Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.5.1 #126

Merged
merged 5 commits into from
Aug 22, 2023
Merged

v1.5.1 #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cfa24a5
include more settings than 25
almenscorner Aug 22, 2023
0d426fb
exclude default device limit from removal
almenscorner Aug 22, 2023
ec727ac
add 504 retry to post request
almenscorner Aug 22, 2023
a98a629
add 504 post retry test
almenscorner Aug 22, 2023
6300861
bump version 1.5.0 -> 1.5.1
almenscorner Aug 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion setup.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[metadata]
name = IntuneCD
version = 1.5.0
version = 1.5.1
author = Tobias Almén
author_email = [email protected]
description = Tool to backup and update configurations in Intune
Expand Down
2 changes: 1 addition & 1 deletion src/IntuneCD/backup_configurationPolicies.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def savebackup(path, output, exclude, token):
policy_ids.append(policy["id"])

assignment_responses = batch_assignment(policies, "deviceManagement/configurationPolicies/", "/assignments", token)
policy_settings_batch = batch_request(policy_ids, "deviceManagement/configurationPolicies/", "/settings", token)
policy_settings_batch = batch_request(policy_ids, "deviceManagement/configurationPolicies/", "/settings?&top=1000", token)

for policy in policies["value"]:
results["config_count"] += 1
Expand Down
80 changes: 22 additions & 58 deletions src/IntuneCD/graph_request.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,39 +26,23 @@ def makeapirequest(endpoint, token, q_param=None):

if q_param is not None:
response = requests.get(endpoint, headers=headers, params=q_param)
if (
response.status_code == 504
or response.status_code == 502
or response.status_code == 503
):
print(
"Ran into issues with Graph request, waiting 10 seconds and trying again..."
)
if response.status_code == 504 or response.status_code == 502 or response.status_code == 503:
print("Ran into issues with Graph request, waiting 10 seconds and trying again...")
time.sleep(10)
response = requests.get(endpoint, headers=headers)
elif response.status_code == 429:
print(
f"Hit Graph throttling, trying again after {response.headers['Retry-After']} seconds"
)
print(f"Hit Graph throttling, trying again after {response.headers['Retry-After']} seconds")
while response.status_code == 429:
time.sleep(int(response.headers["Retry-After"]))
response = requests.get(endpoint, headers=headers)
else:
response = requests.get(endpoint, headers=headers)
if (
response.status_code == 504
or response.status_code == 502
or response.status_code == 503
):
print(
"Ran into issues with Graph request, waiting 10 seconds and trying again..."
)
if response.status_code == 504 or response.status_code == 502 or response.status_code == 503:
print("Ran into issues with Graph request, waiting 10 seconds and trying again...")
time.sleep(10)
response = requests.get(endpoint, headers=headers)
elif response.status_code == 429:
print(
f"Hit Graph throttling, trying again after {response.headers['Retry-After']} seconds"
)
print(f"Hit Graph throttling, trying again after {response.headers['Retry-After']} seconds")
while response.status_code == 429:
time.sleep(int(response.headers["Retry-After"]))
response = requests.get(endpoint, headers=headers)
Expand All @@ -81,14 +65,10 @@ def makeapirequest(endpoint, token, q_param=None):
elif ("assignmentFilters" in endpoint) and ("FeatureNotEnabled" in response.text):
print("Assignment filters not enabled in tenant, skipping")
else:
raise Exception(
"Request failed with ", response.status_code, " - ", response.text
)
raise Exception("Request failed with ", response.status_code, " - ", response.text)


def makeapirequestPatch(
patchEndpoint, token, q_param=None, jdata=None, status_code=200
):
def makeapirequestPatch(patchEndpoint, token, q_param=None, jdata=None, status_code=200):
"""
This function makes a PATCH request to the Microsoft Graph API.

Expand All @@ -105,22 +85,16 @@ def makeapirequestPatch(
}

if q_param is not None:
response = requests.patch(
patchEndpoint, headers=headers, params=q_param, data=jdata
)
response = requests.patch(patchEndpoint, headers=headers, params=q_param, data=jdata)
else:
response = requests.patch(patchEndpoint, headers=headers, data=jdata)
if response.status_code == status_code:
pass
else:
raise Exception(
"Request failed with ", response.status_code, " - ", response.text
)
raise Exception("Request failed with ", response.status_code, " - ", response.text)


def makeapirequestDelete(
deleteEndpoint, token, q_param=None, jdata=None, status_code=200
):
def makeapirequestDelete(deleteEndpoint, token, q_param=None, jdata=None, status_code=200):
"""
This function makes a DELETE request to the Microsoft Graph API.

Expand All @@ -137,17 +111,13 @@ def makeapirequestDelete(
}

if q_param is not None:
response = requests.delete(
deleteEndpoint, headers=headers, params=q_param, data=jdata
)
response = requests.delete(deleteEndpoint, headers=headers, params=q_param, data=jdata)
else:
response = requests.delete(deleteEndpoint, headers=headers, data=jdata)
if response.status_code == status_code:
pass
else:
raise Exception(
"Request failed with ", response.status_code, " - ", response.text
)
raise Exception("Request failed with ", response.status_code, " - ", response.text)


def makeapirequestPost(patchEndpoint, token, q_param=None, jdata=None, status_code=200):
Expand All @@ -167,9 +137,7 @@ def makeapirequestPost(patchEndpoint, token, q_param=None, jdata=None, status_co
}

if q_param is not None:
response = requests.post(
patchEndpoint, headers=headers, params=q_param, data=jdata
)
response = requests.post(patchEndpoint, headers=headers, params=q_param, data=jdata)
else:
response = requests.post(patchEndpoint, headers=headers, data=jdata)
if response.status_code == status_code:
Expand All @@ -178,17 +146,17 @@ def makeapirequestPost(patchEndpoint, token, q_param=None, jdata=None, status_co
return json_data
else:
pass
elif response.status_code == 504:
print("Ran into issues with Graph request, waiting 10 seconds and trying again...")
time.sleep(10)
response = requests.post(patchEndpoint, headers=headers, data=jdata)
elif response.status_code == 429:
print(
f"Hit Graph throttling, trying again after {response.headers['Retry-After']} seconds"
)
print(f"Hit Graph throttling, trying again after {response.headers['Retry-After']} seconds")
while response.status_code == 429:
time.sleep(int(response.headers["Retry-After"]))
response = requests.post(patchEndpoint, headers=headers, data=jdata)
else:
raise Exception(
"Request failed with ", response.status_code, " - ", response.text
)
raise Exception("Request failed with ", response.status_code, " - ", response.text)


def makeapirequestPut(patchEndpoint, token, q_param=None, jdata=None, status_code=200):
Expand All @@ -208,14 +176,10 @@ def makeapirequestPut(patchEndpoint, token, q_param=None, jdata=None, status_cod
}

if q_param is not None:
response = requests.put(
patchEndpoint, headers=headers, params=q_param, data=jdata
)
response = requests.put(patchEndpoint, headers=headers, params=q_param, data=jdata)
else:
response = requests.put(patchEndpoint, headers=headers, data=jdata)
if response.status_code == status_code:
pass
else:
raise Exception(
"Request failed with ", response.status_code, " - ", response.text
)
raise Exception("Request failed with ", response.status_code, " - ", response.text)
75 changes: 18 additions & 57 deletions src/IntuneCD/update_enrollmentConfigurations.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,10 @@
from .diff_summary import DiffSummary

# Set MS Graph endpoint
ENDPOINT = (
"https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations"
)
ENDPOINT = "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations"


def update(
path, token, assignment=False, report=False, create_groups=False, remove=False
):
def update(path, token, assignment=False, report=False, create_groups=False, remove=False):
"""_summary_

