Skip to content

Commit

Permalink
Merge pull request #17 from KelvinTegelaar/master
Browse files Browse the repository at this point in the history
[pull] master from KelvinTegelaar:master
  • Loading branch information
LeonarddeR authored Dec 14, 2023
2 parents b960ab1 + 17eab37 commit 99a96c3
Show file tree
Hide file tree
Showing 9 changed files with 137 additions and 48 deletions.
28 changes: 1 addition & 27 deletions ExecGDAPInviteQueue/run.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -4,30 +4,4 @@ param( $QueueItem, $TriggerMetadata)
# Write out the queue message and metadata to the information log.
Write-Host "PowerShell queue trigger function processed work item: $($QueueItem.customer.displayName)"

$Table = Get-CIPPTable -TableName 'GDAPInvites'
$Invite = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($QueueItem.id)'"
$APINAME = 'GDAPInvites'
$RoleMappings = $Invite.RoleMappings | ConvertFrom-Json

foreach ($role in $RoleMappings) {
try {
$Mappingbody = ConvertTo-Json -Depth 10 -InputObject @{
'accessContainer' = @{
'accessContainerId' = "$($Role.GroupId)"
'accessContainerType' = 'securityGroup'
}
'accessDetails' = @{
'unifiedRoles' = @(@{
'roleDefinitionId' = "$($Role.roleDefinitionId)"
})
}
}
New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($QueueItem.id)/accessAssignments" -tenantid $env:TenantID -type POST -body $MappingBody -verbose
Start-Sleep -Milliseconds 100
} catch {
Write-LogMessage -API $APINAME -message "GDAP Group mapping failed for $($QueueItem.customer.displayName) - Group: $($role.GroupId) - Exception: $($_.Exception.Message)" -Sev Error
exit 1
}
}
Write-LogMessage -API $APINAME -message "Groups mapped for GDAP Relationship: $($QueueItem.customer.displayName) - $($QueueItem.displayName)" -Sev Info
Remove-AzDataTableEntity @Table -Entity $Invite
Set-CIPPGDAPInviteGroups -Relationship $QueueItem
87 changes: 87 additions & 0 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOnboardTenant.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
using namespace System.Net

function Invoke-ExecOnboardTenant {
param($Request, $TriggerMetadata)

$APIName = 'ExecOnboardTenant'
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

$Id = $Request.Body.Id
if ($Id) {
try {
$OnboardTable = Get-CIPPTable -TableName 'TenantOnboarding'
$TenantOnboarding = Get-CIPPAzDataTableEntity @OnboardTable -Filter "RowKey eq '$Id'"

if (!$TenantOnboarding -or [bool]$Request.Query.Retry) {
$OnboardingSteps = [PSCustomObject]@{
'Step1' = @{
'Status' = 'pending'
'Title' = 'Step 1: GDAP Invite'
'Message' = 'Waiting for onboarding job to start'
}
'Step2' = @{
'Status' = 'pending'
'Title' = 'Step 2: GDAP Role Test'
'Message' = 'Waiting for Step 1'
}
'Step3' = @{
'Status' = 'pending'
'Title' = 'Step 3: GDAP Group Mapping'
'Message' = 'Waiting for Step 2'
}
'Step4' = @{
'Status' = 'pending'
'Title' = 'Step 4: CPV Refresh'
'Message' = 'Waiting for Step 3'
}
'Step5' = @{
'Status' = 'pending'
'Title' = 'Step 5: Graph API Test'
'Message' = 'Waiting for Step 4'
}
}
$TenantOnboarding = [PSCustomObject]@{
PartitionKey = 'Onboarding'
RowKey = [string]$Id
CustomerId = ''
Status = 'queued'
OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
Relationship = ''
Logs = ''
Exception = ''
}
Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop

Push-OutputBinding -Name QueueItem -Value ([pscustomobject]@{
FunctionName = 'ExecOnboardTenantQueue'
id = $Id
Roles = $Request.Body.gdapRoles
})
}

