M365DSCTools.psm1
#Region './Private/Convert-M365WorkloadName.ps1' -1 $DSC_Workloads = @{ 'AzureAD' = 'AAD' 'Exchange' = 'EXO' 'Intune' = 'Intune' 'Office365' = 'O365' 'OneDrive' = 'OD' 'Planner' = 'Planner' 'PowerPlatform' = 'PP' 'SecurityCompliance' = 'SC' 'SharePoint' = 'SPO' 'Teams' = 'Teams' } function Convert-M365WorkloadName { <# .Synopsis Converts a M365 workload name to a short name .Description This function converts a M365 workload name to a short name. For example AzureAD to AAD. .Parameter Name The Name that needs to be converted .Example Convert-M365WorkloadName -Name 'AzureAD' #> [CmdletBinding()] param ( [Parameter(Mandatory = $true, ValueFromPipeLine = $True)] [string] $Name ) process { if ($DSC_Workloads.keys -contains $Name) { return ($DSC_Workloads[$Name]) } } } #EndRegion './Private/Convert-M365WorkloadName.ps1' 46 #Region './Private/Convert-PesterType.ps1' -1 function Convert-PesterType { <# .Synopsis Converts variable types used in DSC to types that can be used in Pester tests .Description This function converts types that are used in DSC to types that can be used in Pester tests. For example DSC supports an SInt32 type, which is unknown to Pester. .Parameter Type The Type that needs to be converted .Example Convert-PesterType -Type 'SInt32' #> [CmdletBinding()] [OutputType([System.String])] param ( [Parameter(Mandatory = $true)] [string] $Type ) switch ($Type) { 'SInt32' { return "should -match '^\d+$' -because ""Must be a positive Integer""" } 'SInt64' { return "should -match '^\d+$' -because ""Must be a positive Integer""" } 'UInt32' { return "should -BeOfType 'Int'" } 'UInt64' { return "should -BeOfType 'Int'" } 'StringArray' { return "should -BeOfType 'String'" } 'Guid' { return "Test-IsGuid | should -Be 'True'" } default { return "should -BeOfType '$type'" } } } #EndRegion './Private/Convert-PesterType.ps1' 58 #Region './Private/Get-RefNodeExampleData.ps1' -1 function Get-RefNodeExampleData { <# .Synopsis Retrieves the details of the requested item from the referenced example data .Description This function retrieves the details of the item from the referenced example data. .Parameter Node The Leadnode that needs to be retrieved .Parameter ReferenceObject The ReferenceObject that contains the example data .Example Get-RefNodeExampleData -Node $leafnode -ReferenceObject $exampleData #> [CmdletBinding()] [OutputType([System.Collections.Hashtable])] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', '')] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $True)] $Node, [Parameter(Mandatory = $true)] $ReferenceObject ) process { $ExecuteCommand = '$ReferenceObject.{0}' -f $($Node.PathName -Replace '\[\d*\](?=(\.|$))') $Result = $($ExecutionContext.InvokeCommand.InvokeScript('{0}' -f $ExecuteCommand )) if ($result) { if ($Node.GetType().FullName -eq 'PSLeafNode') { $ArrayResult = $Result.split('|').foreach{ $_.trim() } $LeafNode = @{} if ( $ArrayResult[0]) { $LeafNode.add('Type', $ArrayResult[0]) } if ( $ArrayResult[1]) { $LeafNode.add('Required', $ArrayResult[1]) } if ( $ArrayResult[2]) { $LeafNode.add('Description', $ArrayResult[2]) } if ( $ArrayResult[3]) { $LeafNode.add('ValidateSet', "'" + ( $ArrayResult[3] -Replace '\s*\/\s*', "', '") + "'" ) } return $LeafNode } else { return $Result } return $null } } } #EndRegion './Private/Get-RefNodeExampleData.ps1' 68 #Region './Private/Invoke-APRestApi.ps1' -1 function Invoke-APRestApi { <# .SYNOPSIS Executes an API call to Azure DevOps. .DESCRIPTION This function executes an API call to Azure DevOps using the provided method, headers, and body. .PARAMETER Uri The URI to the Azure DevOps API. .PARAMETER Method The HTTP method to be used for the API call. .PARAMETER Headers The headers to be used for the API call. .PARAMETER Body The body to be used for the API call. .EXAMPLE $headers = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]' $authToken = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($PAT)")) $headers.Add("Authorization", ("Basic {0}" -f $authToken)) $devOpsOrgUrl = 'https://dev.azure.com/{0}' -f $Organization $devOpsProjectUrl = '{0}/{1}' -f $devOpsOrgUrl, $Project $apiVersionString = "api-version=$ApiVersion" $envUrl = '{0}/_apis/distributedtask/environments?{1}' -f $devOpsProjectUrl, $apiVersionString $currentEnvironments = Invoke-APRestApi -Uri $envUrl -Method 'GET' -Headers $headers #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String] $Uri, [Parameter(Mandatory = $true)] [ValidateSet('GET', 'POST', 'PATCH')] [System.String] $Method, [Parameter()] [System.Collections.Generic.Dictionary[[String], [String]]] $Headers, [Parameter()] [System.String] $Body ) try { $params = @{ Uri = $Uri Method = $Method ContentType = 'application/json;charset=utf-8' } if ($PSBoundParameters.ContainsKey('Headers')) { $params.Headers = $Headers } if ($PSBoundParameters.ContainsKey('Body')) { $params.Body = $Body } $result = Invoke-RestMethod @params return $result } catch { Write-Log -Object "[ERROR] Error occurred when connecting to Azure DevOps API: $($_.Exception.Message)" -Failure throw } } #EndRegion './Private/Invoke-APRestApi.ps1' 82 #Region './Private/Merge-Array.ps1' -1 function Merge-Array { <# .Synopsis Merges two arrays into one new array .Description This function merges two arrays into one new one. The values in the Merge array are overwriting any existing values in the Reference array. .Parameter Reference The Reference array that is used as the starting point .Parameter Merge The Merge array that will be merged into the Reference array. .Example # Merges the Merge array into the Reference array $reference = @(1,2,3,4,5,6,7,8,9,10) $merge = @(11,12,13,14,15,16,17,18,19,20) Merge-Array -Reference $reference -Merge $merge #> param ( [Parameter(Mandatory = $true)] [System.Array] $Reference, [Parameter(Mandatory = $true)] [System.Array] $Merge ) $script:level++ Write-LogEntry -Message "Processing array: $($Merge.Count) items" -Level $script:level foreach ($item in $Merge) { switch ($item.GetType().FullName) { 'System.Collections.Hashtable' { $refItem = $Reference | Where-Object -FilterScript { ($_.ContainsKey('UniqueId') -and $_.UniqueId -eq $item.UniqueId) -or ` ($_.ContainsKey('Identity') -and $_.Identity -eq $item.Identity) -or ` ($_.ContainsKey('Id') -and $_.Id -eq $item.Id) -or ` ($_.ContainsKey('NodeName') -and $_.NodeName -eq $item.NodeName) } if ($null -eq $refItem) { # Add item Write-LogEntry -Message " Hashtable doesn't exist in Reference. Adding." -Level $script:level $Reference += $item } else { # Compare item $script:level++ Write-LogEntry -Message 'Hashtable exists in Reference. Merging.' -Level $script:level $refItem = Merge-Hashtable -Reference $refItem -Merge $item $script:level-- } } Default { if ($Reference -notcontains $item) { $Reference += $item } } } } $script:level-- return $Reference } #EndRegion './Private/Merge-Array.ps1' 80 #Region './Private/Merge-Hashtable.ps1' -1 function Merge-Hashtable { <# .Synopsis Merges two hashtables .Description This function merges two hashtables into one new one. The values in the Merge hashtable are overwriting any existing values in the Reference hashtable. .Parameter Reference The Reference hashtable that is used as the starting point .Parameter Merge The Merge hashtable that will be merged into the Reference hashtable. .Example # Merges the Merge file into the Reference file $reference = @{ 'Key1' = 'Value1' 'Key2' = 'Value2' 'Key3' = @{ 'Key3.1' = 'Value3.1' 'Key3.2' = 'Value3.2' } } $merge = @{ 'Key1' = 'ValueNew' 'Key3' = @{ 'Key3.2' = 'ValueNew' 'Key3.3' = 'Value3.3' } } Merge-Hashtable -Reference $reference -Merge $merge #> param ( [Parameter(Mandatory = $true)] [System.Collections.Hashtable] $Reference, [Parameter(Mandatory = $true)] [System.Collections.Hashtable] $Merge ) $script:level++ $items = $Merge.GetEnumerator() foreach ($item in $items) { $itemKey = $item.Key $itemData = $item.Value Write-LogEntry -Message "Processing: $itemKey" -Level $script:level switch ($itemData.GetType().FullName) { 'System.Collections.Hashtable' { # Check if item exists in the reference if ($Reference.ContainsKey($itemKey) -eq $false) { # item does not exist, add item Write-LogEntry -Message ' Key missing in Merge object, adding key' -Level $script:level $Reference.Add($itemKey, $itemData) } else { $script:level++ Write-LogEntry -Message 'Key exists in Merge object, checking child items' -Level $script:level $Reference.$itemKey = Merge-Hashtable -Reference $Reference.$itemKey -Merge $itemData $script:level-- } } 'System.Object[]' { if ($null -eq $Reference.$itemKey -or $Reference.$itemKey.Count -eq 0) { $Reference.$itemKey = $itemData } else { $Reference.$itemKey = [Array](Merge-Array -Reference $Reference.$itemKey -Merge $itemData) } } Default { if ($Reference.$itemKey -ne $itemData) { $Reference.$itemKey = $itemData } } } } $script:level-- return $Reference } #EndRegion './Private/Merge-Hashtable.ps1' 99 #Region './Private/Test-IsGuid.ps1' -1 function Test-IsGuid { <# .Synopsis Tests is a string is a valid GUID .Description This function tests if a provided string is actually a valid GUID. .Parameter StringGuid String that needs to get tested if it is a valid GUID .Example Test-IsGuid -StringGuid '4756d311-220b-4e1d-ae47-8718a08ad16c' #> [CmdletBinding()] [OutputType([bool])] param ( [Parameter(Mandatory = $true, ValueFromPipeLine = $True)] [string] $StringGuid ) process { $ObjectGuid = [System.Guid]::empty return [System.Guid]::TryParse($StringGuid,[System.Management.Automation.PSReference]$ObjectGuid) # Returns True if successfully parsed } } #EndRegion './Private/Test-IsGuid.ps1' 31 #Region './Private/Write-LogEntry.ps1' -1 <# .Synopsis Writes a log entry to the console, including a timestamp .Description This function writes a log entry to the console, including a timestamp of the current time. .Parameter Message The message that has to be written to the console. .Parameter Level The number of spaces the message has to be indented. .Example Write-LogEntry -Message 'This is a log entry' .Example Write-LogEntry -Message 'This is an indented log entry' -Level 1 #> function Write-LogEntry { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Using Write-Host to force output to the screen instead of into the pipeline.')] [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String] $Message, [Parameter()] [System.Int32] $Level = 0 ) $timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss' $indentation = ' ' * $Level $output = '[{0}] - {1}{2}' -f $timestamp, $indentation, $Message Write-Host -Object $output } #EndRegion './Private/Write-LogEntry.ps1' 42 #Region './Public/Add-ModulesToBlobStorage.ps1' -1 function Add-ModulesToBlobStorage { <# .SYNOPSIS Downloads all Microsoft365DSC dependencies and uploads these to an Azure Blob Storage .DESCRIPTION This function checks which dependencies the used version of Microsoft365DSC requires and downloads these from the PowerShell Gallery. The dependencies are then packaged into a zip file and uploaded to an Azure Blob Storage. .PARAMETER ResourceGroupName The Azure Resource Group Name where the Storage Account is located .PARAMETER StorageAccountName The name of the Storage Account where the zip file will be uploaded to .PARAMETER ContainerName The name of the Container where the zip file will be uploaded to .EXAMPLE Add-ModulesToBlobStorage -ResourceGroupName 'MyResourceGroup' -StorageAccountName 'MyStorageAccount' -ContainerName 'MyContainer' #> [CmdletBinding()] [OutputType([System.Boolean])] param ( # [Parameter(Mandatory = $true)] # [System.String] # $SubscriptionName, [Parameter(Mandatory = $true)] [System.String] $ResourceGroupName, [Parameter(Mandatory = $true)] [System.String] $StorageAccountName, [Parameter(Mandatory = $true)] [System.String] $ContainerName ) Write-Log -Object 'Upload Microsoft365DSC module dependencies to storage container' Write-Log -Object "Connecting to storage account '$StorageAccountName'" $storageAcc = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName Write-Log -Object 'Retrieving storage account context' $context = $storageAcc.Context Write-Log -Object 'Checking dependencies' $m365Module = Get-Module -Name Microsoft365DSC -ListAvailable | Sort-Object -Property Version -Descending | Select-Object -First 1 $modulePath = Split-Path -Path $m365Module.Path -Parent $versionString = $m365Module.Version.ToString() -replace '\.', '_' $dependenciesPath = Join-Path -Path $modulePath -ChildPath 'Dependencies\Manifest.psd1' if (Test-Path -Path $dependenciesPath) { Write-Log -Object 'Downloading dependencies' $destination = Join-Path -Path $env:TEMP -ChildPath 'M365DSCModules' $savePath = Join-Path -Path $destination -ChildPath $m365Module.Version.ToString() if (Test-Path -Path $savePath) { Write-Log -Object "$savePath already exists. Removing!" Remove-Item -Path $savePath -Recurse -Confirm:$false } $null = New-Item -Path $savePath -ItemType 'Directory' Write-Log -Object ('Saving module {0} (v{1})' -f $m365Module.Name, $m365Module.Version.ToString()) Save-Module -Name $m365Module.Name -RequiredVersion $m365Module.Version.ToString() -Path $savePath $data = Import-PowerShellDataFile -Path $dependenciesPath foreach ($dependency in $data.Dependencies) { Write-Log -Object ('Saving module {0} (v{1})' -f $dependency.ModuleName, $dependency.RequiredVersion) Save-Module -Name $dependency.ModuleName -RequiredVersion $dependency.RequiredVersion -Path $savePath } Write-Log -Object 'Packaging Zip file' $zipFileName = "M365DSCDependencies-$versionString.zip" $zipFilePath = Join-Path -Path $env:TEMP -ChildPath $zipFileName if ((Test-Path -Path $zipFilePath)) { Write-Log -Object "$zipFileName already exist on disk. Removing!" Remove-Item -Path $zipFilePath -Confirm:$false } Compress-Archive -Path $savePath\* -DestinationPath $zipFilePath Write-Log -Object 'Uploading Zip file' $blobContent = Get-AzStorageBlob -Container $ContainerName -Context $context -Prefix $zipFileName if ($null -ne $blobContent) { Write-Log -Object "$zipFileName already exist in the Blob Storage. Removing!" $blobContent | Remove-AzStorageBlob } $null = Set-AzStorageBlobContent -Container $ContainerName -File $zipFilePath -Context $context -Force Write-Log -Object 'Removing temporary components' Remove-Item -Path $savePath -Recurse -Confirm:$false -Force Remove-Item -Path $zipFilePath -Confirm:$false } else { Write-Log -Object '[ERROR] Dependencies\Manifest.psd1 file not found' -Failure return $false } return $true } #EndRegion './Public/Add-ModulesToBlobStorage.ps1' 115 #Region './Public/Convert-M365DSCExportToPowerShellDataFile.ps1' -1 $DSC_ExcludeKeys = @( 'ResourceInstanceName', 'ResourceName', 'ApplicationId', 'CertificateThumbprint', 'TenantId', 'IsSingleInstance' ) function Convert-M365DSCExportToPowerShellDataFile { <# .SYNOPSIS Converts a Microsoft365DSC export into a PowerShell data file. .DESCRIPTION This function converts a Microsoft365DSC export in .ps1 format into a PowerShell data file (.psd1) format that complies with the structure used in the M365DSC.CompositeResources module. It uses the function New-M365DSCReportFromConfiguration to convert the export into JSON before converting it into a PowerShell data file. .PARAMETER Workload The Workload for which you want to convert the export. .PARAMETER SourceFile The file which contains the Microsoft365DSC export. .PARAMETER ResultFolder The folder to which the converted file is written to. .EXAMPLE Convert-M365DSCExportToPowerShellDataFile ` -Workload Office365 ` -SourceFile '.\Exports\O365\O365.ps1' ` -ResultFolder '.