Skip to content

Commit

Permalink
Merge branch 'Dev' into fix/AADConditionalAccessPolicy-badrequest
Browse files Browse the repository at this point in the history
  • Loading branch information
mibarm committed Jan 22, 2024
2 parents 0f3854e + e0aa47e commit b9dc01d
Show file tree
Hide file tree
Showing 13 changed files with 101 additions and 121 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@
* Removed the ability to specify a value of Absent for the Ensure property.
* AADCrossTenantAccessPolicyCOnfigurationDefault
* Removed the ability to specify a value of Absent for the Ensure property.
* AADGroup
* Changed Set logic to restore groups from the deleted list if a match by
DisplayName is found.
* SPOSharingSettings
* Fixed an Issue where the MySiteSharingCapability could be returned as an
empty string instead of a null value from the Get method.

# 1.24.117.1

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,49 @@ function Set-TargetResource

$currentParameters.Remove('AssignedLicenses') | Out-Null

if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Present')
if ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent')
{
Write-Verbose -Message "Checking to see if an existing deleted group exists with DisplayName {$DisplayName}"
$restorinExisting = $false
[Array]$groups = Get-MgBetaDirectoryDeletedItemAsGroup -Filter "DisplayName eq '$DisplayName'"
if ($groups.Length -gt 1)
{
throw "Multiple deleted groups with the name {$DisplayName} were found. Cannot restore the existig group. Please ensure that you either have no instance of the group in the deleted list or that you have a single one."
}

if ($groups.Length -eq 1)
{
Write-Verbose -Message "Found an instance of a deleted group {$DisplayName}. Restoring it."
Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $groups[0].Id
$restoringExisting = $true
$currentGroup = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop
}

if (-not $restoringExisting)
{
Write-Verbose -Message "Creating new group {$DisplayName}"
$currentParameters.Remove('Id') | Out-Null

try
{
Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)"
$currentGroup = New-MgGroup @currentParameters
Write-Verbose -Message "Created Group $($currentGroup.id)"
}
catch
{
Write-Verbose -Message $_
New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" `
-Exception $_ `
-Source $MyInvocation.MyCommand.ModuleName
}
}
if ($assignedLicensesGUIDs.Length -gt 0)
{
Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @()
}
}
if ($Ensure -eq 'Present')
{
Write-Verbose -Message "Group {$DisplayName} exists and it should."
try
Expand Down Expand Up @@ -557,30 +599,6 @@ function Set-TargetResource
-Source $MyInvocation.MyCommand.ModuleName
}
}
elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent')
{
Write-Verbose -Message "Creating new group {$DisplayName}"
$currentParameters.Remove('Id') | Out-Null

try
{
Write-Verbose -Message "Creating Group with Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)"
$currentGroup = New-MgGroup @currentParameters

Write-Verbose -Message "Created Group $($currentGroup.id)"
if ($assignedLicensesGUIDs.Length -gt 0)
{
Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @()
}
}
catch
{
Write-Verbose -Message $_
New-M365DSCLogEntry -Message "Couldn't create group $DisplayName" `
-Exception $_ `
-Source $MyInvocation.MyCommand.ModuleName
}
}
elseif ($Ensure -eq 'Absent' -and $currentGroup.Ensure -eq 'Present')
{
try
Expand Down Expand Up @@ -623,7 +641,17 @@ function Set-TargetResource
$ownerObject = @{
'@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}"
}
New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject | Out-Null
try
{
New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject -ErrorAction Stop| Out-Null
}
catch
{
if ($_.Exception.Message -notlike "*One or more added object references already exist for the following modified properties*")
{
throw $_
}
}
}
elseif ($diff.SideIndicator -eq '<=')
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -193,11 +193,9 @@ function Get-TargetResource
{
$DefaultLinkPermission = $SPOSharingSettings.DefaultLinkPermission
}

return @{
$results = @{
IsSingleInstance = 'Yes'
SharingCapability = $SPOSharingSettings.SharingCapability
MySiteSharingCapability = $MySiteSharingCapability
ShowEveryoneClaim = $SPOSharingSettings.ShowEveryoneClaim
ShowAllUsersClaim = $SPOSharingSettings.ShowAllUsersClaim
ShowEveryoneExceptExternalUsersClaim = $SPOSharingSettings.ShowEveryoneExceptExternalUsersClaim
Expand Down Expand Up @@ -229,6 +227,12 @@ function Get-TargetResource
Managedidentity = $ManagedIdentity.IsPresent
Ensure = 'Present'
}

if (-not [System.String]::IsNullOrEmpty($MySiteSharingCapability))
{
$results.Add('MySiteSharingCapability', $MySiteSharingCapability)
}
return $results
}
catch
{
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Configuration Example
GroupTypes = @("Unified")
MailNickname = "M365DSC"
Visibility = "Private"
Owners = @("AdeleV@$Domain")
Owners = @("admin@$Domain", "AdeleV@$Domain")
Ensure = "Present"
Credential = $Credscredential
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Configuration Example
GroupTypes = @("Unified")
MailNickname = "M365DSC"
Visibility = "Private"
Owners = @("AdeleV@$Domain")
Owners = @("admin@$Domain", "AdeleV@$Domain")
Ensure = "Present"
Credential = $Credscredential
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@
GroupTypes = @("Unified")
MailNickname = "M365DSC"
Visibility = "Private"
Owners = @("AdeleV@$Domain")
Owners = @("admin@$Domain", "AdeleV@$Domain")
Ensure = "Present"
Credential = $Credscredential
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,6 @@
State = "enabled";
Credential = $credsCredential;
}
AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email'
{
Ensure = "Absent";
Id = "Email";
State = "disabled"; # Updated Property
Credential = $credsCredential;
}
AADAuthenticationMethodPolicyFido2 'AADAuthenticationMethodPolicyFido2-Fido2'
{
Ensure = "Absent";
Expand Down Expand Up @@ -108,20 +101,6 @@
Ensure = 'Absent'
Credential = $Credscredential
}
AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy'
{
AllowedCloudEndpoints = @("microsoftonline.us");
Credential = $Credscredential;
DisplayName = "MyXTAPPolicy";
Ensure = "Absent";
IsSingleInstance = "Yes";
}
AADCrossTenantAccessPolicyConfigurationDefault 'AADCrossTenantAccessPolicyConfigurationDefault'
{
Credential = $Credscredential;
Ensure = "Absent";
IsSingleInstance = "Yes";
}
AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner'
{
Credential = $Credscredential;
Expand All @@ -130,7 +109,7 @@
}
AADEntitlementManagementAccessPackage 'myAccessPackage'
{
DisplayName = 'General'
DisplayName = 'Integration Package'
Ensure = 'Absent'
Credential = $Credscredential
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -270,13 +270,6 @@
MinimumLifetimeInMinutes = 60;
State = "enabled";
}
AADAuthenticationMethodPolicyVoice 'AADAuthenticationMethodPolicyVoice-Voice'
{
Credential = $Credscredential;
Ensure = "Present";
Id = "Voice";
State = "disabled";
}
AADAuthenticationMethodPolicyX509 'AADAuthenticationMethodPolicyX509-X509Certificate'
{
AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{
Expand Down Expand Up @@ -586,7 +579,7 @@
GroupTypes = @("Unified")
MailNickname = "M365DSC"
Visibility = "Private"
Owners = @("AdeleV@$Domain")
Owners = @("admin@$Domain", "AdeleV@$Domain")
Ensure = "Present"
Credential = $Credscredential
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
Mock -CommandName Get-MgGroupMember -MockWith {
}

Mock -CommandName Restore-MgBetaDirectoryDeletedItem -MockWith {
}
Mock -CommandName Get-MgBetaDirectoryDeletedItemAsGroup -MockWith {
}

Mock -CommandName Get-MgGroupMemberOf -MockWith {
}

Expand Down Expand Up @@ -395,7 +400,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
MailNickname = 'M365DSC'
GroupTypes = @()
}

# Set-TargetResource expects object-type of answer to contain 'group'
$returnData.psobject.TypeNames.insert(0, 'Group')
return $returnData
Expand Down
22 changes: 21 additions & 1 deletion Tests/Unit/Stubs/Microsoft365.psm1
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#region ExchangeOnlineManagement
# region ExchangeOnlineManagement
function Get-DefaultTenantBriefingConfig
{
[CmdletBinding()]
Expand Down Expand Up @@ -51825,6 +51825,26 @@ function Remove-MgBetaDirectoryAdministrativeUnitMemberByRef
$Break
)
}
function Restore-MgBetaDirectoryDeletedItem
{
[CmdletBinding()]
param(
[Parameter()]
[String]
$DirectoryObjectId
)
}

function Get-MgBetaDirectoryDeletedItemAsGroup
{
[CmdletBinding()]
param(
[Parameter()]
[String]
$Filter
)
}

function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember
{
[CmdletBinding()]
Expand Down
29 changes: 0 additions & 29 deletions docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,32 +114,3 @@ Configuration Example
}
```

### Example 2

This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.

```powershell
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$credsCredential
)
Import-DscResource -ModuleName Microsoft365DSC
Node localhost
{
AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email"
{
Ensure = "Absent";
Id = "Email";
State = "disabled"; # Updated Property
Credential = $credsCredential;
}
}
}
```

4 changes: 2 additions & 2 deletions docs/docs/resources/azure-ad/AADGroup.md
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ Configuration Example
GroupTypes = @("Unified")
MailNickname = "M365DSC"
Visibility = "Private"
Owners = @("AdeleV@$Domain")
Owners = @("admin@$Domain", "AdeleV@$Domain")
Ensure = "Present"
Credential = $Credscredential
}
Expand Down Expand Up @@ -132,7 +132,7 @@ Configuration Example
GroupTypes = @("Unified")
MailNickname = "M365DSC"
Visibility = "Private"
Owners = @("AdeleV@$Domain")
Owners = @("admin@$Domain", "AdeleV@$Domain")
Ensure = "Present"
Credential = $Credscredential
}
Expand Down

0 comments on commit b9dc01d

Please sign in to comment.