fix: update Update-VcenterRootPasswordExpiration empty email handling (vmware#177)

sowjuec · web-flow · commit 597c8be3680a · 2024-03-21T12:10:44.000-04:00
Fixed `Update-VcenterRootPasswordExpiration` to handle empty email string. Ref: vmware#171 Signed-off-by: Sowjanya.V <sowjanya.v@broadcom.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,14 +10,15 @@ Breaking Change:
 
 Enhancement:
 
-- Added 5.1.1.0 to  `Get-PasswordPolicyDefault` and `Get-PasswordPolicyConfig` to support VMware Cloud Foundation 5.1.1. [GH-164](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/164)
+- Added 5.1.1.0 to `Get-PasswordPolicyDefault` and `Get-PasswordPolicyConfig` to support VMware Cloud Foundation 5.1.1. [GH-164](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/164)
 - Enhanced `Get-PasswordPolicyDefault` to show summary in easily readable format. [GH-178](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/178)
 
 Bugfix:
 
 - Fixed missing account lockout policy data for SDDC Manager and vCenter Server. [GH-160](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/160)
-- Fixed `VMware.PowerCLI` module name not being mentioned in the required modules list of the manifest file. [GH-170](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/170)
+- Fixed `VMware.PowerCLI` module name not being added in the required modules list of the manifest file. [GH-170](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/170)
 - Fixed `Test-VcfPasswordManagementPrereq` not working while multiple module versions were present. [GH-174](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/174)
+- Fixed `Update-VcenterRootPasswordExpiration` to handle empty email string. [GH-177](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/177)
 
 Chore:
 
@@ -61,7 +62,7 @@ Bugfix:
 
 Enhancement:
 
-- Added 5.1.0.0 to  `Get-PasswordPolicyDefault` and `Get-PasswordPolicyConfig` to support VMware Cloud Foundation 5.1. [GH-130](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/130)
+- Added 5.1.0.0 to `Get-PasswordPolicyDefault` and `Get-PasswordPolicyConfig` to support VMware Cloud Foundation 5.1. [GH-130](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/130)
 - Updated `Update-SddcManagerPasswordComplexity`, `Update-SddcManagerAccountLockout`, and `Update-vCenterAccountLockout` cmdlet to support VMware Cloud Foundation 5.1 by addressing changes in Photon OS 4 for vCenter Server 8.0.2 and SDDC Manager 5.1. [GH-130](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/130)
 
 Documentation:
@@ -125,7 +126,7 @@ Bugfix:
 - Updated `Get-PasswordPolicyDefault` to include support for VMware Cloud Foundation 4.5.2. [GH-91](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/91)
 - Updated `Get-PasswordPolicyConfig` to include support for VMware Cloud Foundation 4.5.2. [GH-91](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/91)
 - Updated `Get-PasswordPolicyDefault` to include support for VMware Cloud Foundation 4.5.0. [GH-71](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/71)
-- Updated `Get-PasswordPolicyConfig` to include support for  VMware Cloud Foundation 4.5.0. [GH-71](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/71)
+- Updated `Get-PasswordPolicyConfig` to include support for VMware Cloud Foundation 4.5.0. [GH-71](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/71)
 - Updated `Invoke-PasswordPolicyManager` to address version support updates and JSON file depth handling. [GH-71](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/71)
 - Updated `Request-NsxtEdgePasswordExpiration` to pass the `-transportNodeId` parameter to `Get-NsxtApplianceUser` to retrieve the NSX Edge node ID. [GH-76](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/76)
 - Updated `Update-NsxtEdgePasswordExpiration` to pass the `-transportNodeId` parameter to `Get-NsxtApplianceUser` and `Set-NsxtApplianceUserExpirationPolicy` to retrieve the NSX Edge node ID. [GH-76](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/76)
@@ -214,7 +215,7 @@ Bugfix:
 - Fixed drift option error for `Publish-VcenterLocalAccountLockout`. [GH-34](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/34)
 - Fixed drift option error for `Publish-VcenterLocalPasswordExpiration`. [GH-34](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/34)
 - Fixed drift option error for `Publish-VcenterLocalPasswordComplexity`. [GH-34](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/34)
-- Handled empty email string values and "0" value for WSADirectory feilds coming from JSON file  `Test-PasswordPolicyConfig`. [GH-36](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/36)
+- Handled empty email string values and "0" value for WSADirectory feilds coming from JSON file `Test-PasswordPolicyConfig`. [GH-36](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/36)
 - Corrected Description in `Start-PasswordPolicyConfig`. [GH-36](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-password-management/pull/36)
 
 Enhancement:
diff --git a/VMware.CloudFoundation.PasswordManagement.psm1 b/VMware.CloudFoundation.PasswordManagement.psm1
@@ -4604,14 +4604,13 @@ Function Update-VcenterRootPasswordExpiration {
         [Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$user,
         [Parameter (Mandatory = $false)] [ValidateNotNullOrEmpty()] [String]$pass,
         [Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String]$domain,
-        [Parameter (Mandatory = $false, ParameterSetName = 'expire')] [ValidateNotNullOrEmpty()] [String]$email,
+        [Parameter (Mandatory = $false, ParameterSetName = 'expire')] [String]$email,
         [Parameter (Mandatory = $false, ParameterSetName = 'expire')] [ValidateNotNullOrEmpty()] [String]$maxDays,
         [Parameter (Mandatory = $false, ParameterSetName = 'expire')] [ValidateNotNullOrEmpty()] [String]$warnDays,
         [Parameter (Mandatory = $false, ParameterSetName = 'neverexpire')] [ValidateNotNullOrEmpty()] [Switch]$neverexpire
     )
 
     $pass = Get-Password -username $user -password $pass
-
     Try {
         if (Test-VCFConnection -server $server) {
             if (Test-VCFAuthentication -server $server -user $user -pass $pass) {
@@ -4631,9 +4630,47 @@ Function Update-VcenterRootPasswordExpiration {
                                         Write-Warning "Update Root Password Expiration Policy on vCenter Server ($($vcfVcenterDetails.fqdn)), already set: SKIPPED"
                                     }
                                 } else {
-                                    if ((Get-VcenterRootPasswordExpiration).max_days_between_password_change -ne $maxDays -or (Get-VcenterRootPasswordExpiration).email -ne $email -or (Get-VcenterRootPasswordExpiration).warn_days_before_password_expiration -ne $warnDays) {
-                                        Set-VcenterRootPasswordExpiration -email $email -maxDays $maxDays -warnDays $warnDays | Out-Null
-                                        if ((Get-VcenterRootPasswordExpiration).max_days_between_password_change -eq $maxDays -or (Get-VcenterRootPasswordExpiration).min_days_between_password_change -eq $minDays -or (Get-VcenterRootPasswordExpiration).warn_days_before_password_expiration -eq $warnDays) {
+                                    $vCenterRootPasswordExpirationSettings = Get-VcenterRootPasswordExpiration
+                                    $runUpdate = $true
+                                    $updateCommand = "Set-VcenterRootPasswordExpiration"
+                                    if ($maxDays) {
+                                        $updateCommand = $updateCommand + " -maxDays $maxDays"
+                                        if (($vCenterRootPasswordExpirationSettings).max_days_between_password_change -ne $maxDays) {
+                                            $runUpdate = $runUpdate -and $true                                            
+                                        } else {
+                                            $runUpdate = $runUpdate -and $false
+                                        }
+                                    } 
+                                    if ($warnDays) {
+                                        $updateCommand = $updateCommand + " -warnDays $warnDays"
+                                        if (($vCenterRootPasswordExpirationSettings).warn_days_before_password_expiration -ne $warnDays) {
+                                            $runUpdate = $runUpdate -and $true    
+                                        } else {
+                                            $runUpdate = $runUpdate -and $false
+                                        }
+                                    } 
+                                    if ($email) {
+                                        $updateCommand = $updateCommand + " -email $email"
+                                        if (($vCenterRootPasswordExpirationSettings).email -ne $email) {
+                                            $runUpdate = $runUpdate -and $true                                            
+                                        } else {
+                                            $runUpdate = $runUpdate -and $false    
+                                        }
+                                    }
+                                    if ($runUpdate) {
+                                        $condition = $true 
+                                        Invoke-Expression $updateCommand | Out-Null
+                                        $vCenterRootPasswordExpirationSettings = Get-VcenterRootPasswordExpiration
+                                        if ($maxDays) {
+                                            $condition =  $condition -and ($vCenterRootPasswordExpirationSettings).max_days_between_password_change -eq $maxDays
+                                        } 
+                                        if ($warnDays) {
+                                            $condition =  $condition -and ($vCenterRootPasswordExpirationSettings).warn_days_before_password_expiration -eq $warnDays
+                                        } 
+                                        if ($email) {
+                                            $condition =  $condition -and ($vCenterRootPasswordExpirationSettings).email -eq $email
+                                        }
+                                        if ($condition) {
                                             Write-Output "Update Root Password Expiration Policy on vCenter Server ($($vcfVcenterDetails.fqdn)): SUCCESSFUL"
                                         } else {
                                             Write-Error "Update Root Password Expiration Policy on vCenter Server ($($vcfVcenterDetails.fqdn)): POST_VALIDATION_FAILED"