\Results' #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingCmdletAliases', '', Scope = 'Function')] [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateSet( 'AzureAD', 'Exchange', 'Intune', 'Office365', 'OneDrive', 'Planner', 'PowerPlatform', 'SecurityCompliance', 'SharePoint', 'Teams')] $Workload, [Parameter(Mandatory = $true, ValueFromPipeline = $True)] $SourceFile, [Parameter(Mandatory = $true)] $ResultFolder ) begin { # Test if the ObjectGraphTools module is loaded and the class is available if (-not ([System.Management.Automation.PSTypeName]'PSNode').Type) { Import-Module ObjectGraphTools -Force } Class DSCConversion { [string]$Resource_Name [string]$Composite_Resource_Name [hashtable[]]$Resource_Objects } # Fix bug second run Set-M365DSCTelemetryOption -Enabled $false } process { $SourceFile_BaseName = (Get-Item $SourceFile).BaseName $Path_JsonReport = '{0}_M365DSCReport.json' -f $( Join-Path -Path $ResultFolder -ChildPath $SourceFile_BaseName) $Path_CompositeConfig = '{0}.psd1' -f $( Join-Path -Path $ResultFolder -ChildPath $SourceFile_BaseName) New-Item -ItemType Directory -Force -Path $ResultFolder | Out-Null '--- Create composite config for M365 DSC ---' | Write-Log 'Workload : {0}' -f $Workload | Write-Log 'SourceFile : {0}' -f $SourceFile | Write-Log 'ResultFolder : {0}' -f $ResultFolder | Write-Log # Create M365DSCReport $OriginalProgressPreference = $Global:ProgressPreference $Global:ProgressPreference = 'SilentlyContinue' New-M365DSCReportFromConfiguration -Type JSON -ConfigurationPath $SourceFile -OutputPath $Path_JsonReport $Global:ProgressPreference = $OriginalProgressPreference # load M365DSCReport $Obj_Export = Get-Content $Path_JsonReport | ConvertFrom-Json # Load Example data from module M365DSC.CompositeResources $M365DSCCRModule = Get-Module -ListAvailable M365DSC.CompositeResources | Sort-Object -Property Version | Select-Object -Last 1 $Obj_M365DataExample = Import-PSDataFile -Path (Join-Path -Path ($M365DSCCRModule.Path | Split-Path) -ChildPath 'M365ConfigurationDataExample.psd1').ToString() # Group Object $Obj_Export_Groups = $Obj_Export | Group-Object 'resourcename' 'Found Grouped Items : {0}' -f $Obj_Export_Groups.count | Write-Log $Obj_Grouped = @( foreach ($Obj_Export_Group in $Obj_Export_Groups) { $Obj_Conversion = [DSCConversion]::new() $Obj_Conversion.Resource_Name = $Obj_Export_Group.name $Composite_Resource = $Obj_M365DataExample.NonNodeData.$Workload.GetEnumerator() | Where-Object { $_.Name -match [regex]('^{0}[s]*$' -f ($Obj_Export_Group.Name ` -replace "^$($Workload | Convert-M365WorkLoadName )" ` -replace '(?<!y)$', '[s]*' ` -replace 'y$', '(y|ies)' ` -replace 'Policy', 'Policies' ` -replace 'Profile', 'Profiles' ) ) } $Obj_Conversion.Composite_Resource_Name = $Composite_Resource.Name Foreach ($Group in $Obj_Export_Group.group) { $Obj_Conversion.Resource_Objects += ($Group | Copy-ObjectGraph -MapAs hashtable ) } #Filter if ($Obj_Conversion.Composite_Resource_Name) { $Obj_Conversion } } ) # Compose file $Obj_Result = @{NonNodeData = @{$Workload = @{} } } foreach ( $Collection in $Obj_Grouped ) { $Obj_Result.NonNodeData.$workload += @{$Collection.Composite_Resource_Name = @() } foreach ($Resource in $Collection.Resource_Objects) { $Obj_Result.NonNodeData.$workload.($Collection.Composite_Resource_Name) += $Resource } } # Get All leaf nodes $InputNode = $Obj_Result | Get-Node $LeafNodes = $InputNode | Get-ChildNode -Recurse -Leaf # Exclude Keys $LeafNodes.where{ $_.Name -in $DSC_ExcludeKeys }.foreach{ $_.ParentNode.value.remove($_.name) } $DSC_ExcludeKeys.foreach{ 'Remove excluded key: {0}' -f $_ | Write-Log } # Fix type Int after export ( bug? commandlet New-M365DSCReportFromConfiguration ) $Int_Nodes = $LeafNodes.where{ (Get-RefNodeExampleData -Node $_ -ReferenceObject $Obj_M365DataExample).type -in ('SInt32', 'UInt32', 'UInt64') } $Int_Nodes.ForEach{ $_.Value = [int]$_.Value } # Sort-object $Obj_Result = $Obj_Result | Sort-ObjectGraph -PrimaryKey 'NodeName', 'Identity', 'UniqueId' -MaxDepth 20 # Check if data is available if ($Obj_Result.NonNodeData.$Workload) { $Obj_Result | ConvertTo-Expression -Depth 20 -Expand 20 | Out-File $Path_CompositeConfig -Force -Confirm:$false -Encoding ascii 'Result Composite config created: {0}' -f $Path_CompositeConfig | Write-Log } else { 'No valid data in result ' | Write-Log -Failure } } end { # Cleaning if (Test-Path -Path $Path_JsonReport) { Remove-Item $Path_JsonReport -Confirm:$false -Force } } } #EndRegion './Public/Convert-M365DSCExportToPowerShellDataFile.ps1' 179 #Region './Public/Copy-Object.ps1' -1 function Copy-Object { <# .SYNOPSIS Creates a full copy of an object, like a hashtable. .DESCRIPTION This function creates a full copy of an object like a hashtable, without it having any reference to the original object. .PARAMETER Object The object to be copied. .EXAMPLE Copy-Object -Object @{ 'Key' = 'Value' } #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.Object] $Object ) $memStream = New-Object IO.MemoryStream $formatter = New-Object Runtime.Serialization.Formatters.Binary.BinaryFormatter $formatter.Serialize($memStream, $Object) $memStream.Position = 0 $result = $formatter.Deserialize($memStream) return $result } #EndRegion './Public/Copy-Object.ps1' 33 #Region './Public/Get-EnvironmentsGenericInfo.ps1' -1 function Get-EnvironmentsGenericInfo { <# .SYNOPSIS Returns an overview of the CICD sections of all Generic data files. .DESCRIPTION This function inventories all '<Environment>#Generic.psd1' data files and returns this as one hashtable. It can be used to generate the pipeline yaml and Azure DevOps environments. .PARAMETER Path The path to the environments data files. .EXAMPLE Get-EnvironmentsGenericInfo -Path 'C:\Data\Environments' #> [CmdletBinding()] [OutputType([System.Collections.HashTable])] param ( [Parameter(Mandatory = $true)] [System.String] $Path ) $result = @{} if (Test-Path -Path $Path) { $pattern = '*#Generic.psd1' $genericFiles = Get-ChildItem -Path $Path -Filter $pattern -Recurse if ($genericFiles.Count -ne 0) { foreach ($genericFile in $genericFiles) { $environment = $genericFile.Directory.BaseName $genericInfo = Import-PowerShellDataFile -Path $genericFile.FullName $result.$environment += @{ DependsOn = $genericInfo.NonNodeData.Environment.CICD.DependsOn Branch = $genericInfo.NonNodeData.Environment.CICD.UseCodeBranch Approvers = $genericInfo.NonNodeData.Environment.CICD.Approvers } } } else { Write-Log -Object "No files found in '$Path' that match the pattern '$pattern'." -Failure } } else { Write-Log -Object "The path '$Path' does not exist." -Failure } return $result } #EndRegion './Public/Get-EnvironmentsGenericInfo.ps1' 62 #Region './Public/Get-ModulesFromBlobStorage.ps1' -1 function Get-ModulesFromBlobStorage { <# .SYNOPSIS Downloads all Microsoft365DSC dependencies from an Azure Blob Storage .DESCRIPTION This function downloads the zipped dependency modules corresponding to the required Microsoft365DSC version from an Azure Blob Storage, if available. The dependencies are then unzipped and copied to the PowerShell Modules folder. .PARAMETER ResourceGroupName The Azure Resource Group Name where the Storage Account is located .PARAMETER StorageAccountName The name of the Storage Account where the zip file will be downloaded from .PARAMETER ContainerName The name of the Container where the zip file will be downloaded from .PARAMETER Version The version of the Microsoft365DSC module for which the prerequisites should be retrieved .EXAMPLE Get-ModulesFromBlobStorage -ResourceGroupName 'MyResourceGroup' -StorageAccountName 'MyStorageAccount' -ContainerName 'MyContainer' -Version 1.23.530.1 #> [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.String] $ResourceGroupName, [Parameter(Mandatory = $true)] [System.String] $StorageAccountName, [Parameter(Mandatory = $true)] [System.String] $ContainerName, [Parameter(Mandatory = $true)] [System.String] $Version ) Write-Log -Object "Download dependencies from storage container for Microsoft365DSC v$Version." Write-Log -Object "Connecting to storage account '$StorageAccountName'" $storageAcc = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName Write-Log -Object 'Retrieving storage account context' $context = $storageAcc.Context Write-Log -Object 'Checking download folder existence' $destination = Join-Path -Path $env:TEMP -ChildPath 'M365DSCModules' if ((Test-Path -Path $destination) -eq $false) { Write-Log -Object "Creating destination folder: '$destination'" $null = New-Item -ItemType Directory -Path $destination } Write-Log -Object 'Downloading blob contents from the container' $prefix = 'M365DSCDependencies-' + ($Version -replace '\.', '_') $blobContent = Get-AzStorageBlob -Container $ContainerName -Context $context -Prefix $prefix if ($null -eq $blobContent) { Write-Log -Object "[ERROR] No files found that match the pattern: '$prefix'" -Failure return $false } else { Write-Log -Object "Downloading $($blobContent.Name) to $destination" $downloadFile = Join-Path -Path $destination -ChildPath $blobContent.Name if (Test-Path -Path $downloadFile) { Write-Log -Object "$downloadFile already exists. Removing!" Remove-Item -Path $downloadFile -Confirm:$false } $null = Get-AzStorageBlobContent -Container $ContainerName -Context $context -Blob $blobContent.Name -Destination $destination -Force Write-Log -Object "Extracting $($blobContent.Name)" $extractPath = Join-Path -Path $destination -ChildPath $Version.ToString() if (Test-Path -Path $extractPath) { Write-Log -Object "$extractPath already exists. Removing!" Remove-Item -Path $extractPath -Recurse -Confirm:$false } Expand-Archive -Path $downloadFile -DestinationPath $extractPath Write-Log -Object "Copying modules in $extractPath to 'C:\Program Files\WindowsPowerShell\Modules'" $downloadedModules = Get-ChildItem -Path $extractPath -Directory -ErrorAction SilentlyContinue foreach ($module in $downloadedModules) { $PSModulePath = Join-Path -Path "$($env:ProgramFiles)/WindowsPowerShell/Modules" -ChildPath $module.Name if (Test-Path -Path $PSModulePath) { Write-Log -Object "Removing existing module $($module.Name)" Remove-Item -Include '*' -Path $PSModulePath -Recurse -Force } Write-Log -Object "Deploying module $($module.Name)" $modulePath = Join-Path -Path $extractPath -ChildPath $module.Name $PSModulesPath = Join-Path -Path "$($env:ProgramFiles)/WindowsPowerShell" -ChildPath 'Modules' Copy-Item -Path $modulePath -Destination $PSModulesPath -Recurse -Container -Force } Write-Log -Object 'Removing temporary components' Remove-Item -Path $extractPath -Recurse -Confirm:$false Remove-Item -Path $destination -Recurse -Confirm:$false } return $true } #EndRegion './Public/Get-ModulesFromBlobStorage.ps1' 116 #Region './Public/Import-PSDataFile.ps1' -1 function Import-PSDataFile { <# .SYNOPSIS Imports a PowerShell Data File, without restriction on the file size. .DESCRIPTION This function imports PowerShell data files into a hashtable. It also validates the file to ensure that it is a valid PowerShell Data File. This function replaces the default Import-PowerShellDataFile function, since that has issues with files larger than 500 keys. .PARAMETER Path The path to the PSD1 file that will be imported. .EXAMPLE Import-PSDataFile -Path 'C:\Temp\reference.psd1' #> [CmdletBinding()] [OutputType([System.Collections.HashTable])] param ( [Parameter(Mandatory = $true)] [Microsoft.PowerShell.DesiredStateConfiguration.ArgumentToConfigurationDataTransformation()] [System.Collections.HashTable] $Path ) return $Path } #EndRegion './Public/Import-PSDataFile.ps1' 32 #Region './Public/Merge-DataFile.ps1' -1 function Merge-DataFile { <# .SYNOPSIS Merges two PowerShell Data File hashtables .DESCRIPTION This function merges two PowerShell Data file hashtables into one new one. The values in the Merge hashtable are overwriting any existing values in the Reference hashtable. .PARAMETER Reference The Reference hashtable that is used as the starting point .PARAMETER Merge The Merge hashtable that will be merged into the Reference hashtable. .EXAMPLE # Merges the Merge file into the Reference file $reference = Import-PowerShellDataFile -Path 'reference.psd1' $merge = Import-PowerShellDataFile -Path 'merge.psd1' Merge-DataFile -Reference $reference -Merge $merge #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.Collections.Hashtable] $Reference, [Parameter(Mandatory = $true)] [System.Collections.Hashtable] $Merge ) Begin { $script:level = 0 Write-LogEntry -Message 'Starting Data Merge' -Level $script:level $ref = $Reference.Clone() $mer = $Merge.Clone() } Process { $result = Merge-Hashtable -Reference $ref -Merge $mer } End { Write-LogEntry -Message 'Data Merge Completed' -Level $script:level return $result } } #EndRegion './Public/Merge-DataFile.ps1' 58 #Region './Public/Set-ADOEnvironment.ps1' -1 function Set-ADOEnvironment { <# .SYNOPSIS Checks if specified environments exist in Azure DevOps and creates them if they don't. .DESCRIPTION This function checks if the specified environments exist in Azure DevOps and creates them if they don't. It also checks if other configurations are set, like approvers pipeline permissions, etc. .PARAMETER Organization The name of the DevOps organization. .PARAMETER Project The name of the project in the DevOps organization. .PARAMETER ApiVersion The name of the to be used API version. .PARAMETER PAT The Personal Access Token to be used for authentication (if required). .PARAMETER TargetEnvironments The list of environments that should exist in the DevOps project. .PARAMETER Approvers The list of approvers for each environment. .PARAMETER DeploymentPipeline The name of the pipeline that should be granted permissions to access the environment. .PARAMETER ExecutionOrder The execution order of the approvals. .PARAMETER Instructions The instructions to be displayed to the approvers. .PARAMETER MinRequiredApprovers The minimum number of approvers required. .PARAMETER RequesterCannotBeApprover If the requester cannot be an approver. .PARAMETER Timeout The timeout for the approval. .EXAMPLE $environmentsConfig = @{ 'testenv' = @( @{ Principal = 'user@domain.com' Type = 'User' } @{ Principal = '[DevOps Project]\Project Administrators' Type = 'Group' } ) 'testenv2' = @( @{ Principal = 'admin@contoso.com' Type = 'User' } @{ Principal = '[DSC Project]\Project Administrators' Type = 'Group' } ) } Set-ADOEnvironment ` -Organization 'myorg' ` -Project 'myproject' ` -TargetEnvironments $environmentsConfig.Keys ` -Approvers $environmentsConfig ` -DeploymentPipeline 'mypipeline' ` -PAT '<pat>' #> [CmdletBinding(SupportsShouldProcess = $true)] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.String] $Organization, [Parameter(Mandatory = $true)] [System.String] $Project, [Parameter()] [System.String] $ApiVersion = '7.1-preview.1', [Parameter()] [System.String] $PAT, [Parameter(Mandatory = $true)] [System.Array] $TargetEnvironments, [Parameter(Mandatory = $true)] [System.Collections.Hashtable] $Approvers, [Parameter(Mandatory = $true)] [System.String] $DeploymentPipeline, [Parameter()] [System.String] $ExecutionOrder = 'anyOrder', [Parameter()] [System.String] $Instructions = 'Please approve if you agree with the deployment.', [Parameter()] [System.Int32] $MinRequiredApprovers = 1, [Parameter()] [System.Boolean] $RequesterCannotBeApprover = $false, [Parameter()] [System.Int32] $Timeout = 14400 ) #region Variables $devOpsVsspsOrgUrl = 'https://vssps.dev.azure.com/{0}' -f $Organization $devOpsOrgUrl = 'https://dev.azure.com/{0}' -f $Organization $devOpsProjectUrl = '{0}/{1}' -f $devOpsOrgUrl, $Project $apiVersionString = "api-version=$ApiVersion" $default = @{ ExecutionOrder = $ExecutionOrder Instructions = $Instructions MinRequiredApprovers = $MinRequiredApprovers RequesterCannotBeApprover = $RequesterCannotBeApprover Timeout = $Timeout } $approversDetails = @{} #endregion Variables #region Script Write-Log -Object 'Starting Pipeline Environments check' Write-Log -Object 'Creating Authorization token' $headers = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]' if ($PSBoundParameters.ContainsKey('PAT')) { Write-Log -Object ' Parameter PAT is specified, using that to authenticate' $authToken = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($PAT)")) $headers.Add('Authorization', ('Basic {0}' -f $authToken)) } else { Write-Log -Object ' Parameter PAT is NOT specified, using environment variable SYSTEM_ACCESSTOKEN to authenticate' $headers.Add('Authorization', ('Bearer {0}' -f $env:SYSTEM_ACCESSTOKEN)) } # https://learn.microsoft.com/en-us/rest/api/azure/devops/distributedtask/environments/list?view=azure-devops-rest-7.1 Write-Log -Object 'Retrieving all environments' $envUrl = '{0}/_apis/distributedtask/environments?