V1.4.0

kayasax · Mar 7, 2024 · 1d6e955 · 1d6e955
1 parent 67add1f
commit 1d6e955
Show file tree

Hide file tree

Showing 10 changed files with 69 additions and 25 deletions.
diff --git a/EasyPIM/EasyPIM.psd1 b/EasyPIM/EasyPIM.psd1
@@ -4,7 +4,7 @@
 RootModule = 'EasyPIM.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.3.0'
+ModuleVersion = '1.4.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()
@@ -83,7 +83,9 @@ FunctionsToExport = @(
     "Get-PIMEntraRoleActiveAssignment",
     "Get-PIMEntraRoleEligibleAssignment",
     "New-PIMEntraRoleActiveAssignment",
-    "New-PIMEntraRoleEligibleAssignment"
+    "New-PIMEntraRoleEligibleAssignment",
+    'Remove-PIMEntraRoleActiveAssignment',
+    'Remove-PIMEntraRoleEligibleAssignment'
 )
 
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.

diff --git a/EasyPIM/functions/Get-PIMEntraRoleActiveAssignment.ps1 b/EasyPIM/functions/Get-PIMEntraRoleActiveAssignment.ps1
@@ -1,17 +1,23 @@
 <#
     .Synopsis
-    List of PIM Entra Role active assignement 
+    List of PIM Entra Role active assignement
     .Description
     Active assignment does not require to activate their role. https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roleeligibilityscheduleinstances?view=graph-rest-1.0&tabs=http
     .Parameter tenantID
     EntraID tenant ID
     .Parameter summary
     When enabled will return the most useful information only
-    
+    .PARAMETER rolename
+    Filter by rolename
+    .PARAMETER principalid
+    Filter by principalid
+    .PARAMETER principalName
+    Filter by principalName
+
     .Example
-    PS> Get-PIMEntraRoleActiveAssignment -tenantID $tid 
+    PS> Get-PIMEntraRoleActiveAssignment -tenantID $tid
 
-    List active assignement 
+    List active assignement
 
 
     .Link
@@ -27,7 +33,10 @@ function Get-PIMEntraRoleActiveAssignment {
         [String]
         $tenantID,
         # select the most usefull info only
-        [switch]$summary
+        [switch]$summary,
+        [string]$principalid,
+        [string]$rolename,
+        [string]$principalName
     )
 
     try {
@@ -36,7 +45,7 @@ function Get-PIMEntraRoleActiveAssignment {
         $endpoint = "roleManagement/directory/roleAssignmentScheduleInstances?`$expand=roleDefinition,principal"
         $response = invoke-graph -Endpoint $endpoint
         $resu = @()
-        $response.value | % {
+        $response.value | ForEach-Object {
 
             $r = @{
                 "rolename"         = $_.roledefinition.displayName
@@ -61,6 +70,18 @@ function Get-PIMEntraRoleActiveAssignment {
         if ($PSBoundParameters.Keys.Contains('summary')) {
             $resu = $resu | Select-Object rolename, roleid, principalid, principalName, principalEmail, PrincipalType, startDateTime, endDateTime, directoryScopeId
         }
+
+        if ($PSBoundParameters.Keys.Contains('principalid')) {
+            $resu = $resu | Where-Object { $_.principalid -eq $principalid }
+        }
+
+        if ($PSBoundParameters.Keys.Contains('rolename')) {
+            $resu = $resu | Where-Object { $_.rolename -eq $rolename }
+        }
+        if($PSBoundParameters.Keys.Contains('principalName')){
+            $resu = $resu | Where-Object { $_.principalName -match $principalName }
+        }
+
         return $resu
     }
     catch {

diff --git a/EasyPIM/functions/Get-PIMEntraRoleEligibleAssignment.ps1 b/EasyPIM/functions/Get-PIMEntraRoleEligibleAssignment.ps1
@@ -1,17 +1,22 @@
 <#
     .Synopsis
-    List of PIM Entra Role active assignement 
+    List of PIM Entra Role active assignement
     .Description
     Active assignment does not require to activate their role. https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roleeligibilityscheduleinstances?view=graph-rest-1.0&tabs=http
     .Parameter tenantID
     EntraID tenant ID
     .Parameter summary
     When enabled will return the most useful information only
-    
+    .PARAMETER rolename
+    Filter by rolename
+    .PARAMETER principalid
+    Filter by principalid
+    .PARAMETER principalName
+    Filter by principalName
     .Example
-    PS> Get-PIMEntraRoleEligibleAssignment -tenantID $tid 
+    PS> Get-PIMEntraRoleEligibleAssignment -tenantID $tid
 
-    List active assignement 
+    List active assignement
 
 
     .Link
@@ -27,16 +32,19 @@ function Get-PIMEntraRoleEligibleAssignment {
         [String]
         $tenantID,
         # select the most usefull info only
-        [switch]$summary
+        [switch]$summary,
+        [string]$principalid,
+        [string]$rolename,
+        [string]$principalName
     )
     try {
         $script:tenantID = $tenantID
 
