Merge pull request #5329 from NikCharlebois/AzureSubscription-Updates

AzureSubscription - Updates
microsoft · Nov 4, 2024 · 5fb1aa1 · 5fb1aa1
2 parents 99947f3 + 55f327d
commit 5fb1aa1
Show file tree

Hide file tree

Showing 6 changed files with 239 additions and 96 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -73,6 +73,8 @@
   * Initial release.
 * AzureDiagnosticSettingsCustomSecurityAttribute
   * Initial release.
+* AzureSubscription
+  * Renamed parameters and added logic flow to create new subscriptions.
 * AzureVerifiedIdFaceCheck
   * Initial release.
 * EXOArcConfig

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1
@@ -6,15 +6,19 @@ function Get-TargetResource
     (
         [Parameter(Mandatory = $true)]
         [System.String]
-        $Name,
+        $DisplayName,
 
         [Parameter()]
         [System.String]
         $Id,
 
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $InvoiceSectionId,
+
         [Parameter()]
-        [System.Boolean]
-        $Enabled,
+        [System.String]
+        $Status,
 
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
@@ -69,22 +73,28 @@ function Get-TargetResource
         {
             if (-not [System.String]::IsNullOrEmpty($Id))
             {
-                $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id}
+                $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Id}
             }
             elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($Name))
             {
-                $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name}
+                $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName -and `
+                                                                                    $_.properties.invoiceSectionId -eq $InvoiceSectionId}
             }
         }
         else
         {
             if (-not [System.String]::IsNullOrEmpty($Id))
             {
-                $instance = Get-AzSubscription -SubscriptionId $Id
+                $uri = "https://management.azure.com$($InvoiceSectionId)/billingSubscriptions/$($Id)?api-version=2024-04-01"
+                $response = Invoke-AzRest -Uri $uri -Method Get
+                $instance = (ConvertFrom-Json $response.Content).value
             }
-            elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($Name))
+            elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($DisplayName))
             {
-                $instance = Get-AzSubscription -SubscriptionName $Name
+                $uri = "https://management.azure.com$($InvoiceSectionId)/billingSubscriptions?api-version=2024-04-01"
+                $response = Invoke-AzRest -Uri $uri -Method Get
+                $instances = (ConvertFrom-Json $response.Content).value
+                $instance = $instances | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName}
             }
         }
         if ($null -eq $instance)
@@ -93,9 +103,10 @@ function Get-TargetResource
         }
 
         $results = @{
-            Name                  = $instance.Name
-            Id                    = $instance.Id
-            Enabled               = $instance.Enabled
+            DisplayName           = $instance.properties.displayName
+            Id                    = $instance.name
+            InvoiceSectionId      = $instance.properties.invoiceSectionId
+            Status                = $instance.properties.status
             Ensure                = 'Present'
             Credential            = $Credential
             ApplicationId         = $ApplicationId
@@ -126,15 +137,19 @@ function Set-TargetResource
     (
         [Parameter(Mandatory = $true)]
         [System.String]
-        $Name,
+        $DisplayName,
 
         [Parameter()]
         [System.String]
         $Id,
 
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $InvoiceSectionId,
+
         [Parameter()]
-        [System.Boolean]
-        $Enabled,
+        [System.String]
+        $Status,
 
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
@@ -183,17 +198,30 @@ function Set-TargetResource
     # CREATE
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
-        throw "This resource cannot create new Azure subscriptions."
+        $uri = "https://management.azure.com/providers/Microsoft.Subscription/aliases/$((New-GUID).ToString())?api-version=2021-10-01"
+        $params = @{
+            properties = @{
+                billingScope = $InvoiceSectionId
+                DisplayName  = $DisplayName
+                Workload     = "Production"
+            }
+        }
+        $payload = ConvertTo-Json $params -Depth 10 -Compress
+        Write-Verbose -Message "Creating new subscription {$DisplayName} with payload:`r`n$payload"
+        $response = Invoke-AzRest -Uri $uri -Method PUT -Payload $payload
+        Write-Verbose -Message "Result: $($response.Content)"
     }
     # UPDATE
     elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
     {
-        if ($Enabled)
+        if ($Status -eq 'Active')
         {
+            Write-Verbose -Message "Enabling subscription {$Name}"
             Enable-AzSubscription -Id $currentInstance.Id | Out-Null
         }
         elseif (-not $Enabled)
         {
+            Write-Verbose -Message "Disabling subscription {$Name}"
             Disable-AzSubscription -Id $currentInstance.Id | Out-Null
         }
     }
@@ -212,15 +240,19 @@ function Test-TargetResource
     (
         [Parameter(Mandatory = $true)]
         [System.String]
-        $Name,
+        $DisplayName,
 