{1}' -f $devOpsProjectUrl, $apiVersionString $currentEnvironments = Invoke-APRestApi -Uri $envUrl -Method 'GET' -Headers $headers $currentEnvironmentNames = $currentEnvironments.value | Select-Object -ExpandProperty Name Write-Log -Object "Check the differences between current ($($currentEnvironments.Count)) and target environments ($($TargetEnvironments.Count))" $createEnvironments = @() if ($null -eq $currentEnvironments -or $currentEnvironments.Count -eq 0) { $createEnvironments = $TargetEnvironments } else { $envDifferences = Compare-Object -ReferenceObject $TargetEnvironments -DifferenceObject $currentEnvironmentNames #-IncludeEqual switch ($envDifferences) { { $_.SideIndicator -eq '<=' } { $envName = $_.InputObject Write-Log -Object "Environment does not exist: $($envName)" $createEnvironments += $envName } { $_.SideIndicator -eq '=>' } { Write-Log -Object "Environment is not specified in target environments: $($_.InputObject)" -Warning } } } Write-Log -Object 'Creating all new environments' foreach ($environment in $createEnvironments) { Write-Log -Object " Creating new environment: $environment" $obj = @{ name = $environment description = "Environment for $($environment)" } $requestBody = ConvertTo-Json -InputObject $obj -Depth 10 if ($PSCmdlet.ShouldProcess($environment, 'Create Environment')) { $null = Invoke-APRestApi -Uri $envUrl -Method 'POST' -Headers $headers -Body $requestBody } } # https://learn.microsoft.com/en-us/rest/api/azure/devops/graph/users/list?view=azure-devops-rest-7.1 Write-Log -Object 'Getting all users' $usersUrl = '{0}/_apis/graph/users?{1}' -f $devOpsVsspsOrgUrl, $apiVersionString $allUsers = Invoke-APRestApi -Uri $usersUrl -Method 'GET' -Headers $headers Write-Log -Object 'Getting all groups' $groupsUrl = '{0}/_apis/graph/groups?{1}' -f $devOpsVsspsOrgUrl, $apiVersionString $allGroups = Invoke-APRestApi -Uri $groupsUrl -Method 'GET' -Headers $headers Write-Log -Object 'Getting details of approvers' foreach ($environment in $Approvers.GetEnumerator()) { Write-Log -Object "Processing approvers for environment: $($environment.Key)" $envApprovers = $environment.Value $approversDetails.$($environment.Key) = @() foreach ($approver in $envApprovers | Where-Object { $_.Type -eq 'User' }) { Write-Log -Object " Processing: '$($approver.Principal)'" $approveUser = $allUsers.value | Where-Object -FilterScript { $_.PrincipalName -eq $approver.Principal } if ($null -eq $approveUser) { Write-Log -Object " Approval User '$($approver.Principal)' not found!" -Failure return $false } $userDisplayName = $approveUser.displayName $storagekeyUrl = '{0}/_apis/graph/storagekeys/{2}?{1}' -f $devOpsVsspsOrgUrl, $apiVersionString, $approveUser.descriptor $userStoragekey = Invoke-APRestApi -Uri $storagekeyUrl -Method 'GET' -Headers $headers if ($null -eq $userStoragekey) { Write-Log -Object ' User descriptor not found!' -Failure return $false } $approversDetails.$($environment.Key) += [PSCustomObject]@{ DisplayName = $userDisplayName Descriptor = $userStoragekey.value } } foreach ($approver in $envApprovers | Where-Object { $_.Type -eq 'Group' }) { Write-Log -Object " Processing: '$($approver.Principal)'" $approveGroup = $allGroups.value | Where-Object -FilterScript { $_.PrincipalName -eq $approver.Principal } if ($null -eq $approveGroup) { Write-Log -Object " [ERROR] Approval Group '$($approver.Principal)' not found!" -Failure return $false } $groupDisplayName = $approveGroup.PrincipalName $storagekeyUrl = '{0}/_apis/graph/storagekeys/{2}?{1}' -f $devOpsVsspsOrgUrl, $apiVersionString, $approveGroup.descriptor $groupStoragekey = Invoke-APRestApi -Uri $storagekeyUrl -Method 'GET' -Headers $headers if ($null -eq $groupStoragekey) { Write-Log -Object ' Group descriptor not found!' -Failure return $false } $approversDetails.$($environment.Key) += [PSCustomObject]@{ DisplayName = $groupDisplayName Descriptor = $groupStoragekey.value } } } Write-Log -Object "Get Pipeline info for pipeline '$DeploymentPipeline'" $pipelineUrl = '{0}/_apis/pipelines?{1}' -f $devOpsProjectUrl, $apiVersionString $pipelines = $null $pipelines = Invoke-APRestApi -Uri $pipelineUrl -Method 'GET' -Headers $headers if ($null -eq $pipelines -or $pipelines.count -eq 0) { Write-Log -Object ' Pipeline not found' -Failure return $false } $pipeline = $pipelines.value | Where-Object { $_.name -eq $deploymentPipeline } # Retrieve all environments, including newly created ones. Write-Log -Object 'Refreshing all environments' $currentEnvironments = Invoke-APRestApi -Uri $envUrl -Method 'GET' -Headers $headers foreach ($environment in $currentEnvironments.value) { Write-Log -Object "Checking config for '$($environment.Name)'" $envId = $environment.id $envName = $environment.Name # https://learn.microsoft.com/en-us/rest/api/azure/devops/approvalsandchecks/check-configurations/get?view=azure-devops-rest-7.1 $envChecksUrl = '{0}/_apis/pipelines/checks/configurations?resourceType=environment&resourceId={2}&{1}' -f $devOpsProjectUrl, $apiVersionString, $envId $envChecks = $null $envChecks = Invoke-APRestApi -Uri $envChecksUrl -Method 'GET' -Headers $headers if ($null -ne $envChecks) { if ($envChecks.Count -ne 0) { Write-Log -Object ' Approval configured, checking configuration.' $checkId = $envChecks.value.Id $checkUrl = "{0}/_apis/pipelines/checks/configurations/{2}?`$expand=settings&{1}" -f $devOpsProjectUrl, $apiVersionString, $checkId $checkInfo = Invoke-APRestApi -Uri $checkUrl -Method 'GET' -Headers $headers if ($null -ne $checkInfo) { $settings = $checkInfo.settings $obj = @{ id = $checkId type = @{ id = '8C6F20A7-A545-4486-9777-F762FAFE0D4D' name = 'Approval' } settings = @{ approvers = @() blockApprovers = @() executionOrder = $default.ExecutionOrder instructions = $default.Instructions minRequiredApprovers = $default.MinRequiredApprovers requesterCannotBeApprover = $default.RequesterCannotBeApprover } resource = @{ type = 'environment' id = $envId name = $envName } timeout = $default.Timeout } $updateCheck = $false if ($settings.instructions -ne $default.Instructions) { Write-Log -Object " Parameter Instructions changed, updating. Old: $($settings.instructions), New: $($default.Instructions)" $updateCheck = $true } if ($settings.requesterCannotBeApprover -ne $default.RequesterCannotBeApprover) { Write-Log -Object " Parameter RequesterCannotBeApprover changed, updating. Old: $($settings.requesterCannotBeApprover), New: $($default.RequesterCannotBeApprover)" $updateCheck = $true } if ($settings.executionOrder -ne $default.ExecutionOrder) { Write-Log -Object " Parameter ExecutionOrder changed, updating. Old: $($settings.executionOrder), New: $($default.ExecutionOrder)" $updateCheck = $true } if ($settings.minRequiredApprovers -ne $default.MinRequiredApprovers) { Write-Log -Object " Parameter MinRequiredApprovers changed, updating. Old: $($settings.minRequiredApprovers), New: $($default.MinRequiredApprovers)" $updateCheck = $true } if ($checkInfo.timeout -ne $default.Timeout) { Write-Log -Object " Parameter TimeOut changed, updating. Old: $($checkInfo.timeout), New: $($default.Timeout)" $updateCheck = $true } if ($settings.approvers.Count -ne 0) { $approversDiff = Compare-Object -ReferenceObject $settings.approvers.id -DifferenceObject $approversDetails.$envName.Descriptor if ($null -ne $approversDiff) { Write-Log -Object ' Approvers changed, updating.' $updateCheck = $true } } else { Write-Log -Object ' Approvers changed, updating.' $updateCheck = $true } foreach ($approver in $approversDetails.$envName) { $obj.settings.approvers += @{ displayName = $approver.DisplayName id = $approver.Descriptor } } if ($updateCheck -eq $true) { Write-Log -Object ' Updating check configuration' $requestBody = ConvertTo-Json -InputObject $obj -Depth 10 $configUrl = '{0}/_apis/pipelines/checks/configurations/{2}?{1}' -f $devOpsProjectUrl, $apiVersionString, $checkId if ($PSCmdlet.ShouldProcess('Configurations', 'Configure approvals')) { $null = Invoke-APRestApi -Uri $configUrl -Method 'PATCH' -Headers $headers -Body $requestBody } } } else { Write-Log -Object ' No check information found!' } } else { Write-Log -Object ' No approval configured, configuring.' $obj = @{ type = @{ id = '8C6F20A7-A545-4486-9777-F762FAFE0D4D' name = 'Approval' } settings = @{ approvers = @() blockApprovers = @() executionOrder = $default.ExecutionOrder instructions = $default.Instructions minRequiredApprovers = $default.MinRequiredApprovers requesterCannotBeApprover = $default.RequesterCannotBeApprover } resource = @{ type = 'environment' id = $envId name = $envName } timeout = $default.Timeout } foreach ($approver in $approversDetails.