Merge pull request #4128 from NikCharlebois/Integration-Tests-Fixes

Integration Fixes
microsoft · Jan 8, 2024 · 06a20b1 · 06a20b1
2 parents 0a48da8 + c539510
commit 06a20b1
Show file tree

Hide file tree

Showing 12 changed files with 66 additions and 23 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 # UNRELEASED
 
+* AADAdministrativeUnit
+  * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1.
 * AADConditionalAccessPolicy
   * Added support for application filters in the conditions.
 

diff --git a/...s/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/...s/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1
@@ -543,7 +543,6 @@ function Set-TargetResource
             # ScopedRoleMember-info is added after the AU is created
         }
         $CreateParameters.Remove('ScopedRoleMembers') | Out-Null
-
     }
 
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
@@ -604,8 +603,11 @@ function Set-TargetResource
         $UpdateParameters.Remove('ScopedRoleMembers') | Out-Null
 
         #region resource generator code
-        Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters `
-            -AdministrativeUnitId $currentInstance.Id
+        $jsonParams = ConvertTo-Json $UpdateParameters
+        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
+        Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $jsonParams
+        <#Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters `
+            -AdministrativeUnitId $currentInstance.Id #>
 
         #endregion
 
@@ -689,7 +691,7 @@ function Set-TargetResource
                 $desiredScopedRoleMembersValue = @()
             }
 
-            # flatten hashtabls for compare
+            # flatten hashtables for compare
             $compareCurrentScopedRoleMembersValue = @()
             foreach ($roleMember in $currentScopedRoleMembersValue)
             {

diff --git a/...T_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 b/...T_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1
@@ -101,16 +101,17 @@ function Get-TargetResource
         #endregion
         if ($null -eq $getValue)
         {
-            Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Temporary with DisplayName {$DisplayName}"
+            Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Temporary"
             return $nullResult
         }
         $Id = $getValue.Id
-        Write-Verbose -Message "An Azure AD Authentication Method Policy Temporary with Id {$Id} and DisplayName {$DisplayName} was found."
+        Write-Verbose -Message "An Azure AD Authentication Method Policy Temporary with Id {$($currentExcludeTargets.id))} was found."
 
         #region resource generator code
         $complexExcludeTargets = @()
         foreach ($currentExcludeTargets in $getValue.excludeTargets)
         {
+            Write-Verbose -Message "Retrieving ExcludeTarget {$currentExcludeTargets}"
             $myExcludeTargets = @{}
             if ($currentExcludeTargets.id -ne 'all_users'){
                 $myExcludeTargetsDisplayName = get-MgGroup -GroupId $currentExcludeTargets.id
@@ -133,6 +134,7 @@ function Get-TargetResource
         $complexincludeTargets = @()
         foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets)
         {
+            Write-Verbose -Message "Retrieving IncludeTarget {$($currentincludeTargets.id)}"
             $myincludeTargets = @{}
             if ($currentIncludeTargets.id -ne 'all_users'){
                 $myIncludeTargetsDisplayName = get-MgGroup -GroupId $currentIncludeTargets.id
@@ -158,6 +160,7 @@ function Get-TargetResource
         }
         #endregion
 
+        Write-Verbose -Message "Get-TargetResource returned values"
         $results = @{
             #region resource generator code
             DefaultLength            = $getValue.AdditionalProperties.defaultLength
@@ -486,6 +489,7 @@ function Test-TargetResource
     $testResult = $true
 
     #Compare Cim instances
+    Write-Verbose -Message "Evaluating keys"
     foreach ($key in $PSBoundParameters.Keys)
     {
         $source = $PSBoundParameters.$key

diff --git a/...ssPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/...ssPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1
@@ -653,6 +653,27 @@ function Set-TargetResource
             $UpdateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers
         }
 
+        if (-not [System.String]::IsNullOrEmpty($AccessPackageId))
+        {
+            $ObjectGuid = [System.Guid]::empty
+            $isGUID = [System.Guid]::TryParse($AccessPackageId, [System.Management.Automation.PSReference]$ObjectGuid)
+            if (-not $isGUID)
+            {
+                # Retrieve by name
+                Write-Verbose -Message "Retrieving Entitlement Management Access Package by Name {$AccessPackageId}"
+                $package = Get-MgBetaEntitlementManagementAccessPackage -Filter "displayName eq '$AccessPackageId'"
+                if ($null -ne $package)
+                {
+                    $AccessPackageId = $package.Id
+                }
+                else
+                {
+                    throw "Could not retrieve the Access Package using identifier {$AccessPackageId}"
+                }
+            }
+            $UpdateParameters.AccessPackageId = $AccessPackageId
+        }
+
         #write-verbose ($UpdateParameters|convertto-json -Depth 100)
         Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy `
             -BodyParameter $UpdateParameters `

diff --git a/...ources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/...ources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1
@@ -125,13 +125,16 @@
             if ($null -ne $Script:exportedInstances -and $Script:ExportMode)
             {
                     Write-Verbose -Message "Getting Role Eligibility by PrincipalId and RoleDefinitionId"
+                    $PrincipalTypeValue = $null
                     if ($PrincipalType -eq 'User')
                     {
+                        Write-Verbose -Message "Retrieving Principal by UserPrincipalName {$Principal}"
                         $PrincipalIdValue = Get-MgUser -Filter "UserPrincipalName eq '$Principal'" -ErrorAction SilentlyContinue
                         $PrincipalTypeValue = 'User'
                     }
                     if ($null -eq $PrincipalIdValue -or $PrincipalType -eq 'Group')
                     {
+                        Write-Verbose -Message "Retrieving Principal by DisplayName {$Principal}"
                         $PrincipalIdValue = Get-MgGroup -Filter "DisplayName eq '$Principal'" -ErrorAction SilentlyContinue
                         $PrincipalTypeValue = 'Group'
                     }
@@ -146,7 +149,7 @@
                     }
                     Write-Verbose -Message "Found Principal {$PrincipalId}"
                     $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
-                    $request = $Script:exportedInstances | Where-Object -FilterScript {$_.PrincipalId -eq $PrincipalId -and $_.RoleDefinitionId -eq $RoleDefinition}
+                    $request = $Script:exportedInstances | Where-Object -FilterScript {$_.PrincipalId -eq $PrincipalId -and $_.RoleDefinitionId -eq $RoleDefinition} | Sort-Object -Property CompletedDateTime -Descending
             }
             else
             {
@@ -178,7 +181,8 @@
                 Write-Verbose -Message "Found Role {$RoleDefinitionId}"
 
                 $schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'"
-                $request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'"
+                [Array]$request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'" | Sort-Object -Property CompletedDateTime -Descending
+`               $request = $request[0]
             }
         }
         else
@@ -202,11 +206,13 @@
         Write-Verbose -Message "Found existing AADRolelLigibilityScheduleRequest"
         if ($PrincipalType -eq 'User')
         {
+            Write-Verbose -Message "Retrieving Principal by UserId {$($request.PrincipalId)}"
             $PrincipalInstance = Get-MgUser -UserId $request.PrincipalId -ErrorAction SilentlyContinue
             $PrincipalTypeValue = 'User'
         }
         if ($null -eq $PrincipalInstance -or $PrincipalType -eq 'Group')
         {
+            Write-Verbose -Message "Retrieving Principal by GroupId {$($request.PrincipalId)}"
             $requestArray = [Array]$request
             if ($requestArray.Count -gt 1)
             {
@@ -307,7 +313,7 @@
     }
     catch
     {
-        Write-Verbose "Error: $($_.ErrorDetails.Message)"
+        Write-Verbose "Error: $_"
         New-M365DSCLogEntry -Message 'Error retrieving data:' `
             -Exception $_ `
             -Source $($MyInvocation.MyCommand.Source) `

diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1
@@ -12,19 +12,20 @@ Configuration Example
     )
     Import-DscResource -ModuleName Microsoft365DSC
 
+    $Domain = $Credscredential.Username.Split('@')[1]
     node localhost
     {
         AADApplication 'AADApp1'
         {
             DisplayName               = "AppDisplayName"
             AvailableToOtherTenants   = $false
             GroupMembershipClaims     = "0"
-            Homepage                  = "https://app.contoso.com"
-            IdentifierUris            = "https://app.contoso.com"
+            Homepage                  = "https://$Domain"
+            IdentifierUris            = "https://$Domain"
             KnownClientApplications   = ""
-            LogoutURL                 = "https://app.contoso.com/logout"
+            LogoutURL                 = "https://$Domain/logout"
             PublicClient              = $false
-            ReplyURLs                 = "https://app.contoso.com"
+            ReplyURLs                 = "https://$Domain"
             Permissions               = @(
                 MSFT_AADApplicationPermission
                 {

diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1
@@ -12,19 +12,20 @@ Configuration Example
     )
     Import-DscResource -ModuleName Microsoft365DSC
 
+    $Domain = $Credscredential.Username.Split('@')[1]
     node localhost
     {
         AADApplication 'AADApp1'
         {
             DisplayName               = "AppDisplayName"
             AvailableToOtherTenants   = $true # Updated Property
             GroupMembershipClaims     = "0"
-            Homepage                  = "https://app.contoso.com"
-            IdentifierUris            = "https://app.contoso.com"
+            Homepage                  = "https://$Domain"
+            IdentifierUris            = "https://$Domain"
             KnownClientApplications   = ""
-            LogoutURL                 = "https://app.contoso.com/logout"
+            LogoutURL                 = "https://$Domain/logout"
             PublicClient              = $false
-            ReplyURLs                 = "https://app.contoso.com"
+            ReplyURLs                 = "https://$Domain"
             Permissions               = @(
                 MSFT_AADApplicationPermission
                 {

diff --git a/...es/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 b/...es/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1
@@ -30,7 +30,7 @@ Configuration Example
             Id                       = "TemporaryAccessPass";
             IncludeTargets           = @(
                 MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{
-                    Id = 'DSCGroup'
+                    Id = 'Executives'
                     TargetType = 'group'
                 }
             );

diff --git a/...es/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 b/...es/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1
@@ -30,7 +30,7 @@ Configuration Example
             Id                       = "TemporaryAccessPass";
             IncludeTargets           = @(
                 MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{
-                    Id = 'DSCGroup'
+                    Id = 'Executives'
                     TargetType = 'group'
                 }
             );

diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1
@@ -22,9 +22,9 @@ Configuration Example
             AlternativeNames              = "AlternativeName1","AlternativeName2"
             AccountEnabled                = $true
             AppRoleAssignmentRequired     = $false
-            Homepage                      = "https://$Domain/site/Home"
+            Homepage                      = "https://$Domain"
             LogoutUrl                     = "https://$Domain/logout"
-            ReplyURLs                     = "https://$Domain/Reply"
+            ReplyURLs                     = "https://$Domain"
             ServicePrincipalType          = "Application"
             Tags                          = "{WindowsAzureActiveDirectoryIntegratedApp}"
             Ensure                        = "Present"

diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1
@@ -22,9 +22,9 @@ Configuration Example
             AlternativeNames              = "AlternativeName1","AlternativeName3" # Updated Property
             AccountEnabled                = $true
             AppRoleAssignmentRequired     = $false
-            Homepage                      = "https://$Domain/site/Home"
+            Homepage                      = "https://$Domain"
             LogoutUrl                     = "https://$Domain/logout"
-            ReplyURLs                     = "https://$Domain/Reply"
+            ReplyURLs                     = "https://$Domain"
             ServicePrincipalType          = "Application"
             Tags                          = "{WindowsAzureActiveDirectoryIntegratedApp}"
             Ensure                        = "Present"

diff --git a/...oft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 b/...oft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1
@@ -386,6 +386,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     Ensure                  = 'Present'
                     Credential              = $Credential
                 }
+
+                Mock -CommandName Get-MgBetaEntitlementManagementAccessPackage -MockWith {
+                    return @{
+                        Id = 'FakeStringValue'
+                    }
+                }
 
                 Mock -CommandName Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -MockWith {
                     return @{