Fix missing odata type for externalTenants configuration

Without setting the correct @odata.type for both possible values all and enumerated, a patch will fail when first enumerating and setting members and then changing to type all because the stored object is of the wrong type. References manicminer#262
agileknight · Oct 26, 2023 · 6151a76 · 6151a76
1 parent 4c2c0a5
commit 6151a76
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 1 deletion.
diff --git a/msgraph/conditionalaccesspolicy_test.go b/msgraph/conditionalaccesspolicy_test.go
@@ -1,6 +1,7 @@
 package msgraph_test
 
 import (
+	"encoding/json"
 	"fmt"
 	"testing"
 
@@ -198,3 +199,78 @@ func testUser_Delete(t *testing.T, c *test.Test, user *msgraph.User) {
 		t.Fatalf("UsersClient.Delete() - Could not delete test user: %v", err)
 	}
 }
+
+func assertJsonMarshalEquals(t *testing.T, value interface{}, expected string) {
+	bytes, err := json.MarshalIndent(value, "", "  ")
+	if err != nil {
+		t.Fatalf("Marshalling failed with error %s", err)
+	}
+	actual := string(bytes)
+	if actual != expected {
+		t.Errorf("Expected marshalled json to equal %s but was %s", expected, actual)
+	}
+}
+
+func TestConditionalAccessPolicy_MarshalConditionsUsersGuestsOrExternalUsersNull(t *testing.T) {
+	usersCondition := &msgraph.ConditionalAccessUsers{}
+	expected := `{
+  "includeGuestsOrExternalUsers": null,
+  "excludeGuestsOrExternalUsers": null
+}`
+	assertJsonMarshalEquals(t, usersCondition, expected)
+}
+
+func TestConditionalAccessPolicy_MarshalConditionsUsersGuestsOrExternalUsersAll(t *testing.T) {
+	usersCondition := &msgraph.ConditionalAccessUsers{
+		IncludeGuestsOrExternalUsers: &msgraph.ConditionalAccessGuestsOrExternalUsers{
+			GuestOrExternalUserTypes: &[]string{
+				msgraph.ConditionalAccessGuestOrExternalUserTypeInternalGuest,
+				msgraph.ConditionalAccessGuestOrExternalUserTypeServiceProvider,
+			},
+			ExternalTenants: &msgraph.ConditionalAccessExternalTenants{
+				MembershipKind: utils.StringPtr(msgraph.ConditionalAccessExternalTenantsMembershipKindAll),
+			},
+		},
+	}
+	expected := `{
+  "includeGuestsOrExternalUsers": {
+    "guestOrExternalUserTypes": "internalGuest,serviceProvider",
+    "externalTenants": {
+      "@odata.type": "#microsoft.graph.conditionalAccessAllExternalTenants",
+      "membershipKind": "all"
+    }
+  },
+  "excludeGuestsOrExternalUsers": null
+}`
+	assertJsonMarshalEquals(t, usersCondition, expected)
+}
+
+func TestConditionalAccessPolicy_MarshalConditionsUsersGuestsOrExternalUsersEnumerated(t *testing.T) {
+	usersCondition := &msgraph.ConditionalAccessUsers{
+		IncludeGuestsOrExternalUsers: &msgraph.ConditionalAccessGuestsOrExternalUsers{
+			GuestOrExternalUserTypes: &[]string{
+				msgraph.ConditionalAccessGuestOrExternalUserTypeInternalGuest,
+				msgraph.ConditionalAccessGuestOrExternalUserTypeServiceProvider,
+			},
+			ExternalTenants: &msgraph.ConditionalAccessExternalTenants{
+				MembershipKind: utils.StringPtr(msgraph.ConditionalAccessExternalTenantsMembershipKindEnumerated),
+				Members:        &[]string{"object-id-a", "object-id-b"},
+			},
+		},
+	}
+	expected := `{
+  "includeGuestsOrExternalUsers": {
+    "guestOrExternalUserTypes": "internalGuest,serviceProvider",
+    "externalTenants": {
+      "@odata.type": "#microsoft.graph.conditionalAccessEnumeratedExternalTenants",
+      "membershipKind": "enumerated",
+      "members": [
+        "object-id-a",
+        "object-id-b"
+      ]
+    }
+  },
+  "excludeGuestsOrExternalUsers": null
+}`
+	assertJsonMarshalEquals(t, usersCondition, expected)
+}
diff --git a/msgraph/models.go b/msgraph/models.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/hashicorp/go-azure-sdk/sdk/odata"
 	"github.com/manicminer/hamilton/errors"
+	"github.com/manicminer/hamilton/internal/utils"
 )
 
 type AccessPackage struct {
@@ -709,9 +710,9 @@ type ConditionalAccessGuestsOrExternalUsers struct {
 }
 
 type ConditionalAccessExternalTenants struct {
+	ODataType      *odata.Type                                     `json:"@odata.type,omitempty"`
 	MembershipKind *ConditionalAccessExternalTenantsMembershipKind `json:"membershipKind,omitempty"`
 	Members        *[]string                                       `json:"members,omitempty"`
-
 }
 
 func (c ConditionalAccessGuestsOrExternalUsers) MarshalJSON() ([]byte, error) {
@@ -730,6 +731,28 @@ func (c ConditionalAccessGuestsOrExternalUsers) MarshalJSON() ([]byte, error) {
 		GuestOrExternalUserTypes:               val,
 		conditionalAccessGuestsOrExternalUsers: (*conditionalAccessGuestsOrExternalUsers)(&c),
 	}
+
+	const externalTenantsTypeAll = "#microsoft.graph.conditionalAccessAllExternalTenants"
+	const externalTenantsTypeEnumerated = "#microsoft.graph.conditionalAccessEnumeratedExternalTenants"
+	setExternalTenantsObjectType := func(c *conditionalAccessGuestsOrExternalUsers) {
+		if c == nil {
+			return
+		}
+		if c.ExternalTenants == nil {
+			return
+		}
+		if c.ExternalTenants.MembershipKind == nil {
+			return
+		}
+		switch *c.ExternalTenants.MembershipKind {
+		case ConditionalAccessExternalTenantsMembershipKindAll:
+			c.ExternalTenants.ODataType = utils.StringPtr(externalTenantsTypeAll)
+		case ConditionalAccessExternalTenantsMembershipKindEnumerated:
+			c.ExternalTenants.ODataType = utils.StringPtr(externalTenantsTypeEnumerated)
+		}
+	}
+	setExternalTenantsObjectType(guestOrExternalUsers.conditionalAccessGuestsOrExternalUsers)
+
 	buf, err := json.Marshal(&guestOrExternalUsers)
 	return buf, err
 }