Merge branch 'KelvinTegelaar:master' into master

pcollinsISL · Jul 25, 2024 · aa0cb42 · aa0cb42
2 parents de06112 + fa6c4a4
commit aa0cb42
Show file tree

Hide file tree

Showing 1,037 changed files with 36,233 additions and 75,835 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,22 @@
+# Editor configuration, see http://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+insert_final_newline = true
+
+[*.{ps1, psd1, psm1}]
+indent_size = 4
+end_of_line = crlf
+trim_trailing_whitespace = true
+
+[*.json]
+indent_size = 2
+end_of_line = crlf
+trim_trailing_whitespace = true
+
+[*.{md, txt}]
+end_of_line = crlf
+max_line_length = off
+trim_trailing_whitespace = false
diff --git a/.github/workflows/dev_cippy6oom.yml → .github/workflows/dev_cippacnqv.yml b/.github/workflows/dev_cippy6oom.yml → .github/workflows/dev_cippacnqv.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippy6oom
+name: Build and deploy Powershell project to Azure Function App - cippacnqv
 
 on:
   push:
@@ -15,16 +15,25 @@ env:
 jobs:
   deploy:
     runs-on: windows-latest
-
+    permissions:
+      id-token: write #This is required for requesting the JWT
+
     steps:
       - name: 'Checkout GitHub Action'
         uses: actions/checkout@v4
-
+
+      - name: Login to Azure
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_6085081ED1124B799258E9FF743FF4B9 }}
+          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_9BDB2DDBFAFA4BC19C20A58B204BFAF3 }}
+          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_02B5224812794971B05EDD557AF2B867 }}
+
       - name: 'Run Azure Functions Action'
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippy6oom'
+          app-name: 'cippacnqv'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_B9C635E19DF6459F8995BA602EFA638A }}
+
diff --git a/.github/workflows/dev_cippckdtz.yml b/.github/workflows/dev_cippckdtz.yml
@@ -27,4 +27,4 @@ jobs:
           app-name: 'cippckdtz'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_2101C7175BFB47E58240ABD1E72E81C2 }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_726578DA8A7243BF9D82FE123C2F6E7F }}
diff --git a/.github/workflows/dev_cippeln4y.yml → .github/workflows/dev_cippz6s4d.yml b/.github/workflows/dev_cippeln4y.yml → .github/workflows/dev_cippz6s4d.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippeln4y
+name: Build and deploy Powershell project to Azure Function App - cippz6s4d
 
 on:
   push:
@@ -24,7 +24,7 @@ jobs:
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippeln4y'
+          app-name: 'cippz6s4d'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_B82C66E0F3BD4BDD9FFFB32FA83A68C9 }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D27E7CF0887F4E4591F3957CCA96F0FD }}
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -0,0 +1,5 @@
+{
+  "recommendations": [
+    "editorconfig.editorconfig"
+  ]
+}
diff --git a/Applications_Upload/run.ps1 b/Applications_Upload/run.ps1
@@ -80,25 +80,31 @@ foreach ($tenant in $tenants) {
             if ($AZfileuri.uploadState -like '*fail*') { break }
             Start-Sleep -Milliseconds 300
         } while ($AzFileUri.AzureStorageUri -eq $null)
-
+        Write-Host "Uploading file to $($AzFileUri.azureStorageUri)"
+        Write-Host "Complete AZ file uri data: $($AzFileUri | ConvertTo-Json -Depth 10)"
         $chunkSizeInBytes = 4mb
         [byte[]]$bytes = [System.IO.File]::ReadAllBytes($($intunewinFilesize.fullname))
         $chunks = [Math]::Ceiling($bytes.Length / $chunkSizeInBytes)
         $id = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($chunks.ToString('0000')))
         #For anyone that reads this, The maximum chunk size is 100MB for blob storage, so we can upload it as one part and just give it the single ID. Easy :)
         $Upload = Invoke-RestMethod -Uri "$($AzFileUri.azureStorageUri)&comp=block&blockid=$id" -Method Put -Headers @{'x-ms-blob-type' = 'BlockBlob' } -InFile $inFile -ContentType 'application/octet-stream'
+        Write-Host "Upload data: $($Upload | ConvertTo-Json -Depth 10)"
         $ConfirmUpload = Invoke-RestMethod -Uri "$($AzFileUri.azureStorageUri)&comp=blocklist" -Method Put -Body "<?xml version=`"1.0`" encoding=`"utf-8`"?><BlockList><Latest>$id</Latest></BlockList>"
+        Write-Host "Confirm Upload data: $($ConfirmUpload | ConvertTo-Json -Depth 10)"
         $CommitReq = New-graphPostRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)/commit" -Body $EncBody -Type POST -tenantid $tenant
+        Write-Host "Commit Request: $($CommitReq | ConvertTo-Json -Depth 10)"
 
         do {
             $CommitStateReq = New-graphGetRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)" -tenantid $tenant
+            Write-Host "Commit State Request: $($CommitStateReq | ConvertTo-Json -Depth 10)"
             if ($CommitStateReq.uploadState -like '*fail*') {
                 Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "$($ChocoApp.ApplicationName) Commit failed. Please check if app uploaded succesful" -Sev 'Warning'
                 break
             }
             Start-Sleep -Milliseconds 300
         } while ($CommitStateReq.uploadState -eq 'commitFilePending')
         $CommitFinalizeReq = New-graphPostRequest -Uri "$($BaseURI)/$($NewApp.id)" -tenantid $tenant -Body '{"@odata.type":"#microsoft.graph.win32lobapp","committedContentVersion":"1"}' -type PATCH
+        Write-Host "Commit Finalize Request: $($CommitFinalizeReq | ConvertTo-Json -Depth 10)"
         Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "Added Application $($chocoApp.ApplicationName)" -Sev 'Info'
         if ($AssignTo -ne 'On') {
             $intent = if ($AssignToIntent) { 'Uninstall' } else { 'Required' }
@@ -112,4 +118,4 @@ foreach ($tenant in $tenants) {
         continue
     }
 
-}
+}
diff --git a/BestPracticeAnalyser_All/function.json b/BestPracticeAnalyser_All/function.json
diff --git a/BestPracticeAnalyser_GetQueue/function.json b/BestPracticeAnalyser_GetQueue/function.json
diff --git a/BestPracticeAnalyser_GetQueue/run.ps1 b/BestPracticeAnalyser_GetQueue/run.ps1
diff --git a/BestPracticeAnalyser_Orchestration/function.json b/BestPracticeAnalyser_Orchestration/function.json
diff --git a/BestPracticeAnalyser_Orchestration/run.ps1 b/BestPracticeAnalyser_Orchestration/run.ps1
diff --git a/BestPracticeAnalyser_OrchestrationStarter/run.ps1 b/BestPracticeAnalyser_OrchestrationStarter/run.ps1
@@ -1,23 +1,40 @@
 using namespace System.Net
-
 param($Request, $TriggerMetadata)
-if ($CurrentlyRunning) {
-    $Results = [pscustomobject]@{'Results' = 'Already running. Please wait for the current instance to finish' }
-    Write-LogMessage -API 'BestPracticeAnalyser' -message 'Attempted to start analysis but an instance was already running.' -sev Info
+
+if ($Request.Query.TenantFilter) {
+    $TenantList = @($Request.Query.TenantFilter)
+    $Name = "Best Practice Analyser ($($Request.Query.TenantFilter))"
 } else {
-    $InputObject = @{
-        TenantFilter = $Request.Query.TenantFilter
+    $TenantList = Get-Tenants
+    $Name = 'Best Practice Analyser (All Tenants)'
+}
+
+$BPATemplateTable = Get-CippTable -tablename 'templates'
+$Filter = "PartitionKey eq 'BPATemplate'"
+$Templates = ((Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json).Name
+
+$BPAReports = foreach ($Tenant in $TenantList) {
+    foreach ($Template in $Templates) {
+        [PSCustomObject]@{
+            FunctionName = 'BPACollectData'
+            Tenant       = $Tenant.defaultDomainName
+            Template     = $Template
+            QueueName    = '{0} - {1}' -f $Template, $Tenant.defaultDomainName
+        }
     }
-    $InstanceId = Start-NewOrchestration -FunctionName 'BestPracticeAnalyser_Orchestration' -InputObject $InputObject
-    Write-Host "Started orchestration with ID = '$InstanceId'"
-    $Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId
-    Write-LogMessage -API 'BestPracticeAnalyser' -message 'Started retrieving best practice information' -sev Info
-    $Results = [pscustomobject]@{'Results' = 'Started running analysis' }
 }
-Write-Host ($Orchestrator | ConvertTo-Json)
 
