Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix 3787 #3852

Merged
merged 3 commits into from
Oct 30, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Change log for Microsoft365DSC

# UNRELEASED

* AADRoleEligibilityScheduleRequest
* Fixes how the Get method retrieves existing instances for Groups.
FIXES [#3787](https://github.com/microsoft/Microsoft365DSC/issues/3787)

# 1.23.1025.1

* AADEntitlementManagementAccessPackageAssignmentPolicy
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -177,10 +177,16 @@
$RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
Write-Verbose -Message "Found Role {$RoleDefinitionId}"

$schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'"
$request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'"
}
}
if ($null -eq $request)
else
{
$RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
$schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$($request.PrincipalId)' and RoleDefinitionId eq '$RoleDefinitionId'"
}
if ($null -eq $schedule -or $null -eq $request)
{
return $nullResult
}
Expand All @@ -201,47 +207,46 @@
{
return $nullResult
}
$RoleDefinitionValue = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId

$ScheduleInfoValue = @{}

if ($null -ne $request.ScheduleInfo.Expiration)
if ($null -ne $schedule.ScheduleInfo.Expiration)
{
$expirationValue = @{
duration = $request.ScheduleInfo.Expiration.Duration
type = $request.ScheduleInfo.Expiration.Type
duration = $schedule.ScheduleInfo.Expiration.Duration
type = $schedule.ScheduleInfo.Expiration.Type
}
if ($null -ne $request.ScheduleInfo.Expiration.EndDateTime)
if ($null -ne $schedule.ScheduleInfo.Expiration.EndDateTime)
{
$expirationValue.Add('endDateTime', $request.ScheduleInfo.Expiration.EndDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
$expirationValue.Add('endDateTime', $schedule.ScheduleInfo.Expiration.EndDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
}
$ScheduleInfoValue.Add('expiration', $expirationValue)
}
if ($null -ne $request.ScheduleInfo.Recurrence)
if ($null -ne $schedule.ScheduleInfo.Recurrence)
{
$recurrenceValue = @{
pattern = @{
dayOfMonth = $request.ScheduleInfo.Recurrence.Pattern.dayOfMonth
daysOfWeek = $request.ScheduleInfo.Recurrence.Pattern.daysOfWeek
firstDayOfWeek = $request.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek
index = $request.ScheduleInfo.Recurrence.Pattern.index
interval = $request.ScheduleInfo.Recurrence.Pattern.interval
month = $request.ScheduleInfo.Recurrence.Pattern.month
type = $request.ScheduleInfo.Recurrence.Pattern.type
dayOfMonth = $schedule.ScheduleInfo.Recurrence.Pattern.dayOfMonth
daysOfWeek = $schedule.ScheduleInfo.Recurrence.Pattern.daysOfWeek
firstDayOfWeek = $schedule.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek
index = $schedule.ScheduleInfo.Recurrence.Pattern.index
interval = $schedule.ScheduleInfo.Recurrence.Pattern.interval
month = $schedule.ScheduleInfo.Recurrence.Pattern.month
type = $schedule.ScheduleInfo.Recurrence.Pattern.type
}
range = @{
endDate = $request.ScheduleInfo.Recurrence.Range.endDate
numberOfOccurrences = $request.ScheduleInfo.Recurrence.Range.numberOfOccurrences
recurrenceTimeZone = $request.ScheduleInfo.Recurrence.Range.recurrenceTimeZone
startDate = $request.ScheduleInfo.Recurrence.Range.startDate
type = $request.ScheduleInfo.Recurrence.Range.type
endDate = $schedule.ScheduleInfo.Recurrence.Range.endDate
numberOfOccurrences = $schedule.ScheduleInfo.Recurrence.Range.numberOfOccurrences
recurrenceTimeZone = $schedule.ScheduleInfo.Recurrence.Range.recurrenceTimeZone
startDate = $schedule.ScheduleInfo.Recurrence.Range.startDate
type = $schedule.ScheduleInfo.Recurrence.Range.type
}
}
$ScheduleInfoValue.Add('Recurrence', $recurrenceValue)
}
if ($null -ne $request.ScheduleInfo.StartDateTime)
if ($null -ne $schedule.ScheduleInfo.StartDateTime)
{
$ScheduleInfoValue.Add('StartDateTime', $request.ScheduleInfo.StartDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
$ScheduleInfoValue.Add('StartDateTime', $schedule.ScheduleInfo.StartDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
}

$ticketInfoValue = $null
Expand All @@ -254,19 +259,19 @@
}

$PrincipalValue = $null
if ($PrincipalTypeValue -eq 'User')
if ($PrincipalType -eq 'User')
{
$PrincipalValue = $PrincipalInstance.UserPrincipalName
}
elseif ($PrincipalTypeValue -eq 'Group')
if ($null -eq $PrincipalValue -or $PrincipalTypeValue -eq 'Group')
{
$PrincipalValue = $PrincipalInstance.DisplayName
}

$results = @{
Principal = $PrincipalValue
PrincipalType = $PrincipalTypeValue
RoleDefinition = $RoleDefinitionValue.DisplayName
RoleDefinition = $RoleDefinition
DirectoryScopeId = $request.DirectoryScopeId
AppScopeId = $request.AppScopeId
Action = $request.Action
Expand Down Expand Up @@ -729,10 +734,10 @@ function Export-TargetResource
#region resource generator code
$schedules = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -All -ErrorAction Stop
[array] $Script:exportedInstances = @()
foreach ($schedule in $schedules)
{
[array] $allRequests = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -All `
[array] $allRequests = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -All `
-Filter "Status ne 'Revoked'" -ErrorAction Stop
foreach ($schedule in $schedules)
{
[array] $Script:exportedInstances += $allRequests | Where-Object -FilterScript {$_.TargetScheduleId -eq $schedule.Id}
}
#endregion
Expand All @@ -751,10 +756,12 @@ function Export-TargetResource
{
$displayedKey = $request.Id
Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline

$RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId
$params = @{
Id = $request.Id
Principal = $request.PrincipalId
RoleDefinition = 'TempDefinition'
RoleDefinition = $RoleDefinitionId.DisplayName
ScheduleInfo = 'TempSchedule'
Ensure = 'Present'
Credential = $Credential
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
$secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ('[email protected]', $secpasswd)
$Script:exportedInstances = $null
$Script:ExportMode = $null
Mock -CommandName Add-M365DSCTelemetryEvent -MockWith {
}

Expand Down Expand Up @@ -159,8 +160,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
RoleDefinition = "Teams Communications Administrator";
ScheduleInfo = New-CimInstance -ClassName MSFT_AADRoleEligibilityScheduleRequestSchedule -Property @{

expiration = New-CimInstance -ClassName MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration -Property @{

expiration = New-CimInstance -ClassName MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration -Property @{
type = 'afterDateTime'
} -ClientOnly
} -ClientOnly
Expand All @@ -182,6 +182,21 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
};
}
}
Mock -CommandName Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -MockWith {
return @{
Action = "AdminAssign";
Id = '12345-12345-12345-12345-12345'
DirectoryScopeId = "/";
IsValidationOnly = $False;
PrincipalId = "123456";
RoleDefinitionId = "12345";
ScheduleInfo = @{
expiration = @{
type = 'afterDateTime'
}
};
}
}
}

It 'Should return Values from the Get method' {
Expand Down