public void Delete_NonExistingCAProd_ShouldReturnErrorAndResult()
{
// Arrange.
var controller = new ComputersController();
controller.Request = HttpRequestHandler.GenerateHttpRequestMessage();
string serverName = TestConstants.NonExistingComputerAccountToDeleteProd;
string environment = TestConstants.ProductionEnvironment;
string projectName = TestConstants.ExistingOrganizationalUnitProd;
string siteName = TestConstants.SitePrimary;
var caRequest = new ComputerAccountRequest()
{
serverName = serverName,
environment = environment,
projectName = projectName,
siteName = siteName
};
var expected = ComputerAccountResultGenerator.GenerateResultForNonExistingCADeleteProd(siteName);
// Act.
var result =
controller.Delete(serverName, TestConstants.checkpointAdminAcccessToken);
// Assert.
Assert.IsNotNull(result);
var caResult = result.Content.ReadAsAsync <ComputerAccountResult>().Result;
Assert.AreEqual(expected.action, caResult.action);
Assert.AreEqual(expected.message, caResult.message);
Assert.AreEqual(expected.objectADPath, caResult.objectADPath);
Assert.AreEqual(expected.serverName, caResult.serverName);
}
public void Post_NewCAInNewOUProd_ShouldReturnSuccessAndResult()
{
// Arrange.
var controller = new ComputersController();
controller.Request = HttpRequestHandler.GenerateHttpRequestMessage();
string serverName = TestConstants.NewComputerAccountProd;
string environment = TestConstants.ProductionEnvironment;
string projectName = TestConstants.NewOrganizationalUnitProd;
string siteName = TestConstants.SitePrimary;
var caRequest = new ComputerAccountRequest()
{
serverName = serverName,
environment = environment,
projectName = projectName,
siteName = siteName
};
var expected = ComputerAccountResultGenerator.GenerateResultForNewCAInProd(true, siteName);
// Act.
var result = controller.Post(TestConstants.checkpointAdminAcccessToken, caRequest);
// Cleanup.
ActiveDirectory.DeleteOrganizationalUnitTreeVoid(environment, projectName);
// Assert.
Assert.IsNotNull(result);
var caResult = result.Content.ReadAsAsync <ComputerAccountResult>().Result;
Assert.AreEqual(expected.action, caResult.action);
Assert.AreEqual(expected.message, caResult.message);
Assert.AreEqual(expected.objectADPath, caResult.objectADPath);
Assert.AreEqual(expected.serverName, caResult.serverName);
}
public HttpResponseMessage Post([FromUri] string accessToken, [FromBody] ComputerAccountRequest caRequest)
{
bool isAuth = CheckpointAuth.CheckCheckpointToken(accessToken);
HttpResponseMessage response = new HttpResponseMessage();
ComputerAccountResult result = new ComputerAccountResult();
if (isAuth)
{
if (caRequest.serverName.Length > 15)
{
result.action = "create";
result.message = "Computer Account name longer than 15 characters.";
result.serverName = caRequest.serverName;
response = Request.CreateResponse(HttpStatusCode.BadRequest, result);
}
else
{
result = ActiveDirectory.CreateComputerAccount(caRequest);
response = Request.CreateResponse(HttpStatusCode.OK, result);
}
}
else
{
result.action = "create";
result.message = "Invalid token.";
result.serverName = caRequest.serverName;
response = Request.CreateResponse(HttpStatusCode.Forbidden, result);
}
return(response);
}
private static DirectoryEntry GetDirectoryEntryBySite(ComputerAccountRequest request)
{
// Creating DirectoryEntry.
DirectoryEntry adSiteRoot;
// Determining selected environment for computer accoount.
if (request.environment.ToLower() == "production")
{
// Determining selected site for computer accoount.
switch (request.siteName.ToLower())
{
case "SITE1":
adSiteRoot = new DirectoryEntry($"LDAP://[DIRECTORY_PATH]");
break;
case "SITE2":
adSiteRoot = new DirectoryEntry($"[DIRECTORY_PATH]");
break;
case "SITE3":
adSiteRoot = new DirectoryEntry($"[DIRECTORY_PATH]");
break;
case "SITE4":
adSiteRoot = new DirectoryEntry($"[DIRECTORY_PATH]");
break;
case "SITE5":
adSiteRoot = new DirectoryEntry($"[DIRECTORY_PATH]");
break;
default:
adSiteRoot = null;
break;
}
}
else if (request.environment.ToLower() == "test")
{
// Determining selected site for computer accoount.
switch (request.siteName.ToLower())
{
case "SITE1":
adSiteRoot = new DirectoryEntry($"LDAP://[DIRECTORY_PATH]");
break;
case "SITE2":
adSiteRoot = new DirectoryEntry($"LDAP://[DIRECTORY_PATH]");
break;
case "SITE3":
adSiteRoot = new DirectoryEntry($"LDAP://[DIRECTORY_PATH]");
break;
case "SITE4":
adSiteRoot = new DirectoryEntry($"LDAP://[DIRECTORY_PATH]");
break;
case "SITE5":
adSiteRoot = new DirectoryEntry($"LDAP://[DIRECTORY_PATH]");
break;
default:
adSiteRoot = null;
break;
}
}
else
{
adSiteRoot = null;
}
return(adSiteRoot);
}
/// <summary>
/// This method receives a ComputerAccountRequest object containing the server name,
/// The site name and the project name and creates the computer account, a new OU
/// will be created if necessary.
/// </summary>
/// <param name="request">A ComputerAccountRequest object containing the server name,
/// the site name and the project name.</param>
public static void CreateComputerAccountVoid(ComputerAccountRequest request)
{
// Set up the result object.
ComputerAccountResult result = new ComputerAccountResult()
{
action = "create",
message = string.Empty,
serverName = request.serverName,
objectADPath = string.Empty
};
// Set up domain context.
PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain);
// Check if an existing computer account exists in AD.
ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(pc, request.serverName);
// Creating DirectoryEntry object.
DirectoryEntry adSiteRoot;
DirectoryEntry newOU;
DirectoryEntry newCA;
while (computer != null)
{
computer = ComputerPrincipal.FindByIdentity(pc, request.serverName);
}
if (computer == null)
{
// No such computer account, creating.
// Initializing DirectoryEntry object.
adSiteRoot = GetDirectoryEntryBySite(request);
if (adSiteRoot == null)
{
result.message = "Invalid site/environment provided.";
result.objectADPath = string.Empty;
}
else
{
// Generating path of the target OU by project name.
newOU = adSiteRoot.Children.Add($"OU={request.projectName}", "OrganizationalUnit");
// Checking if the OU already exists.
if (!DirectoryEntry.Exists(newOU.Path))
{
// OU doesn't exist, Creating new OU for the Computer Account.
newOU.CommitChanges();
}
// Creating new Computer Account in the OU.
newCA = newOU.Children.Add($"CN={request.serverName}", "computer");
// Applying Server Name in uppercase as the sAMAccountName because by default AD generates a random
// GUID for new servers.
// Adding a trailing $ due to pre-windows 2000 server name requirements.
newCA.Properties["sAMAccountName"].Value = request.serverName.ToUpper() + "$";
// Defining the properties PASSWD_NOTREQD and WORKSTATION_TRUST_ACCOUNT.
newCA.Properties["userAccountControl"].Value = 0x1020;
newCA.CommitChanges();
result.message = "Computer Account created successfully.";
result.objectADPath = newCA.Path;
}
}
else
{
// Computer already exists in AD.
result.message = "Computer Account already exists.";
result.objectADPath = computer.DistinguishedName;
}
}
