To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

...
 
Commits (7)
# Changelog of IAMClient
## Version 1.3.0
**Highlights**
* Added option to save password (on Windows) into the credential manager and automatically retreive password in the future
```powershell
# first execution to save password:
Initialize-IAMClient -SaveCred
# The password is now saved and will only be prompted again when executed again!
```
* More Documentation! (see 676a88ac80590ddbb8a892e58751297dcbb772f9)
**Bugfixes**
* Better errorhandling in `Invoke-IAMMethod`
## Version 1.2.3
Only minor changes to the error handling in `Invoke-IAMMethod`, it now reads the message returned from the webserver and returns it to the caller.
......
......@@ -12,7 +12,8 @@ function Main() {
# Initialize IAM Client
try {
Initialize-IAMClient -Credentials $AdminUser
} catch {
}
catch {
Write-Host $_
return
}
......@@ -25,30 +26,48 @@ function Main() {
<# SET PASSWORD #>
$Usernames = 72..83 | ForEach-Object {"biolcourse-$($_.ToString("00"))"}
$Usernames = 01..10 | ForEach-Object { "biolcourse-$($_.ToString("00"))" }
$Ok = @()
$i = 0
foreach ($User in $Usernames){
Write-Progress -Activity "Resetting Passwords" -PercentComplete (100/ $Usernames.Length * $i) -CurrentOperation $User
Write-Information $User
try {
$Result = $User | Reset-CourseUserPassword -PwdPolicy $PwdPolicy -ServiceName "Mailbox"
$Result.Password = $Result.Password
$OK += $Result
} catch {
Write-Host "$User ... $($Result.Password) ... $($Result.Status)"
$Usernames | ResetUserPassword -PwdPolicy $PwdPolicy -ServiceNames "Mailbox"
}
function ResetUserPassword {
param (
[Parameter(ValueFromPipeline = $true)]
[string]$Identity,
[Parameter(Mandatory = $true)]
$PwdPolicy,
[Parameter(Mandatory = $true)]
[string[]]$ServiceNames
)
PROCESS {
Write-Progress -Activity "Resetting Passwords" -CurrentOperation $Identity
Write-Information $Identity
foreach ($Service in $ServiceNames) {
try {
$Result = $Identity | Reset-CourseUserPassword -PwdPolicy $PwdPolicy -ServiceName $Service
$Result.Password = $Result.Password
Write-Output $Result
}
catch {
Write-Host "$User `t $($Service) `t '$($Result.Password)' `t-> $($Result.Status)"
}
}
$i++
}
Write-Progress -Activity "Resetting Passwords" -Completed #>
return $Ok
}
END {
Write-Progress -Activity "Resetting Passwords" -Completed
}
}
function New-CourseUsers {
......@@ -108,7 +127,7 @@ function New-CourseUsers {
homeDrive = $HomeDrive;
homeDirectory = $HomePath;
profilePath = $ProfilePath;
enabled = 1;
enabled = 1;
