@pnp/cli-microsoft365 7.3.0-beta.d293309 → 7.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/allCommands.json +1 -1
- package/allCommandsFull.json +1 -1
- package/dist/Auth.js +3 -0
- package/dist/m365/aad/commands/administrativeunit/administrativeunit-member-add.js +137 -0
- package/dist/m365/aad/commands/administrativeunit/administrativeunit-member-get.js +112 -0
- package/dist/m365/aad/commands/app/app-permission-add.js +237 -0
- package/dist/m365/aad/commands.js +4 -1
- package/dist/m365/base/PowerAutomateCommand.js +18 -0
- package/dist/m365/external/commands/connection/connection-schema-add.js +36 -3
- package/dist/m365/flow/commands/environment/environment-get.js +3 -3
- package/dist/m365/flow/commands/environment/environment-list.js +3 -3
- package/dist/m365/flow/commands/flow-disable.js +3 -3
- package/dist/m365/flow/commands/flow-enable.js +3 -3
- package/dist/m365/flow/commands/flow-get.js +3 -3
- package/dist/m365/flow/commands/flow-list.js +14 -12
- package/dist/m365/flow/commands/flow-remove.js +3 -3
- package/dist/m365/flow/commands/owner/owner-ensure.js +3 -3
- package/dist/m365/flow/commands/owner/owner-list.js +3 -3
- package/dist/m365/flow/commands/owner/owner-remove.js +3 -3
- package/dist/m365/flow/commands/run/run-cancel.js +3 -3
- package/dist/m365/flow/commands/run/run-get.js +3 -3
- package/dist/m365/flow/commands/run/run-list.js +8 -7
- package/dist/m365/flow/commands/run/run-resubmit.js +4 -4
- package/dist/m365/spo/commands/listitem/listitem-batch-add.js +18 -7
- package/dist/m365/spo/commands/page/page-add.js +7 -28
- package/dist/m365/teams/commands/user/user-app-add.js +23 -5
- package/dist/utils/aadAdministrativeUnit.js +4 -4
- package/dist/utils/aadDevice.js +25 -0
- package/docs/docs/cmd/aad/administrativeunit/administrativeunit-member-add.mdx +93 -0
- package/docs/docs/cmd/aad/administrativeunit/administrativeunit-member-get.mdx +130 -0
- package/docs/docs/cmd/aad/app/app-permission-add.mdx +62 -0
- package/docs/docs/cmd/external/connection/connection-schema-add.mdx +14 -1
- package/docs/docs/cmd/spo/listitem/listitem-batch-add.mdx +25 -3
- package/docs/docs/cmd/teams/user/user-app-add.mdx +12 -3
- package/docs/docs/cmd/teams/user/user-app-remove.mdx +2 -2
- package/package.json +2 -2
package/dist/Auth.js
CHANGED
|
@@ -570,6 +570,9 @@ export class Auth {
|
|
|
570
570
|
resource.endsWith('.api.bap.microsoft.com')) {
|
|
571
571
|
resource = 'https://service.powerapps.com/';
|
|
572
572
|
}
|
|
573
|
+
if (resource === 'https://api.flow.microsoft.com') {
|
|
574
|
+
resource = 'https://management.azure.com/';
|
|
575
|
+
}
|
|
573
576
|
if (resource === 'https://api.powerbi.com') {
|
|
574
577
|
// api.powerbi.com is not a valid resource
|
|
575
578
|
// we need to use https://analysis.windows.net/powerbi/api instead
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
2
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
3
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
4
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
5
|
+
};
|
|
6
|
+
var _AadAdministrativeUnitMemberAddCommand_instances, _AadAdministrativeUnitMemberAddCommand_initTelemetry, _AadAdministrativeUnitMemberAddCommand_initOptions, _AadAdministrativeUnitMemberAddCommand_initValidators, _AadAdministrativeUnitMemberAddCommand_initOptionSets;
|
|
7
|
+
import { aadAdministrativeUnit } from "../../../../utils/aadAdministrativeUnit.js";
|
|
8
|
+
import { aadGroup } from "../../../../utils/aadGroup.js";
|
|
9
|
+
import { aadUser } from "../../../../utils/aadUser.js";
|
|
10
|
+
import { validation } from "../../../../utils/validation.js";
|
|
11
|
+
import GraphCommand from "../../../base/GraphCommand.js";
|
|
12
|
+
import commands from "../../commands.js";
|
|
13
|
+
import request from "../../../../request.js";
|
|
14
|
+
import { aadDevice } from "../../../../utils/aadDevice.js";
|
|
15
|
+
class AadAdministrativeUnitMemberAddCommand extends GraphCommand {
|
|
16
|
+
get name() {
|
|
17
|
+
return commands.ADMINISTRATIVEUNIT_MEMBER_ADD;
|
|
18
|
+
}
|
|
19
|
+
get description() {
|
|
20
|
+
return 'Adds a member (user, group, device) to an administrative unit';
|
|
21
|
+
}
|
|
22
|
+
constructor() {
|
|
23
|
+
super();
|
|
24
|
+
_AadAdministrativeUnitMemberAddCommand_instances.add(this);
|
|
25
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initTelemetry).call(this);
|
|
26
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initOptions).call(this);
|
|
27
