From 08d56cfa4f3e1a9b221736d299fd5e106e2532b3 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 11 Jul 2024 19:34:14 +0000 Subject: [PATCH] Updated {Create} AAD Integration Tests --- .../M365DSCIntegration.AAD.Create.Tests.ps1 | 128 +++++++++++++----- 1 file changed, 92 insertions(+), 36 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 6f8c8a7041..6b22978208 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -1,21 +1,37 @@ param ( [Parameter()] - [System.Management.Automation.PSCredential] - $Credential + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Configuration Master { param ( - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $Credscredential + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC - $Domain = $Credscredential.Username.Split('@')[1] + $Domain = $TenantId Node Localhost { AADAdministrativeUnit 'TestUnit' @@ -36,7 +52,9 @@ } } ) - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADApplication 'AADApp1' { @@ -74,11 +92,15 @@ } ) Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADAttributeSet 'AADAttributeSetTest' { - Credential = $credsCredential; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint Description = "Attribute set with 420 attributes"; Ensure = "Present"; Id = "TestAttributeSet"; @@ -86,7 +108,9 @@ } AADAuthenticationContextClassReference 'AADAuthenticationContextClassReference-Test' { - Credential = $credsCredential; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint Description = "Context test"; DisplayName = "My Context"; Ensure = "Present"; @@ -99,13 +123,17 @@ Description = "This is an example"; DisplayName = "Example"; Ensure = "Present"; - Credential = $Credscredential; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADConditionalAccessPolicy 'ConditionalAccessPolicy' { BuiltInControls = @("mfa"); ClientAppTypes = @("all"); - Credential = $Credscredential; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint DeviceFilterMode = "exclude"; DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; DisplayName = "Example CAP"; @@ -147,14 +175,18 @@ ) } }; - Credential = $credsCredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint Ensure = "Present"; } AADEntitlementManagementAccessPackage 'myAccessPackage' { AccessPackagesIncompatibleWith = @(); CatalogId = "General"; - Credential = $Credscredential; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint Description = "Integration Tests"; DisplayName = "Integration Package"; Ensure = "Present"; @@ -197,7 +229,9 @@ IsExternallyVisible = $True Managedidentity = $False Ensure = 'Present' - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { @@ -210,13 +244,15 @@ ResourceType = 'SharePoint Online Site' Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" Ensure = 'Present' - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' { Description = "this is the tenant partner"; DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("AdeleV@$Domain"); + ExternalSponsors = @("AdeleV@$TenantId"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" @@ -224,17 +260,21 @@ odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("AdeleV@$Domain"); + InternalSponsors = @("AdeleV@$TenantId"); State = "configured"; Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADEntitlementManagementRoleAssignment 'AADEntitlementManagementRoleAssignment-Create' { AppScopeId = "/"; - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint Ensure = "Present"; - Principal = "John.Smith@$Domain"; + Principal = "John.Smith@$TenantId"; RoleDefinition = "Catalog creator"; } AADGroup 'MyGroups' @@ -246,9 +286,11 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" - Owners = @("admin@$Domain", "AdeleV@$Domain") + Owners = @("admin@$TenantId", "AdeleV@$TenantId") Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADNamedLocationPolicy 'CompanyNetwork' { @@ -257,7 +299,9 @@ IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADRoleDefinition 'AADRoleDefinition1' { @@ -268,16 +312,20 @@ RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update" Version = "1.0" Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADRoleEligibilityScheduleRequest 'MyRequest' { Action = "AdminAssign"; - Credential = $Credscredential; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $False; - Principal = "AdeleV@$Domain"; + Principal = "AdeleV@$TenantId"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' @@ -295,19 +343,23 @@ AlternativeNames = "AlternativeName1","AlternativeName2" AccountEnabled = $true AppRoleAssignmentRequired = $false - Homepage = "https://$Domain" - LogoutUrl = "https://$Domain/logout" - ReplyURLs = "https://$Domain" + Homepage = "https://$TenantId" + LogoutUrl = "https://$TenantId/logout" + ReplyURLs = "https://$TenantId" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADSocialIdentityProvider 'AADSocialIdentityProvider-Google' { ClientId = "Google-OAUTH"; ClientSecret = "FakeSecret"; - Credential = $credsCredential; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint DisplayName = "My Google Provider"; Ensure = "Present"; IdentityProviderType = "Google"; @@ -318,11 +370,13 @@ Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); IsOrganizationDefault = $false Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Domain" + UserPrincipalName = "John.Smith@$TenantId" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" @@ -331,7 +385,9 @@ Office = "Ottawa - Queen" UsageLocation = "US" Ensure = "Present" - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } @@ -348,7 +404,7 @@ # Compile and deploy configuration try { - Master -ConfigurationData $ConfigurationData -Credscredential $Credential + Master -ConfigurationData $ConfigurationData -ApplicationId $ApplicationId -TenantId $TenantId -CertificateThumbprint $CertificateThumbprint Start-DscConfiguration Master -Wait -Force -Verbose -ErrorAction Stop } catch