Skip to content

Commit

Permalink
Merge pull request #15 from KelvinTegelaar/master
Browse files Browse the repository at this point in the history 
[pull] master from KelvinTegelaar:master
  • Loading branch information
@pull
pull[bot] authored Jan 6, 2024
2 parents c3b31e0 + e65d369 commit 1604adb
Show file tree
Hide file tree
Showing 67 changed files with 2,145 additions and 899 deletions.
9 changes: 3 additions & 6 deletions ExecScheduledCommand/run.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ Write-Host 'started task'
try {
try {
$results = & $QueueItem.command @commandParameters
}
catch {
} catch {
$results = "Task Failed: $($_.Exception.Message)"

}
Expand All @@ -31,8 +30,7 @@ try {
if ($StoredResults.Length -gt 64000 -or $task.Tenant -eq 'AllTenants') {
$StoredResults = @{ Results = 'The results for this query are too long to store in this table, or the query was meant for All Tenants. Please use the options to send the results to another target to be able to view the results. ' } | ConvertTo-Json -Compress
}
}
catch {
} catch {
$errorMessage = $_.Exception.Message
if ($task.Recurrence -gt 0) { $State = 'Failed - Planned' } else { $State = 'Failed' }
Update-AzDataTableEntity @Table -Entity @{
Expand Down Expand Up @@ -71,8 +69,7 @@ if ($task.Recurrence -le '0' -or $task.Recurrence -eq $null) {
Results = "$StoredResults"
TaskState = 'Completed'
}
}
else {
} else {
$nextRun = (Get-Date).AddDays($task.Recurrence)
$nextRunUnixTime = [int64]($nextRun - (Get-Date '1/1/1970')).TotalSeconds
Update-AzDataTableEntity @Table -Entity @{
Expand Down
14 changes: 7 additions & 7 deletions Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ function Add-CIPPDelegatedPermission {
$ApplicationId,
$Tenantfilter
)
Write-Host 'Adding Delegated Permissions'
Set-Location (Get-Item $PSScriptRoot).FullName

if ($RequiredResourceAccess -eq "CIPPDefaults") {
Write-Host "RequiredResourceAccess: $($RequiredResourceAccess | ConvertTo-Json -Depth 10)"
if ($RequiredResourceAccess -eq 'CIPPDefaults') {
$RequiredResourceAccess = (Get-Content '.\SAMManifest.json' | ConvertFrom-Json).requiredResourceAccess
}
$Translator = Get-Content '.\PermissionsTranslator.json' | ConvertFrom-Json
Expand All @@ -26,17 +27,16 @@ function Add-CIPPDelegatedPermission {
if (!$OldScope) {
$Createbody = @{
clientId = $ourSVCPrincipal.id
consentType = "AllPrincipals"
consentType = 'AllPrincipals'
resourceId = $svcPrincipalId.id
scope = $NewScope
} | ConvertTo-Json -Compress
$CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/oauth2PermissionGrants" -tenantid $Tenantfilter -body $Createbody -type POST
$CreateRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/oauth2PermissionGrants' -tenantid $Tenantfilter -body $Createbody -type POST
$Results.add("Successfully added permissions for $($svcPrincipalId.displayName)") | Out-Null
}
else {
} else {
$compare = Compare-Object -ReferenceObject $OldScope.scope.Split(' ') -DifferenceObject $NewScope.Split(' ')
if (!$compare) {
$Results.add("All delegated permissions exist for $($svcPrincipalId.displayName)") | Out-Null
$Results.add("All delegated permissions exist for $($svcPrincipalId.displayName)") | Out-Null
continue
}
$Patchbody = @{
Expand Down
73 changes: 41 additions & 32 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,16 @@ Function Invoke-AddAlert {
$APIName = $TriggerMetadata.FunctionName
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

$Tenants = ($Request.body | Select-Object Select_*).psobject.properties.value
$Tenants = $Request.body.tenantFilter
$Table = get-cipptable -TableName 'SchedulerConfig'

