@pnp/cli-microsoft365 4.3.0-beta.c761547 → 5.0.0-beta.117f66f

package/dist/appInsights.js

@@ -20,7 +20,8 @@ const env = process.env.CLIMICROSOFT365_ENV !== undefined ? process.env.CLIMICRO
 appInsights.defaultClient.commonProperties = {
     version: version,
     node: process.version,
-    env: env
+    env: env,
+    ci: Boolean(process.env.CI).toString()
 };
 appInsights.defaultClient.context.tags['ai.session.id'] = crypto.randomBytes(24).toString('base64');
 appInsights.defaultClient.context.tags['ai.cloud.roleInstance'] = crypto.createHash('sha256').update(appInsights.defaultClient.context.tags['ai.cloud.roleInstance']).digest('hex');

package/dist/cli/Cli.js

@@ -17,6 +17,7 @@ const path = require("path");
 const appInsights_1 = require("../appInsights");
 const Command_1 = require("../Command");
 const config_1 = require("../config");
+const request_1 = require("../request");
 const settingsNames_1 = require("../settingsNames");
 const Utils_1 = require("../Utils");
 const packageJSON = require('../../package.json');
@@ -204,16 +205,20 @@ class Cli {
                 }
             };
             if (args.options.debug) {
-                Cli.log(`Executing command ${command.name} with options ${JSON.stringify(args)}`);
+                logErr.push(`Executing command ${command.name} with options ${JSON.stringify(args)}`);
             }
             // store the current command name, if any and set the name to the name of
             // the command to execute
             const cli = Cli.getInstance();
             const parentCommandName = cli.currentCommandName;
             cli.currentCommandName = command.getCommandName();
+            // store the current logger if any
+            const currentLogger = request_1.default.logger;
             command.action(logger, args, (err) => {
                 // restore the original command name
                 cli.currentCommandName = parentCommandName;
+                // restore the original logger
+                request_1.default.logger = currentLogger;
                 if (err) {
                     return reject({
                         error: err,
@@ -416,11 +421,11 @@ class Cli {
         if (arrayType !== 'object') {
             return logStatement.join(os.EOL);
         }
-        // if output type has been set to 'text', process the retrieved
+        // if output type has been set to 'text' or 'csv', process the retrieved
         // data so that returned objects contain only default properties specified
         // on the current command. If there is no current command or the
         // command doesn't specify default properties, return original data
-        if (options.output === 'text') {
+        if (options.output === 'text' || options.output === 'csv') {
             const cli = Cli.getInstance();
             const currentCommand = cli.commandToExecute;
             if (arrayType === 'object' &&
@@ -440,6 +445,20 @@ class Cli {
                 }
             }
         }
+        if (options.output === 'csv') {
+            const { stringify } = require('csv-stringify/sync');
+            /*
+              https://csv.js.org/stringify/options/
+              header: Display the column names on the first line if the columns option is provided or discovered.
+              escape: Single character used for escaping; only apply to characters matching the quote and the escape options default to ".
+              quote: The quote characters surrounding a field, defaults to the " (double quotation marks), an empty quote value will preserve the original field, whether it contains quotation marks or not.
+              quoted: Boolean, default to false, quote all the non-empty fields even if not required.
+              quotedEmpty: Quote empty strings and overrides quoted_string on empty strings when defined; default is false.
+            */
+            return stringify(logStatement, {
+                header: true
+            });
+        }
         // display object as a list of key-value pairs
         if (logStatement.length === 1) {
             const obj = logStatement[0];

package/dist/m365/aad/commands/oauth2grant/oauth2grant-list.js

@@ -2,9 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const request_1 = require("../../../../request");
 const Utils_1 = require("../../../../Utils");
-const AadCommand_1 = require("../../../base/AadCommand");
+const GraphCommand_1 = require("../../../base/GraphCommand");
 const commands_1 = require("../../commands");
-class AadOAuth2GrantListCommand extends AadCommand_1.default {
+class AadOAuth2GrantListCommand extends GraphCommand_1.default {
     get name() {
         return commands_1.default.OAUTH2GRANT_LIST;
     }
@@ -19,9 +19,9 @@ class AadOAuth2GrantListCommand extends AadCommand_1.default {
             logger.logToStderr(`Retrieving list of OAuth grants for the service principal...`);
         }
         const requestOptions = {
-            url: `${this.resource}/myorganization/oauth2PermissionGrants?api-version=1.6&$filter=clientId eq '${encodeURIComponent(args.options.clientId)}'`,
+            url: `${this.resource}/v1.0/oauth2PermissionGrants?$filter=clientId eq '${encodeURIComponent(args.options.spObjectId)}'`,
             headers: {
-                accept: 'application/json;odata=nometadata'
+                accept: 'application/json;odata.metadata=none'
             },
             responseType: 'json'
         };
@@ -37,15 +37,15 @@ class AadOAuth2GrantListCommand extends AadCommand_1.default {
     options() {
         const options = [
             {
-                option: '-i, --clientId <clientId>'
+                option: '-i, --spObjectId <spObjectId>'
             }
         ];
         const parentOptions = super.options();
         return options.concat(parentOptions);
     }
     validate(args) {
-        if (!Utils_1.default.isValidGuid(args.options.clientId)) {
-            return `${args.options.clientId} is not a valid GUID`;
+        if (!Utils_1.default.isValidGuid(args.options.spObjectId)) {
+            return `${args.options.spObjectId} is not a valid GUID`;
         }
         return true;
     }

