diff --git a/CHANGELOG.md b/CHANGELOG.md index fd41f3ff66..61e87a77b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ # UNRELEASED +* AADEntitlementManagementAccessPackageAssignmentPolicy + * [BREAKING CHANGE] Fixes customExtension property where the schema and assignement + were not managed correctly. + FIXES [#3639](https://github.com/microsoft/Microsoft365DSC/issues/3639) * AADEntitlementManagementConnectedOrganization * Fixed [[#3738](https://github.com/microsoft/Microsoft365DSC/issues/3738)] * EXOCalendarProcessing diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 719c6b97f9..099402bc79 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -271,11 +271,9 @@ function Get-TargetResource foreach ($customExtensionHandler in $getValue.CustomExtensionHandlers) { $customExt = @{ - Id = $customExtensionHandler.Id + #Id = $customExtensionHandler.Id #Read Only Stage = $customExtensionHandler.Stage - CustomExtension = @{ - Id = $customExtensionHandler.CustomExtension.Id - } + CustomExtensionId = $customExtensionHandler.CustomExtension.Id } $formattedCustomExtensionHandlers += $customExt } @@ -476,6 +474,21 @@ function Set-TargetResource } } } + If ($null -ne $CreateParameters.CustomExtensionHandlers -and $CreateParameters.CustomExtensionHandlers.count -gt 0 ) + { + $formattedCustomExtensionHandlers = @() + foreach ($customExtensionHandler in $CreateParameters.CustomExtensionHandlers) + { + $extensionId= $customExtensionHandler.CustomExtensionId + $formattedCustomExtensionHandlers += @{ + stage = $customExtensionHandler.Stage + customExtension = @{ + id = $extensionId + } + } + } + $CreateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers + } New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` -BodyParameter $CreateParameters } @@ -503,7 +516,7 @@ function Set-TargetResource # Convert back user principal names to Ids if ($null -ne $UpdateParameters.AccessReviewSettings -and $null -ne $UpdateParameters.AccessReviewSettings.Reviewers) { - Write-Verbose -Message "Updating Reviewers' Id" + #Write-Verbose -Message "Updating Reviewers' Id" for ($i = 0; $i -lt $UpdateParameters.AccessReviewSettings.Reviewers.Length; $i++) { $reviewer = $UpdateParameters.AccessReviewSettings.Reviewers[$i] @@ -516,10 +529,10 @@ function Set-TargetResource } if ($null -ne $UpdateParameters.RequestorSettings -and $null -ne $UpdateParameters.RequestorSettings.AllowedRequestors) { - Write-Verbose -Message "Updating Requestors' Id" + #Write-Verbose -Message "Updating Requestors' Id" for ($i = 0; $i -lt $UpdateParameters.RequestorSettings.AllowedRequestors.Length; $i++) { - Write-Verbose -Message "Requestor: $($UpdateParameters.RequestorSettings.AllowedRequestors[$i].Id)" + #Write-Verbose -Message "Requestor: $($UpdateParameters.RequestorSettings.AllowedRequestors[$i].Id)" $requestor = $UpdateParameters.RequestorSettings.AllowedRequestors[$i] $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($requestor.Id.Split('@')[0])')" -ErrorAction SilentlyContinue if ($null -ne $user) @@ -528,6 +541,23 @@ function Set-TargetResource } } } + If ($null -ne $UpdateParameters.CustomExtensionHandlers -and $UpdateParameters.CustomExtensionHandlers.count -gt 0 ) + { + $formattedCustomExtensionHandlers = @() + foreach ($customExtensionHandler in $UpdateParameters.CustomExtensionHandlers) + { + $extensionId= $customExtensionHandler.CustomExtensionId + $formattedCustomExtensionHandlers += @{ + stage = $customExtensionHandler.Stage + customExtension = @{ + id = $extensionId + } + } + } + $UpdateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers + } + + #write-verbose ($UpdateParameters|convertto-json -Depth 100) Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` -BodyParameter $UpdateParameters ` -AccessPackageAssignmentPolicyId $currentInstance.Id @@ -885,23 +915,6 @@ function Export-TargetResource } if ($null -ne $Results.CustomExtensionHandlers ) { - $complexMapping = @( - @{ - Name = 'AuthenticationConfiguration' - CimInstanceName = 'MicrosoftGraphcustomextensionauthenticationconfiguration' - IsRequired = $false - } - @{ - Name = 'ClientConfiguration' - CimInstanceName = 'MicrosoftGraphcustomextensionclientconfiguration' - IsRequired = $false - } - @{ - Name = 'EndpointConfiguration' - CimInstanceName = 'MicrosoftGraphcustomextensionauthenticationconfiguration' - IsRequired = $false - } - ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.CustomExtensionHandlers ` -CIMInstanceName MicrosoftGraphcustomextensionhandler ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof index 3cb785a207..b7da1a6a19 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof @@ -84,38 +84,10 @@ class MSFT_MicrosoftGraphrequestorsettings [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphcustomextensionhandler { - [Write, Description("Indicates which custom workflow extension will be executed at this stage."), EmbeddedInstance("MSFT_MicrosoftGraphcustomaccesspackageworkflowextension")] String CustomExtension; + [Write, Description("Indicates which custom workflow extension will be executed at this stage.")] String CustomExtensionId; [Write, Description("Indicates the stage of the access package assignment request workflow when the access package custom extension runs."), ValueMap{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}, Values{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}] String Stage; [Write, Description("Identifier of the stage.")] String Id; }; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphcustomaccesspackageworkflowextension -{ - [Write, Description("Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String AuthenticationConfiguration; - [Write, Description("HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ClientConfiguration; - [Write, Description("Description for the customAccessPackageWorkflowExtension object.")] String Description; - [Write, Description("Display name for the customAccessPackageWorkflowExtension object.")] String DisplayName; - [Write, Description("The type and details for configuring the endpoint to call the logic app's workflow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionendpointconfiguration")] String EndpointConfiguration; - [Write, Description("Identifier for the customAccessPackageWorkflowExtension object.")] String Id; -}; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration -{ - [Write, Description("The appID of the Azure AD application to use to authenticate a logic app with a custom access package workflow extension.")] String ResourceId; -}; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphcustomextensionclientconfiguration -{ - [Write, Description("The max duration in milliseconds that Azure AD will wait for a response from the logic app before it shuts down the connection. The valid range is between 200 and 2000 milliseconds. Default duration is 1000.")] UInt32 TimeoutInMilliseconds; -}; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphcustomextensionendpointconfiguration -{ - [Write, Description("The name of the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String LogicAppWorkflowName; - [Write, Description("The Azure resource group name for the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ResourceGroupName; - [Write, Description("Identifier of the Azure subscription for the logic app.")] String SubscriptionId; -}; - [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageAssignmentPolicy")] class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResource { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 index e99ea6668e..494e432b67 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 @@ -222,13 +222,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { durationInDays = 25 } -ClientOnly) CanExtend = $True - CustomExtensionHandlers = @( + CustomExtensionHandlers = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{ - CustomExtension = (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomaccesspackageworkflowextension -Property @{ - Id = 'MyCustomExtensionId' - } -ClientOnly) + CustomExtensionId = 'MyCustomExtensionId' Stage = 'assignmentRequestCreated' - Id = 'MyCustomExtensionHandlersId' } -ClientOnly) ) Description = 'FakeStringValue' @@ -346,11 +343,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } -ClientOnly) CanExtend = $True - CustomExtensionHandlers = @( + CustomExtensionHandlers = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{ - isArray = $True - CIMType = 'MSFT_MicrosoftGraphcustomextensionhandler' - + CustomExtensionId = 'MyCustomExtensionId' + Stage = 'assignmentRequestCreated' } -ClientOnly) ) Description = 'FakeStringValue' @@ -427,13 +423,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { acceptRequests = $True } - CustomExtensionHandlers = @( - @{ - isArray = $True - - } - ) - } Description = 'FakeStringValue' DisplayName = 'FakeStringValue' @@ -476,6 +465,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { reviewerType = 'FakeStringValue' durationInDays = 25 } -ClientOnly) + CustomExtensionHandlers = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{ + CustomExtensionId = 'MyCustomExtensionId' + Stage = 'assignmentRequestCreated' + } -ClientOnly) + ) CanExtend = $True Description = 'FakeStringValue' DisplayName = 'FakeStringValue'