}
# Create user or modify?
......@@ -117,7 +136,8 @@ function New-CourseUsers {
$Persona = Get-ETHPersonServices -Identity $NewUserName
$CreatePersona = $false
$CreateText = "Updating Users"
} catch {
}
catch {
$CreatePersona = $true
$CreateText = "Creating users"
}
......@@ -127,17 +147,17 @@ function New-CourseUsers {
try {
# Create UNAME
if ($CreatePersona){
if ($CreatePersona) {
New-ETHPersona -ParentIdentity $ParentPersona -UserComment $UserComment -NewUserName $NewUserName -InitPwd $NewPassword
}
# Add nethz service
if ($CreatePersona){
if ($CreatePersona) {
Add-ETHUserITService -Identity $NewUserName -ITServiceName "LDAP" -Body @{} -ea Continue
}
# Add Mailbox service
if ($CreatePersona){
if ($CreatePersona) {
Add-ETHUserITService -Identity $NewUserName -ITServiceName "Mailbox" -Body @{} #$MailboxBody
}
......@@ -174,7 +194,7 @@ function New-CourseUsers {
function Reset-CourseUserPassword {
[CmdletBinding()]
param (
[Parameter(ValueFromPipeline=$true, Mandatory = $true)]
[Parameter(ValueFromPipeline = $true, Mandatory = $true)]
[string]$Username,
[Parameter(Mandatory = $true)]
......@@ -191,17 +211,18 @@ function Reset-CourseUserPassword {
}
PROCESS {
if (-not $NewPassword){
if (-not $NewPassword) {
$PlainText = Get-RandomPassword -Policy $PwdPolicy
$NewPassword = $PlainText | ConvertTo-SecureString -AsPlainText -Force
}
try {
$Status = Reset-ETHUserPassword -Identity $Username -NewPassword $NewPassword -ServiceName $ServiceName -ErrorAction "Stop"
} catch {
}
catch {
$Status = $_
}
[PSCustomObject]@{User = $Username; Password = $PlainText; Status = $Status}
[PSCustomObject]@{User = $Username; Password = $PlainText; Status = $Status }
}
}
......@@ -274,9 +295,9 @@ function Get-RandomPassword {
# Add Symbols
if (-not $Policy.NoSymbols) {
$Policy.AllowSymbolsList.ToCharArray() | ForEach-Object {$RandomCharInts.Add([int]$_)} # Add all Charindexes of specified symbols
$Policy.AllowSymbolsList.ToCharArray() | ForEach-Object { $RandomCharInts.Add([int]$_) } # Add all Charindexes of specified symbols
# escape "-" because it has special meaning in this part of the regex
$Regex += "(?=.*[" + ($Policy.AllowSymbolsList -replace "-","\-" -replace "]","\]") + "])"
$Regex += "(?=.*[" + ($Policy.AllowSymbolsList -replace "-", "\-" -replace "]", "\]") + "])"
}
$Regex += ").{$($Policy.MinLength),$($Policy.MaxLength)}"
......@@ -307,5 +328,8 @@ function Convert-SecureStringToText {
}
# Execute the Main function
$returnVal = Main
$returnVal
\ No newline at end of file
$returnval = @()
Main | ForEach-Object {
$_
$returnval += $_
}
......@@ -7,7 +7,7 @@
RootModule = 'IAMClient.psm1'
# Version number of this module.
ModuleVersion = '1.2.6'
ModuleVersion = '1.3.0'
# ID used to uniquely identify this module
GUID = '33ce3afe-9156-4f0e-bbc7-6d4fab3f2ad7'
......
......@@ -14,6 +14,46 @@ Install-Module -Name "IAMClient"
or alternatively, download the latest release from the [Releases](https://gitlab.ethz.ch/aurels/iam-powershell/releases) page and import it yourself
## Getting Started
See the documentation in the [docs folder](docs/README.md) or just experiment:
```powershell
# Log in and save the password (you only need to perform this command once PER COMPUTER)
Initialize-IAMClient asc4ea -SaveCredential
###### Gather information ######
Get-ETHUser asc4ea
Get-ETHGroup biol-somegroup
Find-ETHGroup -Name "id-s4d*" -AdminGroup "ID-S4D"
Get-ETHMaillist "biol-micro-list-sunagawa"
###### edit user ######
$User = Get-ETHUser aurels
$User.profilePath = ""
$User.homeDrive = "S:"
$User.homeDirectory = "\\server\share\%username%"
# save changes
Set-ETHUser aurels $User
###### groups ######
Add-ETHGroupMember biol-micro-isg -Members "aurels"
Remove-ETHGroupMember biol-micro-isg -Members "aurels"
###### maillists ######
Add-ETHMaillistMember biol-isg-all -Members "aurels"
Remove-ETHMaillistMember biol-isg-all -Members "aurels"
## other cool stuff ##
# copy users from group to maillist
Sync-ETHGroupMember -SourceGroups "biol-micro-isg" -DestList "MICRO_IT_STAFF"
# copy users from group to other group
Sync-ETHGroupMember -SourceGroups "biol-micro-isg" -DestGroup "biol-micro-serveradmins"
```
## Examples
There are a few example scripts to help you get going:
......
