microsoftgraph · peombwa · May 19, 2021 · Apr 20, 2021 · Apr 20, 2021 · Apr 22, 2021
@@ -0,0 +1,123 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.Synopsis
+Select matching entitlement management accessPackage
+.Description
+Select matching entitlement management accessPackage
+.Inputs
+Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessPackage
+.Outputs
+Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessPackage
+.Notes
+
+.Link
+https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/select-mgentitlementmanagementaccesspackage
+#>
+function Select-MgEntitlementManagementAccessPackage {
+[OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessPackage])]
+[CmdletBinding(PositionalBinding=$false, ConfirmImpact='Medium')]
+[Microsoft.Graph.PowerShell.Profile('v1.0-beta')]
+param(
+    [Parameter (ValueFromPipeline=$true)]
+    [Microsoft.Graph.PowerShell.Models.MicrosoftGraphAccessPackage[]]$AccessPackage,
+
+    [Parameter (Mandatory = $False)]
+    [switch]
+    $PolicyWithNoApprovalRequiredForRequest,
+
+    [Parameter (Mandatory = $False)]
+    [string[]]
+    $PolicyWithScopeType
+
+)
+
+begin {
+    $APWithZeroPolicies = 0
+    $APWithNonZeroPolicies = 0
+    $policyEvaluation = $false
+
+    if ($PolicyWithNoApprovalRequiredForRequest -or ($null -ne $PolicyWithScopeType -and $PolicyWithScopeType.Length -gt 0)) {
+        $policyEvaluation = $true
+    }
+}
+
+process {
+
+    $NewObj = $AccessPackage
+    $accessPackageId = ""
+    try {
+        $accessPackageId = $AccessPackage.Id
+    } catch {
+        write-verbose "no access package id"
+        return
+    }
+
+    if ($policyEvaluation) {
+        $inputPolicyCount = 0
+        try {
+            if ($AccessPackage.AccessPackageAssignmentPolicies) {
+                $inputPolicyCount = $AccessPackage.AccessPackageAssignmentPolicies.Length
+
+            }
+        } catch {
+            write-verbose "no policies in $accessPackageId"
+            $APWithZeroPolicies++
+            return
+        }
+        if ($inputPolicyCount -eq 0) {
+            $APWithZeroPolicies++
+            return
+        }
+
+        $APWithNonZeroPolicies++
+
+        $matchingPolicyCount = 0
+        $matchingPolicies = @()
+        foreach ($p in $AccessPackage.AccessPackageAssignmentPolicies) {
+            $thisMatch = $null
+
+            $thisMatch = @(Select-MgEntitlementManagementAccessPackageAssignmentPolicy -ScopeType $PolicyWithScopeType -NoApprovalRequiredForRequest:$PolicyWithNoApprovalRequiredForRequest -Policy $p)
+
+            if ($null -eq $thisMatch  -or $thisMatch.Length -eq 0) {
+                # not a match
+            } else {
+                $matchingPolicies += $thisMatch[0]
+            }
+        }
+        $matchingPolicyCount = $matchingPolicies.Length
+        if ($matchingPolicyCount -eq 0) {
+                write-verbose "skipping $accessPackageId as $inputPolicyCount policies has 0 matching"
+                return
+        } elseif ($inputPolicyCount -ne $matchingPolicyCount) {
+            write-verbose "changing $accessPackageId from $inputPolicyCount to $MatchingPolicyCount"
+
+            $NewObj = $AccessPackage.PSObject.Copy()
+            $NewObj | Add-Member -MemberType NoteProperty -Name AccessPackageAssignmentPolicies -Value $matchingPolicies -Force
+        } else {
+            write-verbose "all $inputPolicyCount policies of $accessPackageId are relevant"
+        }
+
+    }
+
+    write-output $NewObj
+}
+
+end {
+    if ($APWithNonZeroPolicies -eq 0 -and $ApWithZeroPolicies -gt 1 -and $policyEvaluation -eq $true) {
+        write-warning "no access packages had any policies to evaluate"
+    }
+}
+}
