Merge pull request #73 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev
BNWEIN · Jun 19, 2024 · 8c6a200 · 8c6a200
2 parents cf1f160 + 79a21a9
commit 8c6a200
Show file tree

Hide file tree

Showing 52 changed files with 1,040 additions and 280 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,22 @@
+# Editor configuration, see http://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+insert_final_newline = true
+
+[*.{ps1, psd1, psm1}]
+indent_size = 4
+end_of_line = crlf
+trim_trailing_whitespace = true
+
+[*.json]
+indent_size = 2
+end_of_line = crlf
+trim_trailing_whitespace = true
+
+[*.{md, txt}]
+end_of_line = crlf
+max_line_length = off
+trim_trailing_whitespace = false
diff --git a/.github/workflows/dev_cippacnqv.yml b/.github/workflows/dev_cippacnqv.yml
@@ -0,0 +1,39 @@
+# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
+# More GitHub Actions for Azure: https://github.com/Azure/actions
+
+name: Build and deploy Powershell project to Azure Function App - cippacnqv
+
+on:
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+env:
+  AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
+
+jobs:
+  deploy:
+    runs-on: windows-latest
+    permissions:
+      id-token: write #This is required for requesting the JWT
+
+    steps:
+      - name: 'Checkout GitHub Action'
+        uses: actions/checkout@v4
+
+      - name: Login to Azure
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_6085081ED1124B799258E9FF743FF4B9 }}
+          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_9BDB2DDBFAFA4BC19C20A58B204BFAF3 }}
+          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_02B5224812794971B05EDD557AF2B867 }}
+
+      - name: 'Run Azure Functions Action'
+        uses: Azure/functions-action@v1
+        id: fa
+        with:
+          app-name: 'cippacnqv'
+          slot-name: 'Production'
+          package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
+
diff --git a/Cache_SAMSetup/SAMManifest.json b/Cache_SAMSetup/SAMManifest.json
@@ -157,7 +157,9 @@
         { "id": "885f682f-a990-4bad-a642-36736a74b0c7", "type": "Scope" },
         { "id": "913b9306-0ce1-42b8-9137-6a7df690a760", "type": "Role" },
         { "id": "cb8f45a0-5c2e-4ea1-b803-84b870a7d7ec", "type": "Scope" },
-        { "id": "4c06a06a-098a-4063-868e-5dfee3827264", "type": "Scope" }
+        { "id": "4c06a06a-098a-4063-868e-5dfee3827264", "type": "Scope" },
+        { "id": "1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9", "type": "Role" },
+        { "id": "e67e6727-c080-415e-b521-e3f35d5248e9", "type": "Scope" }
       ]
     },
     {

diff --git a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1
@@ -3,7 +3,7 @@ function Test-CIPPAccess {
         $Request,
         [switch]$TenantList
     )
-
+    if ($Request.Params.CIPPEndpoint -eq 'ExecSAMSetup') { return $true }
     if (!$Request.Headers.'x-ms-client-principal') {
         # Direct API Access
         $CustomRoles = @('CIPP-API')
@@ -47,7 +47,6 @@ function Test-CIPPAccess {
                         $Permission.AllowedTenants | Where-Object { $Permission.BlockedTenants -notcontains $_ }
                     }
                 }
-                Write-Information ($LimitedTenantList | ConvertTo-Json)
                 return $LimitedTenantList
             }
 
@@ -77,11 +76,10 @@ function Test-CIPPAccess {
                         } else {
                             $Tenant = ($Tenants | Where-Object { $Request.Query.TenantFilter -eq $_.customerId -or $Request.Body.TenantFilter -eq $_.customerId -or $Request.Query.TenantFilter -eq $_.defaultDomainName -or $Request.Body.TenantFilter -eq $_.defaultDomainName }).customerId
                             if ($Role.AllowedTenants -contains 'AllTenants') {
-                                $AllowedTenants = $Tenants
+                                $AllowedTenants = $Tenants.customerId
                             } else {
                                 $AllowedTenants = $Role.AllowedTenants
                             }
-
                             if ($Tenant) {
                                 $TenantAllowed = $AllowedTenants -contains $Tenant -and $Role.BlockedTenants -notcontains $Tenant
                                 if (!$TenantAllowed) { continue }

diff --git a/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1
@@ -41,6 +41,7 @@ function Invoke-ListCippQueue {
         $TotalCompleted = $TaskStatus.Completed ?? 0
         $TotalFailed = $TaskStatus.Failed ?? 0
         $TotalRunning = $TaskStatus.Running ?? 0
+        if ($Queue.TotalTasks -eq 0) { $Queue.TotalTasks = 1 }
 
