diff --git a/CHANGELOG.md b/CHANGELOG.md index 99eb9d728d..fc43269dc1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ * AADApplication * Fixed an issue trying to retrieve the beta instance. * Added support for OnPremisesPublishing. +* AADAuthenticationRequirement + * Initial release. +* AADConnectorGroupApplicationProxy + * Initial release. * AADDeviceRegistrationPolicy * Initial release. * AADEntitlementManagementSettings @@ -46,8 +50,6 @@ * Added ReportSuspiciousActivitySettings * AADAuthenticationMethodPolicyHardware * Initial release. -* AADAuthenticationRequirement - * Initial release. * AADEntitlementManagementSettings * Initial release. * AADFeatureRolloutPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.psm1 new file mode 100644 index 0000000000..d77e4aa571 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.psm1 @@ -0,0 +1,475 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [ValidateSet('nam','eur','aus','asia','ind','unknownFutureValue')] + [System.String] + $Region, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $getValue = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + else + { + $getValue = Get-MgBetaOnPremisePublishingProfileConnectorGroup -ConnectorGroupId $Id -OnPremisesPublishingProfileId 'applicationProxy' -ErrorAction SilentlyContinue + } + } + + if ($null -eq $getValue -and -not [string]::IsNullOrEmpty($Id)) + { + Write-Verbose -Message "Could not find an Azure AD Connector Group Application Proxy with Name {$Name}" + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $getValue = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + } + else + { + $getValue = Get-MgBetaOnPremisePublishingProfileConnectorGroup -OnPremisesPublishingProfileId 'applicationProxy' -Filter "Name eq '$Name'" -ErrorAction Stop + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Connector Group Application Proxy with Name {$Name}" + return $nullResult + } + + $Id = $getValue.Id + Write-Verbose -Message "An Azure AD Connector Group Application Proxy with Id {$Id} and Name {$Name} was found" + + $enumRegion = $null + if ($null -ne $getValue.Region) + { + $enumRegion = $getValue.Region.ToString() + } + #endregion + + $results = @{ + #region resource generator code + Name = $getValue.Name + Region = $enumRegion + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + #endregion + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [ValidateSet('nam','eur','aus','asia','ind','unknownFutureValue')] + [System.String] + $Region, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $OnPremisesPublishingProfileId = "applicationProxy" + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Azure AD Connector Group Application Proxy with Name {$DisplayName}" + + $createParameters = ([Hashtable]$BoundParameters).Clone() + $createParameters = Rename-M365DSCCimInstanceParameter -Properties $createParameters + $createParameters.Remove('Id') | Out-Null + + #region resource generator code + $policy = New-MgBetaOnPremisePublishingProfileConnectorGroup ` + -OnPremisesPublishingProfileId $OnPremisesPublishingProfileId ` + -BodyParameter $createParameters + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Azure AD Connector Group Application Proxy with Id {$($currentInstance.Id)}" + + $updateParameters = ([Hashtable]$BoundParameters).Clone() + $updateParameters.Remove('Id') | Out-Null + + Update-MgBetaOnPremisePublishingProfileConnectorGroup ` + -ConnectorGroupId $currentInstance.Id ` + -OnPremisesPublishingProfileId $OnPremisesPublishingProfileId ` + -BodyParameter $UpdateParameters + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Azure AD Connector Group Application Proxy with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaOnPremisePublishingProfileConnectorGroup ` + -ConnectorGroupId $currentInstance.Id ` + -OnPremisesPublishingProfileId $OnPremisesPublishingProfileId + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [ValidateSet('nam','eur','aus','asia','ind','unknownFutureValue')] + [System.String] + $Region, + + [Parameter()] + [System.String] + $Id, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Azure AD Connector Group Application Proxy with Id {$Id} and Name {$Name}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaOnPremisePublishingProfileConnectorGroup -OnPremisesPublishingProfileId 'applicationProxy' -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [string]::IsNullOrEmpty($config.name)) + { + $displayedKey = $config.name + } + + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + Name = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.schema.mof new file mode 100644 index 0000000000..f38974f6d8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.schema.mof @@ -0,0 +1,16 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("AADConnectorGroupApplicationProxy")] +class MSFT_AADConnectorGroupApplicationProxy : OMI_BaseResource +{ + [Key, Description("The name associated with the connectorGroup.")] String Name; + [Write, Description("The region the connectorGroup is assigned to and will optimize traffic for. This region can only be set if no connectors or applications are assigned to the connectorGroup. The possible values are: nam (for North America), eur (for Europe), aus (for Australia), asia (for Asia), ind (for India), and unknownFutureValue."), ValueMap{"nam","eur","aus","asia","ind","unknownFutureValue"}, Values{"nam","eur","aus","asia","ind","unknownFutureValue"}] String Region; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/readme.md new file mode 100644 index 0000000000..8067eb666a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/readme.md @@ -0,0 +1,6 @@ + +# AADConnectorGroupApplicationProxy + +## Description + +Azure AD Connector Group Application Proxy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/settings.json new file mode 100644 index 0000000000..8394b8c68b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "AADConnectorGroupApplicationProxy", + "description": "This resource configures an Azure AD Connector Group Application Proxy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Directory.ReadWrite.All" + } + ], + "update": [ + { + "name": "Directory.