@pnp/cli-microsoft365 10.3.0-beta.cd20f0c → 10.3.0-beta.ea113b7

package/dist/m365/commands/login.js

@@ -37,16 +37,16 @@ class LoginCommand extends Command {
     }
     getRefinedSchema(schema) {
         return schema
-            .refine(options => typeof options.appId !== 'undefined' || cli.getClientId(), {
-            message: `appId is required. TIP: use the "m365 setup" command to configure the default appId`,
+            .refine(options => typeof options.appId !== 'undefined' || cli.getClientId() || options.authType === 'identity', {
+            message: `appId is required. TIP: use the "m365 setup" command to configure the default appId.`,
             path: ['appId']
         })
             .refine(options => options.authType !== 'password' || options.userName, {
-            message: 'Username is required when using password authentication',
+            message: 'Username is required when using password authentication.',
             path: ['userName']
         })
             .refine(options => options.authType !== 'password' || options.password, {
-            message: 'Password is required when using password authentication',
+            message: 'Password is required when using password authentication.',
             path: ['password']
         })
             .refine(options => options.authType !== 'certificate' || !(options.certificateFile && options.certificateBase64Encoded), {
@@ -58,13 +58,13 @@ class LoginCommand extends Command {
             options.certificateBase64Encoded ||
             cli.getConfig().get(settingsNames.clientCertificateFile) ||
             cli.getConfig().get(settingsNames.clientCertificateBase64Encoded), {
-            message: 'Specify either certificateFile or certificateBase64Encoded',
+            message: 'Specify either certificateFile or certificateBase64Encoded.',
             path: ['certificateFile']
         })
             .refine(options => options.authType !== 'secret' ||
             options.secret ||
             cli.getConfig().get(settingsNames.clientSecret), {
-            message: 'Secret is required when using secret authentication',
+            message: 'Secret is required when using secret authentication.',
             path: ['secret']
         });
     }

package/dist/m365/entra/commands/approleassignment/approleassignment-remove.js

@@ -111,7 +111,7 @@ class EntraAppRoleAssignmentRemoveCommand extends GraphCommand {
             await removeAppRoleAssignment();
         }
         else {
-            const result = await cli.promptForConfirmation({ message: `Are you sure you want to remove the appRoleAssignment with scope ${args.options.scope} for resource ${args.options.resource}?` });
+            const result = await cli.promptForConfirmation({ message: `Are you sure you want to remove the appRoleAssignment with scope(s) ${args.options.scopes} for resource ${args.options.resource}?` });
             if (result) {
                 await removeAppRoleAssignment();
             }

package/dist/m365/entra/commands/group/group-list.js

@@ -39,7 +39,8 @@ class EntraGroupListCommand extends GraphCommand {
                         requestUrl += '?$filter=securityEnabled eq true and mailEnabled eq false';
                         break;
                     case 'distribution':
-                        requestUrl += '?$filter=securityEnabled eq false and mailEnabled eq true';
+                        useConsistencyLevelHeader = true;
+                        requestUrl += `?$filter=securityEnabled eq false and mailEnabled eq true and not(groupTypes/any(t:t eq 'Unified'))&$count=true`;
                         break;
                     case 'mailEnabledSecurity':
                         useConsistencyLevelHeader = true;
@@ -77,7 +78,7 @@ class EntraGroupListCommand extends GraphCommand {
             }
             if (cli.shouldTrimOutput(args.options.output)) {
                 groups.forEach((group) => {
-                    if (group.groupTypes && group.groupTypes.length > 0 && group.groupTypes[0] === 'Unified') {
+                    if (group.groupTypes && group.groupTypes.length > 0 && group.groupTypes.includes('Unified')) {
                         group.groupType = 'Microsoft 365';
                     }
                     else if (group.mailEnabled && group.securityEnabled) {

package/dist/m365/entra/commands/pim/pim-role-assignment-remove.js

@@ -0,0 +1,186 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _EntraPimRoleAssignmentRemoveCommand_instances, _EntraPimRoleAssignmentRemoveCommand_initTelemetry, _EntraPimRoleAssignmentRemoveCommand_initOptions, _EntraPimRoleAssignmentRemoveCommand_initValidators, _EntraPimRoleAssignmentRemoveCommand_initOptionSets, _EntraPimRoleAssignmentRemoveCommand_initTypes;
+import request from '../../../../request.js';
+import GraphCommand from '../../../base/GraphCommand.js';
+import commands from '../../commands.js';
+import { roleDefinition } from '../../../../utils/roleDefinition.js';
+import { validation } from '../../../../utils/validation.js';
+import { entraUser } from '../../../../utils/entraUser.js';
+import { entraGroup } from '../../../../utils/entraGroup.js';
+import { accessToken } from '../../../../utils/accessToken.js';
+import auth from '../../../../Auth.js';
+class EntraPimRoleAssignmentRemoveCommand extends GraphCommand {
+    get name() {
+        return commands.PIM_ROLE_ASSIGNMENT_REMOVE;
+    }
+    get description() {
+        return 'Request deactivation of an Entra role assignment for a user or group';
+    }
+    constructor() {
+        super();
+        _EntraPimRoleAssignmentRemoveCommand_instances.add(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentRemoveCommand_instances, "m", _EntraPimRoleAssignmentRemoveCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentRemoveCommand_instances, "m", _EntraPimRoleAssignmentRemoveCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentRemoveCommand_instances, "m", _EntraPimRoleAssignmentRemoveCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentRemoveCommand_instances, "m", _EntraPimRoleAssignmentRemoveCommand_initOptionSets).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentRemoveCommand_instances, "m", _EntraPimRoleAssignmentRemoveCommand_initTypes).call(this);
+    }
+    async commandAction(logger, args) {
+        const { userId, userName, groupId, groupName, ticketNumber, ticketSystem } = args.options;
+        try {
+            const token = auth.connection.accessTokens[auth.defaultResource].accessToken;
+            const isAppOnlyAccessToken = accessToken.isAppOnlyAccessToken(token);
+            if (isAppOnlyAccessToken && !userId && !userName && !groupId && !groupName) {
+                throw 'When running with application permissions either userId, userName, groupId or groupName is required';
+            }
+            const roleDefinitionId = await this.getRoleDefinitionId(args.options, logger);
+            const principalId = await this.getPrincipalId(args.options, logger);
+            const requestOptions = {
+                url: `${this.resource}/v1.0/roleManagement/directory/roleAssignmentScheduleRequests`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=none'
+                },
+                responseType: 'json',
+                data: {
+                    principalId: principalId,
+                    roleDefinitionId: roleDefinitionId,
+                    directoryScopeId: this.getDirectoryScope(args.options),
+                    action: !userId && !userName && !groupId && !groupName ? 'selfDeactivate' : 'adminRemove',
+                    justification: args.options.justification,
+                    ticketInfo: {
+                        ticketNumber: ticketNumber,
+                        ticketSystem: ticketSystem
+                    }
+                }
+            };
+            const response = await request.post(requestOptions);
+            await logger.log(response);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    async getRoleDefinitionId(options, logger) {
+        if (options.roleDefinitionId) {
+            return options.roleDefinitionId;
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving role definition by its name '${options.roleDefinitionName}'`);
+        }
+        const role = await roleDefinition.getRoleDefinitionByDisplayName(options.roleDefinitionName);
+        return role.id;
+    }
+    async getPrincipalId(options, logger) {
+        if (options.userId || options.groupId) {
+            return options.userId || options.groupId;
+        }
+        if (options.userName) {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving user by its name '${options.userName}'`);
+            }
+            return await entraUser.getUserIdByUpn(options.userName);
+        }
+        else if (options.groupName) {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving group by its name '${options.groupName}'`);
+            }
+            return await entraGroup.getGroupIdByDisplayName(options.groupName);
