Skip to content

Commit

Permalink
Merge pull request #2230 from ykuijs/AuthenticationImprovements
Browse files Browse the repository at this point in the history
Update Export functionality to support multiple authentication methods
  • Loading branch information
NikCharlebois authored Sep 2, 2022
2 parents fecde84 + a1063be commit 8816e65
Show file tree
Hide file tree
Showing 16 changed files with 887 additions and 818 deletions.
29 changes: 29 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,35 @@
* IntuneDeviceConfigurationPolicyAndroidOpenSourceProject
* Don't export all policies if none match the type
FIXES [#2228](https://github.com/microsoft/Microsoft365DSC/issues/2228)
* PlannerBucket
* Changed authentication method to Credentials only, since the Planner Graph API
does not support anything else
FIXES [#1979](https://github.com/microsoft/Microsoft365DSC/issues/1979)
* Fixes issue with generating Export output
FIXES [#2032](https://github.com/microsoft/Microsoft365DSC/issues/2032)
* PlannerPlan
* Fix export issue where the export wasn't created correctly because of the
use of an incorrect property name.
* Changed authentication method to Credentials only, since the Planner Graph API
does not support anything else
FIXES [#1979](https://github.com/microsoft/Microsoft365DSC/issues/1979)
* PlannerTask
* Changed authentication method to Credentials only, since the Planner Graph API
does not support anything else
FIXES [#1979](https://github.com/microsoft/Microsoft365DSC/issues/1979)
* TeamsMeetingBroadcastConfiguration
* Fixing export issue where SdnApiToken is exported as a string instead of
a variable
FIXES [#2056](https://github.com/microsoft/Microsoft365DSC/issues/2056)
* MISC
* Updated Export functionality to only export the LCM settings when the
executed as Administrator
FIXES [#2037](https://github.com/microsoft/Microsoft365DSC/issues/2037)
* Added support for multiple authentication methods to the Export functionality.
The code now uses the most secure method that is provided in the command line
and that supported by the specified resources in the following order:
Certificate Thumbprint, Certificate Path, Application Secret, Credential
FIXES [#1759](https://github.com/microsoft/Microsoft365DSC/issues/1759)
* MISC
* Fix issue of running Export-M365DSCConfiguration within Azure Run Book. FIXES [#2233](https://github.com/microsoft/Microsoft365DSC/issues/2233)
* Fix issue within M365DSCTelemetryEngine when used with ApplicationId. FIXES [#2237](https://github.com/microsoft/Microsoft365DSC/issues/2237)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,9 @@ function Get-TargetResource
[ValidateSet("Present", "Absent")]
$Ensure = 'Present',

[Parameter()]
[System.String]
$ApplicationId,

[Parameter()]
[System.String]
$TenantId,

[Parameter()]
[System.String]
$CertificateThumbprint
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$Credential
)
Write-Verbose -Message "Getting configuration of Planner Bucket {$Name}"

Expand All @@ -40,19 +32,20 @@ function Get-TargetResource

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
$CommandName = $MyInvocation.MyCommand
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters

$nullReturn = $PSBoundParameters
$nullReturn.Ensure = "Absent"
try
{
Connect-Graph -Scopes "Group.ReadWrite.All" | Out-Null

if (-not [System.String]::IsNullOrEmpty($BucketId))
{
[Array]$bucket = Get-MgPlannerPlanBucket -PlannerPlanId $PlanId | Where-Object -FilterScript { $_.Id -eq $BucketId }
Expand All @@ -74,13 +67,11 @@ function Get-TargetResource
}

$results = @{
Name = $Name
PlanId = $PlanId
BucketId = $bucket[0].Id
Ensure = "Present"
ApplicationId = $ApplicationId
TenantID = $TenantId
CertificateThumbprint = $CertificateThumbprint
Name = $Name
PlanId = $PlanId
BucketId = $bucket[0].Id
Ensure = "Present"
Credential = $Credential
}
Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $results)"
return $results
Expand Down Expand Up @@ -133,17 +124,9 @@ function Set-TargetResource
[ValidateSet("Present", "Absent")]
$Ensure = 'Present',

[Parameter()]
[System.String]
$ApplicationId,

[Parameter()]
[System.String]
$TenantId,

[Parameter()]
[System.String]
$CertificateThumbprint
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$Credential
)
Write-Verbose -Message "Setting configuration of Planner Bucket {$Name}"

Expand All @@ -152,20 +135,19 @@ function Set-TargetResource

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
$CommandName = $MyInvocation.MyCommand
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

Connect-Graph -Scopes "Group.ReadWrite.All" | Out-Null
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters

$SetParams = $PSBoundParameters
$currentValues = Get-TargetResource @PSBoundParameters
$SetParams.Remove("ApplicationId") | Out-Null
$SetParams.Remove("TenantId") | Out-Null
$SetParams.Remove("CertificateThumbprint") | Out-Null
$SetParams.Remove("Credential") | Out-Null
$SetParams.Remove("Ensure") | Out-Null

if ($Ensure -eq 'Present' -and $currentValues.Ensure -eq 'Absent')
Expand Down Expand Up @@ -209,24 +191,16 @@ function Test-TargetResource
[ValidateSet("Present", "Absent")]
$Ensure = 'Present',

[Parameter()]
[System.String]
$ApplicationId,

[Parameter()]
[System.String]
$TenantId,

[Parameter()]
[System.String]
$CertificateThumbprint
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$Credential
)
#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
$CommandName = $MyInvocation.MyCommand
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Expand All @@ -239,9 +213,6 @@ function Test-TargetResource
Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"

$ValuesToCheck = $PSBoundParameters
$ValuesToCheck.Remove('ApplicationId') | Out-Null
$ValuesToCheck.Remove('TenantId') | Out-Null
$ValuesToCheck.Remove('CertificateThumbprint') | Out-Null
$TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
-Source $($MyInvocation.MyCommand.Source) `
-DesiredValues $PSBoundParameters `
Expand All @@ -259,23 +230,15 @@ function Export-TargetResource
param
(
[Parameter(Mandatory = $true)]
[System.String]
$ApplicationId,

[Parameter(Mandatory = $true)]
[System.String]
$TenantId,

[Parameter(Mandatory = $true)]
[System.String]
$CertificateThumbprint
[System.Management.Automation.PSCredential]
$Credential
)
#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
$CommandName = $MyInvocation.MyCommand
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Expand All @@ -289,33 +252,30 @@ function Export-TargetResource
{
[array]$groups = Get-MgGroup -All:$true -ErrorAction Stop

$ConnectionMode = Connect-Graph -Scopes "Group.ReadWrite.All"
$i = 1
$dscContent = ''
Write-Host "`r`n" -NoNewline
foreach ($group in $groups)
{
Write-Host " [$i/$($groups.Length)] $($group.DisplayName) - {$($group.ObjectID)}"
Write-Host " [$i/$($groups.Length)] $($group.DisplayName) - {$($group.Id)}"
try
{
[Array]$plans = Get-MgGroupPlannerPlan -GroupId $group.ObjectId -ErrorAction 'SilentlyContinue'
[Array]$plans = Get-MgGroupPlannerPlan -GroupId $group.Id -ErrorAction 'SilentlyContinue'

$j = 1
foreach ($plan in $plans)
{
Write-Host " [$j/$($plans.Length)] $($plan.Title)"
Write-Host " |---[$j/$($plans.Length)] $($plan.Title)"
$buckets = Get-MgPlannerPlanBucket -PlannerPlanId $plan.Id
$k = 1
foreach ($bucket in $buckets)
{
Write-Host " [$k/$($buckets.Length)] $($bucket.Name)" -NoNewline
Write-Host " |---[$k/$($buckets.Length)] $($bucket.Name)" -NoNewline
$params = @{
Name = $bucket.Name
PlanId = $plan.Id
BucketId = $Bucket.Id
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
Name = $bucket.Name
PlanId = $plan.Id
BucketId = $Bucket.Id
Credential = $Credential
}
$results = Get-TargetResource @params
$Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ class MSFT_PlannerBucket : OMI_BaseResource
[Key, Description("Id of the Plan to which the bucket is associated with.")] string PlanId;
[Write, Description("Id of the Bucket, if known.")] string BucketId;
[Write, Description("Present ensures the Plan exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
[Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
[Required, Description("Credentials of the account to authenticate with."), EmbeddedInstance("MSFT_Credential")] string Credential;
};

Loading

0 comments on commit 8816e65

Please sign in to comment.