Fix test failures from mailbox step template variable dependencies

docs/reference/providers/provider-exchangeonline.md

@@ -187,11 +187,11 @@ $result = Invoke-IdlePlan -Plan $plan -Providers $providers
   Steps = @(
     @{
       Name = 'Ensure mailbox type'
-      Type = 'IdLE.Step.MailboxType.Ensure'
+      Type = 'IdLE.Step.Mailbox.EnsureType'
       With = @{
         Provider    = 'ExchangeOnline'
         IdentityKey = 'user@contoso.com'
-        Type        = 'Shared'
+        MailboxType = 'Shared'
         # AuthSessionName is optional; defaults to the provider alias if omitted
         # AuthSessionOptions = @{ ... }
       }
@@ -200,6 +200,101 @@ $result = Invoke-IdlePlan -Plan $plan -Providers $providers
 }
 ```
 
+### OOF with template variables and dynamic manager attributes
+
+This example shows how to use template variables (`{{...}}`) in Out of Office messages
+with dynamic user attributes (e.g., manager information). Templates are resolved during
+plan building against the request object.
+
+**Important:** Manager lookup is performed **host-side**, not inside the step. This
+maintains the security boundary: steps do not perform directory lookups.
+
+**Host enrichment (example using AD):**
+
+```powershell
+# 1. Retrieve user and manager details from AD
+$user = Get-ADUser -Identity 'max.power' -Properties Manager
+$mgr = $null
+
+if ($user.Manager) {
+  $mgr = Get-ADUser -Identity $user.Manager -Properties DisplayName, Mail
+}
+
+# Provide fallback contact if no manager is found
+if (-not $mgr) {
+  $mgr = [PSCustomObject]@{
+    DisplayName = 'IT Support'
+    Mail        = 'support@contoso.com'
+  }
+}
+
+# 2. Build request with manager data in DesiredState
+$req = New-IdleLifecycleRequest `
+  -LifecycleEvent 'Leaver' `
+  -Actor $env:USERNAME `
+  -Input @{ UserPrincipalName = 'max.power@contoso.com' } `
+  -DesiredState @{
+    Manager = @{
+      DisplayName = $mgr.DisplayName
+      Mail        = $mgr.Mail
+    }
+  }
+
+# 3. Plan and execute
+$plan = New-IdlePlan -WorkflowPath './leaver-workflow.psd1' -Request $req -Providers $providers
+$result = Invoke-IdlePlan -Plan $plan -Providers $providers
+```
+
+**Workflow step using templates:**
+
+```powershell
+@{
+  Name = 'Set Exchange OOF'
+  Type = 'IdLE.Step.Mailbox.EnsureOutOfOffice'
+  With = @{
+    Provider        = 'ExchangeOnline'
+    IdentityKey     = @{ ValueFrom = 'Request.Input.UserPrincipalName' }
+    Config          = @{
+      Mode            = 'Enabled'
+      InternalMessage = 'This mailbox is no longer monitored. Please contact {{Request.DesiredState.Manager.DisplayName}} ({{Request.DesiredState.Manager.Mail}}).'
+      ExternalMessage = 'This mailbox is no longer monitored. Please contact {{Request.DesiredState.Manager.Mail}}.'
+      ExternalAudience = 'All'
+    }
+  }
+}
+```
+
+**Alternative (using Entra ID / Microsoft Graph):**
+
+```powershell
+# Host enrichment using Microsoft Graph
+Connect-MgGraph -Scopes 'User.Read.All'
+
+$user = Get-MgUser -UserId 'max.power@contoso.com' -Property 'Manager'
+$mgr = if ($user.Manager.Id) {
+  Get-MgUser -UserId $user.Manager.Id -Property 'DisplayName', 'Mail'
+} else { $null }
+
+# Provide fallback contact if no manager is found
+if (-not $mgr) {
+  $mgr = [PSCustomObject]@{
+    DisplayName = 'IT Support'
+    Mail        = 'support@contoso.com'
+  }
+}
+
+$req = New-IdleLifecycleRequest `
+  -LifecycleEvent 'Leaver' `
+  -Actor $env:USERNAME `
+  -Input @{ UserPrincipalName = 'max.power@contoso.com' } `
+  -DesiredState @{
+    Manager = @{
+      DisplayName = $mgr.DisplayName
+      Mail        = $mgr.Mail
+    }
+  }
+```
+
 ---
 
 ## Limitations and known issues

docs/reference/steps.md

