-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No status indication of the M365 platform tests? #469
Comments
What do your Test details say? For the MS.EXO tests, it is probably due to not having Exchange Online connected. |
@Haakonak , As for the ExO testing, do I just follow this https://maester.dev/docs/installation/#installing-azure-and-exchange-online-modules and then manually click on the Run Maester Test button ? |
I think the exchange and/or azure part is not fully integrated, see here: |
The critical piece would be to make sure you are using the This demonstrates using all the services and connecting with appropriate credentials for the tests. |
Hi @Snozzberries |
Situation Get-Module ExchangeOnlineManagement -ListAvailable # 3.6.0
Get-ConnectionInformation | ft Name, *state*, *token*
# Name TokenExpiryTimeUTC TokenStatus
# ---- ------------------ -----------
# ExchangeOnline_2 11.10.2024 12:01:26 +00:00 Active
# ExchangeOnline_3 11.10.2024 11:20:03 +00:00 Active
# ExchangeOnline_1 11.10.2024 09:35:48 +00:00 Active
(Get-ConnectionInformation | Where-Object { $_.Name -match 'ExchangeOnline' -and $_.state -eq 'Connected' })
# > Empty for me Workaround:
|
The current action published on the Marketplace doesn't have compatibility with the other services. So you'd need to either handle them as custom steps in your own job, or you could look into adding more parameters to the Marketplace Action, but I am not sure if there'd be an elegant way due to the EXO module not using the Graph token. https://github.com/maester365/maester/blob/main/action.yml Ref #494 |
The exchange module supports an -AccessToken parameter. We should be able to get it from the existing connection and pass it through. @f-bader thoughts? |
I have tried some variants, but have not yet managed to connect over federated credentials. Here are some ideas: Az Module
## $token = az account get-access-token --resource-type ms-graph
Connect-AzAccount -Identity
#$GraphToken = Get-AzAccessToken -ResourceTypeName MSGraph
$GraphToken = Get-AzAccessToken -ResourceTypeName [NoExchangeScopeFound] Msal Module (Legacy) # Install-Module -Name MSAL.PS -Scope AllUsers
Import-Module MSAL.PS
$connectionDetails = @{
#'TenantId' = 'contoso.onmicrosoft.com'
'TenantId' = '31537af4-6d77-4bb9-a681-d2394888ea26'
'ClientId' = 'f7bb0fcd-cedb-06d2-9ae6-0e287b347ff0'
'ClientSecret' = '[Secret]' | ConvertTo-SecureString -AsPlainText -Force
}
$token2 = Get-MsalToken @connectionDetails -Scopes "https://outlook.office.com/.default"
$accessToken = $token2.AccessToken
$moera = "contoso.onmicrosoft.com"
Connect-ExchangeOnline -AccessToken $accessToken -Organization $moera -ShowBanner:$false AzAuth Module # Install-Module -Name AzAuth -Scope AllUsers
Import-Module AzAuth
$ConnectorArguments = @{
ClientId = 'f7bb0fcd-cedb-06d2-9ae6-0e287b347ff0'
Resource = 'https://outlook.office365.com/'
TenantId = '31537af4-6d77-4bb9-a681-d2394888ea26'
Scope = '.default' # this is the default, but I added it for clarification
#Interactive = $true
}
$token3 = Get-AzToken @ConnectorArguments -ClientSecret $('[Secret]' | ConvertTo-SecureString -AsPlainText -Force)
$accessToken = $token3.Token
$moera = "contoso.onmicrosoft.com"
Connect-ExchangeOnline -AccessToken $accessToken -Organization $moera -ShowBanner:$false PS: Is it possible to make a pull request (PR) for outsider? |
I should have been clearer in this statement. The Graph Module can support generating a token with the appropriate scopes, when you are using a service principal and the default scope. The necessary application scopes aren't assignable during an interactive request for the token. So it is possible to reuse that token from Graph, but you'd require a service principal rather than interactive. For the GitHub Action, that means it should work. With the main exception that the Security & Compliance module does not support an access token though. |
@weyCC81 , |
As this is an Open Source Project, giving a timeline is probably not too easy. May you have an idea of how to solve the above challenges (I am just a commenter as you're in this project)? |
Hey @albert-widjaja, PR #505 is queued to add more clarity on how to use the source modules for authentication prior to running |
As the continuation from this thread: #457
I wonder what I can do to ensure that these checks are executed successfully every day.
Some of the test has the indication when not executed. but not these tests:
As you can see the above, there is no status or even error thrown after the execution.
These tests (without the duplicate:
The text was updated successfully, but these errors were encountered: