From c1cd37d435021c253a70905658d32ba39afd947e Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Thu, 5 Dec 2024 15:18:52 +0100 Subject: [PATCH] Fix export of Firewall policy settings --- CHANGELOG.md | 3 + .../MSFT_IntuneFirewallPolicyWindows10.psm1 | 9 +- ...SC.IntuneFirewallPolicyWindows10.Tests.ps1 | 144 ++++++++++++++++++ 3 files changed, 155 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c605e0b348..65d9636efd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* IntuneFirewallPolicyWindows10 + * Fix export of properties that appear multiple times in subsections. + # 1.24.1204.1 * All resources diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 index 143dd5854a..b8bf713da7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 @@ -492,12 +492,19 @@ function Get-TargetResource # Retrieve policy specific settings [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` + -All ` -DeviceManagementConfigurationPolicyId $Id ` -ExpandProperty 'settingDefinitions' ` -ErrorAction Stop + $policyTemplateId = $getValue.TemplateReference.TemplateId + [array]$settingDefinitions = Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate ` + -DeviceManagementConfigurationPolicyTemplateId $policyTemplateId ` + -ExpandProperty 'settingDefinitions' ` + -All ` + -ErrorAction Stop | Select-Object -ExpandProperty SettingDefinitions $policySettings = @{} - $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings + $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings -AllSettingDefinitions $settingDefinitions $results = @{ #region resource generator code diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 index 9dae7098d7..f4455f536b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 @@ -279,6 +279,150 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate -MockWith { + return @( + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_global_disablestatefulftp' + Name = 'DisableStatefulFtp' + OffsetUri = '/MdmStore/Global/DisableStatefulFtp' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + } + ) + }, + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/DomainProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/PublicProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_publicprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/PublicProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall' + } + ) + } + } + ) + }, + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Enable Firewall' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall_true' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/PublicProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Enable Firewall' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall_true' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + Name = 'Target' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/Target' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + } + ) + name = 'WSL' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + Name = '{VMCreatorId}' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + ) + maximumCount = 1 + minimumCount = 0 + } + } + ) + } + ) + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { }