functions/entitlementManagement/accessPackageAssignmentPolicies/Invoke-TmfAccessPackageAssignmentPolicy.ps1
|
function Invoke-TmfAccessPackageAssignmentPolicy { <# .SYNOPSIS Performs the required actions for a resource type against the connected Tenant. #> [CmdletBinding()] Param ( [string[]] $SpecificResources, [string[]] $SourceFile, [string[]] $SourceConfig, [switch] $Confirm = $false, [System.Management.Automation.PSCmdlet] $Cmdlet = $PSCmdlet ) begin { $resourceName = "accessPackageAssignmentPolicies" if (!$script:desiredConfiguration[$resourceName]) { Stop-PSFFunction -String "TMF.NoDefinitions" -StringValues "AccessPackageAssignmentPolicies" return } Test-GraphConnection -Cmdlet $Cmdlet $tenant = (Invoke-MgGraphRequest -Method GET -Uri ("$script:graphBaseUrl/organization?`$select=displayname,id")).value if (($SpecificResources -and $SourceFile -and $SourceConfig) -or ($SpecificResources -and $SourceFile) -or ($SourceFile -and $SourceConfig)) { $exception = New-Object System.Data.DataException("Multiple filters are not supported. You can only filter by one type, sourceFile or sourceConfig or specificResources!") $errorID = "MultipleFiltersNotSupported" $category = [System.Management.Automation.ErrorCategory]::NotSpecified $recordObject = New-Object System.Management.Automation.ErrorRecord($exception, $errorID, $category, $Cmdlet) $cmdlet.ThrowTerminatingError($recordObject) } function ConvertTo-RequestBody { Param ( $TestResult ) $requestBody = @{ "displayName" = $TestResult.DesiredConfiguration.displayName "description" = $TestResult.DesiredConfiguration.description "allowedTargetScope" = $TestResult.DesiredConfiguration.allowedTargetScope "accessPackage" = @{ "id" = $TestResult.DesiredConfiguration.accessPackageId() } } foreach ($property in @("expiration","reviewSettings", "requestorSettings", "requestApprovalSettings", "specificAllowedTargets", "automaticRequestSettings")) { switch ($property) { "specificAllowedTargets" { if (($Testresult.DesiredConfiguration | Get-Member).name -contains $property) { $requestBody[$property] = @($TestResult.DesiredConfiguration.$property | Foreach-Object { $_.prepareBody() }) } } "requestApprovalSettings" { if ((Get-Member -InputObject $TestResult.DesiredConfiguration).Name -contains $property) { $requestBody[$property] = $TestResult.DesiredConfiguration.$property.PSObject.Copy() if ($requestBody[$property]["stages"]) { $requestBody[$property]["stages"] = @($requestBody[$property]["stages"].PSObject.Copy() | Foreach-Object { $stage = $_ "primaryApprovers", "escalationApprovers", "fallbackPrimaryApprovers", "fallbackEscalationApprovers" | Where-Object { $_ -in $requestBody[$property]["stages"].Keys } | Foreach-Object { $stage[$_] = @($stage[$_] | Foreach-Object { $_.prepareBody() }) } $stage }) } } } "reviewSettings" { if ((Get-Member -InputObject $TestResult.DesiredConfiguration).Name -contains $property) { $requestBody[$property] = $TestResult.DesiredConfiguration.$property.PSObject.Copy() if ($TestResult.DesiredConfiguration.$property.primaryReviewers) { $requestBody[$property]["primaryReviewers"] = @($TestResult.DesiredConfiguration.$property.primaryReviewers | Foreach-Object { $_.prepareBody() }) } if ($TestResult.DesiredConfiguration.$property.fallbackReviewers) { $requestBody[$property]["fallbackReviewers"] = @($TestResult.DesiredConfiguration.$property.fallbackReviewers | Foreach-Object { $_.prepareBody() }) } } } "requestorSettings" { if ((Get-Member -InputObject $TestResult.DesiredConfiguration).Name -contains $property) { $requestBody[$property] = $TestResult.DesiredConfiguration.$property.PSObject.Copy() if ($TestResult.DesiredConfiguration.$property.onBehalfRequestors) { $requestBody[$property]["onBehalfRequestors"] = @($TestResult.DesiredConfiguration.$property.onBehalfRequestors | ForEach-Object { $_.prepareBody() }) } } } default { if ((Get-Member -InputObject $TestResult.DesiredConfiguration).Name -contains $property) { $requestBody[$property] = $TestResult.DesiredConfiguration.