Skip to content

Commit

Permalink
Merge pull request #4169 from NikCharlebois/AAD-Integration-Tests-fixes
Browse files Browse the repository at this point in the history 
Integration Tests Fixes
  • Loading branch information
@NikCharlebois
NikCharlebois authored Jan 16, 2024
2 parents 4ba5590 + 00d0cca commit 8fc0bd8
Show file tree
Hide file tree
Showing 15 changed files with 39 additions and 195 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

# UNRELEASED

* AADAdministrativeUnit
* Used generic Graph API URL from MSCloudLoginConnectionProfile.
* AADApplication
* Ignore Permissions in tests if not passed. Preventing null comparison errors.
* AADAttributeSet
* Removed the ability to specify a value of Absent for the Ensure property.
* AADAUthenticationMethodPolicy
* Removed the ability to specify a value of Absent for the Ensure property.
* DEPENDENCIES
* Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178.
* Updated MSCloudLoginAssistant to version 1.1.5.
Expand Down
20 changes: 13 additions & 7 deletions ...s/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,8 @@ function Get-TargetResource
foreach ($auMember in $auMembers)
{
$member = @{}
$memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auMember.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)"
$memberObject = Invoke-MgGraphRequest -Uri $url
if ($memberObject.'@odata.type' -match 'user')
{
$member.Add('Identity', $memberObject.UserPrincipalName)
Expand Down Expand Up @@ -239,7 +240,8 @@ function Get-TargetResource
}
}
Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}"
$memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
$memberObject = Invoke-MgGraphRequest -Uri $url
Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}"
if (($memberObject.'@odata.type') -match 'user')
{
Expand Down Expand Up @@ -564,7 +566,8 @@ function Set-TargetResource
{
Write-Verbose -Message "Adding new dynamic member {$($member.Id)}"
$memberBodyParam = @{
'@odata.id' = "https://graph.microsoft.com/v1.0/$($member.Type)/$($member.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$($member.Type)/$($member.Id)"
'@odata.id' = $url
}

New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId $policy.Id -BodyParameter $memberBodyParam
Expand Down Expand Up @@ -661,7 +664,8 @@ function Set-TargetResource
Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}"

$memberBodyParam = @{
'@odata.id' = "https://graph.microsoft.com/v1.0/$memberType/$($memberObject.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$memberType/$($memberObject.Id)"
'@odata.id' = $url
}
New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId ($currentInstance.Id) -BodyParameter $memberBodyParam | Out-Null
}
Expand Down Expand Up @@ -789,9 +793,11 @@ function Set-TargetResource
elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing AU {$DisplayName}"
#region resource generator code
Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id
#endregion
# Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1
# https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null
#Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id
}
}

Expand Down
2 changes: 1 addition & 1 deletion Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -767,7 +767,7 @@ function Test-TargetResource

$CurrentValues = Get-TargetResource @PSBoundParameters

if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name)
if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and $Permissions.Name.Length -gt 0)
{
$permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject ($Permissions.Name)
$driftedParams = @{}
Expand Down
11 changes: 3 additions & 8 deletions Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ function Get-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down Expand Up @@ -127,7 +127,7 @@ function Set-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down Expand Up @@ -182,11 +182,6 @@ function Set-TargetResource
$BoundParameters.Remove('Id') | Out-Null
Update-MgBetaDirectoryAttributeSet @BoundParameters | Out-Null
}
elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing the Attribute Set with Id {$($currentInstance.Id)}"
Remove-MgBetaDirectoryAttributeSet -AttributeSetId $Id | Out-Null
}
}

function Test-TargetResource
Expand All @@ -210,7 +205,7 @@ function Test-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down
2 changes: 1 addition & 1 deletion Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ class MSFT_AADAttributeSet : OMI_BaseResource
[Key, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Id;
[Write, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Description;
[Write, Description("Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later.")] UInt32 MaxAttributesPerSet;
[Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
[Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure;
[Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
[Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
Expand Down
7 changes: 5 additions & 2 deletions Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,8 +151,11 @@ function Get-TargetResource
if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid))
{
$appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'"
$AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" `
-Expand 'AppRoleAssignedTo'
if ($appInstance)
{
$AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" `
-Expand 'AppRoleAssignedTo'
}
}
else
{
Expand Down
28 changes: 0 additions & 28 deletions Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1
View file

This file was deleted.