         [Parameter()]
         [System.String]
         $Id,
 
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $InvoiceSectionId,
+
         [Parameter()]
-        [System.Boolean]
-        $Enabled,
+        [System.String]
+        $Status,
 
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
@@ -315,8 +347,7 @@ function Export-TargetResource
         $AccessTokens
     )
 
-    ##TODO - Replace workload
-    $ConnectionMode = New-M365DSCConnection -Workload 'Workload' `
+    $ConnectionMode = New-M365DSCConnection -Workload 'Azure' `
         -InboundParameters $PSBoundParameters
 
     #Ensure the proper dependencies are installed in the current environment.
@@ -334,47 +365,70 @@ function Export-TargetResource
     try
     {
         $Script:ExportMode = $true
-        [array] $Script:exportedInstances = Get-AzSubscription -ErrorAction Stop
 
-        $i = 1
-        $dscContent = ''
-        if ($Script:exportedInstances.Length -eq 0)
-        {
-            Write-Host $Global:M365DSCEmojiGreenCheckMark
-        }
-        else
-        {
-            Write-Host "`r`n" -NoNewline
-        }
-        foreach ($config in $Script:exportedInstances)
+        $uri = 'https://management.azure.com/providers/Microsoft.Billing/billingaccounts/?api-version=2020-05-01'
+        $response = Invoke-AzRest -Uri $uri -Method Get
+        $billingAccounts = (ConvertFrom-Json $response.Content).value
+
+        foreach ($billingAccount in $billingAccounts)
         {
-            $displayedKey = $config.Name
-            Write-Host "    |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline
-            $params = @{
-                Name                  = $config.Name
-                Id                    = $config.Id
-                Credential            = $Credential
-                ApplicationId         = $ApplicationId
-                TenantId              = $TenantId
-                CertificateThumbprint = $CertificateThumbprint
-                ManagedIdentity       = $ManagedIdentity.IsPresent
-                AccessTokens          = $AccessTokens
-            }
+            $uri = "https://management.azure.com/providers/Microsoft.Billing/billingaccounts/$($billingAccount.Name)/billingprofiles/?api-version=2020-05-01"
+            $response = Invoke-AzRest -Uri $uri -Method Get
+            $billingProfiles = (ConvertFrom-Json $response.Content).value
 
-            $Results = Get-TargetResource @Params
-            $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
-                -Results $Results
-
-            $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
-                -ConnectionMode $ConnectionMode `
-                -ModulePath $PSScriptRoot `
-                -Results $Results `
-                -Credential $Credential
-            $dscContent += $currentDSCBlock
-            Save-M365DSCPartialExport -Content $currentDSCBlock `
-                -FileName $Global:PartialExportFileName
-            $i++
-            Write-Host $Global:M365DSCEmojiGreenCheckMark
+            foreach ($profile in $billingProfiles)
+            {
+                $uri = "https://management.azure.com/providers/Microsoft.Billing/billingAccounts/$($billingAccount.name)/billingProfiles/$($profile.name)/billingSubscriptions?api-version=2024-04-01"
+                $response = Invoke-AzRest -Uri $uri -Method Get
+                $subscriptions = (ConvertFrom-Json $response.Content).value
+                [array] $Script:exportedInstances += $subscriptions
+
+                $i = 1
+                $dscContent = ''
+                if ($Script:exportedInstances.Length -eq 0)
+                {
+                    Write-Host $Global:M365DSCEmojiGreenCheckMark
+                }
+                else
+                {
+                    Write-Host "`r`n" -NoNewline
+                }
+                foreach ($config in $subscriptions)
+                {
+                    if ($null -ne $Global:M365DSCExportResourceInstancesCount)
+                    {
+                        $Global:M365DSCExportResourceInstancesCount++
+                    }
+                    $displayedKey = $config.properties.displayName
+                    Write-Host "    |---[$i/$($subscriptions.Count)] $displayedKey" -NoNewline
+                    $params = @{
+                        DisplayName           = $config.properties.displayName
+                        Id                    = $config.Name
+                        InvoiceSectionId      = $config.properties.invoiceSectionId
+                        Credential            = $Credential
+                        ApplicationId         = $ApplicationId
+                        TenantId              = $TenantId
+                        CertificateThumbprint = $CertificateThumbprint
+                        ManagedIdentity       = $ManagedIdentity.IsPresent
+                        AccessTokens          = $AccessTokens
+                    }
+
+                    $Results = Get-TargetResource @Params
+                    $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
+                        -Results $Results
+
+                    $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
+                        -ConnectionMode $ConnectionMode `
+                        -ModulePath $PSScriptRoot `
+                        -Results $Results `
+                        -Credential $Credential
+                    $dscContent += $currentDSCBlock
+                    Save-M365DSCPartialExport -Content $currentDSCBlock `
+                        -FileName $Global:PartialExportFileName
+                    $i++
+                    Write-Host $Global:M365DSCEmojiGreenCheckMark
+                }
+            }
         }
         return $dscContent
     }

diff --git a/...les/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.schema.mof b/...les/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.schema.mof
@@ -1,9 +1,10 @@
 [ClassVersion("1.0.0.0"), FriendlyName("AzureSubscription")]
 class MSFT_AzureSubscription : OMI_BaseResource
 {
-    [Key, Description("The display name of the subscription.")] String Name;
+    [Key, Description("The display name of the subscription.")] String DisplayName;
     [Write, Description("The unique identifier of the subscription.")] String Id;
-    [Write, Description("Enables or disables the subscription")] Boolean Enabled;
+    [Write, Description("The unique identifier of the invoice section associated with the subscription.")] String InvoiceSectionId;
+    [Write, Description("Status of the subscription.")] String Status;
     [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure;
     [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

diff --git a/Modules/Microsoft365DSC/Examples/Resources/AzureSubscription/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AzureSubscription/1-Create.ps1
@@ -0,0 +1,35 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+    node localhost
+    {
+        AzureSubscription "AzureSubscription-MySubscription"
+        {
+            ApplicationId         = $ApplicationId;
+            CertificateThumbprint = $CertificateThumbprint;
+            DisplayName           = "My Subscription";
+            Ensure                = "Present";
+            InvoiceSectionId      = "/providers/Microsoft.Billing/billingAccounts/0b32abd9-f0e6-4fc9-8b2f-404350313179:0b32abd9-f0e6-4fc9-8b2f-404350313179_2019-05-31/billingProfiles/OHZY-JSSA-BG7-M77W-XXX/invoiceSections/E6RO-KYS7-P2D-MAOR-SGB";
+            Status                = "Active";
+            TenantId              = $TenantId;
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/AzureSubscription/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AzureSubscription/2-Update.ps1
@@ -21,14 +21,15 @@ Configuration Example
     Import-DscResource -ModuleName Microsoft365DSC
     node localhost
     {
-        AzureSubscription 'TestSubscription'
+        AzureSubscription "AzureSubscription-MySubscription"
         {
-            Name                  = 'MyTestSubscription'
-            Id                    = 'd620d94d-916d-4dd9-9de5-179292873e20'
-            Enabled               = $true
-            ApplicationId         = $ApplicationId
-            TenantId              = $TenantId
-            CertificateThumbprint = $CertificateThumbprint
+            ApplicationId         = $ApplicationId;
+            CertificateThumbprint = $CertificateThumbprint;
+            DisplayName           = "My Subscription";
+            Ensure                = "Present";
+            InvoiceSectionId      = "/providers/Microsoft.Billing/billingAccounts/0b32abd9-f0e6-4fc9-8b2f-404350313179:0b32abd9-f0e6-4fc9-8b2f-404350313179_2019-05-31/billingProfiles/OHZY-JSSA-BG7-M77W-XXX/invoiceSections/E6RO-KYS7-P2D-MAOR-SGB";
+            Status                = "Disabled"; #Drift
+            TenantId              = $TenantId;
         }
     }
 }