@pnp/cli-microsoft365 7.3.0-beta.6062919 → 7.3.0-beta.66401a3

package/dist/Auth.js

@@ -570,6 +570,9 @@ export class Auth {
             resource.endsWith('.api.bap.microsoft.com')) {
             resource = 'https://service.powerapps.com/';
         }
+        if (resource === 'https://api.flow.microsoft.com') {
+            resource = 'https://management.azure.com/';
+        }
         if (resource === 'https://api.powerbi.com') {
             // api.powerbi.com is not a valid resource
             // we need to use https://analysis.windows.net/powerbi/api instead

package/dist/m365/aad/commands/administrativeunit/administrativeunit-member-add.js

@@ -0,0 +1,137 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _AadAdministrativeUnitMemberAddCommand_instances, _AadAdministrativeUnitMemberAddCommand_initTelemetry, _AadAdministrativeUnitMemberAddCommand_initOptions, _AadAdministrativeUnitMemberAddCommand_initValidators, _AadAdministrativeUnitMemberAddCommand_initOptionSets;
+import { aadAdministrativeUnit } from "../../../../utils/aadAdministrativeUnit.js";
+import { aadGroup } from "../../../../utils/aadGroup.js";
+import { aadUser } from "../../../../utils/aadUser.js";
+import { validation } from "../../../../utils/validation.js";
+import GraphCommand from "../../../base/GraphCommand.js";
+import commands from "../../commands.js";
+import request from "../../../../request.js";
+import { aadDevice } from "../../../../utils/aadDevice.js";
+class AadAdministrativeUnitMemberAddCommand extends GraphCommand {
+    get name() {
+        return commands.ADMINISTRATIVEUNIT_MEMBER_ADD;
+    }
+    get description() {
+        return 'Adds a member (user, group, device) to an administrative unit';
+    }
+    constructor() {
+        super();
+        _AadAdministrativeUnitMemberAddCommand_instances.add(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        let administrativeUnitId = args.options.administrativeUnitId;
+        let memberType;
+        let memberId;
+        try {
+            if (args.options.administrativeUnitName) {
+                if (this.verbose) {
+                    await logger.logToStderr(`Retrieving Administrative Unit Id...`);
+                }
+                administrativeUnitId = (await aadAdministrativeUnit.getAdministrativeUnitByDisplayName(args.options.administrativeUnitName)).id;
+            }
+            if (args.options.userId || args.options.userName) {
+                memberType = 'users';
+                memberId = args.options.userId;
+                if (args.options.userName) {
+                    if (this.verbose) {
+                        await logger.logToStderr(`Retrieving User Id...`);
+                    }
+                    memberId = await aadUser.getUserIdByUpn(args.options.userName);
+                }
+            }
+            else if (args.options.groupId || args.options.groupName) {
+                memberType = 'groups';
+                memberId = args.options.groupId;
+                if (args.options.groupName) {
+                    if (this.verbose) {
+                        await logger.logToStderr(`Retrieving Group Id...`);
+                    }
+                    memberId = await aadGroup.getGroupIdByDisplayName(args.options.groupName);
+                }
+            }
+            else if (args.options.deviceId || args.options.deviceName) {
+                memberType = 'devices';
+                memberId = args.options.deviceId;
+                if (args.options.deviceName) {
+                    if (this.verbose) {
+                        await logger.logToStderr(`Device with name ${args.options.deviceName} retrieved, returned id: ${memberId}`);
+                    }
+                    memberId = (await aadDevice.getDeviceByDisplayName(args.options.deviceName)).id;
+                }
+            }
+            const requestOptions = {
+                url: `${this.resource}/v1.0/directory/administrativeUnits/${administrativeUnitId}/members/$ref`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=none'
+                },
+                data: {
+                    "@odata.id": `https://graph.microsoft.com/v1.0/${memberType}/${memberId}`
+                }
+            };
+            await request.post(requestOptions);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+}
+_AadAdministrativeUnitMemberAddCommand_instances = new WeakSet(), _AadAdministrativeUnitMemberAddCommand_initTelemetry = function _AadAdministrativeUnitMemberAddCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            userId: typeof args.options.userId !== 'undefined',
+            userName: typeof args.options.userName !== 'undefined',
+            groupId: typeof args.options.groupId !== 'undefined',
+            groupName: typeof args.options.groupName !== 'undefined',
+            deviceId: typeof args.options.deviceId !== 'undefined',
+            deviceName: typeof args.options.deviceName !== 'undefined'
+        });
+    });
+}, _AadAdministrativeUnitMemberAddCommand_initOptions = function _AadAdministrativeUnitMemberAddCommand_initOptions() {
+    this.options.unshift({
+        option: '-i, --administrativeUnitId [administrativeUnitId]'
+    }, {
+        option: '-n, --administrativeUnitName [administrativeUnitName]'
+    }, {
+        option: "--userId [userId]"
+    }, {
+        option: "--userName [userName]"
+    }, {
+        option: "--groupId [groupId]"
+    }, {
+        option: "--groupName [groupName]"
+    }, {
+        option: "--deviceId [deviceId]"
+    }, {
+        option: "--deviceName [deviceName]"
+    });
+}, _AadAdministrativeUnitMemberAddCommand_initValidators = function _AadAdministrativeUnitMemberAddCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
+            return `${args.options.administrativeUnitId} is not a valid GUID`;
+        }
+        if (args.options.userId && !validation.isValidGuid(args.options.userId)) {
+            return `${args.options.userId} is not a valid GUID`;
+        }
+        if (args.options.groupId && !validation.isValidGuid(args.options.groupId)) {
+            return `${args.options.groupId} is not a valid GUID`;
+        }
+        if (args.options.deviceId && !validation.isValidGuid(args.options.deviceId)) {
+            return `${args.options.deviceId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _AadAdministrativeUnitMemberAddCommand_initOptionSets = function _AadAdministrativeUnitMemberAddCommand_initOptionSets() {
+    this.optionSets.push({ options: ['administrativeUnitId', 'administrativeUnitName'] });
+    this.optionSets.push({ options: ['userId', 'userName', 'groupId', 'groupName', 'deviceId', 'deviceName'] });
+};
+export default new AadAdministrativeUnitMemberAddCommand();
+//# sourceMappingURL=administrativeunit-member-add.js.map

package/dist/m365/aad/commands/administrativeunit/administrativeunit-member-get.js

@@ -0,0 +1,112 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _AadAdministrativeUnitMemberGetCommand_instances, _AadAdministrativeUnitMemberGetCommand_initTelemetry, _AadAdministrativeUnitMemberGetCommand_initOptions, _AadAdministrativeUnitMemberGetCommand_initValidators, _AadAdministrativeUnitMemberGetCommand_initOptionSets;
+import GraphCommand from '../../../base/GraphCommand.js';
+import commands from '../../commands.js';
+import { validation } from '../../../../utils/validation.js';
+import { aadAdministrativeUnit } from '../../../../utils/aadAdministrativeUnit.js';
+import request from '../../../../request.js';
+class AadAdministrativeUnitMemberGetCommand extends GraphCommand {
+    get name() {
+        return commands.ADMINISTRATIVEUNIT_MEMBER_GET;
+    }
+    get description() {
+        return 'Retrieve a specific member (user, group, or device) of an administrative unit';
+    }
+    constructor() {
+        super();
+        _AadAdministrativeUnitMemberGetCommand_instances.add(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        let administrativeUnitId = args.options.administrativeUnitId;
+        try {
+            if (args.options.administrativeUnitName) {
+                if (this.verbose) {
+                    await logger.logToStderr(`Retrieving Administrative Unit Id...`);
+                }
+                administrativeUnitId = (await aadAdministrativeUnit.getAdministrativeUnitByDisplayName(args.options.administrativeUnitName)).id;
+            }
+            const url = this.getRequestUrl(administrativeUnitId, args.options.id, args.options);
+            const requestOptions = {
+                url: url,
+                headers: {
+                    accept: 'application/json;odata.metadata=minimal'
+                },
+                responseType: 'json'
+            };
+            const result = await request.get(requestOptions);
+            const odataType = result['@odata.type'];
+            if (odataType) {
+                result.type = odataType.replace('#microsoft.graph.', '');
+            }
+            delete result['@odata.type'];
+            delete result['@odata.context'];
+            await logger.log(result);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    getRequestUrl(administrativeUnitId, memberId, options) {
+        const queryParameters = [];
+        if (options.properties) {
+            const allProperties = options.properties.split(',');
+            const selectProperties = allProperties.filter(prop => !prop.includes('/'));
+            const expandProperties = allProperties.filter(prop => prop.includes('/'));
