@pnp/cli-microsoft365 7.7.0-beta.72886a7 → 7.7.0-beta.a12fb3e

package/dist/m365/entra/commands/app/app-add.js

@@ -98,6 +98,9 @@ class EntraAppAddCommand extends GraphCommand {
             };
             applicationInfo.keyCredentials = [newKeyCredential];
         }
+        if (args.options.allowPublicClientFlows) {
+            applicationInfo.isFallbackPublicClient = true;
+        }
         if (this.verbose) {
             await logger.logToStderr(`Creating Microsoft Entra app registration...`);
         }
@@ -657,7 +660,8 @@ _a = EntraAppAddCommand, _EntraAppAddCommand_instances = new WeakSet(), _EntraAp
             certificateFile: typeof args.options.certificateFile !== 'undefined',
             certificateBase64Encoded: typeof args.options.certificateBase64Encoded !== 'undefined',
             certificateDisplayName: typeof args.options.certificateDisplayName !== 'undefined',
-            grantAdminConsent: typeof args.options.grantAdminConsent !== 'undefined'
+            grantAdminConsent: typeof args.options.grantAdminConsent !== 'undefined',
+            allowPublicClientFlows: typeof args.options.allowPublicClientFlows !== 'undefined'
         });
     });
 }, _EntraAppAddCommand_initOptions = function _EntraAppAddCommand_initOptions() {
@@ -701,6 +705,8 @@ _a = EntraAppAddCommand, _EntraAppAddCommand_instances = new WeakSet(), _EntraAp
         option: '--save'
     }, {
         option: '--grantAdminConsent'
+    }, {
+        option: '--allowPublicClientFlows'
     });
 }, _EntraAppAddCommand_initValidators = function _EntraAppAddCommand_initValidators() {
     this.validators.push(async (args) => {