......@@ -8,7 +8,7 @@ schema: 2.0.0
# Add-ETHGroupMember
## SYNOPSIS
{{ Fill in the Synopsis }}
Adds members to a IAM group
## SYNTAX
......@@ -17,33 +17,25 @@ Add-ETHGroupMember [-Identity] <String> [-Members <String[]>] [-WhatIf] [-Confir
```
## DESCRIPTION
{{ Fill in the Description }}
Adds one or more members to a IAM group
## EXAMPLES
### Example 1
```powershell
PS C:\> {{ Add example code here }}
### EXAMPLE 1
```
Add-ETHGroupMember biol-micro-isg "aurels"
```
{{ Add example description here }}
Adds one member "aurels" to the group "biol-micro-isg"
## PARAMETERS
### EXAMPLE 2
```
"somegroup","someothergroup","somethirdgroup" | Add-ETHGroupMember "aurels","jgrand"
```
### -Confirm
Prompts you for confirmation before running the cmdlet.
Adds multiple members to multiple groups
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
## PARAMETERS
### -Identity
{{ Fill Identity Description }}
......@@ -54,7 +46,7 @@ Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Position: 1
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
......@@ -91,16 +83,30 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -Confirm
Prompts you for confirmation before running the cmdlet.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### System.String
## OUTPUTS
### System.Object
### PSCustomObject
### An object containing all accepted / rejected / failed members
## NOTES
## RELATED LINKS
......@@ -30,10 +30,10 @@ In this example, the all groups are found that start with "biol-micro-isg*"
### EXAMPLE 2
```
Find-ETHGroup -Name "biol-micro-isg*" -AdminGroup "D-BIOL"
Find-ETHGroup -Name "id-s4d*" -AdminGroup "D-BIOL"
```
In this example, all groups of Admin Group "D-BIOL" are found that start with "ID-S4D"
In this example, all groups of Admin Group "D-BIOL" are found that start with "id-s4d"
## PARAMETERS
......
......@@ -8,7 +8,7 @@ schema: 2.0.0
# Get-ETHGroup
## SYNOPSIS
{{ Fill in the Synopsis }}
Gets details of a group from IAM
## SYNTAX
......@@ -17,16 +17,16 @@ Get-ETHGroup [-Identity] <String> [<CommonParameters>]
```
## DESCRIPTION
{{ Fill in the Description }}
Gets properties (and members) from a group in IAM
## EXAMPLES
### Example 1
```powershell
PS C:\> {{ Add example code here }}
### EXAMPLE 1
```
Get-ETHGroup biol-micro-isg
```
{{ Add example description here }}
Gets the details of a group in iam.
## PARAMETERS
......@@ -39,7 +39,7 @@ Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
......@@ -50,11 +50,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
## INPUTS
### None
## OUTPUTS
### System.Object
### PSCustomObject
### An object with all properties of a group
## NOTES
## RELATED LINKS
......@@ -8,7 +8,7 @@ schema: 2.0.0
# Get-ETHGroupMember
## SYNOPSIS
{{ Fill in the Synopsis }}
Gets members of a group in IAM
## SYNTAX
......@@ -17,16 +17,16 @@ Get-ETHGroupMember [-Identity] <String> [<CommonParameters>]
```
## DESCRIPTION
{{ Fill in the Description }}
Gets members of a group in IAM
## EXAMPLES
### Example 1
```powershell
PS C:\> {{ Add example code here }}
### EXAMPLE 1
```
Get-ETHGroupMember biol-micro-isg
```
{{ Add example description here }}
Gets all members of the group biol-micro-isg
## PARAMETERS
......@@ -39,7 +39,7 @@ Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
......@@ -50,11 +50,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
## INPUTS
### System.String
## OUTPUTS
### System.Object
### String[]
### A list of user/group names that are members of the group
## NOTES
## RELATED LINKS
This diff is collapsed.
......@@ -8,61 +8,87 @@ schema: 2.0.0
# Initialize-IAMClient
## SYNOPSIS
{{ Fill in the Synopsis }}
Initializes the IAMClient to work with the API
## SYNTAX
```
Initialize-IAMClient [-Credentials] <PSCredential> [-Force] [-EnableDebugOutput] [-ApiHost <String>]
[<CommonParameters>]
Initialize-IAMClient [[-Credential] <PSCredential>] [-SaveCredential] [-Force] [-EnableDebugOutput]
[-ApiHost <String>] [<CommonParameters>]
```
## DESCRIPTION
{{ Fill in the Description }}
Performs a login to the IAM Api and saves the credentials for the current session (or optionally permanent)
## EXAMPLES
### Example 1
```powershell
PS C:\> {{ Add example code here }}
### EXAMPLE 1
```
Initialize-IAMClient myuser4ea
```
Signs in to the IAM api with the user "myuser4ea", you will be prompted for the password.
### EXAMPLE 2
```
Initialize-IAMClient myuser4ea -SaveCred
```
{{ Add example description here }}
See Example 1, but stores the credential in the Windows Credential Manager
You will **never** need to perform the initialize command again!
## PARAMETERS
### -ApiHost
{{ Fill ApiHost Description }}
### -Credential
The login to use when logging in to the API.
If not given, PowerShell will ask manually for username / password.
```yaml
Type: String
Type: PSCredential
Parameter Sets: (All)
Aliases: Credentials
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -SaveCredential
When given, stores the password in the Windows Credential Manager for later re-use.
**This works only on Windows!**
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -Credentials
{{ Fill Credentials Description }}
### -Force
included for backwards compatibility
```yaml
Type: PSCredential
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -EnableDebugOutput
{{ Fill EnableDebugOutput Description }}
Use this parameter to enable verbose logging if an error occures and you are not sure if the API answers correctly.
The verbose output can used in e-mail communication (very recommended!)
```yaml
Type: SwitchParameter
......@@ -71,22 +97,22 @@ Aliases:
Required: False
Position: Named
Default value: None
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -Force
{{ Fill Force Description }}
### -ApiHost
You can specify a custom API endpoint if you want f.ex to connect to the QSS environment.
```yaml
Type: SwitchParameter
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Default value: Https://iam.passwort.ethz.ch/iam-ws-legacy/
Accept pipeline input: False
Accept wildcard characters: False
```
......@@ -96,11 +122,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
## INPUTS
### None
## OUTPUTS
### System.Object
## NOTES
## RELATED LINKS
......@@ -12,7 +12,7 @@ Locale: en-US
## IAMClient Cmdlets
### [Add-ETHGroupMember](Add-ETHGroupMember.md)
{{ Fill in the Synopsis }}
Adds members to a IAM group
### [Add-ETHMaillistMember](Add-ETHMaillistMember.md)
{{ Fill in the Synopsis }}
......@@ -30,10 +30,10 @@ Adds a new e-mail alias (proxyAddress) to a user's mailbox
Finds a Group in IAM
### [Get-ETHGroup](Get-ETHGroup.md)
{{ Fill in the Synopsis }}
Gets details of a group from IAM
### [Get-ETHGroupMember](Get-ETHGroupMember.md)
{{ Fill in the Synopsis }}
Gets members of a group in IAM
### [Get-ETHMaillist](Get-ETHMaillist.md)
{{ Fill in the Synopsis }}
......@@ -54,7 +54,7 @@ Gets the parameters of a IT-Service for a user (Similar to Get-ADUser)
Gets all memberships of the given user
### [Initialize-IAMClient](Initialize-IAMClient.md)
{{ Fill in the Synopsis }}
Initializes the IAMClient to work with the API
### [Invoke-IAMMethod](Invoke-IAMMethod.md)
{{ Fill in the Synopsis }}
......@@ -69,7 +69,7 @@ Creates a new group in IAM
Deletes a group in IAM
### [Remove-ETHGroupMember](Remove-ETHGroupMember.md)
{{ Fill in the Synopsis }}
Removes members from a group in IAM
### [Remove-ETHMaillist](Remove-ETHMaillist.md)
{{ Fill in the Synopsis }}
......
