Skip to content

Commit

Permalink
GDAP Invite Tweaks
Browse files Browse the repository at this point in the history
- Add autoExtendDuration
- Remove partner property
- Add separate property for invite urls to return
  • Loading branch information
JohnDuprey committed Nov 2, 2023
1 parent 3f5cd04 commit 6e52317
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 12 deletions.
21 changes: 12 additions & 9 deletions ExecGDAPInvite/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,18 @@ $APIName = $TriggerMetadata.FunctionName
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

$RoleMappings = $Request.body.gdapRoles
$Results = [System.Collections.ArrayList]@()
$Results = [System.Collections.Generic.List[string]]::new()
$InviteUrls = [System.Collections.Generic.List[string]]::new()

$Table = Get-CIPPTable -TableName 'GDAPInvites'
try {
$JSONBody = @{
'displayName' = "$((New-Guid).GUID)"
'partner' = @{
'tenantId' = "$env:tenantid"
}
'accessDetails' = @{
'displayName' = "$((New-Guid).GUID)"
'accessDetails' = @{
'unifiedRoles' = @($RoleMappings | Select-Object roleDefinitionId)
}
'duration' = 'P730D'
'autoExtendDuration' = 'P180D'
'duration' = 'P730D'
} | ConvertTo-Json -Depth 5 -Compress

$NewRelationship = New-GraphPostRequest -NoAuthCheck $True -uri 'https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships' -type POST -body $JSONBody -verbose -tenantid $env:TenantID
Expand All @@ -40,6 +39,7 @@ try {

if ($NewRelationshipRequest.action -eq 'lockForApproval') {
$InviteUrl = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($NewRelationship.id)"
$InviteUrls.Add($InviteUrl)

$InviteEntity = [PSCustomObject]@{
'PartitionKey' = 'invite'
Expand All @@ -58,9 +58,12 @@ try {
$Results.add('Error creating GDAP relationship')
}

Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Debug'
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info'

$body = @{Results = @($Results) }
$body = @{
Results = @($Results)
InviteUrls = @($InviteUrls)
}
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = $body
Expand Down
6 changes: 3 additions & 3 deletions ExecGDAPInviteQueue/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Write-Host "PowerShell queue trigger function processed work item: $QueueItem"

$Table = Get-CIPPTable -TableName 'GDAPInvites'
$Invite = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$QueueItem'"

$APINAME = 'GDAPInvites'
$RoleMappings = $Invite.RoleMappings | ConvertFrom-Json
Write-Host ($Invite | ConvertTo-Json -Compress)

Expand All @@ -27,9 +27,9 @@ foreach ($role in $RoleMappings) {
New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($QueueItem)/accessAssignments" -tenantid $env:TenantID -type POST -body $MappingBody -verbose
Start-Sleep -Milliseconds 100
} catch {
Write-LogMessage -API $APINAME -message "GDAP Group mapping failed - $($role.GroupId): $($_.Exception.Message)" -Sev 'Debug'
Write-LogMessage -API $APINAME -message "GDAP Group mapping failed - $($role.GroupId): $($_.Exception.Message)" -Sev Error
exit 1
}
Write-LogMessage -API $APINAME -message "Groups mapped for GDAP Relationship: $($GdapInvite.RowKey)"
Write-LogMessage -API $APINAME -message "Groups mapped for GDAP Relationship: $($GdapInvite.RowKey)" -Sev Info
}
Remove-AzDataTableEntity @Table -Entity $Invite

0 comments on commit 6e52317

Please sign in to comment.