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initValidators).call(this);
|
|
28
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberAddCommand_instances, "m", _AadAdministrativeUnitMemberAddCommand_initOptionSets).call(this);
|
|
29
|
+
}
|
|
30
|
+
async commandAction(logger, args) {
|
|
31
|
+
let administrativeUnitId = args.options.administrativeUnitId;
|
|
32
|
+
let memberType;
|
|
33
|
+
let memberId;
|
|
34
|
+
try {
|
|
35
|
+
if (args.options.administrativeUnitName) {
|
|
36
|
+
if (this.verbose) {
|
|
37
|
+
await logger.logToStderr(`Retrieving Administrative Unit Id...`);
|
|
38
|
+
}
|
|
39
|
+
administrativeUnitId = (await aadAdministrativeUnit.getAdministrativeUnitByDisplayName(args.options.administrativeUnitName)).id;
|
|
40
|
+
}
|
|
41
|
+
if (args.options.userId || args.options.userName) {
|
|
42
|
+
memberType = 'users';
|
|
43
|
+
memberId = args.options.userId;
|
|
44
|
+
if (args.options.userName) {
|
|
45
|
+
if (this.verbose) {
|
|
46
|
+
await logger.logToStderr(`Retrieving User Id...`);
|
|
47
|
+
}
|
|
48
|
+
memberId = await aadUser.getUserIdByUpn(args.options.userName);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
else if (args.options.groupId || args.options.groupName) {
|
|
52
|
+
memberType = 'groups';
|
|
53
|
+
memberId = args.options.groupId;
|
|
54
|
+
if (args.options.groupName) {
|
|
55
|
+
if (this.verbose) {
|
|
56
|
+
await logger.logToStderr(`Retrieving Group Id...`);
|
|
57
|
+
}
|
|
58
|
+
memberId = await aadGroup.getGroupIdByDisplayName(args.options.groupName);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
else if (args.options.deviceId || args.options.deviceName) {
|
|
62
|
+
memberType = 'devices';
|
|
63
|
+
memberId = args.options.deviceId;
|
|
64
|
+
if (args.options.deviceName) {
|
|
65
|
+
if (this.verbose) {
|
|
66
|
+
await logger.logToStderr(`Device with name ${args.options.deviceName} retrieved, returned id: ${memberId}`);
|
|
67
|
+
}
|
|
68
|
+
memberId = (await aadDevice.getDeviceByDisplayName(args.options.deviceName)).id;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
const requestOptions = {
|
|
72
|
+
url: `${this.resource}/v1.0/directory/administrativeUnits/${administrativeUnitId}/members/$ref`,
|
|
73
|
+
headers: {
|
|
74
|
+
'accept': 'application/json;odata.metadata=none'
|
|
75
|
+
},
|
|
76
|
+
data: {
|
|
77
|
+
"@odata.id": `https://graph.microsoft.com/v1.0/${memberType}/${memberId}`
|
|
78
|
+
}
|
|
79
|
+
};
|
|
80
|
+
await request.post(requestOptions);
|
|
81
|
+
}
|
|
82
|
+
catch (err) {
|
|
83
|
+
this.handleRejectedODataJsonPromise(err);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
_AadAdministrativeUnitMemberAddCommand_instances = new WeakSet(), _AadAdministrativeUnitMemberAddCommand_initTelemetry = function _AadAdministrativeUnitMemberAddCommand_initTelemetry() {
|
|
88
|
+
this.telemetry.push((args) => {
|
|
89
|
+
Object.assign(this.telemetryProperties, {
|
|
90
|
+
userId: typeof args.options.userId !== 'undefined',
|
|
91
|
+
userName: typeof args.options.userName !== 'undefined',
|
|
92
|
+
groupId: typeof args.options.groupId !== 'undefined',
|
|
93
|
+
groupName: typeof args.options.groupName !== 'undefined',
|
|
94
|
+
deviceId: typeof args.options.deviceId !== 'undefined',
|
|
95
|
+
deviceName: typeof args.options.deviceName !== 'undefined'
|
|
96
|
+
});
|
|
97
|
+
});
|
|
98
|
+
}, _AadAdministrativeUnitMemberAddCommand_initOptions = function _AadAdministrativeUnitMemberAddCommand_initOptions() {
|
|
99
|
+
this.options.unshift({
|
|
100
|
+
option: '-i, --administrativeUnitId [administrativeUnitId]'
|
|
101
|
+
}, {
|
|
102
|
+
option: '-n, --administrativeUnitName [administrativeUnitName]'
|
|
103
|
+
}, {
|
|
104
|
+
option: "--userId [userId]"
|
|
105
|
+
}, {
|
|
106
|
+
option: "--userName [userName]"
|
|
107
|
+
}, {
|
|
108
|
+
option: "--groupId [groupId]"
|
|
109
|
+
}, {
|
|
110
|
+
option: "--groupName [groupName]"
|
|
111
|
+
}, {
|
|
112
|
+
option: "--deviceId [deviceId]"
|
|
113
|
+
}, {
|
|
114
|
+
option: "--deviceName [deviceName]"
|
|
115
|
+
});
|
|
116
|
+
}, _AadAdministrativeUnitMemberAddCommand_initValidators = function _AadAdministrativeUnitMemberAddCommand_initValidators() {
|
|
117
|
+
this.validators.push(async (args) => {
|
|
118
|
+
if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
|
|
119
|
+
return `${args.options.administrativeUnitId} is not a valid GUID`;
|
|
120
|
+
}
|
|
121
|
+
if (args.options.userId && !validation.isValidGuid(args.options.userId)) {
