From 02ae0d65a229f76aac3775a1d8e67e0b3a0bba51 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Mon, 6 Jan 2025 18:11:11 +0100 Subject: [PATCH] wip --- .../MSFT_AADGroupEligibilitySchedule.psm1 | 184 ++++++- ...SFT_AADGroupEligibilitySchedule.schema.mof | 2 +- ...ilitySchedule-Example.ps1 => 1-Create.ps1} | 2 +- .../AADGroupEligibilitySchedule/2-Update.ps1 | 32 ++ ...5DSC.AADGroupEligibilitySchedule.Tests.ps1 | 484 ++++++++---------- Tests/Unit/Stubs/Microsoft365.psm1 | 318 +----------- 6 files changed, 436 insertions(+), 586 deletions(-) rename Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/{1-AADGroupEligibilitySchedule-Example.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.psm1 index 961bf2b5bb..c7515beb3a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.psm1 @@ -217,15 +217,16 @@ function Get-TargetResource } #endregion - $PrincipalGroup = Get-MgGroup -GroupId $getvalue.PrincipalId - if($null -ne $PrincipalGroup){ - $PrincipalType = 'group' - $PrincipalDisplayName = $PrincipalGroup.DisplayName - } - else{ - $PrincipalType = 'user' - $PrincipalDisplayName = (Get-MgUser -UserId $getvalue.PrincipalId).DisplayName + switch ($getValue.PrincipalType) + { + 'group' { + $PrincipalDisplayName = (Get-MgGroup -GroupId $getvalue.PrincipalId).DisplayName + } + 'user' { + $PrincipalDisplayName = (Get-MgUser -UserId $getvalue.PrincipalId).DisplayName + } } + $GroupDisplayName = (Get-MgGroup -GroupId $getvalue.GroupId).DisplayName $results = @{ @@ -341,7 +342,7 @@ function Set-TargetResource $AccessTokens ) - Write-Verbose -Message "Setting configuration of the Azure AD Group Eligibility Schedule with Id {$Id} and DisplayName {$DisplayName}" + Write-Verbose -Message "Setting configuration of the Azure AD Group Eligibility Schedule for group {$GroupId} and DisplayName {$GroupDisplayName}" #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -374,6 +375,60 @@ function Set-TargetResource $GroupFilter = "DisplayName eq '" + $GroupDisplayName + "'" $GroupId = (Get-MgGroup -Filter $GroupFilter).Id + + if($ScheduleInfo.Expiration.Type -eq 'noExpiration'){ + $p = Get-MgPolicyRoleManagementPolicyAssignment -Filter $("scopeId eq '{0}' and scopeType eq 'Group' and RoleDefinitionId eq 'member'" -f $GroupId) + $unifiedRoleManagementPolicyId = $p.PolicyId + $unifiedRoleManagementPolicyRuleId = "Expiration_Admin_Eligibility" + $isExpirationRequired = (Get-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId).AdditionalProperties.isExpirationRequired + if($isExpirationRequired){ + $params = @{ + "@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule" + id = "Expiration_Admin_Eligibility" + isExpirationRequired = $false + target = @{ + "@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget" + caller = "Admin" + operations = @( + "All" + ) + level = "Eligibility" + inheritableSettings = @( + ) + enforcedSettings = @( + ) + } + } + Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params + } + } + elseif($ScheduleInfo.Expiration.Type -eq 'afterDuration'){ + $p = Get-MgPolicyRoleManagementPolicyAssignment -Filter $("scopeId eq '{0}' and scopeType eq 'Group' and RoleDefinitionId eq 'member'" -f $GroupId) + $unifiedRoleManagementPolicyId = $p.PolicyId + $unifiedRoleManagementPolicyRuleId = "Expiration_Admin_Eligibility" + $isExpirationRequired = (Get-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId).AdditionalProperties.isExpirationRequired + if(-not $isExpirationRequired){ + $params = @{ + "@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule" + id = "Expiration_Admin_Eligibility" + isExpirationRequired = $true + target = @{ + "@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget" + caller = "Admin" + operations = @( + "All" + ) + level = "Eligibility" + inheritableSettings = @( + ) + enforcedSettings = @( + ) + } + } + Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params + } + } + $createParameters.Add('GroupId', $GroupId) $Filter = "DisplayName eq '" + $PrincipalDisplayname + "'" if($PrincipalType -eq 'group'){ @@ -393,13 +448,21 @@ function Set-TargetResource } } #region resource generator code - $policy = New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -BodyParameter $createParameters + New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -BodyParameter $createParameters #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Azure AD Group Eligibility Schedule with Id {$($currentInstance.Id)}" + $scheduledStart = $currentInstance.ScheduleInfo.StartDateTime + $scheduledEnd = $currentInstance.ScheduleInfo.Expiration.EndDateTime + if($scheduledStart -ne $ScheduleInfo.StartDateTime -or $scheduledEnd -ne $ScheduleInfo.Expiration.EndDateTime){ + $Action = 'adminExtend' + } + else{ + $Action = 'adminUpdate' + } $updateParameters = ([Hashtable]$BoundParameters).Clone() $updateParameters = Rename-M365DSCCimInstanceParameter -Properties $updateParameters @@ -407,11 +470,66 @@ function Set-TargetResource $updateParameters.Remove('PrincipalType') | Out-Null $updateParameters.Remove('PrincipalDisplayName') | Out-Null $updateParameters.Remove('GroupDisplayName') | Out-Null - $updateParameters.Add('Action', 'adminUpdate') + $updateParameters.Add('Action', $Action) $GroupFilter = "DisplayName eq '" + $GroupDisplayName + "'" $GroupId = (Get-MgGroup -Filter $GroupFilter).Id - $createParameters.Add('GroupId', $GroupId) + if($ScheduleInfo.Expiration.Type -eq 'noExpiration'){ + $p = Get-MgPolicyRoleManagementPolicyAssignment -Filter $("scopeId eq '{0}' and scopeType eq 'Group' and RoleDefinitionId eq 'member'" -f $GroupId) + $unifiedRoleManagementPolicyId = $p.PolicyId + $unifiedRoleManagementPolicyRuleId = "Expiration_Admin_Eligibility" + $isExpirationRequired = (Get-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId).AdditionalProperties.isExpirationRequired + if($isExpirationRequired){ + $params = @{ + "@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule" + id = "Expiration_Admin_Eligibility" + isExpirationRequired = $false + target = @{ + "@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget" + caller = "Admin" + operations = @( + "All" + ) + level = "Eligibility" + inheritableSettings = @( + ) + enforcedSettings = @( + ) + } + } + Write-Verbose -Message "Updating the expiration policy for the group {$GroupDisplayName}" + Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params + } + } + elseif($ScheduleInfo.Expiration.Type -match "^after"){ + $p = Get-MgPolicyRoleManagementPolicyAssignment -Filter $("scopeId eq '{0}' and scopeType eq 'Group' and RoleDefinitionId eq 'member'" -f $GroupId) + $unifiedRoleManagementPolicyId = $p.PolicyId + $unifiedRoleManagementPolicyRuleId = "Expiration_Admin_Eligibility" + $isExpirationRequired = (Get-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId).AdditionalProperties.isExpirationRequired + if(-not $isExpirationRequired){ + $params = @{ + "@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule" + id = "Expiration_Admin_Eligibility" + isExpirationRequired = $true + maximumDuration = 'P365D' + target = @{ + "@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget" + caller = "Admin" + operations = @( + "All" + ) + level = "Eligibility" + inheritableSettings = @( + ) + enforcedSettings = @( + ) + } + } + Write-Verbose -Message "Updating the expiration policy for the group {$GroupDisplayName}" + Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params + } + } + $updateParameters.Add('GroupId', $GroupId) $Filter = "DisplayName eq '" + $PrincipalDisplayname + "'" if($PrincipalType -eq 'group'){ $PrincipalId = (Get-MgGroup -Filter $Filter).Id @@ -431,17 +549,45 @@ function Set-TargetResource } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.PrivilegedAccessGroupEligibilitySchedule") - Update-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule ` - -PrivilegedAccessGroupEligibilityScheduleId $currentInstance.Id ` - -BodyParameter $UpdateParameters + New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -BodyParameter $UpdateParameters #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Azure AD Group Eligibility Schedule with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removiong the Azure AD Group Eligibility Schedule with Id {$($currentInstance.Id)}" + + $updateParameters = ([Hashtable]$BoundParameters).Clone() + $updateParameters = Rename-M365DSCCimInstanceParameter -Properties $updateParameters + + $updateParameters.Remove('Id') | Out-Null + $updateParameters.Remove('PrincipalType') | Out-Null + $updateParameters.Remove('PrincipalDisplayName') | Out-Null + $updateParameters.Remove('GroupDisplayName') | Out-Null + $updateParameters.Add('Action', 'adminRemove') + + $GroupFilter = "DisplayName eq '" + $GroupDisplayName + "'" + $GroupId = (Get-MgGroup -Filter $GroupFilter).Id + $updateParameters.Add('GroupId', $GroupId) + $Filter = "DisplayName eq '" + $PrincipalDisplayname + "'" + if($PrincipalType -eq 'group'){ + $PrincipalId = (Get-MgGroup -Filter $Filter).Id + } + else{ + $PrincipalId = (Get-MgUser -Filter $Filter).Id + } + $updateParameters.Add('PrincipalId', $PrincipalId) + + $keys = (([Hashtable]$updateParameters).Clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $pdateParameters.$key -and $updateParameters.