Merge pull request #25052 from microsoftgraph/update-permissions-reference-update-script

Update permissions reference update script

Author: millicentachieng

.gdn/.gdnbaselines

@@ -0,0 +1,31 @@
+{
+  "hydrated": true,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines",
+    "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance."
+  },
+  "version": "1.0.0",
+  "baselines": {
+    "default": {
+      "name": "default",
+      "createdDate": "2024-08-26 12:06:54Z",
+      "lastUpdatedDate": "2024-08-26 12:06:54Z"
+    }
+  },
+  "results": {
+    "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be": {
+      "signature": "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be",
+      "alternativeSignatures": [
+        "79e125fb7927450b0ebb02d6b3ddb03d7a6a971e21dfdc1c246ba8fd39f0969e"
+      ],
+      "target": "update-permissions-reference.ps1",
+      "line": 170,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "psscriptanalyzer",
+      "ruleId": "PSAvoidUsingConvertToSecureStringWithPlainText",
+      "createdDate": "2024-08-26 12:06:54Z"
+    }
+  }
+}

.gdn/.gdnsuppress

@@ -0,0 +1,31 @@
+{
+  "hydrated": true,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions",
+    "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance."
+  },
+  "version": "1.0.0",
+  "suppressionSets": {
+    "default": {
+      "name": "default",
+      "createdDate": "2024-08-26 12:06:54Z",
+      "lastUpdatedDate": "2024-08-26 12:06:54Z"
+    }
+  },
+  "results": {
+    "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be": {
+      "signature": "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be",
+      "alternativeSignatures": [
+        "79e125fb7927450b0ebb02d6b3ddb03d7a6a971e21dfdc1c246ba8fd39f0969e"
+      ],
+      "target": "update-permissions-reference.ps1",
+      "line": 170,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "psscriptanalyzer",
+      "ruleId": "PSAvoidUsingConvertToSecureStringWithPlainText",
+      "createdDate": "2024-08-26 12:06:54Z"
+    }
+  }
+}

.github/workflows/permissions-reference-gen.yml

@@ -23,7 +23,7 @@ jobs:
       with:
         path: docs
 
-    - name: Run PowerShell script
+    - name: Run PowerShell script to update permissions
       shell: pwsh
       run: | 
         $ClientId = "${{ secrets.GRAPH_CLIENT_ID }}"
@@ -38,22 +38,46 @@ jobs:
         application-id: ${{ secrets.APPLICATION_ID }}
         application-private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
 
-    - name: Commit updates and open a pull request
+    - name: Commit updates from service principal
       working-directory: ./docs
       shell: pwsh
       env:
-       GH_TOKEN: ${{ steps.get_token.outputs.app-token }}
+        GH_TOKEN: ${{ steps.get_token.outputs.app-token }}
       run: |
         $status = git status --porcelain
         if ($status -eq $null) {
           Write-Host "No changes to commit." -ForegroundColor Green
-        } else {
-          $timestamp = Get-Date -Format FileDateTimeUniversal
+        }
+        else {          
           git config user.email "GraphTooling@service.microsoft.com"
           git config user.name "Microsoft Graph DevX Tooling"
-          git checkout -b permissions-reference/$timestamp
           git add .
           git commit -m "Update permissions reference"
-          git push --set-upstream origin permissions-reference/$timestamp
-          gh pr create --base main --title "Automated permissons reference update" --body "Scheduled permissions reference update" --reviewer "FaithOmbongi","msewaweru" --label "ready for content review"
+        } 
+    
+    - name: Run PowerShell script to correct errors in permissions descriptions
+      shell: pwsh
+      run: | 
+        ./docs/correct-permissions-reference-errors.ps1
+    
+    - name: Commit errors correction and open a pull request
+      working-directory: ./docs
+      shell: pwsh
+      env:
+       GH_TOKEN: ${{ steps.get_token.outputs.app-token }}
+      run: |
+        $status = git status --porcelain
+        if ($status -eq $null) {
+          Write-Host "No changes to commit." -ForegroundColor Green
+        } else { 
+          $dateToday = Get-Date -Format 'yyyy-MM-dd'
+          $branchName = "permissions-reference/$dateToday" 
+          $prTitle = "${dateToday}: Automated permissions reference update"
+          
+          git add .
+          git commit -m "Correct errors in permissions reference"
+          git checkout -b $branchName
+          git push --set-upstream origin $branchName
+          
+          gh pr create --base main --title $prTitle --body "Scheduled permissions reference update" --reviewer "FaithOmbongi,msewaweru" --label "ready for content review"
         }