|
|
122
|
+
return `${args.options.userId} is not a valid GUID`;
|
|
123
|
+
}
|
|
124
|
+
if (args.options.groupId && !validation.isValidGuid(args.options.groupId)) {
|
|
125
|
+
return `${args.options.groupId} is not a valid GUID`;
|
|
126
|
+
}
|
|
127
|
+
if (args.options.deviceId && !validation.isValidGuid(args.options.deviceId)) {
|
|
128
|
+
return `${args.options.deviceId} is not a valid GUID`;
|
|
129
|
+
}
|
|
130
|
+
return true;
|
|
131
|
+
});
|
|
132
|
+
}, _AadAdministrativeUnitMemberAddCommand_initOptionSets = function _AadAdministrativeUnitMemberAddCommand_initOptionSets() {
|
|
133
|
+
this.optionSets.push({ options: ['administrativeUnitId', 'administrativeUnitName'] });
|
|
134
|
+
this.optionSets.push({ options: ['userId', 'userName', 'groupId', 'groupName', 'deviceId', 'deviceName'] });
|
|
135
|
+
};
|
|
136
|
+
export default new AadAdministrativeUnitMemberAddCommand();
|
|
137
|
+
//# sourceMappingURL=administrativeunit-member-add.js.map
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
2
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
3
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
4
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
5
|
+
};
|
|
6
|
+
var _AadAdministrativeUnitMemberGetCommand_instances, _AadAdministrativeUnitMemberGetCommand_initTelemetry, _AadAdministrativeUnitMemberGetCommand_initOptions, _AadAdministrativeUnitMemberGetCommand_initValidators, _AadAdministrativeUnitMemberGetCommand_initOptionSets;
|
|
7
|
+
import GraphCommand from '../../../base/GraphCommand.js';
|
|
8
|
+
import commands from '../../commands.js';
|
|
9
|
+
import { validation } from '../../../../utils/validation.js';
|
|
10
|
+
import { aadAdministrativeUnit } from '../../../../utils/aadAdministrativeUnit.js';
|
|
11
|
+
import request from '../../../../request.js';
|
|
12
|
+
class AadAdministrativeUnitMemberGetCommand extends GraphCommand {
|
|
13
|
+
get name() {
|
|
14
|
+
return commands.ADMINISTRATIVEUNIT_MEMBER_GET;
|
|
15
|
+
}
|
|
16
|
+
get description() {
|
|
17
|
+
return 'Retrieve a specific member (user, group, or device) of an administrative unit';
|
|
18
|
+
}
|
|
19
|
+
constructor() {
|
|
20
|
+
super();
|
|
21
|
+
_AadAdministrativeUnitMemberGetCommand_instances.add(this);
|
|
22
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initTelemetry).call(this);
|
|
23
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initOptions).call(this);
|
|
24
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initValidators).call(this);
|
|
25
|
+
__classPrivateFieldGet(this, _AadAdministrativeUnitMemberGetCommand_instances, "m", _AadAdministrativeUnitMemberGetCommand_initOptionSets).call(this);
|
|
26
|
+
}
|
|
27
|
+
async commandAction(logger, args) {
|
|
28
|
+
let administrativeUnitId = args.options.administrativeUnitId;
|
|
29
|
+
try {
|
|
30
|
+
if (args.options.administrativeUnitName) {
|
|
31
|
+
if (this.verbose) {
|
|
32
|
+
await logger.logToStderr(`Retrieving Administrative Unit Id...`);
|
|
33
|
+
}
|
|
34
|
+
administrativeUnitId = (await aadAdministrativeUnit.getAdministrativeUnitByDisplayName(args.options.administrativeUnitName)).id;
|
|
35
|
+
}
|
|
36
|
+
const url = this.getRequestUrl(administrativeUnitId, args.options.id, args.options);
|
|
37
|
+
const requestOptions = {
|
|
38
|
+
url: url,
|
|
39
|
+
headers: {
|
|
40
|
+
accept: 'application/json;odata.metadata=minimal'
|
|
41
|
+
},
|
|
42
|
+
responseType: 'json'
|
|
43
|
+
};
|
|
44
|
+
const result = await request.get(requestOptions);
|
|
45
|
+
const odataType = result['@odata.type'];
|
|
46
|
+
if (odataType) {
|
|
47
|
+
result.type = odataType.replace('#microsoft.graph.', '');
|
|
48
|
+
}
|
|
49
|
+
delete result['@odata.type'];
|
|
50
|
+
delete result['@odata.context'];
|
|
51
|
+
await logger.log(result);
|
|
52
|
+
}
|
|
53
|
+
catch (err) {
|
|
54
|
+
this.handleRejectedODataJsonPromise(err);
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
getRequestUrl(administrativeUnitId, memberId, options) {
|
|
58
|
+
const queryParameters = [];
|
|
59
|
+
if (options.properties) {
|
|
60
|
+
const allProperties = options.properties.split(',');
|
|
61
|
+
const selectProperties = allProperties.filter(prop => !prop.includes('/'));
|
|
62
|
+
const expandProperties = allProperties.filter(prop => prop.includes('/'));
|
|
63
|
+
if (selectProperties.length > 0) {
|
|
64
|
+
queryParameters.push(`$select=${selectProperties}`);
|
|
65
|
+
}
|
|
66
|
+
if (expandProperties.length > 0) {
|
|
67
|
+
const fieldExpands = expandProperties.map(p => {
|
|
68
|
+
const properties = p.split('/');
|
|
69
|
+
return `${properties[0]}($select=${properties[1]})`;
|
|
70
|
+
});
|
|
71
|
+
queryParameters.push(`$expand=${fieldExpands.join(',')}`);
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
const queryString = queryParameters.length > 0
|
|
75
|
+
? `?${queryParameters.join('&')}`
|
|
76
|
+
: '';
|
|
77
|
+
return `${this.resource}/v1.0/directory/administrativeUnits/${administrativeUnitId}/members/${memberId}${queryString}`;
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
_AadAdministrativeUnitMemberGetCommand_instances = new WeakSet(), _AadAdministrativeUnitMemberGetCommand_initTelemetry = function _AadAdministrativeUnitMemberGetCommand_initTelemetry() {
|
|
81
|
+
this.telemetry.push((args) => {
|
|
82
|
+
Object.assign(this.telemetryProperties, {
|
|
83
|
+
administrativeUnitId: typeof args.options.administrativeUnitId !== 'undefined',
|
|
84
|
+
administrativeUnitName: typeof args.options.administrativeUnitName !== 'undefined',
|
|
85
|
+
properties: typeof args.options.properties !== 'undefined'
|
|
86
|
+
});
|
|
87
|
+
});
|
|
88
|
+
}, _AadAdministrativeUnitMemberGetCommand_initOptions = function _AadAdministrativeUnitMemberGetCommand_initOptions() {
|
|
89
|
+
this.options.unshift({
|
|
90
|
+
option: '-i, --id <id>'
|
|
91
|
+
}, {
|
|
92
|
+
option: '-u, --administrativeUnitId [administrativeUnitId]'
|
|
93
|
+
}, {
|
|
94
|
+
option: '-n, --administrativeUnitName [administrativeUnitName]'
|
|
95
|
+
}, {
|
|
96
|
+
option: '-p, --properties [properties]'
|
|
97
|
+
});
|
|
98
|
+
}, _AadAdministrativeUnitMemberGetCommand_initValidators = function _AadAdministrativeUnitMemberGetCommand_initValidators() {
|
|
99
|
+
this.validators.push(async (args) => {
|
|
100
|
+
if (args.options.id && !validation.isValidGuid(args.options.id)) {
|
|
101
|
+
return `${args.options.id} is not a valid GUID`;
|
|
102
|
+
}
|
|
103
|
+
if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
|
|
104
|
+
return `${args.options.administrativeUnitId} is not a valid GUID`;
|
|
105
|
+
}
|
|
106
|
+
return true;
|
|
107
|
+
});
|
|
108
|
+
}, _AadAdministrativeUnitMemberGetCommand_initOptionSets = function _AadAdministrativeUnitMemberGetCommand_initOptionSets() {
|
|
109
|
+
this.optionSets.push({ options: ['administrativeUnitId', 'administrativeUnitName'] });
|
|
110
|
+
};
|
|
111
|
+
export default new AadAdministrativeUnitMemberGetCommand();
|
|
112
|
+
//# sourceMappingURL=administrativeunit-member-get.js.map
|
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
2
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
3
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
4
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
5
|
+
};
|
|
6
|
+
var _AadAppPermissionAddCommand_instances, _AadAppPermissionAddCommand_initTelemetry, _AadAppPermissionAddCommand_initOptions, _AadAppPermissionAddCommand_initValidators, _AadAppPermissionAddCommand_initOptionSets;
|
|
7
|
+
import { odata } from "../../../../utils/odata.js";
|
|
8
|
+
import GraphCommand from "../../../base/GraphCommand.js";
|
|
9
|
+
import commands from "../../commands.js";
|
|
10
|
+
import request from "../../../../request.js";
|
|
11
|
+
import { validation } from "../../../../utils/validation.js";
|
|
12
|
+
var ScopeType;
|
|
13
|
+
(function (ScopeType) {
|
|
14
|
+
ScopeType["Role"] = "Role";
|
|
15
|
+
ScopeType["Scope"] = "Scope";
|
|
16
|
+
})(ScopeType || (ScopeType = {}));
|
|
17
|
+
class AadAppPermissionAddCommand extends GraphCommand {
|
|
18
|
+
get name() {
|
|
19
|
+
return commands.APP_PERMISSION_ADD;
|
|
20
|
+
}
|
|
21
|
+
get description() {
|
|
22
|
+
return 'Adds the specified application and/or delegated permissions to a specified Entra ID (Azure AD) app';
|
|
23
|
+
}
|
|
24
|
+
constructor() {
|
|
25
|
+
super();
|
|
26
|
+
_AadAppPermissionAddCommand_instances.add(this);
|
|
27
|
+
__classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initTelemetry).call(this);
|
|
28
|
+
__classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initOptions).call(this);
|
|
29
|
+
__classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initValidators).call(this);
|
|
30
|
+
__classPrivateFieldGet(this, _AadAppPermissionAddCommand_instances, "m", _AadAppPermissionAddCommand_initOptionSets).call(this);
|
|
31
|
+
}
|
|
32
|
+
async commandAction(logger, args) {
