Fixes microsoft#1538

NikCharlebois · Jan 14, 2022 · 12ce7ec · 12ce7ec
1 parent 55fcb83
commit 12ce7ec
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Change log for Microsoft365DSC
 
+# 1.22.119.1
+
+* EXORoleAssignmentPolicy
+  * Fixed logic to update roles assigned to an existing policy;
+    FIXES #1538
+
 # 1.22.112.1
 
 * TeamsMeetingPolicy

diff --git a/...crosoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 b/...crosoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1
@@ -251,9 +251,20 @@ function Set-TargetResource
     elseif ($Ensure -eq "Present" -and $currentRoleAssignmentPolicyConfig.Ensure -eq "Present" -and $null -ne (Compare-Object -ReferenceObject $($currentRoleAssignmentPolicyConfig.Roles) -DifferenceObject $Roles))
     {
         Write-Verbose -Message "Role Assignment Policy '$($Name)' already exists, but roles attribute needs updating."
-        Write-Verbose -Message "Remove Role AssignmentPolicy before recreating because Roles attribute cannot be change with Set cmdlet"
-        Remove-RoleAssignmentPolicy -Identity $Name -Confirm:$false
-        New-RoleAssignmentPolicy @NewRoleAssignmentPolicyParams
+        $differences = Compare-Object -ReferenceObject $($currentRoleAssignmentPolicyConfig.Roles) -DifferenceObject $Roles
+        foreach ($difference in $differences)
+        {
+            if ($difference.SideIndicator -eq '=>')
+            {
+                Write-Verbose -Message "Adding Role {$($difference.InputObject)} to Role Assignment Policy {$Name}"
+                New-ManagementRoleAssignment -Role $($difference.InputObject) -Policy $Name
+            }
+            elseif ($difference.SideIndicator -eq '<=')
+            {
+                Write-Verbose -Message "Removing Role {$($difference.InputObject)} to Role Assignment Policy {$Name}"
+                Remove-ManagementRoleAssignment -Identity "$($difference.InputObject)-$Name"
+            }
+        }
     }
 }
 

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
@@ -110,7 +110,7 @@ function Update-M365DSCAllowedGraphScopes
         [System.String]
         $Type,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [ValidateSet('Global', 'China', 'USGov', 'USGovDoD', 'Germany')]
         [System.String]
         $Environment = 'Global'

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1
@@ -334,7 +334,7 @@ function Start-M365DSCConfigurationExtract
         }
         [array]$ModuleVersion = Get-Module Microsoft365DSC
         $ModuleVersion = $ModuleVersion[0]
-        $DSCContent += "    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '$version'`r`n`r`n"
+        $DSCContent += "    Import-DscResource -ModuleName 'Microsoft365DSC'`r`n`r`n"
         $DSCContent += "    Node localhost`r`n"
         $DSCContent += "    {`r`n"
 
@@ -636,10 +636,6 @@ function Start-M365DSCConfigurationExtract
                         -Cert "cert:\LocalMachine\my\$($LCMConfig.CertificateID)" `
                         -Type CERT `
                         -NoClobber | Out-Null
-                    Add-ConfigurationDataEntry -Node "localhost" `
-                        -Key "CertificateFile" `
-                        -Value "M365DSC.cer" `
-                        -Description "Path of the certificate used to encrypt credentials in the file."
                 }
                 catch
                 {
@@ -648,6 +644,10 @@ function Start-M365DSCConfigurationExtract
                         -EventID 1 -Source $($MyInvocation.MyCommand.Source)
                 }
             }
+            Add-ConfigurationDataEntry -Node "localhost" `
+                -Key "CertificateFile" `
+                -Value "M365DSC.cer" `
+                -Description "Path of the certificate used to encrypt credentials in the file."
             $outputConfigurationData = $OutputDSCPath + "ConfigurationData.psd1"
             New-ConfigurationDataDocument -Path $outputConfigurationData
         }

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
@@ -941,6 +941,16 @@ function Export-M365DSCConfiguration
     #region Telemetry
     $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
     $data.Add("Event", "Extraction")
+
+    if (-not [System.String]::IsNullOrEmpty($TenantId))
+    {
+        $data.Add("Tenant", $TenantId)
+    }
+    else
+    {
+        $tenant = $Credential.UserName.Split('@')[1]
+        $data.Add("Tenant", $tenant)
+    }
     $data.Add("Path", [System.String]::IsNullOrEmpty($Path))
     $data.Add("FileName", $null -ne [System.String]::IsNullOrEmpty($FileName))
     $data.Add("Components", $null -ne $Components)
@@ -966,7 +976,7 @@ function Export-M365DSCConfiguration
     }
 
     # Clear the Connection Cache from MSCloudLoginAssistant
-    $Global:MsCloudLoginConnectionProfile = $null
+    #$Global:MsCloudLoginConnectionProfile = $null
 
     # Make sure we are not connected to Microsoft Graph on another tenant
     try