maester icon indicating copy to clipboard operation
maester copied to clipboard
verified publisher icon maester365

DISCUSSION: Path to enable additional APIs for tests beyond Graph API

Open soulemike opened this issue 1 year ago • 1 comments

I would like to open a discussion around expanding Maester's capabilities to include tests for M365 beyond the Graph API (e.g., Exchange Online, SharePoint Online, Defender, Azure, etc...).

Here are a few initial working options:

  1. Add tests, but skip unless the API in use is authenticated and available. (i.e., Manual out of band authentication)
  2. Add switches to Connect-Maester to support proxying additional modules like Az.Accounts similar to how it handles Graph today.
  3. Utilize an App Registration for these additional APIs, leverage the Az module to create tokens for alternative APIs based on the .default authorizations of the app. Any API not supported by Az will be a limitation.
  4. Transition to an alternative MSAL manager, such as MSAL.PS or .Net implementation.

Please comment with additional options, any strong preference and logic for a specific option, or additional dependencies or considerations as any option is implemented.

soulemike avatar May 20 '24 14:05 soulemike

Whatever we decide we do need to include more details in the docs on writing tests that are not Microsoft Graph and show samples of #1 can be done today (e.g. Connect-AzAccount and calling tests based on Az)

merill avatar May 21 '24 07:05 merill

Thanks @Snozzberries for the comment. Agree wholeheartedly with this as we'd like to use a single platform for testing / assessing environments continuously against a set of best practices. I'd like to see more of SCuBA tests for other workloads folded in as well as other applicable ones. As a MSP we desire to host this infrastructure and run this against our customer tenants.

dbrinkmann123 avatar Jun 04 '24 22:06 dbrinkmann123