Skip to content

Commit

Permalink
Merge pull request #3595 from swisscom/fix/AADAuthorizationPolicy-Per…
Browse files Browse the repository at this point in the history
…missionGrantPolicyIdsAssignedToDefaultUserRole

fix: PermissionGrantPolicyIdsAssignedToDefaultUserRole
  • Loading branch information
NikCharlebois authored Aug 23, 2023
2 parents 57cd261 + b86be44 commit b832d18
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 43 deletions.
4 changes: 3 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@
* EXOSafeAttachmentPolicy
* Deprecated ActionOnError Parameter
FIXES [#3579](https://github.com/microsoft/Microsoft365DSC/issues/3579)

* AADAuthorizationPolicy
* Fix issue with property PermissionGrantPolicyIdsAssignedToDefaultUserRole
FIXES [#3594](https://github.com/microsoft/Microsoft365DSC/issues/3594)
* AADGroupsSettings
* Add support for enabling sensitivity labels in M365-groups
* O365OrgSettings
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ function Get-TargetResource
DefaultUserRoleAllowedToReadOtherUsers = $Policy.DefaultUserRolePermissions.AllowedToReadOtherUsers
DefaultUserRoleAllowedToReadBitlockerKeysForOwnedDevice = $Policy.DefaultUserRolePermissions.AllowedToReadBitlockerKeysForOwnedDevice
DefaultUserRoleAllowedToCreateTenants = $Policy.DefaultUserRolePermissions.AllowedToCreateTenants
PermissionGrantPolicyIdsAssignedToDefaultUserRole = $Policy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
PermissionGrantPolicyIdsAssignedToDefaultUserRole = $Policy.PermissionGrantPolicyIdsAssignedToDefaultUserRole
GuestUserRole = Get-GuestUserRoleNameFromId -GuestUserRoleId $Policy.GuestUserRoleId
Ensure = 'Present'
Credential = $Credential
Expand Down Expand Up @@ -325,12 +325,8 @@ function Set-TargetResource
{
if ($param -like 'Permission*')
{
#beta profile
#$UpdateParameters.Add($param, $currentParameters.$param)
#Write-Verbose -Message "Added '$param' to UpdateParameters"
#v1.0 profile
$defaultUserRolePermissions.Add('PermissionGrantPoliciesAssigned', $currentParameters.$param)
Write-Verbose -Message "Added 'PermissionGrantPoliciesAssigned' ($param) to defaultUserRolePermissions"
$UpdateParameters.Add($param, $currentParameters.$param)
Write-Verbose -Message "Added '$param' to UpdateParameters"
}
else
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,21 +73,21 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
}
Mock -CommandName Get-MgBetaPolicyAuthorizationPolicy -MockWith {
$AADAuthPol = [pscustomobject]@{
Id = 'authorizationPolicy'
DisplayName = 'Authorization Policy'
Description = 'something'
allowedToSignUpEmailBasedSubscriptions = $true
allowedToUseSSPR = $true
allowEmailVerifiedUsersToJoinOrganization = $true
AllowInvitesFrom = 'Everyone'
blockMsolPowerShell = $false
defaultUserRolePermissions = [pscustomobject]@{
allowedToCreateApps = $true
allowedToCreateSecurityGroups = $true
allowedToReadOtherUsers = $true
PermissionGrantPoliciesAssigned = [string[]]@()
Id = 'authorizationPolicy'
DisplayName = 'Authorization Policy'
Description = 'something'
AllowedToSignUpEmailBasedSubscriptions = $true
AllowedToUseSspr = $true
AllowEmailVerifiedUsersToJoinOrganization = $true
AllowInvitesFrom = 'Everyone'
BlockMsolPowerShell = $false
PermissionGrantPolicyIdsAssignedToDefaultUserRole = [string[]]@()
DefaultUserRolePermissions = [pscustomobject]@{
AllowedToCreateApps = $true
AllowedToCreateSecurityGroups = $true
AllowedToReadOtherUsers = $true
}
GuestUserRoleId = '10dae51f-b6af-4016-8d66-8c2a99b929b3' # Guest
GuestUserRoleId = '10dae51f-b6af-4016-8d66-8c2a99b929b3' # Guest
}
return $AADAuthPol
}
Expand Down Expand Up @@ -129,21 +129,21 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {

Mock -CommandName Get-MgBetaPolicyAuthorizationPolicy -MockWith {
$AADAuthPol = [pscustomobject]@{
Id = 'authorizationPolicy'
DisplayName = 'Authorization Policy'
Description = 'something'
allowedToSignUpEmailBasedSubscriptions = $true
allowedToUseSSPR = $true
allowEmailVerifiedUsersToJoinOrganization = $true
AllowInvitesFrom = 'Everyone'
blockMsolPowerShell = $false
defaultUserRolePermissions = [pscustomobject]@{
Id = 'authorizationPolicy'
DisplayName = 'Authorization Policy'
Description = 'something'
allowedToSignUpEmailBasedSubscriptions = $true
allowedToUseSSPR = $true
allowEmailVerifiedUsersToJoinOrganization = $true
AllowInvitesFrom = 'Everyone'
blockMsolPowerShell = $false
PermissionGrantPolicyIdsAssignedToDefaultUserRole = [string[]]@()
defaultUserRolePermissions = [pscustomobject]@{
allowedToCreateApps = $true
allowedToCreateSecurityGroups = $true
allowedToReadOtherUsers = $true
PermissionGrantPoliciesAssigned = [string[]]@()
}
GuestUserRoleId = '10dae51f-b6af-4016-8d66-8c2a99b929b3' # Guest
GuestUserRoleId = '10dae51f-b6af-4016-8d66-8c2a99b929b3' # Guest
}
return $AADAuthPol
}
Expand Down Expand Up @@ -183,20 +183,20 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {

Mock -CommandName Get-MgBetaPolicyAuthorizationPolicy -MockWith {
$AADAuthPol = [pscustomobject]@{
DisplayName = 'Authorization Policy'
Description = 'something'
allowedToSignUpEmailBasedSubscriptions = $true
allowedToUseSSPR = $true
allowEmailVerifiedUsersToJoinOrganization = $true
AllowInvitesFrom = 'Everyone'
blockMsolPowerShell = $false
defaultUserRolePermissions = [pscustomobject]@{
DisplayName = 'Authorization Policy'
Description = 'something'
allowedToSignUpEmailBasedSubscriptions = $true
allowedToUseSSPR = $true
allowEmailVerifiedUsersToJoinOrganization = $true
AllowInvitesFrom = 'Everyone'
blockMsolPowerShell = $false
PermissionGrantPolicyIdsAssignedToDefaultUserRole = [string[]]@()
defaultUserRolePermissions = [pscustomobject]@{
allowedToCreateApps = $true
allowedToCreateSecurityGroups = $true
allowedToReadOtherUsers = $true
PermissionGrantPoliciesAssigned = [string[]]@()
}
GuestUserRoleId = '10dae51f-b6af-4016-8d66-8c2a99b929b3' # Guest
GuestUserRoleId = '10dae51f-b6af-4016-8d66-8c2a99b929b3' # Guest
}
return $AADAuthPol
}
Expand Down

0 comments on commit b832d18

Please sign in to comment.