EXORoleAssignmentPolicy: Cannot set Description at the same time as Roles changes

[remyloy]

Details of the scenario you tried and the problem that is occurring

When trying to change set both the Description and some Roles on a RoleAssignmentPolicy, only the Roles are changed, but not the Description.

Verbose logs showing the problem

Using the repro from below this is the verbose log output

AUSFÜHRLICH: Setting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Getting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Found Role Assignment Policy Default Role Assignment Policy
AUSFÜHRLICH: Role Assignment Policy 'Default Role Assignment Policy' already exists, but needs updating.
AUSFÜHRLICH: Setting Role Assignment Policy Default Role Assignment Policy with values: Confirm=False; Description=Initial Desc; Identity=Default Role Assignment Policy; IsDefault=True;
Name=Default Role Assignment Policy; Roles=(MyRetentionPolicies,MyMailboxDelegation,MyBaseOptions)
AUSFÜHRLICH: Setting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Getting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Found Role Assignment Policy Default Role Assignment Policy
AUSFÜHRLICH: Role Assignment Policy 'Default Role Assignment Policy' already exists, but needs updating.
AUSFÜHRLICH: Setting Role Assignment Policy Default Role Assignment Policy with values: Confirm=False; Description=Initial Desc; Identity=Default Role Assignment Policy; IsDefault=True;
Name=Default Role Assignment Policy; Roles=(MyRetentionPolicies,MyMailboxDelegation,MyBaseOptions)
WARNUNG: Der Befehl wurde erfolgreich abgeschlossen, es wurden jedoch keine Einstellungen von 'Default Role Assignment Policy' geändert.
AUSFÜHRLICH: Testing Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Getting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Found Role Assignment Policy Default Role Assignment Policy
AUSFÜHRLICH: Current Values: ApplicationId=; CertificatePassword=$null; CertificatePath=; CertificateThumbprint=AFCC2BED0FF590DD012992EFD707642BB33120D3; Credential=$null;
Description=Initial Desc; Ensure=Present; IsDefault=True; Managedidentity=False; Name=Default Role Assignment Policy; Roles=MyBaseOptions MyMailboxDelegation MyRetentionPolicies;
TenantId=***
AUSFÜHRLICH: Target Values: ApplicationId=; CertificateThumbprint=AFCC2BED0FF590DD012992EFD707642BB33120D3; Description=Initial Desc; IsDefault=True; Name=Default Role Assignment
Policy; Roles=(MyRetentionPolicies,MyMailboxDelegation,MyBaseOptions); TenantId=; Verbose=True
AUSFÜHRLICH: Test-TargetResource returned True
True
AUSFÜHRLICH: Setting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Getting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Found Role Assignment Policy Default Role Assignment Policy
AUSFÜHRLICH: Role Assignment Policy 'Default Role Assignment Policy' already exists, but roles attribute needs updating.
AUSFÜHRLICH: Removing Role {MyRetentionPolicies} from Role Assignment Policy {Default Role Assignment Policy}

Bestätigung
Möchten Sie diese Aktion wirklich ausführen?
Entfernen der Identität: "MyRetentionPolicies-Default Role Assignment Policy" Management-Rollen Zuweisungs Objekt. Die folgenden Eigenschaften wurden konfiguriert: Verwaltungs Rolle
"MyRetentionPolicies", Rollen Beauftragter "Default Role Assignment Policy", Delegierungs Typ "Regular", Empfänger Schreib Bereich "Self" und konfigurieren den Schreib Bereich
"OrganizationConfig".
[J] Ja [A] Ja, alle [N] Nein [K] Nein, keine [H] Anhalten [?] Hilfe (Standard ist "J"): a
AUSFÜHRLICH: Testing Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Getting Role Assignment Policy configuration for Default Role Assignment Policy
AUSFÜHRLICH: Found Role Assignment Policy Default Role Assignment Policy
AUSFÜHRLICH: Current Values: ApplicationId=; CertificatePassword=$null; CertificatePath=; CertificateThumbprint=AFCC2BED0FF590DD012992EFD707642BB33120D3; Credential=$null;
Description=Initial Desc; Ensure=Present; IsDefault=True; Managedidentity=False; Name=Default Role Assignment Policy; Roles=MyBaseOptions MyMailboxDelegation; TenantId=***
AUSFÜHRLICH: Target Values: ApplicationId=; CertificateThumbprint=AFCC2BED0FF590DD012992EFD707642BB33120D3; Description=Changed Desc; IsDefault=True; Name=Default Role Assignment
Policy; Roles=(MyMailboxDelegation,MyBaseOptions); TenantId=; Verbose=True
AUSFÜHRLICH: Test-TargetResource returned False
False

Suggested solution to the issue

The resource should set both attributes to their desired state.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

$Creds = @{
    'ApplicationId'         = ''
    'TenantId'              = ''
    'CertificateThumbprint' = ''
}
$Params = @{
    'Name'                  = 'Default Role Assignment Policy'
    'Description'           = 'Initial Desc'
    'IsDefault'             = $true
    'Roles'                 = @('MyRetentionPolicies', 'MyMailboxDelegation', 'MyBaseOptions')
}
# Reset roles and description to known state, this requires Set-TargetResource twice
MSFT_EXORoleAssignmentPolicy\Set-TargetResource @Creds @Params -Verbose
MSFT_EXORoleAssignmentPolicy\Set-TargetResource @Creds @Params -Verbose
# Test returns true
MSFT_EXORoleAssignmentPolicy\Test-TargetResource @Creds @Params -Verbose

$Params = @{
    'Name'                  = 'Default Role Assignment Policy'
    'Description'           = 'Changed Desc'
    'IsDefault'             = $true
    'Roles'                 = @('MyMailboxDelegation', 'MyBaseOptions')
}

# Change Description and Roles in one go
MSFT_EXORoleAssignmentPolicy\Set-TargetResource @Creds @Params -Verbose
# Test returns false as Description is not in desired state
MSFT_EXORoleAssignmentPolicy\Test-TargetResource @Creds @Params -Verbose

The operating system the target node is running

OsName : Microsoft Windows 11 Pro N
OsOperatingSystemSKU : 49
OsArchitecture : 64-Bit
WindowsVersion : 2009
WindowsBuildLabEx : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage : de-DE
OsMuiLanguages : {de-DE, en-US}

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.301.1

[remyloy]

Thanks for the fix. I've re-tested it using version 1.23.315.1 and the repro I've provided earlier.
It fails for me with an error about a boolean positional argument.
I've taken a peek at the source and I think there is a colon missing after the -IsDefault parameter in the call to Set-RoleAssignmentPolicy, which is causing this error message, as -IsDefault is a switch.

[malauter]

@remyloy Thanks for the feedback! I just created another PR to fix this.