package/dist/m365/aad/commands/oauth2grant/oauth2grant-remove.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("../../../../cli");
 const request_1 = require("../../../../request");
 const GraphCommand_1 = require("../../../base/GraphCommand");
 const commands_1 = require("../../commands");
@@ -11,24 +12,47 @@ class AadOAuth2GrantRemoveCommand extends GraphCommand_1.default {
         return 'Remove specified service principal OAuth2 permissions';
     }
     commandAction(logger, args, cb) {
-        if (this.verbose) {
-            logger.logToStderr(`Removing OAuth2 permissions...`);
-        }
-        const requestOptions = {
-            url: `${this.resource}/v1.0/oauth2PermissionGrants/${encodeURIComponent(args.options.grantId)}`,
-            headers: {
-                'accept': 'application/json;odata.metadata=none'
-            },
-            responseType: 'json'
+        const removeOauth2Grant = () => {
+            if (this.verbose) {
+                logger.logToStderr(`Removing OAuth2 permissions...`);
+            }
+            const requestOptions = {
+                url: `${this.resource}/v1.0/oauth2PermissionGrants/${encodeURIComponent(args.options.grantId)}`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=none'
+                },
+                responseType: 'json'
+            };
+            request_1.default
+                .delete(requestOptions)
+                .then(_ => cb(), (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
         };
-        request_1.default
-            .delete(requestOptions)
-            .then(_ => cb(), (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
+        if (args.options.confirm) {
+            removeOauth2Grant();
+        }
+        else {
+            cli_1.Cli.prompt({
+                type: 'confirm',
+                name: 'continue',
+                default: false,
+                message: `Are you sure you want to remove the OAuth2 permissions for ${args.options.grantId}?`
+            }, (result) => {
+                if (!result.continue) {
+                    cb();
+                }
+                else {
+                    removeOauth2Grant();
+                }
+            });
+        }
     }
     options() {
         const options = [
             {
                 option: '-i, --grantId <grantId>'
+            },
+            {
+                option: '--confirm'
             }
         ];
         const parentOptions = super.options();

