Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds two new Security and Compliance Resources for Supervisory Reviews #125

Merged
merged 13 commits into from
Jun 26, 2019
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@

/Modules/Office365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/ @nikcharlebois
/Modules/Office365DSC/DSCResources/MSFT_SCRetentionComplianceRule/ @nikcharlebois
/Modules/Office365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/ @nikcharlebois
/Modules/Office365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/ @nikcharlebois

/Modules/Office365DSC/DSCResources/MSFT_SPOAccessControlSettings/ @thorstenloeschmann
/Modules/Office365DSC/DSCResources/MSFT_SPOApp/ @nikcharlebois
Expand Down
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,7 @@
* Initial Release
* SCRetentionComplianceRule
* Initial Release
* SCSupervisoryReviewPolicy
* Initial Release
* SCSupervisoryReviewRule
* Initial Release
Original file line number Diff line number Diff line change
@@ -0,0 +1,193 @@
function Get-TargetResource
{
[CmdletBinding()]
[OutputType([System.Collections.Hashtable])]
param
(
[Parameter(Mandatory = $true)]
[ValidateLength(1,64)]
[System.String]
$Name,

[Parameter()]
[System.String]
$Comment,

[Parameter(Mandatory = $true)]
[System.String[]]
$Reviewers,

[Parameter()]
[ValidateSet('Present', 'Absent')]
[System.String]
$Ensure = 'Present',

[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$GlobalAdminAccount
)

Write-Verbose -Message "Getting configuration of SupervisoryReviewPolicy for $Name"

Write-Verbose -Message "Calling Test-SecurityAndComplianceConnection function:"
Test-SecurityAndComplianceConnection -GlobalAdminAccount $GlobalAdminAccount

$PolicyObjects = Get-SupervisoryReviewPolicyV2
$PolicyObject = $PolicyObjects | Where-Object {$_.Name -eq $Name}

if ($null -eq $PolicyObject)
{
Write-Verbose -Message "SupervisoryReviewPolicy $($Name) does not exist."
$result = $PSBoundParameters
$result.Ensure = 'Absent'
return $result
}
else
{
Write-Verbose "Found existing SupervisoryReviewPolicy $($Name)"
$result = @{
Name = $PolicyObject.Name
Comment = $PolicyObject.Comment
Reviewers = $PolicyObject.Reviewers
Ensure = 'Present'
GlobalAdminAccount = $GlobalAdminAccount
}

Write-Verbose -Message "Found SupervisoryReviewPolicy $($Name)"
Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-O365DscHashtableToString -Hashtable $result)"
return $result
}
}

function Set-TargetResource
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[ValidateLength(1,64)]
[System.String]
$Name,

[Parameter()]
[System.String]
$Comment,

[Parameter(Mandatory = $true)]
[System.String[]]
$Reviewers,

[Parameter()]
[ValidateSet('Present', 'Absent')]
[System.String]
$Ensure = 'Present',

[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$GlobalAdminAccount
)

Write-Verbose -Message "Setting configuration of SupervisoryReviewPolicy for $Name"

Test-SecurityAndComplianceConnection -GlobalAdminAccount $GlobalAdminAccount
$CurrentPolicy = Get-TargetResource @PSBoundParameters

if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure))
{
$CreationParams = $PSBoundParameters
$CreationParams.Remove("GlobalAdminAccount")
$CreationParams.Remove("Ensure")
New-SupervisoryReviewPolicyV2 @CreationParams
}
elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure))
{
$CreationParams = $PSBoundParameters
$CreationParams.Remove("GlobalAdminAccount")
$CreationParams.Remove("Ensure")
$CreationParams.Remove("Name")
$CreationParams.Add("Identity", $Name)
Set-SupervisoryReviewPolicyV2 @CreationParams
}
elseif (('Absent' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure))
{
# If the Policy exists and it shouldn't, simply remove it;
Remove-SupervisoryReviewPolicyV2 -Identity $Name
}
}

function Test-TargetResource
{
[CmdletBinding()]
[OutputType([System.Boolean])]
param
(
[Parameter(Mandatory = $true)]
[ValidateLength(1,64)]
[System.String]
$Name,

[Parameter()]
[System.String]
$Comment,

[Parameter(Mandatory = $true)]
[System.String[]]
$Reviewers,

[Parameter()]
[ValidateSet('Present', 'Absent')]
[System.String]
$Ensure = 'Present',

[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$GlobalAdminAccount
)

Write-Verbose -Message "Testing configuration of SupervisoryReviewPolicy for $Name"

$CurrentValues = Get-TargetResource @PSBoundParameters
Write-Verbose -Message "Target Values: $(Convert-O365DscHashtableToString -Hashtable $PSBoundParameters)"

$ValuesToCheck = $PSBoundParameters
$ValuesToCheck.Remove('GlobalAdminAccount') | Out-Null

$TestResult = Test-Office365DSCParameterState -CurrentValues $CurrentValues `
-DesiredValues $PSBoundParameters `
-ValuesToCheck $ValuesToCheck.Keys

Write-Verbose -Message "Test-TargetResource returned $TestResult"

return $TestResult
}

function Export-TargetResource
{
[CmdletBinding()]
[OutputType([System.String])]
param
(
[Parameter(Mandatory = $true)]
[ValidateLength(1,64)]
[System.String]
$Name,

[Parameter(Mandatory = $true)]
[System.String[]]
$Reviewers,

[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$GlobalAdminAccount
)
$result = Get-TargetResource @PSBoundParameters
$result.GlobalAdminAccount = Resolve-Credentials -UserName "globaladmin"
$content = " SCSupervisoryReviewPolicy " + (New-GUID).ToString() + "`r`n"
$content += " {`r`n"
$currentDSCBlock = Get-DSCBlock -Params $result -ModulePath $PSScriptRoot
$content += Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "GlobalAdminAccount"
$content += " }`r`n"
return $content
}

Export-ModuleMember -Function *-TargetResource
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
[ClassVersion("1.0.0.0"), FriendlyName("SCSupervisoryReviewPolicy")]
class MSFT_SCSupervisoryReviewPolicy : OMI_BaseResource
{
[Key, Description("The Name parameter specifies the unique name for the supervisory review policy. The name can't exceed 64 characters. If the value contains spaces, enclose the value in quotation marks.")] String Name;
NikCharlebois marked this conversation as resolved.
Show resolved Hide resolved
[Write, Description("The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.")] String Comment;
[Required, Description("The Reviewers parameter specifies the SMTP addresses of the reviewers for the supervisory review policy. You can specify multiple email addresses separated by commas.")] String Reviewers[];
[Write, Description("Specify if this rule should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
[Required, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] String GlobalAdminAccount;
};
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# SCSupervisoryReviewPolicy

## Description

This resource configures a Supervision Policy in Security and Compliance.
Loading