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving id of the current user`);
+        }
+        const token = auth.connection.accessTokens[auth.defaultResource].accessToken;
+        return accessToken.getUserIdFromAccessToken(token);
+    }
+    getDirectoryScope(options) {
+        if (options.administrativeUnitId) {
+            return `/administrativeUnits/${options.administrativeUnitId}`;
+        }
+        if (options.applicationId) {
+            return `/${options.applicationId}`;
+        }
+        return '/';
+    }
+}
+_EntraPimRoleAssignmentRemoveCommand_instances = new WeakSet(), _EntraPimRoleAssignmentRemoveCommand_initTelemetry = function _EntraPimRoleAssignmentRemoveCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            roleDefinitionName: typeof args.options.roleDefinitionName !== 'undefined',
+            roleDefinitionId: typeof args.options.roleDefinitionId !== 'undefined',
+            userId: typeof args.options.userId !== 'undefined',
+            userName: typeof args.options.userName !== 'undefined',
+            groupId: typeof args.options.groupId !== 'undefined',
+            groupName: typeof args.options.groupName !== 'undefined',
+            administrativeUnitId: typeof args.options.administrativeUnitId !== 'undefined',
+            applicationId: typeof args.options.applicationId !== 'undefined',
+            justification: typeof args.options.justification !== 'undefined',
+            ticketNumber: typeof args.options.ticketNumber !== 'undefined',
+            ticketSystem: typeof args.options.ticketSystem !== 'undefined'
+        });
+    });
+}, _EntraPimRoleAssignmentRemoveCommand_initOptions = function _EntraPimRoleAssignmentRemoveCommand_initOptions() {
+    this.options.unshift({
+        option: '-n, --roleDefinitionName [roleDefinitionName]'
+    }, {
+        option: '-i, --roleDefinitionId [roleDefinitionId]'
+    }, {
+        option: "--userId [userId]"
+    }, {
+        option: "--userName [userName]"
+    }, {
+        option: "--groupId [groupId]"
+    }, {
+        option: "--groupName [groupName]"
+    }, {
+        option: "--administrativeUnitId [administrativeUnitId]"
+    }, {
+        option: "--applicationId [applicationId]"
+    }, {
+        option: "-j, --justification [justification]"
+    }, {
+        option: "--ticketNumber [ticketNumber]"
+    }, {
+        option: "--ticketSystem [ticketSystem]"
+    });
+}, _EntraPimRoleAssignmentRemoveCommand_initValidators = function _EntraPimRoleAssignmentRemoveCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.roleDefinitionId && !validation.isValidGuid(args.options.roleDefinitionId)) {
+            return `${args.options.roleDefinitionId} is not a valid GUID`;
+        }
+        if (args.options.userId && !validation.isValidGuid(args.options.userId)) {
+            return `${args.options.userId} is not a valid GUID`;
+        }
+        if (args.options.groupId && !validation.isValidGuid(args.options.groupId)) {
+            return `${args.options.groupId} is not a valid GUID`;
+        }
+        if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
+            return `${args.options.administrativeUnitId} is not a valid GUID`;
+        }
+        if (args.options.applicationId && !validation.isValidGuid(args.options.applicationId)) {
+            return `${args.options.applicationId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _EntraPimRoleAssignmentRemoveCommand_initOptionSets = function _EntraPimRoleAssignmentRemoveCommand_initOptionSets() {
+    this.optionSets.push({ options: ['roleDefinitionName', 'roleDefinitionId'] });
+    this.optionSets.push({
+        options: ['userId', 'userName', 'groupId', 'groupName'],
+        runsWhen: (args) => {
+            return args.options.userId !== undefined || args.options.userName !== undefined || args.options.groupId !== undefined || args.options.groupName !== undefined;
+        }
+    });
+    this.optionSets.push({
+        options: ['administrativeUnitId', 'applicationId'],
+        runsWhen: (args) => {
+            return args.options.administrativeUnitId !== undefined || args.options.applicationId !== undefined;
+        }
+    });
+}, _EntraPimRoleAssignmentRemoveCommand_initTypes = function _EntraPimRoleAssignmentRemoveCommand_initTypes() {
+    this.types.string.push('userId', 'userName', 'groupId', 'groupName', 'administrativeUnitId', 'applicationId', 'roleDefinitionName', 'roleDefinitionId', 'justification', 'ticketNumber', 'ticketSystem');
+};
+export default new EntraPimRoleAssignmentRemoveCommand();
+//# sourceMappingURL=pim-role-assignment-remove.js.map