package/dist/m365/aad/commands/sp/sp-get.js

@@ -2,9 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const request_1 = require("../../../../request");
 const Utils_1 = require("../../../../Utils");
-const AadCommand_1 = require("../../../base/AadCommand");
+const GraphCommand_1 = require("../../../base/GraphCommand");
 const commands_1 = require("../../commands");
-class AadSpGetCommand extends AadCommand_1.default {
+class AadSpGetCommand extends GraphCommand_1.default {
     get name() {
         return commands_1.default.SP_GET;
     }
@@ -18,35 +18,58 @@ class AadSpGetCommand extends AadCommand_1.default {
         telemetryProps.objectId = (!(!args.options.objectId)).toString();
         return telemetryProps;
     }
-    commandAction(logger, args, cb) {
-        if (this.verbose) {
-            logger.logToStderr(`Retrieving service principal information...`);
+    getSpId(args) {
+        if (args.options.objectId) {
+            return Promise.resolve(args.options.objectId);
         }
         let spMatchQuery = '';
-        if (args.options.appId) {
-            spMatchQuery = `appId eq '${encodeURIComponent(args.options.appId)}'`;
-        }
-        else if (args.options.objectId) {
-            spMatchQuery = `objectId eq '${encodeURIComponent(args.options.objectId)}'`;
-        }
-        else {
+        if (args.options.displayName) {
             spMatchQuery = `displayName eq '${encodeURIComponent(args.options.displayName)}'`;
         }
-        const requestOptions = {
-            url: `${this.resource}/myorganization/servicePrincipals?api-version=1.6&$filter=${spMatchQuery}`,
+        else if (args.options.appId) {
+            spMatchQuery = `appId eq '${encodeURIComponent(args.options.appId)}'`;
+        }
+        const idRequestOptions = {
+            url: `${this.resource}/v1.0/servicePrincipals?$filter=${spMatchQuery}`,
             headers: {
-                accept: 'application/json;odata=nometadata'
+                accept: 'application/json;odata.metadata=none'
             },
             responseType: 'json'
         };
-        request_1.default
-            .get(requestOptions)
-            .then((res) => {
-            if (res.value && res.value.length > 0) {
-                logger.log(res.value[0]);
+        return request_1.default
+            .get(idRequestOptions)
+            .then(response => {
+            const spItem = response.value[0];
+            if (!spItem) {
+                return Promise.reject(`The specified Azure AD app does not exist`);
+            }
+            if (response.value.length > 1) {
+                return Promise.reject(`Multiple Azure AD apps with name ${args.options.displayName} found: ${response.value.map(x => x.id)}`);
             }
+            return Promise.resolve(spItem.id);
+        });
+    }
+    commandAction(logger, args, cb) {
+        if (this.verbose) {
+            logger.logToStderr(`Retrieving service principal information...`);
+        }
+        this
+            .getSpId(args)
+            .then((id) => {
+            const requestOptions = {
+                url: `${this.resource}/v1.0/servicePrincipals/${id}`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none',
+                    'content-type': 'application/json;odata.metadata=none'
+                },
+                responseType: 'json'
+            };
+            return request_1.default.get(requestOptions);
+        })
+            .then((res) => {
+            logger.log(res);
             cb();
-        }, (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
+        }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
     }
     options() {
         const options = [

