From f04ce0dae4ff48c249e5b5c50e4cbd033000994f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 4 Jan 2024 08:06:43 -0500 Subject: [PATCH 1/3] Fixes --- ...AADEntitlementManagementAccessPackage.psm1 | 11 +++--- ...nagementAccessPackageAssignmentPolicy.psm1 | 35 ++++++++++++++++--- ...tlementManagementAccessPackageCatalog.psm1 | 7 ++-- ...anagementAccessPackageCatalogResource.psm1 | 14 ++++++-- .../1-Create.ps1 | 15 ++------ .../2-Update.ps1 | 15 ++------ .../1-Create.ps1 | 4 +-- .../2-Update.ps1 | 4 +-- .../1-Create.ps1 | 11 +++--- .../2-Update.ps1 | 12 +++---- 10 files changed, 73 insertions(+), 55 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 844320d380..31088bcbd6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -104,10 +104,12 @@ function Get-TargetResource { $getValue = $null - #region resource generator code - $getValue = Get-MgBetaEntitlementManagementAccessPackage -AccessPackageId $id ` - -ExpandProperty "accessPackageResourceRoleScopes(`$expand=accessPackageResourceRole,accessPackageResourceScope)" ` - -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementAccessPackage -AccessPackageId $id ` + -ExpandProperty "accessPackageResourceRoleScopes(`$expand=accessPackageResourceRole,accessPackageResourceScope)" ` + -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -121,7 +123,6 @@ function Get-TargetResource -ErrorAction SilentlyContinue } } - #endregion if ($null -eq $getValue) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 030d514a65..1891bd8d98 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -103,10 +103,13 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' $getValue = $null - $getValue = Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` - -AccessPackageAssignmentPolicyId $id ` - -ExpandProperty "customExtensionHandlers(`$expand=customExtension)" ` - -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` + -AccessPackageAssignmentPolicyId $id ` + -ExpandProperty "customExtensionHandlers(`$expand=customExtension)" ` + -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -528,6 +531,30 @@ function Set-TargetResource } $CreateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers } + + # Check to see if the AccessPackageId is in GUID form. If not, resolve it by name. + if (-not [System.String]::IsNullOrEmpty($AccessPackageId)) + { + $ObjectGuid = [System.Guid]::empty + $isGUID = [System.Guid]::TryParse($AccessPackageId, [System.Management.Automation.PSReference]$ObjectGuid) + if (-not $isGUID) + { + # Retrieve by name + Write-Verbose -Message "Retrieving Entitlement Management Access Package by Name {$AccessPackageId}" + $package = Get-MgBetaEntitlementManagementAccessPackage -Filter "displayName eq '$AccessPackageId'" + if ($null -ne $package) + { + $AccessPackageId = $package.Id + } + else + { + throw "Could not retrieve the Access Package using identifier {$AccessPackageId}" + } + } + $CreateParameters.AccessPackageId = $AccessPackageId + } + + Write-Verbose -Message "Creating with Values: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` -BodyParameter $CreateParameters } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index fa526d7f61..0360b370d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -88,8 +88,10 @@ function Get-TargetResource { $getValue = $null - #region resource generator code - $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalog -AccessPackageCatalogId $id -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalog -AccessPackageCatalogId $id -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -104,7 +106,6 @@ function Get-TargetResource } } } - #endregion if ($null -eq $getValue) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index 6f69b42435..babae51cfc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -310,9 +310,18 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Assigning resource {$DisplayName} to catalog {$CatalogId}" - $resource = ([Hashtable]$PSBoundParameters).clone() + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + Write-Verbose -Message "Retrieving Catalog by Display Name" + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($CatalogId)'" + if ($catalogInstance) + { + $CatalogId = $catalogInstance.Id + } + } + Write-Verbose -Message "Assigning resource {$DisplayName} to catalog {$CatalogId}" $resource.Remove('Id') | Out-Null $resource.Remove('CatalogId') | Out-Null @@ -346,6 +355,7 @@ function Set-TargetResource AccessPackageresource = $resource } #region resource generator code + Write-Verbose -Message "Creating with Values: $(Convert-M365DscHashtableToString -Hashtable $resourceRequest)" New-MgBetaEntitlementManagementAccessPackageResourceRequest @resourceRequest #endregion diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 index a5b31cb592..6df36bd26b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 @@ -14,9 +14,9 @@ Configuration Example node localhost { - AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignments" { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessPackageId = "Integration Package"; AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ IsEnabled = $True StartDateTime = '12/17/2022 23:59:59' @@ -38,17 +38,6 @@ Configuration Example IsApprovalRequired = $False IsApprovalRequiredForExtension = $False }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AllowedRequestors = @( - MSFT_MicrosoftGraphuserset{ - IsBackup = $False - Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' - odataType = '#microsoft.graph.connectedOrganizationMembers' - } - ) - AcceptRequests = $True - ScopeType = 'SpecificConnectedOrganizationSubjects' - }; Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 index 223ba9497a..00c8f28c52 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 @@ -14,9 +14,9 @@ Configuration Example node localhost { - AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignments" { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessPackageId = "Integration Package"; AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ IsEnabled = $True StartDateTime = '12/17/2022 23:59:59' @@ -38,17 +38,6 @@ Configuration Example IsApprovalRequired = $False IsApprovalRequiredForExtension = $False }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AllowedRequestors = @( - MSFT_MicrosoftGraphuserset{ - IsBackup = $False - Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' - odataType = '#microsoft.graph.connectedOrganizationMembers' - } - ) - AcceptRequests = $True - ScopeType = 'SpecificConnectedOrganizationSubjects' - }; Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 index fae71422d5..1acbe3c12f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 @@ -16,9 +16,9 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' CatalogStatus = 'Published' - CatalogType = 'ServiceDefault' + CatalogType = 'UserManaged' Description = 'Built-in catalog.' IsExternallyVisible = $True Managedidentity = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 index 38127ab97b..30621cfbe4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 @@ -16,9 +16,9 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' CatalogStatus = 'Published' - CatalogType = 'ServiceDefault' + CatalogType = 'UserManaged' Description = 'Built-in catalog.' IsExternallyVisible = $False # Updated Property Managedidentity = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 index bf302be3e6..e7a20f133d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 @@ -12,20 +12,21 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Communication site' + DisplayName = 'Test Resource' AddedBy = 'admin@contoso.onmicrosoft.com' AddedOn = '05/11/2022 16:21:15' - CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' - Description = 'https://contoso.sharepoint.com/' + CatalogId = 'My Catalog' + Description = 'My Resource' IsPendingOnboarding = $False - OriginId = 'https://contoso.sharepoint.com/' + OriginId = "https://$Domain.sharepoint.com/" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = 'https://contoso.sharepoint.com/' + Url = "https://$Domain.sharepoint.com/" Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 index cce7f22a0e..185d0eeb00 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 @@ -16,16 +16,16 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Communication site' + DisplayName = 'Test Resource' AddedBy = 'admin@contoso.onmicrosoft.com' AddedOn = '05/11/2022 16:21:15' - CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' - Description = 'https://contoso.sharepoint.com/' - IsPendingOnboarding = $False # Updated Property - OriginId = 'https://contoso.sharepoint.com/' + CatalogId = 'My Catalog' + Description = 'My Resource' + IsPendingOnboarding = $True # Updated Property + OriginId = "https://$Domain.sharepoint.com/" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = 'https://contoso.sharepoint.com/' + Url = "https://$Domain.sharepoint.com/" Ensure = 'Present' Credential = $Credscredential } From a2508bb5c71bf194e69a144347be7ebb45ddd7f1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 5 Jan 2024 11:47:09 -0500 Subject: [PATCH 2/3] Various Fixes for Integration Tests --- ...anagementAccessPackageCatalogResource.psm1 | 42 ++++-- ...lementManagementConnectedOrganization.psm1 | 123 +++++++++++++++++- .../MSFT_AADNamedLocationPolicy.psm1 | 2 +- .../MSFT_AADRoleSetting.psm1 | 72 ++++++---- .../MSFT_AADServicePrincipal.psm1 | 31 ++++- .../MSFT_EXOPlace/MSFT_EXOPlace.psm1 | 2 +- .../1-Create.ps1 | 10 +- .../2-Update.ps1 | 11 +- .../1-Create.ps1 | 7 +- .../2-Update.ps1 | 9 +- .../AADNamedLocationPolicy/1-Create.ps1 | 2 +- .../AADNamedLocationPolicy/2-Update.ps1 | 4 +- .../1-Create.ps1 | 3 +- .../2-Update.ps1 | 3 +- .../Resources/AADRoleSetting/1-Create.ps1 | 62 --------- .../AADServicePrincipal/1-Create.ps1 | 15 +-- .../AADServicePrincipal/2-Update.ps1 | 19 ++- .../Examples/Resources/AADUser/1-Create.ps1 | 5 +- .../Examples/Resources/AADUser/2-Update.ps1 | 5 +- .../Examples/Resources/AADUser/3-Remove.ps1 | 4 +- 20 files changed, 266 insertions(+), 165 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index babae51cfc..6bd79a482e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -112,17 +112,34 @@ function Get-TargetResource { $getValue = $null - #region resource generator code - $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` - -AccessPackageCatalogId $CatalogId ` - -Filter "Id eq '$Id'" -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($CatalogId)) + { + $resource = ([Hashtable]$PSBoundParameters).clone() + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$catalogId'" + $CatalogId = $catalogInstance.Id + } + + $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` + -AccessPackageCatalogId $CatalogId ` + -Filter "Id eq '$Id'" -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Retrieving Resource by Display Name {$DisplayName}" + $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` + -AccessPackageCatalogId $CatalogId ` + -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + } + } if ($null -eq $getValue) { Write-Verbose -Message "The access package resource with id {$id} was NOT found in catalog {$CatalogId}." return $nullResult } - #endregion Write-Verbose -Message "The access package resource {$DisplayName} was found in catalog {$CatalogId}." $hashAttributes = @() @@ -338,7 +355,6 @@ function Set-TargetResource $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $resource.$key $resource.$key = $keyValue } - } $mapping = @{ @@ -365,7 +381,16 @@ function Set-TargetResource Write-Verbose -Message "Updating resource {$DisplayName} in catalog {$CatalogId}" $resource = ([Hashtable]$PSBoundParameters).clone() - + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + Write-Verbose -Message "Retrieving Catalog by Display Name" + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($CatalogId)'" + if ($catalogInstance) + { + $CatalogId = $catalogInstance.Id + } + } #$resource.Remove('Id') | Out-Null $resource.Remove('CatalogId') | Out-Null $resource.Remove('Verbose') | Out-Null @@ -432,16 +457,13 @@ function Set-TargetResource $resource = Rename-M365DSCCimInstanceParameter -Properties $resource ` -KeyMapping $mapping - #region resource generator code $resourceRequest = @{ CatalogId = $CatalogId RequestType = 'AdminRemove' AccessPackageresource = $resource } - #region resource generator code New-MgBetaEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 637425e5d9..e504f42eb7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -85,7 +85,11 @@ function Get-TargetResource $getValue = $null - $getValue = Get-MgBetaEntitlementManagementConnectedOrganization -ConnectedOrganizationId $id -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementConnectedOrganization -ConnectedOrganizationId $id ` + -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -169,13 +173,56 @@ function Get-TargetResource $getIdentitySources = $sources } + $ObjectGuid = [System.Guid]::empty + $ExternalSponsorsValues = @() + foreach ($sponsor in $getExternalSponsors) + { + if ([System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor + $ExternalSponsorsValues += $user.UserPrincipalName + } + catch + { + Write-Verbose -Message "Couldn't find external sponsor with id {$sponsor}" + } + } + else + { + $ExternalSponsorsValues += $sponsor + } + } + + $InternalSponsorsValues = @() + foreach ($sponsor in $getInternalSponsors) + { + if ([System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor + $InternalSponsorsValues += $user.UserPrincipalName + } + catch + { + Write-Verbose -Message "Couldn't find inter sponsor with id {$sponsor}" + } + } + else + { + $InternalSponsorsValues += $sponsor + } + } + $results = @{ Id = $getValue.id Description = $getValue.description DisplayName = $getValue.displayName - ExternalSponsors = $getExternalSponsors + ExternalSponsors = $ExternalSponsorsValues IdentitySources = $getIdentitySources - InternalSponsors = $getInternalSponsors + InternalSponsors = $InternalSponsorsValues State = $getValue.state Ensure = 'Present' Credential = $Credential @@ -293,6 +340,68 @@ function Set-TargetResource 'ExternalTenantId' = 'tenantId' } + if ($Ensure -eq 'Present') + { + $ObjectGuid = [System.Guid]::empty + $ExternalSponsorsValues = @() + foreach ($sponsor in $ExternalSponsors) + { + if (-not [System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $ExternalSponsorsValues += $user.Id + } + else + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + catch + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + else + { + $ExternalSponsorsValues += $sponsor + } + } + $ExternalSponsors = $ExternalSponsorsValues + + $InternalSponsorsValues = @() + foreach ($sponsor in $InternalSponsors) + { + if (-not [System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $InternalSponsorsValues += $user.Id + } + else + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + catch + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + else + { + $InternalSponsorsValues += $sponsor + } + } + $InternalSponsors = $InternalSponsorsValues + } + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating a new Entitlement Management Connected Organization {$DisplayName}" @@ -304,7 +413,6 @@ function Set-TargetResource $CreateParameters.Remove('ExternalSponsors') | Out-Null $CreateParameters.Remove('InternalSponsors') | Out-Null - $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { @@ -313,8 +421,9 @@ function Set-TargetResource $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } - $TenantId = $CreateParameters.IdentitySources.ExternalTenantId - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$tenantid')" + Write-Verbose -Message "Create Parameters: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" + $TenantIdValue = $CreateParameters.IdentitySources.TenantId + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')" $DomainName = (Invoke-MgGraphRequest -Method 'GET' -Uri $url).defaultDomainName $newConnectedOrganization = New-MgBetaEntitlementManagementConnectedOrganization -Description $CreateParameters.Description -DisplayName $CreateParameters.DisplayName -State $CreateParameters.State -DomainName $DomainName @@ -504,7 +613,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 index a1615e9666..cb125080aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 @@ -307,7 +307,7 @@ function Set-TargetResource # Named Location exist but should not elseif ($Ensure -eq 'Absent' -and $CurrentAADNamedLocation.Ensure -eq 'Present') { - Write-Verbose -Message "Removing AAD Named Location {$Displayname)}" + Write-Verbose -Message "Removing AAD Named Location {$Displayname} with id {$($currentAADNamedLocation.ID)}" Remove-MgBetaIdentityConditionalAccessNamedLocation -NamedLocationId $currentAADNamedLocation.ID } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 117d2e66d8..e978aab640 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.String] - $Displayname, + $DisplayName, [Parameter()] [System.String] @@ -215,6 +215,29 @@ function Get-TargetResource $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' + $RoleDefintion = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + elseif (-not [System.String]::IsNullOrEmpty($Id)) + { + $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $Id ` + -ErrorAction SilentlyContinue + } + + if ($null -eq $RoleDefinition -and -not [System.String]::IsNullOrEmpty($Displayname)) + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + } + else + { + $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$DisplayName'" + } + } + try { if ($null -eq $Script:PolicyAssignments) @@ -222,7 +245,8 @@ function Get-TargetResource $allFilter = "scopeId eq '/' and scopeType eq 'DirectoryRole'" $Script:PolicyAssignments = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $allFilter -All } - $Policy = $Script:PolicyAssignments | Where-Object -FilterScript {$_.RoleDefinitionId -eq $Id} + + $Policy = $Script:PolicyAssignments | Where-Object -FilterScript {$_.RoleDefinitionId -eq $RoleDefinition.Id} } catch { @@ -237,26 +261,6 @@ function Get-TargetResource { return $nullReturn } - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} - } - else - { - $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $Id - } - - if ($null -eq $RoleDefinition -and -not [System.String]::IsNullOrEmpty($Displayname)) - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $Displayname} - } - else - { - $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$DisplayName'" - } - } #get Policyrule $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid @@ -400,7 +404,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.String] - $Displayname, + $DisplayName, [Parameter()] [System.String] @@ -599,11 +603,23 @@ function Set-TargetResource #endregion #get role - [string]$Filter = $null - $Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole' and RoleDefinitionId eq '" + $Id + "'" - $Policy = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $Filter + $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$DisplayName'" + + $Policy = $null + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole' and RoleDefinitionId eq '" + $Id + "'" + $Policy = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $Filter + } + else + { + Write-Verbose -Message "Finding Policy Assignment by Role Definition Id {$($RoleDefinition.Id)}" + $Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole' and RoleDefinitionId eq '$($RoleDefinition.Id)'" + $Policy = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $Filter + } #get Policyrule - $roles = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid + $roles = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.PolicyId ` + -ErrorAction SilentlyContinue foreach ($role in $roles) { @@ -1100,7 +1116,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.String] - $Displayname, + $DisplayName, [Parameter()] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index 988bad0ce2..5a56e3da0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -147,8 +147,18 @@ function Get-TargetResource } else { - $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($AppId)'" ` - -Expand 'AppRoleAssignedTo' + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" + $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" ` + -Expand 'AppRoleAssignedTo' + } + else + { + $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($AppId)'" ` + -Expand 'AppRoleAssignedTo' + } } } if ($null -eq $AADServicePrincipal) @@ -347,7 +357,6 @@ function Set-TargetResource $currentParameters.Remove('Ensure') | Out-Null $currentParameters.Remove('ObjectID') | Out-Null $currentParameters.Remove('ApplicationSecret') | Out-Null - $currentParameters.Remove('AppId') | Out-Null # ServicePrincipal should exist but it doesn't if ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Absent') @@ -356,13 +365,27 @@ function Set-TargetResource { $currentParameters.AppRoleAssignedTo = $AppRoleAssignedToValue } + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" + $currentParameters.AppId = $appInstance.AppId + } + Write-Verbose -Message 'Creating new Service Principal' + Write-Verbose -Message "With Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" New-MgServicePrincipal @currentParameters } # ServicePrincipal should exist and will be configured to desired state - if ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Present') + elseif ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Present') { Write-Verbose -Message 'Updating existing Service Principal' + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" + $currentParameters.AppId = $appInstance.AppId + } Write-Verbose -Message "CurrentParameters: $($currentParameters | Out-String)" Write-Verbose -Message "ServicePrincipalID: $($currentAADServicePrincipal.ObjectID)" $currentParameters.Remove('AppRoleAssignedTo') | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 index e6524aa7b6..2829411355 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 @@ -157,7 +157,7 @@ function Get-TargetResource try { - $place = Get-Place -Identity $Identity -ErrorAction Stop + $place = Get-Place -Identity $Identity -ErrorAction SilentlyContinue if ($null -eq $place) { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 index e7a20f133d..5ce75f3a5e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 @@ -17,16 +17,14 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Test Resource' - AddedBy = 'admin@contoso.onmicrosoft.com' - AddedOn = '05/11/2022 16:21:15' + DisplayName = 'Human Resources' CatalogId = 'My Catalog' Description = 'My Resource' - IsPendingOnboarding = $False - OriginId = "https://$Domain.sharepoint.com/" + IsPendingOnboarding = $true + OriginId = "https://$Domain.sharepoint.com/sites/HumanResources" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = "https://$Domain.sharepoint.com/" + Url = "https://$Domain.sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 index 185d0eeb00..8294d98999 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 @@ -12,20 +12,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Test Resource' - AddedBy = 'admin@contoso.onmicrosoft.com' - AddedOn = '05/11/2022 16:21:15' + DisplayName = 'Human Resources' CatalogId = 'My Catalog' Description = 'My Resource' - IsPendingOnboarding = $True # Updated Property - OriginId = "https://$Domain.sharepoint.com/" + IsPendingOnboarding = $false # Updated Property + OriginId = "https://$Domain.sharepoint.com/sites/HumanResources" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = "https://$Domain.sharepoint.com/" + Url = "https://$Domain.sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 index f4772ccf44..fb46388a1a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 @@ -12,21 +12,22 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' { Description = "this is the tenant partner"; DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + ExternalSponsors = @("AdeleV@$Domain"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ - ExternalTenantId = "12345678-1234-1234-1234-123456789012" + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" DisplayName = 'Contoso' odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + InternalSponsors = @("AdeleV@$Domain"); State = "configured"; Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 index 59e893bec8..227bda391c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 @@ -12,21 +12,22 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' { - Description = "this is the tenant partner - Updated"; # Updated Property + Description = "This is the tenant partner - Updated"; # Updated Property DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + ExternalSponsors = @("AdeleV@$Domain"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ - ExternalTenantId = "12345678-1234-1234-1234-123456789012" + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" DisplayName = 'Contoso' odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + InternalSponsors = @("AdeleV@$Domain"); State = "configured"; Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 index ee96d8b039..2cfe4b2336 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 @@ -18,7 +18,7 @@ Configuration Example { DisplayName = "Company Network" IpRanges = @("2.1.1.1/32", "1.2.2.2/32") - IsTrusted = $True + IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 index 24c3405382..9f1b9edb57 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 @@ -17,8 +17,8 @@ Configuration Example AADNamedLocationPolicy 'CompanyNetwork' { DisplayName = "Company Network" - IpRanges = @("2.1.1.1/32", "1.2.2.2/32") - IsTrusted = $False # Updated Property + IpRanges = @("2.1.1.1/32") # Updated Property + IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 index f338de89dc..439d0b39b9 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 @@ -14,6 +14,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADRoleEligibilityScheduleRequest "MyRequest" @@ -23,7 +24,7 @@ Configuration Example DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $False; - Principal = "John.Smith@$OrganizationName"; + Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 index 3532161553..9131d0a4e7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 @@ -14,6 +14,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADRoleEligibilityScheduleRequest "MyRequest" @@ -23,7 +24,7 @@ Configuration Example DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $True; # Updated Property - Principal = "John.Smith@$OrganizationName"; + Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 deleted file mode 100644 index e603f34d31..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 +++ /dev/null @@ -1,62 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $True; - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Present' - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 index c406e7a9ed..8583af1bd5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 @@ -12,22 +12,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" AlternativeNames = "AlternativeName1","AlternativeName2" AccountEnabled = $true AppRoleAssignmentRequired = $false - ErrorUrl = "" - Homepage = "https://AADAppName.contoso.com" - LogoutUrl = "https://AADAppName.contoso.com/logout" - PublisherName = "Contoso" - ReplyURLs = "https://AADAppName.contoso.com" - SamlMetadataURL = "" - ServicePrincipalNames = "", "https://AADAppName.contoso.com" + Homepage = "https://$Domain/site/Home" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain/Reply" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 index b513d7b703..43fc5cf3a6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 @@ -12,22 +12,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" - AlternativeNames = "AlternativeName1","AlternativeName2" + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" + AlternativeNames = "AlternativeName1","AlternativeName3" # Updated Property AccountEnabled = $true - AppRoleAssignmentRequired = $true # Updated Property - ErrorUrl = "" - Homepage = "https://AADAppName.contoso.com" - LogoutUrl = "https://AADAppName.contoso.com/logout" - PublisherName = "Contoso" - ReplyURLs = "https://AADAppName.contoso.com" - SamlMetadataURL = "" - ServicePrincipalNames = "", "https://AADAppName.contoso.com" + AppRoleAssignmentRequired = $false + Homepage = "https://$Domain/site/Home" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain/Reply" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 index 77f36b174e..73cdcbb24b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 @@ -12,19 +12,18 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" City = "Gatineau" Country = "Canada" Office = "Ottawa - Queen" - LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 index d80e65086f..238b7e0925 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 @@ -12,19 +12,18 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" City = "Ottawa" # Updated Country = "Canada" Office = "Ottawa - Queen" - LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 index 1da4cd0523..30f6a7acb5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 @@ -12,12 +12,12 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" Ensure = "Absent" Credential = $Credscredential } From 08a70e70a26c8c4e333631fabfff13a66a2e4d43 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 5 Jan 2024 13:13:17 -0500 Subject: [PATCH 3/3] Fix Unit Tests --- ...lementManagementConnectedOrganization.psm1 | 26 ++++++++++++++++ ...entAccessPackageAssignmentPolicy.Tests.ps1 | 6 +++- ...tManagementConnectedOrganization.Tests.ps1 | 31 +++++++++++-------- .../Microsoft365DSC.AADRoleSetting.Tests.ps1 | 1 + 4 files changed, 50 insertions(+), 14 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index e504f42eb7..9f7c6f4e0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -480,6 +480,19 @@ function Set-TargetResource -ConnectedOrganizationId $currentInstance.Id #region External Sponsors + if ($currentInstance.ExternalSponsors) + { + $currentExternalSponsors = @() + foreach ($sponsor in $CurrentInstance.ExternalSponsors) + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($user) + { + $currentExternalSponsors += $user.Id + } + } + $currentInstance.ExternalSponsors = $currentExternalSponsors + } $sponsorsDifferences = compare-object -ReferenceObject @($ExternalSponsors|select-object) -DifferenceObject @($currentInstance.ExternalSponsors|select-object) $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject @@ -505,6 +518,19 @@ function Set-TargetResource #endregion #region Internal Sponsors + if ($currentInstance.InternalSponsors) + { + $currentInternalSponsors = @() + foreach ($sponsor in $CurrentInstance.InternalSponsors) + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($user) + { + $currentInternalSponsors += $user.Id + } + } + $currentInstance.InternalSponsors = $currentInternalSponsors + } $sponsorsDifferences = compare-object -ReferenceObject @($InternalSponsors|select-object) -DifferenceObject @($currentInstance.InternalSponsors|select-object) $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 index 494e432b67..b912a70e6b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 @@ -95,7 +95,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Ensure = 'Present' Credential = $Credential } - + Mock -CommandName Get-MgBetaEntitlementManagementAccessPackage -MockWith { + return @{ + Id = 'FakeStringValue' + } + } Mock -CommandName Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -MockWith { return $null } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index 7ead2f0a36..e8ea032e40 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -59,7 +59,20 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Write-Host -MockWith { } - Mock -CommandName Write-Host -MockWith { + Mock -CommandName Get-MgUser -MockWith { + return @{ + Id = '12345678-1234-1234-1234-123456789012' + UserPrincipalName = 'John.smith@contoso.com' + } + } + + Mock -CommandName Get-MgBetaDirectoryObject -MockWith { + return @{ + Id = '12345678-1234-1234-1234-123456789012' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.user' + } + } } } # Test contexts @@ -93,14 +106,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @() } - Mock -CommandName Get-MgBetaDirectoryObject -MockWith { - return @{ - Id = '12345678-1234-1234-1234-123456789012' - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.user' - } - } - } Mock -CommandName New-MgBetaEntitlementManagementConnectedOrganization -MockWith { return @{ Id = '12345678-1234-1234-1234-123456789012' @@ -193,7 +198,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Description = 'ConnectedOrganization_Description' DisplayName = 'ConnectedOrganization_DisplayName' - ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + ExternalSponsors = @('John.Smith@contoso.com') Id = '12345678-1234-1234-1234-123456789012' IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ @@ -202,7 +207,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors = @('12345678-1234-1234-1234-123456789012') + InternalSponsors = @('John.Smith@contoso.com') State = 'configured' Ensure = 'Present' Credential = $Credential @@ -250,7 +255,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Description = 'ConnectedOrganization_Description' DisplayName = 'ConnectedOrganization_DisplayName' - ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + ExternalSponsors = @('John.Smith@contoso.com') Id = '12345678-1234-1234-1234-123456789012' IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ @@ -259,7 +264,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors = @('12345678-1234-1234-1234-123456789012') + InternalSponsors = @('John.Smith@contoso.com') State = 'configured' Ensure = 'Present' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 index 5b68626cd5..fa5c9afa77 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 @@ -44,6 +44,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaRoleManagementDirectoryRoleDefinition -MockWith { return @{ DisplayName = 'User administrator' + Id = 'fe930be7-5e62-47db-91af-98c3a49a38b1' } }