$Results = foreach ($Tenant in $tenants) {
try {
$TenantID = if ($tenant -ne 'AllTenants') {
(get-tenants | Where-Object -Property defaultDomainName -EQ $Tenant).customerId
}
else {
'AllTenants'
Write-Host "Working on $Tenant"
if ($tenant -ne 'AllTenants') {
$TenantID = (get-tenants | Where-Object -Property defaultDomainName -EQ $Tenant).customerId
} else {
$TenantID = 'AllTenants'
}
if ($Request.body.SetAlerts) {
$CompleteObject = @{
Expand Down Expand Up @@ -45,45 +47,52 @@ Function Invoke-AddAlert {
RowKey = $TenantID
PartitionKey = 'Alert'
}

$Table = get-cipptable -TableName 'SchedulerConfig'
Add-CIPPAzDataTableEntity @Table -Entity $CompleteObject -Force
}
$URL = ($request.headers.'x-ms-original-url').split('/api') | Select-Object -First 1
if ($Tenant -eq 'AllTenants') {
Get-Tenants | ForEach-Object {
foreach ($eventType in $Request.body.EventTypes.value) {
} else {
$URL = ($request.headers.'x-ms-original-url').split('/api') | Select-Object -First 1
if ($Tenant -eq 'AllTenants') {
Get-Tenants | ForEach-Object {
$params = @{
TenantFilter = $_.defaultDomainName
auditLogAPI = $true
operations = ($Request.body.Operations.value -join ',')
allowedLocations = ($Request.body.AllowedLocations.value -join ',')
BaseURL = $URL
EventType = $eventType
ExecutingUser = $Request.headers.'x-ms-client-principal'
TenantFilter = $_.defaultDomainName
auditLogAPI = $true
operations = 'Audit.AzureActiveDirectory,Audit.Exchange,Audit.SharePoint,Audit.General'
BaseURL = $URL
ExecutingUser = $Request.headers.'x-ms-client-principal'
}
Push-OutputBinding -Name Subscription -Value $Params
}
}
}
else {
foreach ($eventType in $Request.body.EventTypes.value) {
$CompleteObject = @{
tenant = 'AllTenants'
type = 'webhookcreation'
RowKey = 'AllTenantsWebhookCreation'
PartitionKey = 'webhookcreation'
}
Add-CIPPAzDataTableEntity @Table -Entity $CompleteObject -Force
} else {
$params = @{
TenantFilter = $tenant
auditLogAPI = $true
operations = ($Request.body.Operations.value -join ',')
allowedLocations = ($Request.body.AllowedLocations.value -join ',')
BaseURL = $URL
EventType = $eventType
ExecutingUser = $Request.headers.'x-ms-client-principal'
TenantFilter = $tenant
auditLogAPI = $true
operations = 'Audit.AzureActiveDirectory,Audit.Exchange,Audit.SharePoint,Audit.General'
BaseURL = $URL
ExecutingUser = $Request.headers.'x-ms-client-principal'
}
New-CIPPGraphSubscription @params
}
$CompleteObject = @{
Tenant = [string]$tenant
if = [string](ConvertTo-Json -Depth 10 -Compress -InputObject $Request.body.ifs)
execution = [string](ConvertTo-Json -Depth 10 -Compress -InputObject $Request.body.do)
type = 'WebhookAlert'
RowKey = [string](New-Guid)
PartitionKey = 'WebhookAlert'
}
Add-CIPPAzDataTableEntity @Table -Entity $CompleteObject -Force

}
"Successfully added Alert for $($Tenant) to queue."
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Successfully added Alert for $($Tenant) to queue." -Sev 'Info'
}
catch {
} catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Failed to add Alert for for $($Tenant) to queue" -Sev 'Error'
"Failed to add Alert for for $($Tenant) to queue $($_.Exception.message)"
}
Expand Down
20 changes: 11 additions & 9 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInvite.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ Function Invoke-ExecGDAPInvite {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

