demisto · rshunim · Oct 1, 2023 · Sep 11, 2023 · Sep 12, 2023 · Sep 13, 2023
diff --git a/...ftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.py b/...ftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.py
@@ -82,6 +82,44 @@ def get_service_principals(
                 results.extend(res.get('value'))
             return results
 
+    def get_single_service_principal(
+            self,
+            service_id: str
+    ):
+        """
+
+        Arguments:
+            service_id: object id or application id of the service.
+
+        Returns:
+            Retrieve the properties and relationships of a servicePrincipal object.
+
+        Docs:
+            https://learn.microsoft.com/en-us/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http
+        """
+        suffix = f'v1.0/servicePrincipals{service_id}'
+        return self.ms_client.http_request(method='GET', url_suffix=suffix)
+
+    def update_single_service_principal(
+            self,
+            service_id: str,
+            data: dict
+    ):
+        """
+
+        Arguments:
+            service_id: object id or application id of the service.
+            data: Fields to update.
+
+        Returns:
+            Update the properties of servicePrincipal object.
+
+        Docs:
+            https://learn.microsoft.com/en-us/graph/api/serviceprincipal-update?view=graph-rest-1.0&tabs=http
+        """
+        suffix = f'v1.0/servicePrincipals{service_id}'
+        return self.ms_client.http_request(method='PATCH', url_suffix=suffix, json_data=data, return_empty_response=True)
+
     def delete_service_principals(
             self,
             service_id: str
@@ -100,9 +138,48 @@ def delete_service_principals(
         Docs:
             https://docs.microsoft.com/en-us/graph/api/serviceprincipal-delete?view=graph-rest-1.0&tabs=http
         """
-        self.ms_client.http_request(
-            'DELETE', f'v1.0/servicePrincipals/{service_id}', return_empty_response=True
-        )
+        self.ms_client.http_request(method='DELETE', url_suffix=f'v1.0/servicePrincipals{service_id}', return_empty_response=True)
+
+    def add_password_application(
+            self,
+            service_id: str,
+            data: dict
+    ):
+        """
+
+        Arguments:
+            service_id: object id or application id of the service.
+            data: the body request.
+
+        Returns:
+            Adds a strong password or secret to an application.
+
+        Docs:
+            https://learn.microsoft.com/en-us/graph/api/application-addpassword?view=graph-rest-1.0&tabs=http
+        """
+        suffix = f'v1.0/applications{service_id}/addPassword'
+        json_data = {"passwordCredential": data}
+        return self.ms_client.http_request(method='POST', url_suffix=suffix, json_data=json_data)
+
+    def remove_password_application(
+            self,
+            service_id: str,
+            data: dict
+    ):
+        """
+
+        Arguments:
+            service_id: object id or application id of the service.
+            data: the body request.
+
+        Returns:
+            Remove a password from an application.
+
+        Docs:
+            https://learn.microsoft.com/en-us/graph/api/application-removepassword?view=graph-rest-1.0&tabs=http
+        """
+        suffix = f'v1.0/applications{service_id}/removePassword'
+        return self.ms_client.http_request(method='POST', url_suffix=suffix, json_data=data, return_empty_response=True)
 
 
 ''' COMMAND FUNCTIONS '''
@@ -152,6 +229,134 @@ def list_service_principals_command(ms_client: Client, args: dict) -> CommandRes
     )
 