+            if (selectProperties.length > 0) {
+                queryParameters.push(`$select=${selectProperties}`);
+            }
+            if (expandProperties.length > 0) {
+                const fieldExpands = expandProperties.map(p => {
+                    const properties = p.split('/');
+                    return `${properties[0]}($select=${properties[1]})`;
+                });
+                queryParameters.push(`$expand=${fieldExpands.join(',')}`);
+            }
+        }
+        const queryString = queryParameters.length > 0
+            ? `?${queryParameters.join('&')}`
+            : '';
+        return `${this.resource}/v1.0/directory/administrativeUnits/${administrativeUnitId}/members/${memberId}${queryString}`;
+    }
+}
+_AadAdministrativeUnitMemberGetCommand_instances = new WeakSet(), _AadAdministrativeUnitMemberGetCommand_initTelemetry = function _AadAdministrativeUnitMemberGetCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            administrativeUnitId: typeof args.options.administrativeUnitId !== 'undefined',
+            administrativeUnitName: typeof args.options.administrativeUnitName !== 'undefined',
+            properties: typeof args.options.properties !== 'undefined'
+        });
+    });
+}, _AadAdministrativeUnitMemberGetCommand_initOptions = function _AadAdministrativeUnitMemberGetCommand_initOptions() {
+    this.options.unshift({
+        option: '-i, --id <id>'
+    }, {
+        option: '-u, --administrativeUnitId [administrativeUnitId]'
+    }, {
+        option: '-n, --administrativeUnitName [administrativeUnitName]'
+    }, {
+        option: '-p, --properties [properties]'
+    });
+}, _AadAdministrativeUnitMemberGetCommand_initValidators = function _AadAdministrativeUnitMemberGetCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.id && !validation.isValidGuid(args.options.id)) {
+            return `${args.options.id} is not a valid GUID`;
+        }
+        if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
+            return `${args.options.administrativeUnitId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _AadAdministrativeUnitMemberGetCommand_initOptionSets = function _AadAdministrativeUnitMemberGetCommand_initOptionSets() {
+    this.optionSets.push({ options: ['administrativeUnitId', 'administrativeUnitName'] });
+};
+export default new AadAdministrativeUnitMemberGetCommand();
+//# sourceMappingURL=administrativeunit-member-get.js.map

package/dist/m365/aad/commands/administrativeunit/administrativeunit-member-list.js

@@ -0,0 +1,138 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _AadAdministrativeUnitMemberListCommand_instances, _AadAdministrativeUnitMemberListCommand_initTelemetry, _AadAdministrativeUnitMemberListCommand_initOptions, _AadAdministrativeUnitMemberListCommand_initValidators, _AadAdministrativeUnitMemberListCommand_initOptionSets;
+import { odata } from '../../../../utils/odata.js';
+import GraphCommand from '../../../base/GraphCommand.js';
+import commands from '../../commands.js';
+import { aadAdministrativeUnit } from '../../../../utils/aadAdministrativeUnit.js';
+import { validation } from '../../../../utils/validation.js';
+class AadAdministrativeUnitMemberListCommand extends GraphCommand {
+    get name() {
+        return commands.ADMINISTRATIVEUNIT_MEMBER_LIST;
+    }
+    get description() {
+        return 'Retrieves members (users, groups, or devices) of an administrative unit.';
+    }
+    defaultProperties() {
+        return ['id', 'displayName'];
+    }
+    constructor() {
+        super();
+        _AadAdministrativeUnitMemberListCommand_instances.add(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberListCommand_instances, "m", _AadAdministrativeUnitMemberListCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberListCommand_instances, "m", _AadAdministrativeUnitMemberListCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberListCommand_instances, "m", _AadAdministrativeUnitMemberListCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _AadAdministrativeUnitMemberListCommand_instances, "m", _AadAdministrativeUnitMemberListCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        let administrativeUnitId = args.options.administrativeUnitId;
+        try {
+            if (args.options.administrativeUnitName) {
+                administrativeUnitId = (await aadAdministrativeUnit.getAdministrativeUnitByDisplayName(args.options.administrativeUnitName)).id;
+            }
+            let results;
+            const endpoint = this.getRequestUrl(administrativeUnitId, args.options);
+            if (args.options.type) {
+                if (args.options.filter) {
+                    // While using the filter, we need to specify the ConsistencyLevel header.