@@ -5,12 +5,15 @@
 
 | Step Type | Module | Synopsis |
 | --- | --- | --- |
-| [CreateIdentity](steps/step-create-identity.md) | ``IdLE.Steps.Common`` | Creates a new identity in the target system. |
-| [DeleteIdentity](steps/step-delete-identity.md) | ``IdLE.Steps.Common`` | Deletes an identity from the target system. |
-| [DisableIdentity](steps/step-disable-identity.md) | ``IdLE.Steps.Common`` | Disables an identity in the target system. |
-| [EmitEvent](steps/step-emit-event.md) | ``IdLE.Steps.Common`` | Emits a custom event (demo step). |
-| [EnableIdentity](steps/step-enable-identity.md) | ``IdLE.Steps.Common`` | Enables an identity in the target system. |
-| [EnsureAttribute](steps/step-ensure-attribute.md) | ``IdLE.Steps.Common`` | Ensures that an identity attribute matches the desired value. |
-| [EnsureEntitlement](steps/step-ensure-entitlement.md) | ``IdLE.Steps.Common`` | Ensures that an entitlement assignment is present or absent for an identity. |
-| [MoveIdentity](steps/step-move-identity.md) | ``IdLE.Steps.Common`` | Moves an identity to a different container/OU in the target system. |
-| [TriggerDirectorySync](steps/step-trigger-directory-sync.md) | ``IdLE.Steps.DirectorySync`` | Triggers a directory sync cycle and optionally waits for completion. |
+| [IdLE.Step.CreateIdentity](steps/step-create-identity.md) | ``IdLE.Steps.Common`` | Creates a new identity in the target system. |
+| [IdLE.Step.DeleteIdentity](steps/step-delete-identity.md) | ``IdLE.Steps.Common`` | Deletes an identity from the target system. |
+| [IdLE.Step.DisableIdentity](steps/step-disable-identity.md) | ``IdLE.Steps.Common`` | Disables an identity in the target system. |
+| [IdLE.Step.EmitEvent](steps/step-emit-event.md) | ``IdLE.Steps.Common`` | Emits a custom event (demo step). |
+| [IdLE.Step.EnableIdentity](steps/step-enable-identity.md) | ``IdLE.Steps.Common`` | Enables an identity in the target system. |
+| [IdLE.Step.EnsureAttribute](steps/step-ensure-attribute.md) | ``IdLE.Steps.Common`` | Ensures that an identity attribute matches the desired value. |
+| [IdLE.Step.EnsureEntitlement](steps/step-ensure-entitlement.md) | ``IdLE.Steps.Common`` | Ensures that an entitlement assignment is present or absent for an identity. |
+| [IdLE.Step.Mailbox.EnsureOutOfOffice](steps/step-mailbox-ensure-out-of-office.md) | ``IdLE.Steps.Mailbox`` | Ensures that a mailbox Out of Office (OOF) configuration matches the desired state. |
+| [IdLE.Step.Mailbox.EnsureType](steps/step-mailbox-ensure-type.md) | ``IdLE.Steps.Mailbox`` | Ensures that a mailbox is of the desired type (User, Shared, Room, Equipment). |
+| [IdLE.Step.Mailbox.GetInfo](steps/step-mailbox-get-info.md) | ``IdLE.Steps.Mailbox`` | Retrieves mailbox details and returns a structured report. |
+| [IdLE.Step.MoveIdentity](steps/step-move-identity.md) | ``IdLE.Steps.Common`` | Moves an identity to a different container/OU in the target system. |
+| [IdLE.Step.TriggerDirectorySync](steps/step-trigger-directory-sync.md) | ``IdLE.Steps.DirectorySync`` | Triggers a directory sync cycle and optionally waits for completion. |

docs/reference/steps/step-create-identity.md

@@ -1,15 +1,14 @@
-# CreateIdentity
+# IdLE.Step.CreateIdentity
 
 > Generated file. Do not edit by hand.
 > Source: tools/Generate-IdleStepReference.ps1
 
 ## Summary
 
-- **Step Type**: `CreateIdentity`
+- **Step Type**: `IdLE.Step.CreateIdentity`
 - **Module**: `IdLE.Steps.Common`
 - **Implementation**: `Invoke-IdleStepCreateIdentity`
 - **Idempotent**: `Yes`
-- **Required Capabilities**: `IdLE.Identity.Create`
 
 ## Synopsis
 
@@ -48,7 +47,7 @@ The following keys are required in the step's ``With`` configuration:
 