$envName) { $obj.settings.approvers += @{ displayName = $approver.DisplayName id = $approver.Descriptor } } $requestBody = ConvertTo-Json -InputObject $obj -Depth 10 Write-Log -Object ' Creating check' $configUrl = '{0}/_apis/pipelines/checks/configurations?{1}' -f $devOpsProjectUrl, $apiVersionString if ($PSCmdlet.ShouldProcess('Configurations', 'Create approvals')) { $null = Invoke-APRestApi -Uri $configUrl -Method 'POST' -Headers $headers -Body $requestBody } } } else { Write-Log -Object ' Error while retrieving Environment Checks' -Failure return $false } Write-Log -Object ' Checking pipeline permissions to environment' $permissionsUrl = '{0}/_apis/pipelines/pipelinepermissions/environment/{2}?{1}' -f $devOpsProjectUrl, $apiVersionString, $envId $permissionsChecks = Invoke-APRestApi -Uri $permissionsUrl -Method 'GET' -Headers $headers if ($permissionsChecks.pipelines.count -eq 0) { Write-Log -Object ' Permissions not provided. Granting permissions!' $body = "{ 'pipelines':[{'id': $($pipeline.id), 'authorized': true}] }" if ($PSCmdlet.ShouldProcess($DeploymentPipeline, 'Granting pipeline permissions')) { $null = Invoke-APRestApi -Uri $permissionsUrl -Method 'PATCH' -Headers $headers -Body $body } } else { Write-Log -Object ' Permissions provided. Checking if correct pipeline!' foreach ($permission in $permissionsChecks.pipelines) { if ($permission.id -ne $pipeline.id -or $permission.authorized -ne $true) { $body = "{ 'pipelines':[{'id': $($pipeline.id), 'authorized': true}] }" if ($PSCmdlet.ShouldProcess($DeploymentPipeline, 'Granting pipeline permissions')) { $null = Invoke-APRestApi -Uri $permissionsUrl -Method 'PATCH' -Headers $headers -Body $body } } } } } Write-Log -Object 'Completed Pipeline Environments check' return $true #endregion Script } #EndRegion './Public/Set-ADOEnvironment.ps1' 500 #Region './Public/Set-PipelineYaml.ps1' -1 function Set-PipelineYaml { <# .SYNOPSIS Updates the environments parameter in the pipeline Yaml with the provided environments info. .DESCRIPTION This function updates the environments parameter in the provided pipeline Yaml with the provided environments info. .PARAMETER YamlPath The path to the pipeline Yaml file that has to get updated. .PARAMETER EnvironmentsInfo The environment details that is used to update the environments parameter. .EXAMPLE $envInfo = @{ Dev = @{ DependsOn = '' Branch = 'dev' } Test = @{ DependsOn = 'Dev' Branch = 'main' } Acceptance = @{ DependsOn = 'Test' Branch = 'main' } Production = @{ DependsOn = 'Acceptance' Branch = 'main' } } Set-PipelineYaml ` -YamlPath 'C:\Source\Demo\Pipelines\template.yaml' ` -EnvironmentsInfo = $envInfo #> [CmdletBinding(SupportsShouldProcess = $true)] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.String] $YamlPath, [Parameter(Mandatory = $true)] [System.Collections.Hashtable] $EnvironmentsInfo ) if (Test-Path -Path $YamlPath) { $yamlContent = Get-Content -Path $YamlPath -Raw $yamlObj = ConvertFrom-Yaml -Yaml $yamlContent -Ordered if ($yamlObj.Keys -contains 'parameters') { $envParameter = $yamlObj.parameters | Where-Object -FilterScript { $_.Name -eq 'Environments' } if ($null -ne $envParameter) { $defaults = $envParameter.default if ($null -eq $defaults) { $defaults = @() $currentEnvs = @() } else { $currentEnvs = $defaults.Name } [Array]$targetEnvs = $EnvironmentsInfo.Keys $diff = Compare-Object -ReferenceObject $currentEnvs -DifferenceObject $targetEnvs -IncludeEqual switch ($diff) { { $_.SideIndicator -eq '=>' } { $envName = $_.InputObject Write-Log -Object "Adding '$envName' to the pipeline Yaml file" $dependsOn = $EnvironmentsInfo.$envName.DependsOn if ([String]::IsNullOrEmpty($dependsOn)) { $dependsOn = $null } $defaults += [Ordered]@{ Name = $envName DependsOn = $dependsOn Branch = $EnvironmentsInfo.$envName.Branch } continue } { $_.SideIndicator -eq '<=' } { $envName = $_.InputObject Write-Log -Object "Removing '$envName' from the pipeline Yaml file" $defaults = $defaults | Where-Object { $_.Name -ne $envName } continue } { $_.SideIndicator -eq '==' } { $envName = $_.InputObject Write-Log -Object "Updating '$envName' in the pipeline Yaml file" $updateEnv = $defaults | Where-Object { $_.Name -eq $envName } $dependsOn = $EnvironmentsInfo.$envName.DependsOn if ([String]::IsNullOrEmpty($dependsOn)) { $dependsOn = $null } $updateEnv.DependsOn = $dependsOn $updateEnv.Branch = $EnvironmentsInfo.$envName.Branch continue } } $envParameter.default = $defaults if ($PSCmdlet.ShouldProcess($YamlPath, 'Update Yaml file')) { ConvertTo-Yaml $yamlObj -OutFile $YamlPath -Force } } else { Write-Log "Specified Yaml '$YamlPath' does not have an 'Environments' parameter!" -Failure return $false } } else { Write-Log "Specified Yaml '$YamlPath' does not have a 'parameters' value!" -Failure return $false } return $true } else { Write-Log "Specified YamlPath '$YamlPath' does not exist!" -Failure return $false } } #EndRegion './Public/Set-PipelineYaml.ps1' 145 #Region './Public/Test-IfModulesInBlobStorage.ps1' -1 function Test-IfModulesInBlobStorage { <# .SYNOPSIS Tests if a package with Microsoft365DSC dependencies exists in an Azure Blob Storage .DESCRIPTION This function tests if the zipped dependency modules corresponding to the required Microsoft365DSC version exists in the provided Azure Blob Storage. .PARAMETER ResourceGroupName The Azure Resource Group Name where the Storage Account is located .PARAMETER StorageAccountName The name of the Storage Account where the zip file will be downloaded from .PARAMETER ContainerName The name of the Container where the zip file will be downloaded from .PARAMETER Version The version of the Microsoft365DSC module for which the prerequisites should be tested .EXAMPLE Test-IfModulesInBlobStorage -ResourceGroupName 'MyResourceGroup' -StorageAccountName 'MyStorageAccount' -ContainerName 'MyContainer' -Version 1.23.530.1 #> [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.String] $ResourceGroupName, [Parameter(Mandatory = $true)] [System.String] $StorageAccountName, [Parameter(Mandatory = $true)] [System.String] $ContainerName, [Parameter(Mandatory = $true)] [System.String] $Version ) Write-Log -Object "Test if dependencies exist in storage container for Microsoft365DSC v$Version." Write-Log -Object "Connecting to storage account '$StorageAccountName'" $storageAcc = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName Write-Log -Object 'Retrieving storage account context' $context = $storageAcc.Context Write-Log -Object 'Downloading blob contents from the container' $prefix = 'M365DSCDependencies-' + ($Version -replace '\.', '_') $blobContent = Get-AzStorageBlob -Container $ContainerName -Context $context -Prefix $prefix if ($null -eq $blobContent) { Write-Log -Object "[ERROR] No files found that match the pattern: '$prefix'" return $false } else { Write-Log -Object "[ERROR] No files found that match the pattern: '$prefix'" -Failure return $true } } #EndRegion './Public/Test-IfModulesInBlobStorage.ps1' 70 #Region './Public/Test-M365PowerShellDataFile.ps1' -1 function Test-M365PowershellDataFile { <# .Synopsis Tests the specified object against the information defined in the ExampleData from the M365DSC.CompositeResources module. .Description This function tests the specified object against the information defined in the ExampleData from the M365DSC.CompositeResources module. It creates a Pester test to check if the specified data and types are correct, as specified in the example data. .Parameter InputObject The object that contains the data object that needs to be tested .Parameter PesterScript Specify if the created Pester scripts will be displayed or not. .Parameter Exclude_Required All required items that have to be ignored, for example the UniqueID parameter. .Parameter Exclude_AvailableAsResource All items that are available as a resource and have to be ignored. .Parameter IgnoreRequired Specifies that the Required parameters should not be checked. Used with the individual data files. .Example Test-M365PowershellDataFile -InputObject $M365DSCData -PesterScript .Example Test-M365PowershellDataFile -InputObject $M365DSCData -PesterScript -IgnoreRequired #> [CmdletBinding()] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', '')] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $True)] $InputObject, [Parameter()] [Switch] $PesterScript, [Parameter()] [System.Array] $Exclude_Required, [Parameter()] [System.Array] $Exclude_AvailableAsResource, [Parameter()] [Switch] $IgnoreRequired ) begin { # Test if the ObjectGraphTools module is loaded and the class is available if (-not ([System.Management.Automation.PSTypeName]'PSNode').Type) { Import-Module ObjectGraphTools -Force } } process { $Leaf_Parents = [System.Collections.Generic.List[String]]::new() # Load Example data from module M365DSC.CompositeResources $Obj_M365DataExample = Import-PSDataFile -Path (((Get-Module -ListAvailable M365DSC.CompositeResources).path | Split-Path) + '\M365ConfigurationDataExample.psd1') $Node_Root = $InputObject | Get-Node $Pester_Config = @( '#Requires -Modules Pester' "Describe '--- Check M365-DSC-CompositeResources configuration ---' {" #NonNodeData $Node_NonNodeData = $Node_Root._('NonNodedata') ($Node_NonNodeData | Get-ChildNode).ForEach{ " Context '{0}' {{" -f $_.name ($_ | Get-ChildNode).foreach{ " It '{0}' {{" -f $_.name ($_ | Get-ChildNode -Recurse -Leaf).ForEach{ # First Time in this parent Leaf node if ( $Leaf_Parents -notcontains ($_.parentnode.PathName) ) { $Leaf_Parents.add($_.parentnode.PathName) $Obj_Ref = Get-RefNodeExampleData -node $_.ParentNode -ReferenceObject $Obj_M365DataExample if ($null -ne $Obj_Ref) { $Required = $Obj_Ref.GetEnumerator() | Where-Object { $_.value -like '*| Required |*' } $Available = $_.parentnode.ChildNodes.name foreach ( $Item in $Required.name ) { if ( $Available -notcontains $Item -and $Exclude_Required -notContains $item -and $PSBoundParameters.ContainsKey('IgnoreRequired') -eq $false ) { " `$InputObject.{0}.{1} | Should -Not -BeNullOrEmpty -Because 'parameter {1} is required for {0}'" -f $_.parentnode.pathname, $Item } } } } if ($_.value -and ($Exclude_AvailableAsResource -notcontains $_.name )) { $Obj_Ref = Get-RefNodeExampleData -node $_ -ReferenceObject $Obj_M365DataExample # Type validation if ($Obj_Ref.type) { " `$InputObject.{0} | {1}" -f $_.Pathname, $(Convert-PesterType $Obj_Ref.type) } # validationSet validation if ($Obj_Ref.ValidateSet) { " `$InputObject.{0} | should -beIn {1}" -f $_.Pathname, $Obj_Ref.ValidateSet } # No Ref data if (-not $Obj_Ref.type) { '" [-] {0} [not availabe as a Composite Resource]"| write-host -ForegroundColor darkyellow' -f $_.Pathname } } } ' }' } ' }' } '}' ) # Save for execute $Pester_Script = New-TemporaryFile | Rename-Item -NewName { [IO.Path]::ChangeExtension($_, '.tests.ps1') } -PassThru $Pester_Config | Out-File $Pester_Script -Force -Confirm:$false -Encoding:ascii # Show Result Pester Script in a VScode window if ($PesterScript) { psedit $Pester_Script } # Execute pester script $Params = [ordered]@{ Path = $Pester_Script } $Container = New-PesterContainer @Params $Configuration = [PesterConfiguration]@{ Run = @{ Container = $Container PassThru = $true } Should = @{ ErrorAction = "continue" } Output = @{ Verbosity = 'Detailed' StackTraceVerbosity = "Firstline" } } $result = Invoke-Pester -Configuration $Configuration # Clean temp file Remove-Item -Path $Pester_Script -Force -ErrorAction SilentlyContinue return $result } } #EndRegion './Public/Test-M365PowerShellDataFile.ps1' 184 #Region './Public/Write-Log.ps1' -1 function Write-Log { <# .SYNOPSIS Dispatches log information .DESCRIPTION Write log information to the console so that it can be picked up by the deployment system The information written to the (host) display uses the following format: yyyy-MM-dd HH:mm:ss [Labels[]]<ScriptName>: <Message> Where: * yyyy-MM-dd HH:mm:ss is the sortable date/time where the log entry occurred * [Labels[]] represents one or more of the following colored labels: [ERROR] [FAILURE] [WARNING] [INFO] [DEBUG] [VERBOSE] [WHATIF] Note that each label could be combined with another label except for the [ERROR] and [FAILURE] which are exclusive and the [INFO] label which only set if none of the other labels applies (See also the -Warning and -Failure parameter) * <ScriptName> represents the script that called this Write-Log cmdlet * <Message> is a string representation of the -Object parameter Note that if the -Object contains an [ErrorRecord] type, the error label is set and the error record is output in a single line: at <LineNumber> char:<Offset> <Error Statement> <Error Message> Where: * <LineNumber> represents the line where the error occurred * <Offset> represents the offset in the line where the error occurred * <Error Statement> represents the statement that caused the error * <error message> represents the description of the error .PARAMETER Object Writes the object as a string to the host from a script or command. If the object is of an [ErrorRecord] type, the [ERROR] label will be added and the error name and position are written to the host from a script or command unless the $ErrorPreference is set to SilentlyContinue. .PARAMETER Warning Writes warning messages to the host from a script or command unless the $WarningPreference is set to SilentlyContinue. .PARAMETER Failure Writes failure messages to the host from a script or command unless the $ErrorPreference is set to SilentlyContinue. Note that the common parameters -Debug and -Verbose have a simular behavor as the -Warning and -Failure Parameter and will not be shown if the corresponding $<name>preference variable is set to 'SilentlyContinue'. .PARAMETER Path The path to a log file. If set, all the output is also sent to a log file for all the following log commands. Use an empty path to stop file logging for the current session: `-Path ''` Note that environment variables (as e.g. '%Temp%\My.Log') are expanded. .PARAMETER Tee Logs (displays) the output and also sends it down the pipeline. .PARAMETER WriteActivity By default, the current activity (message) is only exposed (using the Write-Progress cmdlet) when it is invoked from the deployment system. This switch (-WriteActivity or -WriteActivity:$False) will overrule the default behavior. .PARAMETER WriteEvent When set, this cmdlet will also write the message to the Windows Application EventLog. Where: * If the [EventSource] parameter is ommited, the Source will be "Automation" * The Category represents the concerned labels: Info = 0 Verbose = 1 Debug = 2 WhatIf = 4 Warning = 8 Failure = 16 Error = 32 * The Message is a string representation of the object * If [EventId] parameter is ommited, the EventID will be a 32bit hashcode based on the message * EventType is "Error" in case of an error or when the -Failure parameter is set, otherwise "Warning" if the -Warning parameter is set and "Information" by default. Note 1: logging Windows Events, requires elevated rights if the event source does not yet exist. Note 2: This parameter is not required if the [EventSource] - or [EventId] parameter is supplied. .PARAMETER EventSource When defined, this cmdlet will also write the message to the given EventSource in the Windows Application EventLog. For details see the [WriteEvent] parameter. .PARAMETER EventId When defined, this cmdlet will also write the message Windows Application EventLog using the specified EventId. For details see the [WriteEvent] parameter. .PARAMETER Type This parameter will show if the log information is from type INFO, WARNING or Error. * Warning: this parameter is depleted, use the corresponding switch as e.g. `-Warning`. .PARAMETER Message This parameter contains the message that wil be shown. * Warning: this parameter is depleted, use the `-Object` parameter instead. .PARAMETER FilePath This parameter contains the log file path. * Warning: this parameter is depleted, use the `-Path` parameter instead. .EXAMPLE # Log a message Displays the following entry and updates the progress activity in the deployment system: Write-Log 'Deploying VM' 2022-08-10 11:56:12 [INFO] MyScript: Deploying VM .EXAMPLE # Log and save a warning Displays `File not found` with a `[WARNING]` as shown below, updates the progress activity in the deployment system. Besides, it writes the warning to the file: c:\temp\log.txt and create and add an entry to the EventLog. Write-Log -Warning 'File not found' -Path c:\temp\log.txt -WriteEvent 2022-08-10 12:03:51 [WARNING] MyScript: File not found .EXAMPLE # Log and capture a