From b17cbd90cf7be959644d448d89e5526989717443 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 4 Oct 2024 17:00:08 -0700 Subject: [PATCH 01/19] Draft Commit Intune_DSC_Win32App --- .../MSFT_IntuneMobileAppsWin32LobApp.psm1 | 408 ++++++++++++++++++ ...SFT_IntuneMobileAppsWin32LobApp.schema.mof | 15 + .../readme.md | 0 .../settings.json | 0 .../IntuneMobileAppsWin32LobApp/1-Create.ps1 | 29 ++ .../IntuneMobileAppsWin32LobApp/2-Update.ps1 | 29 ++ .../IntuneMobileAppsWin32LobApp/3-Remove.ps1 | 28 ++ ...65DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 | 189 ++++++++ 8 files changed, 698 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 new file mode 100644 index 0000000000..e5e0c6b7da --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 @@ -0,0 +1,408 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + try + { + $instance = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + + if ($null -eq $instance) + { + $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id -ErrorAction Stop + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileApp by Id {$Id}." + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $instance = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileApp by DisplayName {$DisplayName}." + return $nullResult + } + } + + $results = @{ + Id = $instance.Id + DisplayName = $instance.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.remove('Id') | Out-Null + $setParameters.remove('Ensure') | Out-Null + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + New-MgBetaDeviceAppManagementMobileApp @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileApp -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof new file mode 100644 index 0000000000..f0d45d3874 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneMobileAppsWin32LobApp")] +class MSFT_IntuneMobileAppsWin32LobApp : OMI_BaseResource +{ + [Key, Description("The name of the app.")] String DisplayName; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json new file mode 100644 index 0000000000..e69de29bb2 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 new file mode 100644 index 0000000000..3c39a8f5d3 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName + + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsWin32LobApp "IntuneMobileAppsWin32LobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 new file mode 100644 index 0000000000..232b82854e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName + + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsWin32LobApp "IntuneMobileAppsWin32LobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management updated"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 new file mode 100644 index 0000000000..07a910e21b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 @@ -0,0 +1,28 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsWin32LobApp "IntuneMobileAppsWin32LobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Absent"; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 new file mode 100644 index 0000000000..a3503a7a3d --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 @@ -0,0 +1,189 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName New-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName Update-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName Remove-MgBetaDeviceAppManagementMobileApp -MockWith { + } + + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + #Test contexts + + Context -Name '1. The instance should exist but it DOES NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return $null + } + } + + It '1.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It '1.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '1.3 Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '2. The instance exists but it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '2.1 Should return values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It '2.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '2.3 Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '3. The instance exists and values are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '3.0 Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name '4. The instance exists and values are NOT in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management 1" #drift + } + } + } + + It '4.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It '4.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It '4.3 Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '5. ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + } + } + } + + It '5.1 Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 6bc005bcf6bf30c55a3d7f269aa9915637d5ccd6 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 4 Oct 2024 17:44:37 -0700 Subject: [PATCH 02/19] Draft Intune DSC AndroidApp --- .../MSFT_IntuneAppCategory.schema.mof | 4 +- .../MSFT_IntuneMobileAppsAndroidLobApp.psm1 | 408 ++++++++++++++++++ .../readme.md | 0 .../settings.json | 0 .../1-Create.ps1 | 32 ++ .../2-Update.ps1 | 32 ++ .../3-Remove.ps1 | 32 ++ ...SC.IntuneMobileAppsAndroidLobApp.Tests.ps1 | 189 ++++++++ 8 files changed, 695 insertions(+), 2 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof index 676bc98242..57c7816e7f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("IntuneAppCategory")] -class MSFT_IntuneAppCategory : OMI_BaseResource +class MSFT_IntuneMobileAppsAndroidLobApp : OMI_BaseResource { - [Key, Description("The name of the app category.")] String DisplayName; + [Key, Description("The name of the app.")] String DisplayName; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 new file mode 100644 index 0000000000..e5e0c6b7da --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 @@ -0,0 +1,408 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + try + { + $instance = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + + if ($null -eq $instance) + { + $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id -ErrorAction Stop + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileApp by Id {$Id}." + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $instance = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileApp by DisplayName {$DisplayName}." + return $nullResult + } + } + + $results = @{ + Id = $instance.Id + DisplayName = $instance.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.remove('Id') | Out-Null + $setParameters.remove('Ensure') | Out-Null + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + New-MgBetaDeviceAppManagementMobileApp @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileApp -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json new file mode 100644 index 0000000000..e69de29bb2 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 new file mode 100644 index 0000000000..6d10550d7e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsAndroidLobApp "IntuneMobileAppsAndroidLobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 new file mode 100644 index 0000000000..a7d50d91bb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsAndroidLobApp "IntuneMobileAppsAndroidLobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management updated"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 new file mode 100644 index 0000000000..f9f09c6d16 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsAndroidLobApp "IntuneMobileAppsAndroidLobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Absent"; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 new file mode 100644 index 0000000000..a3503a7a3d --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 @@ -0,0 +1,189 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName New-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName Update-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName Remove-MgBetaDeviceAppManagementMobileApp -MockWith { + } + + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + #Test contexts + + Context -Name '1. The instance should exist but it DOES NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return $null + } + } + + It '1.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It '1.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '1.3 Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '2. The instance exists but it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '2.1 Should return values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It '2.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '2.3 Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '3. The instance exists and values are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '3.0 Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name '4. The instance exists and values are NOT in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management 1" #drift + } + } + } + + It '4.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It '4.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It '4.3 Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '5. ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + } + } + } + + It '5.1 Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From b90fb97d3c0c7f5da3c111badc65fad9deaa052c Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 4 Oct 2024 18:15:25 -0700 Subject: [PATCH 03/19] Draft Intune DSC Win32App --- .../readme.md | 5 +++ .../settings.json | 32 +++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md index e69de29bb2..4485083c7e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md @@ -0,0 +1,5 @@ +# IntuneMobileAppsWin32LobApp + +## Description + +Configures a resource for navigation property for Intune mobile app. Default app cannot be renamed. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json index e69de29bb2..3845518060 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "IntuneMobileAppsWin32LobApp", + "description": "Configures a resource for navigation property for Intune mobile app.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } + } + } +} From cf4d99fd1ae33e8dd6c9dd771f90d0035f60aca9 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 4 Oct 2024 18:56:27 -0700 Subject: [PATCH 04/19] Draft Intune DSC AndroidApp --- .../MSFT_IntuneAppCategory.schema.mof | 2 +- ...T_IntuneMobileAppsAndroidLobApp.schema.mof | 15 +++++++++ .../readme.md | 3 ++ .../settings.json | 32 +++++++++++++++++++ 4 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof index 57c7816e7f..c9d08b3067 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof @@ -1,5 +1,5 @@ [ClassVersion("1.0.0.0"), FriendlyName("IntuneAppCategory")] -class MSFT_IntuneMobileAppsAndroidLobApp : OMI_BaseResource +class MSFT_IntuneAppCategory : OMI_BaseResource { [Key, Description("The name of the app.")] String DisplayName; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof new file mode 100644 index 0000000000..f637f5d71b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneMobileAppsAndroidLobApp")] +class MSFT_IntuneMobileAppsAndroidLobApp : OMI_BaseResource +{ + [Key, Description("The name of the app.")] String DisplayName; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md index e69de29bb2..99fc165230 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md @@ -0,0 +1,3 @@ +# IntuneMobileAppsAndroidLobApp + +## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json index e69de29bb2..439af65889 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "IntuneMobileAppsAndroidLobApp", + "description": "This resource configures an Intune mobile app.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } + } + } +} From 59f0429f0172d780e5285d4b43a29fed3f4a30bb Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 4 Oct 2024 19:18:33 -0700 Subject: [PATCH 05/19] Draft Intune DSC IOSApps --- .../MSFT_IntuneMobileAppsIOSLobApp.psm1 | 408 ++++++++++++++++++ .../MSFT_IntuneMobileAppsIOSLobApp.schema.mof | 15 + .../MSFT_IntuneMobileAppsIOSLobApp/readme.md | 3 + .../settings.json | 32 ++ .../IntuneMobileAppsIOSLobApp/1-Create.ps1 | 32 ++ .../IntuneMobileAppsIOSLobApp/2-Update.ps1 | 32 ++ .../IntuneMobileAppsIOSLobApp/3-Remove.ps1 | 32 ++ ...365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 | 189 ++++++++ 8 files changed, 743 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 new file mode 100644 index 0000000000..e5e0c6b7da --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 @@ -0,0 +1,408 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + try + { + $instance = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + + if ($null -eq $instance) + { + $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id -ErrorAction Stop + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileApp by Id {$Id}." + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $instance = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileApp by DisplayName {$DisplayName}." + return $nullResult + } + } + + $results = @{ + Id = $instance.Id + DisplayName = $instance.