         [PSCustomObject]@{
             PartitionKey    = $Queue.PartitionKey

diff --git a/.../CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogBundleProcessing.ps1 b/.../CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogBundleProcessing.ps1
@@ -0,0 +1,48 @@
+function Push-AuditLogBundleProcessing {
+    Param($Item)
+    $TenantFilter = $Item.TenantFilter
+    Write-Information "Audit log tenant filter: $TenantFilter"
+    $ConfigTable = get-cipptable -TableName 'WebhookRules'
+    $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
+    #$WebhookIncoming = Get-CIPPTable -TableName 'WebhookIncoming'
+    $SchedulerConfig = Get-CIPPTable -TableName 'SchedulerConfig'
+    $CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
+
+    $Configuration = $ConfigEntries | Where-Object { ($_.Tenants -match $TenantFilter -or $_.Tenants -match 'AllTenants') } | ForEach-Object {
+        [pscustomobject]@{
+            Tenants    = ($_.Tenants | ConvertFrom-Json).fullValue
+            Conditions = $_.Conditions
+            Actions    = $_.Actions
+            LogType    = $_.Type
+        }
+    }
+
+    if (($Configuration | Measure-Object).Count -eq 0) {
+        Write-Information "No configuration found for tenant $TenantFilter"
+        return
+    }
+
+    $LogTypes = $Configuration.LogType | Select-Object -Unique
+    foreach ($LogType in $LogTypes) {
+        Write-Information "Querying for log type: $LogType"
+        try {
+            $DataToProcess = (Test-CIPPAuditLogRules -TenantFilter $TenantFilter -LogType $LogType).DataToProcess
+
+            Write-Information "Webhook: Data to process found: $($DataToProcess.count) items"
+            foreach ($AuditLog in $DataToProcess) {
+                Write-Information "Processing $($item.operation)"
+                $Webhook = @{
+                    Data         = $AuditLog
+                    CIPPURL      = [string]$CIPPURL
+                    TenantFilter = $TenantFilter
+                }
+                #Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity -Force
+                #Write-Information ($AuditLog | ConvertTo-Json -Depth 10)
+                Invoke-CippWebhookProcessing @Webhook
+            }
+        } catch {
+            #Write-LogMessage -API 'Webhooks' -message 'Error processing webhooks' -sev Error -LogData (Get-CippException -Exception $_)
+            Write-Host ( 'Audit log error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message)
+        }
+    }
+}
diff --git a/...ty Triggers/Push-PublicWebhookProcess.ps1 → ...rs/Webhooks/Push-PublicWebhookProcess.ps1 b/...ty Triggers/Push-PublicWebhookProcess.ps1 → ...rs/Webhooks/Push-PublicWebhookProcess.ps1
diff --git a/...riggers/Push-Schedulerwebhookcreation.ps1 → ...ebhooks/Push-Schedulerwebhookcreation.ps1 b/...riggers/Push-Schedulerwebhookcreation.ps1 → ...ebhooks/Push-Schedulerwebhookcreation.ps1
@@ -23,7 +23,7 @@ function Push-Schedulerwebhookcreation {
         foreach ($Tenant in $Tenants) {
             Write-Host "Working on $Tenant - $($Row.tenantid)"
             #use the queueitem to see if we already have a webhook for this tenant + webhooktype. If we do, delete this row from SchedulerConfig.
-            $Webhook = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$Tenant' and Version eq '2' and Resource eq '$($Row.webhookType)'"
+            $Webhook = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$Tenant' and Version eq '3' and Resource eq '$($Row.webhookType)'"
             if ($Webhook) {
                 Write-Host "Found existing webhook for $Tenant - $($Row.webhookType)"
                 if ($Row.tenantid -ne 'AllTenants') {
@@ -32,17 +32,14 @@ function Push-Schedulerwebhookcreation {
             } else {
                 Write-Host "No existing webhook for $Tenant - $($Row.webhookType) - Time to create."
                 try {
-                    $NewSub = New-CIPPGraphSubscription -TenantFilter $Tenant -EventType $Row.webhookType -BaseURL $Row.CIPPURL -auditLogAPI $true
+                    $NewSub = New-CIPPGraphSubscription -TenantFilter $Tenant -EventType $Row.webhookType -auditLogAPI $true
                     if ($NewSub.Success -and $Row.tenantid -ne 'AllTenants') {
                         Remove-AzDataTableEntity @Table -Entity $Row
                     } else {
                         Write-Host "Failed to create webhook for $Tenant - $($Row.webhookType) - $($_.Exception.Message)"
-                        Write-LogMessage -message "Failed to create webhook for $Tenant - $($Row.webhookType)" -Sev 'Error' -LogData $_.Exception
                     }
                 } catch {
                     Write-Host "Failed to create webhook for $Tenant - $($Row.webhookType): $($_.Exception.Message)"
-                    Write-LogMessage -message "Failed to create webhook for $Tenant - $($Row.webhookType)" -Sev 'Error' -LogData $_.Exception
-
                 }
 