Args:
Expand Down Expand Up @@ -79,15 +75,9 @@ def update(
data = {"value": ""}
if intune_data["value"]:
for val in intune_data["value"]:
if (
val["@odata.type"]
== "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration"
):
if val["@odata.type"] == "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration":
continue
if (
repo_data["@odata.type"]
== "#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration"
):
if repo_data["@odata.type"] == "#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration":
if (
repo_data["@odata.type"] == val["@odata.type"]
and repo_data["displayName"] == val["displayName"]
Expand All @@ -113,14 +103,9 @@ def update(
# Remove keys from data that should not be compared
data["value"] = remove_keys(data["value"])
if repo_priority != mem_priority and mem_priority != 0:
mem_priority = makeapirequest(
f"{ENDPOINT}/{mem_id}?$select=priority", token
).get("priority", "")
mem_priority = makeapirequest(f"{ENDPOINT}/{mem_id}?$select=priority", token).get("priority", "")
if repo_priority != mem_priority:
print(
f"Updating Enrollment Config {config_type} Priority: "
+ repo_data["displayName"]
)
print(f"Updating Enrollment Config {config_type} Priority: " + repo_data["displayName"])
# Update Enrollment Configuration
if report is False:
request_data = json.dumps({"priority": repo_priority})
Expand All @@ -135,9 +120,7 @@ def update(
# Compare data from Intune with data from file
repo_data.pop("priority", None)
data["value"].pop("priority", None)
diff = DeepDiff(data["value"], repo_data, ignore_order=True).get(
"values_changed", {}
)
diff = DeepDiff(data["value"], repo_data, ignore_order=True).get("values_changed", {})

# If data differs, continue
if diff and report is False:
Expand All @@ -164,13 +147,9 @@ def update(

if assignment:
mem_assign_obj = get_object_assignment(mem_id, mem_assignments)
update = update_assignment(
assign_obj, mem_assign_obj, token, create_groups
)
update = update_assignment(assign_obj, mem_assign_obj, token, create_groups)
if update is not None:
request_data = {
"enrollmentConfigurationAssignments": update
}
request_data = {"enrollmentConfigurationAssignments": update}
post_assignment_update(
request_data,
mem_id,
Expand All @@ -182,18 +161,12 @@ def update(
# If Enrollment Configuration does not exist, continue
else:
print("-" * 90)
print(
f"Creating Enrollment Config {config_type}: "
+ repo_data["displayName"]
)
print(f"Creating Enrollment Config {config_type}: " + repo_data["displayName"])
# Create Enrollment Configuration
if report is False:
platform_types = ["android", "androidForWork"]

if (
repo_data["@odata.type"]
== "#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration"
):
if repo_data["@odata.type"] == "#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration":
if repo_data["platformType"] in platform_types:
for platform in platform_types:
repo_data["platformType"] = platform
Expand Down Expand Up @@ -225,41 +198,29 @@ def update(
)

mem_assign_obj = []
assignment = update_assignment(
assign_obj, mem_assign_obj, token, create_groups
)
assignment = update_assignment(assign_obj, mem_assign_obj, token, create_groups)
if assignment is not None:
request_data = {
"enrollmentConfigurationAssignments": assignment
}
request_data = {"enrollmentConfigurationAssignments": assignment}
post_assignment_update(
request_data,
post_request["id"],
"deviceManagement/deviceEnrollmentConfigurations",
"assign",
token,
)
print(
f"Enrollment Config {config_type} created with id: "
+ post_request["id"]
)
print(f"Enrollment Config {config_type} created with id: " + post_request["id"])

# If any Enrollment Configurations are left in intune_data, remove them from Intune as they are not in the repo
if intune_data.get("value", None) is not None and remove is True:
for val in intune_data["value"]:
if (
val["@odata.type"]
== "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration"
val["@odata.type"] == "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration"
or val["displayName"] == "All users and all devices"
):
continue
print("-" * 90)
print(
"Removing Enrollment Configuration from Intune: "
+ val["displayName"]
)
print("Removing Enrollment Configuration from Intune: " + val["displayName"])
if report is False:
makeapirequestDelete(
f"{ENDPOINT}/{val['id']}", token, status_code=200
)
makeapirequestDelete(f"{ENDPOINT}/{val['id']}", token, status_code=200)

return diff_summary
Loading