 
+def validate_service_principal_input(args: dict) -> tuple:
+    """
+    Ensure at least one argument is given.
+
+    Args:
+        args: The arguments were passed with the command.
+
+    Returns:
+        If the two arguments are missing, raise an exception, otherwise return one of them.
+    """
+    object_id = args.get('id')
+    app_client_id = args.get('app_id')
+    if not (object_id or app_client_id):
+        raise DemistoException("User must provide one of (object) id or application id.")
+
+    # if both are provided, pass the object_id
+    if object_id:
+        return f"/{object_id}", object_id
+    return f"(appId='{app_client_id}')", app_client_id
+
+
+def get_service_principal_command(ms_client: Client, args: dict) -> CommandResults:
+    """
+
+    Args:
+        ms_client: The Client
+        args: demisto.args()
+
+    Returns:
+        Results to post in demisto
+    """
+    id_for_request, service_id = validate_service_principal_input(args=args)
+    results = ms_client.get_single_service_principal(id_for_request)
+    return CommandResults(
+        'MSGraphApplication',
+        'id',
+        outputs=results,
+        readable_output=tableToMarkdown(
+            'Available service (application):',
+            results,
+            headers=['id', 'appId', 'appDisplayName', 'accountEnabled', 'deletedDateTime'],
+            removeNull=True
+        )
+    )
+
+
+def update_service_principal_command(ms_client: Client, args: dict) -> CommandResults:
+    """
+    Update the properties of servicePrincipal object.
+    Args:
+        ms_client: The Client
+        args: demisto.args()
+
+    Returns:
+        an informative message.
+    """
+    id_for_request, service_id = validate_service_principal_input(args=args)
+    data = {}
+
+    if account_enabled := args.get("account_enabled"):
+        data["accountEnabled"] = argToBoolean(account_enabled)
+
+    # Dict
+    if add_ins := args.get("add_ins"):
+        data["addIns"] = add_ins
+
+    # String collection
+    if alternative_names := args.get("alternative_names"):
+        data["alternativeNames"] = alternative_names
+
+    if app_role_assignment_required := args.get("app_role_assignment_required"):
+        data["appRoleAssignmentRequired"] = argToBoolean(app_role_assignment_required)
+
+    # Dict collection
+    if app_roles := args.get("app_roles"):
+        data["appRoles"] = app_roles
+
+    # Dict
+    if custom_security_attributes := args.get("custom_security_attributes"):
+        data["customSecurityAttributes"] = custom_security_attributes
+
+    # String
+    if display_name := args.get("display_name"):
+        data["displayName"] = display_name
+
+    # String
+    if home_page := args.get("home_page"):
+        data["homepage"] = home_page
+
+    # Dict collection
+    if key_credentials := args.get("key_credentials"):
+        data["keyCredentials"] = key_credentials
+
+    # String
+    if logout_url := args.get("logout_url"):
+        data["logoutUrl"] = logout_url
+
+    # Dict collection
+    if oauth2_permission_scopes := args.get("oauth2_permission_scopes"):
+        data["oauth2PermissionScopes"] = oauth2_permission_scopes
+
+    # String
+    if preferred_single_sign_on_mode := args.get("preferred_single_sign_on_mode"):
+        data["preferredSingleSignOnMode"] = preferred_single_sign_on_mode
+
+    # String collection
+    if reply_urls := args.get("reply_urls"):
+        data["replyUrls"] = reply_urls
+
+    # String collection
+    if service_principal_names := args.get("service_principal_names"):
+        data["servicePrincipalNames"] = service_principal_names
+
+    # String collection
+    if tags := args.get("tags"):
+        data["tags"] = tags
+
+    # String
+    if token_encryption_key_id := args.get("token_encryption_key_id"):
+        data["tokenEncryptionKeyId"] = token_encryption_key_id
+
+    ms_client.update_single_service_principal(id_for_request, data=data)
+
+    return CommandResults(
+        readable_output=f'Service {service_id} was updated successfully.'
+    )
+
+
 def remove_service_principals_command(ms_client: Client, args: dict) -> CommandResults:
     """Remove an authorized app.
 
@@ -162,10 +367,64 @@ def remove_service_principals_command(ms_client: Client, args: dict) -> CommandR
     Returns:
         Results to post in demisto
     """
-    app_id = str(args.get('id'))
-    ms_client.delete_service_principals(app_id)
+    id_for_request, service_id = validate_service_principal_input(args=args)
+    ms_client.delete_service_principals(id_for_request)
+    return CommandResults(
+        readable_output=f'Service {service_id} was deleted.'
+    )
+
+
+def add_password_application_command(ms_client: Client, args: dict) -> CommandResults:
+    """
+    Adds a strong password or secret to an application.
+
+    Arguments:
+        ms_client: The Client
+        args: demisto.args()
+
+    Returns:
+        Results to post in demisto
+    """
+    id_for_request, service_id = validate_service_principal_input(args=args)
+
+    data = {}
+
+    if display_name := args.get("display_name"):
+        data["displayName"] = display_name
+    if end_date_time := args.get("end_date_time"):
+        data["endDateTime"] = end_date_time
+    if start_date_time := args.get("start_date_time"):
+        data["startDateTime"] = start_date_time
+
+    results = ms_client.add_password_application(id_for_request, data=data)
+
+    return CommandResults(
+        'MSGraphApplication',
+        'id',
+        outputs=results,
+        readable_output=f'A password was added to application {service_id} successfully.'
+    )
+
+
+def remove_password_application_command(ms_client: Client, args: dict) -> CommandResults:
+    """
+    Remove a password from an application.
+
+    Arguments:
+        ms_client: The Client
+        args: demisto.args()
+
+    Returns:
+        Results to post in demisto
+    """
+    id_for_request, service_id = validate_service_principal_input(args=args)
+
+    data = {"keyId": args["key_id"]}
+
+    ms_client.remove_password_application(id_for_request, data=data)
+
     return CommandResults(
-        readable_output=f'Service {app_id} was deleted.'
+        readable_output=f'The password of the unique identifier {args["key_id"]} was removed successfully.'
     )
 
 
@@ -227,6 +486,14 @@ def main():
             return_results(list_service_principals_command(client, args))
         elif command == 'msgraph-apps-service-principal-remove':
             return_results(remove_service_principals_command(client, args))
+        elif command == 'msgraph-apps-service-principal-get':
+            return_results(get_service_principal_command(client, args))
+        elif command == 'msgraph-apps-service-principal-update':
+            return_results(update_service_principal_command(client, args))
+        elif command == 'msgraph-apps-application-password-add':
+            return_results(add_password_application_command(client, args))
+        elif command == 'msgraph-apps-application-password-remove':
+            return_results(remove_password_application_command(client, args))
         else:
             raise NotImplementedError(f"Command '{command}' not found.")