+                    // Can be refactored when the header is no longer necessary.
+                    const requestOptions = {
+                        url: endpoint,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none',
+                            ConsistencyLevel: 'eventual'
+                        },
+                        responseType: 'json'
+                    };
+                    results = await odata.getAllItems(requestOptions);
+                }
+                else {
+                    results = await odata.getAllItems(endpoint);
+                }
+            }
+            else {
+                results = await odata.getAllItems(endpoint, 'minimal');
+                results.forEach(c => {
+                    const odataType = c['@odata.type'];
+                    if (odataType) {
+                        c.type = odataType.replace('#microsoft.graph.', '');
+                    }
+                    delete c['@odata.type'];
+                });
+            }
+            await logger.log(results);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    getRequestUrl(administrativeUnitId, options) {
+        const queryParameters = [];
+        if (options.properties) {
+            const allProperties = options.properties.split(',');
+            const selectProperties = allProperties.filter(prop => !prop.includes('/'));
+            const expandProperties = allProperties.filter(prop => prop.includes('/'));
+            if (selectProperties.length > 0) {
+                queryParameters.push(`$select=${selectProperties}`);
+            }
+            if (expandProperties.length > 0) {
+                const fieldExpands = expandProperties.map(p => `${p.split('/')[0]}($select=${p.split('/')[1]})`);
+                queryParameters.push(`$expand=${fieldExpands.join(',')}`);
+            }
+        }
+        if (options.filter) {
+            queryParameters.push(`$filter=${options.filter}`);
+            queryParameters.push('$count=true');
+        }
+        const queryString = queryParameters.length > 0
+            ? `?${queryParameters.join('&')}`
+            : '';
+        return options.type
+            ? `${this.resource}/v1.0/directory/administrativeUnits/${administrativeUnitId}/members/microsoft.graph.${options.type}${queryString}`
+            : `${this.resource}/v1.0/directory/administrativeUnits/${administrativeUnitId}/members${queryString}`;
+    }
+}
+_AadAdministrativeUnitMemberListCommand_instances = new WeakSet(), _AadAdministrativeUnitMemberListCommand_initTelemetry = function _AadAdministrativeUnitMemberListCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            type: typeof args.options.type !== 'undefined',
+            properties: typeof args.options.properties !== 'undefined',
+            filter: typeof args.options.filter !== 'undefined'
+        });
+    });
+}, _AadAdministrativeUnitMemberListCommand_initOptions = function _AadAdministrativeUnitMemberListCommand_initOptions() {
+    this.options.unshift({
+        option: '-i, --administrativeUnitId [administrativeUnitId]'
+    }, {
+        option: '-n, --administrativeUnitName [administrativeUnitName]'
+    }, {
+        option: '-t, --type [type]',
+        autocomplete: ['user', 'group', 'device']
+    }, {
+        option: '-p, --properties [properties]'
+    }, {
+        option: '-f, --filter [filter]'
+    });
+}, _AadAdministrativeUnitMemberListCommand_initValidators = function _AadAdministrativeUnitMemberListCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
+            return `${args.options.administrativeUnitId} is not a valid GUID`;
+        }
+        if (args.options.type) {
+            if (['user', 'group', 'device'].every(type => type !== args.options.type)) {
+                return `${args.options.type} is not a valid type value. Allowed values user|group|device`;
+            }
+        }
+        if (args.options.filter && !args.options.type) {
+            return 'Filter can be specified only if type is set';
+        }
+        return true;
+    });
+}, _AadAdministrativeUnitMemberListCommand_initOptionSets = function _AadAdministrativeUnitMemberListCommand_initOptionSets() {
+    this.optionSets.push({ options: ['administrativeUnitId', 'administrativeUnitName'] });
+};
