More changes

microsoft · Oct 22, 2024 · bd1e516 · bd1e516
1 parent 838ad8a
commit bd1e516
Show file tree

Hide file tree

Showing 5 changed files with 130 additions and 40 deletions.
diff --git a/...tificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 b/...tificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1
@@ -92,7 +92,7 @@ function Get-TargetResource
         foreach ($currentCertificateAuthorities in $getValue.certificateAuthorities)
         {
             $myCertificateAuthorities = @{}
-            $myCertificateAuthorities.Add('Certificate', [convert]::ToBase64String($currentCertificateAuthorities.certificate))
+            $myCertificateAuthorities.Add('Certificate', [System.Convert]::ToBase64String($currentCertificateAuthorities.certificate))
             $myCertificateAuthorities.Add('CertificateRevocationListUrl', $currentCertificateAuthorities.certificateRevocationListUrl)
             $myCertificateAuthorities.Add('DeltaCertificateRevocationListUrl', $currentCertificateAuthorities.deltaCertificateRevocationListUrl)
             $myCertificateAuthorities.Add('IsRootAuthority', $currentCertificateAuthorities.isRootAuthority)
@@ -201,30 +201,31 @@ function Set-TargetResource
 
     # Delete the old configuration
     Write-Verbose -Message "Removing the current Azure AD Organization Certificate Based Auth Configuration."
-
-    Remove-MgBetaOrganizationCertificateBasedAuthConfiguration  `
-        -CertificateBasedAuthConfigurationId $CertificateBasedAuthConfigurationId `
-        -OrganizationId $OrganizationId
+    Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId" -Method DELETE
 
     if ($Ensure -eq 'Present')
     {
         Write-Verbose -Message "Creating an Azure AD Organization Certificate Based Auth Configuration with Id {$CertificateBasedAuthConfigurationId}"
 
         $createParameters = ([Hashtable]$BoundParameters).Clone()
         $createParameters = Rename-M365DSCCimInstanceParameter -Properties $createParameters
-        $createParameters.Remove('Id') | Out-Null
+        $createParameters.Remove('OrganizationId') | Out-Null
 
-        $keys = (([Hashtable]$createParameters).Clone()).Keys
-        foreach ($key in $keys)
+        $createCertAuthorities = @()
+        foreach ($CertificateAuthority in $CertificateAuthorities)
         {
-            if ($null -ne $createParameters.$key -and $createParameters.$key.GetType().Name -like '*CimInstance*')
-            {
-                $createParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $createParameters.$key
+            $createCertAuthorities += @{
+                certificate = $CertificateAuthority.Certificate
+                certificateRevocationListUrl = $CertificateAuthority.CertificateRevocationListUrl
+                deltaCertificateRevocationListUrl = $CertificateAuthority.DeltaCertificateRevocationListUrl
+                isRootAuthority = $CertificateAuthority.IsRootAuthority
             }
         }
+        $params = @{
+            certificateAuthorities = $createCertAuthorities
+        }
 
-        $policy = New-MgBetaOrganizationCertificateBasedAuthConfiguration -OrganizationId $OrganizationId -BodyParameter $createParameters
-        Write-Host "Policy: $policy"
+        $policy = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/organization/$OrganizationId/certificateBasedAuthConfiguration/" -Method POST -Body $params
     }
 }
 

diff --git a/...teBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.schema.mof b/...teBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.schema.mof
@@ -11,7 +11,7 @@ class MSFT_MicrosoftGraphCertificateAuthority
 class MSFT_AADOrganizationCertificateBasedAuthConfiguration : OMI_BaseResource
 {
     [Write, Description("Collection of certificate authorities which creates a trusted certificate chain."), EmbeddedInstance("MSFT_MicrosoftGraphcertificateAuthority")] String CertificateAuthorities[];
-    [Write, Description("The Organization ID. Read-only.")] String OrganizationId;
+    [Key, Description("The Organization ID. Read-only.")] String OrganizationId;
     [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
     [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

diff --git a/...ft365DSC/Examples/Resources/AADOrganizationCertificateBasedAuthConfiguration/1-Create.ps1 b/...ft365DSC/Examples/Resources/AADOrganizationCertificateBasedAuthConfiguration/1-Create.ps1
@@ -0,0 +1,47 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        AADOrganizationCertificateBasedAuthConfiguration "AADOrganizationCertificateBasedAuthConfiguration-58b6e58e-10d1-4b8c-845d-d6aefaaecba2"
+        {
+            ApplicationId             = $ApplicationId
+            TenantId                  = $TenantId
+            CertificateThumbprint     = $CertificateThumbprint
+            CertificateAuthorities = @(
+                MSFT_MicrosoftGraphcertificateAuthority{
+                    IsRootAuthority = $True
+					DeltaCertificateRevocationListUrl = 'pqr.com'
+                    Certificate = '<Base64 encoded cert>'
+                }
+                MSFT_MicrosoftGraphcertificateAuthority{
+                    IsRootAuthority = $True
+                    CertificateRevocationListUrl = 'xyz.com'
+                    DeltaCertificateRevocationListUrl = 'pqr.com'
+                    Certificate = '<Base64 encoded cert>'
+                }
+            );
+            Ensure                 = "Present";
+            OrganizationId         = "e91d4e0e-d5a5-4e3a-be14-2192592a59af";
+        }
+    }
+}
diff --git a/...ft365DSC/Examples/Resources/AADOrganizationCertificateBasedAuthConfiguration/3-Remove.ps1 b/...ft365DSC/Examples/Resources/AADOrganizationCertificateBasedAuthConfiguration/3-Remove.ps1
@@ -0,0 +1,34 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        AADOrganizationCertificateBasedAuthConfiguration "AADOrganizationCertificateBasedAuthConfiguration-58b6e58e-10d1-4b8c-845d-d6aefaaecba2"
+        {
+            ApplicationId             = $ApplicationId
+            TenantId                  = $TenantId
+            CertificateThumbprint     = $CertificateThumbprint
+            Ensure                 = "Absent";
+            OrganizationId         = "e91d4e0e-d5a5-4e3a-be14-2192592a59af";
+        }
+    }
+}
diff --git a/...icrosoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 b/...icrosoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1
@@ -33,13 +33,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Remove-PSSession -MockWith {
             }
 
-            Mock -CommandName Set-MgBetaOrganizationCertificateBasedAuthConfiguration -MockWith {
-            }
-
-            Mock -CommandName New-MgBetaOrganizationCertificateBasedAuthConfiguration -MockWith {
-            }
-
-            Mock -CommandName Remove-MgBetaOrganizationCertificateBasedAuthConfiguration -MockWith {
+            Mock -CommandName Invoke-MgGraphRequest -MockWith {
+                return $null
             }
 
             Mock -CommandName New-M365DSCConnection -MockWith {
@@ -58,14 +53,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 $testParams = @{
                     CertificateAuthorities = [CimInstance[]]@(
                         (New-CimInstance -ClassName MSFT_MicrosoftGraphcertificateAuthority -Property @{
-                            IssuerSki = "FakeStringValue"
                             DeltaCertificateRevocationListUrl = "FakeStringValue"
                             IsRootAuthority = $True
                             CertificateRevocationListUrl = "FakeStringValue"
-                            Issuer = "FakeStringValue"
+                            Certificate = "VGVzdA==" # "Test"
                         } -ClientOnly)
                     )
-                    Id = "FakeStringValue"
+                    OrganizationId = "FakeStringValue"
                     Ensure = "Present"
                     Credential = $Credential;
                 }
@@ -82,7 +76,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             }
             It 'Should Create the group from the Set method' {
                 Set-TargetResource @testParams
-                Should -Invoke -CommandName New-MgBetaOrganizationCertificateBasedAuthConfiguration -Exactly 1
+                Should -Invoke -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'POST' } -Exactly 1
             }
         }
 
@@ -91,15 +85,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 $testParams = @{
                     CertificateAuthorities = [CimInstance[]]@(
                         (New-CimInstance -ClassName MSFT_MicrosoftGraphcertificateAuthority -Property @{
-                            IssuerSki = "FakeStringValue"
                             DeltaCertificateRevocationListUrl = "FakeStringValue"
                             IsRootAuthority = $True
                             CertificateRevocationListUrl = "FakeStringValue"
-                            Issuer = "FakeStringValue"
+                            Certificate = "VGVzdA==" # "Test"
                         } -ClientOnly)
                     )
-                    Id = "FakeStringValue"
-                    Ensure = 'Absent'
+                    OrganizationId = "FakeStringValue"
+                    Ensure = "Absent"
                     Credential = $Credential;
                 }
 
@@ -115,6 +108,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 IsRootAuthority = $True
                                 CertificateRevocationListUrl = "FakeStringValue"
                                 Issuer = "FakeStringValue"
+                                Certificate = [byte[]] @(84, 101, 115, 116) # "Test"
                             }
                         )
                         Id = "FakeStringValue"
@@ -133,22 +127,21 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
             It 'Should Remove the group from the Set method' {
                 Set-TargetResource @testParams
-                Should -Invoke -CommandName Remove-MgBetaOrganizationCertificateBasedAuthConfiguration -Exactly 1
+                Should -Invoke -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'DELETE' } -Exactly 1
             }
         }
         Context -Name "The AADOrganizationCertificateBasedAuthConfiguration Exists and Values are already in the desired state" -Fixture {
             BeforeAll {
                 $testParams = @{
                     CertificateAuthorities = [CimInstance[]]@(
                         (New-CimInstance -ClassName MSFT_MicrosoftGraphcertificateAuthority -Property @{
-                            IssuerSki = "FakeStringValue"
                             DeltaCertificateRevocationListUrl = "FakeStringValue"
                             IsRootAuthority = $True
                             CertificateRevocationListUrl = "FakeStringValue"
-                            Issuer = "FakeStringValue"
+                            Certificate = "VGVzdA==" # "Test"
                         } -ClientOnly)
                     )
-                    Id = "FakeStringValue"
+                    OrganizationId = "FakeStringValue"
                     Ensure = 'Present'
                     Credential = $Credential;
                 }
@@ -165,6 +158,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 IsRootAuthority = $True
                                 CertificateRevocationListUrl = "FakeStringValue"
                                 Issuer = "FakeStringValue"
+                                Certificate = [byte[]] @(84, 101, 115, 116) # "Test"
                             }
                         )
                         Id = "FakeStringValue"
@@ -184,29 +178,34 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 $testParams = @{
                     CertificateAuthorities = [CimInstance[]]@(
                         (New-CimInstance -ClassName MSFT_MicrosoftGraphcertificateAuthority -Property @{
-                            IssuerSki = "FakeStringValue"
                             DeltaCertificateRevocationListUrl = "FakeStringValue"
                             IsRootAuthority = $True
                             CertificateRevocationListUrl = "FakeStringValue"
-                            Issuer = "FakeStringValue"
+                            Certificate = "VGVzdA==" # "Test"
                         } -ClientOnly)
                     )
-                    Id = "FakeStringValue"
+                    OrganizationId = "FakeStringValue"
                     Ensure = 'Present'
                     Credential = $Credential;
                 }
 
                 Mock -CommandName Get-MgBetaOrganizationCertificateBasedAuthConfiguration -MockWith {
                     return @{
+                        AdditionalProperties = @{
+                            '@odata.type' = "#microsoft.graph.CertificateBasedAuthConfiguration"
+                        }
                         CertificateAuthorities = @(
                             @{
                                 IssuerSki = "FakeStringValue"
-                                DeltaCertificateRevocationListUrl = "FakeStringValue"
+                                DeltaCertificateRevocationListUrl = "NewFakeStringValue"
+                                IsRootAuthority = $False
                                 CertificateRevocationListUrl = "FakeStringValue"
                                 Issuer = "FakeStringValue"
+                                Certificate = [byte[]] @(84, 101, 115, 116) # "Test"
                             }
                         )
                         Id = "FakeStringValue"
+
                     }
                 }
             }
@@ -221,7 +220,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
             It 'Should call the Set method' {
                 Set-TargetResource @testParams
-                Should -Invoke -CommandName Set-MgBetaOrganizationCertificateBasedAuthConfiguration -Exactly 1
+                Should -Invoke -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'DELETE' } -Exactly 1
+                Should -Invoke -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'POST' } -Exactly 1
             }
         }
 
@@ -241,16 +241,24 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                         CertificateAuthorities = @(
                             @{
                                 IssuerSki = "FakeStringValue"
-                                DeltaCertificateRevocationListUrl = "FakeStringValue"
-                                IsRootAuthority = $True
+                                DeltaCertificateRevocationListUrl = "NewFakeStringValue"
+                                IsRootAuthority = $False
                                 CertificateRevocationListUrl = "FakeStringValue"
                                 Issuer = "FakeStringValue"
+                                Certificate = [byte[]] @(84, 101, 115, 116) # "Test"
                             }
                         )
                         Id = "FakeStringValue"
 
                     }
                 }
+
+                Mock -CommandName Get-MgBetaOrganization -MockWith {
+                    return @{
+                        Id = "00000000-0000-0000-0000-000000000000"
+                        DisplayName = "Fakegroup"
+                    }
+                }
             }
             It 'Should Reverse Engineer resource from the Export method' {
                 $result = Export-TargetResource @testParams