package/dist/m365/entra/commands/app/app-set.js

@@ -3,7 +3,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _EntraAppSetCommand_instances, _a, _EntraAppSetCommand_initTelemetry, _EntraAppSetCommand_initOptions, _EntraAppSetCommand_initValidators, _EntraAppSetCommand_initOptionSets;
+var _EntraAppSetCommand_instances, _a, _EntraAppSetCommand_initTelemetry, _EntraAppSetCommand_initOptions, _EntraAppSetCommand_initValidators, _EntraAppSetCommand_initOptionSets, _EntraAppSetCommand_initTypes;
 import fs from 'fs';
 import request from '../../../../request.js';
 import { formatting } from '../../../../utils/formatting.js';
@@ -28,6 +28,7 @@ class EntraAppSetCommand extends GraphCommand {
         __classPrivateFieldGet(this, _EntraAppSetCommand_instances, "m", _EntraAppSetCommand_initOptions).call(this);
         __classPrivateFieldGet(this, _EntraAppSetCommand_instances, "m", _EntraAppSetCommand_initValidators).call(this);
         __classPrivateFieldGet(this, _EntraAppSetCommand_instances, "m", _EntraAppSetCommand_initOptionSets).call(this);
+        __classPrivateFieldGet(this, _EntraAppSetCommand_instances, "m", _EntraAppSetCommand_initTypes).call(this);
     }
     async commandAction(logger, args) {
         await this.showDeprecationWarning(logger, aadCommands.APP_SET, commands.APP_SET);
@@ -35,6 +36,7 @@ class EntraAppSetCommand extends GraphCommand {
             let objectId = await this.getAppObjectId(args, logger);
             objectId = await this.configureUri(args, objectId, logger);
             objectId = await this.configureRedirectUris(args, objectId, logger);
+            objectId = await this.updateAllowPublicClientFlows(args, objectId, logger);
             await this.configureCertificate(args, objectId, logger);
         }
         catch (err) {
@@ -71,6 +73,27 @@ class EntraAppSetCommand extends GraphCommand {
         const result = await cli.handleMultipleResultsFound(`Multiple Microsoft Entra application registration with name '${name}' found.`, resultAsKeyValuePair);
         return result.id;
     }
+    async updateAllowPublicClientFlows(args, objectId, logger) {
+        if (args.options.allowPublicClientFlows === undefined) {
+            return objectId;
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Configuring Entra application AllowPublicClientFlows option...`);
+        }
+        const applicationInfo = {
+            isFallbackPublicClient: args.options.allowPublicClientFlows
+        };
+        const requestOptions = {
+            url: `${this.resource}/v1.0/myorganization/applications/${objectId}`,
+            headers: {
+                'content-type': 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: applicationInfo
+        };
+        await request.patch(requestOptions);
+        return objectId;
+    }
     async configureUri(args, objectId, logger) {
         if (!args.options.uris) {
             return objectId;
@@ -249,14 +272,18 @@ _a = EntraAppSetCommand, _EntraAppSetCommand_instances = new WeakSet(), _EntraAp
             uris: typeof args.options.uris !== 'undefined',
             certificateFile: typeof args.options.certificateFile !== 'undefined',
             certificateBase64Encoded: typeof args.options.certificateBase64Encoded !== 'undefined',
-            certificateDisplayName: typeof args.options.certificateDisplayName !== 'undefined'
+            certificateDisplayName: typeof args.options.certificateDisplayName !== 'undefined',
+            allowPublicClientFlows: typeof args.options.allowPublicClientFlows !== 'undefined'
         });
     });
 }, _EntraAppSetCommand_initOptions = function _EntraAppSetCommand_initOptions() {
     this.options.unshift({ option: '--appId [appId]' }, { option: '--objectId [objectId]' }, { option: '-n, --name [name]' }, { option: '-u, --uris [uris]' }, { option: '-r, --redirectUris [redirectUris]' }, { option: '--certificateFile [certificateFile]' }, { option: '--certificateBase64Encoded [certificateBase64Encoded]' }, { option: '--certificateDisplayName [certificateDisplayName]' }, {
         option: '--platform [platform]',
         autocomplete: _a.aadApplicationPlatform
-    }, { option: '--redirectUrisToRemove [redirectUrisToRemove]' });
+    }, { option: '--redirectUrisToRemove [redirectUrisToRemove]' }, {
+        option: '--allowPublicClientFlows [allowPublicClientFlows]',
+        autocomplete: ['true', 'false']
+    });
 }, _EntraAppSetCommand_initValidators = function _EntraAppSetCommand_initValidators() {
     this.validators.push(async (args) => {
         if (args.options.certificateFile && args.options.certificateBase64Encoded) {
@@ -279,6 +306,8 @@ _a = EntraAppSetCommand, _EntraAppSetCommand_instances = new WeakSet(), _EntraAp
     });
 }, _EntraAppSetCommand_initOptionSets = function _EntraAppSetCommand_initOptionSets() {
     this.optionSets.push({ options: ['appId', 'objectId', 'name'] });
+}, _EntraAppSetCommand_initTypes = function _EntraAppSetCommand_initTypes() {
+    this.types.boolean.push('allowPublicClientFlows');
 };
 EntraAppSetCommand.aadApplicationPlatform = ['spa', 'web', 'publicClient'];
 export default new EntraAppSetCommand();

package/dist/m365/entra/commands/pim/pim-role-assignment-add.js

@@ -0,0 +1,233 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _EntraPimRoleAssignmentAddCommand_instances, _EntraPimRoleAssignmentAddCommand_initTelemetry, _EntraPimRoleAssignmentAddCommand_initOptions, _EntraPimRoleAssignmentAddCommand_initValidators, _EntraPimRoleAssignmentAddCommand_initOptionSets;
+import request from '../../../../request.js';
+import GraphCommand from '../../../base/GraphCommand.js';
+import commands from '../../commands.js';
+import { roleDefinition } from '../../../../utils/roleDefinition.js';
+import { validation } from '../../../../utils/validation.js';
+import { entraUser } from '../../../../utils/entraUser.js';
+import { entraGroup } from '../../../../utils/entraGroup.js';
+import { accessToken } from '../../../../utils/accessToken.js';
+import auth from '../../../../Auth.js';
+class EntraPimRoleAssignmentAddCommand extends GraphCommand {
+    get name() {
+        return commands.PIM_ROLE_ASSIGNMENT_ADD;
+    }
+    get description() {
+        return 'Request activation of an Entra role assignment for a user or group';
+    }
+    constructor() {
+        super();
+        _EntraPimRoleAssignmentAddCommand_instances.add(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentAddCommand_instances, "m", _EntraPimRoleAssignmentAddCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentAddCommand_instances, "m", _EntraPimRoleAssignmentAddCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentAddCommand_instances, "m", _EntraPimRoleAssignmentAddCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentAddCommand_instances, "m", _EntraPimRoleAssignmentAddCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        const { userId, userName, groupId, groupName, startDateTime, endDateTime, ticketNumber, ticketSystem } = args.options;
+        try {
+            const token = auth.connection.accessTokens[auth.defaultResource].accessToken;
+            const isAppOnlyAccessToken = accessToken.isAppOnlyAccessToken(token);
+            if (isAppOnlyAccessToken) {
+                throw 'When running with application permissions either userId, userName, groupId or groupName is required';
+            }
+            const roleDefinitionId = await this.getRoleDefinitionId(args.options, logger);
+            const principalId = await this.getPrincipalId(args.options, logger);
+            const requestOptions = {
+                url: `${this.resource}/v1.0/roleManagement/directory/roleAssignmentScheduleRequests`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=none'
+                },
+                responseType: 'json',
+                data: {
+                    principalId: principalId,
+                    roleDefinitionId: roleDefinitionId,
+                    directoryScopeId: this.getDirectoryScope(args.options),
+                    action: !userId && !userName && !groupId && !groupName ? 'selfActivate' : 'adminAssign',
+                    justification: args.options.justification,
+                    scheduleInfo: {
+                        startDateTime: startDateTime,
+                        expiration: {
+                            duration: this.getDuration(args.options),
+                            endDateTime: endDateTime,
+                            type: this.getExpirationType(args.options)
+                        }
+                    },
+                    ticketInfo: {
+                        ticketNumber: ticketNumber,
+                        ticketSystem: ticketSystem
+                    }
+                }
+            };
+            const response = await request.post(requestOptions);
+            await logger.log(response);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    async getRoleDefinitionId(options, logger) {
+        if (options.roleDefinitionId) {
+            return options.roleDefinitionId;
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving role definition by its name '${options.roleDefinitionName}'`);
+        }
+        const role = await roleDefinition.getRoleDefinitionByDisplayName(options.roleDefinitionName);
+        return role.id;
+    }
+    async getPrincipalId(options, logger) {
+        if (options.userId || options.groupId) {
+            return options.userId || options.groupId;
+        }
+        if (options.userName) {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving user by its name '${options.userName}'`);
+            }
+            return await entraUser.getUserIdByUpn(options.userName);
+        }
+        else if (options.groupName) {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving group by its name '${options.groupName}'`);
+            }
+            return await entraGroup.getGroupIdByDisplayName(options.groupName);
+        }
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving id of the current user`);
+        }
+        const token = auth.connection.accessTokens[auth.defaultResource].accessToken;
+        return accessToken.getUserIdFromAccessToken(token);
+    }
+    getExpirationType(options) {
+        if (options.endDateTime) {
+            return 'afterDateTime';
+        }
+        if (options.noExpiration) {
+            return 'noExpiration';
+        }
+        return 'afterDuration';
+    }
+    getDuration(options) {
+        if (!options.duration && !options.endDateTime && !options.noExpiration) {
+            return 'PT8H';
+        }
+        return options.duration;
+    }
+    getDirectoryScope(options) {
+        if (options.administrativeUnitId) {
+            return `/administrativeUnits/${options.administrativeUnitId}`;
+        }
+        if (options.applicationId) {
+            return `/${options.applicationId}`;
+        }
+        return '/';
+    }
+}
+_EntraPimRoleAssignmentAddCommand_instances = new WeakSet(), _EntraPimRoleAssignmentAddCommand_initTelemetry = function _EntraPimRoleAssignmentAddCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            roleDefinitionName: typeof args.options.roleDefinitionName !== 'undefined',
+            roleDefinitionId: typeof args.options.roleDefinitionId !== 'undefined',
+            userId: typeof args.options.userId !== 'undefined',
+            userName: typeof args.options.userName !== 'undefined',
+            groupId: typeof args.options.groupId !== 'undefined',
+            groupName: typeof args.options.groupName !== 'undefined',
+            administrativeUnitId: typeof args.options.administrativeUnitId !== 'undefined',
+            applicationId: typeof args.options.applicationId !== 'undefined',
+            justification: typeof args.options.justification !== 'undefined',
+            startDateTime: typeof args.options.startDateTime !== 'undefined',
+            endDateTime: typeof args.options.endDateTime !== 'undefined',
+            duration: typeof args.options.duration !== 'undefined',
+            ticketNumber: typeof args.options.ticketNumber !== 'undefined',
+            ticketSystem: typeof args.options.ticketSystem !== 'undefined',
+            noExpiration: !!args.options.noExpiration
+        });
+    });
+}, _EntraPimRoleAssignmentAddCommand_initOptions = function _EntraPimRoleAssignmentAddCommand_initOptions() {
+    this.options.unshift({
+        option: '-n, --roleDefinitionName [roleDefinitionName]'
+    }, {
+        option: '-i, --roleDefinitionId [roleDefinitionId]'
+    }, {
+        option: "--userId [userId]"
+    }, {
+        option: "--userName [userName]"
+    }, {
+        option: "--groupId [groupId]"
+    }, {
+        option: "--groupName [groupName]"
+    }, {
+        option: "--administrativeUnitId [administrativeUnitId]"
+    }, {
+        option: "--applicationId [applicationId]"
+    }, {
+        option: "-j, --justification [justification]"
+    }, {
+        option: "-s, --startDateTime [startDateTime]"
+    }, {
+        option: "-e, --endDateTime [endDateTime]"
+    }, {
+        option: "-d, --duration [duration]"
+    }, {
+        option: "--ticketNumber [ticketNumber]"
+    }, {
+        option: "--ticketSystem [ticketSystem]"
+    }, {
+        option: "--no-expiration"
+    });
+}, _EntraPimRoleAssignmentAddCommand_initValidators = function _EntraPimRoleAssignmentAddCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.roleDefinitionId && !validation.isValidGuid(args.options.roleDefinitionId)) {
+            return `${args.options.roleDefinitionId} is not a valid GUID`;
+        }
+        if (args.options.userId && !validation.isValidGuid(args.options.userId)) {
+            return `${args.options.userId} is not a valid GUID`;
+        }
+        if (args.options.groupId && !validation.isValidGuid(args.options.groupId)) {
+            return `${args.options.groupId} is not a valid GUID`;
+        }
+        if (args.options.startDateTime && !validation.isValidISODateTime(args.options.startDateTime)) {
+            return `${args.options.startDateTime} is not a valid ISO 8601 date time string`;
+        }
+        if (args.options.endDateTime && !validation.isValidISODateTime(args.options.endDateTime)) {
+            return `${args.options.endDateTime} is not a valid ISO 8601 date time string`;
+        }
+        if (args.options.duration && !validation.isValidISODuration(args.options.duration)) {
+            return `${args.options.duration} is not a valid ISO 8601 duration`;
+        }
+        if (args.options.administrativeUnitId && !validation.isValidGuid(args.options.administrativeUnitId)) {
+            return `${args.options.administrativeUnitId} is not a valid GUID`;
+        }
+        if (args.options.applicationId && !validation.isValidGuid(args.options.applicationId)) {
+            return `${args.options.applicationId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _EntraPimRoleAssignmentAddCommand_initOptionSets = function _EntraPimRoleAssignmentAddCommand_initOptionSets() {
+    this.optionSets.push({ options: ['roleDefinitionName', 'roleDefinitionId'] });
+    this.optionSets.push({
+        options: ['noExpiration', 'endDateTime', 'duration'],
+        runsWhen: (args) => {
+            return !!args.options.noExpiration || args.options.endDateTime !== undefined || args.options.duration !== undefined;
+        }
+    });
+    this.optionSets.push({
+        options: ['userId', 'userName', 'groupId', 'groupName'],
+        runsWhen: (args) => {
+            return args.options.userId !== undefined || args.options.userName !== undefined || args.options.groupId !== undefined || args.options.groupName !== undefined;
+        }
+    });
+    this.optionSets.push({
+        options: ['administrativeUnitId', 'applicationId'],
+        runsWhen: (args) => {
+            return args.options.administrativeUnitId !== undefined || args.options.applicationId !== undefined;
+        }
+    });
+};
+export default new EntraPimRoleAssignmentAddCommand();
+//# sourceMappingURL=pim-role-assignment-add.js.map