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Directory.ReadWrite.All" + } + ], + "update": [ + { + "name": "Directory.ReadWrite.All" + } + ] + } + } + } +} + diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/1-Create.ps1 new file mode 100644 index 0000000000..2f3be28fb9 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADConnectorGroupApplicationProxy "AADConnectorGroupApplicationProxy-testgroup" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Present"; + Id = "4984dcf7-d9e9-4663-90b4-5db09f92a669"; + Name = "testgroup"; + Region = "nam"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/2-Update.ps1 new file mode 100644 index 0000000000..fd34be2c06 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/2-Update.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADConnectorGroupApplicationProxy "AADConnectorGroupApplicationProxy-testgroup" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Present"; + Id = "4984dcf7-d9e9-4663-90b4-5db09f92a669"; + Name = "testgroup-new"; + Region = "nam"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/3-Remove.ps1 new file mode 100644 index 0000000000..79c6eefb37 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConnectorGroupApplicationProxy/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADConnectorGroupApplicationProxy "AADConnectorGroupApplicationProxy-testgroup" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Absent"; + Id = "4984dcf7-d9e9-4663-90b4-5db09f92a669"; + } + } +} diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 1fa6103618..7d261a4265 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -264,6 +264,166 @@ } ] }, + { + "ClassName": "MSFT_AADApplicationOnPremisesPublishingSegmentCORS", + "Parameters": [ + { + "CIMType": "String[]", + "Name": "allowedHeaders", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "maxAgeInSeconds", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "resource", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "allowedMethods", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "allowedOrigins", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADApplicationOnPremisesPublishingSegment", + "Parameters": [ + { + "CIMType": "String", + "Name": "alternateUrl", + "Option": "Write" + }, + { + "CIMType": "MSFT_AADApplicationOnPremisesPublishingSegmentCORS[]", + "Name": "corsConfigurations", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "externalUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "internalUrl", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos", + "Parameters": [ + { + "CIMType": "String", + "Name": "kerberosServicePrincipalName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "kerberosSignOnMappingAttributeType", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting", + "Parameters": [ + { + "CIMType": "String", + "Name": "singleSignOnMode", + "Option": "Write" + }, + { + "CIMType": "MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos", + "Name": "kerberosSignOnSettings", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADApplicationOnPremisesPublishing", + "Parameters": [ + { + "CIMType": "String", + "Name": "alternateUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "applicationServerTimeout", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "externalAuthenticationType", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "externalUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "internalUrl", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isBackendCertificateValidationEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isHttpOnlyCookieEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isPersistentCookieEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isSecureCookieEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isStateSessionEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isTranslateHostHeaderEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isTranslateLinksInBodyEnabled", + "Option": "Write" + }, + { + "CIMType": "MSFT_AADApplicationOnPremisesPublishingSegment[]", + "Name": "onPremisesApplicationSegments", + "Option": "Write" + }, + { + "CIMType": "MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting", + "Name": "singleSignOnSettings", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_AADApplicationPermission", "Parameters": [ @@ -592,6 +752,11 @@ "Name": "Owners", "Option": "Write" }, + { + "CIMType": "MSFT_AADApplicationOnPremisesPublishing", + "Name": "OnPremisesPublishing", + "Option": "Write" + }, { "CIMType": "String", "Name": "Ensure", @@ -2629,6 +2794,66 @@ } ] }, + { + "ClassName": "MSFT_AADConnectorGroupApplicationProxy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Region", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_AADCrossTenantAccessPolicy", "Parameters": [ diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index d45e6582da..c51f4401d2 