package/dist/m365/entra/commands.js

@@ -84,6 +84,7 @@ export default {
     OAUTH2GRANT_SET: `${prefix} oauth2grant set`,
     PIM_ROLE_ASSIGNMENT_ADD: `${prefix} pim role assignment add`,
     PIM_ROLE_ASSIGNMENT_LIST: `${prefix} pim role assignment list`,
+    PIM_ROLE_ASSIGNMENT_REMOVE: `${prefix} pim role assignment remove`,
     PIM_ROLE_ASSIGNMENT_ELIGIBILITY_LIST: `${prefix} pim role assignment eligibility list`,
     PIM_ROLE_REQUEST_LIST: `${prefix} pim role request list`,
     POLICY_LIST: `${prefix} policy list`,

package/dist/m365/exo/commands/approleassignment/approleassignment-add.js

@@ -0,0 +1,235 @@
+import { z } from 'zod';
+import { globalOptionsZod } from '../../../../Command.js';
+import { roleDefinition } from '../../../../utils/roleDefinition.js';
+import { validation } from '../../../../utils/validation.js';
+import GraphCommand from '../../../base/GraphCommand.js';
+import commands from '../../commands.js';
+import request from '../../../../request.js';
+import { entraUser } from '../../../../utils/entraUser.js';
+import { entraGroup } from '../../../../utils/entraGroup.js';
+import { entraAdministrativeUnit } from '../../../../utils/entraAdministrativeUnit.js';
+import { entraServicePrincipal } from '../../../../utils/entraServicePrincipal.js';
+import { zod } from '../../../../utils/zod.js';
+import { customAppScope } from '../../../../utils/customAppScope.js';
+const options = globalOptionsZod
+    .extend({
+    roleDefinitionId: z.string().optional(),
+    roleDefinitionName: z.string().optional(),
+    principalId: z.string().optional(),
+    principalName: z.string().optional(),
+    scope: zod.alias('s', z.enum(['tenant', 'user', 'group', 'administrativeUnit', 'custom'])),
+    userId: z.string().optional(),
+    userName: z.string().optional(),
+    groupId: z.string().optional(),
+    groupName: z.string().optional(),
+    administrativeUnitId: z.string().optional(),
+    administrativeUnitName: z.string().optional(),
+    customAppScopeId: z.string().optional(),
+    customAppScopeName: z.string().optional()
+})
+    .strict();
+class ExoAppRoleAssignmentAddCommand extends GraphCommand {
+    get name() {
+        return commands.APPROLEASSIGNMENT_ADD;
+    }
+    get description() {
+        return `Grant permissions to an application that's accessing data in Exchange Online and specify which mailboxes an app can access.`;
+    }
+    get schema() {
+        return options;
+    }
+    getRefinedSchema(schema) {
+        return schema
+            .refine(options => !options.roleDefinitionId !== !options.roleDefinitionName, {
+            message: 'Specify either roleDefinitionId or roleDefinitionName, but not both'
+        })
+            .refine(options => options.roleDefinitionId || options.roleDefinitionName, {
+            message: 'Specify either roleDefinitionId or roleDefinitionName'
+        })
+            .refine(options => (!options.roleDefinitionId && !options.roleDefinitionName) || options.roleDefinitionName || (options.roleDefinitionId && validation.isValidGuid(options.roleDefinitionId)), options => ({
+            message: `The '${options.roleDefinitionId}' must be a valid GUID`,
+            path: ['roleDefinitionId']
+        }))
+            .refine(options => !options.principalId !== !options.principalName, {
+            message: 'Specify either principalId or principalName, but not both'
+        })
+            .refine(options => options.principalId || options.principalName, {
+            message: 'Specify either principalId or principalName'
+        })
+            .refine(options => (!options.principalId && !options.principalName) || options.principalName || (options.principalId && validation.isValidGuid(options.principalId)), options => ({
+            message: `The '${options.principalId}' must be a valid GUID`,
+            path: ['principalId']
+        }))
+            .refine(options => options.scope !== 'tenant' || Object.values([options.userId, options.userName, options.groupId, options.groupName, options.administrativeUnitId, options.administrativeUnitName, options.customAppScopeId, options.customAppScopeName]).filter(v => typeof v !== 'undefined').length === 0, {
+            message: "When the scope is set to 'tenant' then do not specify neither userId, userName, groupId, groupName, administrativeUnitId, administrativeUnitName, customAppScopeId nor customAppScopeName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'user' || Object.values([options.groupId, options.groupName, options.administrativeUnitId, options.administrativeUnitName, options.customAppScopeId, options.customAppScopeName]).filter(v => typeof v !== 'undefined').length === 0, {
+            message: "When the scope is set to 'user' then do not specify groupId, groupName, administrativeUnitId, administrativeUnitName, customAppScopeId nor customAppScopeName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'user' || (!options.userId !== !options.userName), {
+            message: "When the scope is set to 'user' specify either userId or userName, but not both",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'user' || (options.userId || options.userName), {
+            message: "When the scope is set to 'user' specify either userId or userName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'user' || (!options.userId && !options.userName) || options.userName || (options.userId && validation.isValidGuid(options.userId)), options => ({
+            message: `The '${options.userId}' must be a valid GUID`,
+            path: ['userId']
+        }))
+            .refine(options => options.scope !== 'user' || (!options.userId && !options.userName) || options.userId || (options.userName && validation.isValidUserPrincipalName(options.userName)), options => ({
+            message: `The '${options.userId}' must be a valid GUID`,
+            path: ['userName']
+        }))
+            .refine(options => options.scope !== 'group' || Object.values([options.userId, options.userName, options.administrativeUnitId, options.administrativeUnitName, options.customAppScopeId, options.customAppScopeName]).filter(v => typeof v !== 'undefined').length === 0, {
+            message: "When the scope is set to 'group' then do not specify userId, userName, administrativeUnitId, administrativeUnitName, customAppScopeId nor customAppScopeName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'group' || (!options.groupId !== !options.groupName), {
+            message: "When the scope is set to 'group' specify either groupId or groupName, but not both",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'group' || (options.groupId || options.groupName), {
+            message: "When the scope is set to 'group' specify either groupId or groupName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'group' || (!options.groupId && !options.groupName) || options.groupName || (options.groupId && validation.isValidGuid(options.groupId)), options => ({
+            message: `The '${options.groupId}' must be a valid GUID`,
+            path: ['groupId']
+        }))
+            .refine(options => options.scope !== 'administrativeUnit' || Object.values([options.userId, options.userName, options.groupId, options.groupName, options.customAppScopeId, options.customAppScopeName]).filter(v => typeof v !== 'undefined').length === 0, {
+            message: "When the scope is set to 'administrativeUnit' then do not specify userId, userName, groupId, groupName, customAppScopeId nor customAppScopeName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'administrativeUnit' || (!options.administrativeUnitId !== !options.administrativeUnitName), {
+            message: "When the scope is set to 'administrativeUnit' specify either administrativeUnitId or administrativeUnitName, but not both",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'administrativeUnit' || (options.administrativeUnitId || options.administrativeUnitName), {
+            message: "When the scope is set to 'administrativeUnit' specify either administrativeUnitId or administrativeUnitName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'administrativeUnit' || (!options.administrativeUnitId && !options.administrativeUnitName) || options.administrativeUnitName || (options.administrativeUnitId && validation.isValidGuid(options.administrativeUnitId)), options => ({
+            message: `The '${options.administrativeUnitId}' must be a valid GUID`,
+            path: ['administrativeUnitId']
+        }))
+            .refine(options => options.scope !== 'custom' || Object.values([options.userId, options.userName, options.groupId, options.groupName, options.administrativeUnitId, options.administrativeUnitName]).filter(v => typeof v !== 'undefined').length === 0, {
+            message: "When the scope is set to 'custom' then do not specify userId, userName, groupId, groupName, administrativeUnitId nor administrativeUnitName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'custom' || (!options.customAppScopeId !== !options.customAppScopeName), {
+            message: "When the scope is set to 'custom' specify either customAppScopeId or customAppScopeName, but not both",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'custom' || (options.customAppScopeId || options.customAppScopeName), {
+            message: "When the scope is set to 'custom' specify either customAppScopeId or customAppScopeName",
+            path: ['scope']
+        })
+            .refine(options => options.scope !== 'custom' || (!options.customAppScopeId && !options.customAppScopeName) || options.customAppScopeName || (options.customAppScopeId && validation.isValidGuid(options.customAppScopeId)), options => ({
+            message: `The '${options.customAppScopeId}' must be a valid GUID`,
+            path: ['customAppScopeId']
+        }));
+    }
+    async commandAction(logger, args) {
+        try {
+            const roleDefinitionId = await this.getRoleDefinitionId(args.options, logger);
+            const data = {
+                roleDefinitionId: roleDefinitionId,
+                principalId: await this.getPrincipalId(args.options, logger),
+                directoryScopeId: await this.getDirectoryScopeId(args.options),
+                appScopeId: await this.getAppScopeId(args.options, logger)
+            };
+            const requestOptions = {
+                url: `${this.resource}/beta/roleManagement/exchange/roleAssignments`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none'
+                },
+                responseType: 'json',
+                data: data
+            };
+            const response = await request.post(requestOptions);
+            await logger.log(response);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    async getRoleDefinitionId(options, logger) {
+        if (options.roleDefinitionId) {
+            return options.roleDefinitionId;
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving role definition by its name '${options.roleDefinitionName}'`);
+        }
+        const role = await roleDefinition.getExchangeRoleDefinitionByDisplayName(options.roleDefinitionName);
+        return role.id;
+    }
+    async getPrincipalId(options, logger) {
+        if (options.principalId) {
+            return `/ServicePrincipals/${options.principalId}`;
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving service principal by its name '${options.principalName}'`);
+        }
+        const principal = await entraServicePrincipal.getServicePrincipalByAppName(options.principalName, 'id');
+        return `/ServicePrincipals/${principal.id}`;
+    }
+    async getDirectoryScopeId(options) {
+        if (options.scope === 'custom') {
+            return null;
+        }
+        let prefix = '/';
+        let resourceId = '';
+        switch (options.scope) {
+            case 'tenant':
+                break;
+            case 'user':
+                prefix = '/users/';
+                if (options.userId) {
+                    resourceId = options.userId;
+                }
+                else if (options.userName) {
+                    resourceId = await entraUser.getUserIdByUpn(options.userName);
+                }
+                break;
+            case 'group':
+                prefix = '/groups/';
+                if (options.groupId) {
+                    resourceId = options.groupId;
+                }
+                else if (options.groupName) {
+                    resourceId = await entraGroup.getGroupIdByDisplayName(options.groupName);
+                }
+                break;
+            case 'administrativeUnit':
+                prefix = '/administrativeUnits/';
+                if (options.administrativeUnitId) {
+                    resourceId = options.administrativeUnitId;
+                }
+                else if (options.administrativeUnitName) {
+                    const administrativeUnit = await entraAdministrativeUnit.getAdministrativeUnitByDisplayName(options.administrativeUnitName);
+                    resourceId = administrativeUnit.id;
+                }
+                break;
+        }
+        return `${prefix}${resourceId}`;
+    }
+    async getAppScopeId(options, logger) {
+        if (options.scope !== 'custom') {
+            return null;
+        }
+        if (options.customAppScopeId) {
+            return options.customAppScopeId;
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving custom application scope by its name '${options.customAppScopeName}'`);
+        }
+        const applicationScopeId = (await customAppScope.getCustomAppScopeByDisplayName(options.customAppScopeName, 'id')).id;
+        return applicationScopeId;
+    }
+}
+export default new ExoAppRoleAssignmentAddCommand();
+//# sourceMappingURL=approleassignment-add.js.map

package/dist/m365/exo/commands.js

@@ -0,0 +1,5 @@
+const prefix = 'exo';
+export default {
+    APPROLEASSIGNMENT_ADD: `${prefix} approleassignment add`
+};
+//# sourceMappingURL=commands.js.map

package/dist/m365/pp/commands/website/website-get.js

@@ -0,0 +1,60 @@
+import { globalOptionsZod } from '../../../../Command.js';
+import { powerPlatform } from '../../../../utils/powerPlatform.js';
+import { validation } from '../../../../utils/validation.js';
+import { zod } from '../../../../utils/zod.js';
+import PowerPlatformCommand from '../../../base/PowerPlatformCommand.js';
+import commands from '../../commands.js';
+import { z } from 'zod';
+const options = globalOptionsZod
+    .extend({
+    url: zod.alias('u', z.string().optional()
+        .refine(url => url === undefined || validation.isValidPowerPagesUrl(url) === true, url => ({
+        message: `'${url}' is not a valid Power Pages URL.`
+    }))),
+    id: zod.alias('i', z.string().uuid().optional()),
+    name: zod.alias('n', z.string().optional()),
+    environmentName: zod.alias('e', z.string())
+}).strict();
+class PpWebSiteGetCommand extends PowerPlatformCommand {
+    get name() {
+        return commands.WEBSITE_GET;
+    }
+    get description() {
+        return 'Gets information about the specified Power Pages website.';
+    }
+    defaultProperties() {
+        return ['id', 'name', 'websiteUrl', 'tenantId', 'subdomain', 'type', 'status', 'siteVisibility'];
+    }
+    get schema() {
+        return options;
+    }
+    getRefinedSchema(schema) {
+        return schema
+            .refine(options => [options.url, options.id, options.name].filter(x => x !== undefined).length === 1, {
+            message: `Specify either url, id or name, but not multiple.`
+        });
+    }
+    async commandAction(logger, args) {
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving the website...`);
+        }
+        try {
+            let item = null;
+            if (args.options.id) {
+                item = await powerPlatform.getWebsiteById(args.options.environmentName, args.options.id);
+            }
+            else if (args.options.name) {
+                item = await powerPlatform.getWebsiteByName(args.options.environmentName, args.options.name);
+            }
+            else if (args.options.url) {
+                item = await powerPlatform.getWebsiteByUrl(args.options.environmentName, args.options.url);
+            }
+            await logger.log(item);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+}
+export default new PpWebSiteGetCommand();
+//# sourceMappingURL=website-get.js.map

package/dist/m365/pp/commands.js

@@ -33,6 +33,7 @@ export default {
     SOLUTION_PUBLISHER_LIST: `${prefix} solution publisher list`,
     SOLUTION_PUBLISHER_REMOVE: `${prefix} solution publisher remove`,
     TENANT_SETTINGS_LIST: `${prefix} tenant settings list`,
-    TENANT_SETTINGS_SET: `${prefix} tenant settings set`
+    TENANT_SETTINGS_SET: `${prefix} tenant settings set`,
+    WEBSITE_GET: `${prefix} website get`
 };
 //# sourceMappingURL=commands.js.map

package/dist/m365/spo/commands/file/file-roleassignment-add.js

@@ -11,6 +11,7 @@ import { urlUtil } from '../../../../utils/urlUtil.js';
 import { validation } from '../../../../utils/validation.js';
 import SpoCommand from '../../../base/SpoCommand.js';
 import commands from '../../commands.js';
+import { entraGroup } from '../../../../utils/entraGroup.js';
 class SpoFileRoleAssignmentAddCommand extends SpoCommand {
     get name() {
         return commands.FILE_ROLEASSIGNMENT_ADD;
@@ -42,6 +43,20 @@ class SpoFileRoleAssignmentAddCommand extends SpoCommand {
                 const groupPrincipalId = await this.getGroupPrincipalId(args.options, logger);
                 await this.addRoleAssignment(fileUrl, args.options.webUrl, groupPrincipalId, roleDefinitionId);
             }
+            else if (args.options.entraGroupId || args.options.entraGroupName) {
+                if (this.verbose) {
+                    await logger.logToStderr('Retrieving group information...');
+                }
+                let group;
+                if (args.options.entraGroupId) {
+                    group = await entraGroup.getGroupById(args.options.entraGroupId);
+                }
+                else {
+                    group = await entraGroup.getGroupByDisplayName(args.options.entraGroupName);
+                }
+                const entraSiteUser = await spo.ensureEntraGroup(args.options.webUrl, group);
+                await this.addRoleAssignment(fileUrl, args.options.webUrl, entraSiteUser.Id, roleDefinitionId);
+            }
             else {
                 await this.addRoleAssignment(fileUrl, args.options.webUrl, args.options.principalId, roleDefinitionId);
             }
@@ -93,6 +108,8 @@ _SpoFileRoleAssignmentAddCommand_instances = new WeakSet(), _SpoFileRoleAssignme
             principalId: typeof args.options.principalId !== 'undefined',
             upn: typeof args.options.upn !== 'undefined',
             groupName: typeof args.options.groupName !== 'undefined',
+            entraGroupId: typeof args.options.entraGroupId !== 'undefined',
+            entraGroupName: typeof args.options.entraGroupName !== 'undefined',
             roleDefinitionId: typeof args.options.roleDefinitionId !== 'undefined',
             roleDefinitionName: typeof args.options.roleDefinitionName !== 'undefined'
         });
@@ -110,6 +127,10 @@ _SpoFileRoleAssignmentAddCommand_instances = new WeakSet(), _SpoFileRoleAssignme
         option: '--upn [upn]'
     }, {
         option: '--groupName [groupName]'
+    }, {
+        option: '--entraGroupId [entraGroupId]'
+    }, {
+        option: '--entraGroupName [entraGroupName]'
     }, {
         option: '--roleDefinitionId [roleDefinitionId]'
     }, {
@@ -127,15 +148,18 @@ _SpoFileRoleAssignmentAddCommand_instances = new WeakSet(), _SpoFileRoleAssignme
         if (args.options.principalId && isNaN(args.options.principalId)) {
             return `Specified principalId ${args.options.principalId} is not a number`;
         }
+        if (args.options.entraGroupId && !validation.isValidGuid(args.options.entraGroupId)) {
+            return `'${args.options.entraGroupId}' is not a valid GUID for option entraGroupId`;
+        }
         if (args.options.roleDefinitionId && isNaN(args.options.roleDefinitionId)) {
             return `Specified roleDefinitionId ${args.options.roleDefinitionId} is not a number`;
         }
         return true;
     });
 }, _SpoFileRoleAssignmentAddCommand_initOptionSets = function _SpoFileRoleAssignmentAddCommand_initOptionSets() {
-    this.optionSets.push({ options: ['fileId', 'fileUrl'] }, { options: ['principalId', 'upn', 'groupName'] }, { options: ['roleDefinitionId', 'roleDefinitionName'] });
+    this.optionSets.push({ options: ['fileId', 'fileUrl'] }, { options: ['principalId', 'upn', 'groupName', 'entraGroupId', 'entraGroupName'] }, { options: ['roleDefinitionId', 'roleDefinitionName'] });
 }, _SpoFileRoleAssignmentAddCommand_initTypes = function _SpoFileRoleAssignmentAddCommand_initTypes() {
-    this.types.string.push('webUrl', 'fileUrl', 'fileId', 'upn', 'groupName', 'roleDefinitionName');
+    this.types.string.push('webUrl', 'fileUrl', 'fileId', 'upn', 'groupName', 'entraGroupId', 'entraGroupName', 'roleDefinitionName');
 };
 export default new SpoFileRoleAssignmentAddCommand();
 //# sourceMappingURL=file-roleassignment-add.js.map