search

microsoftgraph / msgraph-sdk-powershell

Powershell SDK for Microsoft Graph
https://www.powershellgallery.com/packages/Microsoft.Graph
Other
695 stars 168 forks source link

Microsoft.Graph AAD and ConfirmImpact #1784

Open evetsleep opened 1 year ago

evetsleep commented 1 year ago

Various commands, such as Remove-MgUser, do not flag the impact of the change as HIGH and therefore do not invoke the confirmation dialog.

For example, running Remove-MgUser -UserId <objectId> does not request the user confirm the change. I haven't done an exhaustive look at all cmdlets but this seems to be quite prevalent throughout the Microsoft.Graph identity related cmdlets. The default $confirmPreference in Powershell is HIGH (both 5.x and 7.x). Remove actions should be considered HIGH by default.

Looking at all the modules I could see, it looks like Microsoft has set the confirm impact as medium for all Remove cmdlets. Given that the Remove verb is meant to delete objects, this could be extremely dangerous and lead to accidental deletions. You could see this (at least with all the modules I'm using) like this:

PS C:\Temp> $impact = [regex]::new("ConfirmImpact='(?<ConfirmImpact>\S+)'")
PS C:\Temp> Get-Command -module Microsoft.Graph.* -Verb Remove | foreach { $commandRef = [PSCustomObject]@{Name = $_.Name; Source = $_.Source; ConfirmImpact = $Impact.Match($_.Definition).Groups['ConfirmImpact'].Value}; $commandRef } | group -Property ConfirmImpact,Source | ft Name,Count -AutoSize

Name                                                 Count
----                                                 -----
Medium, Microsoft.Graph.Applications                    21
Medium, Microsoft.Graph.DirectoryObjects                 1
Medium, Microsoft.Graph.Groups                          30
Medium, Microsoft.Graph.Identity.DirectoryManagement    25
Medium, Microsoft.Graph.Identity.Governance             37
Medium, Microsoft.Graph.Identity.SignIns                59
Medium, Microsoft.Graph.Reports                          1
Medium, Microsoft.Graph.Users                           15

Is this by design? It's been a long standing best practice that remove actions should be set to HIGH to prevent accidental deletions (or minimize them). All the modules above are v1.21.0.

Thanks!

peombwa commented 1 year ago

Thanks for bringing this to our attention.

ConfirmImpact is set to medium by the code generator. I've opened an issue at https://github.com/Azure/autorest.powershell/issues/1107 for ConfirmImpact to be changed to high for Remove-* cmdlets.

Remove-* cmdlets should ask for a confirmation prompt by default once https://github.com/Azure/autorest.powershell/issues/1107 is added.