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.remove('Id') | Out-Null + $setParameters.remove('Ensure') | Out-Null + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + New-MgBetaDeviceAppManagementMobileApp @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileApp -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof new file mode 100644 index 0000000000..28add1ac2a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneMobileAppsIOSLobApp")] +class MSFT_IntuneMobileAppsIOSLobApp : OMI_BaseResource +{ + [Key, Description("The name of the app category.")] String DisplayName; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md new file mode 100644 index 0000000000..b41aeb8da9 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md @@ -0,0 +1,3 @@ +# IntuneMobileAppsIOSLobApp + +## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json new file mode 100644 index 0000000000..e09fcf3ab7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "IntuneMobileAppsIOSLobApp", + "description": "Configures a resource for navigation property for Intune mobile app categories.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 new file mode 100644 index 0000000000..af89f735c1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsIOSLobApp "IntuneMobileAppsIOSLobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 new file mode 100644 index 0000000000..15243d392f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsIOSLobApp "IntuneMobileAppsIOSLobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management updated"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 new file mode 100644 index 0000000000..c480aed510 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneMobileAppsIOSLobApp "IntuneMobileAppsIOSLobApp-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Absent"; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 new file mode 100644 index 0000000000..a3503a7a3d --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 @@ -0,0 +1,189 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName New-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName Update-MgBetaDeviceAppManagementMobileApp -MockWith { + } + Mock -CommandName Remove-MgBetaDeviceAppManagementMobileApp -MockWith { + } + + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + #Test contexts + + Context -Name '1. The instance should exist but it DOES NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return $null + } + } + + It '1.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It '1.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '1.3 Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '2. The instance exists but it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '2.1 Should return values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It '2.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '2.3 Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '3. The instance exists and values are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '3.0 Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name '4. The instance exists and values are NOT in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management 1" #drift + } + } + } + + It '4.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It '4.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It '4.3 Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileApp -Exactly 1 + } + } + + Context -Name '5. ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + } + } + } + + It '5.1 Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 1184dcde5837c0dd594454019bb6d404b180aa5d Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Sat, 5 Oct 2024 16:53:04 -0700 Subject: [PATCH 06/19] Draft Intune DSC Derived Credential --- .../MSFT_IntuneDerivedCredential.psm1 | 364 ++++++++++++++++++ .../MSFT_IntuneDeviceCredential.schema.mof | 11 + .../MSFT_IntuneDerivedCredential/readme.md | 6 + .../settings.json | 32 ++ .../IntuneDerivedCredential/1-Create.ps1 | 36 ++ .../IntuneDerivedCredential/2-Update.ps1 | 36 ++ .../IntuneDerivedCredential/3-Remove.ps1 | 36 ++ ...ft365DSC.IntuneDerivedCredential.Tests.ps1 | 197 ++++++++++ 8 files changed, 718 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 new file mode 100644 index 0000000000..20481c9360 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -0,0 +1,364 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter(Mandatory=$true)] + [ValidateSet('intercede', 'entrust', 'disa purebred')] + [System.String] + $Issuer, + + [Parameter(Mandatory=$true)] + [ValidateSet('email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [System.String] + $NotificationType, + + [Parameter()] + [System.Int32] + $ThresholdPercentage, + + [Parameter()] + [System.String] + $Header + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + $instance = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + if ($null -eq $instance) + { + $instance = Get-MgBetaDeviceManagementDerivedCredential DerivedCredentialId $Id -ErrorAction Stop + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find DerivedCredential by Id {$Id}." + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $instance = Get-MgBetaDeviceManagementDerivedCredential ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + } + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find DerivedCredential by DisplayName {$DisplayName}." + return $nullResult + } + + $results = @{ + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $HelpUrl + Issuer = $Issuer + NotificationType = $NotificationType + ThresholdPercentage = $ThresholdPercentage + Header = $Header + + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter(Mandatory=$true)] + [ValidateSet('intercede', 'entrust', 'disa purebred')] + [System.String] + $Issuer, + + [Parameter(Mandatory=$true)] + [ValidateSet('email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [System.String] + $NotificationType, + + [Parameter()] + [System.Int32] + $ThresholdPercentage, + + [Parameter()] + [System.String] + $Header + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + New-MgBetaDeviceManagementDerivedCredential @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Update-MgBetaDeviceManagementDerivedCredential @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-MgBetaDeviceManagementDerivedCredential @SetParameters + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter(Mandatory=$true)] + [ValidateSet('intercede', 'entrust', 'disa purebred')] + [System.String] + $Issuer, + + [Parameter(Mandatory=$true)] + [ValidateSet('email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [System.String] + $NotificationType, + + [Parameter()] + [System.Int32] + $ThresholdPercentage, + + [Parameter()] + [System.String] + $Header + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter(Mandatory=$true)] + [ValidateSet('Intercede', 'Entrust', 'DISA Purebred')] + [System.String] + $Issuer, + + [Parameter(Mandatory=$true)] + [ValidateSet('Email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [System.String] + $NotificationType, + + [Parameter()] + [System.Int32] + $ThresholdPercentage, + + [Parameter()] + [System.Collections.IDictionary] + $Header + + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaDeviceManagementDerivedCredential -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $results = @{ + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $HelpUrl + Issuer = $Issuer + NotificationType = $NotificationType + ThresholdPercentage = $ThresholdPercentage + Header = $Header + + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof new file mode 100644 index 0000000000..c2940b1f3a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof @@ -0,0 +1,11 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceCredential")] +class MSFT_IntuneDeviceCredential : OMI_BaseResource +{ + [Key, Description("The name of the app category.")] String DisplayName; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] String HelpUrl; + [Write, Description("Supported values for the derived credential issuer."), ValueMap{"Intercede", "Entrust", "DISA Purebred"}, Values{"Intercede", "Entrust", "DISA Purebred"}] String Issuer; + [Write, Description("Supported values for the notification type to use."), ValueMap{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}, Values{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}] String NotificationType; + [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] uint32 ThresholdPercentage; + [Write, Description("Optional headers that will be added to the request.")] KeyValuePair[] Header; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md new file mode 100644 index 0000000000..5fb6aed2fe --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md @@ -0,0 +1,6 @@ + +# IntuneDerivedCredential + +## Description + +##Create new navigation property to derivedCredentials for deviceManagement diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json new file mode 100644 index 0000000000..a9201e88c8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "IntuneDerivedCredential", + "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement", + "roles": { + "read": [ + "Role" + ], + "update": [ + "Role" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + { + "name": "Permission for Monitoring and Export" + } + ], + "update": [ + { + "name": "Permission for deploying" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 new file mode 100644 index 0000000000..aa0fbaec31 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDerivedCredential "IntuneDerivedCredential-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + HelpUrl = "https://www.microsoft.com"; + Issuer = "DISA Purebred"; + NotificationType = "Email"; + ThresholdPercentage = 0; + } + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 new file mode 100644 index 0000000000..aa0fbaec31 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDerivedCredential "IntuneDerivedCredential-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + HelpUrl = "https://www.microsoft.com"; + Issuer = "DISA Purebred"; + NotificationType = "Email"; + ThresholdPercentage = 0; + } + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 new file mode 100644 index 0000000000..aa0fbaec31 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDerivedCredential "IntuneDerivedCredential-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + HelpUrl = "https://www.microsoft.com"; + Issuer = "DISA Purebred"; + NotificationType = "Email"; + ThresholdPercentage = 0; + } + + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 new file mode 100644 index 0000000000..1df65bd189 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 @@ -0,0 +1,197 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredentialy -MockWith { + } + Mock -CommandName New-MgBetaDeviceManagementDerivedCredential -MockWith { + } + Mock -CommandName Update-MgBetaDeviceManagementDerivedCredential -MockWith { + } + Mock -CommandName Remove-MgBetaDeviceManagementDerivedCredential -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $HelpUrl + Issuer = $Issuer + NotificationType = $NotificationType + ThresholdPercentage = $ThresholdPercentage + Header = $Header + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementDerivedCredential -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $HelpUrl + Issuer = $Issuer + NotificationType = $NotificationType + ThresholdPercentage = $ThresholdPercentage + Header = $Header + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDerivedCredential -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $HelpUrl + Issuer = $Issuer + NotificationType = $NotificationType + ThresholdPercentage = $ThresholdPercentage + Header = $Header + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $HelpUrl + Issuer = $Issuer + NotificationType = $NotificationType + ThresholdPercentage = $ThresholdPercentage + Header = $Header + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDerivedCredential -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 169384cd4942ff11659b6467d8d4bfb73316fd4f Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Sat, 5 Oct 2024 19:27:31 -0700 Subject: [PATCH 07/19] Draft Intune DSC Derived Credential --- .../settings.json | 64 ++++++++++--------- .../MSFT_IntuneDeviceCredential.schema.mof | 39 ++++++++--- .../IntuneDerivedCredential/1-Create.ps1 | 45 ++++++------- .../IntuneDerivedCredential/2-Update.ps1 | 45 ++++++------- .../IntuneDerivedCredential/3-Remove.ps1 | 46 ++++++------- 5 files changed, 126 insertions(+), 113 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json index 4096c4ae40..d91fe2f2da 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json @@ -1,34 +1,40 @@ { - "resourceName": "EXOMessageClassification", - "description": "", - "roles": { - "read": [ - "Global Reader" - ], - "update": [ - "Exchange Administrator" - ] - }, + "resourceName": "IntuneDerivedCredential", + "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement", + // "roles": { + // "read": [ + // "Global Reader" + // ], + // "update": [ + // "Intune Administrator" + // ] + // }, + "permissions": { - "graph": { - "delegated": { - "read": [], - "update": [] - }, - "application": { - "read": [], - "update": [] - } + "graph": { + "delegated": { + "read": [ + "DeviceManagementConfiguration.Read.All" + ], + "update": [ + "DeviceManagementConfiguration.ReadWrite.All" + ] }, - "exchange": { - "requiredroles": [ - "User Options", - "Data Loss Prevention", - "Transport Rules", - "View-Only Configuration", - "Mail Recipients" - ], - "requiredrolegroups": "Organization Management" + "application": { + "read": [ + "DeviceManagementConfiguration.Read.All" + ], + "update": [ + "DeviceManagementConfiguration.ReadWrite.All" + ] } + } } -} + } + +// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions + // OUTPUT: + // Permissions + // ----------- + // {} + // {} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof index c2940b1f3a..4f5994242a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof @@ -1,11 +1,32 @@ +[ClassVersion("1.0.0.0"), Description("Represents a key-value pair.")] +class KeyValuePair { + [Key, Description("The key of the dictionary entry.")] + string Key; + + [Description("The value of the dictionary entry.")] + string Value; +}; + [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceCredential")] -class MSFT_IntuneDeviceCredential : OMI_BaseResource -{ - [Key, Description("The name of the app category.")] String DisplayName; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] String HelpUrl; - [Write, Description("Supported values for the derived credential issuer."), ValueMap{"Intercede", "Entrust", "DISA Purebred"}, Values{"Intercede", "Entrust", "DISA Purebred"}] String Issuer; - [Write, Description("Supported values for the notification type to use."), ValueMap{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}, Values{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}] String NotificationType; - [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] uint32 ThresholdPercentage; - [Write, Description("Optional headers that will be added to the request.")] KeyValuePair[] Header; +class MSFT_IntuneDeviceCredential : OMI_BaseResource { + [Key, Description("The name of the app category.")] + string DisplayName; + + [Write, Description("The unique identifier for an entity. Read-only.")] + string Id; + + [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] + string HelpUrl; + + [Write, Description("Supported values for the derived credential issuer."), ValueMap{"Intercede", "Entrust", "DISA Purebred"}, Values{"Intercede", "Entrust", "DISA Purebred"}] + string Issuer; + + [Write, Description("Supported values for the notification type to use."), ValueMap{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}, Values{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}] + string NotificationType; + + [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] + uint32 ThresholdPercentage; + + [Write, Description("Optional headers that will be added to the request.")] + KeyValuePair[] Header; }; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 index aa0fbaec31..07f1840e08 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 @@ -1,36 +1,31 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ +<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> +Configuration Example { param( [Parameter()] - [System.String] - $ApplicationId, + [System.String] $ApplicationId, [Parameter()] - [System.String] - $TenantId, + [System.String] $TenantId, [Parameter()] - [System.String] - $CertificateThumbprint + [System.String] $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneDerivedCredential "IntuneDerivedCredential-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Present"; - HelpUrl = "https://www.microsoft.com"; - Issuer = "DISA Purebred"; - NotificationType = "Email"; - ThresholdPercentage = 0; - } + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" + DisplayName = "Custom Data Management" + Ensure = "Present" + HelpUrl = "https://www.microsoft.com" + Issuer = "DISA Purebred" + NotificationType = "Email" + ThresholdPercentage = 0 + Header = @( + [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } + [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } + ) + } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 index aa0fbaec31..07f1840e08 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 @@ -1,36 +1,31 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ +<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> +Configuration Example { param( [Parameter()] - [System.String] - $ApplicationId, + [System.String] $ApplicationId, [Parameter()] - [System.String] - $TenantId, + [System.String] $TenantId, [Parameter()] - [System.String] - $CertificateThumbprint + [System.String] $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneDerivedCredential "IntuneDerivedCredential-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Present"; - HelpUrl = "https://www.microsoft.com"; - Issuer = "DISA Purebred"; - NotificationType = "Email"; - ThresholdPercentage = 0; - } + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" + DisplayName = "Custom Data Management" + Ensure = "Present" + HelpUrl = "https://www.microsoft.com" + Issuer = "DISA Purebred" + NotificationType = "Email" + ThresholdPercentage = 0 + Header = @( + [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } + [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } + ) + } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 index aa0fbaec31..a6c927219e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 @@ -1,36 +1,32 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ +<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> +Configuration Example { param( [Parameter()] - [System.String] - $ApplicationId, + [System.String] $ApplicationId, [Parameter()] - [System.String] - $TenantId, + [System.String] $TenantId, [Parameter()] - [System.String] - $CertificateThumbprint + [System.String] $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneDerivedCredential "IntuneDerivedCredential-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Present"; - HelpUrl = "https://www.microsoft.com"; - Issuer = "DISA Purebred"; - NotificationType = "Email"; - ThresholdPercentage = 0; - } + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" + DisplayName = "Custom Data Management" + Ensure = "Present" + HelpUrl = "https://www.microsoft.com" + Issuer = "DISA Purebred" + NotificationType = "Email" + ThresholdPercentage = 0 + Header = @( + [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } + [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } + ) + } } } + From 0bc12921b89a47d2d6258eac8b8ca1bb39ea08d2 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Sat, 5 Oct 2024 20:01:31 -0700 Subject: [PATCH 08/19] Draft Intune DSC Derived Credential --- .../settings.json | 64 +++++++++---------- .../MSFT_IntuneDerivedCredential.psm1 | 6 +- .../settings.json | 60 +++++++++-------- 3 files changed, 66 insertions(+), 64 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json index d91fe2f2da..4096c4ae40 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json @@ -1,40 +1,34 @@ { - "resourceName": "IntuneDerivedCredential", - "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement", - // "roles": { - // "read": [ - // "Global Reader" - // ], - // "update": [ - // "Intune Administrator" - // ] - // }, - + "resourceName": "EXOMessageClassification", + "description": "", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, "permissions": { - "graph": { - "delegated": { - "read": [ - "DeviceManagementConfiguration.Read.All" - ], - "update": [ - "DeviceManagementConfiguration.ReadWrite.All" - ] + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } }, - "application": { - "read": [ - "DeviceManagementConfiguration.Read.All" - ], - "update": [ - "DeviceManagementConfiguration.ReadWrite.All" - ] + "exchange": { + "requiredroles": [ + "User Options", + "Data Loss Prevention", + "Transport Rules", + "View-Only Configuration", + "Mail Recipients" + ], + "requiredrolegroups": "Organization Management" } - } } - } - -// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions - // OUTPUT: - // Permissions - // ----------- - // {} - // {} +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 index 20481c9360..874df581fe 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -31,7 +31,7 @@ function Get-TargetResource $ThresholdPercentage, [Parameter()] - [System.String] + [System.Collections.IDictionary] $Header ) @@ -139,7 +139,7 @@ function Set-TargetResource $ThresholdPercentage, [Parameter()] - [System.String] + [System.Collections.IDictionary] $Header ) @@ -209,7 +209,7 @@ function Test-TargetResource $ThresholdPercentage, [Parameter()] - [System.String] + [System.Collections.IDictionary] $Header ) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json index a9201e88c8..f4606a14af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json @@ -1,32 +1,40 @@ { "resourceName": "IntuneDerivedCredential", "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement", - "roles": { - "read": [ - "Role" - ], - "update": [ - "Role" - ] - }, + // "roles": { + // "read": [ + // "Global Reader" + // ], + // "update": [ + // "Intune Administrator" + // ] + // }, + "permissions": { - "graph": { - "delegated": { - "read": [], - "update": [] - }, - "application": { - "read": [ - { - "name": "Permission for Monitoring and Export" - } - ], - "update": [ - { - "name": "Permission for deploying" - } - ] - } + "graph": { + "delegated": { + "read": [ + "DeviceManagementConfiguration.Read.All" + ], + "update": [ + "DeviceManagementConfiguration.ReadWrite.All" + ] + }, + "application": { + "read": [ + "DeviceManagementConfiguration.Read.All" + ], + "update": [ + "DeviceManagementConfiguration.ReadWrite.All" + ] } + } } -} + } + +// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions + // OUTPUT: + // Permissions + // ----------- + // {} + // {} From 4777f6c7fab51225b66c95d7204dfa700a35c9f5 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Sun, 6 Oct 2024 22:11:01 -0700 Subject: [PATCH 09/19] Draft Intune DSC Derived Credential --- .../MSFT_IntuneDerivedCredential.psm1 | 292 ++++++++++++------ .../MSFT_IntuneDerivedCredential.schema..mof | 29 ++ .../MSFT_IntuneDeviceCredential.schema.mof | 32 -- 3 files changed, 227 insertions(+), 126 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 index 874df581fe..fc43dfdeec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -1,14 +1,12 @@ -function Get-TargetResource -{ +function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] - param - ( + param ( [Parameter()] [System.String] $Id, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $DisplayName, @@ -16,24 +14,51 @@ function Get-TargetResource [System.String] $HelpUrl, - [Parameter(Mandatory=$true)] - [ValidateSet('intercede', 'entrust', 'disa purebred')] + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] [System.String] $Issuer, - [Parameter(Mandatory=$true)] - [ValidateSet('email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] [System.String] - $NotificationType, + $CertificateThumbprint, [Parameter()] - [System.Int32] - $ThresholdPercentage, + [Switch] + $ManagedIdentity, [Parameter()] - [System.Collections.IDictionary] - $Header + [System.String[]] + $AccessTokens + ) + Write-Host "Host: start of get." New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters | Out-Null @@ -52,6 +77,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' + try { $instance = $null @@ -59,39 +85,48 @@ function Get-TargetResource { $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} } + if ($null -eq $instance) { - $instance = Get-MgBetaDeviceManagementDerivedCredential DerivedCredentialId $Id -ErrorAction Stop + $instance = Get-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $Id -ErrorAction Stop if ($null -eq $instance) { - Write-Verbose -Message "Could not find DerivedCredential by Id {$Id}." + Write-Verbose -Message "Could not find Derived Credential by Id {$Id}." if (-Not [string]::IsNullOrEmpty($DisplayName)) { $instance = Get-MgBetaDeviceManagementDerivedCredential ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue - } - } - } - if ($null -eq $instance) - { - Write-Verbose -Message "Could not find DerivedCredential by DisplayName {$DisplayName}." - return $nullResult - } + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find Derived Credential by DisplayName {$DisplayName}." + return $nullResult + } + } + + } + } + Write-Host "Values of Instance Id: $($instance.Id), DisplayName: $($instance.DisplayName), HelpUrl: $($instance.HelpUrl), Issuer: $($instance.Issuer), NotificationType: $($instance.NotificationType)" $results = @{ Ensure = 'Present' Id = $instance.Id DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header - + HelpUrl = $instance.HelpUrl + Issuer = $instance.Issuer + NotificationType = $instance.NotificationType + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } + Write-Host "Values of Results:: Id: $($results.Id), DisplayName: $($results.DisplayName), HelpUrl: $($results.HelpUrl), Issuer: $($results.Issuer), NotificationType: $($results.NotificationType)" + return [System.Collections.Hashtable] $results } catch @@ -107,16 +142,14 @@ function Get-TargetResource } } -function Set-TargetResource -{ +function Set-TargetResource { [CmdletBinding()] - param - ( + param ( [Parameter()] [System.String] $Id, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $DisplayName, @@ -124,23 +157,48 @@ function Set-TargetResource [System.String] $HelpUrl, - [Parameter(Mandatory=$true)] - [ValidateSet('intercede', 'entrust', 'disa purebred')] + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] [System.String] $Issuer, - [Parameter(Mandatory=$true)] - [ValidateSet('email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure='Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] [System.String] - $NotificationType, + $CertificateThumbprint, [Parameter()] - [System.Int32] - $ThresholdPercentage, + [Switch] + $ManagedIdentity, [Parameter()] - [System.Collections.IDictionary] - $Header + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -158,6 +216,8 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.remove('Id') | Out-Null + $setParameters.remove('Ensure') | Out-Null # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') @@ -167,26 +227,24 @@ function Set-TargetResource # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Update-MgBetaDeviceManagementDerivedCredential @SetParameters + Update-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $currentInstance.Id @SetParameters } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Remove-MgBetaDeviceManagementDerivedCredential @SetParameters + Remove-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $currentInstance.Id -Confirm:$false } } -function Test-TargetResource -{ +function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] - param - ( + param ( [Parameter()] [System.String] $Id, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $DisplayName, @@ -194,26 +252,50 @@ function Test-TargetResource [System.String] $HelpUrl, - [Parameter(Mandatory=$true)] - [ValidateSet('intercede', 'entrust', 'disa purebred')] + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] [System.String] $Issuer, - [Parameter(Mandatory=$true)] - [ValidateSet('email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] [System.String] - $NotificationType, + $CertificateThumbprint, [Parameter()] - [System.Int32] - $ThresholdPercentage, + [Switch] + $ManagedIdentity, [Parameter()] - [System.Collections.IDictionary] - $Header + [System.String[]] + $AccessTokens ) - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies #region Telemetry @@ -241,17 +323,15 @@ function Test-TargetResource return $testResult } -function Export-TargetResource -{ +function Export-TargetResource { [CmdletBinding()] [OutputType([System.String])] - param - ( + param ( [Parameter()] [System.String] $Id, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $DisplayName, @@ -259,28 +339,52 @@ function Export-TargetResource [System.String] $HelpUrl, - [Parameter(Mandatory=$true)] - [ValidateSet('Intercede', 'Entrust', 'DISA Purebred')] + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] [System.String] $Issuer, - [Parameter(Mandatory=$true)] - [ValidateSet('Email', 'Company Portal (iOS) Microsoft Intune (Android) app')] + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] [System.String] - $NotificationType, + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, [Parameter()] - [System.Int32] - $ThresholdPercentage, + [System.String] + $CertificateThumbprint, [Parameter()] - [System.Collections.IDictionary] - $Header + [Switch] + $ManagedIdentity, + [Parameter()] + [System.String[]] + $AccessTokens ) + Write-Host "Host: start of export." $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -311,24 +415,23 @@ function Export-TargetResource } foreach ($config in $Script:exportedInstances) { - if ($null -ne $Global:M365DSCExportResourceInstancesCount) - { - $Global:M365DSCExportResourceInstancesCount++ - } - $displayedKey = $config.Id Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline - $results = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header - - } + $params = @{ + Ensure = 'Present' + Id = $config.Id + DisplayName = $config.DisplayName + HelpUrl = $config.HelpUrl + Issuer = $config.Issuer + NotificationType = $config.NotificationType + Credential = $Credential + AccessTokens = $AccessTokens + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` @@ -359,6 +462,7 @@ function Export-TargetResource return '' } + } Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof new file mode 100644 index 0000000000..990a94b0d6 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof @@ -0,0 +1,29 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDerivedCredential")] +class MSFT_IntuneDerivedCredential : OMI_BaseResource { + [Write, Description("The name of the app category.")] + String DisplayName; + + [Write, Description("The unique identifier for an entity. Read-only.")] + String Id; + + [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] + String HelpUrl; + + [Write, Description("Supported values for the derived credential issuer."), ValueMap{"intercede", "entrustDatacard", "purebred"}, Values{"intercede", "entrustDatacard", "purebred"}] + String Issuer; + + [Write, Description("Supported values for the notification type to use."), ValueMap{"none", "email", "companyPortal"}, Values{"none", "email", "companyPortal"}] + String NotificationType = "none"; // Default value is set to "none" + + [Write, Description("Supported values for the notification type to use."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] + String Ensure = "Present"; // Default value is set to "none" + + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; + +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof deleted file mode 100644 index 4f5994242a..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof +++ /dev/null @@ -1,32 +0,0 @@ -[ClassVersion("1.0.0.0"), Description("Represents a key-value pair.")] -class KeyValuePair { - [Key, Description("The key of the dictionary entry.")] - string Key; - - [Description("The value of the dictionary entry.")] - string Value; -}; - -[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceCredential")] -class MSFT_IntuneDeviceCredential : OMI_BaseResource { - [Key, Description("The name of the app category.")] - string DisplayName; - - [Write, Description("The unique identifier for an entity. Read-only.")] - string Id; - - [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] - string HelpUrl; - - [Write, Description("Supported values for the derived credential issuer."), ValueMap{"Intercede", "Entrust", "DISA Purebred"}, Values{"Intercede", "Entrust", "DISA Purebred"}] - string Issuer; - - [Write, Description("Supported values for the notification type to use."), ValueMap{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}, Values{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}] - string NotificationType; - - [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] - uint32 ThresholdPercentage; - - [Write, Description("Optional headers that will be added to the request.")] - KeyValuePair[] Header; -}; From 38d6efce11056e789fd94cd0cdc5e3f63e0edc7c Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Tue, 8 Oct 2024 01:07:14 -0700 Subject: [PATCH 10/19] Cleaned up, tested and added UTs. --- CHANGELOG.md | 2 + .../MSFT_IntuneDerivedCredential.psm1 | 112 ++++++++++------ ...> MSFT_IntuneDerivedCredential.schema.mof} | 36 ++--- .../MSFT_IntuneDerivedCredential/readme.md | 2 +- .../settings.json | 25 +--- ...SFT_IntuneMobileAppsMacOSLobApp.schema.mof | 4 +- .../IntuneDerivedCredential/1-Create.ps1 | 20 ++- .../IntuneDerivedCredential/2-Update.ps1 | 20 ++- .../IntuneDerivedCredential/3-Remove.ps1 | 21 ++- .../IntuneMobileAppsMacOSLobApp/1-Create.ps1 | 8 +- .../IntuneMobileAppsMacOSLobApp/2-Update.ps1 | 8 +- ...ft365DSC.IntuneDerivedCredential.Tests.ps1 | 125 ++++++++++-------- Tests/Unit/Stubs/Microsoft365.psm1 | 69 ++++++++++ 13 files changed, 270 insertions(+), 182 deletions(-) rename Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/{MSFT_IntuneDerivedCredential.schema..mof => MSFT_IntuneDerivedCredential.schema.mof} (61%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 165117b676..e7c6c08668 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* IntuneDerivedCredential + * Initial release. * AADAdminConsentRequestPolicy * Initial release. * AADApplication diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 index fc43dfdeec..4c004cfee1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -2,11 +2,14 @@ function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( + + #region resource params + [Parameter()] [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -24,6 +27,12 @@ function Get-TargetResource { [System.String] $NotificationType = 'none', + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -58,7 +67,6 @@ function Get-TargetResource { $AccessTokens ) - Write-Host "Host: start of get." New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters | Out-Null @@ -105,27 +113,25 @@ function Get-TargetResource { return $nullResult } } - } - } - Write-Host "Values of Instance Id: $($instance.Id), DisplayName: $($instance.DisplayName), HelpUrl: $($instance.HelpUrl), Issuer: $($instance.Issuer), NotificationType: $($instance.NotificationType)" + $results = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $instance.HelpUrl - Issuer = $instance.Issuer - NotificationType = $instance.NotificationType - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $instance.HelpUrl + Issuer = $instance.Issuer.ToString() + NotificationType = $instance.NotificationType.ToString() + RenewalThresholdPercentage = $instance.RenewalThresholdPercentage + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } - Write-Host "Values of Results:: Id: $($results.Id), DisplayName: $($results.DisplayName), HelpUrl: $($results.HelpUrl), Issuer: $($results.Issuer), NotificationType: $($results.NotificationType)" return [System.Collections.Hashtable] $results } @@ -145,11 +151,14 @@ function Get-TargetResource { function Set-TargetResource { [CmdletBinding()] param ( + + #region resource params + [Parameter()] [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -162,6 +171,12 @@ function Set-TargetResource { [System.String] $Issuer, + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + [Parameter()] [ValidateSet('none', 'email', 'companyPortal')] [System.String] @@ -224,11 +239,6 @@ function Set-TargetResource { { New-MgBetaDeviceManagementDerivedCredential @SetParameters } - # UPDATE - elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') - { - Update-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $currentInstance.Id @SetParameters - } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -240,11 +250,14 @@ function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( + + #region resource params + [Parameter()] [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -262,6 +275,12 @@ function Test-TargetResource { [System.String] $NotificationType = 'none', + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -327,6 +346,9 @@ function Export-TargetResource { [CmdletBinding()] [OutputType([System.String])] param ( + + #region resource params + [Parameter()] [System.String] $Id, @@ -349,10 +371,17 @@ function Export-TargetResource { [System.String] $NotificationType = 'none', + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -381,7 +410,6 @@ function Export-TargetResource { [System.String[]] $AccessTokens ) - Write-Host "Host: start of export." $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -417,20 +445,22 @@ function Export-TargetResource { { $displayedKey = $config.Id Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ - Ensure = 'Present' - Id = $config.Id - DisplayName = $config.DisplayName - HelpUrl = $config.HelpUrl - Issuer = $config.Issuer - NotificationType = $config.NotificationType - Credential = $Credential - AccessTokens = $AccessTokens - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + Ensure = 'Present' + Id = $config.Id + DisplayName = $config.DisplayName + HelpUrl = $config.HelpUrl + Issuer = $config.Issuer.ToString() + NotificationType = $config.NotificationType.ToString() + RenewalThresholdPercentage = $config.RenewalThresholdPercentage + Credential = $Credential + AccessTokens = $AccessTokens + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } $Results = Get-TargetResource @Params @@ -448,6 +478,7 @@ function Export-TargetResource { $i++ Write-Host $Global:M365DSCEmojiGreenCheckMark } + return $dscContent } catch @@ -462,7 +493,6 @@ function Export-TargetResource { return '' } - } Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof similarity index 61% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof index 990a94b0d6..e893173409 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof @@ -1,29 +1,31 @@ [ClassVersion("1.0.0.0"), FriendlyName("IntuneDerivedCredential")] -class MSFT_IntuneDerivedCredential : OMI_BaseResource { - [Write, Description("The name of the app category.")] - String DisplayName; +class MSFT_IntuneDerivedCredential : OMI_BaseResource +{ + [Key, Description("The name of the app category.")] String DisplayName; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("The unique identifier for an entity. Read-only.")] - String Id; + [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] String HelpUrl; + [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] Uint32 RenewalThresholdPercentage; + [Write, Description("Supported values for the derived credential issuer."), + ValueMap{"intercede", "entrustDatacard", "purebred"}, + Values{"intercede", "entrustDatacard", "purebred"}] + String Issuer; - [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] - String HelpUrl; + [Write, Description("Supported values for the notification type to use."), + ValueMap{"none", "email", "companyPortal"}, + Values{"none", "email", "companyPortal"}] + String NotificationType; - [Write, Description("Supported values for the derived credential issuer."), ValueMap{"intercede", "entrustDatacard", "purebred"}, Values{"intercede", "entrustDatacard", "purebred"}] - String Issuer; + [Write, Description("Supported values for the notification type to use."), + ValueMap{"Present", "Absent"}, + Values{"Present", "Absent"}] + String Ensure; - [Write, Description("Supported values for the notification type to use."), ValueMap{"none", "email", "companyPortal"}, Values{"none", "email", "companyPortal"}] - String NotificationType = "none"; // Default value is set to "none" - - [Write, Description("Supported values for the notification type to use."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] - String Ensure = "Present"; // Default value is set to "none" - - [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] String Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; - }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md index 5fb6aed2fe..124a837b06 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md @@ -3,4 +3,4 @@ ## Description -##Create new navigation property to derivedCredentials for deviceManagement +## Create new navigation property to derivedCredentials for deviceManagement for Intune. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json index f4606a14af..1ca28f6ad4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json @@ -1,40 +1,25 @@ { "resourceName": "IntuneDerivedCredential", - "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement", - // "roles": { - // "read": [ - // "Global Reader" - // ], - // "update": [ - // "Intune Administrator" - // ] - // }, + "description": "Use this resource to create new navigation property to derivedCredentials for device Management in Intune.", "permissions": { "graph": { "delegated": { "read": [ - "DeviceManagementConfiguration.Read.All" + "" ], "update": [ - "DeviceManagementConfiguration.ReadWrite.All" + "" ] }, "application": { "read": [ - "DeviceManagementConfiguration.Read.All" + "" ], "update": [ - "DeviceManagementConfiguration.ReadWrite.All" + "" ] } } } } - -// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions - // OUTPUT: - // Permissions - // ----------- - // {} - // {} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof index 88248b6460..c2aaec8d81 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof @@ -13,11 +13,11 @@ class MSFT_IntuneMobileAppsMacOSLobApp : OMI_BaseResource [Write, Description("The privacy statement Url. Inherited from mobileApp.")] String PrivacyInformationUrl; [Write, Description("The publisher of the app. Inherited from mobileApp.")] String Publisher; [Write, Description("The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp."), ValueMap{"notPublished", "processing","published"}, Values{"notPublished", "processing", "published"}] String PublishingState; - [Write, Description("The bundleId of the app.")] String BundleId; + [Write, Description("The bundleId of the app.")] String BundleId; [Write, Description("The build number of the app.")] String BuildNumber; [Write, Description("The version number of the app.")] String VersionNumber; [Write, Description("List of Scope Tag IDs for mobile app.")] String RoleScopeTagIds[]; - [Write, Description("Wether to ignore the version of the app or not.")] Boolean IgnoreVersionDetection; + [Write, Description("Whether to ignore the version of the app or not.")] Boolean IgnoreVersionDetection; [Write, Description("The icon for this app."), EmbeddedInstance("MSFT_DeviceManagementMimeContent")] String LargeIcon; [Write, Description("The list of categories for this app."), EmbeddedInstance("MSFT_DeviceManagementMobileAppCategory")] String Categories[]; [Write, Description("The list of assignments for this app."), EmbeddedInstance("MSFT_DeviceManagementMobileAppAssignment")] String Assignments[]; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 index 07f1840e08..04a9cefe20 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 @@ -14,18 +14,14 @@ Configuration Example { Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" - DisplayName = "Custom Data Management" - Ensure = "Present" - HelpUrl = "https://www.microsoft.com" - Issuer = "DISA Purebred" - NotificationType = "Email" - ThresholdPercentage = 0 - Header = @( - [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } - [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } - ) + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Present"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 index 07f1840e08..04a9cefe20 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 @@ -14,18 +14,14 @@ Configuration Example { Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" - DisplayName = "Custom Data Management" - Ensure = "Present" - HelpUrl = "https://www.microsoft.com" - Issuer = "DISA Purebred" - NotificationType = "Email" - ThresholdPercentage = 0 - Header = @( - [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } - [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } - ) + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Present"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 index a6c927219e..4c67edeead 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 @@ -14,19 +14,14 @@ Configuration Example { Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" - DisplayName = "Custom Data Management" - Ensure = "Present" - HelpUrl = "https://www.microsoft.com" - Issuer = "DISA Purebred" - NotificationType = "Email" - ThresholdPercentage = 0 - Header = @( - [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } - [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } - ) + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Absent"; } } } - diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 index 1998735068..88d09f9512 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 @@ -37,20 +37,20 @@ Configuration Example Publisher = "Contoso"; PublishingState = "published"; Assignments = @( - MSFT_DeviceManagementMobileAppAssignment{ - groupDisplayName = 'All devices' + MSFT_DeviceManagementMobileAppAssignment { + groupDisplayName = 'All devices' source = 'direct' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' + } MSFT_DeviceManagementMobileAppAssignment{ deviceAndAppManagementAssignmentFilterType = 'none' source = 'direct' dataType = '#microsoft.graph.groupAssignmentTarget' groupId = '57b5e81c-85bb-4644-a4fd-33b03e451c89' intent = 'required' - } - }); + }); Categories = @(MSFT_DeviceManagementMobileAppCategory { id = '1bff2652-03ec-4a48-941c-152e93736515' displayName = 'Kajal 3' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 index dccf286c8b..e54b97d9c5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 @@ -37,20 +37,20 @@ Configuration Example Publisher = "Contoso"; PublishingState = "published"; Assignments = @( - MSFT_DeviceManagementMobileAppAssignment{ + MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' source = 'direct' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' - MSFT_DeviceManagementMobileAppAssignment{ + }, + MSFT_DeviceManagementMobileAppAssignment { deviceAndAppManagementAssignmentFilterType = 'none' source = 'direct' dataType = '#microsoft.graph.groupAssignmentTarget' groupId = '57b5e81c-85bb-4644-a4fd-33b03e451c89' intent = 'required' - } - }); + }); Categories = @(MSFT_DeviceManagementMobileAppCategory { id = '1bff2652-03ec-4a48-941c-152e93736515' displayName = 'Kajal 3' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 index 1df65bd189..479cb308f4 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 @@ -39,140 +39,149 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Write-Host -MockWith { } - Mock -CommandName Get-MgBetaDeviceManagementDerivedCredentialy -MockWith { + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { } Mock -CommandName New-MgBetaDeviceManagementDerivedCredential -MockWith { } - Mock -CommandName Update-MgBetaDeviceManagementDerivedCredential -MockWith { - } Mock -CommandName Remove-MgBetaDeviceManagementDerivedCredential -MockWith { } $Script:exportedInstances =$null $Script:ExportMode = $false } + # Test contexts - Context -Name "The instance should exist but it DOES NOT" -Fixture { + Context -Name " 1. The instance should exist but it DOES NOT" -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential } Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { return $null } } - It 'Should return Values from the Get method' { + It ' 1.1 Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } - It 'Should return false from the Test method' { + It ' 1.2 Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should create a new instance from the Set method' { + It ' 1.3 Should create a new instance from the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName New-MgBetaDeviceManagementDerivedCredential -Exactly 1 } } - Context -Name "The instance exists but it SHOULD NOT" -Fixture { + Context -Name " 2. The instance exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential } Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { return @{ - + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; } } } - It 'Should return Values from the Get method' { + It ' 2.1 Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return false from the Test method' { + It ' 2.2 Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should remove the instance from the Set method' { + It ' 2.3 Should remove the instance from the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Remove-MgBetaDeviceManagementDerivedCredential -Exactly 1 } } - Context -Name "The instance exists and values are already in the desired state" -Fixture { + Context -Name " 3. The instance exists and values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential } Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { return @{ - + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; } } } - It 'Should return true from the Test method' { + It ' 3.0 Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + Context -Name " 4. The instance exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential } Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { return @{ - + DisplayName = "K5 drift"; #drift + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; } } } - It 'Should return Values from the Get method' { + It ' 4.1 Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return false from the Test method' { + It ' 4.2 Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should call the Set method' { + # Update is not allowed on DerivedCredential resource so it should be called 0 times. + It ' 4.3 Should call the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceManagementDerivedCredential -Exactly 1 + Should -Invoke -CommandName Update-MgBetaDeviceManagementDerivedCredential -Exactly 0 } } - Context -Name 'ReverseDSC Tests' -Fixture { + Context -Name ' 5. ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -182,11 +191,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { return @{ - + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; } } } - It 'Should Reverse Engineer resource from the Export method' { + It ' 5.0 Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 2ab603a280..9530dae2ac 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -19348,6 +19348,75 @@ function Get-MgBetaDeviceManagementGroupPolicyConfigurationAssignment ) } +New-MgBetaDeviceManagementDerivedCredential { + + [CmdletBinding()] + param ( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none' + ) +} + +Get-MgBetaDeviceManagementDerivedCredential { + [CmdletBinding()] + param ( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none' + ) +} + +Remove-MgBetaDeviceManagementDerivedCredential +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $DerivedCredentialId, + + [Parameter()] + [System.Boolean] + $Confirm + ) +} + function New-MgBetaDeviceAppManagementMobileApp { [CmdletBinding()] param ( From 4b500dab5407cfdc5017c46658baed2bdec6e0c1 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Tue, 8 Oct 2024 10:18:22 -0700 Subject: [PATCH 11/19] Fixed a typo in example to make the PR validation pass. --- .../Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 index e54b97d9c5..f5a8380f86 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 @@ -36,14 +36,14 @@ Configuration Example PrivacyInformationUrl = ""; Publisher = "Contoso"; PublishingState = "published"; - Assignments = @( + Assignments = @( MSFT_DeviceManagementMobileAppAssignment { - groupDisplayName = 'All devices' + groupDisplayName = 'All devices' source = 'direct' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' - }, + } MSFT_DeviceManagementMobileAppAssignment { deviceAndAppManagementAssignmentFilterType = 'none' source = 'direct' From d8d461192db01e7251da00569b592cb33733be8f Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Tue, 8 Oct 2024 13:04:08 -0700 Subject: [PATCH 12/19] updating perms settings to pass PR validation. --- .../DSCResources/MSFT_IntuneDerivedCredential/settings.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json index 1ca28f6ad4..488bd5b384 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json @@ -6,18 +6,14 @@ "graph": { "delegated": { "read": [ - "" ], "update": [ - "" ] }, "application": { "read": [ - "" ], "update": [ - "" ] } } From cfa471c3e7540ade104e9bf848153b13b1aed53b Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Wed, 9 Oct 2024 16:25:17 -0700 Subject: [PATCH 13/19] Delete the accidental merge from topic branches. --- .../MSFT_IntuneMobileAppsAndroidLobApp.psm1 | 408 ------------------ ...T_IntuneMobileAppsAndroidLobApp.schema.mof | 15 - .../readme.md | 3 - .../settings.json | 32 -- .../MSFT_IntuneMobileAppsIOSLobApp.psm1 | 408 ------------------ .../MSFT_IntuneMobileAppsIOSLobApp.schema.mof | 15 - .../MSFT_IntuneMobileAppsIOSLobApp/readme.md | 3 - .../settings.json | 32 -- .../MSFT_IntuneMobileAppsWin32LobApp.psm1 | 408 ------------------ ...SFT_IntuneMobileAppsWin32LobApp.schema.mof | 15 - .../readme.md | 5 - .../settings.json | 32 -- .../IntuneDerivedCredential/1-Create.ps1 | 31 -- .../IntuneDerivedCredential/2-Update.ps1 | 31 -- .../IntuneDerivedCredential/3-Remove.ps1 | 32 -- .../1-Create.ps1 | 32 -- .../2-Update.ps1 | 32 -- .../3-Remove.ps1 | 32 -- .../IntuneMobileAppsIOSLobApp/1-Create.ps1 | 32 -- .../IntuneMobileAppsIOSLobApp/2-Update.ps1 | 32 -- .../IntuneMobileAppsIOSLobApp/3-Remove.ps1 | 32 -- .../IntuneMobileAppsWin32LobApp/1-Create.ps1 | 29 -- .../IntuneMobileAppsWin32LobApp/2-Update.ps1 | 29 -- .../IntuneMobileAppsWin32LobApp/3-Remove.ps1 | 28 -- ...ft365DSC.IntuneDerivedCredential.Tests.ps1 | 197 --------- ...65DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 | 189 -------- ...SC.IntuneMobileAppsAndroidLobApp.Tests.ps1 | 189 -------- ...365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 | 189 -------- 28 files changed, 2512 deletions(-) delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 delete mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 delete mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 delete mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 delete mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 deleted file mode 100644 index e5e0c6b7da..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.psm1 +++ /dev/null @@ -1,408 +0,0 @@ -function Get-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - try - { - $instance = $null - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} - } - - if ($null -eq $instance) - { - $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id -ErrorAction Stop - - if ($null -eq $instance) - { - Write-Verbose -Message "Could not find MobileApp by Id {$Id}." - - if (-Not [string]::IsNullOrEmpty($DisplayName)) - { - $instance = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue - } - } - - if ($null -eq $instance) - { - Write-Verbose -Message "Could not find MobileApp by DisplayName {$DisplayName}." - return $nullResult - } - } - - $results = @{ - Id = $instance.Id - DisplayName = $instance.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - return [System.Collections.Hashtable] $results - } - catch - { - Write-Verbose -Message $_ - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return $nullResult - } -} - -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentInstance = Get-TargetResource @PSBoundParameters - - $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $setParameters.remove('Id') | Out-Null - $setParameters.remove('Ensure') | Out-Null - - # CREATE - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') - { - New-MgBetaDeviceAppManagementMobileApp @SetParameters - } - # UPDATE - elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') - { - Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id @SetParameters - } - # REMOVE - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Remove-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -Confirm:$false - } -} - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - - $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - - Write-Verbose -Message "Test-TargetResource returned $testResult" - - return $testResult -} - -function Export-TargetResource -{ - [CmdletBinding()] - [OutputType([System.String])] - param - ( - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - try - { - $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileApp -ErrorAction Stop - - $i = 1 - $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) - { - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - else - { - Write-Host "`r`n" -NoNewline - } - foreach ($config in $Script:exportedInstances) - { - $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline - $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - - $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - return $dscContent - } - catch - { - Write-Host $Global:M365DSCEmojiRedX - - New-M365DSCLogEntry -Message 'Error during Export:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return '' - } -} - -Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof deleted file mode 100644 index f637f5d71b..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/MSFT_IntuneMobileAppsAndroidLobApp.schema.mof +++ /dev/null @@ -1,15 +0,0 @@ -[ClassVersion("1.0.0.0"), FriendlyName("IntuneMobileAppsAndroidLobApp")] -class MSFT_IntuneMobileAppsAndroidLobApp : OMI_BaseResource -{ - [Key, Description("The name of the app.")] String DisplayName; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - - [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; - [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; - [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; - [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; - [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md deleted file mode 100644 index 99fc165230..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# IntuneMobileAppsAndroidLobApp - -## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json deleted file mode 100644 index 439af65889..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsAndroidLobApp/settings.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "resourceName": "IntuneMobileAppsAndroidLobApp", - "description": "This resource configures an Intune mobile app.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - } - } - } -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 deleted file mode 100644 index e5e0c6b7da..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.psm1 +++ /dev/null @@ -1,408 +0,0 @@ -function Get-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - try - { - $instance = $null - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} - } - - if ($null -eq $instance) - { - $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id -ErrorAction Stop - - if ($null -eq $instance) - { - Write-Verbose -Message "Could not find MobileApp by Id {$Id}." - - if (-Not [string]::IsNullOrEmpty($DisplayName)) - { - $instance = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue - } - } - - if ($null -eq $instance) - { - Write-Verbose -Message "Could not find MobileApp by DisplayName {$DisplayName}." - return $nullResult - } - } - - $results = @{ - Id = $instance.Id - DisplayName = $instance.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - return [System.Collections.Hashtable] $results - } - catch - { - Write-Verbose -Message $_ - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return $nullResult - } -} - -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentInstance = Get-TargetResource @PSBoundParameters - - $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $setParameters.remove('Id') | Out-Null - $setParameters.remove('Ensure') | Out-Null - - # CREATE - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') - { - New-MgBetaDeviceAppManagementMobileApp @SetParameters - } - # UPDATE - elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') - { - Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id @SetParameters - } - # REMOVE - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Remove-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -Confirm:$false - } -} - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - - $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - - Write-Verbose -Message "Test-TargetResource returned $testResult" - - return $testResult -} - -function Export-TargetResource -{ - [CmdletBinding()] - [OutputType([System.String])] - param - ( - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - try - { - $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileApp -ErrorAction Stop - - $i = 1 - $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) - { - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - else - { - Write-Host "`r`n" -NoNewline - } - foreach ($config in $Script:exportedInstances) - { - $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline - $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - - $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - return $dscContent - } - catch - { - Write-Host $Global:M365DSCEmojiRedX - - New-M365DSCLogEntry -Message 'Error during Export:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return '' - } -} - -Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof deleted file mode 100644 index 28add1ac2a..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/MSFT_IntuneMobileAppsIOSLobApp.schema.mof +++ /dev/null @@ -1,15 +0,0 @@ -[ClassVersion("1.0.0.0"), FriendlyName("IntuneMobileAppsIOSLobApp")] -class MSFT_IntuneMobileAppsIOSLobApp : OMI_BaseResource -{ - [Key, Description("The name of the app category.")] String DisplayName; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - - [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; - [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; - [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; - [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; - [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md deleted file mode 100644 index b41aeb8da9..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# IntuneMobileAppsIOSLobApp - -## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json deleted file mode 100644 index e09fcf3ab7..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsIOSLobApp/settings.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "resourceName": "IntuneMobileAppsIOSLobApp", - "description": "Configures a resource for navigation property for Intune mobile app categories.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - } - } - } -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 deleted file mode 100644 index e5e0c6b7da..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.psm1 +++ /dev/null @@ -1,408 +0,0 @@ -function Get-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - try - { - $instance = $null - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} - } - - if ($null -eq $instance) - { - $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id -ErrorAction Stop - - if ($null -eq $instance) - { - Write-Verbose -Message "Could not find MobileApp by Id {$Id}." - - if (-Not [string]::IsNullOrEmpty($DisplayName)) - { - $instance = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue - } - } - - if ($null -eq $instance) - { - Write-Verbose -Message "Could not find MobileApp by DisplayName {$DisplayName}." - return $nullResult - } - } - - $results = @{ - Id = $instance.Id - DisplayName = $instance.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - return [System.Collections.Hashtable] $results - } - catch - { - Write-Verbose -Message $_ - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return $nullResult - } -} - -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentInstance = Get-TargetResource @PSBoundParameters - - $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $setParameters.remove('Id') | Out-Null - $setParameters.remove('Ensure') | Out-Null - - # CREATE - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') - { - New-MgBetaDeviceAppManagementMobileApp @SetParameters - } - # UPDATE - elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') - { - Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id @SetParameters - } - # REMOVE - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Remove-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -Confirm:$false - } -} - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - #region Intune params - - [Parameter()] - [System.String] - $Id, - - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - #endregion Intune params - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - - $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - - Write-Verbose -Message "Test-TargetResource returned $testResult" - - return $testResult -} - -function Export-TargetResource -{ - [CmdletBinding()] - [OutputType([System.String])] - param - ( - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - try - { - $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileApp -ErrorAction Stop - - $i = 1 - $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) - { - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - else - { - Write-Host "`r`n" -NoNewline - } - foreach ($config in $Script:exportedInstances) - { - $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline - $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - - $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - return $dscContent - } - catch - { - Write-Host $Global:M365DSCEmojiRedX - - New-M365DSCLogEntry -Message 'Error during Export:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return '' - } -} - -Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof deleted file mode 100644 index f0d45d3874..