From 5ad25d46b5ab3b7446791fadf52e7309b494801a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 17 Oct 2024 15:19:04 -0400 Subject: [PATCH 1/3] Unify processorfunction injection --- .../Endpoint/Applications/Invoke-ExecAppUpload.ps1 | 6 +++--- .../Tenant/Standards/Invoke-ExecDomainAnalyser.ps1 | 6 +++--- .../Tenant/Standards/Invoke-ExecStandardsRun.ps1 | 8 ++++---- .../Timer Functions/Start-CIPPProcessorQueue.ps1 | 12 ++++++------ 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 index 824722a5e6de..de00263734fd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 @@ -14,9 +14,9 @@ function Invoke-ExecAppUpload { if ($Config -and $Config.state -eq $true) { if ($env:CIPP_PROCESSOR -ne 'true') { $ProcessorFunction = [PSCustomObject]@{ - PartitionKey = 'Function' - RowKey = 'Start-ApplicationOrchestrator' - ProcessorFunction = 'Start-ApplicationOrchestrator' + PartitionKey = 'Function' + RowKey = 'Start-ApplicationOrchestrator' + } $ProcessorQueue = Get-CIPPTable -TableName 'ProcessorQueue' Add-AzDataTableEntity @ProcessorQueue -Entity $ProcessorFunction -Force diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecDomainAnalyser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecDomainAnalyser.ps1 index 2b31c6bb1d44..feebbc825d60 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecDomainAnalyser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecDomainAnalyser.ps1 @@ -14,9 +14,9 @@ function Invoke-ExecDomainAnalyser { if ($Config -and $Config.state -eq $true) { if ($env:CIPP_PROCESSOR -ne 'true') { $ProcessorFunction = [PSCustomObject]@{ - PartitionKey = 'Function' - RowKey = 'Start-DomainOrchestrator' - ProcessorFunction = 'Start-DomainOrchestrator' + PartitionKey = 'Function' + RowKey = 'Start-DomainOrchestrator' + FunctionName = 'Start-DomainOrchestrator' } $ProcessorQueue = Get-CIPPTable -TableName 'ProcessorQueue' Add-AzDataTableEntity @ProcessorQueue -Entity $ProcessorFunction -Force diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 index 2b3200bf553f..a9a2b5245469 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 @@ -19,10 +19,10 @@ Function Invoke-ExecStandardsRun { if ($Config -and $Config.state -eq $true) { if ($env:CIPP_PROCESSOR -ne 'true') { $ProcessorFunction = [PSCustomObject]@{ - PartitionKey = 'Function' - RowKey = "Invoke-CIPPStandardsRun-$tenantfilter" - ProcessorFunction = 'Invoke-CIPPStandardsRun' - Parameters = [string](ConvertTo-Json -Compress -InputObject @{ + PartitionKey = 'Function' + RowKey = "Invoke-CIPPStandardsRun-$tenantfilter" + FunctionName = 'Invoke-CIPPStandardsRun' + Parameters = [string](ConvertTo-Json -Compress -InputObject @{ TenantFilter = $tenantfilter Force = $true }) diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 index a0d340bb6c8a..2fc7b7ac65bb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 @@ -10,8 +10,8 @@ function Start-CIPPProcessorQueue { $QueueItems = Get-CIPPAzDataTableEntity @QueueTable -Filter "PartitionKey eq 'Function'" foreach ($QueueItem in $QueueItems) { - if ($PSCmdlet.ShouldProcess("Processing function $($QueueItem.ProcessorFunction)")) { - Write-Information "Running queued function $($QueueItem.ProcessorFunction)" + if ($PSCmdlet.ShouldProcess("Processing function $($QueueItem.FunctionName)")) { + Write-Information "Running queued function $($QueueItem.FunctionName)" if ($QueueItem.Parameters) { try { $Parameters = $QueueItem.Parameters | ConvertFrom-Json -AsHashtable @@ -21,14 +21,14 @@ function Start-CIPPProcessorQueue { } else { $Parameters = @{} } - if (Get-Command -Name $QueueItem.ProcessorFunction -Module CIPPCore -ErrorAction SilentlyContinue) { + if (Get-Command -Name $QueueItem.FunctionName -Module CIPPCore -ErrorAction SilentlyContinue) { try { - Invoke-Command -ScriptBlock { & $QueueItem.ProcessorFunction @Parameters } + Invoke-Command -ScriptBlock { & $QueueItem.FunctionName @Parameters } } catch { - Write-Warning "Failed to run function $($QueueItem.ProcessorFunction). Error: $($_.Exception.Message)" + Write-Warning "Failed to run function $($QueueItem.FunctionName). Error: $($_.Exception.Message)" } } else { - Write-Warning "Function $($QueueItem.ProcessorFunction) not found" + Write-Warning "Function $($QueueItem.FunctionName) not found" } Remove-AzDataTableEntity @QueueTable -Entity $QueueItem } From 5e8ede020ea927a779bc985077683df249b64e2d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 17 Oct 2024 15:19:18 -0400 Subject: [PATCH 2/3] add Login:reprocess to exclude --- Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 b/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 index 9e588dae7a5c..94d2a83278bd 100644 --- a/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 @@ -21,6 +21,7 @@ function Test-CIPPAuditLogRules { 'SAS:ProcessAuth' 'deviceAuth:ReprocessTls' 'Consent:Set' + 'Login:reprocess' ) $TrustedIPTable = Get-CIPPTable -TableName 'trustedIps' From cd60718f6be5768dbfa5fec78b1fc8aa3e0ee4bc Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 17 Oct 2024 15:21:16 -0400 Subject: [PATCH 3/3] Update Add-CIPPDelegatedPermission.ps1 --- .../Public/Add-CIPPDelegatedPermission.ps1 | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 b/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 index 86affa77ad29..5b811bbd405e 100644 --- a/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 @@ -85,14 +85,19 @@ function Add-CIPPDelegatedPermission { $OldScope = ($CurrentDelegatedScopes | Where-Object -Property Resourceid -EQ $svcPrincipalId.id) if (!$OldScope) { - $Createbody = @{ - clientId = $ourSVCPrincipal.id - consentType = 'AllPrincipals' - resourceId = $svcPrincipalId.id - scope = $NewScope - } | ConvertTo-Json -Compress - $CreateRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/oauth2PermissionGrants' -tenantid $Tenantfilter -body $Createbody -type POST -NoAuthCheck $true - $Results.add("Successfully added permissions for $($svcPrincipalId.displayName)") + try { + $Createbody = @{ + clientId = $ourSVCPrincipal.id + consentType = 'AllPrincipals' + resourceId = $svcPrincipalId.id + scope = $NewScope + } | ConvertTo-Json -Compress + $CreateRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/oauth2PermissionGrants' -tenantid $Tenantfilter -body $Createbody -type POST -NoAuthCheck $true + $Results.add("Successfully added permissions for $($svcPrincipalId.displayName)") + } catch { + $Results.add("Failed to add permissions for $($svcPrincipalId.displayName): $(Get-NormalizedError -message $_.Exception.Message)") + continue + } } else { # Cleanup multiple scope entries and patch first id if (($OldScope.id | Measure-Object).Count -gt 1) {