From 57a37ba4ded45c32fefaec77bc8b566713790c60 Mon Sep 17 00:00:00 2001 From: Piyush Dubey Date: Thu, 10 Oct 2024 01:44:12 +0530 Subject: [PATCH 1/2] first commit --- CHANGELOG.md | 2 + ...ADIdentityGovernanceLifecycleWorkflow.psm1 | 724 ++++++++++++++++++ ...tityGovernanceLifecycleWorkflow.schema.mof | 62 ++ .../readme.md | 6 + .../settings.json | 40 + .../1-Create.ps1 | 64 ++ .../2-Update.ps1 | 67 ++ .../3-Remove.ps1 | 64 ++ ...ntityGovernanceLifecycleWorkflow.Tests.ps1 | 240 ++++++ Tests/Unit/Stubs/Microsoft365.psm1 | 560 ++++++++++++++ 10 files changed, 1829 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityGovernanceLifecycleWorkflow.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b285f71d3..9587dcb3ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ * Initial release. * AADEntitlementManagementSettings * Added support for ApplicationSecret +* AADIdentityGovernanceLifecycleWorkflow + * Initial release. * ADOPermissionGroupSettings * Initial release. * M365DSCDRGUtil diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 new file mode 100644 index 0000000000..1e3a213421 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 @@ -0,0 +1,724 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Category, + + [Parameter()] + [System.Boolean] + $IsEnabled, + + [Parameter()] + [System.Boolean] + $IsSchedulingEnabled, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Tasks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExecutionConditions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + } + else + { + $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -Filter "DisplayName eq '$DisplayName'" + } + if ($null -eq $instance) + { + return $nullResult + } + + $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -WorkflowId $instance.Id + if($null -ne $instance) { + $executionConditionsResults = Get-M365DSCIdentityGovernanceWorkflowExecutionConditions -WorkflowId $instance.Id + $taskResults = Get-M365DSCIdentityGovernanceTasks -WorkflowId $instance.Id + } + + $results = @{ + DisplayName = $DisplayName; + Description = $instance.Description; + Category = $instance.Category; + IsEnabled = $instance.IsEnabled; + IsSchedulingEnabled = $instance.IsSchedulingEnabled; + Tasks = [Array]$taskResults + ExecutionConditions = $executionConditionsResults + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Host -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Category, + + [Parameter()] + [System.Boolean] + $IsEnabled, + + [Parameter()] + [System.Boolean] + $IsSchedulingEnabled, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Tasks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExecutionConditions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($null -ne $ExecutionConditions){ + $executionConditionsResult = @{ + Scope = @{ + Rule = $ExecutionConditions.ScopeValue.Rule + "@odata.type" = $ExecutionConditions.ScopeValue.ODataType + } + Trigger = @{ + OffsetInDays = $ExecutionConditions.TriggerValue.OffsetInDays + TimeBasedAttribute = $ExecutionConditions.TriggerValue.TimeBasedAttribute + "@odata.type" = $ExecutionConditions.TriggerValue.ODataType + } + "@odata.type" = $ExecutionConditions.ODataType + } + + $setParameters.Remove('ExecutionConditions') + $setParameters.Add('executionConditions', $executionConditionsResult) + } + + if ($null -ne $Tasks) { + $taskList = @() + + # Loop through each task and create a hashtable + foreach ($task in $Tasks) { + [Array]$argumentsArray = @() + + if ($task.Arguments) { + foreach ($arg in $task.Arguments) { + # Create a hashtable for each argument + $argumentsArray += @{ + Name = $arg.Name.ToString() + Value = $arg.Value.ToString() + } + } + } + $taskHashtable = @{ + DisplayName = $task.DisplayName.ToString() + Description = $task.Description.ToString() + Category = $task.Category.ToString() + IsEnabled = $task.IsEnabled + ExecutionSequence = $task.ExecutionSequence + ContinueOnError = $task.ContinueOnError + TaskDefinitionId = $task.TaskDefinitionId + + # If Arguments exist, populate the hashtable + Arguments = [Array]$argumentsArray + } + + # Add the task hashtable to the task list + $taskList += $taskHashtable + } + + $setParameters.Remove('Tasks') + $setParameters.Add('Tasks', $taskList) + } + + $UpdateParameters = ([Hashtable]$setParameters).clone() + + $newParams = @{} + $newParams.Add('workflow', $UpdateParameters) + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + New-MgBetaIdentityGovernanceLifecycleWorkflow @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -Filter "DisplayName eq '$DisplayName'" + $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -WorkflowId $instance.Id + + New-MgBetaIdentityGovernanceLifecycleWorkflowNewVersion -WorkflowId $instance.Id -BodyParameter $newParams -ErrorAction Stop + + # the below implementation of Update cmdlet can't be used for updating parameters other than basic parameters like display name, + # description, isEnabled, isSchedulingEnabled. Hence using the new version cmdlet for exhaustive update scenarios. + # Update-MgBetaIdentityGovernanceLifecycleWorkflow @setParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -Filter "DisplayName eq '$DisplayName'" + Remove-MgBetaIdentityGovernanceLifecycleWorkflow -WorkflowId $instance.Id + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Category, + + [Parameter()] + [System.Boolean] + $IsEnabled, + + [Parameter()] + [System.Boolean] + $IsSchedulingEnabled, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Tasks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExecutionConditions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $testTargetResource = $true + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + $testTargetResource = $false + } + else { + $ValuesToCheck.Remove($key) | Out-Null + } + } + } + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams + + if(-not $TestResult) + { + $testTargetResource = $false + } + + Write-Verbose -Message "Test-TargetResource returned $testTargetResource" + + return $testTargetResource +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaIdentityGovernanceLifecycleWorkflow -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.DisplayName + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + DisplayName = $config.DisplayName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($null -ne $Results.Tasks) + { + $Results.Tasks = Get-M365DSCIdentityGovernanceTasksAsString $Results.Tasks + } + + if ($null -ne $Results.ExecutionConditions) + { + $Results.ExecutionConditions = Get-M365DSCIdentityGovernanceWorkflowExecutionConditionsAsString $Results.ExecutionConditions + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($null -ne $Results.Tasks) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` + -ParameterName 'Tasks' + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` + -ParameterName 'ExecutionConditions' + } + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Get-M365DSCIdentityGovernanceTasks +{ + [CmdletBinding()] + [OutputType([Array])] + param( + [Parameter(Mandatory = $true)] + $WorkflowId + ) + + + # Get the tasks from the specified workflow + $tasks = Get-MgBetaIdentityGovernanceLifecycleWorkflowTask -WorkflowId $WorkflowId + + # Initialize an array to hold the hashtables + $taskList = @() + + if($null -eq $tasks) + { + return $taskList + } + + # Loop through each task and create a hashtable + foreach ($task in $tasks) { + [Array]$argumentsArray = @() + + if ($task.Arguments) { + foreach ($arg in $task.Arguments) { + # Create a hashtable for each argument + $argumentsArray += @{ + Name = $arg.Name.ToString() + Value = $arg.Value.ToString() + } + } + } + $taskHashtable = @{ + DisplayName = $task.DisplayName.ToString() + Description = $task.Description.ToString() + Category = $task.Category.ToString() + IsEnabled = $task.IsEnabled + ExecutionSequence = $task.ExecutionSequence + ContinueOnError = $task.ContinueOnError + TaskDefinitionId = $task.TaskDefinitionId + + # If Arguments exist, populate the hashtable + Arguments = [Array]$argumentsArray + } + + # Add the task hashtable to the task list + $taskList += $taskHashtable + } + + return $taskList +} + +function Get-M365DSCIdentityGovernanceTasksAsString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = $true)] + [System.Collections.ArrayList] + $Tasks + ) + + $StringContent = [System.Text.StringBuilder]::new() + $StringContent.Append('@(') | Out-Null + + foreach ($task in $Tasks) + { + $StringContent.Append("`n MSFT_AADIdentityGovernanceTask {`r`n") | Out-Null + $StringContent.Append(" DisplayName = '" + $task.DisplayName + "'`r`n") | Out-Null + $StringContent.Append(" Description = '" + $task.Description.replace("'","''") + "'`r`n") | Out-Null + $StringContent.Append(" Category = '" + $task.Category + "'`r`n") | Out-Null + $StringContent.Append(" IsEnabled = $" + $task.IsEnabled + "`r`n") | Out-Null + $StringContent.Append(" ExecutionSequence = " + $task.ExecutionSequence + "`r`n") | Out-Null + $StringContent.Append(" ContinueOnError = $" + $task.ContinueOnError + "`r`n") | Out-Null + $StringContent.Append(" TaskDefinitionId = '" + $task.TaskDefinitionId + "'`r`n") | Out-Null + + if ($task.Arguments.Length -gt 0) + { + $StringContent.Append(" Arguments = @(`r`n") | Out-Null + foreach ($argument in $task.Arguments) + { + $StringContent.Append(" MSFT_AADIdentityGovernanceTaskArguments {`r`n") | Out-Null + $StringContent.Append(" Name = '" + $argument.Name + "'`r`n") | Out-Null + $StringContent.Append(" Value = '" + $argument.Value + "'`r`n") | Out-Null + $StringContent.Append(" }`r`n") | Out-Null + } + $StringContent.Append(" )`r`n") | Out-Null + } + else + { + $StringContent.Append(" Arguments = @()`r`n") | Out-Null + } + + $StringContent.Append(" }`r`n") | Out-Null + } + + $StringContent.Append(' )') | Out-Null + return $StringContent.ToString() +} + +function Get-M365DSCIdentityGovernanceWorkflowExecutionConditions +{ + [CmdletBinding()] + [OutputType([Hashtable])] + param( + [Parameter(Mandatory = $true)] + $WorkflowId + ) + + $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -WorkflowId $WorkflowId + $executionConditionsResult = @{} + + if($null -ne $instance -and $null -ne $instance.ExecutionConditions){ + $executionConditions = $instance.ExecutionConditions.AdditionalProperties + $executionConditionsResult = @{ + ScopeValue = @{ + Rule = $ExecutionConditions['scope']['rule'] + OdataType = $ExecutionConditions['scope']['@odata.type'] + } + TriggerValue = @{ + OffsetInDays = $ExecutionConditions['trigger']['offsetInDays'] + TimeBasedAttribute = $ExecutionConditions['trigger']['timeBasedAttribute'] + ODataType = $ExecutionConditions['trigger']['@odata.type'] + } + OdataType = $ExecutionConditions['@odata.type'] + } + } + + return $executionConditionsResult +} + +function Get-M365DSCIdentityGovernanceWorkflowExecutionConditionsAsString { + [CmdletBinding()] + [OutputType([System.String])] + param ( + [Parameter(Mandatory = $true)] + [hashtable] $ExecutionConditions + ) + + $StringContent = [System.Text.StringBuilder]::new() + + # Start of execution conditions + $StringContent.Append("MSFT_IdentityGovernanceWorkflowExecutionConditions {`r`n") | Out-Null + + # Scope section + if ($null -ne $ExecutionConditions.ScopeValue) { + $StringContent.Append(" ScopeValue = MSFT_IdentityGovernanceScope {`r`n") | Out-Null + $StringContent.Append(" Rule = '" + $ExecutionConditions.ScopeValue.Rule.replace("'","''") + "'`r`n") | Out-Null + $StringContent.Append(" ODataType = '" + $ExecutionConditions.ScopeValue.ODataType + "'`r`n") | Out-Null + $StringContent.Append(" }`r`n") | Out-Null + } + + # Trigger section + if ($null -ne $ExecutionConditions.TriggerValue) { + $StringContent.Append(" TriggerValue = MSFT_IdentityGovernanceTrigger {`r`n") | Out-Null + $StringContent.Append(" OffsetInDays = " + $ExecutionConditions.TriggerValue.OffsetInDays + "`r`n") | Out-Null + $StringContent.Append(" TimeBasedAttribute = '" + $ExecutionConditions.TriggerValue.TimeBasedAttribute + "'`r`n") | Out-Null + $StringContent.Append(" ODataType = '" + $ExecutionConditions.TriggerValue.OdataType + "'`r`n") | Out-Null + $StringContent.Append(" }`r`n") | Out-Null + } + + # OdataType for executionConditions + if ($null -ne $ExecutionConditions.ODataType) { + $StringContent.Append(" ODataType = '" + $ExecutionConditions.ODataType + "'`r`n") | Out-Null + } + + # End of execution conditions + $StringContent.Append(" }") | Out-Null + + return $StringContent.ToString() +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.schema.mof new file mode 100644 index 0000000000..6af12f51bb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.schema.mof @@ -0,0 +1,62 @@ +[ClassVersion("1.0.0")] +class MSFT_IdentityGovernanceScope +{ + [Write, Description("The @odata.type for the Scope.")] String OdataType; + [Write, Description("The rule associated with the Scope.")] String Rule; +}; + +[ClassVersion("1.0.0")] +class MSFT_IdentityGovernanceTrigger +{ + [Write, Description("The @odata.type for the Trigger.")] String OdataType; + [Write, Description("The time-based attribute for the Trigger.")] String TimeBasedAttribute; + [Write, Description("The offset in days for the Trigger.")] SInt32 OffsetInDays; +}; + +[ClassVersion("1.0.0")] +class MSFT_IdentityGovernanceWorkflowExecutionConditions +{ + [Write, Description("The @odata.type for the Workflow Execution Conditions.")] String OdataType; + [Write, Description("The scope for the Workflow Execution Conditions."), EmbeddedInstance("MSFT_IdentityGovernanceScope")] String ScopeValue; + [Write, Description("The trigger for the Workflow Execution Conditions."), EmbeddedInstance("MSFT_IdentityGovernanceTrigger")] String TriggerValue; +}; + +[ClassVersion("1.0.0")] +class MSFT_AADIdentityGovernanceTaskArguments +{ + [Key, Description("The name of the key")] String Name; + [Write, Description("The value associated with the key")] String Value; +}; + +[ClassVersion("1.0.0")] +class MSFT_AADIdentityGovernanceTask +{ + [Write, Description("Specifies the display name of the Workflow Task")] String DisplayName; + [Write, Description("Description of the Workflow Task")] String Description; + [Write, Description("Category of the Workflow Task")] String Category; + [Write, Description("Indicates if the Workflow Task is enabled or not")] Boolean IsEnabled; + [Write, Description("The sequence in which the task is executed")] SInt32 ExecutionSequence; + [Write, Description("Specifies