Latest EIDSCA logic improvements for testing

maester365 · Jan 29, 2025 · 70769d6 · 70769d6
1 parent 6a831c1
commit 70769d6
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 10 deletions.
diff --git a/powershell/internal/eidsca/Test-MtEidscaAP01.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP01.ps1
@@ -21,7 +21,7 @@ function Test-MtEidscaAP01 {
     [OutputType([bool])]
     param()
 
-    if ( $AuthorizationPolicyAvailable -notcontains 'allowedToUseSSPR' ) {
+    if ( $AuthorizationPolicyAvailable -notmatch 'allowedToUseSSPR' ) {
             Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Settings value is not available. This may be due to the change that this API is no longer available for recent created tenants or tenants that are not licensed for Entra ID P1.'
             return $null
     }

diff --git a/powershell/internal/eidsca/Test-MtEidscaAP08.ps1 b/powershell/internal/eidsca/Test-MtEidscaAP08.ps1
@@ -21,7 +21,10 @@ function Test-MtEidscaAP08 {
     [OutputType([bool])]
     param()
 
-
+    if ( ($AuthorizationPolicyAvailable | where-object permissionGrantPolicyIdsAssignedToDefaultUserRole -Match 'ManagePermissionGrantsForSelf*').Count -eq 0 ) {
+            Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'User Consent has been disabled or customized using Microsoft Graph or Microsoft Graph PowerShell without any assignment to custom policy.'
+            return $null
+    }
     $result = Invoke-MtGraphRequest -RelativeUri "policies/authorizationPolicy" -ApiVersion beta
 
     [string]$tenantValue = $result.permissionGrantPolicyIdsAssignedToDefaultUserRole -clike 'ManagePermissionGrantsForSelf*'

diff --git a/powershell/internal/eidsca/Test-MtEidscaCR02.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR02.ps1
@@ -21,7 +21,7 @@ function Test-MtEidscaCR02 {
     [OutputType([bool])]
     param()
 
-    if ( ($EnabledAdminConsentWorkflow) -eq $false ) {
+    if ( $EnabledAdminConsentWorkflow -eq $false ) {
             Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Admin Consent Workflow is not enabled'
             return $null
     }

diff --git a/powershell/internal/eidsca/Test-MtEidscaCR03.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR03.ps1
@@ -21,7 +21,7 @@ function Test-MtEidscaCR03 {
     [OutputType([bool])]
     param()
 
-    if ( ($EnabledAdminConsentWorkflow) -eq $false ) {
+    if ( $EnabledAdminConsentWorkflow -eq $false ) {
             Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Admin Consent Workflow is not enabled'
             return $null
     }

diff --git a/powershell/internal/eidsca/Test-MtEidscaCR04.ps1 b/powershell/internal/eidsca/Test-MtEidscaCR04.ps1
@@ -21,7 +21,7 @@ function Test-MtEidscaCR04 {
     [OutputType([bool])]
     param()
 
-    if ( ($EnabledAdminConsentWorkflow) -eq $false ) {
+    if ( $EnabledAdminConsentWorkflow -eq $false ) {
             Add-MtTestResultDetail -SkippedBecause 'Custom' -SkippedCustomReason 'Admin Consent Workflow is not enabled'
             return $null
     }

diff --git a/tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 b/tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1
@@ -1,5 +1,5 @@
 BeforeDiscovery {
-$AuthorizationPolicyAvailable = (Invoke-MtGraphRequest -RelativeUri 'policies/authorizationpolicy' -ApiVersion beta).psobject.properties.name
+$AuthorizationPolicyAvailable = (Invoke-MtGraphRequest -RelativeUri 'policies/authorizationpolicy' -ApiVersion beta)
 $SettingsApiAvailable = (Invoke-MtGraphRequest -RelativeUri 'settings' -ApiVersion beta).values.name
 $EnabledAuthMethods = (Get-MtAuthenticationMethodPolicyConfig -State Enabled).Id
 $EnabledAdminConsentWorkflow = (Invoke-MtGraphRequest -RelativeUri 'policies/adminConsentRequestPolicy' -ApiVersion beta).isenabled
@@ -50,7 +50,7 @@ Describe "Default Authorization Settings" -Tag "EIDSCA", "Security", "All", "EID
     }
 }
 Describe "Default Authorization Settings" -Tag "EIDSCA", "Security", "All", "EIDSCA.AP08" {
-    It "EIDSCA.AP08: Default Authorization Settings - User consent policy assigned for applications. See https://maester.dev/docs/tests/EIDSCA.AP08" {
+    It "EIDSCA.AP08: Default Authorization Settings - User consent policy assigned for applications. See https://maester.dev/docs/tests/EIDSCA.AP08" -TestCases @{ AuthorizationPolicyAvailable = $AuthorizationPolicyAvailable } {
         <#
             Check if "https://graph.microsoft.com/beta/policies/authorizationPolicy"
             .permissionGrantPolicyIdsAssignedToDefaultUserRole -clike 'ManagePermissionGrantsForSelf*' -eq 'ManagePermissionGrantsForSelf.microsoft-user-default-low'
@@ -384,7 +384,7 @@ Describe "Consent Framework - Admin Consent Request" -Tag "EIDSCA", "Security",
     }
 }
 Describe "Consent Framework - Admin Consent Request" -Tag "EIDSCA", "Security", "All", "EIDSCA.CR02" {
-    It "EIDSCA.CR02: Consent Framework - Admin Consent Request - Reviewers will receive email notifications for requests. See https://maester.dev/docs/tests/EIDSCA.CR02" -TestCases @{ EnabledAdminConsentWorkflow = ($EnabledAdminConsentWorkflow) } {
+    It "EIDSCA.CR02: Consent Framework - Admin Consent Request - Reviewers will receive email notifications for requests. See https://maester.dev/docs/tests/EIDSCA.CR02" -TestCases @{ EnabledAdminConsentWorkflow = $EnabledAdminConsentWorkflow } {
         <#
             Check if "https://graph.microsoft.com/beta/policies/adminConsentRequestPolicy"
             .notifyReviewers -eq 'true'
@@ -393,7 +393,7 @@ Describe "Consent Framework - Admin Consent Request" -Tag "EIDSCA", "Security",
     }
 }
 Describe "Consent Framework - Admin Consent Request" -Tag "EIDSCA", "Security", "All", "EIDSCA.CR03" {
-    It "EIDSCA.CR03: Consent Framework - Admin Consent Request - Reviewers will receive email notifications when admin consent requests are about to expire. See https://maester.dev/docs/tests/EIDSCA.CR03" -TestCases @{ EnabledAdminConsentWorkflow = ($EnabledAdminConsentWorkflow) } {
+    It "EIDSCA.CR03: Consent Framework - Admin Consent Request - Reviewers will receive email notifications when admin consent requests are about to expire. See https://maester.dev/docs/tests/EIDSCA.CR03" -TestCases @{ EnabledAdminConsentWorkflow = $EnabledAdminConsentWorkflow } {
         <#
             Check if "https://graph.microsoft.com/beta/policies/adminConsentRequestPolicy"
             .remindersEnabled -eq 'true'
@@ -402,7 +402,7 @@ Describe "Consent Framework - Admin Consent Request" -Tag "EIDSCA", "Security",
     }
 }
 Describe "Consent Framework - Admin Consent Request" -Tag "EIDSCA", "Security", "All", "EIDSCA.CR04" {
-    It "EIDSCA.CR04: Consent Framework - Admin Consent Request - Consent request duration (days). See https://maester.dev/docs/tests/EIDSCA.CR04" -TestCases @{ EnabledAdminConsentWorkflow = ($EnabledAdminConsentWorkflow) } {
+    It "EIDSCA.CR04: Consent Framework - Admin Consent Request - Consent request duration (days). See https://maester.dev/docs/tests/EIDSCA.CR04" -TestCases @{ EnabledAdminConsentWorkflow = $EnabledAdminConsentWorkflow } {
         <#
             Check if "https://graph.microsoft.com/beta/policies/adminConsentRequestPolicy"
             .requestDurationInDays -le '30'