$Steps = $TenantOnboarding.OnboardingSteps | ConvertFrom-Json
$OnboardingSteps = foreach ($Step in $Steps.PSObject.Properties.Name) { $Steps.$Step }
$Relationship = try { $TenantOnboarding.Relationship | ConvertFrom-Json -ErrorAction Stop } catch { @{} }
$Logs = try { $TenantOnboarding.Logs | ConvertFrom-Json -ErrorAction Stop } catch { @{} }
$TenantOnboarding.OnboardingSteps = $OnboardingSteps
$TenantOnboarding.Relationship = $Relationship
$TenantOnboarding.Logs = $Logs
$Results = $TenantOnboarding

$StatusCode = [HttpStatusCode]::OK
} catch {
$ErrorMsg = Get-NormalizedError -message $($_.Exception.Message)
$Results = "Function Error: $($_.InvocationInfo.ScriptLineNumber) - $ErrorMsg"
$StatusCode = [HttpStatusCode]::BadRequest
}
} else {
$StatusCode = [HttpStatusCode]::NotFound
$Results = 'Relationship not found'
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = $StatusCode
Body = $Results
})

}
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ Function Invoke-ExecSAMSetup {
Remove-AzDataTableEntity @Table -Entity $Rows

$step = 5
$Results = @{'message' = 'Installation completed.'; step = $step
$Results = @{'message' = 'setup completed.'; step = $step
}
}
}
Expand Down
7 changes: 2 additions & 5 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-ListGDAPInvite.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,15 @@ Function Invoke-ListGDAPInvite {
# Write to the Azure Functions log stream.
Write-Host 'PowerShell HTTP trigger function processed a request.'

Write-Host ($Request | ConvertTo-Json)
$Table = Get-CIPPTable -TableName 'GDAPInvites'
if (![string]::IsNullOrEmpty($Request.Query.RelationshipId)) {
$Table = Get-CIPPTable -TableName 'GDAPInvites'
$Invite = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Query.RelationshipId)'"
Write-Host $Invite
} else {
$Invite = @{}
$Invite = Get-CIPPAzDataTableEntity @Table
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = $Invite
})

}
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,19 @@ Function Invoke-ListSharedMailboxAccountEnabled {
# Get Shared Mailbox Stuff
try {
$SharedMailboxList = (New-GraphGetRequest -uri "https://outlook.office365.com/adminapi/beta/$($TenantFilter)/Mailbox?`$filter=RecipientTypeDetails eq 'SharedMailbox'" -Tenantid $TenantFilter -scope ExchangeOnline)
$AllUsersAccountState = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users?select=id,userPrincipalName,accountEnabled,displayName,givenName,surname' -tenantid $Tenantfilter
$AllUsersAccountState = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users?select=id,userPrincipalName,accountEnabled,displayName,givenName,surname,onPremisesSyncEnabled' -tenantid $Tenantfilter
$EnabledUsersWithSharedMailbox = foreach ($SharedMailbox in $SharedMailboxList) {
# Match the User
$User = $AllUsersAccountState | Where-Object { $_.userPrincipalName -eq $SharedMailbox.userPrincipalName } | Select-Object -Property id, userPrincipalName, accountEnabled, displayName, givenName, surname -First 1
$User = $AllUsersAccountState | Where-Object { $_.userPrincipalName -eq $SharedMailbox.userPrincipalName } | Select-Object -Property id, userPrincipalName, accountEnabled, displayName, givenName, surname, onPremisesSyncEnabled -First 1
if ($User.accountEnabled) {
$User | Select-Object `
@{Name = 'UserPrincipalName'; Expression = { $User.UserPrincipalName } }, `
@{Name = 'displayName'; Expression = { $User.displayName } },
@{Name = 'givenName'; Expression = { $User.givenName } },
@{Name = 'surname'; Expression = { $User.surname } },
@{Name = 'accountEnabled'; Expression = { $User.accountEnabled } },
@{Name = 'id'; Expression = { $User.id } }
@{Name = 'id'; Expression = { $User.id } },
@{Name = 'onPremisesSyncEnabled'; Expression = { $User.onPremisesSyncEnabled } }

}
}
Expand Down
4 changes: 2 additions & 2 deletions Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ function Invoke-CIPPStandardsRun {
$Tenants = (Get-CIPPAzDataTableEntity @Table -Filter $Filter).JSON | ConvertFrom-Json

#Migrate from old standards to new standards.
$Tenants | Where-Object -Property 'v2.1' -NE $true | ForEach-Object {
$Tenants | Where-Object -Property 'v2.1' -NE $null | ForEach-Object {
$OldStd = $_
$OldStd.standards.psobject.properties.name | ForEach-Object {
if ($_ -eq 'MailContacts') {
Expand All @@ -28,7 +28,7 @@ function Invoke-CIPPStandardsRun {
remediate = $true
}
} else {
if ($OldStd.Standards.$_ -eq $true) {
if ($OldStd.Standards.$_ -eq $true -and $_ -ne 'v2.1') {
$OldStd.Standards.$_ = @{ remediate = $true }
} else {
$OldStd.Standards.$_ | Add-Member -NotePropertyName 'remediate' -NotePropertyValue $true -Force
Expand Down
2 changes: 1 addition & 1 deletion Modules/CIPPCore/Public/Revoke-CIPPSessions.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ function Revoke-CIPPSessions {

}
catch {
Write-LogMessage -user $ExecutingUser -API $APIName -message "Revoked sessions for $($username)" -Sev "Info" -tenant $TenantFilter
Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to revoke sessions for $($username): $($_.Exception.Message)" -Sev "Error" -tenant $TenantFilter
return "Revoke Session Failed: $($_.Exception.Message)"
}
}
46 changes: 38 additions & 8 deletions Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1
Original file line number Diff line number Diff line change
@@ -1,15 +1,45 @@
function Set-CIPPGDAPInviteGroups {
Param()
Param($Relationship)
$Table = Get-CIPPTable -TableName 'GDAPInvites'
$InviteList = Get-CIPPAzDataTableEntity @Table

if (($InviteList | Measure-Object).Count -gt 0) {
$Activations = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active'"
if ($Relationship) {
$Invite = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Relationship.id)'"
$APINAME = 'GDAPInvites'
$RoleMappings = $Invite.RoleMappings | ConvertFrom-Json

foreach ($Activation in $Activations) {
if ($InviteList.RowKey -contains $Activation.id) {
Write-Host "Mapping groups for GDAP relationship: $($Activation.customer.displayName) - $($Activation.id)"
Push-OutputBinding -Name gdapinvitequeue -Value $Activation
foreach ($role in $RoleMappings) {
try {
$Mappingbody = ConvertTo-Json -Depth 10 -InputObject @{
'accessContainer' = @{
'accessContainerId' = "$($Role.GroupId)"
'accessContainerType' = 'securityGroup'
}
'accessDetails' = @{
'unifiedRoles' = @(@{
'roleDefinitionId' = "$($Role.roleDefinitionId)"
})
}
}
New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($Relationship.id)/accessAssignments" -tenantid $env:TenantID -type POST -body $MappingBody -verbose
Start-Sleep -Milliseconds 100
} catch {
Write-LogMessage -API $APINAME -message "GDAP Group mapping failed for $($Relationship.customer.displayName) - Group: $($role.GroupId) - Exception: $($_.Exception.Message)" -Sev Error
return $false
}
}
Write-LogMessage -API $APINAME -message "Groups mapped for GDAP Relationship: $($Relationship.customer.displayName) - $($Relationship.customer.displayName)" -Sev Info
Remove-AzDataTableEntity @Table -Entity $Invite
return $true
} else {
$InviteList = Get-CIPPAzDataTableEntity @Table
if (($InviteList | Measure-Object).Count -gt 0) {
$Activations = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active'"

foreach ($Activation in $Activations) {
if ($InviteList.RowKey -contains $Activation.id) {
Write-Host "Mapping groups for GDAP relationship: $($Activation.customer.displayName) - $($Activation.id)"
Push-OutputBinding -Name gdapinvitequeue -Value $Activation
}
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion version_latest.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
4.8.3
4.8.4

0 comments on commit 99a96c3

Please sign in to comment.