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -149,6 +149,16 @@ SignInFrequencyValue = 1; State = "disabled"; } + AADConnectorGroupApplicationProxy 'AADConnectorGroupApplicationProxy-testgroup' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Present"; + Id = "4984dcf7-d9e9-4663-90b4-5db09f92a669"; + Name = "testgroup"; + Region = "nam"; + } AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner' { PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 index e4054cdd9c..50df775325 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -149,6 +149,14 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + AADConnectorGroupApplicationProxy 'AADConnectorGroupApplicationProxy-testgroup' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Absent"; + Id = "4984dcf7-d9e9-4663-90b4-5db09f92a669"; + } AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner' { ApplicationId = $ApplicationId diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index e017945966..f71bf7eb31 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -496,6 +496,16 @@ SignInFrequencyValue = 2; # Updated Porperty State = "disabled"; } + AADConnectorGroupApplicationProxy 'AADConnectorGroupApplicationProxy-testgroup' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Present"; + Id = "4984dcf7-d9e9-4663-90b4-5db09f92a669"; + Name = "testgroup-new"; + Region = "nam"; + } AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy' { AllowedCloudEndpoints = @("microsoftonline.us"); diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConnectorGroupApplicationProxy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConnectorGroupApplicationProxy.Tests.ps1 new file mode 100644 index 0000000000..8b3034c05e --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConnectorGroupApplicationProxy.Tests.ps1 @@ -0,0 +1,198 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "AADConnectorGroupApplicationProxy" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + } + + Mock -CommandName New-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + } + + Mock -CommandName Remove-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The AADConnectorGroupApplicationProxy should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Id = "FakeStringValue" + Name = "FakeStringValue" + Region = "nam" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaOnPremisePublishingProfileConnectorGroup -Exactly 1 + } + } + + Context -Name "The AADConnectorGroupApplicationProxy exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Id = "FakeStringValue" + Name = "FakeStringValue" + Region = "nam" + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + return @{ + Id = "FakeStringValue" + Name = "FakeStringValue" + Region = "nam" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaOnPremisePublishingProfileConnectorGroup -Exactly 1 + } + } + Context -Name "The AADConnectorGroupApplicationProxy Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Id = "FakeStringValue" + Name = "FakeStringValue" + Region = "nam" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + return @{ + Id = "FakeStringValue" + Name = "FakeStringValue" + Region = "nam" + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The AADConnectorGroupApplicationProxy exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Id = "FakeStringValue" + Name = "FakeStringValue" + Region = "nam" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + return @{ + Id = "FakeStringValue" + Name = "NewFakeStringValue" + Region = "nam" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaOnPremisePublishingProfileConnectorGroup -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaOnPremisePublishingProfileConnectorGroup -MockWith { + return @{ + Id = "FakeStringValue" + Name = "FakeStringValue" + Region = "nam" + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 85c62a8cbb..90905c17b8 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -95182,3 +95182,334 @@ function Update-MgBetaExternalConnection ) } #endregion +#region MgBetaOnPremisePublishingProfileConnectorGroup +function Get-MgBetaOnPremisePublishingProfileConnectorGroup +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ConnectorGroupId, + + [Parameter()] + [System.String] + $OnPremisesPublishingProfileId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgBetaOnPremisePublishingProfileConnectorGroup +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $OnPremisesPublishingProfileId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Applications, + + [Parameter()] + [System.String] + $ConnectorGroupType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsDefault, + + [Parameter()] + [PSObject[]] + $Members, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Region, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgBetaOnPremisePublishingProfileConnectorGroup +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ConnectorGroupId, + + [Parameter()] + [System.String] + $OnPremisesPublishingProfileId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgBetaOnPremisePublishingProfileConnectorGroup +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ConnectorGroupId, + + [Parameter()] + [System.String] + $OnPremisesPublishingProfileId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Applications, + + [Parameter()] + [System.String] + $ConnectorGroupType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsDefault, + + [Parameter()] + [PSObject[]] + $Members, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Region, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion +