From da4b8c69005b0116cc2d164e7b4f678c32156f63 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Fri, 27 Sep 2024 13:10:50 +0530 Subject: [PATCH] added customization --- .../Get-EntraAuthorizationPolicy.ps1 | 50 ++++++++++++ .../Get-EntraAuthorizationPolicy.ps1 | 79 ------------------- .../Get-EntraAuthorizationPolicy.md | 42 ++++++---- .../Get-EntraAuthorizationPolicy.Tests.ps1 | 21 ++++- 4 files changed, 92 insertions(+), 100 deletions(-) create mode 100644 module/Entra/AdditionalFunctions/Get-EntraAuthorizationPolicy.ps1 delete mode 100644 module/Entra/customizations/Get-EntraAuthorizationPolicy.ps1 diff --git a/module/Entra/AdditionalFunctions/Get-EntraAuthorizationPolicy.ps1 b/module/Entra/AdditionalFunctions/Get-EntraAuthorizationPolicy.ps1 new file mode 100644 index 000000000..90b12fe0e --- /dev/null +++ b/module/Entra/AdditionalFunctions/Get-EntraAuthorizationPolicy.ps1 @@ -0,0 +1,50 @@ +function Get-EntraAuthorizationPolicy { + [CmdletBinding(DefaultParameterSetName = '')] + param ( + [Parameter(Mandatory = $false, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] + [System.String] $Id, + [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] + [System.String[]] $Property + ) + + PROCESS { + $params = @{} + $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand + $params["Uri"] = "https://graph.microsoft.com/v1.0/policies/authorizationPolicy?" + $params["Method"] = "GET" + + if($null -ne $PSBoundParameters["Id"]) + { + $Id = $Id.Substring(0, 1).ToLower() + $Id.Substring(1) + $Filter = "Id eq '$Id'" + $f = '$' + 'Filter' + $params["Uri"] += "&$f=$Filter" + } + if($null -ne $PSBoundParameters["Property"]) + { + $selectProperties = $PSBoundParameters["Property"] + $selectProperties = $selectProperties -Join ',' + $properties = "`$select=$($selectProperties)" + $params["Uri"] += "&$properties" + } + + Write-Debug("============================ TRANSFORMATIONS ============================") + $params.Keys | ForEach-Object {"$_ : $($params[$_])" } | Write-Debug + Write-Debug("=========================================================================`n") + + $response = Invoke-GraphRequest @params -Headers $customHeaders | ConvertTo-Json | ConvertFrom-Json + if($response){ + $policyList = @() + foreach ($data in $response) { + $policyType = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphAuthorizationPolicy + $data.PSObject.Properties | ForEach-Object { + $propertyName = $_.Name + $propertyValue = $_.Value + $policyType | Add-Member -MemberType NoteProperty -Name $propertyName -Value $propertyValue -Force + } + $policyList += $policyType + } + $policyList + } + } +} \ No newline at end of file diff --git a/module/Entra/customizations/Get-EntraAuthorizationPolicy.ps1 b/module/Entra/customizations/Get-EntraAuthorizationPolicy.ps1 deleted file mode 100644 index d9abae26b..000000000 --- a/module/Entra/customizations/Get-EntraAuthorizationPolicy.ps1 +++ /dev/null @@ -1,79 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -@{ - SourceName = "Get-AzureADMSAuthorizationPolicy" - TargetName = $null - Parameters = $null - outputs = $null - CustomScript = @' - PROCESS { - $params = @{} - $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand - if($PSBoundParameters.ContainsKey("Verbose")) - { - $params["Verbose"] = $PSBoundParameters["Verbose"] - } - if($PSBoundParameters.ContainsKey("Debug")) - { - $params["Debug"] = $PSBoundParameters["Debug"] - } - if($null -ne $PSBoundParameters["WarningVariable"]) - { - $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] - } - if($null -ne $PSBoundParameters["InformationVariable"]) - { - $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] - } - if($null -ne $PSBoundParameters["InformationAction"]) - { - $params["InformationAction"] = $PSBoundParameters["InformationAction"] - } - if($null -ne $PSBoundParameters["OutVariable"]) - { - $params["OutVariable"] = $PSBoundParameters["OutVariable"] - } - if($null -ne $PSBoundParameters["OutBuffer"]) - { - $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] - } - if($null -ne $PSBoundParameters["ErrorVariable"]) - { - $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] - } - if($null -ne $PSBoundParameters["PipelineVariable"]) - { - $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] - } - if($null -ne $PSBoundParameters["ErrorAction"]) - { - $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] - } - if($null -ne $PSBoundParameters["WarningAction"]) - { - $params["WarningAction"] = $PSBoundParameters["WarningAction"] - } - if($null -ne $PSBoundParameters["Property"]) - { - $params["Property"] = $PSBoundParameters["Property"] - } - - Write-Debug("============================ TRANSFORMATIONS ============================") - $params.Keys | ForEach-Object {"$_ : $($params[$_])" } | Write-Debug - Write-Debug("=========================================================================`n") - - $response = Get-MgPolicyAuthorizationPolicy @params -Headers $customHeaders - $response | ForEach-Object { - if ($null -ne $_) { - $propsToConvert = @('DefaultUserRolePermissions') - foreach ($prop in $propsToConvert) { - $value = $_.$prop | ConvertTo-Json -Depth 10 | ConvertFrom-Json - $_ | Add-Member -MemberType NoteProperty -Name $prop -Value ($value) -Force - } - } - } - $response - } -'@ -} \ No newline at end of file diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuthorizationPolicy.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuthorizationPolicy.md index 8854fab01..c735ee4d6 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuthorizationPolicy.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraAuthorizationPolicy.md @@ -53,6 +53,16 @@ Connect-Entra -Scopes 'Policy.Read.All' Get-EntraAuthorizationPolicy ``` +```Output +DeletedDateTime Description DisplayName Id AllowEmailVerifiedUsersToJoinOrganization AllowI + nvites + From +--------------- ----------- ----------- -- ----------------------------------------- ------ + Used to manage authorization related settings across the company. Authorization Policy authorizationPolicy True every… +``` + +This example gets the Microsoft Entra ID authorization policy. + ### Example 2: Get an authorization policy by ID ```powershell @@ -61,23 +71,21 @@ Get-EntraAuthorizationPolicy -Id 'authorizationPolicy' | Format-List ``` ```Output -DefaultUserRolePermissions : @{AllowedToCreateApps=True; AllowedToCreateSecurityGroups=True; AllowedToCreateTenants=True; AllowedToReadBitlockerKeysForOwnedDevice=True; AllowedToReadOtherUsers=True; AdditionalProperties=} -AllowEmailVerifiedUsersToJoinOrganization : False -AllowInvitesFrom : everyone -AllowUserConsentForRiskyApps : -AllowedToSignUpEmailBasedSubscriptions : True -AllowedToUseSspr : True -BlockMsolPowerShell : False -DefaultUserRoleOverrides : -DeletedDateTime : -Description : Used to manage authorization related settings across the company. -DisplayName : Authorization Policy -EnabledPreviewFeatures : {} -GuestUserRoleId : 10dae51f-b6af-4016-8d66-8c2a99b929b3 -Id : authorizationPolicy -PermissionGrantPolicyIdsAssignedToDefaultUserRole : {ManagePermissionGrantsForSelf.microsoft-user-default-legacy, ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-team, - ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-chat} -AdditionalProperties : {} +allowInvitesFrom : everyone +allowUserConsentForRiskyApps : +id : authorizationPolicy +defaultUserRolePermissions : @{allowedToCreateSecurityGroups=True; allowedToReadBitlockerKeysForOwnedDevice=True; allowedToCreateTenants=True; + allowedToReadOtherUsers=True; allowedToCreateApps=False; permissionGrantPoliciesAssigned=System.Object[]} +blockMsolPowerShell : False +guestUserRoleId : a0b1b346-4d3e-4e8b-98f8-753987be4970 +displayName : Authorization Policy +@odata.context : https://graph.microsoft.com/v1.0/$metadata#policies/authorizationPolicy/$entity +allowedToSignUpEmailBasedSubscriptions : True +description : Used to manage authorization related settings across the company. +allowEmailVerifiedUsersToJoinOrganization : True +allowedToUseSSPR : True +DeletedDateTime : +AdditionalProperties : {} ``` This example gets the Microsoft Entra ID authorization policy. diff --git a/test/module/Entra/Get-EntraAuthorizationPolicy.Tests.ps1 b/test/module/Entra/Get-EntraAuthorizationPolicy.Tests.ps1 index 8328a29a0..bfd4ee335 100644 --- a/test/module/Entra/Get-EntraAuthorizationPolicy.Tests.ps1 +++ b/test/module/Entra/Get-EntraAuthorizationPolicy.Tests.ps1 @@ -30,7 +30,7 @@ BeforeAll { ) } - Mock -CommandName Get-MgPolicyAuthorizationPolicy -MockWith $scriptblock -ModuleName Microsoft.Graph.Entra + Mock -CommandName Invoke-GraphRequest -MockWith $scriptblock -ModuleName Microsoft.Graph.Entra } Describe "Get-EntraAuthorizationPolicy" { @@ -48,14 +48,27 @@ Describe "Get-EntraAuthorizationPolicy" { $result.AllowedToUseSspr | should -Be $True $result.BlockMsolPowerShell | should -Be $True - Should -Invoke -CommandName Get-MgPolicyAuthorizationPolicy -ModuleName Microsoft.Graph.Entra -Times 1 + Should -Invoke -CommandName Invoke-GraphRequest -ModuleName Microsoft.Graph.Entra -Times 1 + } + It "Should return AuthorizationPolicy when passed Id" { + $result = Get-EntraAuthorizationPolicy -Id 'authorizationPolicy' + $result | Should -Not -BeNullOrEmpty + $result.Id | should -Be 'authorizationPolicy' + + Should -Invoke -CommandName Invoke-GraphRequest -ModuleName Microsoft.Graph.Entra -Times 1 + } + It "Should fail when Id is invalid" { + {Get-EntraAuthorizationPolicy -Id ''} | Should -Throw 'Exception calling "Substring" with "2" argument*' + } + It "Should fail when Id is invalid" { + {Get-EntraAuthorizationPolicy -Id } | Should -Throw "Missing an argument for parameter 'Id'*" } It "Property parameter should work" { $result = Get-EntraAuthorizationPolicy -Property DisplayName $result | Should -Not -BeNullOrEmpty $result.DisplayName | Should -Be 'AuthorizationPolicy' - Should -Invoke -CommandName Get-MgPolicyAuthorizationPolicy -ModuleName Microsoft.Graph.Entra -Times 1 + Should -Invoke -CommandName Invoke-GraphRequest -ModuleName Microsoft.Graph.Entra -Times 1 } It "Should fail when Property is empty" { { Get-EntraAuthorizationPolicy -Property } | Should -Throw "Missing an argument for parameter 'Property'*" @@ -67,7 +80,7 @@ Describe "Get-EntraAuthorizationPolicy" { $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Get-EntraAuthorizationPolicy" - Should -Invoke -CommandName Get-MgPolicyAuthorizationPolicy -ModuleName Microsoft.Graph.Entra -Times 1 -ParameterFilter { + Should -Invoke -CommandName Invoke-GraphRequest -ModuleName Microsoft.Graph.Entra -Times 1 -ParameterFilter { $Headers.'User-Agent' | Should -Be $userAgentHeaderValue $true }