functions/entitlementManagement/accessPackageResource/Invoke-TmfAccessPackageResource.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
function Invoke-TmfAccessPackageResource
{
    <#
        .SYNOPSIS
            Performs the required actions for a resource type against the connected Tenant.
    #>

    [CmdletBinding()]
    Param (
        [System.Management.Automation.PSCmdlet]
        $Cmdlet = $PSCmdlet
    )
    
    begin
    {
        $resourceName = "accessPackageResources"
        if (!$script:desiredConfiguration[$resourceName]) {
            Stop-PSFFunction -String "TMF.NoDefinitions" -StringValues "AccessPackageResouce"
            return
        }
        Test-GraphConnection -Cmdlet $Cmdlet
    }
    process
    {
        if (Test-PSFFunctionInterrupt) { return }
        $testResults = Test-TmfAccessPackageResource -Cmdlet $Cmdlet

        foreach ($result in $testResults) {
            Beautify-TmfTestResult -TestResult $result -FunctionName $MyInvocation.MyCommand
            switch ($result.ActionType) {
                "Create" {
                    $requestUrl = "$script:graphBaseUrl/identityGovernance/entitlementManagement/accessPackageResourceRequests"
                    $requestMethod = "POST"

                    $requestBody = @{
                        "accessPackageResource" = @{
                            "displayName" = $result.DesiredConfiguration.displayName
                            "description" = $result.DesiredConfiguration.description
                            "resourceType" = $result.DesiredConfiguration.resourceType
                            "originSystem" = $result.DesiredConfiguration.originSystem
                            "originId" = $result.DesiredConfiguration.originId()
                        }                        
                        "justification" = "Resource is required for an Access Package managed by the Tenant Managment Framework"                        
                        "requestType" = "AdminAdd"
                        "catalogId" = $result.DesiredConfiguration.catalogId()
                    }
                    try {
                        $requestBody = $requestBody | ConvertTo-Json -ErrorAction Stop -Depth 8
                        Write-PSFMessage -Level Verbose -String "TMF.Invoke.SendingRequestWithBody" -StringValues $requestMethod, $requestUrl, $requestBody
                        Invoke-MgGraphRequest -Method $requestMethod -Uri $requestUrl -Body $requestBody | Out-Null
                    }
                    catch {
                        Write-PSFMessage -Level Error -String "TMF.Invoke.ActionFailed" -StringValues $result.Tenant, $result.ResourceType, $result.ResourceName, $result.ActionType
                        throw $_
                    }
                }
                "Delete" {
                    $requestUrl = "$script:graphBaseUrl/identityGovernance/entitlementManagement/accessPackageResourceRequests"
                    $requestMethod = "POST"

                    $requestBody = @{
                        "accessPackageResource" = @{
                            "displayName" = $result.DesiredConfiguration.displayName
                            "description" = $result.DesiredConfiguration.description
                            "resourceType" = $result.DesiredConfiguration.resourceType
                            "originSystem" = $result.DesiredConfiguration.originSystem
                            "originId" = $result.DesiredConfiguration.originId()
                        }                        
                        "justification" = "Resource is not longer required for an Access Package managed by the Tenant Managment Framework"                        
                        "requestType" = "AdminRemove"
                        "catalogId" = $result.DesiredConfiguration.catalogId()
                    }
                    try {
                        $requestBody = $requestBody | ConvertTo-Json -ErrorAction Stop -Depth 8
                        Write-PSFMessage -Level Verbose -String "TMF.Invoke.SendingRequestWithBody" -StringValues $requestMethod, $requestUrl, $requestBody
                        Invoke-MgGraphRequest -Method $requestMethod -Uri $requestUrl -Body $requestBody | Out-Null
                    }
                    catch {
                        Write-PSFMessage -Level Error -String "TMF.Invoke.ActionFailed" -StringValues $result.Tenant, $result.ResourceType, $result.ResourceName, $result.ActionType
                        throw $_
                    }
                }
                "NoActionRequired" { }
                default {
                    Write-PSFMessage -Level Warning -String "TMF.Invoke.ActionTypeUnknown" -StringValues $result.ActionType
                }                
            }
            Write-PSFMessage -Level Host -String "TMF.Invoke.ActionCompleted" -StringValues $result.Tenant, $result.ResourceType, $result.ResourceName, (Get-ActionColor -Action $result.ActionType), $result.ActionType
        }        
    }
    end
    {
        
    }
}