......@@ -8,7 +8,7 @@ schema: 2.0.0
# Remove-ETHGroupMember
## SYNOPSIS
{{ Fill in the Synopsis }}
Removes members from a group in IAM
## SYNTAX
......@@ -17,33 +17,25 @@ Remove-ETHGroupMember [-Identity] <String> [-Members] <String[]> [-WhatIf] [-Con
```
## DESCRIPTION
{{ Fill in the Description }}
Removes members from a group in IAM
## EXAMPLES
### Example 1
```powershell
PS C:\> {{ Add example code here }}
### EXAMPLE 1
```
Remove-ETHGroupMember -Identity "biol-micro-isg" -Members "aurels","jgrand"
```
{{ Add example description here }}
Removes two members from the group "biol-micro-isg"
## PARAMETERS
### EXAMPLE 2
```
"somegroup","someothergroup","somethirdgroup" | Remove-ETHGroupMember -Members "aurels","jgrand"
```
### -Confirm
Prompts you for confirmation before running the cmdlet.
Removes multiple members from multiple groups
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
## PARAMETERS
### -Identity
{{ Fill Identity Description }}
......@@ -54,9 +46,9 @@ Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Position: 1
Default value: None
Accept pipeline input: False
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
```
......@@ -69,7 +61,7 @@ Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
......@@ -91,16 +83,28 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -Confirm
Prompts you for confirmation before running the cmdlet.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### None
## OUTPUTS
### System.Object
## NOTES
## RELATED LINKS
......@@ -5,4 +5,53 @@ function Test-IsIAMClientInitialized {
}
return $true
}
function SaveCredToCredMan {
[CmdLetBinding()]
param(
[Parameter(Mandatory = $true)]
[pscredential]$Credential,
[Parameter(Mandatory = $true)]
[string]$PwIdentifier
)
try {
$PwVault = [Windows.Security.Credentials.PasswordVault, Windows.Security.Credentials, ContentType = WindowsRuntime]::new()
}
catch {
throw "Credential manager is only supported on Windows"
}
$PwCred = New-Object Windows.Security.Credentials.PasswordCredential -ArgumentList ($PwIdentifier, $Credential.UserName, $Credential.GetNetworkCredential().Password)
$PwVault.Add($PwCred)
}
function RetreiveCredFromCredMan {
[CmdLetBinding()]
param(
[Parameter(Mandatory = $true)]
[string]$PwIdentifier
)
try {
$PwVault = [Windows.Security.Credentials.PasswordVault, Windows.Security.Credentials, ContentType = WindowsRuntime]::new()
}
catch {
throw "Credential manager is only supported on Windows"
}
$PwCreds = $PwVault.FindAllByResource($PwIdentifier)
if ($PwCreds.Count -ne 1) {
throw "Found $($PwCreds.Count) matching credentials for identifier '$($PwIdentifier)'. Please clean up credman!"
}
# read password
$PwCreds[0].RetrievePassword()
return [pscredential]::new($PwCreds[0].UserName, (ConvertTo-SecureString $PwCreds[0].Password -AsPlainText -Force))
}
\ No newline at end of file
......@@ -81,28 +81,38 @@ Function Invoke-IAMMethod {
# if response is a string, is contains a json object
if ($null -ne $_.Exception.Response) {
# read answer from stream
if ($_.Exception.Response.Content.GetType().GetMethods().Name -contains "ReadAsStreamAsync") {
$responseStream = $_.Exception.Response.Content.ReadAsStreamAsync().Result
if ($_.Exception.Response -is [System.Net.HttpWebResponse]) {
# PowerShell 5
$responseStream = $_.Exception.Response.GetResponseStream()
}
else {
$responseStream = $_.Exception.Response.GetResponseStream()
# PowerShell 6+
$responseStream = $_.Exception.Response.Content.ReadAsStreamAsync().Result
}
$responseStream = $_.Exception.Response.Content.ReadAsStreamAsync().Result
# create streamreader to read from stream
$streamReader = new-object System.IO.StreamReader -ArgumentList $responseStream
# read
$responseStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$errResponse = $streamReader.ReadToEnd()
# clean up reader
# clean up reader and stream
$streamReader.Dispose()
$responseStream.Dispose()
# try to parse Response message
if ($errResponse -ne "") {
$Exception = $_.Exception
try {
$errObject = ConvertFrom-Json $errResponse
Write-Error -Exception $_ -Message ($errObject.level + " -> " + $errObject.message)
Write-Error -Exception $Exception -Message ($errObject.level + " -> " + $errObject.message)
return
}
catch {
Write-Error -Exception $Exception -Message $errResponse
# response did not contain valid JSON, return original error message ( see below )
throw;
}
}
......@@ -112,14 +122,13 @@ Function Invoke-IAMMethod {
# throw original error
throw $_
}
}
}
END {
return $Response
}
END {
return $Response
}
}
}
\ No newline at end of file
function Add-ETHGroupMember {
<#
.SYNOPSIS
Adds members to a IAM group
.DESCRIPTION
Adds one or more members to a IAM group
.EXAMPLE
Add-ETHGroupMember biol-micro-isg "aurels"
Adds one member "aurels" to the group "biol-micro-isg"
.EXAMPLE
"somegroup","someothergroup","somethirdgroup" | Add-ETHGroupMember "aurels","jgrand"
Adds multiple members to multiple groups
.OUTPUTS
PSCustomObject
An object containing all accepted / rejected / failed members
.FUNCTIONALITY
Adding members to a group
#>
[CmdletBinding(SupportsShouldProcess = 1)]
param (
[Parameter(Position = 0, Mandatory = 1, ValueFromPipeline = 1)]
......