             }

diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecAddAlert {
+Function Invoke-ExecListBackup {
     <#
     .FUNCTIONALITY
         Entrypoint

diff --git a/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 b/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1
@@ -0,0 +1,43 @@
+using namespace System.Net
+
+Function Invoke-ExecSetCIPPAutoBackup {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.Backup.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+    $unixtime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
+    if ($Request.query.Enabled -eq 'True') {
+        $Table = Get-CIPPTable -TableName 'ScheduledTasks'
+        $AutomatedCIPPBackupTask = Get-AzDataTableEntity @table -Filter "Name eq 'Automated CIPP Backup'"
+        $task = @{
+            RowKey       = $AutomatedCIPPBackupTask.RowKey
+            PartitionKey = 'ScheduledTask'
+        }
+        Remove-AzDataTableEntity @Table -Entity $task | Out-Null
+
+        $TaskBody = @{
+            TenantFilter  = 'AllTenants'
+            Name          = 'Automated CIPP Backup'
+            Command       = @{
+                value = 'New-CIPPBackup'
+                label = 'New-CIPPBackup'
+            }
+            Parameters    = @{ backupType = 'CIPP' }
+            ScheduledTime = $unixtime
+            Recurrence    = '1d'
+        }
+        Add-CIPPScheduledTask -Task $TaskBody -hidden $false
+        $Result = @{ 'Results' = 'Scheduled Task Successfully created' }
+    }
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Alerts' -message $request.body.text -Sev $request.body.Severity
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Result
+        })
+
+}
diff --git a/.../CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1 b/.../CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1
@@ -14,8 +14,6 @@ Function Invoke-RemoveScheduledItem {
         RowKey       = $Request.Query.ID
         PartitionKey = 'ScheduledTask'
     }
-
-
     $Table = Get-CIPPTable -TableName 'ScheduledTasks'
     Remove-AzDataTableEntity @Table -Entity $task
 

diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1
@@ -43,12 +43,12 @@ function Invoke-ExecCustomRole {
                     if ($Role.AllowedTenants) {
                         $Role.AllowedTenants = @($Role.AllowedTenants | ConvertFrom-Json)
                     } else {
-                        $Role | Add-Member -NotePropertyName AllowedTenants -NotePropertyValue @()
+                        $Role | Add-Member -NotePropertyName AllowedTenants -NotePropertyValue @() -Force
                     }
                     if ($Role.BlockedTenants) {
                         $Role.BlockedTenants = @($Role.BlockedTenants | ConvertFrom-Json)
                     } else {
-                        $Role | Add-Member -NotePropertyName BlockedTenants -NotePropertyValue @()
+                        $Role | Add-Member -NotePropertyName BlockedTenants -NotePropertyValue @() -Force
                     }
                     $Role
                 }