New-MtMaesterApp
SYNOPSIS
Creates a new Maester application in Entra ID with required permissions.
SYNTAX
New-MtMaesterApp [[-Name] <String>] [-SendMail] [-SendTeamsMessage] [-Privileged] [[-Scopes] <String[]>]
[[-GitHubOrganization] <String>] [[-GitHubRepository] <String>] [-GitHubActions] [-SetGitHubSecrets]
[-ProgressAction <ActionPreference>] [<CommonParameters>]
DESCRIPTION
Creates a new application registration in Entra ID specifically configured for running Maester tests in a DevOps pipeline. The application will be granted the necessary Graph API permissions based on the specified parameters and tagged for easy identification.
The user running this command must have a permissions to create applications and consent to Graph Permissions. This requires a minimum of being a Privileged Role Administrator (and Cloud Application Administrator if needed) or Global Administrator.
EXAMPLES
EXAMPLE 1
New-MtMaesterApp
Creates a new Maester app with default permissions and name 'Maester DevOps Account'.
EXAMPLE 2
New-MtMaesterApp -Name "My Maester Pipeline App" -SendMail
Creates a new Maester app with mail sending capabilities.
EXAMPLE 3
New-MtMaesterApp -Privileged -Scopes @("User.Read.All", "Group.Read.All")
Creates a new Maester app with privileged scopes and additional custom scopes.
EXAMPLE 4
New-MtMaesterApp -GitHubActions -SetGitHubSecrets
Full zero-config GitHub Actions setup. Auto-detects the target repository from the current git remote, creates the app, grants permissions, adds the federated credential, and pushes the AZURE_CLIENT_ID / AZURE_TENANT_ID secrets via gh CLI.
PARAMETERS
-Name
The display name for the application. If not specified, defaults to 'Maester DevOps Account'.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SendMail
If specified, includes the Mail.Send permission scope.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-SendTeamsMessage
If specified, includes the ChannelMessage.Send permission scope.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Privileged
If specified, includes privileged permission scopes for read-write operations.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Scopes
Additional custom permission scopes to include beyond the default Maester scopes.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: @()
Accept pipeline input: False
Accept wildcard characters: False
-GitHubOrganization
Your GitHub organization name or GitHub username (e.g. 'jasonf'). When supplied together with -GitHubRepository the cmdlet will also create a federated identity credential for GitHub Actions OIDC.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-GitHubRepository
Your GitHub repository name where the workflow lives (e.g. 'maester-tests').
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-GitHubActions
Enable end-to-end GitHub Actions setup. Creates a federated identity credential after granting permissions, and auto-detects the GitHub organization/repository from the local git remote ('origin') when -GitHubOrganization/-GitHubRepository are not explicitly supplied. This is the recommended entry point for the GitHub flow.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-SetGitHubSecrets
Pushes AZURE_CLIENT_ID and AZURE_TENANT_ID to the target repository's Actions secrets via the GitHub CLI ('gh'). Falls back to printing manual instructions when 'gh' is unavailable or not authenticated. Passing -SetGitHubSecrets on its own implicitly enables the GitHub Actions flow, so -GitHubActions does not need to be specified alongside it.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-ProgressAction
{{ Fill ProgressAction Description }}
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.