......@@ -18,9 +18,9 @@ function Find-ETHGroup {
In this example, the all groups are found that start with "biol-micro-isg*"
.EXAMPLE
Find-ETHGroup -Name "biol-micro-isg*" -AdminGroup "D-BIOL"
Find-ETHGroup -Name "id-s4d*" -AdminGroup "D-BIOL"
In this example, all groups of Admin Group "D-BIOL" are found that start with "ID-S4D"
In this example, all groups of Admin Group "D-BIOL" are found that start with "id-s4d"
#>
param (
......@@ -57,7 +57,7 @@ function Find-ETHGroup {
$url += "agroup=$AdminGroup"
}
Invoke-IAMMethod -Url $url -Method Get -Credentials $script:IAMCreds |
Invoke-IAMMethod -Url $url -Method Get -Credentials $script:IAMCreds -ErrorAction Stop |
ForEach-Object { $_.pstypenames.Insert(0, "ETHZ.ID.IAMClient.IAMGroupSearchResult"); $_ } |
Sort-Object AdminGroup, type, Name
}
......
function Get-ETHGroup {
<#
.SYNOPSIS
Gets details of a group from IAM
.DESCRIPTION
Gets properties (and members) from a group in IAM
.EXAMPLE
Get-ETHGroup biol-micro-isg
Gets the details of a group in iam.
.OUTPUTS
PSCustomObject
An object with all properties of a group
.FUNCTIONALITY
Loading a group
#>
param (
[CmdletBinding()]
[Parameter(Position = 0, Mandatory = 1)]
......
function Get-ETHGroupMember {
<#
.SYNOPSIS
Gets members of a group in IAM
.DESCRIPTION
Gets members of a group in IAM
.EXAMPLE
Get-ETHGroupMember biol-micro-isg
Gets all members of the group biol-micro-isg
.OUTPUTS
String[]
A list of user/group names that are members of the group
.FUNCTIONALITY
Getting members of a group
#>
[CmdletBinding()]
param (
[Parameter(Position = 0, Mandatory = 1, ValueFromPipelineByPropertyName = 1)]
......
......@@ -6,7 +6,7 @@
This group contains the following cmdlets:
- [Add-ETHGroupmember](/docs/Add-ETHGroupmember.md)
- [Add-ETHGroupMember](/docs/Add-ETHGroupMember.md)
- [Find-ETHGroup](/docs/Find-ETHGroup.md)
- [Get-ETHGroup](/docs/Get-ETHGroup.md)
- [Get-ETHGroupMember](/docs/Get-ETHGroupMember.md)
......