 ```powershell
 @{
-  Name = 'CreateIdentity Example'
+  Name = 'IdLE.Step.CreateIdentity Example'
   Type = 'IdLE.Step.CreateIdentity'
   With = @{
     Attributes           = @{ GivenName = 'First'; Surname = 'Last' }
@@ -59,5 +58,5 @@ The following keys are required in the step's ``With`` configuration:
 
 ## See Also
 
-- [Capabilities Reference](../capabilities.md) - Details on required capabilities
+- [Capabilities Reference](../capabilities.md) - Overview of IdLE capabilities
 - [Providers](../providers.md) - Available provider implementations

docs/reference/steps/step-delete-identity.md

@@ -1,15 +1,14 @@
-# DeleteIdentity
+# IdLE.Step.DeleteIdentity
 
 > Generated file. Do not edit by hand.
 > Source: tools/Generate-IdleStepReference.ps1
 
 ## Summary
 
-- **Step Type**: `DeleteIdentity`
+- **Step Type**: `IdLE.Step.DeleteIdentity`
 - **Module**: `IdLE.Steps.Common`
 - **Implementation**: `Invoke-IdleStepDeleteIdentity`
 - **Idempotent**: `Yes`
-- **Required Capabilities**: `IdLE.Identity.Delete`
 
 ## Synopsis
 
@@ -51,7 +50,7 @@ The following keys are required in the step's ``With`` configuration:
 
 ```powershell
 @{
-  Name = 'DeleteIdentity Example'
+  Name = 'IdLE.Step.DeleteIdentity Example'
   Type = 'IdLE.Step.DeleteIdentity'
   With = @{
     IdentityKey          = 'user.name'
@@ -61,5 +60,5 @@ The following keys are required in the step's ``With`` configuration:
 
 ## See Also
 
-- [Capabilities Reference](../capabilities.md) - Details on required capabilities
+- [Capabilities Reference](../capabilities.md) - Overview of IdLE capabilities
 - [Providers](../providers.md) - Available provider implementations

docs/reference/steps/step-disable-identity.md

@@ -1,15 +1,14 @@
-# DisableIdentity
+# IdLE.Step.DisableIdentity
 
 > Generated file. Do not edit by hand.
 > Source: tools/Generate-IdleStepReference.ps1
 
 ## Summary
 
-- **Step Type**: `DisableIdentity`
+- **Step Type**: `IdLE.Step.DisableIdentity`
 - **Module**: `IdLE.Steps.Common`
 - **Implementation**: `Invoke-IdleStepDisableIdentity`
 - **Idempotent**: `Yes`
-- **Required Capabilities**: `IdLE.Identity.Disable`
 
 ## Synopsis
 
@@ -47,7 +46,7 @@ The following keys are required in the step's ``With`` configuration:
 
 ```powershell
 @{
-  Name = 'DisableIdentity Example'
+  Name = 'IdLE.Step.DisableIdentity Example'
   Type = 'IdLE.Step.DisableIdentity'
   With = @{
     IdentityKey          = 'user.name'
@@ -57,5 +56,5 @@ The following keys are required in the step's ``With`` configuration:
 
 ## See Also
 
-- [Capabilities Reference](../capabilities.md) - Details on required capabilities
+- [Capabilities Reference](../capabilities.md) - Overview of IdLE capabilities
 - [Providers](../providers.md) - Available provider implementations

docs/reference/steps/step-emit-event.md

@@ -1,11 +1,11 @@
-# EmitEvent
+# IdLE.Step.EmitEvent
 
 > Generated file. Do not edit by hand.
 > Source: tools/Generate-IdleStepReference.ps1
 
