AzureADAssessment

2.0.783174

internal/Add-AadReferencesToCache.ps1

                                
function Add-AadReferencesToCache {

    param (

        #

        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]

        [psobject] $InputObject,

        #

        [Parameter(Mandatory = $true)]

        [Alias('Type')]

        [ValidateSet('appRoleAssignment', 'oauth2PermissionGrants', 'servicePrincipal', 'directoryRoles', 'conditionalAccessPolicy')]

        [string] $ObjectType,

        #

        [Parameter(Mandatory = $true)]

        [psobject] $ReferencedIdCache,

        #

        [Parameter(Mandatory = $false)]

        [switch] $PassThru

    )

    process {

        switch ($ObjectType) {

            appRoleAssignment {

                [void] $ReferencedIdCache.servicePrincipal.Add($InputObject.resourceId)

                [void] $ReferencedIdCache.$($InputObject.principalType).Add($InputObject.principalId)

                break

            }

            oauth2PermissionGrants {

                [void] $ReferencedIdCache.servicePrincipal.Add($InputObject.clientId)

                [void] $ReferencedIdCache.servicePrincipal.Add($InputObject.resourceId)

                if ($InputObject.principalId) { [void] $ReferencedIdCache.user.Add($InputObject.principalId) }

                break

            }

            servicePrincipal {

                $InputObject.appRoleAssignedTo | Add-AadReferencesToCache -Type appRoleAssignment

                break

            }

            directoryRoles {

                foreach ($member in $InputObject.members) {

                    $MemberType = $member.'@odata.type' -replace '#microsoft.graph.', ''

                    [void] $ReferencedIdCache.$MemberType.Add($member.id)

                }

                break

            }

            conditionalAccessPolicy {

                $InputObject.conditions.users.includeUsers | Where-Object { $_ -notin 'None', 'All', 'GuestsOrExternalUsers' } | ForEach-Object { [void]$ReferencedIdCache.user.Add($_) }

                $InputObject.conditions.users.excludeUsers | Where-Object { $_ -notin 'GuestsOrExternalUsers' } | ForEach-Object { [void]$ReferencedIdCache.user.Add($_) }

                $InputObject.conditions.users.includeGroups | Where-Object { $_ -notin 'All' } | ForEach-Object { [void]$ReferencedIdCache.group.Add($_) }

                $InputObject.conditions.users.excludeGroups | ForEach-Object { [void]$ReferencedIdCache.group.Add($_) }

                $InputObject.conditions.applications.includeApplications | Where-Object { $_ -notin 'None', 'All', 'Office365' } | ForEach-Object { [void]$ReferencedIdCache.appId.Add($_) }

                $InputObject.conditions.applications.excludeApplications | Where-Object { $_ -notin 'Office365' } | ForEach-Object { [void]$ReferencedIdCache.appId.Add($_) }

                break

            }

        }

        if ($PassThru) { return $InputObject }

    }

}