function Remove-ETHGroupMember {
<#
.SYNOPSIS
Removes members from a group in IAM
.DESCRIPTION
Removes members from a group in IAM
.EXAMPLE
Remove-ETHGroupMember -Identity "biol-micro-isg" -Members "aurels","jgrand"
Removes two members from the group "biol-micro-isg"
.EXAMPLE
"somegroup","someothergroup","somethirdgroup" | Remove-ETHGroupMember -Members "aurels","jgrand"
Removes multiple members from multiple groups
.FUNCTIONALITY
Removing users from groups
#>
[CmdletBinding(SupportsShouldProcess = $true)]
param (
[Parameter(Position = 0, Mandatory = 1)]
[Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true)]
[string]$Identity,
[Parameter(Position = 1, Mandatory = 1)]
[Parameter(Position = 1, Mandatory = $true)]
[string[]]$Members
)
......@@ -14,17 +33,20 @@ function Remove-ETHGroupMember {
# Check if client is initialized
Test-IsIAMClientInitialized | Out-Null
# Validate input arguments
if (-not ($ExistingGroup = Get-ETHGroup -Identity $Identity)) {
throw "Group $Identity was not found"
}
# check if any members were specified
if ($Members.Count -le 0) {
throw "No members specified"
}
}
PROCESS {
# Validate group exists
if (-not ($ExistingGroup = Get-ETHGroup -Identity $Identity)) {
throw "Group $Identity was not found"
}
# get list of users to remove (skip non-members)
$ToRemoveMembers = @($Members | Where-Object { $ExistingGroup.members -contains $_ })
# Check if there are any members in the group that need to be removed
......
$PWIDENTIFIER = "ETH.PS.IAMClient.APIUSER"
function Initialize-IAMClient {
<#
.SYNOPSIS
Initializes the IAMClient to work with the API
.DESCRIPTION
Performs a login to the IAM Api and saves the credentials for the current session (or optionally permanent)
.PARAMETER Credential
The login to use when logging in to the API. If not given, PowerShell will ask manually for username / password.
.PARAMETER SaveCredential
When given, stores the password in the Windows Credential Manager for later re-use.
**This works only on Windows!**
.PARAMETER EnableDebugOutput
Use this parameter to enable verbose logging if an error occures and you are not sure if the API answers correctly.
The verbose output can used in e-mail communication (very recommended!)
.PARAMETER ApiHost
You can specify a custom API endpoint if you want f.ex to connect to the QSS environment.
.EXAMPLE
Initialize-IAMClient myuser4ea
Signs in to the IAM api with the user "myuser4ea", you will be prompted for the password.
.EXAMPLE
Initialize-IAMClient myuser4ea -SaveCred
See Example 1, but stores the credential in the Windows Credential Manager
You will **never** need to perform the initialize command again!
.FUNCTIONALITY
Use this CmdLet to connect the PS Module with the API.
#>
[CmdletBinding()]
param(
# Credentials to validate
[Parameter(Position = 1, Mandatory = 1)]
[pscredential]$Credentials,
[Parameter(Position = 0, Mandatory = $false)]
[Alias("Credentials")]
[pscredential]$Credential,
[Parameter(Mandatory = $false)]
[switch]$SaveCredential,
# included for backwards compatibility
[Parameter(DontShow = $true)]
[switch]$Force,
# for debug purposes
[switch]$EnableDebugOutput,
[string]$ApiHost = "https://iam.passwort.ethz.ch"
[string]$ApiHost = "https://iam.passwort.ethz.ch/iam-ws-legacy/"
)
if ($null -eq $Credential) {
$Credential = RetreiveCredFromCredMan -PwIdentifier $PWIDENTIFIER
}
$script:ApiHost = $ApiHost
if ($Force -eq $true) {
......@@ -27,11 +75,14 @@ function Initialize-IAMClient {
$VerbosePreference = "SilentlyContinue"
}
if (-not (Test-ETHCredentials $Credentials)) {
if (-not (Test-ETHCredentials $Credential)) {
throw "Could not validate your credentials"
}
$script:IAMCreds = $Credentials
if ($SaveCred) {
SaveCredToCredMan -Credential $Credential -PwIdentifier $PWIDENTIFIER
}
$script:IAMCreds = $Credential
Set-StrictMode -Version latest
......
......@@ -3,6 +3,7 @@ function Test-ETHCredentials {
[CmdletBinding()]
param (
[Parameter(Position = 0, Mandatory = 1)]
[ValidateNotNull()]
[pscredential]$Credentials
)
......