diff --git a/CHANGELOG.md b/CHANGELOG.md index b064181..2991704 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com), and this project adheres to [Semantic Versioning](https://semver.org). +## [3.0.2] - 12-06-2026 + +### Changed +- Support '-' in permission names +- Made permission name and role name independant +- Minor fixes + +### Fixed +- Issue #8 + ## [3.0.1] - 01-05-2026 ### Added diff --git a/readme.md b/README.md similarity index 95% rename from readme.md rename to README.md index 1e73436..99bec03 100644 --- a/readme.md +++ b/README.md @@ -6,7 +6,7 @@

- +

@@ -140,9 +140,6 @@ $lookupValues = @{ > [!TIP] > _For more information on how to configure a HelloID PowerShell connector, please refer to our [documentation](https://docs.helloid.com/en/provisioning/target-systems/powershell-v2-target-systems.html) pages_. -> [!TIP] -> _If you need help, feel free to ask questions on our [forum](https://forum.helloid.com/forum/helloid-connectors/provisioning/1481-helloid-conn-prov-target-intus)_ - ## HelloID docs The official HelloID documentation can be found at: https://docs.helloid.com/ diff --git a/create.ps1 b/create.ps1 index 6b6d777..077e9e6 100644 --- a/create.ps1 +++ b/create.ps1 @@ -98,7 +98,7 @@ try { $correlatedAccount = Invoke-RestMethod @splatGetUserParams } catch { - if (-not($_.ErrorDetails.Message -match '211 - Object does not exist')) { + if (-not($_.ErrorDetails.Message -match '211 - .*does not exist')) { throw "Cannot get user error: [$($_.Exception.Message)]" } } diff --git a/disable.ps1 b/disable.ps1 index 000bd4e..cec74d6 100644 --- a/disable.ps1 +++ b/disable.ps1 @@ -86,7 +86,7 @@ try { } $correlatedAccount = Invoke-RestMethod @splatGetUserParams } catch { - if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) { + if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) { throw "Cannot get user error: [$($_.Exception.Message)]" } } diff --git a/enable.ps1 b/enable.ps1 index 68b6bcd..9dbb116 100644 --- a/enable.ps1 +++ b/enable.ps1 @@ -86,7 +86,7 @@ try { } $correlatedAccount = Invoke-RestMethod @splatGetUserParams } catch { - if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) { + if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) { throw "Cannot get user error: [$($_.Exception.Message)]" } } diff --git a/permissions/permissions.ps1 b/permissions/permissions.ps1 index dfbbeb6..2b43f1c 100644 --- a/permissions/permissions.ps1 +++ b/permissions/permissions.ps1 @@ -16,6 +16,9 @@ try { @{ RoleName = 'Leidinggevende' }, + @{ + RoleName = 'Consignatiedienst Cluster A' + }, @{ RoleName = 'ADMIN' } diff --git a/permissions/subPermissions.ps1 b/permissions/subPermissions.ps1 index a893f3a..95978bb 100644 --- a/permissions/subPermissions.ps1 +++ b/permissions/subPermissions.ps1 @@ -7,24 +7,32 @@ [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Tls12 # Script Mapping lookup values and permission mapping -$permissionMapping = @( - @{ +$permissionMapping = @{ + 'Planner' = @{ role = 'Planner' resourceGroup = 'Planner {{LocationOwn}}' exchangeGroup = 'Company' shiftGroup = 'Company' worklocationGroup = 'Root' userGroup = 'Root' - }, - @{ + } + 'Leidinggevende' = @{ role = 'Leidinggevende' resourceGroup = '{{CostCenterOwn}}' exchangeGroup = 'Company' shiftGroup = 'Company' worklocationGroup = 'Root' userGroup = 'Root' - }, - @{ + } + 'Consignatiedienst Cluster A' = @{ + role = 'Consignatiedienst' + resourceGroup = 'Cluster A' + exchangeGroup = 'Company' + shiftGroup = 'Company' + worklocationGroup = 'Root' + userGroup = 'Root' + } + 'ADMMIN' = @{ role = 'ADMIN' resourceGroup = 'ADMIN' exchangeGroup = 'ADMIN' @@ -32,7 +40,7 @@ $permissionMapping = @( worklocationGroup = 'Root' userGroup = 'Root' } -) +} # Lookup values which are used in the mapping to determine {{REPLACEMENT}} $lookupValues = @{ @@ -145,7 +153,7 @@ try { } if ($actionContext.Operation -ne 'revoke' ) { - $subPermission = $permissionMapping | Where-Object { $_.role -eq $actionContext.References.Permission.Reference } + $subPermission = $permissionMapping[$actionContext.References.Permission.Reference] if ($null -eq $subPermission) { throw "Permission [$($actionContext.References.Permission.Reference)] does not have a valid script mapping defined" } @@ -174,7 +182,7 @@ try { $correlatedAccount = Invoke-RestMethod @splatGetUserParams } catch { - if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) { + if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) { $correlatedAccount = $null } } @@ -214,7 +222,7 @@ try { $mappedProperty = ($contract | Select-Object $lookupValue).$lookupValue $null = Resolve-ReplaceHolderValue -ReplaceVariable $replaceVariable.Key -MappedProperty $mappedProperty -Contract $contract -DesiredPermission $desiredPermission } - $desiredPermissionUniqueKey = "$($actionContext.References.Permission.Reference)-$($desiredPermission.ResourceGroup)" + $desiredPermissionUniqueKey = "$($desiredPermission.Role)&&$($desiredPermission.ResourceGroup)" $desiredPermissions[$desiredPermissionUniqueKey] = $desiredPermission } } @@ -223,7 +231,7 @@ try { # Processing Static permissions body without placeholder(s) else { $desiredPermission = $subPermission.PSObject.Copy() - $desiredPermissionUniqueKey = "$($actionContext.References.Permission.Reference)-$($desiredPermission.ResourceGroup)" + $desiredPermissionUniqueKey = "$($desiredPermission.Role)&&$($desiredPermission.ResourceGroup)" $desiredPermissions[$desiredPermissionUniqueKey] = $desiredPermission } @@ -239,13 +247,14 @@ try { if ($actionContext.DryRun -eq $true) { Write-Information "[DryRun] Grant access to permission $($permission.Name), will be executed during enforcement" } + $existingRole = $currentRoles | Where-Object { $_.role -eq $permission.Value.role -and $_.resourceGroup -eq $permission.Value.resourceGroup } if (-not $existingRole) { $null = $currentRoles.Add($permission.value) } elseif ($existingRole.count -eq 1) { - $currentRoles.Remove($existingRole) - $currentRoles.Add($permission.value) + $null = $currentRoles.Remove($existingRole) + $null = $currentRoles.Add($permission.value) } $outputContext.AuditLogs.Add([PSCustomObject]@{ @@ -259,8 +268,8 @@ try { # Process and calculate current permissions Revoke foreach ($permission in $currentPermissions.GetEnumerator()) { - $roleName = $permission.Name -split '-' | Select-Object -First 1 - $resourceGroup = $permission.Name -split '-' | Select-Object -Last 1 + $roleName = $permission.Name -split '&&' | Select-Object -First 1 + $resourceGroup = $permission.Name -split '&&' | Select-Object -Last 1 if (-not $desiredPermissions.ContainsKey($permission.Name)) { if ($actionContext.DryRun -eq $true) { Write-Information "[DryRun] Revoke access to permission $($permission.Name), will be executed during enforcement" diff --git a/update.ps1 b/update.ps1 index 5590edc..3786a68 100644 --- a/update.ps1 +++ b/update.ps1 @@ -87,7 +87,7 @@ try { } $correlatedAccount = Invoke-RestMethod @splatGetUserParams } catch { - if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) { + if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) { throw "Cannot get user error: [$($_.Exception.Message)]" } }