$key.GetType().Name -like '*CimInstance*') + { + $updateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $updateParameters.PrivilegedAccessGroupEligibilityScheduleId + } + } + #region resource generator code - Remove-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -PrivilegedAccessGroupEligibilityScheduleId $currentInstance.Id + New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -BodyParameter $UpdateParameters #endregion } } @@ -539,7 +685,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of the Azure AD Group Eligibility Schedule with Id {$Id} and DisplayName {$DisplayName}" + Write-Verbose -Message "Testing configuration of the Azure AD Group Eligibility Schedule for Group {$GroupId} and DisplayName {$GroupDisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.schema.mof index cbc9a6c4ff..f2c14e3fc2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupEligibilitySchedule/MSFT_AADGroupEligibilitySchedule.schema.mof @@ -44,7 +44,7 @@ class MSFT_AADGroupEligibilitySchedule : OMI_BaseResource { [Write, Description("The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner, member. Supports $filter (eq)."), ValueMap{"owner","member","unknownFutureValue"}, Values{"owner","member","unknownFutureValue"}] String AccessId; [Write, Description("The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. Supports $filter (eq).")] String GroupId; - [Key, Description("Dsiaplyname of the group representing the scope of the membership or ownership eligibility through PIM for groups.")] String GroupDisplayName; + [Key, Description("Displayname of the group representing the scope of the membership or ownership eligibility through PIM for groups.")] String GroupDisplayName; [Write, Description("Indicates whether the assignment is derived from a group assignment. It can further imply whether the caller can manage the schedule. Required. The possible values are: direct, group, unknownFutureValue. Supports $filter (eq)."), ValueMap{"direct","group","unknownFutureValue"}, Values{"direct","group","unknownFutureValue"}] String MemberType; [Write, Description("The identifier of the principal whose membership or ownership eligibility is granted through PIM for groups. Required. Supports $filter (eq).")] String PrincipalId; [Write, Description("Principal type user or group"), ValueMap{"user","group"}, Values{"user","group"}] String PrincipalType; diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/1-AADGroupEligibilitySchedule-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/1-AADGroupEligibilitySchedule-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/1-Create.ps1 index 41aebfc15d..885b7dc471 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/1-AADGroupEligibilitySchedule-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/1-Create.ps1 @@ -26,7 +26,7 @@ Configuration Example StartDateTime = '2024-12-23T08:59:28.1200000+00:00' Expiration = MSFT_MicrosoftGraphExpirationPattern{ EndDateTime = '12/23/2025 8:59:00 AM +00:00' - Type = 'notSpecified' + Type = 'afterDateTime' } }; } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/2-Update.ps1 new file mode 100644 index 0000000000..d33e380248 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroupEligibilitySchedule/2-Update.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupEligibilitySchedule 'Example' + { + AccessId = "member"; + Ensure = "Present"; + GroupDisplayName = "MyPIMGroup"; + MemberType = "direct"; + PrincipalDisplayname = "MyPrincipalGroup"; + PrincipalType = "group"; + ScheduleInfo = MSFT_MicrosoftGraphrequestSchedule{ + Expiration = MSFT_MicrosoftGraphExpirationPattern{ + Type = 'noExpiration' + } + }; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupEligibilitySchedule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupEligibilitySchedule.Tests.ps1 index 5218b42c8f..7a7f3a3cf0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupEligibilitySchedule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupEligibilitySchedule.Tests.ps1 @@ -39,19 +39,25 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-PSSession -MockWith { } - Mock -CommandName Update-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" } - Mock -CommandName New-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { + Mock -CommandName Get-MgPolicyRoleManagementPolicyAssignment -MockWith { + return @( + @{ + PolicyIdId = 'FakeId' + } + ) } - Mock -CommandName Remove-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { + Mock -CommandName Get-MgPolicyRoleManagementPolicyRule -MockWith { + return @() } - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + Mock -CommandName Update-MgPolicyRoleManagementPolicyRule -MockWith { + return @() } - # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -63,39 +69,16 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The AADGroupEligibilitySchedule should exist but it DOES NOT" -Fixture { BeforeAll { $testParams = @{ - AccessId = "owner" - CreatedUsing = "FakeStringValue" - GroupId = "FakeStringValue" - Id = "FakeStringValue" + AccessId = "member" + GroupDisplayName = "FakeStringValue" MemberType = "direct" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - PrincipalId = "FakeStringValue" - ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphrequestSchedule -Property @{ - Recurrence = (New-CimInstance -ClassName MSFT_MicrosoftGraphpatternedRecurrence1 -Property @{ - Pattern = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrencePattern1 -Property @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 25 - Month = 25 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 25 + PrincipalDisplayName = "FakePrincipal" + ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphRequestSchedule -Property @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphExpirationPattern -Property @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + Type = 'afterDateTime'} -ClientOnly) } -ClientOnly) - Range = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrenceRange1 -Property @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 25 - Type = "endDate" - } -ClientOnly) - } -ClientOnly) - Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphexpirationPattern -Property @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } -ClientOnly) - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" - } -ClientOnly) - Status = "FakeStringValue" Ensure = "Present" Credential = $Credential; } @@ -103,6 +86,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { return $null } + + Mock -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -MockWith { + return $null + } } It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' @@ -112,91 +99,69 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Create the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName New-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -Exactly 1 + Should -Invoke -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -Exactly 1 } } Context -Name "The AADGroupEligibilitySchedule exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - AccessId = "owner" - CreatedUsing = "FakeStringValue" - GroupId = "FakeStringValue" - Id = "FakeStringValue" + AccessId = "member" + GroupDisplayName = "FakeStringValue" MemberType = "direct" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - PrincipalId = "FakeStringValue" - ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphrequestSchedule -Property @{ - Recurrence = (New-CimInstance -ClassName MSFT_MicrosoftGraphpatternedRecurrence1 -Property @{ - Pattern = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrencePattern1 -Property @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 25 - Month = 25 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 25 - } -ClientOnly) - Range = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrenceRange1 -Property @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 25 - Type = "endDate" + PrincipalDisplayName = "FakePrincipal" + ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphRequestSchedule -Property @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphExpirationPattern -Property @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + Type = 'afterDateTime'} -ClientOnly) } -ClientOnly) - } -ClientOnly) - Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphexpirationPattern -Property @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } -ClientOnly) - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" - } -ClientOnly) - Status = "FakeStringValue" - Ensure = 'Absent' + Ensure = "Absent" Credential = $Credential; } Mock -CommandName Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { return @{ - AdditionalProperties = @{ - groupId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.PrivilegedAccessGroupEligibilitySchedule" - principalId = "FakeStringValue" - memberType = "direct" - accessId = "owner" - } - CreatedUsing = "FakeStringValue" - Id = "FakeStringValue" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - ScheduleInfo = @{ - Recurrence = @{ - Pattern = @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 25 - Month = 25 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 25 - } - Range = @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 25 - Type = "endDate" + AccessId = 'member' + GroupDisplayName = 'FakeStringValue' + MemberType = 'direct' + PrincipalDisplayName = 'FakePrincipal' + ScheduleInfo = @( + @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + type = 'afterDateTime' } } - Expiration = @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" - } - Status = "FakeStringValue" + ) + } + } + Mock -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -MockWith { + return $null + } + + Mock -CommandName Invoke-GraphRequest -MockWith { + return @{ + AccessId = 'member' + GroupDisplayName = 'FakeStringValue' + MemberType = 'direct' + PrincipalDisplayName = 'FakePrincipal' + ScheduleInfo = @( + @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + type = 'afterDateTime' + } + } + ) } } + Mock -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -MockWith { + return $null + } } It 'Should return Values from the Get method' { @@ -209,91 +174,92 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Remove the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -Exactly 1 + Should -Invoke -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -Exactly 1 } } Context -Name "The AADGroupEligibilitySchedule Exists and Values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ - AccessId = "owner" - CreatedUsing = "FakeStringValue" - GroupId = "FakeStringValue" - Id = "FakeStringValue" + AccessId = "member" + GroupDisplayName = "FakeStringValue" MemberType = "direct" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - PrincipalId = "FakeStringValue" - ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphrequestSchedule -Property @{ - Recurrence = (New-CimInstance -ClassName MSFT_MicrosoftGraphpatternedRecurrence1 -Property @{ - Pattern = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrencePattern1 -Property @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 25 - Month = 25 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 25 + PrincipalDisplayName = "FakePrincipal" + ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphRequestSchedule -Property @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphExpirationPattern -Property @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + Type = 'afterDateTime'} -ClientOnly) } -ClientOnly) - Range = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrenceRange1 -Property @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 25 - Type = "endDate" - } -ClientOnly) - } -ClientOnly) - Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphexpirationPattern -Property @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } -ClientOnly) - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" - } -ClientOnly) - Status = "FakeStringValue" - Ensure = 'Present' + Ensure = "Present" Credential = $Credential; } Mock -CommandName Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { return @{ - AdditionalProperties = @{ - groupId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.PrivilegedAccessGroupEligibilitySchedule" - principalId = "FakeStringValue" - memberType = "direct" - accessId = "owner" - } - CreatedUsing = "FakeStringValue" - Id = "FakeStringValue" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - ScheduleInfo = @{ - Recurrence = @{ - Pattern = @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 25 - Month = 25 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 25 - } - Range = @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 25 - Type = "endDate" + AccessId = 'member' + GroupDisplayName = 'FakeStringValue' + MemberType = 'direct' + PrincipalDisplayName = 'FakePrincipal' + ScheduleInfo = @( + @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + type = 'afterDateTime' } } - Expiration = @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" + ) + } + } + + mock -CommandName Get-MgGroup -MockWith { + return @{ + Id = 'FakeId' + DisplayName = 'FakeStringValue' + } + } + + Mock -CommandName Invoke-GraphRequest -MockWith { + return @{ + AccessId = 'member' + GroupDisplayName = 'FakeStringValue' + MemberType = 'direct' + PrincipalDisplayName = 'FakePrincipal' + ScheduleInfo = @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + type = 'afterDateTime' + } + } + } + } + + Mock -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -MockWith { + return $null + } + + Mock -CommandName Get-MgPolicyRoleManagementPolicyAssignment -MockWith { + return @( + @{ + PolicyId = 'FakeId' } - Status = "FakeStringValue" + ) + } + Mock -CommandName Get-MgPolicyRoleManagementPolicyRule -MockWith { + return @{ + AdditionalProperties = @{ + isExpirationRequired = $true + } } } + + Mock -CommandName Update-MgPolicyRoleManagementPolicyRule -MockWith { + return @() + } + } It 'Should return true from the Test method' { @@ -304,82 +270,84 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The AADGroupEligibilitySchedule exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - AccessId = "owner" - CreatedUsing = "FakeStringValue" - GroupId = "FakeStringValue" - Id = "FakeStringValue" + AccessId = "member" + GroupDisplayName = "FakeStringValue" MemberType = "direct" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - PrincipalId = "FakeStringValue" - ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphrequestSchedule -Property @{ - Recurrence = (New-CimInstance -ClassName MSFT_MicrosoftGraphpatternedRecurrence1 -Property @{ - Pattern = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrencePattern1 -Property @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 25 - Month = 25 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 25 - } -ClientOnly) - Range = (New-CimInstance -ClassName