$property.PSObject.Copy() } } } } return $requestBody } } process { if (Test-PSFFunctionInterrupt) { return } if (-not $Confirm) { Write-PSFMessage -Level Host -FunctionName "Invoke-TmfAccessPackageAssignmentPolicy" -String "TMF.TenantInformation" -StringValues $tenant.displayName, $tenant.Id if ((Read-Host "Is this the correct tenant? [y/n]") -notin @("y","Y")) { Write-PSFMessage -Level Error -String "TMF.UserCanceled" throw "Connected to the wrong tenant." } if ($SpecificResources) { Write-PSFMessage -Level Host -FunctionName "Invoke-TmfAccessPackageAssignmentPolicy" -String "TMF.Invoke.Confirmed" -StringValues "accessPackageAssignmentPolicy configuration for resources: $($SpecificResources -join ",")" $testResults = Test-TmfAccessPackageAssignmentPolicy -SpecificResources $SpecificResources -RawOutput -Cmdlet $Cmdlet } elseif ($SourceFile) { Write-PSFMessage -Level Host -FunctionName "Invoke-TmfAccessPackageAssignmentPolicy" -String "TMF.Invoke.Confirmed" -StringValues "accessPackageAssignmentPolicy configuration for SourceFile(s): $($SourceFile -join ",")" $testResults = Test-TmfAccessPackageAssignmentPolicy -SourceFile $SourceFile -RawOutput -Cmdlet $Cmdlet } elseif ($SourceConfig) { Write-PSFMessage -Level Host -FunctionName "Invoke-TmfAccessPackageAssignmentPolicy" -String "TMF.Invoke.Confirmed" -StringValues "accessPackageAssignmentPolicy configuration for SourceConfig(s): $($SourceConfig -join ",")" $testResults = Test-TmfAccessPackageAssignmentPolicy -SourceConfig $SourceConfig -RawOutput -Cmdlet $Cmdlet } else { Write-PSFMessage -Level Host -FunctionName "Invoke-TmfAccessPackageAssignmentPolicy" -String "TMF.Invoke.Confirmed" -StringValues "all accessPackageAssignmentPolicy configurations" $testResults = Test-TmfAccessPackageAssignmentPolicy -RawOutput -Cmdlet $Cmdlet } } else { if ($SpecificResources) { $testResults = Test-TmfAccessPackageAssignmentPolicy -SpecificResources $SpecificResources -RawOutput -Cmdlet $Cmdlet } elseif ($SourceFile) { $testResults = Test-TmfAccessPackageAssignmentPolicy -SourceFile $SourceFile -RawOutput -Cmdlet $Cmdlet } elseif ($SourceConfig) { $testResults = Test-TmfAccessPackageAssignmentPolicy -SourceConfig $SourceConfig -RawOutput -Cmdlet $Cmdlet } else { $testResults = Test-TmfAccessPackageAssignmentPolicy -RawOutput -Cmdlet $Cmdlet } } foreach ($result in $testResults) { Beautify-TmfTestResult -TestResult $result -FunctionName $MyInvocation.MyCommand switch ($result.ActionType) { "Create" { $requestUrl = "$script:graphBaseUrl1/identityGovernance/entitlementManagement/assignmentPolicies" $requestMethod = "POST" $requestBody = ConvertTo-RequestBody -TestResult $result try { $requestBody = $requestBody | ConvertTo-Json -ErrorAction Stop -Depth 8 Write-PSFMessage -Level Verbose -String "TMF.Invoke.SendingRequestWithBody" -StringValues $requestMethod, $requestUrl, $requestBody Invoke-MgGraphRequest -Method $requestMethod -Uri $requestUrl -Body $requestBody | Out-Null } catch { Write-PSFMessage -Level Error -String "TMF.Invoke.ActionFailed" -StringValues $result.Tenant, $result.ResourceType, $result.ResourceName, $result.ActionType throw $_ } } "Delete" { $requestUrl = "$script:graphBaseUrl1/identityGovernance/entitlementManagement/assignmentPolicies/{0}" -f $result.GraphResource.Id $requestMethod = "DELETE" try { Write-PSFMessage -Level Verbose -String "TMF.Invoke.SendingRequest" -StringValues $requestMethod, $requestUrl Invoke-MgGraphRequest -Method $requestMethod -Uri $requestUrl } catch { Write-PSFMessage -Level Error -String "TMF.Invoke.ActionFailed" -StringValues $result.Tenant, $result.ResourceType, $result.ResourceName, $result.ActionType throw $_ } } "Update" { $requestUrl = "$script:graphBaseUrl1/identityGovernance/entitlementManagement/assignmentPolicies/{0}" -f $result.GraphResource.Id $requestMethod = "PUT" if ($result.Changes.count -gt 0) { $requestBody = ConvertTo-RequestBody -TestResult $result try { $requestBody = $requestBody | ConvertTo-Json -ErrorAction Stop -Depth 8 Write-PSFMessage -Level Verbose -String "TMF.Invoke.SendingRequestWithBody" -StringValues $requestMethod, $requestUrl, $requestBody Invoke-MgGraphRequest -Method $requestMethod -Uri $requestUrl -Body $requestBody | Out-Null } catch { Write-PSFMessage -Level Error -String "TMF.Invoke.ActionFailed" -StringValues $result.Tenant, $result.ResourceType, $result.ResourceName, $result.ActionType throw $_ } } } "NoActionRequired" { } default { Write-PSFMessage -Level Warning -String "TMF.Invoke.ActionTypeUnknown" -StringValues $result.ActionType } } Write-PSFMessage -Level Host -String "TMF.Invoke.ActionCompleted" -StringValues $result.Tenant, $result.ResourceType, $result.ResourceName, (Get-ActionColor -Action $result.ActionType), $result.ActionType } } end { Load-TmfConfiguration -Cmdlet $Cmdlet } } |