message Displays `my message` as shown below and capture the message in the `$Log` variable. $Log = Write-Log 'My message' -Tee 2022-08-10 12:03:51 [INFO] MyScript: File not found #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '')] [CmdletBinding(DefaultParameterSetName = 'Warning')] param ( [Parameter(ParameterSetName = 'Warning', Position = 0, ValueFromPipeline = $true)] [Parameter(ParameterSetName = 'Failure', Position = 0, ValueFromPipeline = $true)] $Object, [Parameter(ParameterSetName = 'Warning')] [switch] $Warning, [Parameter(ParameterSetName = 'Failure')] [switch] $Failure, [Parameter(ParameterSetName = 'Warning')] [Parameter(ParameterSetName = 'Failure')] [string] $Path, [Parameter(ParameterSetName = 'Warning')] [Parameter(ParameterSetName = 'Failure')] [switch] $WriteActivity, [Parameter(ParameterSetName = 'Warning')] [Parameter(ParameterSetName = 'Failure')] [switch] $WriteEvent, [Parameter(ParameterSetName = 'Warning')] [Parameter(ParameterSetName = 'Failure')] [string] $EventSource = 'Automation', [Parameter(ParameterSetName = 'Warning')] [Parameter(ParameterSetName = 'Failure')] [int] $EventId = -1, [Parameter(ParameterSetName = 'Warning')] [Parameter(ParameterSetName = 'Failure')] [switch] $Tee, [Parameter(ParameterSetName = 'Legacy', Position = 0, Mandatory = $true)] [Validateset('INFO', 'WARNING', 'ERROR', 'DEBUG')] [Alias('LogType')][string] $Type, [Parameter(ParameterSetName = 'Legacy', Position = 1, Mandatory = $true)] [string]$Message, [Parameter(ParameterSetName = 'Legacy')] [Alias('LogPath')][string] $FilePath ) begin { if (!$Global:WriteLog) { $Global:WriteLog = @{} } $PSCallStack = Get-PSCallStack $Commands = @($PSCallStack.Command) $Me = $Commands[0] $Caller = if ($Commands -gt 1) { $Commands[1..($Commands.Length)].where({ $_ -ne $Me }, 'First') } if (!$Caller) { $Caller = '' } # Prevent that the array index evaluates to null. $MeAgain = $Commands -gt 2 -and $Commands[2] -eq $Me if (!$Global:WriteLog.Contains($Caller)) { # if ($PSCmdlet.ParameterSetName -eq 'Legacy') { # Write-Log -Warning "Use the new implementation: $($MyInvocation.MyCommand) [-Warning|-Failure] 'message'" # } $Global:WriteLog[$Caller] = @{} } if ($PSCmdlet.ParameterSetName -eq 'Legacy') { switch ($Type) { 'INFO' { $TypeColor = 'Green'; $ThrowError = $false } 'WARNING' { $TypeColor = 'Yellow'; $ThrowError = $false } 'DEBUG' { $TypeColor = 'Cyan'; $ThrowError = $false } 'ERROR' { $TypeColor = 'Red'; $ThrowError = $true } } $ChunksEntry = $(Get-Date -Format '[dd-MM-yyyy][HH:mm:ss]') + $('[' + $Type.padright(7) + '] ') # Exit script if "$Type -eq "DEBUG" -and $VerbosePreference -eq "SilentlyContinue" if ($Type -eq 'DEBUG' -and $VerbosePreference -eq 'SilentlyContinue') { return } Write-Host $ChunksEntry -ForegroundColor $TypeColor -NoNewline if ($ThrowError) { Write-Error $Message } else { Write-Host $Message } if ($FilePath) { Try { $($ChunksEntry + $Message) | Out-File -FilePath $FilePath -Append } Catch { Write-Log -Warning "Can not write to logfile $FilePath" } } } else { [Flags()] enum EventFlag { Info = 0 Verbose = 1 Debug = 2 WhatIf = 4 Warning = 8 Failure = 16 Error = 32 } $IsVerbose = $PSBoundParameters.Verbose.IsPresent $VerboseMode = $IsVerbose -and $PSCmdlet.SessionState.PSVariable.Get('VerbosePreference').Value -ne 'SilentlyContinue' $IsDebug = $PSBoundParameters.Debug.IsPresent $DebugMode = $IsDebug -and $PSCmdlet.SessionState.PSVariable.Get('DebugPreference').Value -ne 'SilentlyContinue' $WhatIfMode = $PSCmdlet.SessionState.PSVariable.Get('WhatIfPreference').Value $WriteEvent = $WriteEvent -or $PSBoundParameters.ContainsKey('EventSource') -or $PSBoundParameters.ContainsKey('EventID') if ($PSBoundParameters.ContainsKey('Path')) { $Global:WriteLog[$Caller].Path = [System.Environment]::ExpandEnvironmentVariables($Path) } # Reset with: -Path '' } function WriteLog { if ($Failure -and !$Object) { $Object = if ($Error.Count) { $Error[0] } else { '<No error found>' } } $IsError = $Object -is [System.Management.Automation.ErrorRecord] $Category = [EventFlag]::new(); $EventType = 'Information' if ($ErrorPreference -ne 'SilentlyContinue' -and $IsError) { $Category += [EventFlag]::Error } if ($ErrorPreference -ne 'SilentlyContinue' -and $Failure) { $Category += [EventFlag]::Failure } if ($WarningPreference -ne 'SilentlyContinue' -and $Warning) { $Category += [EventFlag]::Warning } if ($IsDebug) { $Category += [EventFlag]::Debug } if ($IsVerbose) { $Category += [EventFlag]::Verbose } if ($WhatIfMode) { $Category += [EventFlag]::WhatIf } $IsInfo = !$Category $ColorText = [System.Collections.Generic.List[HashTable]]::new() $ColorText.Add( @{ Object = Get-Date -Format 'yyyy-MM-dd HH:mm:ss ' } ) if ($IsError) { $ColorText.Add(@{ BackgroundColor = 'Red'; ForegroundColor = 'Black'; Object = '[ERROR]' }) } elseif ($Failure) { $ColorText.Add(@{ BackgroundColor = 'Red'; ForegroundColor = 'Black'; Object = '[FAILURE]' }) } if ($Warning) { $ColorText.Add(@{ BackgroundColor = 'Yellow'; ForegroundColor = 'Black'; Object = '[WARNING]' }) } if ($IsInfo) { $ColorText.Add(@{ BackgroundColor = 'Green'; ForegroundColor = 'Black'; Object = '[INFO]' }) } if ($IsDebug) { $ColorText.Add(@{ BackgroundColor = 'Cyan'; ForegroundColor = 'Black'; Object = '[DEBUG]' }) } if ($IsVerbose) { $ColorText.Add(@{ BackgroundColor = 'Blue'; ForegroundColor = 'Black'; Object = '[VERBOSE]' }) } if ($WhatIfMode) { $ColorText.Add(@{ BackgroundColor = 'Magenta'; ForegroundColor = 'Black'; Object = '[WHATIF]' }) } if ($Caller -and $Caller -ne '<ScriptBlock>') { $ColorText.Add( @{ Object = " $($Caller):" } ) } $ColorText.Add( @{ Object = ' ' } ) if ($IsError) { $Info = $Object.InvocationInfo $ColorText.Add(@{ BackgroundColor = 'Black'; ForegroundColor = 'Red'; Object = " $Object" }) $ColorText.Add(@{ Object = " at $($Info.ScriptName) line:$($Info.ScriptLineNumber) char:$($Info.OffsetInLine) " }) $ColorText.Add(@{ BackgroundColor = 'Black'; ForegroundColor = 'White'; Object = $Info.Line.Trim() }) } elseif ($Failure) { $ColorText.Add(@{ ForegroundColor = 'Red'; Object = $Object; BackgroundColor = 'Black' }) } elseif ($Warning) { $ColorText.Add(@{ ForegroundColor = 'Yellow'; Object = $Object }) } elseif ($DebugMode) { $ColorText.Add(@{ ForegroundColor = 'Cyan'; Object = $Object }) } elseif ($VerboseMode) { $ColorText.Add(@{ ForegroundColor = 'Green'; Object = $Object }) } else { $ColorText.Add(@{ Object = $Object }) } foreach ($ColorItem in $ColorText) { Write-Host -NoNewline @ColorItem } Write-Host # New line if ($Tee) { -Join $ColorText.Object } $Message = -Join $ColorText[1..99].Object # Skip the date/time if ($WriteActivity) { Write-Progress -Activity $Message } if ($WriteEvent) { $SourceExists = Try { [System.Diagnostics.EventLog]::SourceExists($EventSource) } Catch { $False } if (!$SourceExists) { $WindowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent() $WindowsPrincipal = [System.Security.Principal.WindowsPrincipal]::new($WindowsIdentity) if ($WindowsPrincipal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)) { New-EventLog -LogName 'Application' -Source $EventSource $SourceExists = Try { [System.Diagnostics.EventLog]::SourceExists($EventSource) } Catch { $False } } else { Write-Log -Warning "The EventLog ""$EventSource"" should exist or administrator rights are required" } } if ($SourceExists) { if ($EventID -eq -1) { $EventID = if ($Null -ne $Object) { "$Object".GetHashCode() -bAnd 0xffff } Else { 0 } } $EventType = if ($Category.HasFlag([EventFlag]::Error)) { 'Error' } elseif ($Category.HasFlag([EventFlag]::Failure)) { 'Error' } elseif ($Category.HasFlag([EventFlag]::Warning)) { 'Warning' } else { 'Information' } Write-EventLog -LogName 'Application' -Source $EventSource -Category $Category -EventId $EventId -EntryType $EventType -Message $Message } } if ($Global:WriteLog[$Caller].Path) { Try { Add-Content -Path $Global:WriteLog[$Caller].Path -Value (-Join $ColorText.Object) } Catch { Write-Log -Warning "Can not write to logfile $FilePath" } } } } process { if ($PSCmdlet.ParameterSetName -ne 'Legacy' -and !$MeAgain) { if (!$IsVerbose -and !$IsDebug) { WriteLog } elseif ($VerboseMode) { WriteLog } elseif ($DebugMode) { WriteLog } } } } #EndRegion './Public/Write-Log.ps1' 518 |