Skip to content

Commit

Permalink
Merge pull request #1271 from KelvinTegelaar/dev
Browse files Browse the repository at this point in the history 
Dev to release
  • Loading branch information
@KelvinTegelaar
KelvinTegelaar authored Jan 26, 2025
2 parents 8789480 + ec88e81 commit a15612c
Show file tree
Hide file tree
Showing 188 changed files with 1,389 additions and 568 deletions.
62 changes: 62 additions & 0 deletions .github/workflows/PR_Branch_Check.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: PR Branch Check

on:
# Using pull_request_target instead of pull_request for secure handling of fork PRs
pull_request_target:
# Only run on these PR events
types: [opened, synchronize, reopened]
# Only check PRs targeting these branches
branches:
- main
- master

permissions:
pull-requests: write
issues: write

jobs:
check-branch:
runs-on: ubuntu-latest
steps:
- name: Check and Comment on PR
# Only process fork PRs with specific branch conditions
# Must be a fork AND (source is main/master OR target is main/master)
if: |
github.event.pull_request.head.repo.fork == true &&
((github.event.pull_request.head.ref == 'main' || github.event.pull_request.head.ref == 'master') ||
(github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master'))
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
let message = '';
message += '🔄 If you are attempting to update your CIPP repo please follow the instructions at: https://docs.cipp.app/setup/self-hosting-guide/updating ';
message += '\n\n';
// Check if PR is targeting main/master
if (context.payload.pull_request.base.ref === 'main' || context.payload.pull_request.base.ref === 'master') {
message += '⚠️ PRs cannot target the main branch directly. If you are attempting to contribute code please PR to the dev branch.\n\n';
}
// Check if PR is from a fork's main/master branch
if (context.payload.pull_request.head.repo.fork &&
(context.payload.pull_request.head.ref === 'main' || context.payload.pull_request.head.ref === 'master')) {
message += '⚠️ This PR cannot be merged because it originates from your fork\'s main/master branch. If you are attempting to contribute code please PR from your dev branch or another non-main/master branch.\n\n';
}
message += '🔒 This PR will now be automatically closed due to the above violation(s).';
// Post the comment
await github.rest.issues.createComment({
...context.repo,
issue_number: context.issue.number,
body: message
});
// Close the PR
await github.rest.pulls.update({
...context.repo,
pull_number: context.issue.number,
state: 'closed'
});
2 changes: 1 addition & 1 deletion .github/workflows/dev_cippbcaom.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,4 @@ jobs:
app-name: 'cippbcaom'
slot-name: 'Production'
package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_56AD4FDD49354D0CAB4D9A9E868D2015 }}
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_0FE8CACBBF7D409DAAF132988BECEC4B }}
30 changes: 30 additions & 0 deletions .github/workflows/dev_cippjta72.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
# More GitHub Actions for Azure: https://github.com/Azure/actions

name: Build and deploy Powershell project to Azure Function App - cippjta72

on:
push:
branches:
- dev
workflow_dispatch:

env:
AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root

jobs:
deploy:
runs-on: windows-latest

steps:
- name: 'Checkout GitHub Action'
uses: actions/checkout@v4

- name: 'Run Azure Functions Action'
uses: Azure/functions-action@v1
id: fa
with:
app-name: 'cippjta72'
slot-name: 'Production'
package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_5B44448119C645C099EE192346D7433A }}
34 changes: 18 additions & 16 deletions Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,14 @@ function Add-CIPPAzDataTableEntity {
} catch [System.Exception] {
if ($_.Exception.ErrorCode -eq 'PropertyValueTooLarge' -or $_.Exception.ErrorCode -eq 'EntityTooLarge' -or $_.Exception.ErrorCode -eq 'RequestBodyTooLarge') {
try {
Write-Host 'Entity is too large. Splitting entity into multiple parts.'
Write-Information ($SingleEnt | ConvertTo-Json)
$largePropertyNames = [System.Collections.Generic.List[string]]::new()
$entitySize = 0

# Convert $SingleEnt to hashtable if it is a PSObject
if ($SingleEnt -is [System.Management.Automation.PSCustomObject]) {
$SingleEnt = $SingleEnt | ConvertTo-Json -Depth 100 | ConvertFrom-Json -AsHashtable
$SingleEnt = $SingleEnt | ConvertTo-Json -Depth 100 -Compress | ConvertFrom-Json -AsHashtable
}

foreach ($key in $SingleEnt.Keys) {
Expand All @@ -35,7 +37,7 @@ function Add-CIPPAzDataTableEntity {
}
}

if ($largePropertyNames.Count -gt 0) {
if (($largePropertyNames | Measure-Object).Count -gt 0) {
$splitInfoList = [System.Collections.Generic.List[object]]::new()
foreach ($largePropertyName in $largePropertyNames) {
$dataString = $SingleEnt[$largePropertyName]
Expand All @@ -45,20 +47,20 @@ function Add-CIPPAzDataTableEntity {
$start = $i * $MaxSize
$splitData.Add($dataString.Substring($start, [Math]::Min($MaxSize, $dataString.Length - $start))) > $null
}

$splitDataCount = ($splitData | Measure-Object).Count
$splitPropertyNames = [System.Collections.Generic.List[object]]::new()
for ($i = 0; $i -lt $splitData.Count; $i++) {
$splitPropertyNames.Add("${largePropertyName}_Part$i") > $null
for ($i = 0; $i -lt $splitDataCount; $i++) {
$splitPropertyNames.Add("${largePropertyName}_Part$i")
}

$splitInfo = @{
OriginalHeader = $largePropertyName
SplitHeaders = $splitPropertyNames
}
$splitInfoList.Add($splitInfo) > $null
$splitInfoList.Add($splitInfo)
$SingleEnt.Remove($largePropertyName)

for ($i = 0; $i -lt $splitData.Count; $i++) {
for ($i = 0; $i -lt $splitDataCount; $i++) {
$SingleEnt[$splitPropertyNames[$i]] = $splitData[$i]
}
}
Expand All @@ -67,7 +69,7 @@ function Add-CIPPAzDataTableEntity {
}

# Check if the entity is still too large
$entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json))
$entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json -Compress))
if ($entitySize -gt $MaxRowSize) {
$rows = [System.Collections.Generic.List[object]]::new()
$originalPartitionKey = $SingleEnt.PartitionKey
Expand All @@ -89,7 +91,7 @@ function Add-CIPPAzDataTableEntity {

$propertiesToRemove = [System.Collections.Generic.List[object]]::new()
foreach ($key in $SingleEnt.Keys) {
$newEntitySize = [System.Text.Encoding]::UTF8.GetByteCount($($newEntity | ConvertTo-Json))
$newEntitySize = [System.Text.Encoding]::UTF8.GetByteCount($($newEntity | ConvertTo-Json -Compress))
if ($newEntitySize -lt $MaxRowSize) {
$propertySize = [System.Text.Encoding]::UTF8.GetByteCount($SingleEnt[$key].ToString())
if ($propertySize -gt $MaxRowSize) {
Expand All @@ -103,7 +105,7 @@ function Add-CIPPAzDataTableEntity {

$splitPropertyNames = [System.Collections.Generic.List[object]]::new()
for ($i = 0; $i -lt $splitData.Count; $i++) {
$splitPropertyNames.Add("${key}_Part$i") > $null
$splitPropertyNames.Add("${key}_Part$i")
}

for ($i = 0; $i -lt $splitData.Count; $i++) {
Expand All @@ -112,29 +114,29 @@ function Add-CIPPAzDataTableEntity {
} else {
$newEntity[$key] = $SingleEnt[$key]
}
$propertiesToRemove.Add($key) > $null
$propertiesToRemove.Add($key)
}
}

foreach ($prop in $propertiesToRemove) {
$SingleEnt.Remove($prop)
}

$rows.Add($newEntity) > $null
$entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json))
$rows.Add($newEntity)
$entitySize = [System.Text.Encoding]::UTF8.GetByteCount($($SingleEnt | ConvertTo-Json -Compress))
}

if ($SingleEnt.Count -gt 0) {
if (($SingleEnt | Measure-Object).Count -gt 0) {
$SingleEnt['RowKey'] = "$($originalRowKey)-part$entityIndex"
$SingleEnt['OriginalEntityId'] = $originalRowKey
$SingleEnt['PartIndex'] = $entityIndex
$SingleEnt['PartitionKey'] = $originalPartitionKey