package/dist/m365/entra/commands/pim/pim-role-assignment-list.js

@@ -0,0 +1,122 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _EntraPimRoleAssignmentListCommand_instances, _EntraPimRoleAssignmentListCommand_initTelemetry, _EntraPimRoleAssignmentListCommand_initOptions, _EntraPimRoleAssignmentListCommand_initValidators, _EntraPimRoleAssignmentListCommand_initOptionSets;
+import GraphCommand from '../../../base/GraphCommand.js';
+import commands from '../../commands.js';
+import { validation } from '../../../../utils/validation.js';
+import { entraUser } from '../../../../utils/entraUser.js';
+import { entraGroup } from '../../../../utils/entraGroup.js';
+import { odata } from '../../../../utils/odata.js';
+class EntraPimRoleAssignmentListCommand extends GraphCommand {
+    get name() {
+        return commands.PIM_ROLE_ASSIGNMENT_LIST;
+    }
+    get description() {
+        return 'Retrieves a list of Entra role assignments for a user or group';
+    }
+    constructor() {
+        super();
+        _EntraPimRoleAssignmentListCommand_instances.add(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentListCommand_instances, "m", _EntraPimRoleAssignmentListCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentListCommand_instances, "m", _EntraPimRoleAssignmentListCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentListCommand_instances, "m", _EntraPimRoleAssignmentListCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _EntraPimRoleAssignmentListCommand_instances, "m", _EntraPimRoleAssignmentListCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        const queryParameters = [];
+        const filters = [];
+        const expands = [];
+        try {
+            const principalId = await this.getPrincipalId(logger, args.options);
+            if (principalId) {
+                filters.push(`principalId eq '${principalId}'`);
+            }
+            if (args.options.startDateTime) {
+                filters.push(`startDateTime ge ${args.options.startDateTime}`);
+            }
+            if (filters.length > 0) {
+                queryParameters.push(`$filter=${filters.join(' and ')}`);
+            }
+            expands.push('roleDefinition($select=displayName)');
+            if (args.options.includePrincipalDetails) {
+                expands.push('principal');
+            }
+            queryParameters.push(`$expand=${expands.join(',')}`);
+            const queryString = `?${queryParameters.join('&')}`;
+            const url = `${this.resource}/v1.0/roleManagement/directory/roleAssignmentScheduleInstances${queryString}`;
+            const results = await odata.getAllItems(url);
+            await logger.log(results);
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    async getPrincipalId(logger, options) {
+        let principalId = options.userId;
+        if (options.userName) {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving user by its name '${options.userName}'`);
+            }
+            principalId = await entraUser.getUserIdByUpn(options.userName);
+        }
+        else if (options.groupId) {
+            principalId = options.groupId;
+        }
+        else if (options.groupName) {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving group by its name '${options.groupName}'`);
+            }
+            principalId = await entraGroup.getGroupIdByDisplayName(options.groupName);
+        }
+        return principalId;
+    }
+}
+_EntraPimRoleAssignmentListCommand_instances = new WeakSet(), _EntraPimRoleAssignmentListCommand_initTelemetry = function _EntraPimRoleAssignmentListCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            userId: typeof args.options.userId !== 'undefined',
+            userName: typeof args.options.userName !== 'undefined',
+            groupId: typeof args.options.groupId !== 'undefined',
+            groupName: typeof args.options.groupName !== 'undefined',
+            startDateTime: typeof args.options.startDateTime !== 'undefined',
+            includePrincipalDetails: !!args.options.includePrincipalDetails
+        });
+    });
+}, _EntraPimRoleAssignmentListCommand_initOptions = function _EntraPimRoleAssignmentListCommand_initOptions() {
+    this.options.unshift({
+        option: "--userId [userId]"
+    }, {
+        option: "--userName [userName]"
+    }, {
+        option: "--groupId [groupId]"
+    }, {
+        option: "--groupName [groupName]"
+    }, {
+        option: "-s, --startDateTime [startDateTime]"
+    }, {
+        option: "--includePrincipalDetails [includePrincipalDetails]"
+    });
+}, _EntraPimRoleAssignmentListCommand_initValidators = function _EntraPimRoleAssignmentListCommand_initValidators() {
+    this.validators.push(async (args) => {
+        if (args.options.userId && !validation.isValidGuid(args.options.userId)) {
+            return `${args.options.userId} is not a valid GUID`;
+        }
+        if (args.options.groupId && !validation.isValidGuid(args.options.groupId)) {
+            return `${args.options.groupId} is not a valid GUID`;
+        }
+        if (args.options.startDateTime && !validation.isValidISODateTime(args.options.startDateTime)) {
+            return `${args.options.startDateTime} is not a valid ISO 8601 date time string`;
+        }
+        return true;
+    });
+}, _EntraPimRoleAssignmentListCommand_initOptionSets = function _EntraPimRoleAssignmentListCommand_initOptionSets() {
+    this.optionSets.push({
+        options: ['userId', 'userName', 'groupId', 'groupName'],
+        runsWhen: (args) => args.options.userId || args.options.userName || args.options.groupId || args.options.groupName
+    });
+};
+export default new EntraPimRoleAssignmentListCommand();
+//# sourceMappingURL=pim-role-assignment-list.js.map

package/dist/m365/entra/commands.js

@@ -74,6 +74,8 @@ export default {
     OAUTH2GRANT_LIST: `${prefix} oauth2grant list`,
     OAUTH2GRANT_REMOVE: `${prefix} oauth2grant remove`,
     OAUTH2GRANT_SET: `${prefix} oauth2grant set`,
+    PIM_ROLE_ASSIGNMENT_ADD: `${prefix} pim role assignment add`,
+    PIM_ROLE_ASSIGNMENT_LIST: `${prefix} pim role assignment list`,
     POLICY_LIST: `${prefix} policy list`,
     SITECLASSIFICATION_DISABLE: `${prefix} siteclassification disable`,
     SITECLASSIFICATION_ENABLE: `${prefix} siteclassification enable`,

package/dist/m365/spo/commands/contenttype/contenttype-sync.js

@@ -0,0 +1,139 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _SpoContentTypeSyncCommand_instances, _SpoContentTypeSyncCommand_initTelemetry, _SpoContentTypeSyncCommand_initOptions, _SpoContentTypeSyncCommand_initValidators, _SpoContentTypeSyncCommand_initTypes, _SpoContentTypeSyncCommand_initOptionSets;
+import { formatting } from '../../../../utils/formatting.js';
+import request from '../../../../request.js';
+import { validation } from '../../../../utils/validation.js';
+import SpoCommand from '../../../base/SpoCommand.js';
+import commands from '../../commands.js';
+import { urlUtil } from '../../../../utils/urlUtil.js';
+import { odata } from '../../../../utils/odata.js';
+import { spo } from '../../../../utils/spo.js';
+class SpoContentTypeSyncCommand extends SpoCommand {
+    get name() {
+        return commands.CONTENTTYPE_SYNC;
+    }
+    get description() {
+        return 'Adds a published content type from the content type hub to a site or syncs its latest changes';
+    }
+    constructor() {
+        super();
+        _SpoContentTypeSyncCommand_instances.add(this);
+        __classPrivateFieldGet(this, _SpoContentTypeSyncCommand_instances, "m", _SpoContentTypeSyncCommand_initTelemetry).call(this);
+        __classPrivateFieldGet(this, _SpoContentTypeSyncCommand_instances, "m", _SpoContentTypeSyncCommand_initOptions).call(this);
+        __classPrivateFieldGet(this, _SpoContentTypeSyncCommand_instances, "m", _SpoContentTypeSyncCommand_initValidators).call(this);
+        __classPrivateFieldGet(this, _SpoContentTypeSyncCommand_instances, "m", _SpoContentTypeSyncCommand_initTypes).call(this);
+        __classPrivateFieldGet(this, _SpoContentTypeSyncCommand_instances, "m", _SpoContentTypeSyncCommand_initOptionSets).call(this);
+    }
+    async commandAction(logger, args) {
+        const { listId, listTitle, listUrl, webUrl } = args.options;
+        const url = new URL(webUrl);
+        const baseUrl = 'https://graph.microsoft.com/v1.0/sites/';
+        try {
+            const siteUrl = url.pathname === '/' ? url.host : await spo.getSiteId(webUrl, logger, this.verbose);
+            const listPath = listId || listTitle || listUrl ? `/lists/${listId || listTitle || await this.getListIdByUrl(webUrl, listUrl, logger)}` : '';
+            const contentTypeId = await this.getContentTypeId(baseUrl, url, args.options, logger);
+            if (this.verbose) {
+                await logger.logToStderr(`Adding or syncing the content type...`);
+            }
+            const requestOptions = {
+                url: `${baseUrl}${siteUrl}${listPath}/contenttypes/addCopyFromContentTypeHub`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false'
+                },
+                responseType: 'json',
+                data: {
+                    contentTypeId: contentTypeId
+                }
+            };
+            const response = await request.post(requestOptions);
+            // The endpoint only returns a response if the content type has been added for the first time
+            // When syncing, the response will be an empty string, which should not be logged.
+            if (typeof response === 'object') {
+                await logger.log(response);
+            }
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+    async getContentTypeId(baseUrl, url, options, logger) {
+        if (options.id) {
+            return options.id;
+        }
+        const siteId = await spo.getSiteId(`${url.origin}/sites/contenttypehub`, logger, this.verbose);
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving content type Id by name...`);
+        }
+        const contentTypes = await odata.getAllItems(`${baseUrl}${siteId}/contenttypes?$filter=name eq '${options.name}'&$select=id,name`);
+        if (contentTypes.length === 0) {
+            throw `Content type with name ${options.name} not found.`;
+        }
+        return contentTypes[0].id;
+    }
+    async getListIdByUrl(webUrl, listUrl, logger) {
+        if (this.verbose) {
+            await logger.logToStderr(`Retrieving list id to sync the content type to...`);
+        }
+        const listServerRelativeUrl = urlUtil.getServerRelativePath(webUrl, listUrl);
+        const requestOptions = {
+            url: `${webUrl}/_api/web/GetList('${formatting.encodeQueryParameter(listServerRelativeUrl)}')?$select=id`,
+            headers: {
+                'accept': 'application/json;odata=nometadata'
+            },
+            responseType: 'json'
+        };
+        const response = await request.get(requestOptions);
+        return response.Id;
+    }
+}
+_SpoContentTypeSyncCommand_instances = new WeakSet(), _SpoContentTypeSyncCommand_initTelemetry = function _SpoContentTypeSyncCommand_initTelemetry() {
+    this.telemetry.push((args) => {
+        Object.assign(this.telemetryProperties, {
+            id: typeof args.options.id !== 'undefined',
+            name: typeof args.options.name !== 'undefined',
+            listId: typeof args.options.listId !== 'undefined',
+            listTitle: typeof args.options.listTitle !== 'undefined',
+            listUrl: typeof args.options.listUrl !== 'undefined'
+        });
+    });
+}, _SpoContentTypeSyncCommand_initOptions = function _SpoContentTypeSyncCommand_initOptions() {
+    this.options.unshift({
+        option: '-u, --webUrl <webUrl>'
+    }, {
+        option: '-i, --id [id]'
+    }, {
+        option: '-n, --name [name]'
+    }, {
+        option: '--listTitle [listTitle]'
+    }, {
+        option: '--listId [listId]'
+    }, {
+        option: '--listUrl [listUrl]'
+    });
+}, _SpoContentTypeSyncCommand_initValidators = function _SpoContentTypeSyncCommand_initValidators() {
+    this.validators.push(async (args) => {
+        const isValidSharePointUrl = validation.isValidSharePointUrl(args.options.webUrl);
+        if (isValidSharePointUrl !== true) {
+            return isValidSharePointUrl;
+        }
+        if (args.options.listId && !validation.isValidGuid(args.options.listId)) {
+            return `${args.options.listId} is not a valid GUID`;
+        }
+        return true;
+    });
+}, _SpoContentTypeSyncCommand_initTypes = function _SpoContentTypeSyncCommand_initTypes() {
+    this.types.string.push('webUrl', 'id', 'name', 'listTitle', 'listId', 'listUrl');
+}, _SpoContentTypeSyncCommand_initOptionSets = function _SpoContentTypeSyncCommand_initOptionSets() {
+    this.optionSets.push({
+        options: ['id', 'name']
+    }, {
+        options: ['listId', 'listTitle', 'listUrl'],
+        runsWhen: (args) => args.options.listId || args.options.listTitle || args.options.listUrl
+    });
+};
+export default new SpoContentTypeSyncCommand();
+//# sourceMappingURL=contenttype-sync.js.map

package/dist/m365/spo/commands.js

@@ -37,6 +37,7 @@ export default {
     CONTENTTYPE_LIST: `${prefix} contenttype list`,
     CONTENTTYPE_REMOVE: `${prefix} contenttype remove`,
     CONTENTTYPE_SET: `${prefix} contenttype set`,
+    CONTENTTYPE_SYNC: `${prefix} contenttype sync`,
     CONTENTTYPEHUB_GET: `${prefix} contenttypehub get`,
     CUSTOMACTION_ADD: `${prefix} customaction add`,
     CUSTOMACTION_CLEAR: `${prefix} customaction clear`,

package/dist/utils/validation.js

@@ -325,6 +325,10 @@ export const validation = {
     isValidMailNickname(mailNickname) {
         const mailNicknameRegEx = new RegExp(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]*$/i);
         return mailNicknameRegEx.test(mailNickname);
+    },
+    isValidISODuration(duration) {
+        const durationRegEx = new RegExp(/^P(?!$)((\d+Y)|(\d+\.\d+Y$))?((\d+M)|(\d+\.\d+M$))?((\d+W)|(\d+\.\d+W$))?((\d+D)|(\d+\.\d+D$))?(T(?=\d)((\d+H)|(\d+\.\d+H$))?((\d+M)|(\d+\.\d+M$))?(\d+(\.\d+)?S)?)??$/);
+        return durationRegEx.test(duration);
     }
 };
 //# sourceMappingURL=validation.js.map

package/docs/docs/cmd/entra/app/app-add.mdx

@@ -78,6 +78,9 @@ m365 entra appregistration add [options]
 
 `--save`
 : Use to store the information about the created app in a local file.
+
+`--allowPublicClientFlows`
+: Enable the allow public client flows feature on the app registration.
 ```
 
 <Global />
@@ -192,6 +195,12 @@ Create new Entra app registration with a certificate
 m365 entra app add --name 'My Entra app' --certificateDisplayName "Some certificate name" --certificateFile "c:\temp\some-certificate.cer"
 ```
 
+Create a new Entra app registration with the allow public client flows feature enabled.
+
+```sh
+m365 entra app add --name 'My Entra app' --allowPublicClientFlows
+```
+
 ## Response
 
 ### Standard response