$RoleMappings = $Request.body.gdapRoles
$Results = [System.Collections.Generic.List[string]]::new()

if ($RoleMappings.roleDefinitionId -contains '62e90394-69f5-4237-9190-012177145e10') {
$AutoExtendDuration = 'PT0S'
Expand Down Expand Up @@ -48,29 +47,32 @@ Function Invoke-ExecGDAPInvite {

if ($NewRelationshipRequest.action -eq 'lockForApproval') {
$InviteUrl = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($NewRelationship.id)"
$Uri = ([System.Uri]$TriggerMetadata.Headers.referer)
$OnboardingUrl = $Uri.AbsoluteUri.Replace($Uri.PathAndQuery, '/tenant/administration/tenant-onboarding-wizard?tableFilter=Complex: id eq {0}' -f $NewRelationship.id)

$InviteEntity = [PSCustomObject]@{
'PartitionKey' = 'invite'
'RowKey' = $NewRelationship.id
'InviteUrl' = $InviteUrl
'RoleMappings' = [string](@($RoleMappings) | ConvertTo-Json -Depth 10 -Compress)
'PartitionKey' = 'invite'
'RowKey' = $NewRelationship.id
'InviteUrl' = $InviteUrl
'OnboardingUrl' = $OnboardingUrl
'RoleMappings' = [string](@($RoleMappings) | ConvertTo-Json -Depth 10 -Compress)
}
Add-CIPPAzDataTableEntity @Table -Entity $InviteEntity

$Results.add('GDAP relationship invite created. Copy the URL below and log in as a Global Admin for the new tenant to approve the invite.')
$Message = 'GDAP relationship invite created. Log in as a Global Admin in the new tenant to approve the invite.'
} else {
$Results.add('Error creating GDAP relationship request')
$Message = 'Error creating GDAP relationship request'
}
}
} catch {
$Results.add('Error creating GDAP relationship')
$Message = 'Error creating GDAP relationship'
Write-Host "GDAP ERROR: $($_.Exception.Message)"
}

Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info'

$body = @{
Results = @($Results)
Message = $Message
Invite = $InviteEntity
}
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
Expand Down
78 changes: 78 additions & 0 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
using namespace System.Net

Function Invoke-ExecGraphExplorerPreset {
<#
.FUNCTIONALITY
Entrypoint
#>
[CmdletBinding()]
param($Request, $TriggerMetadata)

$APIName = $TriggerMetadata.FunctionName
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

$Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails
# Write to the Azure Functions log stream.
Write-Host 'PowerShell HTTP trigger function processed a request.'


switch ($Request.Body.Action) {
'Copy' {
$Id = (New-Guid).Guid
}
'Save' {
$Id = $Request.Body.values.reportTemplate.value
}
'Delete' {
$Id = $Request.Body.values.reportTemplate.value
}
}

$params = $Request.Body.values | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared
$Preset = [PSCustomObject]@{
PartitionKey = 'Preset'
RowKey = [string]$Id
id = [string]$Id
name = [string]$Request.Body.values.name
Owner = [string]$Username
IsShared = $Request.Body.values.IsShared
params = [string](ConvertTo-Json -InputObject $params -Compress)
}

try {
$Success = $false
$Table = Get-CIPPTable -TableName 'GraphPresets'
$Message = '{0} preset succeeded' -f $Request.Body.Action
if ($Request.Body.Action -eq 'Copy') {
Add-CIPPAzDataTableEntity @Table -Entity $Preset
$Success = $true
} else {
$Entity = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$Id'"
if ($Entity.Owner -eq $Username ) {
if ($Request.Body.Action -eq 'Delete') {
Remove-AzDataTableEntity @Table -Entity $Entity
} elseif ($Request.Body.Action -eq 'Save') {
Add-CIPPAzDataTableEntity @Table -Entity $Preset -Force
}
$Success = $true
} else {
$Message = 'Error: You can only modify your own presets.'
$Success = $false
}
}

$StatusCode = [HttpStatusCode]::OK
} catch {
$Success = $false
$Message = $_.Exception.Message
$StatusCode = [HttpStatusCode]::BadRequest
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = $StatusCode
Body = @{
Results = $Message
Success = $Success
}
})
}
Loading

0 comments on commit 1604adb

Please sign in to comment.