$rows.Add($SingleEnt) > $null
$rows.Add($SingleEnt)
}

foreach ($row in $rows) {
Write-Information "current entity is $($row.RowKey) with $($row.PartitionKey). Our size is $([System.Text.Encoding]::UTF8.GetByteCount($($row | ConvertTo-Json)))"
Write-Information "current entity is $($row.RowKey) with $($row.PartitionKey). Our size is $([System.Text.Encoding]::UTF8.GetByteCount($($row | ConvertTo-Json -Compress)))"
Add-AzDataTableEntity -Context $Context -Force:$Force -CreateTableIfNotExists:$CreateTableIfNotExists -Entity $row
}
} else {
Expand Down
33 changes: 33 additions & 0 deletions Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppCertificateExpiry.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
function Get-CIPPAlertAppCertificateExpiry {
<#
.FUNCTIONALITY
Entrypoint
#>
[CmdletBinding()]
Param (
[Parameter(Mandatory = $false)]
[Alias('input')]
$InputValue,
$TenantFilter
)

try {
Write-Host "Checking app expire for $($TenantFilter)"
$appList = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,keyCredentials" -tenantid $TenantFilter
} catch {
return
}

$AlertData = foreach ($App in $applist) {
Write-Host "checking $($App.displayName)"
if ($App.keyCredentials) {
foreach ($Credential in $App.keyCredentials) {
if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) {
Write-Host ("Application '{0}' has certificates expiring on {1}" -f $App.displayName, $Credential.endDateTime)
@{ DisplayName = $App.displayName; Expires = $Credential.endDateTime }
}
}
}
}
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
}
30 changes: 30 additions & 0 deletions Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppleTerms.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
function Get-CIPPAlertAppleTerms {
<#
.FUNCTIONALITY
Entrypoint
#>
[CmdletBinding()]
Param (
[Parameter(Mandatory = $false)]
[Alias('input')]
$InputValue,
$TenantFilter
)

# 0 = Expired
# 1 = expired?
# 2 = unknown
# 3 = Terms & Conditions
# 4 = Warning

try {
$appleterms = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings" -tenantid $TenantFilter
} catch {
return
}

if ($appleterms.lastSyncErrorCode -eq 3) {
$AlertData = "New Apple Business Manager terms are ready to accept."
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
}
}
4 changes: 1 addition & 3 deletions Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDeviceCompliance.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,7 @@ function Get-CIPPAlertDeviceCompliance {
$TenantFilter
)
try {
$AlertData = New-GraphGETRequest -uri "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$top=999" -tenantid $TenantFilter | Where-Object -Property complianceState -NE 'compliant' | ForEach-Object {
$_ | Select-Object -Property id, deviceName, deviceType, complianceState, lastReportedDateTime
}
$AlertData = New-GraphGETRequest -uri "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=complianceState eq 'noncompliant'&`$select=id,deviceName,managedDeviceOwnerType,complianceState,lastSyncDateTime&`$top=999" -tenantid $TenantFilter
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
} catch {
Write-AlertMessage -tenant $($TenantFilter) -message "Could not get compliance state for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
Expand Down
8 changes: 6 additions & 2 deletions Modules/CIPPCore/Public/Alerts/Get-CIPPAlertInactiveLicensedUsers.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,14 @@ function Get-CIPPAlertInactiveLicensedUsers {
try {

$Lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o')
$GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter | Where-Object { $_.assignedLicenses.skuId -ne $null }
$GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastNonInteractiveSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,assignedLicenses" -scope 'https://graph.microsoft.com/.default' -tenantid $TenantFilter |
Where-Object { $null -ne $_.assignedLicenses.skuId }

# true = only active users
if ($InputValue -eq $true) { $GraphRequest = $GraphRequest | Where-Object { $_.accountEnabled -eq $true } }
$AlertData = foreach ($user in $GraphRequest) {
$Message = 'User {0} has been inactive for 90 days, but still has a license assigned.' -f $user.UserPrincipalName
$user | Select-Object -Property userPrincipalname, signInActivity, @{Name = 'Message'; Expression = { $Message } }
$user | Select-Object -Property UserPrincipalName, signInActivity, @{Name = 'Message'; Expression = { $Message } }

}
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
Expand Down
2 changes: 1 addition & 1 deletion Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ function Get-CIPPAlertNewAppApproval {
)
try {
$Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter
if ($Approvals.count -gt 1) {
if ($Approvals.count -gt 0) {
$AlertData = "There are $($Approvals.count) App Approval(s) pending."
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
}
Expand Down
8 changes: 5 additions & 3 deletions Modules/CIPPCore/Public/Authentication/Get-CIPPRolePermissions.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,15 @@ function Get-CIPPRolePermissions {
$Role = Get-CIPPAzDataTableEntity @Table -Filter $Filter
if ($Role) {
$Permissions = $Role.Permissions | ConvertFrom-Json
$AllowedTenants = if ($Role.AllowedTenants) { $Role.AllowedTenants | ConvertFrom-Json } else { @() }
$BlockedTenants = if ($Role.BlockedTenants) { $Role.BlockedTenants | ConvertFrom-Json } else { @() }
[PSCustomObject]@{
Role = $Role.RowKey
Permissions = $Permissions.PSObject.Properties.Value
AllowedTenants = if ($Role.AllowedTenants) { $Role.AllowedTenants | ConvertFrom-Json } else { @() }
BlockedTenants = if ($Role.BlockedTenants) { $Role.BlockedTenants | ConvertFrom-Json } else { @() }
AllowedTenants = @($AllowedTenants)
BlockedTenants = @($BlockedTenants)
}
} else {
throw "Role $RoleName not found."
}
}
}
6 changes: 3 additions & 3 deletions Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@ function Test-CIPPAccess {
if ($PermissionsFound) {
if ($TenantList.IsPresent) {
$LimitedTenantList = foreach ($Permission in $PermissionSet) {
if (($Permission.AllowedTenants | Measure-Object).Count -eq 0 -and ($Permission.BlockedTenants | Measure-Object).Count -eq 0) {
return @('AllTenants')
if ((($Permission.AllowedTenants | Measure-Object).Count -eq 0 -or $Permission.AllowedTenants -contains 'AllTenants') -and (($Permission.BlockedTenants | Measure-Object).Count -eq 0)) {
@('AllTenants')
} else {
if ($Permission.AllowedTenants -contains 'AllTenants') {
$Permission.AllowedTenants = $Tenants.customerId
Expand Down Expand Up @@ -135,4 +135,4 @@ function Test-CIPPAccess {
} else {
return $true
}
}
}
2 changes: 1 addition & 1 deletion Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ function Push-BPACollectData {
$Table = Get-CippTable -tablename 'cachebpav2'
$Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $TenantName.defaultDomainName -API $Item.Template
if ($Rerun) {
Write-Host 'Detected rerun. Exiting cleanly'
Write-Host 'Detected rerun for BPA. Exiting cleanly'
exit 0
}
Write-Host "Working on BPA for $($TenantName.defaultDomainName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
Expand Down
10 changes: 5 additions & 5 deletions Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ function Push-ListMailboxRulesQueue {
}
}
if (($Rules | Measure-Object).Count -gt 0) {
foreach ($Rule in $Rules) {
$GraphRequest = [PSCustomObject]@{
$GraphRequest = foreach ($Rule in $Rules) {
[PSCustomObject]@{
Rules = [string]($Rule | ConvertTo-Json)
RowKey = [string](New-Guid).guid
Tenant = [string]$domainName
Expand All @@ -31,9 +31,9 @@ function Push-ListMailboxRulesQueue {

}
} else {
$Rules = @{
Name = 'No rules found'
} | ConvertTo-Json
$Rules = @(@{
Name = 'No rules found'
}) | ConvertTo-Json
$GraphRequest = [PSCustomObject]@{
Rules = [string]$Rules
RowKey = [string]$domainName
Expand Down
Loading

0 comments on commit a15612c

Please sign in to comment.