|
|
33
|
+
try {
|
|
34
|
+
const appObject = await this.getAppObject(args.options);
|
|
35
|
+
const servicePrincipals = await this.getServicePrincipals();
|
|
36
|
+
const appPermissions = [];
|
|
37
|
+
if (args.options.delegatedPermissions) {
|
|
38
|
+
const delegatedPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.delegatedPermissions, ScopeType.Scope, appPermissions, logger);
|
|
39
|
+
this.addPermissionsToResourceArray(delegatedPermissions, appObject.requiredResourceAccess);
|
|
40
|
+
}
|
|
41
|
+
if (args.options.applicationPermissions) {
|
|
42
|
+
const applicationPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.applicationPermissions, ScopeType.Role, appPermissions, logger);
|
|
43
|
+
this.addPermissionsToResourceArray(applicationPermissions, appObject.requiredResourceAccess);
|
|
44
|
+
}
|
|
45
|
+
const addPermissionsRequestOptions = {
|
|
46
|
+
url: `${this.resource}/v1.0/applications/${appObject.id}`,
|
|
47
|
+
headers: {
|
|
48
|
+
accept: 'application/json;odata.metadata=none'
|
|
49
|
+
},
|
|
50
|
+
responseType: 'json',
|
|
51
|
+
data: {
|
|
52
|
+
requiredResourceAccess: appObject.requiredResourceAccess
|
|
53
|
+
}
|
|
54
|
+
};
|
|
55
|
+
await request.patch(addPermissionsRequestOptions);
|
|
56
|
+
if (args.options.grantAdminConsent) {
|
|
57
|
+
const appServicePrincipal = servicePrincipals.find(sp => sp.appId === appObject.appId);
|
|
58
|
+
await this.grantAdminConsent(appServicePrincipal, appPermissions, logger);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
catch (err) {
|
|
62
|
+
this.handleRejectedODataJsonPromise(err);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
async getAppObject(options) {
|
|
66
|
+
let apps;
|
|
67
|
+
if (options.appObjectId) {
|
|
68
|
+
apps = await odata.getAllItems(`${this.resource}/v1.0/applications/${options.appObjectId}?$select=id,appId,requiredResourceAccess`);
|
|
69
|
+
}
|
|
70
|
+
else {
|
|
71
|
+
apps = await odata.getAllItems(`${this.resource}/v1.0/applications(appId='${options.appId}')?$select=id,appId,requiredResourceAccess`);
|
|
72
|
+
}
|
|
73
|
+
if (apps.length === 0) {
|
|
74
|
+
throw `App with ${options.appObjectId ? 'object id' : 'client id'} ${options.appObjectId ? options.appObjectId : options.appId} not found in Entra ID (Azure AD)`;
|
|
75
|
+
}
|
|
76
|
+
return apps[0];
|
|
77
|
+
}
|
|
78
|
+
async getServicePrincipals() {
|
|
79
|
+
return await odata.getAllItems(`${this.resource}/v1.0/servicePrincipals?$select=appId,appRoles,id,oauth2PermissionScopes,servicePrincipalNames`);
|
|
80
|
+
}
|
|
81
|
+
async grantAdminConsent(servicePrincipal, appPermissions, logger) {
|
|
82
|
+
for await (const permission of appPermissions) {
|
|
83
|
+
if (permission.scope.length > 0) {
|
|
84
|
+
if (this.verbose) {
|
|
85
|
+
await logger.logToStderr(`Granting consent for delegated permission(s) with resourceId ${permission.resourceId} and scope(s) ${permission.scope.join(' ')}`);
|
|
86
|
+
}
|
|
87
|
+
await this.grantOAuth2Permission(servicePrincipal.id, permission.resourceId, permission.scope.join(' '));
|
|
88
|
+
}
|
|
89
|
+
for await (const access of permission.resourceAccess.filter(acc => acc.type === ScopeType.Role)) {
|
|
90
|
+
if (this.verbose) {
|
|
91
|
+
await logger.logToStderr(`Granting consent for application permission with resourceId ${permission.resourceId} and appRoleId ${access.id}`);
|
|
92
|
+
}
|
|
93
|
+
await this.addRoleToServicePrincipal(servicePrincipal.id, permission.resourceId, access.id);
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
async grantOAuth2Permission(servicePrincipalId, resourceId, scope) {
|
|
98
|
+
const grantAdminConsentApplicationRequestOptions = {
|
|
99
|
+
url: `${this.resource}/v1.0/oauth2PermissionGrants`,
|
|
100
|
+
headers: {
|
|
101
|
+
accept: 'application/json;odata.metadata=none'
|
|
102
|
+
},
|
|
103
|
+
responseType: 'json',
|
|
104
|
+
data: {
|
|
105
|
+
clientId: servicePrincipalId,
|
|
106
|
+
consentType: 'AllPrincipals',
|
|
107
|
+
principalId: null,
|
|
108
|
+
resourceId: resourceId,
|
|
109
|
+
scope: scope
|
|
110
|
+
}
|
|
111
|
+
};
|
|
112
|
+
return request.post(grantAdminConsentApplicationRequestOptions);
|
|
113
|
+
}
|
|
114
|
+
async addRoleToServicePrincipal(servicePrincipalId, resourceId, appRoleId) {
|
|
115
|
+
const requestOptions = {
|
|
116
|
+
url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipalId}/appRoleAssignments`,
|
|
117
|
+
headers: {
|
|
118
|
+
'content-type': 'application/json;odata.metadata=none'
|
|
119
|
+
},
|
|
120
|
+
responseType: 'json',
|
|
121
|
+
data: {
|
|
122
|
+
appRoleId: appRoleId,
|
|
123
|
+
principalId: servicePrincipalId,
|
|
124
|
+
resourceId: resourceId
|
|
125
|
+
}
|
|
126
|
+
};
|
|
127
|
+
return request.post(requestOptions);
|
|
128
|
+
}
|
|
129
|
+
async getRequiredResourceAccessForApis(servicePrincipals, apis, scopeType, appPermissions, logger) {
|
|
130
|
+
const resolvedApis = [];
|
|
131
|
+
const requestedApis = apis.split(' ').map(a => a.trim());
|
|
132
|
+
for await (const api of requestedApis) {
|
|
133
|
+
const pos = api.lastIndexOf('/');
|
|
134
|
+
const permissionName = api.substring(pos + 1);
|
|
135
|
+
const servicePrincipalName = api.substring(0, pos);
|
|
136
|
+
if (this.verbose) {
|
|
137
|
+
await logger.logToStderr(`Resolving ${api}...`);
|
|
138
|
+
await logger.logToStderr(`Permission name: ${permissionName}`);
|
|
139
|
+
await logger.logToStderr(`Service principal name: ${servicePrincipalName}`);
|
|
140
|
+
}
|
|
141
|
+
const servicePrincipal = servicePrincipals.find(sp => (sp.servicePrincipalNames.indexOf(servicePrincipalName) > -1 ||
|
|
142
|
+
sp.servicePrincipalNames.indexOf(`${servicePrincipalName}/`) > -1));
|
|
143
|
+
if (!servicePrincipal) {
|
|
144
|
+
throw `Service principal ${servicePrincipalName} not found`;
|
|
145
|
+
}
|
|
146
|
+
let permission = undefined;
|
|
147
|
+
if (scopeType === ScopeType.Scope) {
|
|
148
|
+
permission = servicePrincipal.oauth2PermissionScopes.find(scope => scope.value === permissionName);
|
|
149
|
+
}
|
|
150
|
+
else if (scopeType === ScopeType.Role) {
|
|
151
|
+
permission = servicePrincipal.appRoles.find(scope => scope.value === permissionName);
|
|
152
|
+
}
|
|
153
|
+
if (!permission) {
|
|
154
|
+
throw `Permission ${permissionName} for service principal ${servicePrincipalName} not found`;
|
|
155
|
+
}
|
|
156
|
+
let resolvedApi = resolvedApis.find(a => a.resourceAppId === servicePrincipal.appId);
|
|
157
|
+
if (!resolvedApi) {
|
|
158
|
+
resolvedApi = {
|
|
159
|
+
resourceAppId: servicePrincipal.appId,
|
|
160
|
+
resourceAccess: []
|
|
161
|
+
};
|
|
162
|
+
resolvedApis.push(resolvedApi);
|
|
163
|
+
}
|
|
164
|
+
const resourceAccessPermission = {
|
|
165
|
+
id: permission.id,
|
|
166
|
+
type: scopeType
|
|
167
|
+
};
|
|
168
|
+
resolvedApi.resourceAccess.push(resourceAccessPermission);
|
|
169
|
+
this.updateAppPermissions(servicePrincipal.id, resourceAccessPermission, permission.value, appPermissions);
|
|
170
|
+
}
|
|
171
|
+
return resolvedApis;
|
|
172
|
+
}
|
|
173
|
+
updateAppPermissions(spId, resourceAccessPermission, oAuth2PermissionValue, appPermissions) {
|
|
174
|
+
let existingPermission = appPermissions.find(oauth => oauth.resourceId === spId);
|
|
175
|
+
if (!existingPermission) {
|
|
176
|
+
existingPermission = {
|
|
177
|
+
resourceId: spId,
|
|
178
|
+
resourceAccess: [],
|
|
179
|
+
scope: []
|
|
180
|
+
};
|
|
181
|
+
appPermissions.push(existingPermission);
|
|
182
|
+
}
|
|
183
|
+
if (resourceAccessPermission.type === ScopeType.Scope && oAuth2PermissionValue && !existingPermission.scope.find(scp => scp === oAuth2PermissionValue)) {
|
|
184
|
+
existingPermission.scope.push(oAuth2PermissionValue);
|
|
185
|
+
}
|
|
186
|
+
if (!existingPermission.resourceAccess.find(res => res.id === resourceAccessPermission.id)) {
|
|
187
|
+
existingPermission.resourceAccess.push(resourceAccessPermission);
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
addPermissionsToResourceArray(permissions, existingArray) {
|
|
191
|
+
permissions.forEach(resolvedRequiredResource => {
|
|
192
|
+
const requiredResource = existingArray.find(api => api.resourceAppId === resolvedRequiredResource.resourceAppId);
|
|
193
|
+
if (requiredResource) {
|
|
194
|
+
// make sure that permission does not yet exist on the app or it will be added twice
|
|
195
|
+
resolvedRequiredResource.resourceAccess.forEach(resAccess => {
|
|
196
|
+
if (!requiredResource.resourceAccess.some(res => res.id === resAccess.id)) {
|
|
197
|
+
requiredResource.resourceAccess.push(resAccess);
|
|
198
|
+
}
|
|
199
|
+
});
|
|
200
|
+
}
|
|
201
|
+
else {
|
|
202
|
+
existingArray.push(resolvedRequiredResource);
|
|
203
|
+
}
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
_AadAppPermissionAddCommand_instances = new WeakSet(), _AadAppPermissionAddCommand_initTelemetry = function _AadAppPermissionAddCommand_initTelemetry() {
|
|
208
|
+
this.telemetry.push((args) => {
|
|
209
|
+
Object.assign(this.telemetryProperties, {
|
|
210
|
+
appId: typeof args.options.appId !== 'undefined',
|
|
211
|
+
appObjectId: typeof args.options.appObjectId !== 'undefined',
|
|
212
|
+
applicationPermissions: typeof args.options.applicationPermissions !== 'undefined',
|
|
213
|
+
delegatedPermissions: typeof args.options.delegatedPermissions !== 'undefined',
|
|
214
|
+
grantAdminConsent: !!args.options.grantAdminConsent
|
|
215
|
+
});
|
|
216
|
+
});
|
|
217
|
+
}, _AadAppPermissionAddCommand_initOptions = function _AadAppPermissionAddCommand_initOptions() {
|
|
218
|
+
this.options.unshift({ option: '-i, --appId [appId]' }, { option: '--appObjectId [appObjectId]' }, { option: '-a, --applicationPermissions [applicationPermissions]' }, { option: '-d, --delegatedPermissions [delegatedPermissions]' }, { option: '--grantAdminConsent' });
|
|
219
|
+
}, _AadAppPermissionAddCommand_initValidators = function _AadAppPermissionAddCommand_initValidators() {
|
|
220
|
+
this.validators.push(async (args) => {
|
|
221
|
+
if (args.options.appId && !validation.isValidGuid(args.options.appId)) {
|
|
222
|
+
return `${args.options.appId} is not a valid GUID`;
|
|
223
|
+
}
|
|
224
|
+
if (args.options.appObjectId && !validation.isValidGuid(args.options.appObjectId)) {
|
|
225
|
+
return `${args.options.appObjectId} is not a valid GUID`;
|
|
226
|
+
}
|
|
227
|
+
return true;
|
|
228
|
+
});
|
|
229
|
+
}, _AadAppPermissionAddCommand_initOptionSets = function _AadAppPermissionAddCommand_initOptionSets() {
|
|
230
|
+
this.optionSets.push({ options: ['appId', 'appObjectId'] });
|
|
231
|
+
this.optionSets.push({
|
|
232
|
+
options: ['applicationPermissions', 'delegatedPermissions'],
|
|
233
|
+
runsWhen: (args) => args.options.delegatedPermissions === undefined && args.options.applicationPermissions === undefined
|
|
234
|
+
});
|
|
235
|
+
};
|
|
236
|
+
export default new AadAppPermissionAddCommand();
|
|
237
|
+
//# sourceMappingURL=app-permission-add.js.map
|
|
@@ -4,15 +4,18 @@ export default {
|
|
|
4
4
|
ADMINISTRATIVEUNIT_GET: `${prefix} administrativeunit get`,
|
|
5
5
|
ADMINISTRATIVEUNIT_LIST: `${prefix} administrativeunit list`,
|
|
6
6
|
ADMINISTRATIVEUNIT_REMOVE: `${prefix} administrativeunit remove`,
|
|
7
|
+
ADMINISTRATIVEUNIT_MEMBER_ADD: `${prefix} administrativeunit member add`,
|
|
8
|
+
ADMINISTRATIVEUNIT_MEMBER_GET: `${prefix} administrativeunit member get`,
|
|
7
9
|
ADMINISTRATIVEUNIT_MEMBER_LIST: `${prefix} administrativeunit member list`,
|
|
8
10
|
APP_ADD: `${prefix} app add`,
|
|
9
11
|
APP_GET: `${prefix} app get`,
|
|
10
12
|
APP_LIST: `${prefix} app list`,
|
|
11
13
|
APP_REMOVE: `${prefix} app remove`,
|
|
14
|
+
APP_SET: `${prefix} app set`,
|
|
15
|
+
APP_PERMISSION_ADD: `${prefix} app permission add`,
|
|
12
16
|
APP_ROLE_ADD: `${prefix} app role add`,
|
|
13
17
|
APP_ROLE_LIST: `${prefix} app role list`,
|
|
14
18
|
APP_ROLE_REMOVE: `${prefix} app role remove`,
|
|
15
|
-
APP_SET: `${prefix} app set`,
|
|
16
19
|
APPROLEASSIGNMENT_ADD: `${prefix} approleassignment add`,
|
|
17
20
|
APPROLEASSIGNMENT_LIST: `${prefix} approleassignment list`,
|
|
18
21
|
APPROLEASSIGNMENT_REMOVE: `${prefix} approleassignment remove`,
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import auth, { CloudType } from '../../Auth.js';
|
|
2
|
+
import Command, { CommandError } from '../../Command.js';
|
|
3
|
+
export default class PowerAutomateCommand extends Command {
|
|
4
|
+
get resource() {
|
|
5
|
+
return 'https://api.flow.microsoft.com';
|
|
6
|
+
}
|
|
7
|
+
initAction(args, logger) {
|
|
8
|
+
super.initAction(args, logger);
|
|
9
|
+
if (!auth.service.connected) {
|
|
10
|
+
// we fail no login in the base command command class
|
|
11
|
+
return;
|
|
12
|
+
}
|
|
13
|
+
if (auth.service.cloudType !== CloudType.Public) {
|
|
14
|
+
throw new CommandError(`Power Automate commands only support the public cloud at the moment. We'll add support for other clouds in the future. Sorry for the inconvenience.`);
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=PowerAutomateCommand.js.map
|
|
@@ -33,10 +33,41 @@ class ExternalConnectionSchemaAddCommand extends GraphCommand {
|
|
|
33
33
|
accept: 'application/json;odata.metadata=none'
|
|
34
34
|
},
|
|
35
35
|
responseType: 'json',
|
|
36
|
-
data: args.options.schema
|
|
36
|
+
data: args.options.schema,
|
|
37
|
+
fullResponse: true
|
|
37
38
|
};
|
|
38
39
|
try {
|
|
39
|
-
await request.
|
|
40
|
+
const res = await request.patch(requestOptions);
|
|
41
|
+
const location = res.headers.location;
|
|
42
|
+
logger.log(location);
|
|
43
|
+
if (!args.options.wait) {
|
|
44
|
+
return;
|
|
45
|
+
}
|
|
46
|
+
let status;
|
|
47
|
+
do {
|
|
48
|
+
if (this.verbose) {
|
|
49
|
+
logger.logToStderr(`Waiting 60 seconds...`);
|
|
50
|
+
}
|
|
51
|
+
// waiting 60s before polling as recommended by Microsoft
|
|
52
|
+
await new Promise(resolve => setTimeout(resolve, 60000));
|
|
53
|
+
if (this.debug) {
|
|
54
|
+
logger.logToStderr(`Checking schema operation status...`);
|
|
55
|
+
}
|
|
56
|
+
const operation = await request.get({
|
|
57
|
+
url: location,
|
|
58
|
+
headers: {
|
|
59
|
+
accept: 'application/json;odata.metadata=none'
|
|
60
|
+
},
|
|
61
|
+
responseType: 'json'
|
|
62
|
+
});
|
|
63
|
+
status = operation.status;
|
|
64
|
+
if (this.verbose) {
|
|
65
|
+
logger.logToStderr(`Schema operation status: ${status}`);
|
|
66
|
+
}
|
|
67
|
+
if (status === 'failed') {
|
|
68
|
+
throw `Provisioning schema failed: ${operation.error?.message}`;
|
|
69
|
+
}
|
|
70
|
+
} while (status === 'inprogress');
|
|
40
71
|
}
|
|
41
72
|
catch (err) {
|
|
42
73
|
this.handleRejectedODataJsonPromise(err);
|
|
@@ -48,6 +79,8 @@ _ExternalConnectionSchemaAddCommand_instances = new WeakSet(), _ExternalConnecti
|
|
|
48
79
|
option: '-i, --externalConnectionId <externalConnectionId>'
|
|
49
80
|
}, {
|
|
50
81
|
option: '-s, --schema <schema>'
|
|
82
|
+
}, {
|
|
83
|
+
option: '--wait'
|
|
51
84
|
});
|
|
52
85
|
}, _ExternalConnectionSchemaAddCommand_initValidators = function _ExternalConnectionSchemaAddCommand_initValidators() {
|
|
53
86
|
this.validators.push(async (args) => {
|
|
@@ -67,7 +100,7 @@ _ExternalConnectionSchemaAddCommand_instances = new WeakSet(), _ExternalConnecti
|
|
|
67
100
|
return `The schema needs a required property 'baseType' with value 'microsoft.graph.externalItem'`;
|
|
68
101
|
}
|
|
69
102
|
if (!schemaObject.properties || schemaObject.properties.length > 128) {
|
|
70
|
-
return `We need
|
|
103
|
+
return `We need at least one property and a maximum of 128 properties in the schema object`;
|
|
71
104
|
}
|
|
72
105
|
return true;
|
|
73
106
|
});
|
|
@@ -6,9 +6,9 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
6
6
|
var _FlowEnvironmentGetCommand_instances, _FlowEnvironmentGetCommand_initOptions, _FlowEnvironmentGetCommand_initTelemetry;
|
|
7
7
|
import request from '../../../../request.js';
|
|
8
8
|
import { formatting } from '../../../../utils/formatting.js';
|
|
9
|
-
import
|
|
9
|
+
import PowerAutomateCommand from '../../../base/PowerAutomateCommand.js';
|
|
10
10
|
import commands from '../../commands.js';
|
|
11
|
-
class FlowEnvironmentGetCommand extends
|
|
11
|
+
class FlowEnvironmentGetCommand extends PowerAutomateCommand {
|
|
12
12
|
get name() {
|
|
13
13
|
return commands.ENVIRONMENT_GET;
|
|
14
14
|
}
|
|
@@ -28,7 +28,7 @@ class FlowEnvironmentGetCommand extends AzmgmtCommand {
|
|
|
28
28
|
if (this.verbose) {
|
|
29
29
|
await logger.logToStderr(`Retrieving information about Microsoft Flow environment ${args.options.name ?? ''}...`);
|
|
30
30
|
}
|
|
31
|
-
let requestUrl = `${this.resource}providers/Microsoft.ProcessSimple/environments/`;
|
|
31
|
+
let requestUrl = `${this.resource}/providers/Microsoft.ProcessSimple/environments/`;
|
|
32
32
|
if (args.options.name) {
|
|
33
33
|
requestUrl += `${formatting.encodeQueryParameter(args.options.name)}`;
|
|
34
34
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { odata } from '../../../../utils/odata.js';
|
|
2
|
-
import
|
|
2
|
+
import PowerAutomateCommand from '../../../base/PowerAutomateCommand.js';
|
|
3
3
|
import commands from '../../commands.js';
|
|
4
|
-
class FlowEnvironmentListCommand extends
|
|
4
|
+
class FlowEnvironmentListCommand extends PowerAutomateCommand {
|
|
5
5
|
get name() {
|
|
6
6
|
return commands.ENVIRONMENT_LIST;
|
|
7
7
|
}
|
|
@@ -16,7 +16,7 @@ class FlowEnvironmentListCommand extends AzmgmtCommand {
|
|
|
16
16
|
await logger.logToStderr(`Retrieving list of Microsoft Flow environments...`);
|
|
17
17
|
}
|
|
18
18
|
try {
|
|
19
|
-
const res = await odata.getAllItems(`${this.resource}providers/Microsoft.ProcessSimple/environments?api-version=2016-11-01`);
|
|
19
|
+
const res = await odata.getAllItems(`${this.resource}/providers/Microsoft.ProcessSimple/environments?api-version=2016-11-01`);
|
|
20
20
|
if (res.length > 0) {
|
|
21
21
|
if (args.options.output !== 'json') {
|
|
22
22
|
res.forEach(e => {
|