + var exptectedMaxIdenticalAdjacentCharacters = originalPasswordPolicy.MaxIdenticalAdjacentCharacters + 1; + var expectedMinNumericCount = originalPasswordPolicy.MinNumericCount + 1; + var expectedMinSpecialCharCount = originalPasswordPolicy.MinSpecialCharCount + 1; + var expectedMinAlphabeticCount = originalPasswordPolicy.MinAlphabeticCount + 2; + var expectedMinUppercaseCount = 0; + var expectedMinLowercaseCount = originalPasswordPolicy.MinLowercaseCount + 2; + var expectedPasswordLifetimeDays = originalPasswordPolicy.PasswordLifetimeDays - 2; + + // Act + var actual = ssoAdminClient.SetPasswordPolicy( + description: expectedDescription, + prohibitedPreviousPasswordsCount: expectedProhibitedPreviousPasswordsCount, + minLength: expectedMinLength, + maxLength: expectedMaxLength, + maxIdenticalAdjacentCharacters: exptectedMaxIdenticalAdjacentCharacters, + minNumericCount: expectedMinNumericCount, + minSpecialCharCount: expectedMinSpecialCharCount, + minAlphabeticCount: expectedMinAlphabeticCount, + minUppercaseCount: expectedMinUppercaseCount, + minLowercaseCount: expectedMinLowercaseCount, + passwordLifetimeDays: expectedPasswordLifetimeDays); + + // Assert + Assert.NotNull(actual); + Assert.AreEqual(expectedDescription, actual.Description); + Assert.AreEqual(expectedProhibitedPreviousPasswordsCount, actual.ProhibitedPreviousPasswordsCount); + Assert.AreEqual(expectedMinLength, actual.MinLength); + Assert.AreEqual(expectedMaxLength, actual.MaxLength); + Assert.AreEqual(exptectedMaxIdenticalAdjacentCharacters, actual.MaxIdenticalAdjacentCharacters); + Assert.AreEqual(expectedMinNumericCount, actual.MinNumericCount); + Assert.AreEqual(expectedMinAlphabeticCount, actual.MinAlphabeticCount); + Assert.AreEqual(expectedMinUppercaseCount, actual.MinUppercaseCount); + Assert.AreEqual(expectedMinLowercaseCount, actual.MinLowercaseCount); + Assert.AreEqual(expectedPasswordLifetimeDays, actual.PasswordLifetimeDays); + + // Cleanup + ssoAdminClient.SetPasswordPolicy( + description: originalPasswordPolicy.Description, + prohibitedPreviousPasswordsCount: originalPasswordPolicy.ProhibitedPreviousPasswordsCount, + minLength: originalPasswordPolicy.MinLength, + maxLength: originalPasswordPolicy.MaxLength, + maxIdenticalAdjacentCharacters: originalPasswordPolicy.MaxIdenticalAdjacentCharacters, + minNumericCount: originalPasswordPolicy.MinNumericCount, + minSpecialCharCount: originalPasswordPolicy.MinSpecialCharCount, + minAlphabeticCount: originalPasswordPolicy.MinAlphabeticCount, + minUppercaseCount: originalPasswordPolicy.MinUppercaseCount, + minLowercaseCount: originalPasswordPolicy.MinLowercaseCount, + passwordLifetimeDays: originalPasswordPolicy.PasswordLifetimeDays); + } } } \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PasswordPolicy.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PasswordPolicy.cs new file mode 100644 index 0000000..215d22d --- /dev/null +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PasswordPolicy.cs @@ -0,0 +1,36 @@ +// ************************************************************************** +// Copyright (c) VMware, Inc. All rights reserved. -- VMware Confidential. +// ************************************************************************** + +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +namespace VMware.vSphere.SsoAdminClient.DataTypes +{ + public class PasswordPolicy + { + SsoAdminClient _client; + public PasswordPolicy(SsoAdminClient client) { + _client = client; + } + + public string Description { get; set; } + public int ProhibitedPreviousPasswordsCount { get; set; } + public int MinLength { get; set; } + public int MaxLength { get; set; } + public int MinNumericCount { get; set; } + public int MinSpecialCharCount { get; set; } + public int MaxIdenticalAdjacentCharacters { get; set; } + public int MinAlphabeticCount { get; set; } + public int MinUppercaseCount { get; set; } + public int MinLowercaseCount { get; set; } + public int PasswordLifetimeDays { get; set; } + + public SsoAdminClient GetClient() { + return _client; + } + } +} diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs index 87c06da..a17394a 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs @@ -11,6 +11,11 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes { public class PersonUser { + SsoAdminClient _client; + public PersonUser(SsoAdminClient client) { + _client = client; + } + public string Name { get; set; } public string Domain { get; set; } public string Description { get; set; } @@ -18,6 +23,10 @@ namespace VMware.vSphere.SsoAdminClient.DataTypes public string LastName { get; set; } public string EmailAddress { get; set; } + public SsoAdminClient GetClient() { + return _client; + } + public override string ToString() { return $"{Name}@{Domain}"; } diff --git a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/UserPassSecurityContext.cs b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/UserPassSecurityContext.cs index 6249c61..6860a8c 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/UserPassSecurityContext.cs +++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/UserPassSecurityContext.cs @@ -42,7 +42,7 @@ namespace VMware.vSphere.SsoAdminClient private void RenewIfNeeded() { if (_validToken == null || - _validToken.Expires < (DateTime.Now - new TimeSpan(0, 0, 30))) { + _validToken.Expires < (DateTime.Now + new TimeSpan(0, 0, 30))) { _validToken = _stsClient.IssueBearerTokenByUserCredential( _user, _password); diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/PasswordPolicy.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/PasswordPolicy.Tests.ps1 new file mode 100644 index 0000000..36c3680 --- /dev/null +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PasswordPolicy.Tests.ps1 @@ -0,0 +1,109 @@ +#************************************************************************** +# Copyright (c) VMware, Inc. All rights reserved. +#************************************************************************** + +param( + [Parameter(Mandatory = $true)] + [string] + $VcAddress, + + [Parameter(Mandatory = $true)] + [string] + $User, + + [Parameter(Mandatory = $true)] + [string] + $Password +) + +# Import Vmware.vSphere.SsoAdmin Module +$modulePath = Join-Path (Split-Path $PSScriptRoot | Split-Path) "VMware.vSphere.SsoAdmin.psd1" +Import-Module $modulePath + +Describe "PasswordPolicy Tests" { + BeforeEach { + Connect-SsoAdminServer ` + -Server $VcAddress ` + -User $User ` + -Password $Password ` + -SkipCertificateCheck + } + + AfterEach { + $connectionsToCleanup = $global:DefaultSsoAdminServers.ToArray() + foreach ($connection in $connectionsToCleanup) { + Disconnect-SsoAdminServer -Server $connection + } + } + + Context "Get-PasswordPolicy" { + It 'Gets password policy' { + # Act + $actual = Get-PasswordPolicy + + # Assert + $actual | Should Not Be $null + } + } + + Context "Set-PasswordPolicy" { + It 'Updates password policy MaxLength and PasswordLifetimeDays' { + # Arrange + $passwordPolicyToUpdate = Get-PasswordPolicy + $expectedMaxLength = 17 + $expectedPasswordLifetimeDays = 77 + + # Act + $actual = Set-PasswordPolicy ` + -PasswordPolicy $passwordPolicyToUpdate ` + -MaxLength $expectedMaxLength ` + -PasswordLifetimeDays $expectedPasswordLifetimeDays + + # Assert + $actual | Should Not Be $null + $actual.MaxLength | Should Be $expectedMaxLength + $actual.PasswordLifetimeDays | Should Be $expectedPasswordLifetimeDays + $actual.Description | Should Be $passwordPolicyToUpdate.Description + $actual.ProhibitedPreviousPasswordsCount | Should Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount + $actual.MinLength | Should Be $passwordPolicyToUpdate.MinLength + $actual.MaxIdenticalAdjacentCharacters | Should Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters + $actual.MinNumericCount | Should Be $passwordPolicyToUpdate.MinNumericCount + $actual.MinSpecialCharCount | Should Be $passwordPolicyToUpdate.MinSpecialCharCount + $actual.MinAlphabeticCount | Should Be $passwordPolicyToUpdate.MinAlphabeticCount + $actual.MinUppercaseCount | Should Be $passwordPolicyToUpdate.MinUppercaseCount + $actual.MinLowercaseCount | Should Be $passwordPolicyToUpdate.MinLowercaseCount + + # Cleanup + $passwordPolicyToUpdate | Set-PasswordPolicy + } + + It 'Updates password policy Description and MinUppercaseCount' { + # Arrange + $passwordPolicyToUpdate = Get-PasswordPolicy + $expectedMinUppercaseCount = 0 + $expectedDescription = "Test Description" + + # Act + $actual = $passwordPolicyToUpdate | Set-PasswordPolicy ` + -Description $expectedDescription ` + -MinUppercaseCount $expectedMinUppercaseCount + + # Assert + $actual | Should Not Be $null + $actual.Description | Should Be $expectedDescription + $actual.MinUppercaseCount | Should Be $expectedMinUppercaseCount + $actual.MaxLength | Should Be $passwordPolicyToUpdate.MaxLength + $actual.PasswordLifetimeDays | Should Be $passwordPolicyToUpdate.PasswordLifetimeDays + $actual.ProhibitedPreviousPasswordsCount | Should Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount + $actual.MinLength | Should Be $passwordPolicyToUpdate.MinLength + $actual.MaxIdenticalAdjacentCharacters | Should Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters + $actual.MinNumericCount | Should Be $passwordPolicyToUpdate.MinNumericCount + $actual.MinSpecialCharCount | Should Be $passwordPolicyToUpdate.MinSpecialCharCount + $actual.MinAlphabeticCount | Should Be $passwordPolicyToUpdate.MinAlphabeticCount + $actual.MinLowercaseCount | Should Be $passwordPolicyToUpdate.MinLowercaseCount + + # Cleanup + $passwordPolicyToUpdate | Set-PasswordPolicy + } + } +} \ No newline at end of file diff --git a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 index b758979..2db78df 100644 --- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 +++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1 @@ -289,8 +289,7 @@ Describe "PersonUser Tests" { $actual = Set-PersonUser ` -User $personUserToUpdate ` -Group $groupUserToBeAddedTo ` - -Add ` - -Server $connection + -Add # Assert $actual | Should Not Be $null @@ -321,15 +320,13 @@ Describe "PersonUser Tests" { Set-PersonUser ` -User $personUserToUpdate ` -Group $groupToBeUsed ` - -Add ` - -Server $connection | Out-Null + -Add # Act $actual = Set-PersonUser ` -User $personUserToUpdate ` -Group $groupToBeUsed ` - -Remove ` - -Server $connection + -Remove # Assert $actual | Should Not Be $null @@ -356,8 +353,7 @@ Describe "PersonUser Tests" { # Act $actual = Set-PersonUser ` -User $personUserToUpdate ` - -NewPassword $newPassword ` - -Server $connection + -NewPassword $newPassword # Assert $actual | Should Not Be $null @@ -383,8 +379,7 @@ Describe "PersonUser Tests" { # Act $actual = Set-PersonUser ` -User $personUserToUpdate ` - -Unlock ` - -Server $connection + -Unlock # Assert $actual | Should Be $null @@ -409,7 +404,7 @@ Describe "PersonUser Tests" { -Server $connection # Act - Remove-PersonUser -User $personUserToRemove -Server $connection + Remove-PersonUser -User $personUserToRemove # Assert $personUserToRemove | Should Not Be $null