add test to SettingJson.Test file

microsoft · Feb 14, 2024 · a475661 · a475661
1 parent d7f225d
commit a475661
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 18 deletions.
diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml
@@ -26,22 +26,6 @@ jobs:
           Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers
           Install-Module Pester -Force -SkipPublisherCheck -Scope AllUsers
           [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine);
-      - name: Run Test Harness
-        shell: pwsh
-        run: |
-          $allResrouces = Get-M365DSCAllResources
-          $readPermissionsAsApp = Get-M365DSCCompiledPermissionList -ResourceNameList $allResources -PermissionType Application -AccessType Read
-          $readWritePermissionsAsApp = $readPermissionsAsApp | Where-Object { $_.API -eq "Graph" -and $_.PermissionName -notlike '*.Read.*' }
-          if($readWritePermissionsAsApp.Count -gt 0)
-          {
-            throw "The following Microsoft Graph API write permissions are wrongfully assigned: $($readWritePermissionsAsApp.PermissionName -join ', ')"
-          }
-          $readPermissionsAsUser = Get-M365DSCCompiledPermissionList -ResourceNameList $allResources -PermissionType Delegated -AccessType Read
-          $readWritePermissionsAsUser = $readPermissionsAsUser | Where-Object {$_.API -eq "Graph" -and  $_.PermissionName -notlike '*.Read.*' }
-          if($readWritePermissionsAsUser.Count -gt 0)
-          {
-            throw "The following Microsoft Graph API write permissions are wrongfully assigned: $($readWritePermissionsAsUser.PermissionName -join ', ')"
-          }
       - name: Run Quality Checks
         shell: pwsh
         run: |

diff --git a/Tests/QA/Microsoft365DSC.SettingsJson.Tests.ps1 b/Tests/QA/Microsoft365DSC.SettingsJson.Tests.ps1
@@ -25,19 +25,29 @@ Describe -Name 'Successfully validate all used permissions in Settings.json file
         $delegated = $data.Content.Split('|')[1].Split(',')
     }
 
-     It "Permissions used in settings.json file for '<ResourceName>' should exist" -TestCases $settingsFiles {
+    It "Permissions used in settings.json file for '<ResourceName>' should exist" -TestCases $settingsFiles {
         $json = Get-Content -Path $FullName -Raw
         $settings = ConvertFrom-Json -InputObject $json
         foreach ($permission in $settings.permissions.graph.application.read)
         {
             # Only validate non-GUID (hidden) permissions.
             $ObjectGuid = [System.Guid]::empty
             # There is an issue where the GUI shows Tasks.Read.All but the OAuth value is actually Tasks.Read
-            if (-not [System.Guid]::TryParse($permission.Name  ,[System.Management.Automation.PSReference]$ObjectGuid) -and
+            if (-not [System.Guid]::TryParse($permission.Name  , [System.Management.Automation.PSReference]$ObjectGuid) -and
                 $permission.Name -ne 'Tasks.Read.All')
             {
                 $permission.Name | Should -BeIn $roles
             }
+            $permission.Name | Should -BeLike '*.Read.*'
+        }
+        foreach ($permission in $settings.permissions.graph.application.write)
+        {
+            # Only validate non-GUID (hidden) permissions.
+            $ObjectGuid = [System.Guid]::empty
+            if (-not [System.Guid]::TryParse($permission.Name  , [System.Management.Automation.PSReference]$ObjectGuid))
+            {
+                $permission.Name | Should -BeIn $roles
+            }
         }
     }
 }