diff --git a/ExecGDAPInvite/run.ps1 b/ExecGDAPInvite/run.ps1 index ff966b6e8a75..2e043db68286 100644 --- a/ExecGDAPInvite/run.ps1 +++ b/ExecGDAPInvite/run.ps1 @@ -7,19 +7,18 @@ $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $RoleMappings = $Request.body.gdapRoles -$Results = [System.Collections.ArrayList]@() +$Results = [System.Collections.Generic.List[string]]::new() +$InviteUrls = [System.Collections.Generic.List[string]]::new() $Table = Get-CIPPTable -TableName 'GDAPInvites' try { $JSONBody = @{ - 'displayName' = "$((New-Guid).GUID)" - 'partner' = @{ - 'tenantId' = "$env:tenantid" - } - 'accessDetails' = @{ + 'displayName' = "$((New-Guid).GUID)" + 'accessDetails' = @{ 'unifiedRoles' = @($RoleMappings | Select-Object roleDefinitionId) } - 'duration' = 'P730D' + 'autoExtendDuration' = 'P180D' + 'duration' = 'P730D' } | ConvertTo-Json -Depth 5 -Compress $NewRelationship = New-GraphPostRequest -NoAuthCheck $True -uri 'https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships' -type POST -body $JSONBody -verbose -tenantid $env:TenantID @@ -40,6 +39,7 @@ try { if ($NewRelationshipRequest.action -eq 'lockForApproval') { $InviteUrl = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($NewRelationship.id)" + $InviteUrls.Add($InviteUrl) $InviteEntity = [PSCustomObject]@{ 'PartitionKey' = 'invite' @@ -58,9 +58,12 @@ try { $Results.add('Error creating GDAP relationship') } -Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Debug' +Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info' -$body = @{Results = @($Results) } +$body = @{ + Results = @($Results) + InviteUrls = @($InviteUrls) +} Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK Body = $body diff --git a/ExecGDAPInviteQueue/run.ps1 b/ExecGDAPInviteQueue/run.ps1 index 3d9fd22c68b6..78e43c118449 100644 --- a/ExecGDAPInviteQueue/run.ps1 +++ b/ExecGDAPInviteQueue/run.ps1 @@ -7,7 +7,7 @@ Write-Host "PowerShell queue trigger function processed work item: $QueueItem" $Table = Get-CIPPTable -TableName 'GDAPInvites' $Invite = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$QueueItem'" - +$APINAME = 'GDAPInvites' $RoleMappings = $Invite.RoleMappings | ConvertFrom-Json Write-Host ($Invite | ConvertTo-Json -Compress) @@ -27,9 +27,9 @@ foreach ($role in $RoleMappings) { New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($QueueItem)/accessAssignments" -tenantid $env:TenantID -type POST -body $MappingBody -verbose Start-Sleep -Milliseconds 100 } catch { - Write-LogMessage -API $APINAME -message "GDAP Group mapping failed - $($role.GroupId): $($_.Exception.Message)" -Sev 'Debug' + Write-LogMessage -API $APINAME -message "GDAP Group mapping failed - $($role.GroupId): $($_.Exception.Message)" -Sev Error exit 1 } - Write-LogMessage -API $APINAME -message "Groups mapped for GDAP Relationship: $($GdapInvite.RowKey)" + Write-LogMessage -API $APINAME -message "Groups mapped for GDAP Relationship: $($GdapInvite.RowKey)" -Sev Info } Remove-AzDataTableEntity @Table -Entity $Invite