Merge pull request #3836 from William-Francillette/fix3448

PR: AADEntitlementManagementAccessPackageAssignmentPolicy - Fixes 3448
microsoft · Oct 26, 2023 · 1565a24 · 1565a24
2 parents b9507fe + 1b09404
commit 1565a24
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 # 1.23.1025.1
 
+* AADEntitlementManagementAccessPackageAssignmentPolicy
+  * Fixes an issue where reviewers were not properly exported
+* M365DSCDRGUTIL
+  * Fixes an issue with Get-M365DSCDRGComplexTypeToHashtable where Beta cmdlet were not recognized for recursive calls
+  FIXES [#3448](https://github.com/microsoft/Microsoft365DSC/issues/3448)
 * AADApplication
   * Changes to how permissions drifts are logged.
     FIXES [#3830](https://github.com/microsoft/Microsoft365DSC/issues/3830)

diff --git a/...ssPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/...ssPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1
@@ -126,7 +126,7 @@ function Get-TargetResource
         Write-Verbose -Message "Found access package assignment policy with id {$($getValue.Id)} and DisplayName {$DisplayName}"
 
         #region Format AccessReviewSettings
-        $formattedAccessReviewSettings = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.AccessReviewSettings
+        $formattedAccessReviewSettings = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.AccessReviewSettings -Verbose
         if($null -ne $formattedAccessReviewSettings)
         {
             $formattedAccessReviewSettings.remove('additionalProperties') | Out-Null
@@ -139,6 +139,7 @@ function Get-TargetResource
                 if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id))
                 {
                     $user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue
+
                     if ($null -ne $user)
                     {
                         $setting.add('Id', $user.UserPrincipalName)
@@ -148,7 +149,7 @@ function Get-TargetResource
                 {
                     $setting.add('ManagerLevel', $setting.AdditionalProperties.managerLevel)
                 }
-                $setting.remove('additionalProperties') | Out-Null
+                $setting.remove('AdditionalProperties') | Out-Null
             }
         }
         #endregion
@@ -170,7 +171,11 @@ function Get-TargetResource
                         $setting.add('odataType', $setting.AdditionalProperties.'@odata.type')
                         if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id))
                         {
-                            $setting.add('Id', $setting.AdditionalProperties.id)
+                            $user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue
+                            if ($null -ne $user)
+                            {
+                                $setting.add('Id', $user.UserPrincipalName)
+                            }
                         }
                         if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.managerLevel))
                         {
@@ -187,7 +192,11 @@ function Get-TargetResource
                         $setting.add('odataType', $setting.AdditionalProperties.'@odata.type')
                         if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id))
                         {
-                            $setting.add('Id', $setting.AdditionalProperties.id)
+                            $user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue
+                            if ($null -ne $user)
+                            {
+                                $setting.add('Id', $user.UserPrincipalName)
+                            }
                         }
                         if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.managerLevel))
                         {
@@ -462,6 +471,36 @@ function Set-TargetResource
                 }
             }
         }
+        if ( $null -ne $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers)
+        {
+            for ($i = 0; $i -lt $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers.Length; $i++)
+            {
+                $primaryApprover = $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i]
+                if ($null -ne $primaryApprover.id)
+                {
+                    $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($primaryApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
+                    if ($null -ne $user)
+                    {
+                        $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i].Id = $user.Id
+                    }
+                }
+            }
+        }
+        if ( $null -ne $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers)
+        {
+            for ($i = 0; $i -lt $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers.Length; $i++)
+            {
+                $escalationApprover = $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i]
+                if ($null -ne $escalationApprover.id)
+                {
+                    $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($escalationApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
+                    if ($null -ne $user)
+                    {
+                        $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i].Id = $user.Id
+                    }
+                }
+            }
+        }
         if ($null -ne $CreateParameters.RequestorSettings -and $null -ne $CreateParameters.RequestorSettings.AllowedRequestors)
         {
             for ($i = 0; $i -lt $CreateParameters.RequestorSettings.AllowedRequestors.Length; $i++)
@@ -527,6 +566,36 @@ function Set-TargetResource
                 }
             }
         }
+        if ($null -ne $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers)
+        {
+            for ($i = 0; $i -lt $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers.Length; $i++)
+            {
+                $primaryApprover = $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i]
+                if ($null -ne $primaryApprover.id)
+                {
+                    $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($primaryApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
+                    if ($null -ne $user)
+                    {
+                        $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i].Id = $user.Id
+                    }
+                }
+            }
+        }
+        if ($null -ne $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers)
+        {
+            for ($i = 0; $i -lt $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers.Length; $i++)
+            {
+                $escalationApprover = $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i]
+                if ($null -ne $escalationApprover.id)
+                {
+                    $user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($escalationApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
+                    if ($null -ne $user)
+                    {
+                        $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i].Id = $user.Id
+                    }
+                }
+            }
+        }
         if ($null -ne $UpdateParameters.RequestorSettings -and $null -ne $UpdateParameters.RequestorSettings.AllowedRequestors)
         {
             #Write-Verbose -Message "Updating Requestors' Id"
@@ -810,7 +879,17 @@ function Export-TargetResource
 
             if ($null -ne $Results.AccessReviewSettings)
             {
-                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.AccessReviewSettings -CIMInstanceName MicrosoftGraphassignmentreviewsettings
+                $complexMapping = @(
+                    @{
+                        Name            = 'Reviewers'
+                        CimInstanceName = 'MicrosoftGraphuserset'
+                        IsRequired      = $false
+                    }
+                )
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                                                -ComplexObject $Results.AccessReviewSettings `
+                                                -CIMInstanceName MicrosoftGraphassignmentreviewsettings `
+                                                -ComplexTypeMapping $complexMapping
                 if ($complexTypeStringResult)
                 {
                     $Results.AccessReviewSettings = $complexTypeStringResult
@@ -939,7 +1018,7 @@ function Export-TargetResource
             if ($null -ne $Results.AccessReviewSettings)
             {
                 $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AccessReviewSettings'
-                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Reviewers'
+                #$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Reviewers'
             }
             if ($null -ne $Results.Questions )
             {

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
@@ -134,21 +134,21 @@ function Get-M365DSCDRGComplexTypeToHashtable
         return , [hashtable[]]$results
     }
 
+
     if ($ComplexObject.getType().fullname -like '*Dictionary*')
     {
         $results = @{}
 
         $ComplexObject = [hashtable]::new($ComplexObject)
         $keys = $ComplexObject.Keys
+
         foreach ($key in $keys)
         {
             if ($null -ne $ComplexObject.$key)
             {
                 $keyName = $key
-
                 $keyType = $ComplexObject.$key.gettype().fullname
-
-                if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]')
+                if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like 'Microsoft.Graph.Beta.PowerShell.Models.*' -or $keyType -like '*[[\]]')
                 {
                     $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key
 
@@ -185,7 +185,7 @@ function Get-M365DSCDRGComplexTypeToHashtable
         if ($null -ne $ComplexObject.$keyName)
         {
             $keyType = $ComplexObject.$keyName.gettype().fullname
-            if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*')
+            if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.*PowerShell.Models.*')
             {
                 $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName