diff --git a/CHANGELOG.md b/CHANGELOG.md index d43948fbd0..a702020fe7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -142,7 +142,9 @@ * Fixes an issue with limited results when more than 25 results are present. * Intune workload * Fixed missing permissions in settings.json -* M365DataAtRestEncryptionPolicy +* EXODataAtRestEncryptionPolicyAssignment + * Initial release. +* EXODataAtRestEncryptionPolicy * Initial release. * M365DSCRuleEvaluation * Changed the name of the Key property from ResourceName to ResourceTypeName. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/MSFT_M365DataAtRestEncryptionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.psm1 similarity index 100% rename from Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/MSFT_M365DataAtRestEncryptionPolicy.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.psm1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/MSFT_M365DataAtRestEncryptionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.schema.mof similarity index 92% rename from Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/MSFT_M365DataAtRestEncryptionPolicy.schema.mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.schema.mof index 367e5922a9..c0eca2e71a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/MSFT_M365DataAtRestEncryptionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.schema.mof @@ -1,5 +1,5 @@ -[ClassVersion("1.0.0.0"), FriendlyName("M365DataAtRestEncryptionPolicy")] -class MSFT_M365DataAtRestEncryptionPolicy : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("EXODataAtRestEncryptionPolicy")] +class MSFT_EXODataAtRestEncryptionPolicy : OMI_BaseResource { [Key, Description("The Identity parameter specifies the data-at-rest encryption policy that you want to modify.")] String Identity; [Write, Description("The Name parameter specifies a unique name for the Microsoft 365 data-at-rest encryption policy.")] String Name; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/readme.md similarity index 70% rename from Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/readme.md rename to Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/readme.md index 77f3d11aeb..911c7c7c5b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/readme.md @@ -1,4 +1,4 @@ -# EXOM365DataAtRestEncryptionPolicy +# EXODataAtRestEncryptionPolicy ## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/settings.json similarity index 92% rename from Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/settings.json rename to Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/settings.json index 38bfff8e3e..485c09008f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DataAtRestEncryptionPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/settings.json @@ -1,5 +1,5 @@ { - "resourceName": "M365DataAtRestEncryptionPolicy", + "resourceName": "EXODataAtRestEncryptionPolicy", "description": "Microsoft 365 data-at-rest encryption policy for multi-workload usage.", "roles": { "read": [ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1 new file mode 100644 index 0000000000..2291d653d2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1 @@ -0,0 +1,316 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter()] + [System.String] + $DataEncryptionPolicy, + + [Parameter(Mandatory = $true)] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + Confirm-M365DSCDependencies + + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + + $nullResult = $PSBoundParameters + try + { + $instance = Get-M365DataAtRestEncryptionPolicyAssignment -ErrorAction Stop + if ($null -eq $instance) + { + throw 'Could not retrieve the M365DataAtRestEncryption Policy Assignment.' + } + + $results = @{ + DataEncryptionPolicy = [System.String]$instance.Name + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DataEncryptionPolicy, + + [Parameter(Mandatory = $true)] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.Remove('IsSingleInstance') | Out-Null + Set-M365DataAtRestEncryptionPolicyAssignment @SetParameters +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter()] + [System.String] + $DataEncryptionPolicy, + + [Parameter(Mandatory = $true)] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-M365DataAtRestEncryptionPolicyAssignment -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = 'Data Encryption Policy Assignment' + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.schema.mof new file mode 100644 index 0000000000..e96855afe0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.schema.mof @@ -0,0 +1,12 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXODataAtRestEncryptionPolicyAssignment")] +class MSFT_EXODataAtRestEncryptionPolicyAssignment : OMI_BaseResource +{ + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("The DataEncryptionPolicy parameter specifies the Microsoft 365 data-at-rest encryption policy.")] String DataEncryptionPolicy; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/readme.md new file mode 100644 index 0000000000..c6197491a0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/readme.md @@ -0,0 +1,5 @@ +# EXODataAtRestEncryptionPolicyAssignment + +## Description + +Use the Set-M365DataAtRestEncryptionPolicyAssignment cmdlet to assign a Microsoft 365 data-at-rest encryption policy at the tenant level. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/settings.json new file mode 100644 index 0000000000..1213dc56bd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/settings.json @@ -0,0 +1,30 @@ +{ + "resourceName": "EXODataAtRestEncryptionPolicyAssignment", + "description": "Use the Set-M365DataAtRestEncryptionPolicyAssignment cmdlet to assign a Microsoft 365 data-at-rest encryption policy at the tenant level.", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Compliance Admin" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/1-Create.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/1-Create.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/1-Create.ps1 index 9228d6dd91..139f3ccad6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/1-Create.ps1 @@ -22,7 +22,7 @@ Configuration Example node localhost { - M365DataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" + EXODataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" { AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); Description = "Tenant default policy 1"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/2-Update.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/2-Update.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/2-Update.ps1 index fc54367d41..bd85e25b0f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/2-Update.ps1 @@ -22,7 +22,7 @@ Configuration Example node localhost { - M365DataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" + EXODataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" { AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); Description = "Tenant default policy 2"; # drift diff --git a/Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/3-Remove.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/3-Remove.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/3-Remove.ps1 index 122dbb4e59..150c8f8d5e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/M365DataAtRestEncryptionPolicy/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicy/3-Remove.ps1 @@ -22,7 +22,7 @@ Configuration Example node localhost { - M365DataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" + EXODataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" { AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); Description = "Tenant default policy 1"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicyAssignment/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicyAssignment/2-Update.ps1 new file mode 100644 index 0000000000..0d0d48ce06 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODataAtRestEncryptionPolicyAssignment/2-Update.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXODataAtRestEncryptionPolicyAssignment "M365DataAtRestEncryptionPolicyAssignment" + { + DataEncryptionPolicy = "Riyansh_Policy" + IsSingleInstance = "Yes"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.M365DataAtRestEncryptionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicy.Tests.ps1 similarity index 100% rename from Tests/Unit/Microsoft365DSC/Microsoft365DSC.M365DataAtRestEncryptionPolicy.Tests.ps1 rename to Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicy.Tests.ps1 diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicyAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicyAssignment.Tests.ps1 new file mode 100644 index 0000000000..6d74ddbc56 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicyAssignment.Tests.ps1 @@ -0,0 +1,120 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Set-M365DataAtRestEncryptionPolicyAssignment -MockWith { + return $null + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + DataEncryptionPolicy = 'FakeStringValue'; + Credential = $Credential; + } + + Mock -CommandName Get-M365DataAtRestEncryptionPolicyAssignment -MockWith { + return @{ + Name = 'FakeStringValue'; + Credential = $Credential; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + DataEncryptionPolicy = 'FakeStringValue2'; + Credential = $Credential; + } + + Mock -CommandName Get-M365DataAtRestEncryptionPolicyAssignment -MockWith { + return @{ + Name = 'FakeStringValue'; + Credential = $Credential; + } + } + + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-M365DataAtRestEncryptionPolicyAssignment -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-M365DataAtRestEncryptionPolicyAssignment -MockWith { + return @{ + Name = 'FakeStringValue'; + Credential = $Credential; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 2a1b6cd01f..bf64f68f7a 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -68,6 +68,21 @@ function New-M365DataAtRestEncryptionPolicy $AzureKeyIDs ) } +function Get-M365DataAtRestEncryptionPolicyAssignment +{ + [CmdletBinding()] + param() +} + +function Set-M365DataAtRestEncryptionPolicyAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $DataEncryptionPolicy + ) +} #endregion function Get-MgBetaPolicyDeviceRegistrationPolicy