2 changes: 1 addition & 1 deletion ...es/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Configuration Example
DisplayName = "My Context";
Ensure = "Present";
Id = "c3";
IsAvailable = $True;
IsAvailable = $False; # Updated Property
}
}
}
2 changes: 1 addition & 1 deletion ...rosoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Configuration Example
{
AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog'
{
DisplayName = 'General'
DisplayName = 'My Catalog'
Ensure = 'Absent'
Credential = $Credscredential
}
Expand Down
4 changes: 2 additions & 2 deletions Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ Configuration Example
{
AADServicePrincipal 'AADServicePrincipal'
{
AppId = "<AppID GUID>"
DisplayName = "AADAppName"
AppId = "AppDisplayName"
DisplayName = "AppDisplayName"
Ensure = "Absent"
Credential = $Credscredential
}
Expand Down
1 change: 1 addition & 0 deletions Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Configuration Example
AADUser 'ConfigureJohnSMith'
{
UserPrincipalName = "John.Smith@$Domain"
DisplayName = "John J. Smith"
Ensure = "Absent"
Credential = $Credscredential
}
Expand Down
2 changes: 1 addition & 1 deletion Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {

It 'Should Remove the AU from the Set method' {
Set-TargetResource @testParams
Should -Invoke -CommandName Remove-MgBetaDirectoryAdministrativeUnit -Exactly 1
Should -Invoke -CommandName Invoke-MgGraphRequest -Exactly 1
}
}
Context -Name 'The AU Exists and Values are already in the desired state' -Fixture {
Expand Down
33 changes: 1 addition & 32 deletions Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,38 +64,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
}
}

Context -Name "The instance exists but it SHOULD NOT" -Fixture {
BeforeAll {
$testParams = @{
Description = "This is my super context test";
MaxAttributesPerSet = 420;
Ensure = "Absent";
Id = "c3";
Credential = $Credential;
}

Mock -CommandName Get-MgBetaDirectoryAttributeSet -MockWith {
return @{
Description = "This is my super context test";
MaxAttributesPerSet = 420;
Id = "c3";
}
}
}

It 'Should return Values from the Get method' {
(Get-TargetResource @testParams).Ensure | Should -Be 'Present'
}

It 'Should return true from the Test method' {
Test-TargetResource @testParams | Should -Be $false
}

It 'Should Remove the group from the Set method' {
Set-TargetResource @testParams
Should -Invoke -CommandName Remove-MgBetaDirectoryAttributeSet -Exactly 1
}
}

Context -Name "The instance exists and values are already in the desired state" -Fixture {
BeforeAll {
$testParams = @{
Expand Down
110 changes: 0 additions & 110 deletions Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,116 +101,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
}
}

Context -Name "The AADAuthenticationMethodPolicy exists but it SHOULD NOT" -Fixture {
BeforeAll {
$testParams = @{
Description = "FakeStringValue"
DisplayName = "FakeStringValue"
Id = "FakeStringValue"
PolicyMigrationState = "preMigration"
PolicyVersion = "FakeStringValue"
ReconfirmationInDays = 25
RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{
AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{
IncludeTargets = [CimInstance[]]@(
(New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{
Id = "FakeStringValue"
TargetType = "user"
TargetedAuthenticationMethod = "FakeStringValue"
} -ClientOnly)
)
State = "default"
SnoozeDurationInDays = 25
ExcludeTargets = [CimInstance[]]@(
(New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{
TargetType = "user"
Id = "FakeStringValue"
} -ClientOnly)
)
} -ClientOnly)
} -ClientOnly)
SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{
State = "default"
IncludeTargets = [CimInstance[]]@(
(New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{
TargetType = "user"
Id = "FakeStringValue"
} -ClientOnly)
)
ExcludeTargets = [CimInstance[]]@(
(New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{
TargetType = "user"
Id = "FakeStringValue"
} -ClientOnly)
)
} -ClientOnly)
Ensure = 'Absent'
Credential = $Credential;
}

Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith {
return @{
AdditionalProperties = @{
'@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy"
}
Description = "FakeStringValue"
DisplayName = "FakeStringValue"
Id = "FakeStringValue"
PolicyMigrationState = "preMigration"
PolicyVersion = "FakeStringValue"
ReconfirmationInDays = 25
RegistrationEnforcement = @{
AuthenticationMethodsRegistrationCampaign = @{
IncludeTargets = @(
@{
Id = "FakeStringValue"
TargetType = "user"
TargetedAuthenticationMethod = "FakeStringValue"
}
)
State = "default"
SnoozeDurationInDays = 25
ExcludeTargets = @(
@{
TargetType = "user"
Id = "FakeStringValue"
}
)
}
}
SystemCredentialPreferences = @{
State = "default"
IncludeTargets = @(
@{
TargetType = "user"
Id = "FakeStringValue"
}
)
ExcludeTargets = @(
@{
TargetType = "user"
Id = "FakeStringValue"
}
)
}

}
}
}

It 'Should return Values from the Get method' {
(Get-TargetResource @testParams).Ensure | Should -Be 'Present'
}

It 'Should return true from the Test method' {
Test-TargetResource @testParams | Should -Be $false
}

It 'Should Remove the group from the Set method' {
Set-TargetResource @testParams
Should -Invoke -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicy -Exactly 1
}
}
Context -Name "The AADAuthenticationMethodPolicy Exists and Values are already in the desired state" -Fixture {
BeforeAll {
$testParams = @{
Expand Down
2 changes: 1 addition & 1 deletion Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
}

It 'Should return Present from the Get method' {
(Get-TargetResource @testParams -Verbose).Ensure | Should -Be 'Present'
(Get-TargetResource @testParams).Ensure | Should -Be 'Present'
}

It 'Should return false from the Test method' {
Expand Down

0 comments on commit 8fc0bd8

Please sign in to comment.