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/MSFT_IntuneMobileAppsWin32LobApp.schema.mof +++ /dev/null @@ -1,15 +0,0 @@ -[ClassVersion("1.0.0.0"), FriendlyName("IntuneMobileAppsWin32LobApp")] -class MSFT_IntuneMobileAppsWin32LobApp : OMI_BaseResource -{ - [Key, Description("The name of the app.")] String DisplayName; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - - [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; - [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; - [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; - [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; - [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md deleted file mode 100644 index 4485083c7e..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# IntuneMobileAppsWin32LobApp - -## Description - -Configures a resource for navigation property for Intune mobile app. Default app cannot be renamed. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json deleted file mode 100644 index 3845518060..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWin32LobApp/settings.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "resourceName": "IntuneMobileAppsWin32LobApp", - "description": "Configures a resource for navigation property for Intune mobile app.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - } - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 deleted file mode 100644 index 07f1840e08..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 +++ /dev/null @@ -1,31 +0,0 @@ -<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> -Configuration Example { - param( - [Parameter()] - [System.String] $ApplicationId, - - [Parameter()] - [System.String] $TenantId, - - [Parameter()] - [System.String] $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost { - IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" - DisplayName = "Custom Data Management" - Ensure = "Present" - HelpUrl = "https://www.microsoft.com" - Issuer = "DISA Purebred" - NotificationType = "Email" - ThresholdPercentage = 0 - Header = @( - [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } - [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } - ) - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 deleted file mode 100644 index 07f1840e08..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 +++ /dev/null @@ -1,31 +0,0 @@ -<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> -Configuration Example { - param( - [Parameter()] - [System.String] $ApplicationId, - - [Parameter()] - [System.String] $TenantId, - - [Parameter()] - [System.String] $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost { - IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" - DisplayName = "Custom Data Management" - Ensure = "Present" - HelpUrl = "https://www.microsoft.com" - Issuer = "DISA Purebred" - NotificationType = "Email" - ThresholdPercentage = 0 - Header = @( - [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } - [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } - ) - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 deleted file mode 100644 index a6c927219e..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> -Configuration Example { - param( - [Parameter()] - [System.String] $ApplicationId, - - [Parameter()] - [System.String] $TenantId, - - [Parameter()] - [System.String] $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost { - IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606" - DisplayName = "Custom Data Management" - Ensure = "Present" - HelpUrl = "https://www.microsoft.com" - Issuer = "DISA Purebred" - NotificationType = "Email" - ThresholdPercentage = 0 - Header = @( - [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' } - [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' } - ) - } - } -} - diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 deleted file mode 100644 index 6d10550d7e..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/1-Create.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsAndroidLobApp "IntuneMobileAppsAndroidLobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Present"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 deleted file mode 100644 index a7d50d91bb..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/2-Update.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsAndroidLobApp "IntuneMobileAppsAndroidLobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management updated"; - Ensure = "Present"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 deleted file mode 100644 index f9f09c6d16..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsAndroidLobApp/3-Remove.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsAndroidLobApp "IntuneMobileAppsAndroidLobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Absent"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 deleted file mode 100644 index af89f735c1..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/1-Create.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsIOSLobApp "IntuneMobileAppsIOSLobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Present"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 deleted file mode 100644 index 15243d392f..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/2-Update.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsIOSLobApp "IntuneMobileAppsIOSLobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management updated"; - Ensure = "Present"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 deleted file mode 100644 index c480aed510..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsIOSLobApp/3-Remove.ps1 +++ /dev/null @@ -1,32 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsIOSLobApp "IntuneMobileAppsIOSLobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Absent"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 deleted file mode 100644 index 3c39a8f5d3..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/1-Create.ps1 +++ /dev/null @@ -1,29 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [System.String] - $DisplayName - - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsWin32LobApp "IntuneMobileAppsWin32LobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Present"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 deleted file mode 100644 index 232b82854e..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/2-Update.ps1 +++ /dev/null @@ -1,29 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [System.String] - $DisplayName - - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsWin32LobApp "IntuneMobileAppsWin32LobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management updated"; - Ensure = "Present"; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 deleted file mode 100644 index 07a910e21b..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsWin32LobApp/3-Remove.ps1 +++ /dev/null @@ -1,28 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [System.String] - $DisplayName - ) - - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - IntuneMobileAppsWin32LobApp "IntuneMobileAppsWin32LobApp-Data Management" - { - Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; - DisplayName = "Custom Data Management"; - Ensure = "Absent"; - } - } -} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 deleted file mode 100644 index 1df65bd189..0000000000 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 +++ /dev/null @@ -1,197 +0,0 @@ -[CmdletBinding()] -param( -) -$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve -$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) -$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) -Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` - -Resolve) - -$CurrentScriptPath = $PSCommandPath.Split('\') -$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] -$ResourceName = $CurrentScriptName.Split('.')[1] -$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource $ResourceName -GenericStubModule $GenericStubPath - -Describe -Name $Global:DscHelper.DescribeHeader -Fixture { - InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { - Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - - $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) - - Mock -CommandName Confirm-M365DSCDependencies -MockWith { - } - - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" - } - - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { - } - - Mock -CommandName Get-MgBetaDeviceManagementDerivedCredentialy -MockWith { - } - Mock -CommandName New-MgBetaDeviceManagementDerivedCredential -MockWith { - } - Mock -CommandName Update-MgBetaDeviceManagementDerivedCredential -MockWith { - } - Mock -CommandName Remove-MgBetaDeviceManagementDerivedCredential -MockWith { - } - $Script:exportedInstances =$null - $Script:ExportMode = $false - } - # Test contexts - Context -Name "The instance should exist but it DOES NOT" -Fixture { - BeforeAll { - $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header - } - - Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { - return $null - } - } - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should create a new instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName New-MgBetaDeviceManagementDerivedCredential -Exactly 1 - } - } - - Context -Name "The instance exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header - } - - Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { - return @{ - - } - } - } - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should remove the instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDeviceManagementDerivedCredential -Exactly 1 - } - } - - Context -Name "The instance exists and values are already in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header - } - - Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { - return @{ - - } - } - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $true - } - } - - Context -Name "The instance exists and values are NOT in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $HelpUrl - Issuer = $Issuer - NotificationType = $NotificationType - ThresholdPercentage = $ThresholdPercentage - Header = $Header - } - - Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { - return @{ - - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceManagementDerivedCredential -Exactly 1 - } - } - - Context -Name 'ReverseDSC Tests' -Fixture { - BeforeAll { - $Global:CurrentModeIsExport = $true - $Global:PartialExportFileName = "$(New-Guid).partial.ps1" - $testParams = @{ - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { - return @{ - - } - } - } - It 'Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams - $result | Should -Not -BeNullOrEmpty - } - } - } -} - -Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 deleted file mode 100644 index a3503a7a3d..0000000000 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppWin32LOBApp.Tests.ps1 +++ /dev/null @@ -1,189 +0,0 @@ -[CmdletBinding()] -param( -) -$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve -$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) -$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) -Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` - -Resolve) - -$CurrentScriptPath = $PSCommandPath.Split('\') -$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] -$ResourceName = $CurrentScriptName.Split('.')[1] -$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource $ResourceName -GenericStubModule $GenericStubPath - -Describe -Name $Global:DscHelper.DescribeHeader -Fixture { - InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { - Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - - $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) - - Mock -CommandName Confirm-M365DSCDependencies -MockWith { - } - - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" - } - - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName New-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName Update-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName Remove-MgBetaDeviceAppManagementMobileApp -MockWith { - } - - $Script:exportedInstances =$null - $Script:ExportMode = $false - } - - #Test contexts - - Context -Name '1. The instance should exist but it DOES NOT' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return $null - } - } - - It '1.1 Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - It '1.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It '1.3 Should create a new instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '2. The instance exists but it SHOULD NOT' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Absent' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - } - } - } - - It '2.1 Should return values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - It '2.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It '2.3 Should remove the instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '3. The instance exists and values are already in the desired state' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - } - } - } - - It '3.0 Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $true - } - } - - Context -Name '4. The instance exists and values are NOT in the desired state' -Fixture { - BeforeAll { - $testParams = @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management" - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management 1" #drift - } - } - } - - It '4.1 Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It '4.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It '4.3 Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '5. ReverseDSC Tests' -Fixture { - BeforeAll { - $Global:CurrentModeIsExport = $true - $Global:PartialExportFileName = "$(New-Guid).partial.ps1" - $testParams = @{ - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management" - } - } - } - - It '5.1 Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams - $result | Should -Not -BeNullOrEmpty - } - } - } -} - -Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 deleted file mode 100644 index a3503a7a3d..0000000000 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsAndroidLobApp.Tests.ps1 +++ /dev/null @@ -1,189 +0,0 @@ -[CmdletBinding()] -param( -) -$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve -$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) -$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) -Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` - -Resolve) - -$CurrentScriptPath = $PSCommandPath.Split('\') -$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] -$ResourceName = $CurrentScriptName.Split('.')[1] -$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource $ResourceName -GenericStubModule $GenericStubPath - -Describe -Name $Global:DscHelper.DescribeHeader -Fixture { - InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { - Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - - $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) - - Mock -CommandName Confirm-M365DSCDependencies -MockWith { - } - - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" - } - - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName New-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName Update-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName Remove-MgBetaDeviceAppManagementMobileApp -MockWith { - } - - $Script:exportedInstances =$null - $Script:ExportMode = $false - } - - #Test contexts - - Context -Name '1. The instance should exist but it DOES NOT' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return $null - } - } - - It '1.1 Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - It '1.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It '1.3 Should create a new instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '2. The instance exists but it SHOULD NOT' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Absent' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - } - } - } - - It '2.1 Should return values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - It '2.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It '2.3 Should remove the instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '3. The instance exists and values are already in the desired state' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - } - } - } - - It '3.0 Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $true - } - } - - Context -Name '4. The instance exists and values are NOT in the desired state' -Fixture { - BeforeAll { - $testParams = @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management" - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management 1" #drift - } - } - } - - It '4.1 Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It '4.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It '4.3 Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '5. ReverseDSC Tests' -Fixture { - BeforeAll { - $Global:CurrentModeIsExport = $true - $Global:PartialExportFileName = "$(New-Guid).partial.ps1" - $testParams = @{ - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management" - } - } - } - - It '5.1 Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams - $result | Should -Not -BeNullOrEmpty - } - } - } -} - -Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 deleted file mode 100644 index a3503a7a3d..0000000000 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsIOSLobApp.Tests.ps1 +++ /dev/null @@ -1,189 +0,0 @@ -[CmdletBinding()] -param( -) -$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve -$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) -$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) -Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` - -Resolve) - -$CurrentScriptPath = $PSCommandPath.Split('\') -$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] -$ResourceName = $CurrentScriptName.Split('.')[1] -$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource $ResourceName -GenericStubModule $GenericStubPath - -Describe -Name $Global:DscHelper.DescribeHeader -Fixture { - InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { - Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - - $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) - - Mock -CommandName Confirm-M365DSCDependencies -MockWith { - } - - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" - } - - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName New-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName Update-MgBetaDeviceAppManagementMobileApp -MockWith { - } - Mock -CommandName Remove-MgBetaDeviceAppManagementMobileApp -MockWith { - } - - $Script:exportedInstances =$null - $Script:ExportMode = $false - } - - #Test contexts - - Context -Name '1. The instance should exist but it DOES NOT' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return $null - } - } - - It '1.1 Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - It '1.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It '1.3 Should create a new instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '2. The instance exists but it SHOULD NOT' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Absent' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - } - } - } - - It '2.1 Should return values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - It '2.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It '2.3 Should remove the instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '3. The instance exists and values are already in the desired state' -Fixture { - BeforeAll { - $testParams = @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' - DisplayName = 'Data Management' - } - } - } - - It '3.0 Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $true - } - } - - Context -Name '4. The instance exists and values are NOT in the desired state' -Fixture { - BeforeAll { - $testParams = @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management" - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management 1" #drift - } - } - } - - It '4.1 Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It '4.2 Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It '4.3 Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileApp -Exactly 1 - } - } - - Context -Name '5. ReverseDSC Tests' -Fixture { - BeforeAll { - $Global:CurrentModeIsExport = $true - $Global:PartialExportFileName = "$(New-Guid).partial.ps1" - $testParams = @{ - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" - DisplayName = "Data Management" - } - } - } - - It '5.1 Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams - $result | Should -Not -BeNullOrEmpty - } - } - } -} - -Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From e92e22c1c74f2658013718db7da79696639f66c0 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Wed, 9 Oct 2024 17:49:21 -0700 Subject: [PATCH 14/19] Fixed UTs. --- .../MSFT_IntuneDerivedCredential.psm1 | 1 + Tests/Unit/Stubs/Microsoft365.psm1 | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 index 4c004cfee1..af4ecd222e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -239,6 +239,7 @@ function Set-TargetResource { { New-MgBetaDeviceManagementDerivedCredential @SetParameters } + # UPDATE is not supported API, it always creates a new Derived Credential instance # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index d3fdd470e7..9679364d43 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -19348,7 +19348,7 @@ function Get-MgBetaDeviceManagementGroupPolicyConfigurationAssignment ) } -New-MgBetaDeviceManagementDerivedCredential { +function New-MgBetaDeviceManagementDerivedCredential { [CmdletBinding()] param ( @@ -19376,7 +19376,7 @@ New-MgBetaDeviceManagementDerivedCredential { ) } -Get-MgBetaDeviceManagementDerivedCredential { +function Get-MgBetaDeviceManagementDerivedCredential { [CmdletBinding()] param ( [Parameter()] @@ -19403,7 +19403,7 @@ Get-MgBetaDeviceManagementDerivedCredential { ) } -Remove-MgBetaDeviceManagementDerivedCredential +function Remove-MgBetaDeviceManagementDerivedCredential { [CmdletBinding()] param( From ad22aa691e5487c651adcd8bc4ddeea8418eebe8 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Wed, 9 Oct 2024 18:24:47 -0700 Subject: [PATCH 15/19] Fixed param names in UT stubs. --- .../Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 | 7 ++----- Tests/Unit/Stubs/Microsoft365.psm1 | 6 +++--- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 index 479cb308f4..1d23b82ab7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 @@ -45,6 +45,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Remove-MgBetaDeviceManagementDerivedCredential -MockWith { } + $Script:exportedInstances =$null $Script:ExportMode = $false } @@ -82,7 +83,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name " 2. The instance exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' + Ensure = 'Absent' DisplayName = "K5"; HelpUrl = "http://www.ff.com/"; Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; @@ -175,10 +176,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } # Update is not allowed on DerivedCredential resource so it should be called 0 times. - It ' 4.3 Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceManagementDerivedCredential -Exactly 0 - } } Context -Name ' 5. ReverseDSC Tests' -Fixture { diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 9679364d43..f13aae42ff 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -19381,7 +19381,7 @@ function Get-MgBetaDeviceManagementDerivedCredential { param ( [Parameter()] [System.String] - $Id, + $DeviceManagementDerivedCredentialSettingsId, [Parameter()] [System.String] @@ -19409,7 +19409,7 @@ function Remove-MgBetaDeviceManagementDerivedCredential param( [Parameter()] [System.String] - $DerivedCredentialId, + $DeviceManagementDerivedCredentialSettingsId, [Parameter()] [System.Boolean] @@ -19422,7 +19422,7 @@ function New-MgBetaDeviceAppManagementMobileApp { param ( [Parameter()] [System.String] - $Id, + $DeviceManagementDerivedCredentialSettingsId, [Parameter()] [System.String] From 95d2c93f01cb74271063fdbf41fc9a77cb4a842c Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 11 Oct 2024 11:56:14 -0700 Subject: [PATCH 16/19] no message --- .../MSFT_IntuneMobileAppsMacOSLobApp.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 index f0e7cd245e..4267b4c264 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 @@ -44,7 +44,7 @@ function Get-TargetResource [Parameter()] [System.String] - $Notes, + $Notes, klkdslakd [Parameter()] [System.String] From 1f3d95fa74de897140d24601bf5918f651093304 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 11 Oct 2024 11:58:51 -0700 Subject: [PATCH 17/19] fixed UTs. --- .../MSFT_IntuneMobileAppsMacOSLobApp.psm1 | 2 +- .../Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 | 2 +- .../Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 index 4267b4c264..f0e7cd245e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 @@ -44,7 +44,7 @@ function Get-TargetResource [Parameter()] [System.String] - $Notes, klkdslakd + $Notes, [Parameter()] [System.String] diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 index 1901c61b5e..41a30afc06 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 @@ -41,7 +41,7 @@ Configuration Example Assignments = @( MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' - source = 'direct' + source = 'dataType' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 index 88dcec1ff8..67bca9bd7f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 @@ -42,7 +42,7 @@ Configuration Example Assignments = @( MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' - source = 'direct' + source = 'dataType' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' From b84ca9e5e7b5a6f57ddf5927817764bcba78a9ef Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 11 Oct 2024 12:43:49 -0700 Subject: [PATCH 18/19] examples fixed for macos lob app. --- .../Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 index 67bca9bd7f..f7746f29b1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 @@ -42,7 +42,6 @@ Configuration Example Assignments = @( MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' - source = 'dataType' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' From 360c82b29cf5ba386956cccca29019a26ee22ed6 Mon Sep 17 00:00:00 2001 From: Kajalp1079 Date: Fri, 11 Oct 2024 12:55:03 -0700 Subject: [PATCH 19/19] fixed create example. --- .../Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 index 41a30afc06..f19c52da7d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 @@ -41,7 +41,6 @@ Configuration Example Assignments = @( MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' - source = 'dataType' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required'