PR - AADEntitlementManagementAccessPackageAssignmentPolicy - FIXES [#3639]

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 # UNRELEASED
 
+
+* AADEntitlementManagementAccessPackageAssignmentPolicy
+  * Fixes customExtension property where the schema and assignement were not managed correctly
+    FIXES [#3639](https://github.com/microsoft/Microsoft365DSC/issues/3639)
 * O365OrgSettings
   * Fixes and issue where a the wrong url was being used in some of the API
     calls, resulting in null returns for some properties in the Get method.

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1

@@ -271,11 +271,9 @@ function Get-TargetResource
         foreach ($customExtensionHandler in $getValue.CustomExtensionHandlers)
         {
             $customExt = @{
-                Id              = $customExtensionHandler.Id
+                #Id              = $customExtensionHandler.Id #Read Only
                 Stage           = $customExtensionHandler.Stage
-                CustomExtension = @{
-                    Id = $customExtensionHandler.CustomExtension.Id
-                }
+                CustomExtensionId = $customExtensionHandler.CustomExtension.Id
             }
             $formattedCustomExtensionHandlers += $customExt
         }
@@ -476,6 +474,21 @@ function Set-TargetResource
                 }
             }
         }
+        If ($null -ne $CreateParameters.CustomExtensionHandlers -and $CreateParameters.CustomExtensionHandlers.count -gt 0 )
+        {
+            $formattedCustomExtensionHandlers = @()
+            foreach ($customExtensionHandler in $CreateParameters.CustomExtensionHandlers)
+            {
+                $extensionId= $customExtensionHandler.CustomExtensionId
+                $formattedCustomExtensionHandlers += @{
+                    stage = $customExtensionHandler.Stage
+                    customExtension = @{
+                        id = $extensionId
+                    }
+                }
+            }
+            $CreateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers
+        }
         New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy `
             -BodyParameter $CreateParameters
     }
@@ -503,7 +516,7 @@ function Set-TargetResource
         # Convert back user principal names to Ids
         if ($null -ne $UpdateParameters.AccessReviewSettings -and $null -ne $UpdateParameters.AccessReviewSettings.Reviewers)
         {
-            Write-Verbose -Message "Updating Reviewers' Id"
+            #Write-Verbose -Message "Updating Reviewers' Id"
             for ($i = 0; $i -lt $UpdateParameters.AccessReviewSettings.Reviewers.Length; $i++)
             {
                 $reviewer = $UpdateParameters.AccessReviewSettings.Reviewers[$i]
@@ -516,10 +529,10 @@ function Set-TargetResource
         }
         if ($null -ne $UpdateParameters.RequestorSettings -and $null -ne $UpdateParameters.RequestorSettings.AllowedRequestors)
         {
-            Write-Verbose -Message "Updating Requestors' Id"
+            #Write-Verbose -Message "Updating Requestors' Id"
             for ($i = 0; $i -lt $UpdateParameters.RequestorSettings.AllowedRequestors.Length; $i++)
             {
-                Write-Verbose -Message "Requestor: $($UpdateParameters.RequestorSettings.AllowedRequestors[$i].Id)"
+                #Write-Verbose -Message "Requestor: $($UpdateParameters.RequestorSettings.AllowedRequestors[$i].Id)"
                 $requestor = $UpdateParameters.RequestorSettings.AllowedRequestors[$i]
                 $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($requestor.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
                 if ($null -ne $user)
@@ -528,6 +541,23 @@ function Set-TargetResource
                 }
             }
         }
+        If ($null -ne $UpdateParameters.CustomExtensionHandlers -and $UpdateParameters.CustomExtensionHandlers.count -gt 0 )
+        {
+            $formattedCustomExtensionHandlers = @()
+            foreach ($customExtensionHandler in $UpdateParameters.CustomExtensionHandlers)
+            {
+                $extensionId= $customExtensionHandler.CustomExtensionId
+                $formattedCustomExtensionHandlers += @{
+                    stage = $customExtensionHandler.Stage
+                    customExtension = @{
+                        id = $extensionId
+                    }
+                }
+            }
+            $UpdateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers
+        }
+
+        #write-verbose ($UpdateParameters|convertto-json -Depth 100)
         Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy `
             -BodyParameter $UpdateParameters `
             -AccessPackageAssignmentPolicyId $currentInstance.Id
@@ -885,23 +915,6 @@ function Export-TargetResource
             }
             if ($null -ne $Results.CustomExtensionHandlers )
             {
-                $complexMapping = @(
-                    @{
-                        Name            = 'AuthenticationConfiguration'
-                        CimInstanceName = 'MicrosoftGraphcustomextensionauthenticationconfiguration'
-                        IsRequired      = $false
-                    }
-                    @{
-                        Name            = 'ClientConfiguration'
-                        CimInstanceName = 'MicrosoftGraphcustomextensionclientconfiguration'
-                        IsRequired      = $false
-                    }
-                    @{
-                        Name            = 'EndpointConfiguration'
-                        CimInstanceName = 'MicrosoftGraphcustomextensionauthenticationconfiguration'
-                        IsRequired      = $false
-                    }
-                )
                 $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
                     -ComplexObject $Results.CustomExtensionHandlers `
                     -CIMInstanceName MicrosoftGraphcustomextensionhandler `

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof

@@ -84,38 +84,10 @@ class MSFT_MicrosoftGraphrequestorsettings
 [ClassVersion("1.0.0")]
 class MSFT_MicrosoftGraphcustomextensionhandler
 {
-    [Write, Description("Indicates which custom workflow extension will be executed at this stage."), EmbeddedInstance("MSFT_MicrosoftGraphcustomaccesspackageworkflowextension")] String CustomExtension;
+    [Write, Description("Indicates which custom workflow extension will be executed at this stage.")] String CustomExtensionId;
     [Write, Description("Indicates the stage of the access package assignment request workflow when the access package custom extension runs."), ValueMap{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}, Values{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}] String Stage;
     [Write, Description("Identifier of the stage.")] String Id;
 };
-[ClassVersion("1.0.0")]
-class MSFT_MicrosoftGraphcustomaccesspackageworkflowextension
-{
-    [Write, Description("Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String AuthenticationConfiguration;
-    [Write, Description("HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ClientConfiguration;
-    [Write, Description("Description for the customAccessPackageWorkflowExtension object.")] String Description;
-    [Write, Description("Display name for the customAccessPackageWorkflowExtension object.")] String DisplayName;
-    [Write, Description("The type and details for configuring the endpoint to call the logic app's workflow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionendpointconfiguration")] String EndpointConfiguration;
-    [Write, Description("Identifier for the customAccessPackageWorkflowExtension object.")] String Id;
-};
-[ClassVersion("1.0.0")]
-class MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration
-{
-    [Write, Description("The appID of the Azure AD application to use to authenticate a logic app with a custom access package workflow extension.")] String ResourceId;
-};
-[ClassVersion("1.0.0")]
-class MSFT_MicrosoftGraphcustomextensionclientconfiguration
-{
-    [Write, Description("The max duration in milliseconds that Azure AD will wait for a response from the logic app before it shuts down the connection. The valid range is between 200 and 2000 milliseconds. Default duration is 1000.")] UInt32 TimeoutInMilliseconds;
-};
-[ClassVersion("1.0.0")]
-class MSFT_MicrosoftGraphcustomextensionendpointconfiguration
-{
-    [Write, Description("The name of the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String LogicAppWorkflowName;
-    [Write, Description("The Azure resource group name for the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ResourceGroupName;
-    [Write, Description("Identifier of the Azure subscription for the logic app.")] String SubscriptionId;
-};
-
 [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageAssignmentPolicy")]
 class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResource
 {

Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1

@@ -222,13 +222,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                             durationInDays                  = 25
                         } -ClientOnly)
                     CanExtend               = $True
-                    CustomExtensionHandlers = @(
+                    CustomExtensionHandlers = [CimInstance[]]@(
                             (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{
-                            CustomExtension = (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomaccesspackageworkflowextension -Property @{
-                                    Id = 'MyCustomExtensionId'
-                                } -ClientOnly)
+                            CustomExtensionId = 'MyCustomExtensionId'
                             Stage           = 'assignmentRequestCreated'
-                            Id              = 'MyCustomExtensionHandlersId'
                         } -ClientOnly)
                     )
                     Description             = 'FakeStringValue'
@@ -346,11 +343,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
                         } -ClientOnly)
                     CanExtend               = $True
-                    CustomExtensionHandlers = @(
+                    CustomExtensionHandlers = [CimInstance[]]@(
                             (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{
-                            isArray = $True
-                            CIMType = 'MSFT_MicrosoftGraphcustomextensionhandler'
-
+                            CustomExtensionId = 'MyCustomExtensionId'
+                            Stage           = 'assignmentRequestCreated'
                         } -ClientOnly)
                     )
                     Description             = 'FakeStringValue'
@@ -427,13 +423,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 acceptRequests = $True
 
                             }
-                            CustomExtensionHandlers = @(
-                                @{
-                                    isArray = $True
-
-                                }
-                            )
-
                         }
                         Description          = 'FakeStringValue'
                         DisplayName          = 'FakeStringValue'
@@ -476,6 +465,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 reviewerType                    = 'FakeStringValue'
                                 durationInDays                  = 25
                             } -ClientOnly)
+                        CustomExtensionHandlers = [CimInstance[]]@(
+                            (New-CimInstance -ClassName MSFT_MicrosoftGraphcustomextensionhandler -Property @{
+                            CustomExtensionId = 'MyCustomExtensionId'
+                            Stage           = 'assignmentRequestCreated'
+                            } -ClientOnly)
+                        )
                         CanExtend               = $True
                         Description             = 'FakeStringValue'
                         DisplayName             = 'FakeStringValue'