govc: support nested groups in sso.group.update

- Add '-g' flag to support nested groups - Find{User,Group} can return nil,nil, check to avoid panic. Fixes vmware#1861
jrmercier1 · Mar 11, 2020 · 56e878a · 56e878a
1 parent 8814b77
commit 56e878a
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 13 deletions.
diff --git a/govc/sso/group/update.go b/govc/sso/group/update.go
@@ -19,6 +19,7 @@ package group
 import (
 	"context"
 	"flag"
+	"fmt"
 
 	"github.com/vmware/govmomi/govc/cli"
 	"github.com/vmware/govmomi/govc/flags"
@@ -33,6 +34,7 @@ type update struct {
 	d string
 	a string
 	r string
+	g bool
 }
 
 func init() {
@@ -44,8 +46,9 @@ func (cmd *update) Register(ctx context.Context, f *flag.FlagSet) {
 	cmd.ClientFlag.Register(ctx, f)
 
 	f.StringVar(&cmd.d, "d", "", "Group description")
-	f.StringVar(&cmd.a, "a", "", "Add user to group")
-	f.StringVar(&cmd.r, "r", "", "Remove user from group")
+	f.StringVar(&cmd.a, "a", "", "Add user/group to group")
+	f.StringVar(&cmd.r, "r", "", "Remove user/group from group")
+	f.BoolVar(&cmd.g, "g", false, "Add/Remove group from group")
 }
 
 func (cmd *update) Description() string {
@@ -54,7 +57,9 @@ func (cmd *update) Description() string {
 Examples:
   govc sso.group.update -d "Group description" NAME
   govc sso.group.update -a user1 NAME
-  govc sso.group.update -r user2 NAME`
+  govc sso.group.update -r user2 NAME
+  govc sso.group.update -g -a group1 NAME
+  govc sso.group.update -g -r group2 NAME`
 }
 
 func (cmd *update) Run(ctx context.Context, f *flag.FlagSet) error {
@@ -72,21 +77,54 @@ func (cmd *update) Run(ctx context.Context, f *flag.FlagSet) error {
 		}
 
 		if cmd.a != "" {
-			user, err := c.FindUser(ctx, cmd.a)
-			if err != nil {
-				return err
-			}
-			if err = c.AddUsersToGroup(ctx, id, user.Id); err != nil {
-				return err
+			if cmd.g {
+				group, err := c.FindGroup(ctx, cmd.a)
+				if err != nil {
+					return err
+				}
+				if group == nil {
+					return fmt.Errorf("group %q not found", cmd.a)
+				}
+				if err = c.AddGroupsToGroup(ctx, id, group.Id); err != nil {
+					return err
+				}
+			} else {
+				user, err := c.FindUser(ctx, cmd.a)
+				if err != nil {
+					return err
+				}
+				if user == nil {
+					return fmt.Errorf("user %q not found", cmd.a)
+				}
+				if err = c.AddUsersToGroup(ctx, id, user.Id); err != nil {
+					return err
+				}
 			}
 		}
 
 		if cmd.r != "" {
-			user, err := c.FindUser(ctx, cmd.r)
-			if err != nil {
-				return err
+			var pid types.PrincipalId
+			if cmd.g {
+				group, err := c.FindGroup(ctx, cmd.r)
+				if err != nil {
+					return err
+				}
+				if group == nil {
+					return fmt.Errorf("group %q not found", cmd.r)
+				}
+				pid = group.Id
+			} else {
+				user, err := c.FindUser(ctx, cmd.r)
+				if err != nil {
+					return err
+				}
+				if user == nil {
+					return fmt.Errorf("user %q not found", cmd.r)
+				}
+				pid = user.Id
 			}
-			if err = c.RemoveUsersFromGroup(ctx, id, user.Id); err != nil {
+
+			if err := c.RemoveUsersFromGroup(ctx, id, pid); err != nil {
 				return err
 			}
 		}

diff --git a/ssoadmin/client.go b/ssoadmin/client.go
@@ -182,6 +182,17 @@ func (c *Client) RemoveUsersFromGroup(ctx context.Context, groupName string, use
 	return err
 }
 
+func (c *Client) AddGroupsToGroup(ctx context.Context, groupName string, groupIDs ...types.PrincipalId) error {
+	req := types.AddGroupsToLocalGroup{
+		This:      c.ServiceContent.PrincipalManagementService,
+		GroupName: groupName,
+		GroupIds:  groupIDs,
+	}
+
+	_, err := methods.AddGroupsToLocalGroup(ctx, c, &req)
+	return err
+}
+
 func (c *Client) CreateGroup(ctx context.Context, name string, details types.AdminGroupDetails) error {
 	req := types.CreateLocalGroup{
 		This:         c.ServiceContent.PrincipalManagementService,