DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1
function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [Parameter(Mandatory = $true)] [System.String] $ResourceTypeName, [Parameter(Mandatory = $true)] [System.String] $RuleDefinition, [Parameter()] [System.String] $RuleName, [Parameter()] [System.String] $AfterRuleCountQuery, [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity, [Parameter()] [System.String[]] $AccessTokens ) return $null } function Set-TargetResource { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String] $ResourceTypeName, [Parameter(Mandatory = $true)] [System.String] $RuleDefinition, [Parameter()] [System.String] $RuleName, [Parameter()] [System.String] $AfterRuleCountQuery, [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity, [Parameter()] [System.String[]] $AccessTokens ) # Not Implemented } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.String] $ResourceTypeName, [Parameter(Mandatory = $true)] [System.String] $RuleDefinition, [Parameter()] [System.String] $RuleName, [Parameter()] [System.String] $AfterRuleCountQuery, [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity, [Parameter()] [System.String[]] $AccessTokens ) #region Telemetry $CurrentResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $CurrentResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion Write-Verbose -Message 'Testing configuration of AzureAD Tenant Details' $Global:PartialExportFileName = "$((New-Guid).ToString()).partial" $module = Join-Path -Path $PSScriptRoot -ChildPath "..\MSFT_$ResourceTypeName\MSFT_$ResourceTypeName.psm1" -Resolve if ($null -ne $module) { $params = @{ Credential = $PSBoundParameters.Credential ApplicationId = $PSBoundParameters.ApplicationId TenantId = $PSBoundParameters.TenantId CertificateThumbprint = $PSBoundParameters.CertificateThumbprint ManagedIdentity = $PSBoundParameters.ManagedIdentity } if ($null -ne $PSBoundParameters.ApplicationSecret) { $params.Add('ApplicationSecret', $PSBoundParameters.ApplicationSecret) } if ($null -ne $PSBoundParameters.AccessTokens) { $params.Add('AccessTokens', $PSBoundParameters.AccessTokens) } Write-Verbose -Message "Importing module from Path {$($module)}" Import-Module $module -Force -Function 'Export-TargetResource' | Out-Null $cmdName = "MSFT_$ResourceTypeName\Export-TargetResource" [Array]$instances = &$cmdName @params $DSCStringContent = @" # Generated with Microsoft365DSC version 1.23.906.1 # For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC param ( ) Configuration M365TenantConfig { param ( ) `$OrganizationName = `$ConfigurationData.NonNodeData.OrganizationName Import-DscResource -ModuleName 'Microsoft365DSC' Node localhost { $instances } } M365TenantConfig -ConfigurationData .\ConfigurationData.psd1 "@ Write-Verbose -Message 'Converting the retrieved instances into DSC Objects' $DSCConvertedInstances = ConvertTo-DSCObject -Content $DSCStringContent Write-Verbose -Message "Successfully converted {$($DSCConvertedInstances.Length)} DSC Objects." Write-Verbose -Message 'Querying DSC Objects for invalid instances based on the specified Rule Definition.' if ($RuleDefinition -eq '*') { [Array]$instances = $DSCConvertedInstances Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule." } else { $queryBlock = [Scriptblock]::Create($RuleDefinition) [Array]$instances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule." } $result = ($instances.Length - $DSCConvertedInstances.Length) -eq 0 $message = [System.Text.StringBuilder]::New() [void]$message.AppendLine('<M365DSCRuleEvaluation>') [void]$message.AppendLine(" <RuleName>$RuleName</RuleName>") [void]$message.AppendLine(" <ResourceName>$ResourceTypeName</ResourceName>") [void]$message.AppendLine(" <RuleDefinition>$RuleDefinition</RuleDefinition>") if ($instances.Length -eq 0) { [array]$invalidInstances = $DSCConvertedInstances.ResourceInstanceName [void]$message.AppendLine(' <AfterRuleCount></AfterRuleCount>') [void]$message.AppendLine(' <Match></Match>') } else { if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery)) { [void]$message.AppendLine(' <AfterRuleCount>') [void]$message.AppendLine(" <Query>$AfterRuleCountQuery</Query>") Write-Verbose -Message 'Checking the After Rule Count Query' $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery" $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString) $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock) [array]$validInstances = $instances.ResourceInstanceName [array]$invalidInstances = $DSCConvertedInstances.ResourceInstanceName | Where-Object -FilterScript { $_ -notin $validInstances } if (-not $result) { [void]$message.AppendLine(' <MetQuery>False</MetQuery>') [void]$message.AppendLine(' </AfterRuleCount>') if ($validInstances.Count -gt 0) { [void]$message.AppendLine(' <Match>') foreach ($validInstance in $validInstances) { [void]$message.AppendLine(" <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>") } [void]$message.AppendLine(' </Match>') } else { [void]$message.AppendLine(' <Match></Match>') } } else { [void]$message.AppendLine(' <MetQuery>True</MetQuery>') [void]$message.AppendLine(' </AfterRuleCount>') [void]$message.AppendLine(' <Match>') foreach ($validInstance in $validInstances) { [void]$message.AppendLine(" <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>") } [void]$message.AppendLine(' </Match>') } } else { [void]$message.AppendLine(' <AfterRuleCount></AfterRuleCount>') $compareInstances = @() $compareInstances += Compare-Object -ReferenceObject $DSCConvertedInstances.ResourceInstanceName -DifferenceObject $instances.ResourceInstanceName -IncludeEqual if ($compareInstances.Count -gt 0) { [array]$validInstances = $($compareInstances | Where-Object -FilterScript { $_.SideIndicator -eq '==' }).InputObject [array]$invalidInstances = $($compareInstances | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject } else { [array]$validInstances = @() [array]$invalidInstances = [array]$DSCConvertedInstances.ResourceInstanceName } if ($validInstances.Count -gt 0) { [void]$message.AppendLine(' <Match>') foreach ($validInstance in $validInstances) { [void]$message.AppendLine(" <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>") } [void]$message.AppendLine(' </Match>') } else { [void]$message.AppendLine(' <Match></Match>') } } } # Log drifts for each invalid instances found. if ($invalidInstances.Count -gt 0) { [void]$message.AppendLine(' <NotMatch>') foreach ($invalidInstance in $invalidInstances) { [void]$message.AppendLine(" <ResourceInstanceName>[$ResourceTypeName]$invalidInstance</ResourceInstanceName>") } [void]$message.AppendLine(' </NotMatch>') } else { [void]$message.AppendLine(' <NotMatch></NotMatch>') } [void]$message.AppendLine('</M365DSCRuleEvaluation>') $Parameters = @{ Message = $message.ToString() EventType = 'RuleEvaluation' EventID = 1 Source = $CurrentResourceName } if (-not $result) { $Parameters.Add('EntryType', 'Warning') } else { $Parameters.Add('EntryType', 'Information') } Add-M365DSCEvent @Parameters Write-Verbose -Message "Test-TargetResource returned $result" return $result } } function Export-TargetResource { [CmdletBinding()] [OutputType([System.String])] param ( [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity, [Parameter()] [System.String[]] $AccessTokens ) Write-Host "`r`n" -NoNewline return $null } Export-ModuleMember -Function *-TargetResource |