Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSFT_EXOTransportRule - Get-TransportRule is returning an invalidly defined 'String' format for MessageContainsDataClassifications #1820

Closed
hansze opened this issue Mar 14, 2022 · 2 comments · Fixed by #2128 or #2143
Labels
Bug Something isn't working Exchange Online

Comments

@hansze
Copy link

hansze commented Mar 14, 2022

Details of the scenario you tried and the problem that is occurring

If there is a MessageContainsDataClassifications value set the format is an array of strings containing both single and double quotation marks making the assignment of the value to the property in the PSCustom object that is created to later be parsed for Test and Set to be invalid. The commands Set-TransportRule and New-TransportRule both require an array of Hashtables and NOT and array of strings. The string array as said is invalid due to PS parsing and it would not be able to be converted using casting (i.e. static Parse method) regardless. The fix would be to convert the string into a format (HashTable) which can be used. The issue is not only the format but also the content of the strings representing the hashtables. some values are translated into human-readable values which are not valid for making change (i.e. Infinity and recommended). So the fix is somewhat non-trivial.

Verbose logs showing the problem

Suggested solution to the issue

Creating a conversion function within the Resource.psm1 and calling this to convert the string[] into a usable

The schema.mof will need to be changed to reflect a change of the property type from String[} to Hashtable[]

Test logic will need to be changed to compare the array of Hashtables

Here is a draft conversion function.

function ConvertDataClassifications-ToHashTable
{

[OutputType([Hashtable[]])]
[CmdletBinding()]
param([String[]]$DataClassificationString)

$DataClassificationCollection = [System.collections.ArrayList]@()

if($null -eq $Global:AllDataClassifications)
{
    # Define Lookup using GUID
    $Global:AllDataClassifications = @{}
    foreach($DC in Get-DataClassification)
    {
        $Global:AllDataClassifications.Add($DC.identity,$DC)
    }
}


$Pattern = '\{id:"(?<id>[^"\,]+)",\s*guid:"(?<guid>[^"\,]+)",\s*displayName:"(?<Name>[^"\,]+)",\s*minCount:(?<minCount>[^"\,]+),\s*maxCount:(?<maxCount>[^"\,]+),\s*minConfidence:(?<minConfidence>[^"\,]+),\s*maxConfidence:(?<maxConfidence>[^"\,\}]+)'
foreach($DCS in $DataClassificationString)
{

    $DataClassification = $null

    if($DCS -match $Pattern)
    {

        $Matches.Remove(0)
        $DataClassificationSettings = $Matches.clone()
        $DataClassification = $Global:AllDataClassifications[$DataClassificationSettings.guid]

        ## If Properties that should be numeric are not 
        # Query the number that should be set for DataClassicfication        
        if($DataClassificationSettings.minconfidence -match 'Recommended')
        {
            $DataClassificationSettings.minConfidence =  $DataClassification.RecommendedConfidence
        }

        # Assume for now that if Infinitiy that maxCOunt is not Set explicitly
        if($DataClassificationSettings.maxCount -match 'Infinity')
        {
            # TODO What numeric value is Inifinity
            # $DataClassificationSettings.maxCount =  -1 #$DataClassification | fl * -Force
            # Remove Property and assume for not Infinity is default is not set
            $DataClassificationSettings.Remove('maxcount')
        }
        $DataClassificationCollection.Add($DataClassificationSettings) | Out-Null
    }
    else
    {
        Write-Warning "CANNOT parse '$DCS'"
    }
}
return $DataClassificationCollection

}

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Export-M365DSCConfiguration -Components 'EXOTransportRule' -Credential $cred
.\M365TenantConfig.ps1

# Open M365TenantConfig.ps1 in Editor with PS Syntax parsing and it will be clear
# Below excerpt with HashTable Key(i.e. Resoure Property) as a variable
$MessageContainsDataClassifications        = @("{id:"ABA Routing Number", guid:"cb353f78-2b72-4c3c-8827-92ebe4f69fdf", displayName:"ABA Routing Number", minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}","{id:"Credit Card Number", guid:"50842eb7-edc8-4019-85dd-5a5c1f2bb085", displayName:"Credit Card Number", minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}","{id:"Drug Enforcement Agency (DEA) Number", guid:"9a5445ad-406e-43eb-8bd7-cac17ab6d0e4", displayName:"Drug Enforcement Agency (DEA) Number", minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}","{id:"U.S. / U.K. Passport Number", guid:"178ec42a-18b4-47cc-85c7-d62c92fd67f8", displayName:"U.S. / U.K. Passport Number", minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}","{id:"U.S. Bank Account Number", guid:"a2ce32a8-f935-4bb6-8e96-2a5157672e2c", displayName:"U.S. Bank Account Number", minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}","{id:"U.S. Individual Taxpayer Identification Number (ITIN)", guid:"e55e2a32-f92d-4985-a35d-a0b269eb687b", displayName:"U.S. Individual Taxpayer Identification Number (ITIN)", minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}","{id:"U.S. Social Security Number (SSN)", guid:"a44669fe-0d48-453d-a9b1-2cc83f2cba77", displayName:"U.S. Social Security Number (SSN)", minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}");

The operating system the target node is running

@{OsName=Microsoft Windows 10 Enterprise; OsOperatingSystemSKU=EnterpriseEdition; OsArchitecture=64-bit; WindowsVersion=2009; WindowsBuildLabEx=19041.1.amd64fre.vb_release.191206-1406; OsLanguage=en-US; OsMuiLanguages=System.String[]}

Version of the DSC module that was used ('dev' if using current dev branch)

ModuleType Version Name ExportedCommands


Manifest 1.22.216.1 Microsoft365DSC {Assert-M365DSCBlueprint, Assert-M365DSCTemplate, Compare-M365DSCConfigurations, Confirm-M365DSCDependencies...}

@hansze
Copy link
Author

hansze commented Mar 14, 2022

Just did a POC minimized version of EXOTransportRule and if the property MessageContainsDataClassifications is reduced to just contain @(@{Name=''}) without checking the other properties of the Data sensitivity definition then a simple check would be to see that all are present if not then set using the default property values (i.e. do not supply values). Else either a special case would have to made for this resource property and given that what you get back from Get-TransportRule is NOT valid for doing a Set or New-TransportRule with there will be a lot of potential mapping issues (i.e StringName to Int value).

I did not further check yet if Hashtable[] are handled properly in Test-M365DSCParameterState but even if what you get (current - String[]) with what you desire (MessageContainsDataClassifications (Hashtable[]) cannot be compared property/generically

@malauter malauter added Bug Something isn't working Exchange Online labels Mar 14, 2022
@hansze
Copy link
Author

hansze commented Mar 14, 2022

Just adding a comment that the format Get-TransportRule was returning for MessageContainsDataClassifications is JSON5 ... took me a while to understand that.

NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jul 21, 2022
NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jul 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Something isn't working Exchange Online
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants