Merge pull request #5504 from NikCharlebois/AADIdentityAPIConnector

AADIdentityAPIConnector - Fix Export Logic
microsoft · Dec 4, 2024 · b38e9e1 · b38e9e1
2 parents a0a78ca + 8f29b4c
commit b38e9e1
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,8 @@
   * Added support for #microsoft.graph.accessReviewInactiveUsersQueryScope in odatatype.
 * AADActivityBasedTimeoutPolicy
   * Added support for AccessTokens.
+* AADIdentityAPIConnector
+  * Changed the export logic to export passwords as credential objects instead of string.
 * AADRoleManagementPolicyRule
   * Added the logic to handle filters in the Export logic flow.
 * EXOAuthenticationPolicyAssignment

diff --git a/...crosoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/MSFT_AADIdentityAPIConnector.psm1 b/...crosoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/MSFT_AADIdentityAPIConnector.psm1
@@ -124,9 +124,9 @@ function Get-TargetResource
         foreach ($currentCertificate in $getValue.AuthenticationConfiguration.AdditionalProperties.certificateList)
         {
             $myCertificate = @{}
-            $myCertificate.Add('Pkcs12Value', 'Please insert a valid Pkcs12Value')
+            $myCertificate.Add('Pkcs12Value', "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ('Please insert a valid Pkcs12Value') -AsPlainText -Force))")
             $myCertificate.Add('Thumbprint', $currentCertificate.thumbprint)
-            $myCertificate.Add('Password', 'Please insert a valid Password for the certificate')
+            $myCertificate.Add('Password', "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ('Please insert a valid Password for the certificate') -AsPlainText -Force))")
             $myCertificate.Add('IsActive', $currentCertificate.isActive)
 
             if ($myCertificate.values.Where({ $null -ne $_ }).Count -gt 0)
@@ -661,6 +661,11 @@ function Export-TargetResource
         }
         foreach ($config in $getValue)
         {
+            if ($null -ne $Global:M365DSCExportResourceInstancesCount)
+            {
+                $Global:M365DSCExportResourceInstancesCount++
+            }
+
             $displayedKey = $config.Id
             if (-not [String]::IsNullOrEmpty($config.displayName))
             {
@@ -685,12 +690,11 @@ function Export-TargetResource
             }
 
             $Results = Get-TargetResource @Params
-            $Results.Password = 'Please insert a valid Password'
+            $Results.Password = "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ('Please insert a valid Password') -AsPlainText -Force));"
 
             $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
                 -Results $Results
 
-
             if ($null -ne $Results.Certificates)
             {
                 $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
@@ -718,6 +722,13 @@ function Export-TargetResource
                 $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Certificates' -IsCIMArray:$True
             }
 
+            # Replace the main password variable.
+            $currentDSCBlock = $currentDSCBlock.Replace('"New-Object System.', 'New-Object System.').Replace(') -AsPlainText -Force));";', ') -AsPlainText -Force));')
+
+            # Replace the certificate variables.
+            $currentDSCBlock = $currentDSCBlock.Replace("'New-Object System.", "New-Object System.").Replace(" -Force))'", " -Force))")
+            $currentDSCBlock = $currentDSCBlock.Replace("(ConvertTo-SecureString (''", "(ConvertTo-SecureString ('").Replace("''Password''", "'Password'").Replace("'') -AsPlainText", "') -AsPlainText")
+
             $dscContent += $currentDSCBlock
             Save-M365DSCPartialExport -Content $currentDSCBlock `
                 -FileName $Global:PartialExportFileName