 ## Summary
 
-- **Step Type**: `EmitEvent`
+- **Step Type**: `IdLE.Step.EmitEvent`
 - **Module**: `IdLE.Steps.Common`
 - **Implementation**: `Invoke-IdleStepEmitEvent`
 - **Idempotent**: `Unknown`
@@ -29,7 +29,7 @@ Please refer to the step description and examples for usage details.
 
 ```powershell
 @{
-  Name = 'EmitEvent Example'
+  Name = 'IdLE.Step.EmitEvent Example'
   Type = 'IdLE.Step.EmitEvent'
   With = @{
     # See step description for available options

docs/reference/steps/step-enable-identity.md

@@ -1,15 +1,14 @@
-# EnableIdentity
+# IdLE.Step.EnableIdentity
 
 > Generated file. Do not edit by hand.
 > Source: tools/Generate-IdleStepReference.ps1
 
 ## Summary
 
-- **Step Type**: `EnableIdentity`
+- **Step Type**: `IdLE.Step.EnableIdentity`
 - **Module**: `IdLE.Steps.Common`
 - **Implementation**: `Invoke-IdleStepEnableIdentity`
 - **Idempotent**: `Yes`
-- **Required Capabilities**: `IdLE.Identity.Enable`
 
 ## Synopsis
 
@@ -47,7 +46,7 @@ The following keys are required in the step's ``With`` configuration:
 
 ```powershell
 @{
-  Name = 'EnableIdentity Example'
+  Name = 'IdLE.Step.EnableIdentity Example'
   Type = 'IdLE.Step.EnableIdentity'
   With = @{
     IdentityKey          = 'user.name'
@@ -57,5 +56,5 @@ The following keys are required in the step's ``With`` configuration:
 
 ## See Also
 
-- [Capabilities Reference](../capabilities.md) - Details on required capabilities
+- [Capabilities Reference](../capabilities.md) - Overview of IdLE capabilities
 - [Providers](../providers.md) - Available provider implementations

docs/reference/steps/step-ensure-attribute.md

@@ -1,15 +1,14 @@
-# EnsureAttribute
+# IdLE.Step.EnsureAttribute
 
 > Generated file. Do not edit by hand.
 > Source: tools/Generate-IdleStepReference.ps1
 
 ## Summary
 
-- **Step Type**: `EnsureAttribute`
+- **Step Type**: `IdLE.Step.EnsureAttribute`
 - **Module**: `IdLE.Steps.Common`
 - **Implementation**: `Invoke-IdleStepEnsureAttribute`
 - **Idempotent**: `Yes`
-- **Required Capabilities**: `IdLE.Identity.Attribute.Ensure`
 
 ## Synopsis
 
@@ -49,7 +48,7 @@ The following keys are required in the step's ``With`` configuration:
 
 ```powershell
 @{
-  Name = 'EnsureAttribute Example'
+  Name = 'IdLE.Step.EnsureAttribute Example'
   Type = 'IdLE.Step.EnsureAttribute'
   With = @{
     IdentityKey          = 'user.name'
@@ -61,5 +60,5 @@ The following keys are required in the step's ``With`` configuration:
 
 ## See Also
 
-- [Capabilities Reference](../capabilities.md) - Details on required capabilities
+- [Capabilities Reference](../capabilities.md) - Overview of IdLE capabilities
 - [Providers](../providers.md) - Available provider implementations

docs/reference/steps/step-ensure-entitlement.md

@@ -1,15 +1,14 @@
-# EnsureEntitlement
+# IdLE.Step.EnsureEntitlement
 
 > Generated file. Do not edit by hand.
 > Source: tools/Generate-IdleStepReference.ps1
 
 ## Summary
 
-- **Step Type**: `EnsureEntitlement`
+- **Step Type**: `IdLE.Step.EnsureEntitlement`
 - **Module**: `IdLE.Steps.Common`
 - **Implementation**: `Invoke-IdleStepEnsureEntitlement`
 - **Idempotent**: `Yes`
-- **Required Capabilities**: `IdLE.Entitlement.List`, `IdLE.Entitlement.Grant`, `IdLE.Entitlement.Revoke`
 
 ## Synopsis
 
@@ -55,7 +54,7 @@ The following keys are required in the step's ``With`` configuration:
 
 ```powershell
 @{
-  Name = 'EnsureEntitlement Example'
+  Name = 'IdLE.Step.EnsureEntitlement Example'
   Type = 'IdLE.Step.EnsureEntitlement'
   With = @{
     Entitlement          = @{ Kind = 'Group'; Id = 'GroupId'; DisplayName = 'Example Group' }
@@ -67,5 +66,5 @@ The following keys are required in the step's ``With`` configuration:
 
 ## See Also
 
-- [Capabilities Reference](../capabilities.md) - Details on required capabilities
+- [Capabilities Reference](../capabilities.md) - Overview of IdLE capabilities
 - [Providers](../providers.md) - Available provider implementations