+$Queue = New-CippQueueEntry -Name $Name -TotalTasks ($BPAReports | Measure-Object).Count
+$BPAReports = $BPAReports | Select-Object *, @{Name = 'QueueId'; Expression = { $Queue.RowKey } }
+$InputObject = [PSCustomObject]@{
+    Batch            = @($BPAReports)
+    OrchestratorName = 'BPAOrchestrator'
+    SkipLog          = $true
+}
+Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Compress -Depth 5)
 
+$Results = [pscustomobject]@{'Results' = 'BPA started' }
 Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
         StatusCode = [HttpStatusCode]::OK
-        Body       = $results
+        Body       = $Results
     })
diff --git a/BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1 b/BestPracticeAnalyser_OrchestrationStarterTimer/run.ps1
@@ -1,23 +1,33 @@
 param($Timer)
 
-if ($env:DEV_SKIP_BPA_TIMER) { 
+if ($env:DEV_SKIP_BPA_TIMER) {
     Write-Host 'Skipping BPA timer'
-    exit 0 
+    exit 0
 }
 
-try {
-    $CurrentlyRunning = Get-Item 'Cache_BestPracticeAnalyser\CurrentlyRunning.txt' -ErrorAction SilentlyContinue | Where-Object -Property LastWriteTime -GT (Get-Date).AddHours(-24)
-    if ($CurrentlyRunning) {
-        $Results = [pscustomobject]@{'Results' = 'Already running. Please wait for the current instance to finish' }
-        Write-LogMessage -API 'BestPracticeAnalyser' -message 'Attempted to start analysis but an instance was already running.' -sev Info
-    }
-    else {
-        $InstanceId = Start-NewOrchestration -FunctionName 'BestPracticeAnalyser_Orchestration'
-        Write-Host "Started orchestration with ID = '$InstanceId'"
-        $Orchestrator = New-OrchestrationCheckStatusResponse -Request $Timer -InstanceId $InstanceId
-        Write-LogMessage -API 'BestPracticeAnalyser' -message 'Started retrieving best practice information' -sev Info
-        $Results = [pscustomobject]@{'Results' = 'Started running analysis' }
+$TenantList = Get-Tenants
+
+$BPATemplateTable = Get-CippTable -tablename 'templates'
+$Filter = "PartitionKey eq 'BPATemplate'"
+$Templates = ((Get-CIPPAzDataTableEntity @BPATemplateTable -Filter $Filter).JSON | ConvertFrom-Json).Name
+
+
+$BPAReports = foreach ($Tenant in $TenantList) {
+    foreach ($Template in $Templates) {
+        [PSCustomObject]@{
+            FunctionName = 'BPACollectData'
+            Tenant       = $Tenant.defaultDomainName
+            Template     = $Template
+            QueueName    = '{0} - {1}' -f $Template, $Tenant.defaultDomainName
+        }
     }
-    Write-Host ($Orchestrator | ConvertTo-Json)
 }
-catch { Write-Host "BestPracticeAnalyser_OrchestratorStarterTimer Exception $($_.Exception.Message)" }
+
+$Queue = New-CippQueueEntry -Name 'Best Practice Analyser' -TotalTasks ($BPAReports | Measure-Object).Count
+$BPAReports = $BPAReports | Select-Object *, @{Name = 'QueueId'; Expression = { $Queue.RowKey } }
+$InputObject = [PSCustomObject]@{
+    Batch            = @($BPAReports)
+    OrchestratorName = 'BPAOrchestrator'
+    SkipLog          = $true
+}
+Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Compress -Depth 5)
diff --git a/Cache_SAMSetup/PermissionsTranslator.json b/Cache_SAMSetup/PermissionsTranslator.json
@@ -1004,8 +1004,15 @@
     "description": "Allows the app to create, read, update, and delete events of all calendars without a signed-in user.",
     "displayName": "Read and write calendars in all mailboxes",
     "id": "ef54d2bf-783f-4e0f-bca1-3210c0444d99",
-    "origin": "Application",
-    "value": "Calendars.ReadWrite"
+    "origin": "Application (Office 365 Exchange Online)",
+    "value": "Calendars.ReadWrite.All"
+  },
+  {
+    "description": "Allows the app to create, read, update, and delete user's mailbox settings without a signed-in user. Does not include permission to send mail.",
+    "displayName": "Read and write all user mailbox settings",
+    "id": "f9156939-25cd-4ba8-abfe-7fabcf003749",
+    "origin": "Application (Office 365 Exchange Online)",
+    "value": "Mailbox.Settings.ReadWrite"
   },
   {
     "description": "Allows the app to read your organization's user flows, without a signed-in user.",
@@ -5286,6 +5293,24 @@
     "userConsentDisplayName": "Read Threat and Vulnerability Management vulnerability information",
     "value": "Exchange.Manage"
   },
+  {
+    "description": "Allows the app to create, read, update and delete events in all calendars in the organization user has permissions to access. This includes delegate and shared calendars",
+    "displayName": "Read and write user and shared calendars",
+    "id": "bbd1ca91-75e0-4814-ad94-9c5dbbae3415",
+    "Origin": "Delegated (Office 365 Exchange Online)",
+    "userConsentDescription": "Allows the app to read, update, create and delete events in all calendars in your organization you have permissions to access. This includes delegate and shared calendars",
+    "userConsentDisplayName": "Read and write to your and shared calendars",
+    "value": "Calendars.ReadWrite.All"
+  },
+  {
+    "description": "Allows the app to create, read, update, and delete user's mailbox settings. Does not include permission to send mail.",
+    "displayName": "Read and write user mailbox settings",
+    "id": "2e83d72d-8895-4b66-9eea-abb43449ab8b",
+    "Origin": "Delegated (Office 365 Exchange Online)",
+    "userConsentDescription": "Allows the app to read, update, create, and delete your mailbox settings.",
+    "userConsentDisplayName": "Read and write to your mailbox settings",
+    "value": "MailboxSettings.ReadWrite"
+  },
   {
     "description": "Allows the app to have full control of all site collections on behalf of the signed-in user.",
     "displayName": "Manage Sharepoint Online",
@@ -5312,5 +5337,14 @@
     "userConsentDescription": "Access Microsoft Teams and Skype for Business data as the signed in user",
     "userConsentDisplayName": "Access Microsoft Teams and Skype for Business data based on the user's role membership",
     "value": "user_impersonation"
+  },
+  {
+    "description": "Read and write all on-premises directory synchronization information",
+    "displayName": "Read and write all on-premises directory synchronization information",
+    "id": "c2d95988-7604-4ba1-aaed-38a5f82a51c7",
+    "Origin": "Delegated",
+    "userConsentDescription": "Access Microsoft Teams and Skype for Business data as the signed in user",
+    "userConsentDisplayName": "Access Microsoft Teams and Skype for Business data based on the user's role membership",
+    "value": "OnPremDirectorySynchronization.ReadWrite.All"
   }
 ]