Skip to content

Commit

Permalink
Merge pull request #124 from almenscorner/dev
Browse files Browse the repository at this point in the history 
v1.5.0
  • Loading branch information
@almenscorner
almenscorner authored Aug 9, 2023
2 parents 6ad85bf + d4bee9d commit 40ca46a
Show file tree
Hide file tree
Showing 6 changed files with 61 additions and 148 deletions.
2 changes: 1 addition & 1 deletion setup.cfg
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[metadata]
name = IntuneCD
version = 1.4.9
version = 1.5.0
author = Tobias Almén
author_email = [email protected]
description = Tool to backup and update configurations in Intune
Expand Down
11 changes: 4 additions & 7 deletions src/IntuneCD/backup_configurationPolicies.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,8 @@ def savebackup(path, output, exclude, token):
for policy in policies["value"]:
policy_ids.append(policy["id"])

assignment_responses = batch_assignment(
policies, "deviceManagement/configurationPolicies/", "/assignments", token
)
policy_settings_batch = batch_request(
policy_ids, "deviceManagement/configurationPolicies/", "/settings", token
)
assignment_responses = batch_assignment(policies, "deviceManagement/configurationPolicies/", "/assignments", token)
policy_settings_batch = batch_request(policy_ids, "deviceManagement/configurationPolicies/", "/settings", token)

for policy in policies["value"]:
results["config_count"] += 1
Expand All @@ -62,7 +58,8 @@ def savebackup(path, output, exclude, token):
policy = remove_keys(policy)

# Get filename without illegal characters
fname = clean_filename(name)
# fname = clean_filename(name)
fname = clean_filename(f"{name}_{str(policy['technologies']).split(',')[-1]}")
# Save Configuration Policy as JSON or YAML depending on configured
# value in "-o"
save_output(output, configpath, fname, policy)
Expand Down
55 changes: 17 additions & 38 deletions src/IntuneCD/update_appProtection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,7 @@
ENDPOINT = "https://graph.microsoft.com/beta/deviceAppManagement/"


def update(
path, token, assignment=False, report=False, create_groups=False, remove=False
):
def update(path, token, assignment=False, report=False, create_groups=False, remove=False):
"""
This function updates all App Protection Polices in Intune,
if the configuration in Intune differs from the JSON/YAML file.
Expand All @@ -45,9 +43,7 @@ def update(
# Get App Protections
mem_data = makeapirequest(f"{ENDPOINT}managedAppPolicies", token)
# Get current assignments
mem_assignments = batch_assignment(
mem_data, "deviceAppManagement/", "/assignments", token, app_protection=True
)
mem_assignments = batch_assignment(mem_data, "deviceAppManagement/", "/assignments", token, app_protection=True)

for filename in os.listdir(configpath):
file = check_file(configpath, filename)
Expand All @@ -59,15 +55,9 @@ def update(
repo_data = load_file(filename, f)

if repo_data:
if (
repo_data["@odata.type"]
== "#microsoft.graph.mdmWindowsInformationProtectionPolicy"
):
if repo_data["@odata.type"] == "#microsoft.graph.mdmWindowsInformationProtectionPolicy":
platform = "mdmWindowsInformationProtectionPolicies"
elif (
repo_data["@odata.type"]
== "#microsoft.graph.windowsInformationProtectionPolicy"
):
elif repo_data["@odata.type"] == "#microsoft.graph.windowsInformationProtectionPolicy":
platform = "windowsInformationProtectionPolicies"
else:
platform = f"{str(repo_data['@odata.type']).split('.')[2]}s"
Expand All @@ -82,21 +72,14 @@ def update(
data = {"value": ""}
if mem_data["value"]:
for val in mem_data["value"]:
if (
"targetedAppManagementLevels" in val
and "targetedAppManagementLevels" in repo_data
):
if "targetedAppManagementLevels" in val and "targetedAppManagementLevels" in repo_data:
if (
repo_data["targetedAppManagementLevels"]
== val["targetedAppManagementLevels"]
repo_data["targetedAppManagementLevels"] == val["targetedAppManagementLevels"]
and repo_data["displayName"] == val["displayName"]
):
data["value"] = val
mem_data["value"].remove(val)
elif (
repo_data["@odata.type"] == val["@odata.type"]
and repo_data["displayName"] == val["displayName"]
):
elif repo_data["@odata.type"] == val["@odata.type"] and repo_data["displayName"] == val["displayName"]:
data["value"] = val
mem_data["value"].remove(val)

Expand All @@ -106,9 +89,12 @@ def update(
# Remove keys before using DeepDiff
data["value"] = remove_keys(data["value"])

diff = DeepDiff(data["value"], repo_data, ignore_order=True).get(
"values_changed", {}
)
diff = DeepDiff(data["value"], repo_data, ignore_order=True).get("values_changed", {})

if repo_data["@odata.type"] == "#microsoft.graph.windowsInformationProtectionPolicy":
response_code = 200
else:
response_code = 204

# If any changed values are found, push them to Intune
if diff and report is False:
Expand All @@ -119,7 +105,7 @@ def update(
token,
q_param,
request_data,
status_code=204,
status_code=response_code,
)

diff_config = DiffSummary(
Expand All @@ -131,9 +117,7 @@ def update(

if assignment:
mem_assign_obj = get_object_assignment(mem_id, mem_assignments)
update = update_assignment(
assign_obj, mem_assign_obj, token, create_groups
)
update = update_assignment(assign_obj, mem_assign_obj, token, create_groups)
if update is not None:
request_data = {"assignments": update}
post_assignment_update(
Expand All @@ -148,10 +132,7 @@ def update(
# If App Protection does not exist, create it and assign
else:
print("-" * 90)
print(
"App Protection not found, creating policy: "
+ repo_data["displayName"]
)
print("App Protection not found, creating policy: " + repo_data["displayName"])
if report is False:
request_json = json.dumps(repo_data)
post_request = makeapirequestPost(
Expand All @@ -162,9 +143,7 @@ def update(
status_code=201,
)
mem_assign_obj = []
assignment = update_assignment(
assign_obj, mem_assign_obj, token, create_groups
)
assignment = update_assignment(assign_obj, mem_assign_obj, token, create_groups)
if assignment is not None:
request_data = {"assignments": assignment}
post_assignment_update(
Expand Down
51 changes: 13 additions & 38 deletions src/IntuneCD/update_configurationPolicies.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,7 @@
ENDPOINT = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies"


def update(
path, token, assignment=False, report=False, create_groups=False, remove=False
):
def update(path, token, assignment=False, report=False, create_groups=False, remove=False):
"""
This function updates all Settings Catalog configurations in Intune,
if the configuration in Intune differs from the JSON/YAML file.
Expand All @@ -44,9 +42,7 @@ def update(
# Get configurations policies
mem_data = makeapirequest(ENDPOINT, token)
# Get current assignments
mem_assignments = batch_assignment(
mem_data, "deviceManagement/configurationPolicies/", "/assignments", token
)
mem_assignments = batch_assignment(mem_data, "deviceManagement/configurationPolicies/", "/assignments", token)

for filename in os.listdir(configpath):
file = check_file(configpath, filename)
Expand All @@ -67,14 +63,13 @@ def update(
data = {"value": ""}
if mem_data["value"]:
for val in mem_data["value"]:
if repo_data["name"] == val["name"]:
if repo_data["name"] == val["name"] and repo_data["technologies"] == val["technologies"]:
data["value"] = val
mem_data["value"].remove(val)

if (
"templateReference" in repo_data
and repo_data["templateReference"].get("templateDisplayName")
== "Endpoint detection and response"
and repo_data["templateReference"].get("templateDisplayName") == "Endpoint detection and response"
):
print("-" * 90)
print(
Expand All @@ -86,19 +81,13 @@ def update(
if data["value"]:
print("-" * 90)
# Get Filter data from Intune
mem_policy_data = makeapirequest(
ENDPOINT + "/" + data["value"]["id"], token
)
mem_policy_data = makeapirequest(ENDPOINT + "/" + data["value"]["id"], token)
# Get Filter settings from Intune
mem_policy_settings = makeapirequest(
ENDPOINT + "/" + data["value"]["id"] + "/settings", token
)
mem_policy_settings = makeapirequest(ENDPOINT + "/" + data["value"]["id"] + "/settings", token)
# Add settings to the data dictionary
mem_policy_data["settings"] = mem_policy_settings["value"]

diff = DeepDiff(mem_policy_data, repo_data, ignore_order=True).get(
"values_changed", {}
)
diff = DeepDiff(mem_policy_data, repo_data, ignore_order=True).get("values_changed", {})

# If any changed values are found, push them to Intune
if diff and report is False:
Expand All @@ -121,12 +110,8 @@ def update(
diff_summary.append(diff_policy)

if assignment:
mem_assign_obj = get_object_assignment(
data["value"]["id"], mem_assignments
)
update = update_assignment(
assign_obj, mem_assign_obj, token, create_groups
)
mem_assign_obj = get_object_assignment(data["value"]["id"], mem_assignments)
update = update_assignment(assign_obj, mem_assign_obj, token, create_groups)
if update is not None:
request_data = {"assignments": update}
post_assignment_update(
Expand All @@ -140,10 +125,7 @@ def update(
# If Configuration Policy does not exist, create it and assign
else:
print("-" * 90)
print(
"Configuration Policy not found, creating Policy: "
+ repo_data["name"]
)
print("Configuration Policy not found, creating Policy: " + repo_data["name"])
if report is False:
repo_data.pop("settingCount", None)
repo_data.pop("creationSource", None)
Expand All @@ -156,9 +138,7 @@ def update(
status_code=201,
)
mem_assign_obj = []
assignment = update_assignment(
assign_obj, mem_assign_obj, token, create_groups
)
assignment = update_assignment(assign_obj, mem_assign_obj, token, create_groups)
if assignment is not None:
request_data = {"assignments": assignment}
post_assignment_update(
Expand All @@ -168,19 +148,14 @@ def update(
"assign",
token,
)
print(
"Configuration Policy created with id: "
+ post_request["id"]
)
print("Configuration Policy created with id: " + post_request["id"])

# If any Configuration Policies are left in mem_data, remove them from Intune as they are not in the repo
if mem_data.get("value", None) is not None and remove is True:
for val in mem_data["value"]:
print("-" * 90)
print("Removing Configuration Policy from Intune: " + val["name"])
if report is False:
makeapirequestDelete(
f"{ENDPOINT}/{val['id']}", token, status_code=200
)
makeapirequestDelete(f"{ENDPOINT}/{val['id']}", token, status_code=200)

return diff_summary
20 changes: 7 additions & 13 deletions tests/Backup/test_backup_configurationPolicies.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,12 +44,13 @@ def setUp(self):
self.directory.create()
self.token = "token"
self.exclude = []
self.saved_path = f"{self.directory.path}/Settings Catalog/test."
self.saved_path = f"{self.directory.path}/Settings Catalog/test_test."
self.expected_data = {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationPolicy",
"assignments": [{"target": {"groupName": "Group1"}}],
"description": "Description value",
"name": "test",
"technologies": "test",
"roleScopeTagIds": ["Role Scope Tag Ids value"],
"settings": [
{
Expand Down Expand Up @@ -77,6 +78,7 @@ def setUp(self):
"@odata.type": "#microsoft.graph.deviceManagementConfigurationPolicy",
"id": "0",
"name": "test",
"technologies": "test",
"description": "Description value",
"roleScopeTagIds": ["Role Scope Tag Ids value"],
"isAssigned": True,
Expand All @@ -88,27 +90,19 @@ def setUp(self):
]
}

self.batch_assignment_patch = patch(
"src.IntuneCD.backup_configurationPolicies.batch_assignment"
)
self.batch_assignment_patch = patch("src.IntuneCD.backup_configurationPolicies.batch_assignment")
self.batch_assignment = self.batch_assignment_patch.start()
self.batch_assignment.return_value = BATCH_ASSIGNMENT

self.batch_request_patch = patch(
"src.IntuneCD.backup_configurationPolicies.batch_request"
)
self.batch_request_patch = patch("src.IntuneCD.backup_configurationPolicies.batch_request")
self.batch_request = self.batch_request_patch.start()
self.batch_request.return_value = BATCH_REQUEST

self.object_assignment_patch = patch(
"src.IntuneCD.backup_configurationPolicies.get_object_assignment"
)
self.object_assignment_patch = patch("src.IntuneCD.backup_configurationPolicies.get_object_assignment")
self.object_assignment = self.object_assignment_patch.start()
self.object_assignment.return_value = OBJECT_ASSIGNMENT

self.makeapirequest_patch = patch(
"src.IntuneCD.backup_configurationPolicies.makeapirequest"
)
self.makeapirequest_patch = patch("src.IntuneCD.backup_configurationPolicies.makeapirequest")
self.makeapirequest = self.makeapirequest_patch.start()
self.makeapirequest.return_value = self.configuration_policy

Expand Down
Loading

0 comments on commit 40ca46a

Please sign in to comment.