Skip to content

Commit

Permalink
Merge pull request KelvinTegelaar#705 from KelvinTegelaar/dev
Browse files Browse the repository at this point in the history 
Dev to hotfix
  • Loading branch information
@JohnDuprey
JohnDuprey authored Mar 29, 2024
2 parents 0ebf415 + e515b31 commit e850240
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 60 deletions.
119 changes: 64 additions & 55 deletions Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,72 +263,81 @@ Function Push-ExecOnboardTenantQueue {
$TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop

$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Clearing tenant cache' })
$y = 0
do {
try {
Remove-CIPPCache -tenantsOnly $true
} catch {}
$IsExcluded = (Get-Tenants -SkipList | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Measure-Object).Count -gt 0
if ($IsExcluded) {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant is excluded from CIPP, onboarding cannot continue.' })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'Tenant excluded from CIPP, remove the exclusion and retry onboarding.'
} else {

$Tenant = Get-Tenants | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1
$y++
Start-Sleep -Seconds 20
} while (!$Tenant -and $y -le 4)
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Clearing tenant cache' })
$y = 0
do {
try {
Remove-CIPPCache -tenantsOnly $true
} catch {}

if ($Tenant) {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant found in customer list' })
try {
$CPVConsentParams = @{
TenantFilter = $Tenant.defaultDomainName
}
$Consent = Set-CIPPCPVConsent @CPVConsentParams
if ($Consent -match 'Could not add our Service Principal to the client tenant') {
throw
$Tenant = Get-Tenants | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1
$y++
Start-Sleep -Seconds 20
} while (!$Tenant -and $y -le 4)

if ($Tenant) {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant found in customer list' })
try {
$CPVConsentParams = @{
TenantFilter = $Tenant.defaultDomainName
}
$Consent = Set-CIPPCPVConsent @CPVConsentParams
if ($Consent -match 'Could not add our Service Principal to the client tenant') {
throw
}
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Added initial CPV consent permissions' })
} catch {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV Consent Failed' })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'CPV Consent failed, check the App Registration in your partner tenant for missing admin consent.'
$TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
$TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
return
}
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Added initial CPV consent permissions' })
} catch {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV Consent Failed' })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'CPV Consent failed, check the App Registration in your partner tenant for missing admin consent.'
$Refreshing = $true
$CPVSuccess = $false
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Refreshing CPV permissions' })
$OnboardingSteps.Step4.Message = 'Refreshing CPV permissions'
$TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
$TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
return
}
$Refreshing = $true
$CPVSuccess = $false
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Refreshing CPV permissions' })
$OnboardingSteps.Step4.Message = 'Refreshing CPV permissions'
$TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
$TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
do {
try {
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName
$CPVSuccess = $true
$Refreshing = $false
} catch {
Start-Sleep -Seconds 30
}
} while ($Refreshing -and (Get-Date) -lt $Start.AddMinutes(8))
do {
try {
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName
$CPVSuccess = $true
$Refreshing = $false
} catch {
Start-Sleep -Seconds 30
}
} while ($Refreshing -and (Get-Date) -lt $Start.AddMinutes(8))

if ($CPVSuccess) {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions refreshed' })
$OnboardingSteps.Step4.Status = 'succeeded'
$OnboardingSteps.Step4.Message = 'CPV permissions refreshed'
if ($CPVSuccess) {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions refreshed' })
$OnboardingSteps.Step4.Status = 'succeeded'
$OnboardingSteps.Step4.Message = 'CPV permissions refreshed'
} else {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, try again later'
}
} else {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' })
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant not found' })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, try again later'
$OnboardingSteps.Step4.Message = 'Tenant not found in customer list, try again later'
}
} else {
$Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant not found' })
$TenantOnboarding.Status = 'failed'
$OnboardingSteps.Step4.Status = 'failed'
$OnboardingSteps.Step4.Message = 'Tenant not found in customer list, try again later'
}
$TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
$TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
Expand Down
13 changes: 10 additions & 3 deletions Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,16 +58,23 @@ function Get-Tenants {
$AutoExtend = ($_.Group | Where-Object { $_.autoExtend -eq $true } | Measure-Object).Count -gt 0

# Query domains to get default/initial
$Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true
try {
$Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true -ErrorAction Stop
$defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id
$initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id
} catch {
$defaultDomainName = 'Domain Error, check permissions'
$initialDomainName = 'Domain Error, check permissions'
}
[PSCustomObject]@{
PartitionKey = 'Tenants'
RowKey = $_.Name
customerId = $_.Name
displayName = $LatestRelationship.displayName
relationshipEnd = $LatestRelationship.relationshipEnd
relationshipCount = $_.Count
defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id
initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id
defaultDomainName = $defaultDomainName
initialDomainName = $initialDomainName
hasAutoExtend = $AutoExtend
delegatedPrivilegeStatus = 'granularDelegatedAdminPrivileges'
domains = ''
Expand Down
2 changes: 1 addition & 1 deletion Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ function Test-CIPPAccessPermissions {
Set-Location (Get-Item $PSScriptRoot).FullName
$ExpectedPermissions = Get-Content '.\SAMManifest.json' | ConvertFrom-Json

$GraphToken = Get-GraphToken -returnRefresh $true
$GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true
if ($GraphToken) {
$GraphPermissions = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/myorganization/applications?`$filter=appId eq '$env:ApplicationID'" -NoAuthCheck $true
}
Expand Down
2 changes: 1 addition & 1 deletion version_latest.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
5.4.0
5.4.1

0 comments on commit e850240

Please sign in to comment.