Merge pull request #1146 from jensotto/acs-and-spo-app-proxies

SPAzureAccessControlServiceAppProxy/SPOAppPrincipalMgmtServiceAppProxy: Add new resources for ACS and SPO app mgmt

CHANGELOG.md

@@ -10,8 +10,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - SharePointDsc
   - Added automatic release with a new CI pipeline
   - Updated PULL_REQUEST_TEMPLATE.md to match DSC standard
+- SPAzureAccessControlServiceAppProxy
+  - Added new resource to create Azure Access Control Service Application Proxy
 - SPFarm
   - Added possibility to set application credential key.
+- SPOAppPrincipalMgmtServiceAppProxy
+  - Added new resource to create SharePoint Online Application Principal
+    Management Service Application Proxy
 - SPTrustedSecurityTokenIssuer
   - Fixed RegisteredIssuerNameRealm not applied if specified.
 

SharePointDsc/DSCResources/MSFT_SPAzureAccessControlServiceAppProxy/MSFT_SPAzureAccessControlServiceAppProxy.psm1

@@ -0,0 +1,199 @@
+$script:resourceModulePath = Split-Path -Path (Split-Path -Path $PSScriptRoot -Parent) -Parent
+$script:modulesFolderPath = Join-Path -Path $script:resourceModulePath -ChildPath 'Modules'
+$script:resourceHelperModulePath = Join-Path -Path $script:modulesFolderPath -ChildPath 'SharePointDsc.Util'
+Import-Module -Name (Join-Path -Path $script:resourceHelperModulePath -ChildPath 'SharePointDsc.Util.psm1')
+
+function Get-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $Name,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $MetadataServiceEndpointUri,
+
+        [Parameter()]
+        [ValidateSet("Present", "Absent")]
+        [System.String]
+        $Ensure = "Present",
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $InstallAccount
+    )
+
+    Write-Verbose -Message "Getting ACS service app proxy '$Name'"
+
+    $result = Invoke-SPDSCCommand -Credential $InstallAccount `
+        -Arguments $PSBoundParameters `
+        -ScriptBlock {
+        $params = $args[0]
+
+        $serviceAppProxy = Get-SPServiceApplicationProxy `
+        | Where-Object -FilterScript {
+            $_.Name -eq $params.Name -and `
+                $_.GetType().FullName -eq "Microsoft.SharePoint.Administration.SPAzureAccessControlServiceApplicationProxy"
+        }
+        $nullReturn = @{
+            Name                       = $params.Name
+            MetadataServiceEndpointUri = $null
+            Ensure                     = "Absent"
+            InstallAccount             = $params.InstallAccount
+        }
+        if ($null -eq $serviceAppProxy)
+        {
+            return $nullReturn
+        }
+        else
+        {
+            $returnVal = @{
+                Name                       = $serviceAppProxy.Name
+                MetadataServiceEndpointUri = $serviceAppProxy.MetadataEndpointUri.OriginalString
+                Ensure                     = "Present"
+                InstallAccount             = $params.InstallAccount
+            }
+            return $returnVal
+        }
+    }
+    return $result
+}
+
+function Set-TargetResource
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $Name,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $MetadataServiceEndpointUri,
+
+        [Parameter()]
+        [ValidateSet("Present", "Absent")]
+        [System.String]
+        $Ensure = "Present",
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $InstallAccount
+    )
+
+    Write-Verbose -Message "Setting ACS service app proxy '$Name'"
+
+    $result = Get-TargetResource @PSBoundParameters
+
+    if ($result.Ensure -eq "Absent" -and $Ensure -eq "Present")
+    {
+        # The service app proxy doesn't exist but should
+        Write-Verbose -Message "Creating ACS service app proxy $Name"
+        Invoke-SPDSCCommand -Credential $InstallAccount `
+            -Arguments $PSBoundParameters `
+            -ScriptBlock {
+            $params = $args[0]
+
+            New-SPAzureAccessControlServiceApplicationProxy -Name $params.Name `
+                -MetadataServiceEndpointUri $params.MetadataServiceEndpointUri
+        }
+    }
+
+    if ($result.Ensure -eq "Present" -and $Ensure -eq "Present")
+    {
+        # The service app proxy exists but has the wrong Metadata Service Endpoint Uri
+        if ($MetadataServiceEndpointUri -ne $result.MetadataServiceEndpointUri)
+        {
+            Write-Verbose -Message "Recreating ACS service app proxy $Name"
+            Invoke-SPDSCCommand -Credential $InstallAccount `
+                -Arguments $PSBoundParameters `
+                -ScriptBlock {
+                $params = $args[0]
+
+                Get-SPServiceApplicationProxy `
+                | Where-Object -FilterScript {
+                    $_.Name -eq $params.Name -and `
+                        $_.GetType().FullName -eq "Microsoft.SharePoint.Administration.SPAzureAccessControlServiceApplicationProxy"
+                } `
+                | ForEach-Object {
+                    Remove-SPServiceApplicationProxy $_ -Confirm:$false
+                }
+
+                New-SPAzureAccessControlServiceApplicationProxy -Name $params.Name `
+                    -MetadataServiceEndpointUri $params.MetadataServiceEndpointUri
+            }
+        }
+    }
+
+    if ($Ensure -eq "Absent")
+    {
+        # The service app proxy should not exit
+        Write-Verbose -Message "Removing ACS service app proxy $Name"
+        Invoke-SPDSCCommand -Credential $InstallAccount `
+            -Arguments $PSBoundParameters `
+            -ScriptBlock {
+            $params = $args[0]
+
+            Get-SPServiceApplicationProxy | Where-Object -FilterScript {
+                $_.Name -eq $params.Name -and `
+                    $_.GetType().FullName -eq "Microsoft.SharePoint.Administration.SPAzureAccessControlServiceApplicationProxy"
+            } | ForEach-Object {
+                Remove-SPServiceApplicationProxy $_ -Confirm:$false
+            }
+        }
+    }
+}
+
+function Test-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Boolean])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $Name,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $MetadataServiceEndpointUri,
+
+        [Parameter()]
+        [ValidateSet("Present", "Absent")]
+        [System.String]
+        $Ensure = "Present",
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $InstallAccount
+    )
+
+    Write-Verbose -Message "Testing ACS service app proxy '$Name'"
+
+    $PSBoundParameters.Ensure = $Ensure
+
+    $CurrentValues = Get-TargetResource @PSBoundParameters
+
+    Write-Verbose -Message "Current Values: $(Convert-SPDscHashtableToString -Hashtable $CurrentValues)"
+    Write-Verbose -Message "Target Values: $(Convert-SPDscHashtableToString -Hashtable $PSBoundParameters)"
+
+    if ($Ensure -eq "Present")
+    {
+        return Test-SPDscParameterState -CurrentValues $CurrentValues `
+            -DesiredValues $PSBoundParameters `
+            -ValuesToCheck @("MetadataServiceEndpointUri", "Ensure")
+    }
+    else
+    {
+        return Test-SPDscParameterState -CurrentValues $CurrentValues `
+            -DesiredValues $PSBoundParameters `
+            -ValuesToCheck @("Ensure")
+    }
+}
+
+Export-ModuleMember -Function *-TargetResource

SharePointDsc/DSCResources/MSFT_SPAzureAccessControlServiceAppProxy/MSFT_SPAzureAccessControlServiceAppProxy.schema.mof

@@ -0,0 +1,9 @@
+[ClassVersion("1.0.0.0"), FriendlyName("SPAzureAccessControlServiceAppProxy")]
+class MSFT_SPAzureAccessControlServiceAppProxy : OMI_BaseResource
+{
+    [Key, Description("The name of the Azure Access Control service application proxy")] string Name;
+    [Write, Description("Present ensures service app proxy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
+    [Required, Description("Specifies the URL of the Azure Access Control Service's metadata document.")] string MetadataServiceEndpointUri;
+    [Write, Description("POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5"), EmbeddedInstance("MSFT_Credential")] String InstallAccount;
+};
+

SharePointDsc/DSCResources/MSFT_SPAzureAccessControlServiceAppProxy/readme.md

@@ -0,0 +1,14 @@
+# Description
+
+**Type:** Distributed
+**Requires CredSSP:** No
+
+This resource is used to create a new service application proxy for the Azure
+Control service application. It will identify an instance of the ACS service
+application proxy through the display name. Currently the resource will
+provision the app proxy if it does not yet exist, and will recreate the proxy
+if the metadata service endpoint URI associated to the proxy does not match the
+configuration.
+
+The default value for the Ensure parameter is Present. When not specifying this
+parameter, the service application proxy is provisioned.