+export default new AadAdministrativeUnitMemberListCommand();
+//# sourceMappingURL=administrativeunit-member-list.js.map

package/dist/m365/aad/commands/app/app-permission-add.js

@@ -0,0 +1,237 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _AadAppPermissionAddCommand_instances, _AadAppPermissionAddCommand_initTelemetry, _AadAppPermissionAddCommand_initOptions, _AadAppPermissionAddCommand_initValidators, _AadAppPermissionAddCommand_initOptionSets;
+import { odata } from "../../../../utils/odata.js";
+import GraphCommand from "../../../base/GraphCommand.js";
+import commands from "../../commands.js";
+import request from "../../../../request.js";
+import { validation } from "../../../../utils/validation.js";
+var ScopeType;
+(function (ScopeType) {
+    ScopeType["Role"] = "Role";
+    ScopeType["Scope"] = "Scope";
+})(ScopeType || (ScopeType = {}));
+class AadAppPermissionAddCommand extends GraphCommand {
+    get name() {
+        return commands.APP_PERMISSION_ADD;
+    }
+    get description() {
+        return 'Adds the specified application and/or delegated permissions to a specified Entra ID (Azure AD) app';
+    }
+    constructor() {
+        super();
+        _AadAppPermissionAddCommand_instances.add(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        try {
+            const appObject = await this.getAppObject(args.options);
+            const servicePrincipals = await this.getServicePrincipals();
+            const appPermissions = [];
+            if (args.options.delegatedPermissions) {
+                const delegatedPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.delegatedPermissions, ScopeType.Scope, appPermissions, logger);
+                this.addPermissionsToResourceArray(delegatedPermissions, appObject.requiredResourceAccess);
+            }
+            if (args.options.applicationPermissions) {
+                const applicationPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.applicationPermissions, ScopeType.Role, appPermissions, logger);
+                this.addPermissionsToResourceArray(applicationPermissions, appObject.requiredResourceAccess);
+            }
+            const addPermissionsRequestOptions = {
+                url: `${this.resource}/v1.0/applications/${appObject.id}`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none'
+                },
+                responseType: 'json',
+                data: {
+                    requiredResourceAccess: appObject.requiredResourceAccess
+                }
+            };
+            await request.patch(addPermissionsRequestOptions);
+            if (args.options.grantAdminConsent) {
+                const appServicePrincipal = servicePrincipals.find(sp => sp.appId === appObject.appId);
+                await this.grantAdminConsent(appServicePrincipal, appPermissions, logger);
+            }
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    async getAppObject(options) {
+        let apps;
+        if (options.appObjectId) {
+            apps = await odata.getAllItems(`${this.resource}/v1.0/applications/${options.appObjectId}?$select=id,appId,requiredResourceAccess`);
+        }
+        else {
+            apps = await odata.getAllItems(`${this.resource}/v1.0/applications(appId='${options.appId}')?$select=id,appId,requiredResourceAccess`);
+        }
+        if (apps.length === 0) {
+            throw `App with ${options.appObjectId ? 'object id' : 'client id'} ${options.appObjectId ? options.appObjectId : options.appId} not found in Entra ID (Azure AD)`;
+        }
+        return apps[0];
+    }
+    async getServicePrincipals() {
+        return await odata.getAllItems(`${this.resource}/v1.0/servicePrincipals?$select=appId,appRoles,id,oauth2PermissionScopes,servicePrincipalNames`);
+    }
+    async grantAdminConsent(servicePrincipal, appPermissions, logger) {
+        for await (const permission of appPermissions) {
+            if (permission.scope.length > 0) {
+                if (this.verbose) {
+                    await logger.logToStderr(`Granting consent for delegated permission(s) with resourceId ${permission.resourceId} and scope(s) ${permission.scope.join(' ')}`);
+                }
+                await this.grantOAuth2Permission(servicePrincipal.id, permission.resourceId, permission.scope.join(' '));
+            }
+            for await (const access of permission.resourceAccess.filter(acc => acc.type === ScopeType.Role)) {
+                if (this.verbose) {
+                    await logger.logToStderr(`Granting consent for application permission with resourceId ${permission.resourceId} and appRoleId ${access.id}`);
+                }
+                await this.addRoleToServicePrincipal(servicePrincipal.id, permission.resourceId, access.id);
+            }
+        }
+    }
+    async grantOAuth2Permission(servicePrincipalId, resourceId, scope) {
+        const grantAdminConsentApplicationRequestOptions = {
+            url: `${this.resource}/v1.0/oauth2PermissionGrants`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: {
+                clientId: servicePrincipalId,
+                consentType: 'AllPrincipals',
+                principalId: null,
+                resourceId: resourceId,
+                scope: scope
+            }
+        };
+        return request.post(grantAdminConsentApplicationRequestOptions);
+    }
+    async addRoleToServicePrincipal(servicePrincipalId, resourceId, appRoleId) {
+        const requestOptions = {
+            url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipalId}/appRoleAssignments`,
+            headers: {
+                'content-type': 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: {
+                appRoleId: appRoleId,
+                principalId: servicePrincipalId,
+                resourceId: resourceId
+            }
+        };
+        return request.post(requestOptions);
+    }
+    async getRequiredResourceAccessForApis(servicePrincipals, apis, scopeType, appPermissions, logger) {
+        const resolvedApis = [];
+        const requestedApis = apis.split(' ').map(a => a.trim());
+        for await (const api of requestedApis) {
+            const pos = api.lastIndexOf('/');
+            const permissionName = api.substring(pos + 1);
+            const servicePrincipalName = api.substring(0, pos);
+            if (this.verbose) {
+                await logger.logToStderr(`Resolving ${api}...`);
+                await logger.logToStderr(`Permission name: ${permissionName}`);
+                await logger.logToStderr(`Service principal name: ${servicePrincipalName}`);
+            }
+            const servicePrincipal = servicePrincipals.find(sp => (sp.servicePrincipalNames.indexOf(servicePrincipalName) > -1 ||
+                sp.servicePrincipalNames.indexOf(`${servicePrincipalName}/`) > -1));
+            if (!servicePrincipal) {
+                throw `Service principal ${servicePrincipalName} not found`;
+            }
+            let permission = undefined;
+            if (scopeType === ScopeType.Scope) {
+                permission = servicePrincipal.oauth2PermissionScopes.find(scope => scope.value === permissionName);
+            }
+            else if (scopeType === ScopeType.Role) {
+                permission = servicePrincipal.appRoles.find(scope => scope.value === permissionName);
+            }
+            if (!permission) {
+                throw `Permission ${permissionName} for service principal ${servicePrincipalName} not found`;
+            }
+            let resolvedApi = resolvedApis.find(a => a.resourceAppId === servicePrincipal.appId);
+            if (!resolvedApi) {
+                resolvedApi = {
+                    resourceAppId: servicePrincipal.appId,
+                    resourceAccess: []
+                };
+                resolvedApis.push(resolvedApi);
+            }
+            const resourceAccessPermission = {
+                id: permission.id,
+                type: scopeType
+            };
+            resolvedApi.resourceAccess.push(resourceAccessPermission);
+            this.updateAppPermissions(servicePrincipal.id, resourceAccessPermission, permission.value, appPermissions);
+        }
+        return resolvedApis;
+    }
+    updateAppPermissions(spId, resourceAccessPermission, oAuth2PermissionValue, appPermissions) {
+        let existingPermission = appPermissions.find(oauth => oauth.resourceId === spId);
+        if (!existingPermission) {
+            existingPermission = {
+                resourceId: spId,
+                resourceAccess: [],
+                scope: []
+            };
+            appPermissions.push(existingPermission);
+        }
+        if (resourceAccessPermission.type === ScopeType.Scope && oAuth2PermissionValue && !existingPermission.scope.find(scp => scp === oAuth2PermissionValue)) {
+            existingPermission.scope.push(oAuth2PermissionValue);
+        }
+        if (!existingPermission.resourceAccess.find(res => res.id === resourceAccessPermission.id)) {
+            existingPermission.resourceAccess.push(resourceAccessPermission);
+        }
+    }
+    addPermissionsToResourceArray(permissions, existingArray) {
+        permissions.forEach(resolvedRequiredResource => {
+            const requiredResource = existingArray.find(api => api.resourceAppId === resolvedRequiredResource.resourceAppId);
+            if (requiredResource) {
+                // make sure that permission does not yet exist on the app or it will be added twice
+                resolvedRequiredResource.resourceAccess.forEach(resAccess => {
+                    if (!requiredResource.resourceAccess.some(res => res.id === resAccess.id)) {
+                        requiredResource.resourceAccess.push(resAccess);
+                    }
+                });
+            }
+            else {
+                existingArray.push(resolvedRequiredResource);
+            }
+        });
+    }
+}
+_AadAppPermissionAddCommand_instances = new WeakSet(), _AadAppPermissionAddCommand_initTelemetry = function _AadAppPermissionAddCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            appId: typeof args.options.appId !== 'undefined',
+            appObjectId: typeof args.options.appObjectId !== 'undefined',
+            applicationPermissions: typeof args.options.applicationPermissions !== 'undefined',
+            delegatedPermissions: typeof args.options.delegatedPermissions !== 'undefined',
+            grantAdminConsent: !!args.options.grantAdminConsent
+        });
+    });
+}, _AadAppPermissionAddCommand_initOptions = function _AadAppPermissionAddCommand_initOptions() {
+    this.options.unshift({ option: '-i, --appId [appId]' }, { option: '--appObjectId [appObjectId]' }, { option: '-a, --applicationPermissions [applicationPermissions]' }, { option: '-d, --delegatedPermissions [delegatedPermissions]' }, { option: '--grantAdminConsent' });
+}, _AadAppPermissionAddCommand_initValidators = function _AadAppPermissionAddCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.appId && !validation.isValidGuid(args.options.appId)) {
+            return `${args.options.appId} is not a valid GUID`;
+        }
+        if (args.options.appObjectId && !validation.isValidGuid(args.options.appObjectId)) {
+            return `${args.options.appObjectId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _AadAppPermissionAddCommand_initOptionSets = function _AadAppPermissionAddCommand_initOptionSets() {
+    this.optionSets.push({ options: ['appId', 'appObjectId'] });
+    this.optionSets.push({
+        options: ['applicationPermissions', 'delegatedPermissions'],
+        runsWhen: (args) => args.options.delegatedPermissions === undefined && args.options.applicationPermissions === undefined
+    });
+};
+export default new AadAppPermissionAddCommand();
+//# sourceMappingURL=app-permission-add.js.map

package/dist/m365/aad/commands.js

@@ -4,14 +4,18 @@ export default {
     ADMINISTRATIVEUNIT_GET: `${prefix} administrativeunit get`,
     ADMINISTRATIVEUNIT_LIST: `${prefix} administrativeunit list`,
     ADMINISTRATIVEUNIT_REMOVE: `${prefix} administrativeunit remove`,
+    ADMINISTRATIVEUNIT_MEMBER_ADD: `${prefix} administrativeunit member add`,
+    ADMINISTRATIVEUNIT_MEMBER_GET: `${prefix} administrativeunit member get`,
+    ADMINISTRATIVEUNIT_MEMBER_LIST: `${prefix} administrativeunit member list`,
     APP_ADD: `${prefix} app add`,
     APP_GET: `${prefix} app get`,
     APP_LIST: `${prefix} app list`,
     APP_REMOVE: `${prefix} app remove`,
+    APP_SET: `${prefix} app set`,
+    APP_PERMISSION_ADD: `${prefix} app permission add`,
     APP_ROLE_ADD: `${prefix} app role add`,
     APP_ROLE_LIST: `${prefix} app role list`,
     APP_ROLE_REMOVE: `${prefix} app role remove`,
-    APP_SET: `${prefix} app set`,
     APPROLEASSIGNMENT_ADD: `${prefix} approleassignment add`,
     APPROLEASSIGNMENT_LIST: `${prefix} approleassignment list`,
     APPROLEASSIGNMENT_REMOVE: `${prefix} approleassignment remove`,