@pnp/cli-microsoft365 4.3.0-beta.fd397f5 → 5.0.0-beta.117f66f

package/README.md

@@ -179,7 +179,7 @@ m365 spo site get --url https://contoso.sharepoint.com --output text
 
 ## Build
 
-To build and run this CLI locally, you will need [`node`](https://nodejs.org) `>= 14.0.0` installed.
+To build and run this CLI locally, you will need [`node`](https://nodejs.org) `>= 16.0.0` installed.
 
 ```sh
 # Clone this repository

package/dist/appInsights.js

@@ -20,7 +20,8 @@ const env = process.env.CLIMICROSOFT365_ENV !== undefined ? process.env.CLIMICRO
 appInsights.defaultClient.commonProperties = {
     version: version,
     node: process.version,
-    env: env
+    env: env,
+    ci: Boolean(process.env.CI).toString()
 };
 appInsights.defaultClient.context.tags['ai.session.id'] = crypto.randomBytes(24).toString('base64');
 appInsights.defaultClient.context.tags['ai.cloud.roleInstance'] = crypto.createHash('sha256').update(appInsights.defaultClient.context.tags['ai.cloud.roleInstance']).digest('hex');

package/dist/cli/Cli.js

@@ -17,6 +17,7 @@ const path = require("path");
 const appInsights_1 = require("../appInsights");
 const Command_1 = require("../Command");
 const config_1 = require("../config");
+const request_1 = require("../request");
 const settingsNames_1 = require("../settingsNames");
 const Utils_1 = require("../Utils");
 const packageJSON = require('../../package.json');
@@ -204,16 +205,20 @@ class Cli {
                 }
             };
             if (args.options.debug) {
-                Cli.log(`Executing command ${command.name} with options ${JSON.stringify(args)}`);
+                logErr.push(`Executing command ${command.name} with options ${JSON.stringify(args)}`);
             }
             // store the current command name, if any and set the name to the name of
             // the command to execute
             const cli = Cli.getInstance();
             const parentCommandName = cli.currentCommandName;
             cli.currentCommandName = command.getCommandName();
+            // store the current logger if any
+            const currentLogger = request_1.default.logger;
             command.action(logger, args, (err) => {
                 // restore the original command name
                 cli.currentCommandName = parentCommandName;
+                // restore the original logger
+                request_1.default.logger = currentLogger;
                 if (err) {
                     return reject({
                         error: err,
@@ -416,11 +421,11 @@ class Cli {
         if (arrayType !== 'object') {
             return logStatement.join(os.EOL);
         }
-        // if output type has been set to 'text', process the retrieved
+        // if output type has been set to 'text' or 'csv', process the retrieved
         // data so that returned objects contain only default properties specified
         // on the current command. If there is no current command or the
         // command doesn't specify default properties, return original data
-        if (options.output === 'text') {
+        if (options.output === 'text' || options.output === 'csv') {
             const cli = Cli.getInstance();
             const currentCommand = cli.commandToExecute;
             if (arrayType === 'object' &&
@@ -440,6 +445,20 @@ class Cli {
                 }
             }
         }
+        if (options.output === 'csv') {
+            const { stringify } = require('csv-stringify/sync');
+            /*
+              https://csv.js.org/stringify/options/
+              header: Display the column names on the first line if the columns option is provided or discovered.
+              escape: Single character used for escaping; only apply to characters matching the quote and the escape options default to ".
+              quote: The quote characters surrounding a field, defaults to the " (double quotation marks), an empty quote value will preserve the original field, whether it contains quotation marks or not.
+              quoted: Boolean, default to false, quote all the non-empty fields even if not required.
+              quotedEmpty: Quote empty strings and overrides quoted_string on empty strings when defined; default is false.
+            */
+            return stringify(logStatement, {
+                header: true
+            });
+        }
         // display object as a list of key-value pairs
         if (logStatement.length === 1) {
             const obj = logStatement[0];

package/dist/m365/aad/commands/oauth2grant/oauth2grant-list.js

@@ -2,9 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const request_1 = require("../../../../request");
 const Utils_1 = require("../../../../Utils");
-const AadCommand_1 = require("../../../base/AadCommand");
+const GraphCommand_1 = require("../../../base/GraphCommand");
 const commands_1 = require("../../commands");
-class AadOAuth2GrantListCommand extends AadCommand_1.default {
+class AadOAuth2GrantListCommand extends GraphCommand_1.default {
     get name() {
         return commands_1.default.OAUTH2GRANT_LIST;
     }
@@ -19,9 +19,9 @@ class AadOAuth2GrantListCommand extends AadCommand_1.default {
             logger.logToStderr(`Retrieving list of OAuth grants for the service principal...`);
         }
         const requestOptions = {
-            url: `${this.resource}/myorganization/oauth2PermissionGrants?api-version=1.6&$filter=clientId eq '${encodeURIComponent(args.options.clientId)}'`,
+            url: `${this.resource}/v1.0/oauth2PermissionGrants?$filter=clientId eq '${encodeURIComponent(args.options.spObjectId)}'`,
             headers: {
-                accept: 'application/json;odata=nometadata'
+                accept: 'application/json;odata.metadata=none'
             },
             responseType: 'json'
         };
@@ -37,15 +37,15 @@ class AadOAuth2GrantListCommand extends AadCommand_1.default {
     options() {
         const options = [
             {
-                option: '-i, --clientId <clientId>'
+                option: '-i, --spObjectId <spObjectId>'
             }
         ];
         const parentOptions = super.options();
         return options.concat(parentOptions);
     }
     validate(args) {
-        if (!Utils_1.default.isValidGuid(args.options.clientId)) {
-            return `${args.options.clientId} is not a valid GUID`;
+        if (!Utils_1.default.isValidGuid(args.options.spObjectId)) {
+            return `${args.options.spObjectId} is not a valid GUID`;
         }
         return true;
     }

package/dist/m365/aad/commands/oauth2grant/oauth2grant-remove.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("../../../../cli");
 const request_1 = require("../../../../request");
 const GraphCommand_1 = require("../../../base/GraphCommand");
 const commands_1 = require("../../commands");
@@ -11,24 +12,47 @@ class AadOAuth2GrantRemoveCommand extends GraphCommand_1.default {
         return 'Remove specified service principal OAuth2 permissions';
     }
     commandAction(logger, args, cb) {
-        if (this.verbose) {
-            logger.logToStderr(`Removing OAuth2 permissions...`);
-        }
-        const requestOptions = {
-            url: `${this.resource}/v1.0/oauth2PermissionGrants/${encodeURIComponent(args.options.grantId)}`,
-            headers: {
-                'accept': 'application/json;odata.metadata=none'
-            },
-            responseType: 'json'
+        const removeOauth2Grant = () => {
+            if (this.verbose) {
+                logger.logToStderr(`Removing OAuth2 permissions...`);
+            }
+            const requestOptions = {
+                url: `${this.resource}/v1.0/oauth2PermissionGrants/${encodeURIComponent(args.options.grantId)}`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=none'
+                },
+                responseType: 'json'
+            };
+            request_1.default
+                .delete(requestOptions)
+                .then(_ => cb(), (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
         };
-        request_1.default
-            .delete(requestOptions)
-            .then(_ => cb(), (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
+        if (args.options.confirm) {
+            removeOauth2Grant();
+        }
+        else {
+            cli_1.Cli.prompt({
+                type: 'confirm',
+                name: 'continue',
+                default: false,
+                message: `Are you sure you want to remove the OAuth2 permissions for ${args.options.grantId}?`
+            }, (result) => {
+                if (!result.continue) {
+                    cb();
+                }
+                else {
+                    removeOauth2Grant();
+                }
+            });
+        }
     }
     options() {
         const options = [
             {
                 option: '-i, --grantId <grantId>'
+            },
+            {
+                option: '--confirm'
             }
         ];
         const parentOptions = super.options();

package/dist/m365/aad/commands/sp/sp-get.js

@@ -2,9 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const request_1 = require("../../../../request");
 const Utils_1 = require("../../../../Utils");
-const AadCommand_1 = require("../../../base/AadCommand");
+const GraphCommand_1 = require("../../../base/GraphCommand");
 const commands_1 = require("../../commands");
-class AadSpGetCommand extends AadCommand_1.default {
+class AadSpGetCommand extends GraphCommand_1.default {
     get name() {
         return commands_1.default.SP_GET;
     }
@@ -18,35 +18,58 @@ class AadSpGetCommand extends AadCommand_1.default {
         telemetryProps.objectId = (!(!args.options.objectId)).toString();
         return telemetryProps;
     }
-    commandAction(logger, args, cb) {
-        if (this.verbose) {
-            logger.logToStderr(`Retrieving service principal information...`);
+    getSpId(args) {
+        if (args.options.objectId) {
+            return Promise.resolve(args.options.objectId);
         }
         let spMatchQuery = '';
-        if (args.options.appId) {
-            spMatchQuery = `appId eq '${encodeURIComponent(args.options.appId)}'`;
-        }
-        else if (args.options.objectId) {
-            spMatchQuery = `objectId eq '${encodeURIComponent(args.options.objectId)}'`;
-        }
-        else {
+        if (args.options.displayName) {
             spMatchQuery = `displayName eq '${encodeURIComponent(args.options.displayName)}'`;
         }
-        const requestOptions = {
-            url: `${this.resource}/myorganization/servicePrincipals?api-version=1.6&$filter=${spMatchQuery}`,
+        else if (args.options.appId) {
+            spMatchQuery = `appId eq '${encodeURIComponent(args.options.appId)}'`;
+        }
+        const idRequestOptions = {
+            url: `${this.resource}/v1.0/servicePrincipals?$filter=${spMatchQuery}`,
             headers: {
-                accept: 'application/json;odata=nometadata'
+                accept: 'application/json;odata.metadata=none'
             },
             responseType: 'json'
         };
-        request_1.default
-            .get(requestOptions)
-            .then((res) => {
-            if (res.value && res.value.length > 0) {
-                logger.log(res.value[0]);
+        return request_1.default
+            .get(idRequestOptions)
+            .then(response => {
+            const spItem = response.value[0];
+            if (!spItem) {
+                return Promise.reject(`The specified Azure AD app does not exist`);
+            }
+            if (response.value.length > 1) {
+                return Promise.reject(`Multiple Azure AD apps with name ${args.options.displayName} found: ${response.value.map(x => x.id)}`);
             }
+            return Promise.resolve(spItem.id);
+        });
+    }
+    commandAction(logger, args, cb) {
+        if (this.verbose) {
+            logger.logToStderr(`Retrieving service principal information...`);
+        }
+        this
+            .getSpId(args)
+            .then((id) => {
+            const requestOptions = {
+                url: `${this.resource}/v1.0/servicePrincipals/${id}`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none',
+                    'content-type': 'application/json;odata.metadata=none'
+                },
+                responseType: 'json'
+            };
+            return request_1.default.get(requestOptions);
+        })
+            .then((res) => {
+            logger.log(res);
             cb();
-        }, (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
+        }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
     }
     options() {
         const options = [

package/dist/m365/aad/commands/user/user-password-validate.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_1 = require("../../../../request");
+const GraphCommand_1 = require("../../../base/GraphCommand");
+const commands_1 = require("../../commands");
+class AadUserPasswordValidateCommand extends GraphCommand_1.default {
+    get name() {
+        return commands_1.default.USER_PASSWORD_VALIDATE;
+    }
+    get description() {
+        return "Check a user's password against the organization's password validation policy";
+    }
+    commandAction(logger, args, cb) {
+        const requestOptions = {
+            url: `${this.resource}/beta/users/validatePassword`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            data: {
+                password: args.options.password
+            },
+            responseType: 'json'
+        };
+        request_1.default
+            .post(requestOptions)
+            .then((res) => {
+            logger.log(res);
+            cb();
+        }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    options() {
+        const options = [
+            {
+                option: '-p, --password <password>'
+            }
+        ];
+        const parentOptions = super.options();
+        return options.concat(parentOptions);
+    }
+}
+module.exports = new AadUserPasswordValidateCommand();
+//# sourceMappingURL=user-password-validate.js.map

package/dist/m365/aad/commands.js

@@ -51,6 +51,7 @@ exports.default = {
     SP_GET: `${prefix} sp get`,
     USER_GET: `${prefix} user get`,
     USER_LIST: `${prefix} user list`,
+    USER_PASSWORD_VALIDATE: `${prefix} user password validate`,
     USER_SET: `${prefix} user set`
 };
 //# sourceMappingURL=commands.js.map

package/dist/m365/app/commands/permission/permission-list.js

@@ -0,0 +1,266 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("../../../../cli");
+const request_1 = require("../../../../request");
+const appGetCommand = require("../../../aad/commands/app/app-get");
+const AppCommand_1 = require("../../../base/AppCommand");
+const commands_1 = require("../../commands");
+var GetServicePrincipal;
+(function (GetServicePrincipal) {
+    GetServicePrincipal[GetServicePrincipal["withPermissions"] = 0] = "withPermissions";
+    GetServicePrincipal[GetServicePrincipal["withPermissionDefinitions"] = 1] = "withPermissionDefinitions";
+})(GetServicePrincipal || (GetServicePrincipal = {}));
+class AppPermissionListCommand extends AppCommand_1.default {
+    get name() {
+        return commands_1.default.PERMISSION_LIST;
+    }
+    get description() {
+        return 'Lists API permissions for the current AAD app';
+    }
+    commandAction(logger, args, cb) {
+        this
