The Tenant Management Framework is a Powershell module that is able to create, update and delete resources or settings via the Microsoft Graph API.
License: MIT License
It'd be great to have a contributors guide with a checklist of dos and donts.
Validation set should be expanded to include all possible values:
onetime, weekly, monthly, quarterly, halfyearly, annual
In "3.8.2. Conditional Access Policies" the last line of the code does not convert to json before exporting. The resulting output does not conform to json and concatenates the object ID's
Seeing the following error when running a TMF test on a config that requires an application resource to be onboarded to an access package. The Application does exist so not sure why its getting this.
If I onboarded to an access package via the portal and then run the config it adds the resource to the access package but that defeats the purpose of using TMF
When adding an application to an access package, TMF will fail because it expects the resourceRole attribute to be a value of either 'Member" or "Owner"
This is correct for groups but will not work for applications. The default value for applications is User, however it is possible that it could be anything because you can setup custom roles on an application
Short term fix would be to remove the Validation set for this parameter. Longer terms would likely need to do some sort of lookup for what the valid roles are on the application and then use that as the validation set.
Group validation fails when a user is specified as owner of the resource when using TMF v1.6.2370.
WARNING: [19:54:16][Resolve-User] Cannot resolve User resource. Searched in the current tenant and in the loaded desired configuration. | Cannot find user <User ID>
TMF\1.6.2370\internal\functions\resolve\Resolve-User.ps1:38 char:55
+ ... $DontFailIfNotExisting) { throw "Cannot find user $InputReference" }
// replace "owners" with valid user id/UPN/Display Name
[
{
"displayName": "GroupName",
"description": "group description",
"groupTypes": [],
"securityEnabled": true,
"mailEnabled": false,
"owners": [
"User UPN/AAD Object Id/Display Name"
],
"present": true
}
]Test-TMFGroup or Test-TMFTenantWhen using Invoke-TmfAccessPackageCatalog results in no resources getting created. This appears to be due to lines 27 and 30 in that function using the Test-TmfAccessPackage function instead of Test-TmfAccessPackageCatalog.
This is to address issue #7
Getting the above error when using TMF to adding an App Resource to an access package. Running Test-TMFTenant shows the App Resource will be created
Currently if a Access Package Policy is renamed in a json file it doesn't rename it on the Access Package it creates a new policy, keeping the existing AP Policy, would be nice if it could rename the existing access policy.
Below is an example of "Initial Policy" being renamed in the config but a new policy is crated.
.
Currently the module will successfully load even if you are missing the Microsoft.Graph module.
Most commands still work until the Invoke-TMF commands are used. Interestingly the Invoke-TmfAccessPackageCatalog does not output anything, not even an error, where-as the Invoke-TmfGroup will error out hinting that the Mocrosoft.Graph module is missing
Apologies @johannesvwgs if this is the wrong approach but was keen to reach out and see about getting either a Slack / Discord going that the community could join to discuss and collaborate on this further.
I myself would be keen to contribute more.
While deploying a large number of applications to an access package came across this error:
The error doesn't appear the test call of TMF only during the invoke command, after some troubleshooting turns out there was a duplicated application defined in the json for this Access Package. Would be nice for TMF to pick this up during testing and also provide a better error if possible.
The current argument validations for access packages are not in line with the MSGraph APIs.
For instance, AllowedTargetScope value of notSpecified is not accepted by TMF but is a valid value according to the API specification.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.