Skip to content

Commit

Permalink
Merge pull request #45 from KelvinTegelaar/master
Browse files Browse the repository at this point in the history
[pull] master from KelvinTegelaar:master
  • Loading branch information
pull[bot] authored Aug 14, 2024
2 parents bf73702 + 3ac3aae commit fb52ea3
Show file tree
Hide file tree
Showing 8 changed files with 88 additions and 21 deletions.
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
function Push-AuditLogTenant {
Param($Item)

# Get Table contexts
$AuditBundleTable = Get-CippTable -tablename 'AuditLogBundles'
$SchedulerConfig = Get-CIPPTable -TableName 'SchedulerConfig'
$CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
$WebhookTable = Get-CippTable -tablename 'webhookTable'
$Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and Version eq '3'" | Where-Object { $_.Resource -match '^Audit' }
$ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$ContentType'"
$ConfigTable = Get-CIPPTable -TableName 'WebhookRules'

# Query CIPPURL for linking
$CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL

# Get all webhooks for the tenant
$Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and Version eq '3'" | Where-Object { $_.Resource -match '^Audit' }

# Get webhook rules
$ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable

# Date filter for existing bundles
$LastHour = (Get-Date).AddHours(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')

$NewBundles = [System.Collections.Generic.List[object]]::new()
foreach ($Webhook in $Webhooks) {
# only process webhooks that are configured in the webhookrules table
Expand All @@ -28,6 +37,7 @@ function Push-AuditLogTenant {
EndTime = $Item.EndTime
}
$LogBundles = Get-CIPPAuditLogContentBundles @ContentBundleQuery
$ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$LogType' and Timestamp ge datetime'$($LastHour)'"

foreach ($Bundle in $LogBundles) {
if ($ExistingBundles.RowKey -notcontains $Bundle.contentId) {
Expand Down Expand Up @@ -61,5 +71,4 @@ function Push-AuditLogTenant {
$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
Write-Host "Started orchestration with ID = '$InstanceId'"
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@

Function Invoke-ExecOffloadFunctions {
<#
.FUNCTIONALITY
Entrypoint
.ROLE
CIPP.SuperAdmin.ReadWrite
#>
[CmdletBinding()]
param($Request, $TriggerMetadata)

$roles = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userRoles
if ('superadmin' -notin $roles) {
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::Forbidden
Body = @{ error = 'You do not have permission to perform this action.' }
})
return
} else {
$Table = Get-CippTable -tablename 'Config'

if ($Request.Query.Action -eq 'ListCurrent') {
$CurrentState = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'OffloadFunctions' and RowKey eq 'OffloadFunctions'"
$CurrentState = if (!$CurrentState) {
[PSCustomObject]@{
OffloadFunctions = $false
}
} else {
[PSCustomObject]@{
OffloadFunctions = $CurrentState.state
}
}
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = $CurrentState
})
} else {
Add-CIPPAzDataTableEntity @Table -Entity @{
PartitionKey = 'OffloadFunctions'
RowKey = 'OffloadFunctions'
state = $request.Body.OffloadFunctions
} -Force

if ($Request.Body.OffloadFunctions) {
$Results = 'Enabled Offload Functions'
} else {
$Results = 'Disabled Offload Functions'
}
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = @{ results = $Results }
})
}

}
}
3 changes: 1 addition & 2 deletions Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ function Write-LogMessage {
if (!$tenant) { $tenant = 'None' }
if (!$username) { $username = 'CIPP' }
if ($sev -eq 'Debug' -and $env:DebugMode -ne $true) {
Write-Information 'Not writing to log file - Debug mode is not enabled.'
return
}
$PartitionKey = (Get-Date -UFormat '%Y%m%d').ToString()
Expand All @@ -48,4 +47,4 @@ function Write-LogMessage {

$Table.Entity = $TableRow
Add-CIPPAzDataTableEntity @Table | Out-Null
}
}
2 changes: 1 addition & 1 deletion Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,6 @@ function Set-CIPPAssignedPolicy {
} catch {
#$ErrorMessage = Get-CippException -Exception $_
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId. Error:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId, using Platform $PlatformType and $Type. The error is:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,11 @@ function Invoke-CIPPStandardIntuneTemplate {
$displayname = $request.body.Displayname
$description = $request.body.Description
$RawJSON = $Request.body.RawJSON
$TemplateTypeURL = $Request.body.Type

Set-CIPPIntunePolicy -TemplateType $Request.body.Type -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $null -tenantFilter $Tenant
Set-CIPPIntunePolicy -TemplateType $Request.body.Type -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $Template.AssignedTo -tenantFilter $Tenant

#Legacy assign.
#Legacy assign, only required for older templates.
if ($Settings.AssignTo) {
Write-Host "Assigning Policy to $($Settings.AssignTo) the create ID is $($CreateRequest)"
if ($Settings.AssignTo -eq 'customGroup') { $Settings.AssignTo = $Settings.customGroup }
Expand All @@ -36,16 +37,6 @@ function Invoke-CIPPStandardIntuneTemplate {
}
}

if ($Template.AssignedTo) {
Write-Host "New: Assigning Policy to $($Template.AssignedTo) the create ID is $($CreateRequest)"
if ($ExistingID) {
Set-CIPPAssignedPolicy -PolicyId $ExistingID.id -TenantFilter $tenant -GroupName $Template.AssignedTo -Type $TemplateTypeURL
Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully updated Intune Template $PolicyName policy for $($Tenant)" -sev 'Info'
} else {
Set-CIPPAssignedPolicy -PolicyId $CreateRequest.id -TenantFilter $tenant -GroupName $Template.AssignedTo -Type $TemplateTypeURL
Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully created Intune Template $PolicyName policy for $($Tenant)" -sev 'Info'
}
}
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template $PolicyName, Error: $ErrorMessage" -sev 'Error'
Expand Down
6 changes: 5 additions & 1 deletion Scheduler_GetQueue/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ $Tasks = foreach ($Tenant in $Tenants) {
}
}

if (($Tasks | Measure-Object).Count -eq 0) {
return
}

$Queue = New-CippQueueEntry -Name 'Scheduler' -TotalTasks ($Tasks | Measure-Object).Count

$Batch = foreach ($Task in $Tasks) {
Expand All @@ -49,4 +53,4 @@ $InputObject = [PSCustomObject]@{
#Write-Information ($InputObject | ConvertTo-Json)
$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
Write-Information "Started orchestration with ID = '$InstanceId'"
#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId
#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId
8 changes: 8 additions & 0 deletions Scheduler_PollAuditLogs/run.ps1
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
param($Timer)

try {
$ConfigTable = Get-CIPPTable -tablename Config
$Config = Get-CIPPAzDataTableEntity @ConfigTable -Filter "PartitionKey eq 'OffloadFunctions' and RowKey eq 'OffloadFunctions'"

if ($Config -and $Config.state -eq $true) {
Write-Host 'Offload functions are enabled. Exiting.'
return 0
}

$webhookTable = Get-CIPPTable -tablename webhookTable
$Webhooks = Get-CIPPAzDataTableEntity @webhookTable -Filter "Version eq '3'" | Where-Object { $_.Resource -match '^Audit' -and $_.Status -ne 'Disabled' }
if (($Webhooks | Measure-Object).Count -eq 0) {
Expand Down
2 changes: 1 addition & 1 deletion version_latest.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
6.2.2
6.2.3

0 comments on commit fb52ea3

Please sign in to comment.