search

microsoft / DSCParser

Allows the conversion of DSC scripts into PSObject for analysis purposes
MIT License
29 stars 19 forks source link

CIMInstance Parsing #39

Closed NikCharlebois closed 7 months ago

NikCharlebois commented 7 months ago

Leverage CIMClass info to parse the properties

ricmestre commented 7 months ago

Inside Settings property, its second CIM instance in the array has the subproperty Children but only the first one of that array is extracted, the other two are not present in the resulting hashtable.

Basically $Resource.Settings[1].SettingInstance.choiceSettingValue.Children only has 1 object inside instead of 3.

        IntuneSettingCatalogCustomPolicyWindows10 "IntuneSettingCatalogCustomPolicyWindows10-IntuneSettingCatalogCustomPolicyWindows10_1"
        {
            ApplicationId         = $IntuneApplicationId;
            Assignments           = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                }
            );
            CertificateThumbprint = $IntuneCertThumbprint;
            Description           = "IntuneSettingCatalogCustomPolicyWindows10_1";
            Ensure                = "Present";
            Id                    = "495a239d-4367-474f-86e8-225d9f6bbe11";
            Name                  = "IntuneSettingCatalogCustomPolicyWindows10_1";
            Platforms             = "windows10";
            Settings              = @(
                MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
                    SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                        choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                            Value = 'device_vendor_msft_bitlocker_requiredeviceencryption_1'
                        }
                        SettingDefinitionId = 'device_vendor_msft_bitlocker_requiredeviceencryption'
                        odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                    }
                }
                MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
                    SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                        choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                            Children = @(
                                MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                                    choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                        Value = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalipsecpolicymerge_true'
                                    }
                                    SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalipsecpolicymerge'
                                    odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                                }
                                MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                                    choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                        Value = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalpolicymerge_true'
                                    }
                                    SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalpolicymerge'
                                    odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                                }
                                MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                                    choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                        Value = 'vendor_msft_firewall_mdmstore_domainprofile_authappsallowuserprefmerge_true'
                                    }
                                    SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_authappsallowuserprefmerge'
                                    odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                                }
                            )
                            Value = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true'
                        }
                        SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall'
                        odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                    }
                }
                MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
                    SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                        SettingDefinitionId = 'vendor_msft_firewall_mdmstore_global_enablepacketqueue'
                        choiceSettingCollectionValue = @(
                            MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                Value = 'vendor_msft_firewall_mdmstore_global_enablepacketqueue_0'
                            }
                        )
                        odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance'
                    }
                }
            );
            Technologies          = "mdm";
            TenantId              = $OrganizationName;
        }
NikCharlebois commented 7 months ago

Inside Settings property, its second CIM instance in the array has the subproperty Children but only the first one of that array is extracted, the other two are not present in the resulting hashtable.

Basically $Resource.Settings[1].SettingInstance.choiceSettingValue.Children only has 1 object inside instead of 3.

        IntuneSettingCatalogCustomPolicyWindows10 "IntuneSettingCatalogCustomPolicyWindows10-IntuneSettingCatalogCustomPolicyWindows10_1"
        {
            ApplicationId         = $IntuneApplicationId;
            Assignments           = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                }
            );
            CertificateThumbprint = $IntuneCertThumbprint;
            Description           = "IntuneSettingCatalogCustomPolicyWindows10_1";
            Ensure                = "Present";
            Id                    = "495a239d-4367-474f-86e8-225d9f6bbe11";
            Name                  = "IntuneSettingCatalogCustomPolicyWindows10_1";
            Platforms             = "windows10";
            Settings              = @(
                MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
                    SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                        choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                            Value = 'device_vendor_msft_bitlocker_requiredeviceencryption_1'
                        }
                        SettingDefinitionId = 'device_vendor_msft_bitlocker_requiredeviceencryption'
                        odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                    }
                }
                MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
                    SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                        choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                            Children = @(
                                MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                                    choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                        Value = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalipsecpolicymerge_true'
                                    }
                                    SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalipsecpolicymerge'
                                    odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                                }
                                MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                                    choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                        Value = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalpolicymerge_true'
                                    }
                                    SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_allowlocalpolicymerge'
                                    odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                                }
                                MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                                    choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                        Value = 'vendor_msft_firewall_mdmstore_domainprofile_authappsallowuserprefmerge_true'
                                    }
                                    SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_authappsallowuserprefmerge'
                                    odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                                }
                            )
                            Value = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true'
                        }
                        SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall'
                        odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
                    }
                }
                MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
                    SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
                        SettingDefinitionId = 'vendor_msft_firewall_mdmstore_global_enablepacketqueue'
                        choiceSettingCollectionValue = @(
                            MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
                                Value = 'vendor_msft_firewall_mdmstore_global_enablepacketqueue_0'
                            }
                        )
                        odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance'
                    }
                }
            );
            Technologies          = "mdm";
            TenantId              = $OrganizationName;
        }

I took a bit to figure out the looping logic, but the latest changes should address this and be able to recursively get CImInstances arrays at every level.

ricmestre commented 7 months ago

@NikCharlebois Great stuff, I confirm it all works now :D Thank you very much for this.

ricmestre commented 7 months ago

@NikCharlebois Just asking, did you take a look into https://github.com/microsoft/DSCParser/pull/35 ? I have some fixes there for ConvertFrom-DSCObject.

I was thinking, and this might be overkill and probably can be done in a better way, but what if you have a json file with the dependencies a resource needs for adding it and for for removing it, if required and they're different, and the corresponding name(s) of the key(s) of the dependency(ies), maybe even use the existing settings.json here, and after an export is done then call ConvertTo-DSCObject look for the dependency(ies) and if present inject a DependsOn property on those objects and finally call ConvertFrom-DSCObject to generate the final blueprint? Of course if the dependencies are not present in the blueprint then the problem would still remain but at least would solve a lot of issues people have with dependencies.

I'm actually doing something very similar in our solution.

andikrueger commented 7 months ago

Talking about dependencies: Are you thinking about this kind of solution: https://github.com/microsoft/Microsoft365DSC/issues/597

In regard to #35: AFAIK sorting is not implemented. To answer the others I would need to run a test.