package/dist/m365/app/commands/permission/permission-list.js

@@ -0,0 +1,266 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("../../../../cli");
+const request_1 = require("../../../../request");
+const appGetCommand = require("../../../aad/commands/app/app-get");
+const AppCommand_1 = require("../../../base/AppCommand");
+const commands_1 = require("../../commands");
+var GetServicePrincipal;
+(function (GetServicePrincipal) {
+    GetServicePrincipal[GetServicePrincipal["withPermissions"] = 0] = "withPermissions";
+    GetServicePrincipal[GetServicePrincipal["withPermissionDefinitions"] = 1] = "withPermissionDefinitions";
+})(GetServicePrincipal || (GetServicePrincipal = {}));
+class AppPermissionListCommand extends AppCommand_1.default {
+    get name() {
+        return commands_1.default.PERMISSION_LIST;
+    }
+    get description() {
+        return 'Lists API permissions for the current AAD app';
+    }
+    commandAction(logger, args, cb) {
+        this
+            .getServicePrincipal({ appId: this.appId }, logger, GetServicePrincipal.withPermissions)
+            .then(servicePrincipal => {
+            if (servicePrincipal) {
+                // service principal found, get permissions from the service principal
+                return this.getServicePrincipalPermissions(servicePrincipal, logger);
+            }
+            else {
+                // service principal not found, get permissions from app registration
+                return this.getAppRegPermissions(this.appId, logger);
+            }
+        })
+            .then(permissions => {
+            logger.log(permissions);
+            cb();
+        }, err => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    getServicePrincipal(servicePrincipalInfo, logger, mode) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving service principal ${(_a = servicePrincipalInfo.appId) !== null && _a !== void 0 ? _a : servicePrincipalInfo.id}`);
+            }
+            const lookupUrl = servicePrincipalInfo.appId ? `?$filter=appId eq '${servicePrincipalInfo.appId}'&` : `/${servicePrincipalInfo.id}?`;
+            const requestOptions = {
+                url: `${this.resource}/v1.0/servicePrincipals${lookupUrl}$select=appId,id,displayName`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none'
+                },
+                responseType: 'json'
+            };
+            const response = yield request_1.default.get(requestOptions);
+            if ((servicePrincipalInfo.id && !response) ||
+                (servicePrincipalInfo.appId && response.value.length === 0)) {
+                return undefined;
+            }
+            const servicePrincipal = servicePrincipalInfo.appId ?
+                response.value[0] :
+                response;
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving permissions for service principal ${servicePrincipal.id}...`);
+            }
+            const permissionsPromises = [];
+            switch (mode) {
+                case GetServicePrincipal.withPermissions:
+                    const appRoleAssignmentsRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoleAssignments`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    const oauth2PermissionGrantsRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionGrants`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    permissionsPromises.push(...[
+                        request_1.default.get(appRoleAssignmentsRequestOptions),
+                        request_1.default.get(oauth2PermissionGrantsRequestOptions)
+                    ]);
+                    break;
+                case GetServicePrincipal.withPermissionDefinitions:
+                    const oauth2PermissionScopesRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionScopes`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    const appRolesRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoles`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    permissionsPromises.push(...[
+                        request_1.default.get(oauth2PermissionScopesRequestOptions),
+                        request_1.default.get(appRolesRequestOptions)
+                    ]);
+                    break;
+            }
+            const permissions = yield Promise.all(permissionsPromises);
+            switch (mode) {
+                case GetServicePrincipal.withPermissions:
+                    servicePrincipal.appRoleAssignments = permissions[0].value;
+                    servicePrincipal.oauth2PermissionGrants = permissions[1].value;
+                    break;
+                case GetServicePrincipal.withPermissionDefinitions:
+                    servicePrincipal.oauth2PermissionScopes = permissions[0].value;
+                    servicePrincipal.appRoles = permissions[1].value;
+                    break;
+            }
+            return servicePrincipal;
+        });
+    }
+    getServicePrincipalPermissions(servicePrincipal, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Resolving permissions for the service principal...`);
+            }
+            const apiPermissions = [];
+            // hash table for resolving resource IDs to names
+            const resourceLookup = {};
+            // list of service principals for which to load permissions
+            const servicePrincipalsToResolve = [];
+            const appRoleAssignments = servicePrincipal.appRoleAssignments;
+            apiPermissions.push(...appRoleAssignments.map(appRoleAssignment => {
+                // store resource name for resolving OAuth2 grants
+                resourceLookup[appRoleAssignment.resourceId] = appRoleAssignment.resourceDisplayName;
+                // add to the list of service principals to load to get the app role
+                // display name
+                if (!servicePrincipalsToResolve.find(r => r.id === appRoleAssignment.resourceId)) {
+                    servicePrincipalsToResolve.push({ id: appRoleAssignment.resourceId });
+                }
+                return {
+                    resource: appRoleAssignment.resourceDisplayName,
+                    // we store the app role ID temporarily and will later resolve to display name
+                    permission: appRoleAssignment.appRoleId,
+                    type: 'Application'
+                };
+            }));
+            const oauth2Grants = servicePrincipal.oauth2PermissionGrants;
+            oauth2Grants.forEach(oauth2Grant => {
+                var _a;
+                // see if we can resolve the resource name from the resources
+                // retrieved from app role assignments
+                const resource = (_a = resourceLookup[oauth2Grant.resourceId]) !== null && _a !== void 0 ? _a : oauth2Grant.resourceId;
+                if (resource === oauth2Grant.resourceId &&
+                    !servicePrincipalsToResolve.find(r => r.id === oauth2Grant.resourceId)) {
+                    // resource name not found in the resources
+                    // add it to the list of resources to resolve
+                    servicePrincipalsToResolve.push({ id: oauth2Grant.resourceId });
+                }
+                const scopes = oauth2Grant.scope.split(' ');
+                scopes.forEach(scope => {
+                    apiPermissions.push({
+                        resource,
+                        permission: scope,
+                        type: 'Delegated'
+                    });
+                });
+            });
+            if (servicePrincipalsToResolve.length > 0) {
+                const servicePrincipals = yield Promise
+                    .all(servicePrincipalsToResolve
+                    .map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
+                servicePrincipals.forEach(servicePrincipal => {
+                    apiPermissions.forEach(apiPermission => {
+                        var _a, _b;
+                        if (apiPermission.resource === servicePrincipal.id) {
+                            apiPermission.resource = servicePrincipal.displayName;
+                        }
+                        if (apiPermission.resource === servicePrincipal.displayName &&
+                            apiPermission.type === 'Application') {
+                            apiPermission.permission = (_b = (_a = servicePrincipal.appRoles
+                                .find(appRole => appRole.id === apiPermission.permission)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : apiPermission.permission;
+                        }
+                    });
+                });
+            }
+            return apiPermissions;
+        });
+    }
+    getAppRegistration(appId, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving Azure AD application registration ${appId}`);
+            }
+            const options = {
+                appId: appId,
+                output: 'json',
+                debug: this.debug,
+                verbose: this.verbose
+            };
+            const output = yield cli_1.Cli.executeCommandWithOutput(appGetCommand, { options: Object.assign(Object.assign({}, options), { _: [] }) });
+            if (this.debug) {
+                logger.logToStderr(output.stderr);
+            }
+            return JSON.parse(output.stdout);
+        });
+    }
+    getAppRegPermissions(appId, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const application = yield this.getAppRegistration(appId, logger);
+            if (application.requiredResourceAccess.length === 0) {
+                return [];
+            }
+            const servicePrincipalsToResolve = application.requiredResourceAccess
+                .map(resourceAccess => {
+                return {
+                    appId: resourceAccess.resourceAppId
+                };
+            });
+            const servicePrincipals = yield Promise
+                .all(servicePrincipalsToResolve.map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
+            const apiPermissions = [];
+            application.requiredResourceAccess.forEach(requiredResourceAccess => {
+                var _a;
+                const servicePrincipal = servicePrincipals
+                    .find(servicePrincipal => (servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.appId) === requiredResourceAccess.resourceAppId);
+                const resourceName = (_a = servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.displayName) !== null && _a !== void 0 ? _a : requiredResourceAccess.resourceAppId;
+                requiredResourceAccess.resourceAccess.forEach(permission => {
+                    apiPermissions.push({
+                        resource: resourceName,
+                        permission: this.getPermissionName(permission.id, permission.type, servicePrincipal),
+                        type: permission.type === 'Role' ? 'Application' : 'Delegated'
+                    });
+                });
+            });
+            return apiPermissions;
+        });
+    }
+    getPermissionName(permissionId, permissionType, servicePrincipal) {
+        var _a, _b, _c, _d;
+        if (!servicePrincipal) {
+            return permissionId;
+        }
+        switch (permissionType) {
+            case 'Role':
+                return (_b = (_a = servicePrincipal.appRoles
+                    .find(appRole => appRole.id === permissionId)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : permissionId;
+            case 'Scope':
+                return (_d = (_c = servicePrincipal.oauth2PermissionScopes
+                    .find(permissionScope => permissionScope.id === permissionId)) === null || _c === void 0 ? void 0 : _c.value) !== null && _d !== void 0 ? _d : permissionId;
+        }
+        /* c8 ignore next 4 */
+        // permissionType is either 'Scope' or 'Role' but we need a safe default
+        // to avoid building errors. This code will never be reached.
+        return permissionId;
+    }
+}
+module.exports = new AppPermissionListCommand();
+//# sourceMappingURL=permission-list.js.map

