From 268e4b984dfb1029b738fe2b3f1a9de89aa798c1 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 16:39:55 +0200 Subject: [PATCH 1/8] feat/AADActivityBasedTimeoutPolicy initial version --- .../MSFT_AADActivityBasedTimeoutPolicy.psm1 | 541 ++++++++++++++++++ ...T_AADActivityBasedTimeoutPolicy.schema.mof | 16 + .../readme.md | 6 + .../settings.json | 39 ++ ...-AADActivityBasedTimeoutPolicy-Example.ps1 | 27 + ...SC.AADActivityBasedTimeoutPolicy.Tests.ps1 | 212 +++++++ Tests/Unit/Stubs/Microsoft365.psm1 | 310 ++++++++++ 7 files changed, 1151 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 new file mode 100644 index 0000000000..5571838a5a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 @@ -0,0 +1,541 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $AzurePortalTimeOut, + + [Parameter()] + [System.String] + $DefaultTimeOut, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaPolicyActivityBasedTimeoutPolicy -ErrorAction SilentlyContinue + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Azure AD Activity Based Timeout Policy with Id {$Id} and DisplayName {$DisplayName} was found." + + #Azure portal timeout + $timeout = $getValue.Definition | ConvertFrom-Json + $AzurePortalTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object{$_.ApplicationId -match "c44b4083-3bb0-49c1-b47d-974e53cbdf3c"}).WebSessionIdleTimeout + $DefaultTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object{$_.ApplicationId -match "default"}).WebSessionIdleTimeout + + $results = @{ + #region resource generator code + DisplayName = $getValue.displayName + Id = $getValue.Id + AzurePortalTimeOut = $AzurePortalTimeOut + DefaultTimeOut = $DefaultTimeOut + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $AzurePortalTimeOut, + + [Parameter()] + [System.String] + $DefaultTimeOut, + + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $AzurePortalTimeOutexist = $false + $DefaultTimeOutexistst = $false + if($BoundParameters.ContainsKey('AzurePortalTimeOut') ` + -and $null -ne $BoundParameters.AzurePortalTimeOut ` + -and $BoundParameters.AzurePortalTimeOut -ne '' ` + -and $BoundParameters.AzurePortalTimeOut -ne $nullString) + { + $AzurePortalTimeOutexist = $true + } + if($BoundParameters.ContainsKey('DefaultTimeOut') ` + -and $null -ne $BoundParameters.DefaultTimeOut ` + -and $BoundParameters.DefaultTimeOut -ne '' ` + -and $BoundParameters.DefaultTimeOut -ne $nullString) + { + $DefaultTimeOutexistst = $true + } + $ApplicationPolicies = @() + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" + if($AzurePortalTimeOutexist) + { + $ApplicationPolicies += @{ + ApplicationId = "c44b4083-3bb0-49c1-b47d-974e53cbdf3c" + WebSessionIdleTimeout = "$AzurePortalTimeOut" + } + } + if($DefaultTimeOutexistst) + { + $ApplicationPolicies += @{ + ApplicationId = "default" + WebSessionIdleTimeout = "$DefaultTimeOut" + } + } + if($null -eq $ApplicationPolicies) + { + throw "At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified" + } + elseif($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) { + $policy = @{ + ActivityBasedTimeoutPolicy = @{ + Version = 1 + ApplicationPolicies = @( + $ApplicationPolicies + ) + } + } + + $json = $policy | ConvertTo-Json -Depth 10 -Compress + $params = @{ + definition = @( + "$json" + ) + displayName = "displayName-value" + isOrganizationDefault = $true + } + + New-MgBetaPolicyActivityBasedTimeoutPolicy -BodyParameter $params + } + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Creating an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" + if($AzurePortalTimeOutexist) + { + $ApplicationPolicies += @{ + ApplicationId = "c44b4083-3bb0-49c1-b47d-974e53cbdf3c" + WebSessionIdleTimeout = "$AzurePortalTimeOut" + } + } + if($DefaultTimeOutexistst) + { + $ApplicationPolicies += @{ + ApplicationId = "default" + WebSessionIdleTimeout = "$DefaultTimeOut" + } + } + if($null -eq $ApplicationPolicies) + { + throw "At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified" + } + elseif($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) { + $policy = @{ + ActivityBasedTimeoutPolicy = @{ + Version = 1 + ApplicationPolicies = @( + $ApplicationPolicies + ) + } + } + + $json = $policy | ConvertTo-Json -Depth 10 -Compress + $params = @{ + definition = @( + "$json" + ) + displayName = "displayName-value" + isOrganizationDefault = $true + } + + Update-MgBetaPolicyActivityBasedTimeoutPolicy -ActivityBasedTimeoutPolicyId $currentInstance.Id -BodyParameter $params + } + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Azure AD Activity Based Timeout Policy with Id {$($currentInstance.Id)}" + Remove-MgBetaPolicyActivityBasedTimeoutPolicy -ActivityBasedTimeoutPolicyId $currentInstance.Id + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $AzurePortalTimeOut, + + [Parameter()] + [System.String] + $DefaultTimeOut, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Azure AD Activity Based Timeout Policy with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.remove('Id') | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaPolicyActivityBasedTimeoutPolicy ` + -All ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + DisplayName = $config.displayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof new file mode 100644 index 0000000000..01e7dcc4ab --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof @@ -0,0 +1,16 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("AADActivityBasedTimeoutPolicy")] +class MSFT_AADActivityBasedTimeoutPolicy : OMI_BaseResource +{ + [Key, Description("Display name for this policy. Required.")] String DisplayName; + [Write, Description("Id of the policy")] String Id; + [Write, Description("Timeout value in hh:mm:ss for c44b4083-3bb0-49c1-b47d-974e53cbdf3c: applies the policy to the Azure portal.")] String AzurePortalTimeOut; + [Write, Description("Timeout value in hh:mm:ss for default: applies the policy to all applications that support activity-based timeout functionality but don't have application-specific override.")] String DefaultTimeOut; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md new file mode 100644 index 0000000000..74739e571e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md @@ -0,0 +1,6 @@ + +# AADActivityBasedTimeoutPolicy + +## Description + +This resource configure the Azure AD Activity Based Timeout Policy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json new file mode 100644 index 0000000000..4bd33000cd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -0,0 +1,39 @@ +{ + "resourceName": "AADActivityBasedTimeoutPolicy", + "description": "This resource configures an Azure AD Activity Based Timeout Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 new file mode 100644 index 0000000000..1d915a10b4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 @@ -0,0 +1,27 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADActivityBasedTimeoutPolicy "AADActivityBasedTimeoutPolicy-displayName-value" + { + AzurePortalTimeOut = "02:00:00"; + DefaultTimeOut = "03:00:00"; + DisplayName = "displayName-value"; + Ensure = "Present"; + Id = "000000-0000-0000-0000-000000000000"; + Credential = $Credscredential + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 new file mode 100644 index 0000000000..89d50cb140 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 @@ -0,0 +1,212 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "AADActivityBasedTimeoutPolicy" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + } + + Mock -CommandName New-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + } + + Mock -CommandName Remove-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The AADActivityBasedTimeoutPolicy should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaPolicyActivityBasedTimeoutPolicy -Exactly 1 + } + } + + Context -Name "The AADActivityBasedTimeoutPolicy exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaPolicyActivityBasedTimeoutPolicy -Exactly 1 + } + } + Context -Name "The AADActivityBasedTimeoutPolicy Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "04:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "04:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The AADActivityBasedTimeoutPolicy exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaPolicyActivityBasedTimeoutPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 6068acbb24..916999eb2b 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -81493,3 +81493,313 @@ function Update-MgBetaDeviceAppManagementMobileApp } #endregion +#region MgBetaPolicyActivityBasedTimeoutPolicy +function Get-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $AppliesTo, + + [Parameter()] + [System.String[]] + $Definition, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $AppliesTo, + + [Parameter()] + [System.String[]] + $Definition, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion From 554d776f2b5cc53233c81ad734b09a82a1dbbead Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 16:42:03 +0200 Subject: [PATCH 2/8] Add Changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 764b863c49..7414aae638 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change log for Microsoft365DSC +# UNRELEASED +* AADActivityBasedTimeoutPolicy + * Initial release, set the azure portal and default Timeout. + # 1.24.424.1 * EXORecipientPermission From e0c244f38a403c11c4b5fae409ca1d57772d41ea Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 16:58:05 +0200 Subject: [PATCH 3/8] fix needed permission --- .../settings.json | 69 +++++++++---------- 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index 4bd33000cd..db47b59c8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -1,39 +1,38 @@ { "resourceName": "AADActivityBasedTimeoutPolicy", "description": "This resource configures an Azure AD Activity Based Timeout Policy.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Policy.Read.All" - }, - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - }, - "application": { - "read": [ - { - "name": "Policy.Read.All" - }, - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + } + } + } } From ef77d073fa4310061924608c6c3b40102f02edf8 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 08:45:32 +0200 Subject: [PATCH 4/8] wip --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index db47b59c8a..a28a838240 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ] } From fdd9400e8e156b5e9197c38176bb7ad5823f1711 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 09:18:27 +0200 Subject: [PATCH 5/8] fix permission due to test errors --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index a28a838240..4d2c4b7297 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ] } From 313619782d8fdbde019bd9c0b812212f069a244a Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 09:35:53 +0200 Subject: [PATCH 6/8] Fix permission due to errors in tests --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index 4d2c4b7297..db47b59c8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ] } From 0b40607153e646a53c9d304c15d2fe455395416e Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 09:48:42 +0200 Subject: [PATCH 7/8] wip --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index db47b59c8a..c64ae12524 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ] } From 5bb0576faba46f5e341f754ce8d54a10e417db3e Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Mon, 29 Apr 2024 14:00:10 +0200 Subject: [PATCH 8/8] add entry in changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 558889d8ad..ef9e2ae99f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182. * MISC * Added support for Access Tokens across AAD resources. + * Fixing fake passwords in Unit Tests. # 1.24.424.1