From 017fefc98226bace3459cee715d6d76f9548c4a5 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Wed, 25 Oct 2023 21:43:26 +0100 Subject: [PATCH 1/2] fix approvers and reviewers + M365DSCDRGUtil:convertComplextoHashtable --- ...nagementAccessPackageAssignmentPolicy.psm1 | 91 +++++++++++++++++-- .../Modules/M365DSCDRGUtil.psm1 | 8 +- 2 files changed, 89 insertions(+), 10 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 099402bc79..030d514a65 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -126,7 +126,7 @@ function Get-TargetResource Write-Verbose -Message "Found access package assignment policy with id {$($getValue.Id)} and DisplayName {$DisplayName}" #region Format AccessReviewSettings - $formattedAccessReviewSettings = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.AccessReviewSettings + $formattedAccessReviewSettings = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.AccessReviewSettings -Verbose if($null -ne $formattedAccessReviewSettings) { $formattedAccessReviewSettings.remove('additionalProperties') | Out-Null @@ -139,6 +139,7 @@ function Get-TargetResource if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id)) { $user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue + if ($null -ne $user) { $setting.add('Id', $user.UserPrincipalName) @@ -148,7 +149,7 @@ function Get-TargetResource { $setting.add('ManagerLevel', $setting.AdditionalProperties.managerLevel) } - $setting.remove('additionalProperties') | Out-Null + $setting.remove('AdditionalProperties') | Out-Null } } #endregion @@ -170,7 +171,11 @@ function Get-TargetResource $setting.add('odataType', $setting.AdditionalProperties.'@odata.type') if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id)) { - $setting.add('Id', $setting.AdditionalProperties.id) + $user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $setting.add('Id', $user.UserPrincipalName) + } } if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.managerLevel)) { @@ -187,7 +192,11 @@ function Get-TargetResource $setting.add('odataType', $setting.AdditionalProperties.'@odata.type') if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id)) { - $setting.add('Id', $setting.AdditionalProperties.id) + $user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $setting.add('Id', $user.UserPrincipalName) + } } if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.managerLevel)) { @@ -462,6 +471,36 @@ function Set-TargetResource } } } + if ( $null -ne $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers) + { + for ($i = 0; $i -lt $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers.Length; $i++) + { + $primaryApprover = $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i] + if ($null -ne $primaryApprover.id) + { + $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($primaryApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i].Id = $user.Id + } + } + } + } + if ( $null -ne $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers) + { + for ($i = 0; $i -lt $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers.Length; $i++) + { + $escalationApprover = $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i] + if ($null -ne $escalationApprover.id) + { + $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($escalationApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i].Id = $user.Id + } + } + } + } if ($null -ne $CreateParameters.RequestorSettings -and $null -ne $CreateParameters.RequestorSettings.AllowedRequestors) { for ($i = 0; $i -lt $CreateParameters.RequestorSettings.AllowedRequestors.Length; $i++) @@ -527,6 +566,36 @@ function Set-TargetResource } } } + if ($null -ne $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers) + { + for ($i = 0; $i -lt $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers.Length; $i++) + { + $primaryApprover = $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i] + if ($null -ne $primaryApprover.id) + { + $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($primaryApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i].Id = $user.Id + } + } + } + } + if ($null -ne $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers) + { + for ($i = 0; $i -lt $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers.Length; $i++) + { + $escalationApprover = $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i] + if ($null -ne $escalationApprover.id) + { + $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($escalationApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i].Id = $user.Id + } + } + } + } if ($null -ne $UpdateParameters.RequestorSettings -and $null -ne $UpdateParameters.RequestorSettings.AllowedRequestors) { #Write-Verbose -Message "Updating Requestors' Id" @@ -810,7 +879,17 @@ function Export-TargetResource if ($null -ne $Results.AccessReviewSettings) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.AccessReviewSettings -CIMInstanceName MicrosoftGraphassignmentreviewsettings + $complexMapping = @( + @{ + Name = 'Reviewers' + CimInstanceName = 'MicrosoftGraphuserset' + IsRequired = $false + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.AccessReviewSettings ` + -CIMInstanceName MicrosoftGraphassignmentreviewsettings ` + -ComplexTypeMapping $complexMapping if ($complexTypeStringResult) { $Results.AccessReviewSettings = $complexTypeStringResult @@ -939,7 +1018,7 @@ function Export-TargetResource if ($null -ne $Results.AccessReviewSettings) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AccessReviewSettings' - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Reviewers' + #$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Reviewers' } if ($null -ne $Results.Questions ) { diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 53c6531a34..318f1becae 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -134,21 +134,21 @@ function Get-M365DSCDRGComplexTypeToHashtable return , [hashtable[]]$results } + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} $ComplexObject = [hashtable]::new($ComplexObject) $keys = $ComplexObject.Keys + foreach ($key in $keys) { if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType = $ComplexObject.$key.gettype().fullname - - if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like 'Microsoft.Graph.Beta.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -185,7 +185,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.*PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName From c9d1f4cbdafcac992c4668b49cc0fa4bfb679b14 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Wed, 25 Oct 2023 21:48:30 +0100 Subject: [PATCH 2/2] add changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0943e19ce1..9d374d6822 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ # UNRELEASED +* AADEntitlementManagementAccessPackageAssignmentPolicy + * Fixes an issue where reviewers were not properly exported +* M365DSCDRGUTIL + * Fixes an issue with Get-M365DSCDRGComplexTypeToHashtable where Beta cmdlet were not recognized for recursive calls + FIXES [#3448](https://github.com/microsoft/Microsoft365DSC/issues/3448) * AADAttributeSet * Initial Release. * AADAuthenticationContext