package/dist/m365/app/commands.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const prefix = 'app';
+exports.default = {
+    PERMISSION_LIST: `${prefix} permission list`
+};
+//# sourceMappingURL=commands.js.map

package/dist/m365/base/AppCommand.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = require("fs");
+const cli_1 = require("../../cli");
+const Command_1 = require("../../Command");
+const Utils_1 = require("../../Utils");
+class AppCommand extends Command_1.default {
+    get resource() {
+        return 'https://graph.microsoft.com';
+    }
+    action(logger, args, cb) {
+        const m365rcJsonPath = '.m365rc.json';
+        if (!fs.existsSync(m365rcJsonPath)) {
+            return cb(new Command_1.CommandError(`Could not find file: ${m365rcJsonPath}`));
+        }
+        try {
+            const m365rcJsonContents = fs.readFileSync(m365rcJsonPath, 'utf8');
+            if (!m365rcJsonContents) {
+                return cb(new Command_1.CommandError(`File ${m365rcJsonPath} is empty`));
+            }
+            this.m365rcJson = JSON.parse(m365rcJsonContents);
+        }
+        catch (e) {
+            return cb(new Command_1.CommandError(`Could not parse file: ${m365rcJsonPath}`));
+        }
+        if (!this.m365rcJson.apps ||
+            this.m365rcJson.apps.length === 0) {
+            return cb(new Command_1.CommandError(`No Azure AD apps found in ${m365rcJsonPath}`));
+        }
+        if (args.options.appId) {
+            if (!this.m365rcJson.apps.some(app => app.appId === args.options.appId)) {
+                return cb(new Command_1.CommandError(`App ${args.options.appId} not found in ${m365rcJsonPath}`));
+            }
+            this.appId = args.options.appId;
+            return super.action(logger, args, cb);
+        }
+        if (this.m365rcJson.apps.length === 1) {
+            this.appId = this.m365rcJson.apps[0].appId;
+            return super.action(logger, args, cb);
+        }
+        if (this.m365rcJson.apps.length > 1) {
+            cli_1.Cli.prompt({
+                message: `Multiple Azure AD apps found in ${m365rcJsonPath}. Which app would you like to use?`,
+                type: 'list',
+                choices: this.m365rcJson.apps.map((app, i) => {
+                    return {
+                        name: `${app.name} (${app.appId})`,
+                        value: i
+                    };
+                }),
+                default: 0,
+                name: 'appIdIndex'
+            }, (result) => {
+                this.appId = this.m365rcJson.apps[result.appIdIndex].appId;
+                super.action(logger, args, cb);
+            });
+        }
+    }
+    options() {
+        const options = [
+            {
+                option: '--appId [appId]'
+            }
+        ];
+        const parentOptions = super.options();
+        return options.concat(parentOptions);
+    }
+    validate(args) {
+        if (args.options.appId && !Utils_1.default.isValidGuid(args.options.appId)) {
+            return `${args.options.appId} is not a valid GUID`;
+        }
+        return true;
+    }
+}
+exports.default = AppCommand;
+//# sourceMappingURL=AppCommand.js.map

package/dist/m365/pa/commands/app/app-list.js

@@ -12,8 +12,14 @@ class PaAppListCommand extends AzmgmtItemsListCommand_1.AzmgmtItemsListCommand {
     defaultProperties() {
         return ['name', 'displayName'];
     }
+    getTelemetryProperties(args) {
+        const telemetryProps = super.getTelemetryProperties(args);
+        telemetryProps.asAdmin = args.options.asAdmin === true;
+        telemetryProps.environment = typeof args.options.environment !== 'undefined';
+        return telemetryProps;
+    }
     commandAction(logger, args, cb) {
-        const url = `${this.resource}providers/Microsoft.PowerApps/apps?api-version=2017-08-01`;
+        const url = `${this.resource}providers/Microsoft.PowerApps${args.options.asAdmin ? '/scopes/admin' : ''}${args.options.environment ? '/environments/' + encodeURIComponent(args.options.environment) : ''}/apps?api-version=2017-08-01`;
         this
             .getAllItems(url, logger, true)
             .then(() => {
@@ -31,6 +37,27 @@ class PaAppListCommand extends AzmgmtItemsListCommand_1.AzmgmtItemsListCommand {
             cb();
         }, (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
     }
+    options() {
+        const options = [
+            {
+                option: '-e, --environment [environment]'
+            },
+            {
+                option: '--asAdmin'
+            }
+        ];
+        const parentOptions = super.options();
+        return options.concat(parentOptions);
+    }
+    validate(args) {
+        if (args.options.asAdmin && !args.options.environment) {
+            return 'When specifying the asAdmin option the environment option is required as well';
+        }
+        if (args.options.environment && !args.options.asAdmin) {
+            return 'When specifying the environment option the asAdmin option is required as well';
+        }
+        return true;
+    }
 }
 module.exports = new PaAppListCommand();
 //# sourceMappingURL=app-list.js.map

package/dist/request.js

@@ -16,7 +16,9 @@ class Request {
             decompress: true,
             responseType: 'text',
             /* c8 ignore next */
-            transformResponse: [data => data]
+            transformResponse: [data => data],
+            maxBodyLength: Infinity,
+            maxContentLength: Infinity
         });
         // since we're stubbing requests, request interceptor is never called in
         // tests, so let's exclude it from coverage
@@ -64,7 +66,7 @@ class Request {
             });
             // since we're stubbing requests, response interceptor is never called in
             // tests, so let's exclude it from coverage
-            /* c8 ignore next 22 */
+            /* c8 ignore next 26 */
             this.req.interceptors.response.use((response) => {
                 if (this._logger) {
                     this._logger.logToStderr('Response:');
@@ -73,19 +75,22 @@ class Request {
                         response.headers['content-type'].indexOf('json') > -1) {
                         properties.push('data');
                     }
-                    this._logger.logToStderr(JSON.stringify(Utils_1.default.filterObject(response, properties), null, 2));
+                    this._logger.logToStderr(JSON.stringify(Object.assign({ url: response.config.url }, Utils_1.default.filterObject(response, properties)), null, 2));
                 }
                 return response;
             }, (error) => {
                 if (this._logger) {
                     const properties = ['status', 'statusText', 'headers'];
                     this._logger.logToStderr('Request error:');
-                    this._logger.logToStderr(JSON.stringify(Object.assign(Object.assign({}, Utils_1.default.filterObject(error.response, properties)), { error: error.error }), null, 2));
+                    this._logger.logToStderr(JSON.stringify(Object.assign(Object.assign({ url: error.config.url }, Utils_1.default.filterObject(error.response, properties)), { error: error.error }), null, 2));
                 }
                 throw error;
             });
         }
     }
+    get logger() {
+        return this._logger;
+    }
     set logger(logger) {
         this._logger = logger;
     }

package/docs/docs/cmd/_global.md

@@ -5,10 +5,10 @@
 : JMESPath query string. See [http://jmespath.org/](http://jmespath.org/) for more information and examples
 
 `-o, --output [output]`
-: Output type. `json,text`. Default `text`
+: Output type. `json,text,csv`. Default `json`
 
 `--verbose`
 : Runs command with verbose logging
 
 `--debug`
-: Runs command with debug logging
+: Runs command with debug logging

package/docs/docs/cmd/aad/oauth2grant/oauth2grant-list.md

@@ -10,7 +10,7 @@ m365 aad oauth2grant list [options]
 
 ## Options
 
-`-i, --clientId <clientId>`
+`-i, --spObjectId <spObjectId>`
 : objectId of the service principal for which the configured OAuth2 permission grants should be retrieved
 
 --8<-- "docs/cmd/_global.md"
@@ -26,9 +26,10 @@ When using the text output type (default), the command lists only the values of
 List OAuth2 permissions granted to service principal with `objectId` _b2307a39-e878-458b-bc90-03bc578531d6_.
 
 ```sh
-m365 aad oauth2grant list --clientId b2307a39-e878-458b-bc90-03bc578531d6
+m365 aad oauth2grant list --spObjectId b2307a39-e878-458b-bc90-03bc578531d6
 ```
 
 ## More information
 
-- Application and service principal objects in Azure Active Directory (Azure AD): [https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects)
+- Application and service principal objects in Azure Active Directory (Azure AD): [https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects)
+- List oauth2PermissionGrants: [https://docs.microsoft.com/en-us/graph/api/oauth2permissiongrant-list?view=graph-rest-1.0](https://docs.microsoft.com/en-us/graph/api/oauth2permissiongrant-list?view=graph-rest-1.0)

package/docs/docs/cmd/aad/oauth2grant/oauth2grant-remove.md

@@ -13,6 +13,9 @@ m365 aad oauth2grant remove [options]
 `-i, --grantId <grantId>`
 : `objectId` of OAuth2 permission grant to remove
 
+`--confirm`
+: Do not prompt for confirmation before removing OAuth2 permission grant
+
 --8<-- "docs/cmd/_global.md"
 
 ## Remarks
@@ -33,6 +36,12 @@ Remove the OAuth2 permission grant with ID _YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXk
 m365 aad oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek
 ```
 
+Remove the OAuth2 permission grant with ID _YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek_ without being asked for confirmation
+
+```sh
+m365 aad oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek --confirm
+```
+
 ## More information
 
 - Application and service principal objects in Azure Active Directory (Azure AD): [https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects)

package/docs/docs/cmd/aad/sp/sp-get.md

@@ -47,4 +47,5 @@ m365 aad sp get --objectId b2307a39-e878-458b-bc90-03bc578531dd
 
 ## More information
 
-- Application and service principal objects in Azure Active Directory (Azure AD): [https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects)
+- Application and service principal objects in Azure Active Directory (Azure AD): [https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects)
+- Get servicePrincipal: [https://docs.microsoft.com/en-us/graph/api/serviceprincipal-get?view=graph-rest-1.0](https://docs.microsoft.com/en-us/graph/api/serviceprincipal-get?view=graph-rest-1.0)

package/docs/docs/cmd/app/permission/permission-list.md

@@ -0,0 +1,36 @@
+# app permission list
+
+Lists API permissions for the current AAD app
+
+## Usage
+
+```sh
+m365 app permission list [options]
+```
+
+## Options
+
+`--appId [appId]`
+: Client ID of the Azure AD app registered in the .m365rc.json file to retrieve API permissions for
+
+--8<-- "docs/cmd/_global.md"
+
+## Remarks
+
+Use this command to quickly look up API permissions for the Azure AD application registration registered in the .m365rc.json file in your current project (folder).
+
+If you have multiple apps registered in your .m365rc.json file, you can specify the app for which you'd like to retrieve permissions using the `--appId` option. If you don't specify the app using the `--appId` option, you'll be prompted to select one of the applications from your .m365rc.json file.
+
+## Examples
+
+Retrieve API permissions for your current Azure AD app
+
+```sh
+m365 app permission list
+```
+
+Retrieve API permissions for the Azure AD app with client ID _e23d235c-fcdf-45d1-ac5f-24ab2ee0695d_ specified in the _.m365rc.json_ file
+
+```sh
+m365 app permission list --appId e23d235c-fcdf-45d1-ac5f-24ab2ee0695d
+```

package/docs/docs/cmd/pa/app/app-list.md

@@ -10,6 +10,12 @@ pa app list [options]
 
 ## Options
 
+`-e, --environment [environment]`
+: The name of the environment for which to retrieve available apps
+
+`--asAdmin`
+: Set, to list all Power Apps as admin. Otherwise will return only your own apps
+
 --8<-- "docs/cmd/_global.md"
 
 ## Remarks
@@ -17,10 +23,20 @@ pa app list [options]
 !!! attention
     This command is based on an API that is currently in preview and is subject to change once the API reaches general availability.
 
+If the environment with the name you specified doesn't exist, you will get the `Access to the environment 'xyz' is denied.` error.
+
+By default, the `app list` command returns only your apps. To list all apps, use the `asAdmin` option and make sure to specify the `environment` option. You cannot specify only one of the options, when specifying the `environment` option the `asAdmin` option has to be present as well.
+
 ## Examples
 
-List all apps
+List all your apps
 
