Skip to content

Commit

Permalink
Merge pull request #3692 from William-Francillette/fix3639
Browse files Browse the repository at this point in the history
PR -  AADEntitlementManagementAccessPackageAssignmentPolicy - FIXES [#3639]
  • Loading branch information
NikCharlebois authored Oct 3, 2023
2 parents 9533d9a + d71340b commit 7cf3870
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 69 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

# UNRELEASED

* AADEntitlementManagementAccessPackageAssignmentPolicy
* [BREAKING CHANGE] Fixes customExtension property where the schema and assignement
were not managed correctly.
FIXES [#3639](https://github.com/microsoft/Microsoft365DSC/issues/3639)
* AADEntitlementManagementConnectedOrganization
* Fixed [[#3738](https://github.com/microsoft/Microsoft365DSC/issues/3738)]
* EXOCalendarProcessing
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -271,11 +271,9 @@ function Get-TargetResource
foreach ($customExtensionHandler in $getValue.CustomExtensionHandlers)
{
$customExt = @{
Id = $customExtensionHandler.Id
#Id = $customExtensionHandler.Id #Read Only
Stage = $customExtensionHandler.Stage
CustomExtension = @{
Id = $customExtensionHandler.CustomExtension.Id
}
CustomExtensionId = $customExtensionHandler.CustomExtension.Id
}
$formattedCustomExtensionHandlers += $customExt
}
Expand Down Expand Up @@ -476,6 +474,21 @@ function Set-TargetResource
}
}
}
If ($null -ne $CreateParameters.CustomExtensionHandlers -and $CreateParameters.CustomExtensionHandlers.count -gt 0 )
{
$formattedCustomExtensionHandlers = @()
foreach ($customExtensionHandler in $CreateParameters.CustomExtensionHandlers)
{
$extensionId= $customExtensionHandler.CustomExtensionId
$formattedCustomExtensionHandlers += @{
stage = $customExtensionHandler.Stage
customExtension = @{
id = $extensionId
}
}
}
$CreateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers
}
New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy `
-BodyParameter $CreateParameters
}
Expand Down Expand Up @@ -503,7 +516,7 @@ function Set-TargetResource
# Convert back user principal names to Ids
if ($null -ne $UpdateParameters.AccessReviewSettings -and $null -ne $UpdateParameters.AccessReviewSettings.Reviewers)
{
Write-Verbose -Message "Updating Reviewers' Id"
#Write-Verbose -Message "Updating Reviewers' Id"
for ($i = 0; $i -lt $UpdateParameters.AccessReviewSettings.Reviewers.Length; $i++)
{
$reviewer = $UpdateParameters.AccessReviewSettings.Reviewers[$i]
Expand All @@ -516,10 +529,10 @@ function Set-TargetResource
}
if ($null -ne $UpdateParameters.RequestorSettings -and $null -ne $UpdateParameters.RequestorSettings.AllowedRequestors)
{
Write-Verbose -Message "Updating Requestors' Id"
#Write-Verbose -Message "Updating Requestors' Id"
for ($i = 0; $i -lt $UpdateParameters.RequestorSettings.AllowedRequestors.Length; $i++)
{
Write-Verbose -Message "Requestor: $($UpdateParameters.RequestorSettings.AllowedRequestors[$i].Id)"
#Write-Verbose -Message "Requestor: $($UpdateParameters.RequestorSettings.AllowedRequestors[$i].Id)"
$requestor = $UpdateParameters.RequestorSettings.AllowedRequestors[$i]
$user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($requestor.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
if ($null -ne $user)
Expand All @@ -528,6 +541,23 @@ function Set-TargetResource
}
}
}
If ($null -ne $UpdateParameters.CustomExtensionHandlers -and $UpdateParameters.CustomExtensionHandlers.count -gt 0 )
{
$formattedCustomExtensionHandlers = @()
foreach ($customExtensionHandler in $UpdateParameters.CustomExtensionHandlers)
{
$extensionId= $customExtensionHandler.CustomExtensionId
$formattedCustomExtensionHandlers += @{
stage = $customExtensionHandler.Stage
customExtension = @{
id = $extensionId
}
}
}
$UpdateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers
}

#write-verbose ($UpdateParameters|convertto-json -Depth 100)
Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy `
-BodyParameter $UpdateParameters `
-AccessPackageAssignmentPolicyId $currentInstance.Id
Expand Down Expand Up @@ -885,23 +915,6 @@ function Export-TargetResource
}
if ($null -ne $Results.CustomExtensionHandlers )
{
$complexMapping = @(
@{
Name = 'AuthenticationConfiguration'
CimInstanceName = 'MicrosoftGraphcustomextensionauthenticationconfiguration'
IsRequired = $false
}
@{
Name = 'ClientConfiguration'
CimInstanceName = 'MicrosoftGraphcustomextensionclientconfiguration'
IsRequired = $false
}
@{
Name = 'EndpointConfiguration'
CimInstanceName = 'MicrosoftGraphcustomextensionauthenticationconfiguration'
IsRequired = $false
}
)
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
-ComplexObject $Results.CustomExtensionHandlers `
-CIMInstanceName MicrosoftGraphcustomextensionhandler `
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,38 +84,10 @@ class MSFT_MicrosoftGraphrequestorsettings
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphcustomextensionhandler
{
[Write, Description("Indicates which custom workflow extension will be executed at this stage."), EmbeddedInstance("MSFT_MicrosoftGraphcustomaccesspackageworkflowextension")] String CustomExtension;
[Write, Description("Indicates which custom workflow extension will be executed at this stage.")] String CustomExtensionId;
[Write, Description("Indicates the stage of the access package assignment request workflow when the access package custom extension runs."), ValueMap{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}, Values{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}] String Stage;
[Write, Description("Identifier of the stage.")] String Id;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphcustomaccesspackageworkflowextension
{
[Write, Description("Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String AuthenticationConfiguration;
[Write, Description("HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ClientConfiguration;
[Write, Description("Description for the customAccessPackageWorkflowExtension object.")] String Description;
[Write, Description("Display name for the customAccessPackageWorkflowExtension object.")] String DisplayName;
[Write, Description("The type and details for configuring the endpoint to call the logic app's workflow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionendpointconfiguration")] String EndpointConfiguration;
[Write, Description("Identifier for the customAccessPackageWorkflowExtension object.")] String Id;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration
{
[Write, Description("The appID of the Azure AD application to use to authenticate a logic app with a custom access package workflow extension.")] String ResourceId;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphcustomextensionclientconfiguration
{
[Write, Description("The max duration in milliseconds that Azure AD will wait for a response from the logic app before it shuts down the connection. The valid range is between 200 and 2000 milliseconds. Default duration is 1000.")] UInt32 TimeoutInMilliseconds;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphcustomextensionendpointconfiguration
{
[Write, Description("The name of the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String LogicAppWorkflowName;
[Write, Description("The Azure resource group name for the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ResourceGroupName;
[Write, Description("Identifier of the Azure subscription for the logic app.")] String SubscriptionId;
};

[ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageAssignmentPolicy")]
class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResource
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -222,13 +222,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
durationInDays = 25
} -ClientOnly)
CanExtend = $True
CustomExtensionHandlers = @(
CustomExtensionHandlers = [CimInstance[]]@(
(New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{
CustomExtension = (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomaccesspackageworkflowextension -Property @{
Id = 'MyCustomExtensionId'
} -ClientOnly)
CustomExtensionId = 'MyCustomExtensionId'
Stage = 'assignmentRequestCreated'
Id = 'MyCustomExtensionHandlersId'
} -ClientOnly)
)
Description = 'FakeStringValue'
Expand Down Expand Up @@ -346,11 +343,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {

} -ClientOnly)
CanExtend = $True
CustomExtensionHandlers = @(
CustomExtensionHandlers = [CimInstance[]]@(
(New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{
isArray = $True
CIMType = 'MSFT_MicrosoftGraphcustomextensionhandler'

CustomExtensionId = 'MyCustomExtensionId'
Stage = 'assignmentRequestCreated'
} -ClientOnly)
)
Description = 'FakeStringValue'
Expand Down Expand Up @@ -427,13 +423,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
acceptRequests = $True

}
CustomExtensionHandlers = @(
@{
isArray = $True

}
)

}
Description = 'FakeStringValue'
DisplayName = 'FakeStringValue'
Expand Down Expand Up @@ -476,6 +465,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
reviewerType = 'FakeStringValue'
durationInDays = 25
} -ClientOnly)
CustomExtensionHandlers = [CimInstance[]]@(
(New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{
CustomExtensionId = 'MyCustomExtensionId'
Stage = 'assignmentRequestCreated'
} -ClientOnly)
)
CanExtend = $True
Description = 'FakeStringValue'
DisplayName = 'FakeStringValue'
Expand Down

0 comments on commit 7cf3870

Please sign in to comment.