add: New process for collecting MgGraph output to make pester testing easier

2024-06-23 11:39:14 -05:00
parent 84c16ac16e
commit 39ba3c3ad7
12 changed files with 224 additions and 68 deletions
--- a/source/Private/Get-AdminRoleUserAndAssignment.ps1
+++ b/source/Private/Get-AdminRoleUserAndAssignment.ps1
@@ -0,0 +1,38 @@
+function Get-AdminRoleUserAndAssignment {
+    [CmdletBinding()]
+    param ()
+
+    $result = @{}
+
+    # Get the DisplayNames of all admin roles
+    $adminRoleNames = (Get-MgDirectoryRole | Where-Object { $null -ne $_.RoleTemplateId }).DisplayName
+
+    # Get Admin Roles
+    $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { ($adminRoleNames -contains $_.DisplayName) -and ($_.DisplayName -ne "Directory Synchronization Accounts") }
+
+    foreach ($role in $adminRoles) {
+        Write-Verbose "Processing role: $($role.DisplayName)"
+        $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+
+        foreach ($assignment in $roleAssignments) {
+            Write-Verbose "Processing role assignment for principal ID: $($assignment.PrincipalId)"
+            $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
+
+            if ($userDetails) {
+                Write-Verbose "Retrieved user details for: $($userDetails.UserPrincipalName)"
+                $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
+
+                if (-not $result[$role.DisplayName]) {
+                    $result[$role.DisplayName] = @()
+                }
+                $result[$role.DisplayName] += [PSCustomObject]@{
+                    AssignmentId = $assignment.Id
+                    UserDetails  = $userDetails
+                    Licenses     = $licenses
+                }
+            }
+        }
+    }
+
+    return $result
+}
--- a/source/Private/Get-MgOutput.ps1
+++ b/source/Private/Get-MgOutput.ps1
@@ -0,0 +1,85 @@
+function Get-MgOutput {
+    <#
+    .SYNOPSIS
+    This is a sample Private function only visible within the module.
+
+    .DESCRIPTION
+    This sample function is not exported to the module and only return the data passed as parameter.
+
+    .EXAMPLE
+    $null = Get-MgOutput -PrivateData 'NOTHING TO SEE HERE'
+
+    .PARAMETER PrivateData
+    The PrivateData parameter is what will be returned without transformation.
+
+#>
+    [cmdletBinding()]
+    [OutputType([string])]
+    param(
+        [Parameter(Mandatory = $true)]
+        [String]
+        $Rec
+    )
+
+    begin {
+        # Begin Block #
+    }
+    process {
+        switch ($rec) {
+            '1.1.3' {
+                # Step: Retrieve global admin role
+                $globalAdminRole = Get-MgDirectoryRole -Filter "RoleTemplateId eq '62e90394-69f5-4237-9190-012177145e10'"
+                # Step: Retrieve global admin members
+                $globalAdmins = Get-MgDirectoryRoleMember -DirectoryRoleId $globalAdminRole.Id
+                return $globalAdmins
+            }
+            '1.2.1' {
+                $allGroups = Get-MgGroup -All | Where-Object { $_.Visibility -eq "Public" } | Select-Object DisplayName, Visibility
+                return $allGroups
+            }
+            '5.1.2.3' {
+                # Retrieve the tenant creation policy
+                $tenantCreationPolicy = (Get-MgPolicyAuthorizationPolicy).DefaultUserRolePermissions | Select-Object AllowedToCreateTenants
+                return $tenantCreationPolicy
+            }
+            '5.1.8.1' {
+                # Retrieve password hash sync status (Condition A and C)
+                $passwordHashSync = Get-MgOrganization | Select-Object -ExpandProperty OnPremisesSyncEnabled
+                return $passwordHashSync
+            }
+            '6.1.2' {
+                $tenantSkus = Get-MgSubscribedSku -All
+                $e3SkuPartNumber = "SPE_E3"
+                $founde3Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e3SkuPartNumber }
+                if ($founde3Sku.Count -ne 0) {
+                    $allE3Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde3Sku.SkuId) )" -All
+                    return $allE3Users
+                }
+                else {
+                    return $null
+                }
+            }
+            '6.1.3' {
+                $tenantSkus = Get-MgSubscribedSku -All
+                $e5SkuPartNumber = "SPE_E5"
+                $founde5Sku = $tenantSkus | Where-Object { $_.SkuPartNumber -eq $e5SkuPartNumber }
+                if ($founde5Sku.Count -ne 0) {
+                    $allE5Users = Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($founde5Sku.SkuId) )" -All
+                    return $allE5Users
+                }
+                else {
+                    return $null
+                }
+            }
+            Default {
+                # 1.1.1
+                $AdminRoleAssignmentsAndUsers = Get-AdminRoleUserAndAssignment
+                return $AdminRoleAssignmentsAndUsers
+            }
+        }
+    }
+    end {
+        Write-Verbose "Retuning data for Rec: $Rec"
+    }
+} # end function Get-MgOutput
+