 ```sh
 m365 pa app list
 ```
+
+List all apps in a given environment
+
+```sh
+m365 pa app list --environment Default-d87a7535-dd31-4437-bfe1-95340acd55c5 --asAdmin
+```

package/docs/docs/cmd/spfx/project/project-externalize.md

@@ -20,7 +20,7 @@ m365 spfx project externalize [options]
 : JMESPath query string. See [http://jmespath.org/](http://jmespath.org/) for more information and examples
 
 `-o, --output [output]`
-: Output type. `json,text,md`. Default `text`
+: Output type. `json,text,csv,md`. Default `json`
 
 `--verbose`
 : Runs command with verbose logging

package/docs/docs/cmd/spfx/project/project-rename.md

@@ -23,7 +23,7 @@ m365 spfx project rename [options]
 : JMESPath query string. See [http://jmespath.org/](http://jmespath.org/) for more information and examples
 
 `-o, --output [output]`
-: Output type. `json,text,md`. Default `text`
+: Output type. `json,text,csv,md`. Default `json`
 
 `--verbose`
 : Runs command with verbose logging

package/docs/docs/cmd/spfx/spfx-doctor.md

@@ -20,7 +20,7 @@ m365 spfx doctor [options]
 : JMESPath query string. See [http://jmespath.org/](http://jmespath.org/) for more information and examples
 
 `-o, --output [output]`
-: Output type. `json,text,md`. Default `text`
+: Output type. `json,text,csv,md`. Default `json`
 
 `--verbose`
 : Runs command with verbose logging

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@pnp/cli-microsoft365",
-  "version": "4.3.0",
+  "version": "5.0.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "@pnp/cli-microsoft365",
-      "version": "4.3.0",
+      "version": "5.0.0",
       "license": "MIT",
       "dependencies": {
         "@azure/msal-node": "^1.4.0",
@@ -17,6 +17,7 @@
         "applicationinsights": "^2.2.0",
         "axios": "^0.24.0",
         "chalk": "^4.1.2",
+        "csv-stringify": "^6.0.4",
         "easy-table": "^1.2.0",
         "inquirer": "^8.2.0",
         "jmespath": "^0.15.0",
@@ -1785,6 +1786,11 @@
       "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz",
       "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg=="
     },
+    "node_modules/csv-stringify": {
+      "version": "6.0.4",
+      "resolved": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-6.0.4.tgz",
+      "integrity": "sha512-Z3EbRQWwkOV3Qc2fQnJmfjrxRgAwH9AncnNK2jmtTvBvFjj/hESZUGm42YvTh9kMw2OOGPHQn5Yt0EbqoRtUVQ=="
+    },
     "node_modules/d3-format": {
       "version": "1.4.5",
       "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-1.4.5.tgz",
@@ -7553,6 +7559,11 @@
         }
       }
     },
+    "csv-stringify": {
+      "version": "6.0.4",
+      "resolved": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-6.0.4.tgz",
+      "integrity": "sha512-Z3EbRQWwkOV3Qc2fQnJmfjrxRgAwH9AncnNK2jmtTvBvFjj/hESZUGm42YvTh9kMw2OOGPHQn5Yt0EbqoRtUVQ=="
+    },
     "d3-format": {
       "version": "1.4.5",
       "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-1.4.5.tgz",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnp/cli-microsoft365",
-  "version": "4.3.0-beta.c761547",
+  "version": "5.0.0-beta.117f66f",
   "description": "Manage Microsoft 365 and SharePoint Framework projects on any platform",
   "license": "MIT",
   "main": "./dist/index.js",
@@ -177,6 +177,7 @@
     "applicationinsights": "^2.2.0",
     "axios": "^0.24.0",
     "chalk": "^4.1.2",
+    "csv-stringify": "^6.0.4",
     "easy-table": "^1.2.0",
     "inquirer": "^8.2.0",
     "jmespath": "^0.15.0",