MSFT_MicrosoftGraphrecurrenceRange1 -Property @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 25 - Type = "endDate" + PrincipalDisplayName = "FakePrincipal" + ScheduleInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphRequestSchedule -Property @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphExpirationPattern -Property @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + Type = 'afterDateTime'} -ClientOnly) } -ClientOnly) - } -ClientOnly) - Expiration = (New-CimInstance -ClassName MSFT_MicrosoftGraphexpirationPattern -Property @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } -ClientOnly) - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" - } -ClientOnly) - Status = "FakeStringValue" - Ensure = 'Present' + Ensure = "Present" Credential = $Credential; } Mock -CommandName Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { return @{ - AdditionalProperties = @{ - principalId = "FakeStringValue" - groupId = "FakeStringValue" - memberType = "direct" - accessId = "owner" - } - CreatedUsing = "FakeStringValue" - Id = "FakeStringValue" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - ScheduleInfo = @{ - Recurrence = @{ - Pattern = @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 7 - Month = 7 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 7 - } - Range = @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 7 - Type = "endDate" + AccessId = 'member' + GroupDisplayName = 'FakeStringValue' + MemberType = 'direct' + PrincipalDisplayName = 'FakePrincipal' + ScheduleInfo = @( + @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = @{ + EndDateTime = '12/24/2025 8:59:00 AM +00:00' + type = 'afterDateTime' } } - Expiration = @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" + ) + } + } + + mock -CommandName Get-MgGroup -MockWith { + return @{ + Id = 'FakeId' + DisplayName = 'FakeStringValue' + } + } + + Mock -CommandName Invoke-GraphRequest -MockWith { + return @{ + AccessId = 'member' + GroupDisplayName = 'FakeStringValue' + MemberType = 'direct' + PrincipalDisplayName = 'FakePrincipal' + ScheduleInfo = @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + type = 'afterDateTime' + } + } + } + } + + Mock -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -MockWith { + return $null + } + + Mock -CommandName Get-MgPolicyRoleManagementPolicyAssignment -MockWith { + return @( + @{ + PolicyId = 'FakeId' + } + ) + } + + Mock -CommandName Get-MgPolicyRoleManagementPolicyRule -MockWith { + return @{ + AdditionalProperties = @{ + isExpirationRequired = $true } - Status = "FakeStringValue" } } + + Mock -CommandName Update-MgPolicyRoleManagementPolicyRule -MockWith { + return @() + } } It 'Should return Values from the Get method' { @@ -392,7 +360,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -Exactly 1 + Should -Invoke -CommandName New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -Exactly 1 } } @@ -406,43 +374,19 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -MockWith { return @{ - AdditionalProperties = @{ - groupId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.PrivilegedAccessGroupEligibilitySchedule" - principalId = "FakeStringValue" - memberType = "direct" - accessId = "owner" - } - CreatedUsing = "FakeStringValue" - Id = "FakeStringValue" - ModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - ScheduleInfo = @{ - Recurrence = @{ - Pattern = @{ - Index = "first" - FirstDayOfWeek = "sunday" - DayOfMonth = 25 - Month = 25 - DaysOfWeek = @("sunday") - Type = "daily" - Interval = 25 - } - Range = @{ - StartDate = "2023-01-01T00:00:00.0000000" - EndDate = "2023-01-01T00:00:00.0000000" - RecurrenceTimeZone = "FakeStringValue" - NumberOfOccurrences = 25 - Type = "endDate" + AccessId = 'member' + GroupDisplayName = 'FakeStringValue' + MemberType = 'direct' + PrincipalDisplayName = 'FakePrincipal' + ScheduleInfo = @( + @{ + StartDateTime = '2025-01-23T08:59:28.1200000+00:00' + Expiration = @{ + EndDateTime = '12/23/2025 8:59:00 AM +00:00' + type = 'afterDateTime' } } - Expiration = @{ - EndDateTime = "2023-01-01T00:00:00.0000000+01:00" - Type = "notSpecified" - } - StartDateTime = "2023-01-01T00:00:00.0000000+01:00" - } - Status = "FakeStringValue" - + ) } } } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 52a425eff2..fae2f3e556 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -105439,15 +105439,15 @@ function Update-MgDeviceManagementDeviceConfigurationAssignment #endregion -#region MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -function Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest +#region MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule +function Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule { [CmdletBinding()] param ( [Parameter()] [System.String] - $PrivilegedAccessGroupEligibilityScheduleRequestId, + $PrivilegedAccessGroupEligibilityScheduleId, [Parameter()] [PSObject] @@ -105527,7 +105527,7 @@ function Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest ) } -function New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest +function New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest { [CmdletBinding()] param @@ -105654,127 +105654,18 @@ function New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest ) } -function Remove-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest +function Get-MgPolicyRoleManagementPolicyAssignment { [CmdletBinding()] param ( [Parameter()] [System.String] - $PrivilegedAccessGroupEligibilityScheduleRequestId, - - [Parameter()] - [PSObject] - $InputObject, + $PolicyAssignmentId, [Parameter()] [System.String] - $ResponseHeadersVariable, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.Collections.IDictionary] - $Headers, - - [Parameter()] - [PSObject[]] - $HttpPipelineAppend, - - [Parameter()] - [PSObject[]] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} - -function Stop-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -{ - [CmdletBinding()] - param - ( - [Parameter()] - [System.String] - $PrivilegedAccessGroupEligibilityScheduleRequestId, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.String] - $ResponseHeadersVariable, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.Collections.IDictionary] - $Headers, - - [Parameter()] - [PSObject[]] - $HttpPipelineAppend, - - [Parameter()] - [PSObject[]] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} - -#endregion - -#region MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -function Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -{ - [CmdletBinding()] - param - ( - [Parameter()] - [System.String] - $PrivilegedAccessGroupEligibilityScheduleId, + $PolicyId, [Parameter()] [PSObject] @@ -105854,168 +105745,14 @@ function Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule ) } -function New-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -{ - [CmdletBinding()] - param - ( - [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $ResponseHeadersVariable, - - [Parameter()] - [System.String] - $AccessId, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $CreatedUsing, - - [Parameter()] - [PSObject] - $Group, - - [Parameter()] - [System.String] - $GroupId, - - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [System.String] - $MemberType, - - [Parameter()] - [System.DateTime] - $ModifiedDateTime, - - [Parameter()] - [PSObject] - $Principal, - - [Parameter()] - [System.String] - $PrincipalId, - - [Parameter()] - [PSObject] - $ScheduleInfo, - - [Parameter()] - [System.String] - $Status, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.Collections.IDictionary] - $Headers, - - [Parameter()] - [PSObject[]] - $HttpPipelineAppend, - - [Parameter()] - [PSObject[]] - $HttpPipelinePrepend, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} - -function Remove-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule +function Update-MgPolicyRoleManagementPolicyRule { [CmdletBinding()] param ( [Parameter()] [System.String] - $PrivilegedAccessGroupEligibilityScheduleId, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.String] - $ResponseHeadersVariable, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.Collections.IDictionary] - $Headers, - - [Parameter()] - [PSObject[]] - $HttpPipelineAppend, - - [Parameter()] - [PSObject[]] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} - -function Update-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule -{ - [CmdletBinding()] - param - ( - [Parameter()] - [System.String] - $PrivilegedAccessGroupEligibilityScheduleId, + $PolicyRuleId, [Parameter()] [PSObject] @@ -106029,57 +105766,49 @@ function Update-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule [System.String] $ResponseHeadersVariable, - [Parameter()] - [System.String] - $AccessId, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, - [Parameter()] - [System.DateTime] - $CreatedDateTime, - [Parameter()] [System.String] - $CreatedUsing, + $Id, [Parameter()] - [PSObject] - $Group, + [System.String] + $Name, [Parameter()] [System.String] - $GroupId, + $PolicyId, [Parameter()] [System.String] - $Id, + $PolicyRuleType, [Parameter()] [System.String] - $MemberType, + $PolicyType, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [System.String] + $Priority, [Parameter()] - [PSObject] - $Principal, + [System.String] + $RuleType, [Parameter()] [System.String] - $PrincipalId, + $Status, [Parameter()] - [PSObject] - $ScheduleInfo, + [System.String] + $TargetType, [Parameter()] [System.String] - $Status, + $TargetValue, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -106114,6 +105843,5 @@ function Update-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule $Confirm ) } - #endregion