diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fdf26e404..ba4e266d2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ FIXES [#4451](https://github.com/microsoft/Microsoft365DSC/issues/4451) * DEPENDENCIES * Updated DSCParser to version 2.0.0.0. +* MISC + * Initial release of Get-M365DSCEvaluationRulesForConfiguration # 1.24.313.1 diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index ae229df4a9..a9410d2fec 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -78,7 +78,8 @@ 'Modules/M365DSCUtil.psm1', 'Modules/M365DSCDRGUtil.psm1', 'Modules/EncodingHelpers/M365DSCEmojis.psm1', - 'Modules/EncodingHelpers/M365DSCStringEncoding.psm1' + 'Modules/EncodingHelpers/M365DSCStringEncoding.psm1', + 'Modules/M365DSCConfigurationHelper.psm1' ) # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. @@ -91,6 +92,7 @@ 'Export-M365DSCConfiguration', 'Export-M365DSCDiagnosticData', 'Get-M365DSCNotificationEndPointRegistration', + 'Get-M365DSCEvaluationRulesForConfiguration', 'Import-M365DSCDependencies', 'New-M365DSCDeltaReport', 'New-M365DSCNotificationEndPointRegistration', diff --git a/Modules/Microsoft365DSC/Modules/M365DSCConfigurationHelper.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCConfigurationHelper.psm1 new file mode 100644 index 0000000000..ae63a74b80 --- /dev/null +++ b/Modules/Microsoft365DSC/Modules/M365DSCConfigurationHelper.psm1 @@ -0,0 +1,161 @@ +<# +.SYNOPSIS + Get the evaluation rules for guarding a given configuration. +.DESCRIPTION + This function will return all the evaluation rules for a given configuration either as a new configuration file or as a list of rules that can be used in a configuration to guard the resources. +.PARAMETER ConfigurationPath + The path to the configuration file. +.PARAMETER OutputPath + The path to the output file. If not provided, the function will return the evaluation rules as a string. +#> +function Get-M365DSCEvaluationRulesForConfiguration +{ + [CmdletBinding()] + [OutputType([System.String], ParameterSetName = 'Plaintext')] + [OutputType([System.Void], ParameterSetName = 'Configuration')] + param ( + [Parameter(ParameterSetName = ('Configuration', 'Plaintext'), Mandatory = $true)] + [string] + $ConfigurationPath, + + [Parameter(ParameterSetName = 'Configuration')] + [string] + $OutputPath, + + [Parameter(ParameterSetName = ('Configuration', 'Plaintext'), Mandatory = $true)] + [ValidateSet('ServicePrincipalWithThumbprint', 'ServicePrincipalWithSecret', 'ServicePrincipalWithPath', 'CredentialsWithTenantId', 'CredentialsWithApplicationId', 'Credentials', 'ManagedIdentity')] + [System.String] + $ConnectionMode + ) + + $configurationAsObject = ConvertTo-DSCObject -Path $ConfigurationPath + + $groupCondition = { + $_.ResourceName + } + + $groupedObjects = $configurationAsObject | Group-Object $groupCondition + + $M365DSCRuleEvaluationBlock = @' + # region Evaluation Rules + # This block contains the evaluation rules for the configuration. + # It is used to guard the resources in the configuration. + + # endregion +'@ + + switch ($ConnectionMode) + { + 'ServicePrincipalWithThumbprint' + { + $authentication = @" + ApplicationId = `$ConfigurationData.NonNodeData.ApplicationId + TenantId = `$ConfigurationData.NonNodeData.OrganizationName + CertificateThumbprint = `$ConfigurationData.NonNodeData.CertificateThumbprint +"@ + } + 'ServicePrincipalWithSecret' + { + $authentication = @" + ApplicationId = `$ConfigurationData.NonNodeData.ApplicationId + TenantId = `$ConfigurationData.NonNodeData.OrganizationName + CertificatePassword = `$CertificatePassword +"@ + } + 'ServicePrincipalWithPath' + { + $authentication = @" + ApplicationId = `$ConfigurationData.NonNodeData.ApplicationId + TenantId = `$ConfigurationData.NonNodeData.OrganizationName + CertificatePath = `$ConfigurationData.NonNodeData.CertificatePath +"@ + } + 'CredentialsWithTenantId' + { + $authentication = @" + Credential = `$CredsCredential + TenantId = `$ConfigurationData.NonNodeData.OrganizationName +"@ + } + 'CredentialsWithApplicationId' + { + $authentication = @" + Credential = `$CredsCredential + ApplicationId = `$ConfigurationData.NonNodeData.ApplicationId + TenantId = `$ConfigurationData.NonNodeData.OrganizationName +"@ + } + 'ManagedIdentity' + { + $authentication = @" + ManagedIdentity = `$true +"@ + } + 'Credentials' + { + $authentication = @" + Credential = `$CredsCredential +"@ + } + } + + $M365DSCRuleEvaluationResourceBlock = @' + M365DSCRuleEvaluation '' + { + ResourceName = '' + RuleDefinition = "*" + AfterRuleCountQuery = "-eq " + + } +'@ + + $resultConfiguration = @() + foreach ($group in $groupedObjects) + { + $resultConfiguration += $M365DSCRuleEvaluationResourceBlock -replace '', $group.Name -replace '', $group.Count -replace '', $authentication + } + + $M365DSCRuleEvaluationString = $M365DSCRuleEvaluationBlock -replace '', ($resultConfiguration -join "`n") + + if ($PSBoundParameters.Keys.Contains('OutputPath')) + { + if (-not (Test-Path -Path $OutputPath)) + { + New-Item -Path $OutputPath -ItemType File -Force | Out-Null + } + + $DSCString = @" + # Generated with Microsoft365DSC + # For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC + param ( + ) + + Configuration M365TenantConfig + { + param ( + ) + + $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName + + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + + } + } + + M365TenantConfig -ConfigurationData .\ConfigurationData.psd1 +"@ + + $M365DSCRuleEvaluationString = $DSCString -replace '', $M365DSCRuleEvaluationString + + $M365DSCRuleEvaluationString | Out-File -FilePath $OutputPath + } + else + { + return $M365DSCRuleEvaluationString + } +} + +Export-ModuleMember -Function Get-M365DSCEvaluationRulesForConfiguration