+            .getServicePrincipal({ appId: this.appId }, logger, GetServicePrincipal.withPermissions)
+            .then(servicePrincipal => {
+            if (servicePrincipal) {
+                // service principal found, get permissions from the service principal
+                return this.getServicePrincipalPermissions(servicePrincipal, logger);
+            }
+            else {
+                // service principal not found, get permissions from app registration
+                return this.getAppRegPermissions(this.appId, logger);
+            }
+        })
+            .then(permissions => {
+            logger.log(permissions);
+            cb();
+        }, err => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    getServicePrincipal(servicePrincipalInfo, logger, mode) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving service principal ${(_a = servicePrincipalInfo.appId) !== null && _a !== void 0 ? _a : servicePrincipalInfo.id}`);
+            }
+            const lookupUrl = servicePrincipalInfo.appId ? `?$filter=appId eq '${servicePrincipalInfo.appId}'&` : `/${servicePrincipalInfo.id}?`;
+            const requestOptions = {
+                url: `${this.resource}/v1.0/servicePrincipals${lookupUrl}$select=appId,id,displayName`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none'
+                },
+                responseType: 'json'
+            };
+            const response = yield request_1.default.get(requestOptions);
+            if ((servicePrincipalInfo.id && !response) ||
+                (servicePrincipalInfo.appId && response.value.length === 0)) {
+                return undefined;
+            }
+            const servicePrincipal = servicePrincipalInfo.appId ?
+                response.value[0] :
+                response;
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving permissions for service principal ${servicePrincipal.id}...`);
+            }
+            const permissionsPromises = [];
+            switch (mode) {
+                case GetServicePrincipal.withPermissions:
+                    const appRoleAssignmentsRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoleAssignments`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    const oauth2PermissionGrantsRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionGrants`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    permissionsPromises.push(...[
+                        request_1.default.get(appRoleAssignmentsRequestOptions),
+                        request_1.default.get(oauth2PermissionGrantsRequestOptions)
+                    ]);
+                    break;
+                case GetServicePrincipal.withPermissionDefinitions:
+                    const oauth2PermissionScopesRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionScopes`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    const appRolesRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoles`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    permissionsPromises.push(...[
+                        request_1.default.get(oauth2PermissionScopesRequestOptions),
+                        request_1.default.get(appRolesRequestOptions)
+                    ]);
+                    break;
+            }
+            const permissions = yield Promise.all(permissionsPromises);
+            switch (mode) {
+                case GetServicePrincipal.withPermissions:
+                    servicePrincipal.appRoleAssignments = permissions[0].value;
+                    servicePrincipal.oauth2PermissionGrants = permissions[1].value;
+                    break;
+                case GetServicePrincipal.withPermissionDefinitions:
+                    servicePrincipal.oauth2PermissionScopes = permissions[0].value;
+                    servicePrincipal.appRoles = permissions[1].value;
+                    break;
+            }
+            return servicePrincipal;
+        });
+    }
+    getServicePrincipalPermissions(servicePrincipal, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Resolving permissions for the service principal...`);
+            }
+            const apiPermissions = [];
+            // hash table for resolving resource IDs to names
+            const resourceLookup = {};
+            // list of service principals for which to load permissions
+            const servicePrincipalsToResolve = [];
+            const appRoleAssignments = servicePrincipal.appRoleAssignments;
+            apiPermissions.push(...appRoleAssignments.map(appRoleAssignment => {
+                // store resource name for resolving OAuth2 grants
+                resourceLookup[appRoleAssignment.resourceId] = appRoleAssignment.resourceDisplayName;
+                // add to the list of service principals to load to get the app role
+                // display name
+                if (!servicePrincipalsToResolve.find(r => r.id === appRoleAssignment.resourceId)) {
+                    servicePrincipalsToResolve.push({ id: appRoleAssignment.resourceId });
+                }
+                return {
+                    resource: appRoleAssignment.resourceDisplayName,
+                    // we store the app role ID temporarily and will later resolve to display name
+                    permission: appRoleAssignment.appRoleId,
+                    type: 'Application'
+                };
+            }));
+            const oauth2Grants = servicePrincipal.oauth2PermissionGrants;
+            oauth2Grants.forEach(oauth2Grant => {
+                var _a;
+                // see if we can resolve the resource name from the resources
+                // retrieved from app role assignments