whether the task should continue on error")] Boolean ContinueOnError; + [Write, Description("ID of the task definition associated with this Workflow Task")] String TaskDefinitionId; + [Write, Description("Arguments for the Workflow Task"), EmbeddedInstance("MSFT_AADIdentityGovernanceTaskArguments")] String Arguments[]; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("AADIdentityGovernanceLifecycleWorkflow")] +class MSFT_AADIdentityGovernanceLifecycleWorkflow : OMI_BaseResource +{ + [Key, Description("Specifies the Display Name of the Workflow")] String DisplayName; + [Write, Description("Description of the Workflow")] String Description; + [Write, Description("Category of the Workflow")] String Category; + [Write, Description("Indicates if the Workflow is enabled")] Boolean IsEnabled; + [Write, Description("Indicates if scheduling is enabled for the Workflow")] Boolean IsSchedulingEnabled; + [Write, Description("Tasks associated with this workflow"), EmbeddedInstance("MSFT_AADIdentityGovernanceTask")] String Tasks[]; + [Write, Description("ExecutionConditions for this workflow"), EmbeddedInstance("MSFT_IdentityGovernanceWorkflowExecutionConditions")] String ExecutionConditions; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/readme.md new file mode 100644 index 0000000000..37e7f8f0ac --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/readme.md @@ -0,0 +1,6 @@ + +# AADIdentityGovernanceLifecycleWorkflow + +## Description + +Use this resource to manage Lifecycle workflows. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/settings.json new file mode 100644 index 0000000000..927836ff9b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/settings.json @@ -0,0 +1,40 @@ +{ + "resourceName": "AADIdentityGovernanceLifecycleWorkflow", + "description": "Use this resource to manage Lifecycle workflows.", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Security Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "LifecycleWorkflows.Read.All" + } + ], + "update": [ + { + "name": "LifecycleWorkflows.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "LifecycleWorkflows.Read.All" + } + ], + "update": [ + { + "name": "LifecycleWorkflows.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 new file mode 100644 index 0000000000..201fdda338 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 @@ -0,0 +1,64 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADIdentityGovernanceLifecycleWorkflow "AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version" + { + Category = "joiner"; + Credential = $Credscredential; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + Ensure = "Present"; + ExecutionConditions = MSFT_IdentityGovernanceWorkflowExecutionConditions { + ScopeValue = MSFT_IdentityGovernanceScope { + Rule = '(not (country eq ''Brazil''))' + ODataType = '#microsoft.graph.identityGovernance.ruleBasedSubjectSet' + } + TriggerValue = MSFT_IdentityGovernanceTrigger { + OffsetInDays = 4 + TimeBasedAttribute = 'employeeHireDate' + ODataType = '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger' + } + ODataType = '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions' + }; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Tasks = @( + MSFT_AADIdentityGovernanceTask { + DisplayName = 'Add user to groups' + Description = 'Add user to selected groups' + Category = 'joiner,leaver,mover' + IsEnabled = $True + ExecutionSequence = 1 + ContinueOnError = $True + TaskDefinitionId = '22085229-5809-45e8-97fd-270d28d66910' + Arguments = @( + MSFT_AADIdentityGovernanceTaskArguments { + Name = 'groupID' + Value = '7ad01e00-8c3a-42a6-baaf-39f2390b2565' + } + ) + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 new file mode 100644 index 0000000000..1ed9701969 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 @@ -0,0 +1,67 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADIdentityGovernanceLifecycleWorkflow "AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version" + { + Category = "joiner"; + Credential = $Credscredential; + #updated description + Description = "Updated description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + Ensure = "Present"; + ExecutionConditions = MSFT_IdentityGovernanceWorkflowExecutionConditions { + ScopeValue = MSFT_IdentityGovernanceScope { + #updated rule + Rule = '(not (country eq ''America''))' + ODataType = '#microsoft.graph.identityGovernance.ruleBasedSubjectSet' + } + TriggerValue = MSFT_IdentityGovernanceTrigger { + OffsetInDays = 4 + TimeBasedAttribute = 'employeeHireDate' + ODataType = '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger' + } + ODataType = '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions' + }; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Tasks = @( + MSFT_AADIdentityGovernanceTask { + DisplayName = 'Add