@@ -0,0 +1,120 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.Synopsis
+Select matching entitlement management accessPackageAssignmentPolicy
+.Description
+Select matching entitlement management accessPackageAssignmentPolicy
+.Inputs
+Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessPackageAssignmentPolicy
+.Outputs
+Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessPackageAssignmentPolicy
+.Notes
+
+.Link
+https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/select-mgentitlementmanagementaccesspackageassignmentpolicy
+#>
+function Select-MgEntitlementManagementAccessPackageAssignmentPolicy {
+[OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessPackageAssignmentPolicy])]
+[CmdletBinding(DefaultParameterSetName='ExplicitScope', PositionalBinding=$false, ConfirmImpact='Medium')]
+[Microsoft.Graph.PowerShell.Profile('v1.0-beta')]
+param(
+    [Parameter (ValueFromPipeline=$true)]
+    [Microsoft.Graph.PowerShell.Models.MicrosoftGraphAccessPackageAssignmentPolicy[]]$Policy,
+
+    [Parameter (Mandatory = $False)]
+    [switch]
+    $NoApprovalRequiredForRequest,
+
+    [Parameter (Mandatory = $False,ParameterSetName = "ExplicitScope")]
+    [string[]]
+    $ScopeType
+)
+
+begin {
+
+}
+
+process {
+    $policyId = $Policy.Id
+    $acceptRequests = $false
+    $thisScopeType = ""
+
+    if ($Policy.RequestorSettings) {
+        $acceptRequests = $Policy.RequestorSettings.AcceptRequests
+        $thisScopeType = $Policy.RequestorSettings.ScopeType
+    }
+    $matchedScopeType = $true
+    if ($null -ne $ScopeType -and $ScopeType.Length -gt 0) {
+        $matchedScopeType = $false
+        foreach ($s in $ScopeType) {
+            if ($thisScopeType -eq $s) {
+                $matchedScopeType = $true
+                break
+            }
+        }
+    }
+    if ($acceptRequests -and $matchedScopeType -eq $false) {
+        write-verbose "policy $policyId did not match scope type with $thisScopeType"
+        return
+    }
+
+    if ($NoApprovalRequiredForRequest -and $acceptRequests -eq $true) {
+        $approvalIsRequiredForRequest = $false
+
+        if ($Policy.RequestApprovalSettings) {
+            $isApprovalRequired = $Policy.RequestApprovalSettings.isApprovalRequired
+            $isApprovalRequiredForExtension = $Policy.RequestApprovalSettings.isApprovalRequiredForExtension
+
+            $isApprovalOverride = $true
+
+            if ($Policy.RequestApprovalSettings.ApprovalMode -eq "NoApproval") {
+                $isApprovalOverride = $false
+            }
+            if ($Policy.RequestApprovalSettings.ApprovalStages -eq $null -or $Policy.RequestApprovalSettings.ApprovalStages.Length -eq 0) {
+                $isApprovalOverride = $false
+            }
+
+            if ($isApprovalRequired -eq $true -and $isApprovalOverride -eq $true) {
+                $approvalIsRequiredForRequest = $true
+            } else {
+                write-verbose "policy $policyId did not require approval $isApprovalRequired $isApprovalRequiredForExtension $isApprovalOverride"
+            }
+
+        }
+
+        if ($approvalIsRequiredForRequest) {
+            write-verbose "policy $policyId requires approval"
+            return
+        }
+    }
+
+    if ($NoApprovalRequiredForRequest -and $acceptRequests -eq $false) {
+        # does not accept requests
+        write-verbose "policy $policyId does not accept requests"
+        return
+    }
+    if ($NoApprovalRequiredForRequest -and ($null -eq $ScopeType -or $ScopeType.Length -eq 0) -and $thisScopeType -eq "NoSubjects") {
+        write-verbose "policy $policyId has no subjects in scope"
+        return
+    }
+
+    write-output $Policy
+}
+
+end {
+
+}
+}