         $endpoint = "/roleManagement/directory/roleEligibilityScheduleInstances?`$expand=roleDefinition,principal"
         $response = invoke-graph -Endpoint $endpoint
         $resu = @()
-        $response.value | % {
-            $_
+        $response.value | ForEach-Object {
+
             $r = @{
                 "rolename"         = $_.roledefinition.displayName
                 "roleid"           = $_.roledefinition.id
@@ -60,6 +68,19 @@ function Get-PIMEntraRoleEligibleAssignment {
         if ($PSBoundParameters.Keys.Contains('summary')) {
             $resu = $resu | Select-Object rolename, roleid, principalid, principalName, principalEmail, PrincipalType, startDateTime, endDateTime, directoryScopeId
         }
+
+        if ($PSBoundParameters.Keys.Contains('principalid')) {
+            $resu = $resu | Where-Object { $_.principalid -eq $principalid }
+        }
+
+        if ($PSBoundParameters.Keys.Contains('rolename')) {
+            $resu = $resu | Where-Object { $_.rolename -eq $rolename }
+        }
+        if($PSBoundParameters.Keys.Contains('principalName')){
+            $resu = $resu | Where-Object { $_.principalName -match $principalName }
+        }
+
+
         return $resu
     }
     catch { Mycatch $_ }

diff --git a/EasyPIM/functions/New-PIMAzureResourceActiveAssignment.ps1 b/EasyPIM/functions/New-PIMAzureResourceActiveAssignment.ps1
@@ -163,5 +163,5 @@ function New-PIMAzureResourceActiveAssignment {
     Write-Host "SUCCESS : Assignment created!"
     return $response
     }
-    catch{Mycatch $_}    
+    catch{Mycatch $_}
 }
diff --git a/EasyPIM/functions/New-PIMAzureResourceEligibleAssignment.ps1 b/EasyPIM/functions/New-PIMAzureResourceEligibleAssignment.ps1
@@ -166,5 +166,5 @@ function New-PIMAzureResourceEligibleAssignment {
     }
     catch {
         Mycatch $_
-    }    
+    }
 }
diff --git a/EasyPIM/functions/New-PIMEntraRoleActiveAssignment.ps1 b/EasyPIM/functions/New-PIMEntraRoleActiveAssignment.ps1
@@ -75,10 +75,10 @@ function New-PIMEntraRoleActiveAssignment {
 
     )
 
-    try {    
+    try {
         $script:tenantID = $tenantID
 
-        #1 check if the principal ID is a group, if yes confirm it is role-assignable    
+        #1 check if the principal ID is a group, if yes confirm it is role-assignable
         $endpoint = "directoryObjects/$principalID"
         $response = invoke-graph -Endpoint $endpoint
         #$response

diff --git a/EasyPIM/functions/New-PIMEntraRoleEligibleAssignment.ps1 b/EasyPIM/functions/New-PIMEntraRoleEligibleAssignment.ps1
@@ -78,7 +78,7 @@ function New-PIMEntraRoleEligibleAssignment {
     try {
         $script:tenantID = $tenantID
 
-        #1 check if the principal ID is a group, if yes confirm it is role-assignable    
+        #1 check if the principal ID is a group, if yes confirm it is role-assignable
         $endpoint = "directoryObjects/$principalID"
         $response = invoke-graph -Endpoint $endpoint
         #$response
@@ -134,7 +134,7 @@ function New-PIMEntraRoleEligibleAssignment {
         "startDateTime": "'+ $startDateTime + '",
         "expiration": {
             "type": "'+ $type + '",
-            "endDateTime": 
+            "endDateTime": null,
             "duration": "'+ $duration + '"
         }
     }

diff --git a/EasyPIM/functions/Remove-PIMAzureResourceActiveAssignment.ps1 b/EasyPIM/functions/Remove-PIMAzureResourceActiveAssignment.ps1
@@ -129,5 +129,5 @@ function Remove-PIMAzureResourceActiveAssignment {
     }
     catch {
         Mycatch $_
-    }    
+    }
 }
diff --git a/EasyPIM/functions/Remove-PIMAzureResourceEligibleAssignment.ps1 b/EasyPIM/functions/Remove-PIMAzureResourceEligibleAssignment.ps1
@@ -125,5 +125,5 @@ function Remove-PIMAzureResourceEligibleAssignment {
         Write-Host "SUCCESS : Assignment removed!"
         return $response
     }
-    catch { MyCatch $_ }    
+    catch { MyCatch $_ }
 }
diff --git a/EasyPIM/functions/Remove-PIMEntraRoleActiveAssignment.ps1 b/EasyPIM/functions/Remove-PIMEntraRoleActiveAssignment.ps1
@@ -38,7 +38,7 @@
     Author: Loïc MICHEL
     Homepage: https://github.com/kayasax/EasyPIM
 #>
-function Remove-PIMEntraRoleActiveeAssignment {
+function Remove-PIMEntraRoleActiveAssignment {
     [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingWriteHost", "")]
     [CmdletBinding()]
     param (
@@ -132,7 +132,7 @@ function Remove-PIMEntraRoleActiveeAssignment {
 }
 
 '
-        $endpoint = "/roleManagement/directory/roleEligibilityScheduleRequests"
+        $endpoint = "/roleManagement/directory/roleAssignmentScheduleRequests"
         write-verbose "patch body : $body"
         $null = invoke-graph -Endpoint $endpoint -Method "POST" -body $body
         Write-Host "SUCCESS : Assignment removed!"
-Original file line number
+Diff line change
@@ Expand Up / @@ -166,5 +166,5 @@ function New-PIMAzureResourceEligibleAssignment { @@
         }
         catch {
             Mycatch $_
-        }
+        }
     }