Public/AccessControl/New-CISAMLGroup.ps1
|
function New-CISAMLGroup(){ <# .SYNOPSIS Adds a new SAML Group to the Cloud Director RBAC and assigns the group the provided Role .DESCRIPTION Adds a new SAML Group to the Cloud Director RBAC and assigns the group the provided Role .PARAMETER SystemScope Add to the RBAC of the System Scope .PARAMETER Organisation The Organisation Name .PARAMETER SAMLGroupName The SAML Group Name .PARAMETER RoleName The Cloud Director Role .EXAMPLE New-CISAMLGroup -SystemScope -SAMLGroupName "R-CD-Admins" -RoleName "System Administrators" Adds the SAML Group "R-CD-Admins" to the System Scope of the currently connected Cloud Director Service with the System Administrator role. .NOTES AUTHOR: Adrian Begg LASTEDIT: 2019-12-17 VERSION: 1.0 #> Param( [Parameter(Mandatory=$True, ParameterSetName = "System")] [switch] $SystemScope, [Parameter(Mandatory=$True, ParameterSetName = "Organisation")] [ValidateNotNullorEmpty()] [string] $Organisation, [Parameter(Mandatory=$True)] [ValidateNotNullorEmpty()] [string] $SAMLGroupName, [Parameter(Mandatory=$True)] [ValidateNotNullorEmpty()] [string] $RoleName ) # Always check if we are connected first Test-CIServerConnection | Out-Null # Define the request "Body" with the filters or mandatory parameters [Hashtable] $APIParameters = @{ type = "role" page = 1 pageSize = 128 links = "true" } # Next define basic request properties for the API call - the filter has to be passed into the URI to work around Encoding issues with the API service [Hashtable] $RequestParameters = @{ URI = "$($global:DefaultCIServers.ServiceUri)query" Method = "Get" APIVersion = 32 APIType = "Legacy" Data = $APIParameters } # Make the API call and return the result [xml] $Response = (Invoke-CICloudAPIRequest @RequestParameters).RawData # Check if the role exists $RoleObject = $Response.QueryResultRecords.RoleRecord | Where-Object {$_.name -eq $RoleName} if($RoleObject.count -ne 1){ throw "Could not find a unique Role $RoleName in the currently connected Org. Please check and try again." } #Construct the Payload $Payload = "<root:Group xmlns:root=""http://www.vmware.com/vcloud/v1.5"" name=""$SAMLGroupName""><root:ProviderType>SAML</root:ProviderType><root:Role href=""$($RoleObject.href)"" type=""application/vnd.vmware.admin.role+xml""/></root:Group>" if($PSBoundParameters.ContainsKey('SystemScope')){ # First retrieve the current configred policy $OrgURI = ($global:DefaultCIServers.ExtensionData.OrganizationReferences.OrganizationReference | Where-Object {$_.Name -eq "System"}).href } else { $OrgURI = ($global:DefaultCIServers.ExtensionData.OrganizationReferences.OrganizationReference | Where-Object {$_.Name -eq $Organisation}).href } # Check if the OrgURI is set if($OrgURI.Count -eq 0){ throw "An Organisation with the provided name could not be found with the connected credentials. Please check the paramters and try again." } [Hashtable] $RequestParameters = @{ URI = "$OrgURI/groups" Method = "Post" APIVersion = 33 APIType = "Legacy" LegacyAPIDataType = "XML" Data = $Payload } # Make the API call to create the group $Response = (Invoke-CICloudAPIRequest @RequestParameters).RawData } |