+                const resource = (_a = resourceLookup[oauth2Grant.resourceId]) !== null && _a !== void 0 ? _a : oauth2Grant.resourceId;
+                if (resource === oauth2Grant.resourceId &&
+                    !servicePrincipalsToResolve.find(r => r.id === oauth2Grant.resourceId)) {
+                    // resource name not found in the resources
+                    // add it to the list of resources to resolve
+                    servicePrincipalsToResolve.push({ id: oauth2Grant.resourceId });
+                }
+                const scopes = oauth2Grant.scope.split(' ');
+                scopes.forEach(scope => {
+                    apiPermissions.push({
+                        resource,
+                        permission: scope,
+                        type: 'Delegated'
+                    });
+                });
+            });
+            if (servicePrincipalsToResolve.length > 0) {
+                const servicePrincipals = yield Promise
+                    .all(servicePrincipalsToResolve
+                    .map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
+                servicePrincipals.forEach(servicePrincipal => {
+                    apiPermissions.forEach(apiPermission => {
+                        var _a, _b;
+                        if (apiPermission.resource === servicePrincipal.id) {
+                            apiPermission.resource = servicePrincipal.displayName;
+                        }
+                        if (apiPermission.resource === servicePrincipal.displayName &&
+                            apiPermission.type === 'Application') {
+                            apiPermission.permission = (_b = (_a = servicePrincipal.appRoles
+                                .find(appRole => appRole.id === apiPermission.permission)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : apiPermission.permission;
+                        }
+                    });
+                });
+            }
+            return apiPermissions;
+        });
+    }
+    getAppRegistration(appId, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving Azure AD application registration ${appId}`);
+            }
+            const options = {
+                appId: appId,
+                output: 'json',
+                debug: this.debug,
+                verbose: this.verbose
+            };
+            const output = yield cli_1.Cli.executeCommandWithOutput(appGetCommand, { options: Object.assign(Object.assign({}, options), { _: [] }) });
+            if (this.debug) {
+                logger.logToStderr(output.stderr);
+            }
+            return JSON.parse(output.stdout);
+        });
+    }
+    getAppRegPermissions(appId, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const application = yield this.getAppRegistration(appId, logger);
+            if (application.requiredResourceAccess.length === 0) {
+                return [];
+            }
+            const servicePrincipalsToResolve = application.requiredResourceAccess
+                .map(resourceAccess => {
+                return {
+                    appId: resourceAccess.resourceAppId
+                };
+            });
+            const servicePrincipals = yield Promise
+                .all(servicePrincipalsToResolve.map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
+            const apiPermissions = [];
+            application.requiredResourceAccess.forEach(requiredResourceAccess => {
+                var _a;
+                const servicePrincipal = servicePrincipals
+                    .find(servicePrincipal => (servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.appId) === requiredResourceAccess.resourceAppId);
+                const resourceName = (_a = servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.displayName) !== null && _a !== void 0 ? _a : requiredResourceAccess.resourceAppId;
+                requiredResourceAccess.resourceAccess.forEach(permission => {
+                    apiPermissions.push({
+                        resource: resourceName,
+                        permission: this.getPermissionName(permission.id, permission.type, servicePrincipal),
+                        type: permission.type === 'Role' ? 'Application' : 'Delegated'
+                    });
+                });
+            });
+            return apiPermissions;
+        });
+    }
+    getPermissionName(permissionId, permissionType, servicePrincipal) {
+        var _a, _b, _c, _d;
+        if (!servicePrincipal) {
+            return permissionId;
+        }
+        switch (permissionType) {
+            case 'Role':
+                return (_b = (_a = servicePrincipal.appRoles
+                    .find(appRole => appRole.id === permissionId)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : permissionId;
+            case 'Scope':
+                return (_d = (_c = servicePrincipal.oauth2PermissionScopes
+                    .find(permissionScope => permissionScope.id === permissionId)) === null || _c === void 0 ? void 0 : _c.value) !== null && _d !== void 0 ? _d : permissionId;
+        }
+        /* c8 ignore next 4 */
+        // permissionType is either 'Scope' or 'Role' but we need a safe default
+        // to avoid building errors. This code will never be reached.
+        return permissionId;
+    }
+}
+module.exports = new AppPermissionListCommand();
+//# sourceMappingURL=permission-list.js.map

package/dist/m365/app/commands.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const prefix = 'app';
+exports.default = {
+    PERMISSION_LIST: `${prefix} permission list`
+};
+//# sourceMappingURL=commands.js.map