apidoctor.validation.yml

@@ -50,6 +50,10 @@ extends:
     sdl:
       credscan:
         suppressionsFile: $(Build.SourcesDirectory)\.azure-pipelines\.config\CredScanSuppressions.json
+      baseline:
+        baselineFile: $(Build.SourcesDirectory)\.gdn\.gdnbaselines
+      suppression:
+        suppressionFile: $(Build.SourcesDirectory)\.gdn\.gdnsuppress
     customBuildTags:
       - ES365AIMigrationTooling
 

correct-permissions-reference-errors.ps1

@@ -0,0 +1,37 @@
+$docsRepoPath = Join-Path (Get-Location).Path -ChildPath "docs"
+
+$permissionsReferenceFilePath = Join-Path $docsRepoPath -ChildPath "\concepts\permissions-reference.md"
+
+# Define a hash table of typos and their corrections
+$corrections = @{
+    "Precention" = "Prevention"
+    "oganization's" = "organization's"
+    "backed up snapshot" = "backed-up snapshot"
+    "organizatio" = "organization"
+    "organization\u2019s" = "organization's"
+    "device\u2019s" = "device's"
+    "providers\u2019" = "providers'"
+    "the the signed-in user" = "the signed-in user"
+    "dimissing" = "dismissing"
+    "user\u2019s" = "user's"
+    "users\u2019" = "users'"
+    "intellgence" = "intelligence"
+    "polices" = "policies"
+    "by the you" = "by you"
+    "mesages" = "messages"
+    "team\u2019s" = "team's"
+    "calendars\u0020." = "calendars."
+}
+
+# Read the file content
+$content = Get-Content -Path $permissionsReferenceFilePath -Raw
+
+# Iterate through the corrections and replace typos
+foreach ($typo in $corrections.Keys) {
+    $content = $content -replace "\b$typo\b", $corrections[$typo]
+}
+
+# Write the corrected content back to the file
+Set-Content -Path $permissionsReferenceFilePath -Value $content
+
+Write-Output "Typos corrected and saved in $permissionsReferenceFilePath."

update-permissions-reference.ps1

@@ -52,7 +52,7 @@ function Generate-Markdown {
     )
     $markdown = ""
 
-    $markdown += "`n## All permissions`n`n"
+    $markdown += "## All permissions`n`n"
 
     foreach ($name in ($permissions.Name | Get-Unique)) {        
         $markdown += "### $name`n`n"
@@ -106,7 +106,7 @@ function Generate-Markdown {
         $markdown += "| $($resourceSpecificApplicationPermission.value) | $($resourceSpecificApplicationPermission.id) | $($resourceSpecificApplicationPermission.displayName) | $($resourceSpecificApplicationPermission.description) |`n"
     }
 
-    $markdown += "---`n"
+    $markdown += "`n---`n"
 
     return $markdown
 }
@@ -134,10 +134,14 @@ function Update-FileContent {
         # Split the file content into three parts: before first header index, the new content, and after second header index 
         $beforeFirstHeader = $fileContents[0..($firstHeaderIndex - 1)]
         $afterSecondHeader = $fileContents[$secondHeaderIndex..($fileContents.Count - 1)]
+		
+		# Update ms.date
+		$today = Get-Date -Format "MM/dd/yyyy"
+		$beforeFirstHeader = $beforeFirstHeader -replace '^ms\.date:.*', "ms.date: $today"
 
         # Combine the parts with the new content
         $updatedContent = $beforeFirstHeader + $NewContent.Split("`n") + $afterSecondHeader
-
+		
         # Write the updated content back to the file
         $updatedContent | Set-Content -Path $FilePath
     }
@@ -162,7 +166,7 @@ $authUri = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
 $response = Invoke-RestMethod $authUri  -Method 'POST' -Headers $headers -Body $body
 $response | ConvertTo-Json
 $accessToken = $response.access_token
-# $secureAccessToken = ConvertTo-SecureString $accessToken -AsPlainText -Force
+$secureAccessToken = ConvertTo-SecureString $accessToken -AsPlainText -Force
 
 # Install the Microsoft Graph PowerShell module if not already installed
 if (-not (Get-Module -Name Microsoft.Graph -ListAvailable)) {
@@ -171,7 +175,7 @@ if (-not (Get-Module -Name Microsoft.Graph -ListAvailable)) {
 
 # Connect to Microsoft Graph
 try {
-    Connect-MgGraph -Thumbprint $secureAccessToken -NoWelcome
+    Connect-MgGraph -AccessToken $secureAccessToken -NoWelcome
     Write-Host "Connected successfully."
 }
 catch {