user to groups' + #updated description + Description = 'Add user to selected groups updated' + Category = 'joiner,leaver,mover' + IsEnabled = $True + ExecutionSequence = 1 + ContinueOnError = $True + TaskDefinitionId = '22085229-5809-45e8-97fd-270d28d66910' + Arguments = @( + MSFT_AADIdentityGovernanceTaskArguments { + Name = 'groupID' + Value = '7ad01e00-8c3a-42a6-baaf-39f2390b2565' + } + ) + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 new file mode 100644 index 0000000000..fa2840fe12 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 @@ -0,0 +1,64 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADIdentityGovernanceLifecycleWorkflow "AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version" + { + Category = "joiner"; + Credential = $Credscredential; + Description = "Updated description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + Ensure = "Absent"; + ExecutionConditions = MSFT_IdentityGovernanceWorkflowExecutionConditions { + ScopeValue = MSFT_IdentityGovernanceScope { + Rule = '(not (country eq ''America''))' + ODataType = '#microsoft.graph.identityGovernance.ruleBasedSubjectSet' + } + TriggerValue = MSFT_IdentityGovernanceTrigger { + OffsetInDays = 4 + TimeBasedAttribute = 'employeeHireDate' + ODataType = '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger' + } + ODataType = '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions' + }; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Tasks = @( + MSFT_AADIdentityGovernanceTask { + DisplayName = 'Add user to groups' + Description = 'Add user to selected groups updated' + Category = 'joiner,leaver,mover' + IsEnabled = $True + ExecutionSequence = 1 + ContinueOnError = $True + TaskDefinitionId = '22085229-5809-45e8-97fd-270d28d66910' + Arguments = @( + MSFT_AADIdentityGovernanceTaskArguments { + Name = 'groupID' + Value = '7ad01e00-8c3a-42a6-baaf-39f2390b2565' + } + ) + } + ); + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityGovernanceLifecycleWorkflow.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityGovernanceLifecycleWorkflow.Tests.ps1 new file mode 100644 index 0000000000..98152b6d9f --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityGovernanceLifecycleWorkflow.Tests.ps1 @@ -0,0 +1,240 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Update-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + } + + Mock -CommandName Remove-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + } + + Mock -CommandName New-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + } + + Mock -CommandName New-MgBetaIdentityGovernanceLifecycleWorkflowNewVersion -MockWith { + } + + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + } + + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflowTask -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Ensure = 'Present' + Credential = $Credential; + } + + ##TODO - Mock the Get-MgBetaIdentityGovernanceLifecycleWorkflow to return $null + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + return $null + } + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflowTask -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaIdentityGovernanceLifecycleWorkflow -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + return @{ + Id = "random guid" + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + } + } + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflowTask -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaIdentityGovernanceLifecycleWorkflow -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Tasks = $null + ExecutionConditions = (New-CimInstance -ClassName MSFT_IdentityGovernanceWorkflowExecutionConditions -Property @{ + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + return @{ + Id = "random guid" + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + } + } + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflowTask -MockWith { + return $null + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + return @{ + Id = "random guid" + Category = "joiner"; + Description = "Drifted Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + } + } + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflowTask -MockWith { + return $null + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaIdentityGovernanceLifecycleWorkflowNewVersion -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflow -MockWith { + return @{ + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + IsEnabled = $True; + IsSchedulingEnabled = $False; + } + } + Mock -CommandName Get-MgBetaIdentityGovernanceLifecycleWorkflowTask -MockWith { + return $null + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index bbc1300dac..37f917d882 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -30578,6 +30578,566 @@ function Get-MgBetaEntitlementManagementConnectedOrganizationInternalSponsor $HttpPipelineAppend ) } + +function Get-MgBetaIdentityGovernanceLifecycleWorkflow +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $WorkflowId, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaIdentityGovernanceLifecycleWorkflowTask +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $WorkflowId, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $TaskId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaIdentityGovernanceLifecycleWorkflow +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $TaskReports, + + [Parameter()] + [System.DateTime] + $NextScheduleRunDateTime, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.Hashtable] + $ExecutionConditions, + + [Parameter()] + [PSObject] + $Runs, + + [Parameter()] + [PSObject] + $Versions, + + [Parameter()] + [System.Int32] + $Version, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $UserProcessingResults, + + [Parameter()] + [PSObject] + $CreatedBy, + + [Parameter()] + [PSObject] + $ExecutionScope, + + [Parameter()] + [System.String] + $Category, + + [Parameter()] + [PSObject] + $LastModifiedBy, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $Tasks, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsSchedulingEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsEnabled, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaIdentityGovernanceLifecycleWorkflowNewVersion +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $WorkflowId, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $Workflow, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaIdentityGovernanceLifecycleWorkflow +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [System.String] + $WorkflowId, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} + +function Update-MgBetaIdentityGovernanceLifecycleWorkflow +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.String] + $WorkflowId, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $TaskReports, + + [Parameter()] + [System.DateTime] + $NextScheduleRunDateTime, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.Hashtable] + $ExecutionConditions, + + [Parameter()] + [PSObject] + $Runs, + + [Parameter()] + [PSObject] + $Versions, + + [Parameter()] + [System.Int32] + $Version, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $UserProcessingResults, + + [Parameter()] + [PSObject] + $CreatedBy, + + [Parameter()] + [PSObject] + $ExecutionScope, + + [Parameter()] + [System.String] + $Category, + + [Parameter()] + [PSObject] + $LastModifiedBy, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $Tasks, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsSchedulingEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsEnabled, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} function Get-MgBetaRoleManagementDirectory { [CmdletBinding()] From e36c14c005d1034ab6e2bae2430e070680ec4291 Mon Sep 17 00:00:00 2001 From: Piyush Dubey Date: Fri, 11 Oct 2024 12:28:25 +0530 Subject: [PATCH 2/2] updating examples --- .../AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 | 4 +++- .../AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 | 4 +++- .../AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 index 201fdda338..0b86b74b9a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/1-Create.ps1 @@ -24,7 +24,6 @@ Configuration Example AADIdentityGovernanceLifecycleWorkflow "AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version" { Category = "joiner"; - Credential = $Credscredential; Description = "Description the onboard of prehire employee"; DisplayName = "Onboard pre-hire employee updated version"; Ensure = "Present"; @@ -59,6 +58,9 @@ Configuration Example ) } ); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 index 1ed9701969..b7db5fd0a6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/2-Update.ps1 @@ -24,7 +24,6 @@ Configuration Example AADIdentityGovernanceLifecycleWorkflow "AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version" { Category = "joiner"; - Credential = $Credscredential; #updated description Description = "Updated description the onboard of prehire employee"; DisplayName = "Onboard pre-hire employee updated version"; @@ -62,6 +61,9 @@ Configuration Example ) } ); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 index fa2840fe12..0af81405a2 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADIdentityGovernanceLifecycleWorkflow/3-Remove.ps1 @@ -24,7 +24,6 @@ Configuration Example AADIdentityGovernanceLifecycleWorkflow "AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version" { Category = "joiner"; - Credential = $Credscredential; Description = "Updated description the onboard of prehire employee"; DisplayName = "Onboard pre-hire employee updated version"; Ensure = "Absent"; @@ -59,6 +58,9 @@ Configuration Example ) } ); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } }