[pull] dev from KelvinTegelaar:dev

.github/workflows/dev_api.yml

@@ -33,6 +33,10 @@ jobs:
           tenant-id: ${{ secrets.DEV_TENANTID }}
           subscription-id: ${{ secrets.DEV_SUBSCRIPTIONID }}
 
+      - name: Build and stage modules
+        shell: pwsh
+        run: ./Tools/Build-DevApiModules.ps1
+
       - name: "Run Azure Functions Action"
         uses: Azure/functions-action@v1
         id: fa

Modules/CIPPActivityTriggers/CIPPActivityTriggers.psd1

@@ -0,0 +1,113 @@
+@{
+    # Script module or binary module file associated with this manifest.
+    RootModule         = '.\CIPPActivityTriggers.psm1'
+
+    # Version number of this module.
+    ModuleVersion      = '1.0'
+
+    # Supported PSEditions
+    # CompatiblePSEditions = @()
+
+    # ID used to uniquely identify this module
+    GUID               = '3d72e22c-16a3-4e0d-8f9f-f4436b911f14'
+
+    # Author of this module
+    Author             = 'Kelvin Tegelaar - Kelvin@cyberdrain.com'
+
+    # Company or vendor of this module
+    CompanyName        = 'CyberDrain.com'
+
+    # Copyright statement for this module
+    Copyright          = '(c) 2020 Kelvin Tegelaar - Kelvin@CyberDrain.com All rights reserved.'
+
+    # Description of the functionality provided by this module
+    Description        = ''
+
+    # Minimum version of the Windows PowerShell engine required by this module
+    PowerShellVersion  = '7.0'
+
+    # Name of the Windows PowerShell host required by this module
+    # PowerShellHostName = ''
+
+    # Minimum version of the Windows PowerShell host required by this module
+    # PowerShellHostVersion = ''
+
+    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # DotNetFrameworkVersion = ''
+
+    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # CLRVersion = ''
+
+    # Processor architecture (None, X86, Amd64) required by this module
+    # ProcessorArchitecture = ''
+
+    # Modules that must be imported into the global environment prior to importing this module
+    # RequiredModules = @()
+
+    # Assemblies that must be loaded prior to importing this module
+    # RequiredAssemblies = @()
+
+    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
+    # ScriptsToProcess = @()
+
+    # Type files (.ps1xml) to be loaded when importing this module
+    # TypesToProcess = @()
+
+    # Format files (.ps1xml) to be loaded when importing this module
+    # FormatsToProcess = @()
+
+    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+    # NestedModules = @()
+
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    FunctionsToExport  = '*'
+
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    CmdletsToExport    = @()
+
+    # Variables to export from this module
+    VariablesToExport  = @()
+
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    AliasesToExport    = @()
+
+    # DSC resources to export from this module
+    # DscResourcesToExport = @()
+
+    # List of all modules packaged with this module
+    # ModuleList = @()
+
+    # List of all files packaged with this module
+    # FileList = @()
+
+    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+    PrivateData        = @{
+
+        PSData = @{
+
+            # Tags applied to this module. These help with module discovery in online galleries.
+            Tags         = @()
+
+            # A URL to the license for this module.
+            LicenseUri   = 'https://github.com/KelvinTegelaar/CIPP-API/blob/master/LICENSE'
+
+            # A URL to the main website for this project.
+            ProjectUri   = 'https://github.com/KelvinTegelaar/CIPP-API'
+
+            # A URL to an icon representing this module.
+            # IconUri = ''
+
+            # ReleaseNotes of this module
+            ReleaseNotes = ''
+
+        } # End of PSData hashtable
+
+    } # End of PrivateData hashtable
+
+    # HelpInfo URI of this module
+    HelpInfoURI        = 'https://github.com/KelvinTegelaar/CIPP-API'
+
+    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+    # DefaultCommandPrefix = ''
+
+}

Modules/CIPPActivityTriggers/CIPPActivityTriggers.psm1

@@ -0,0 +1,14 @@
+# ModuleBuilder will concatenate all function files into this module
+# This block is only used when running from source (not built)
+if (Test-Path (Join-Path $PSScriptRoot 'Public')) {
+    $Public = @(Get-ChildItem -Path (Join-Path $PSScriptRoot 'Public\*.ps1') -Recurse -ErrorAction SilentlyContinue)
+    foreach ($import in @($Public)) {
+        try {
+            . $import.FullName
+        } catch {
+            Write-Error -Message "Failed to import function $($import.FullName): $_"
+        }
+    }
+
+    Export-ModuleMember -Function $Public.BaseName
+}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Applications/Push-UploadApplication.ps1 → Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Applications/Push-UploadApplication.ps1

@@ -10,10 +10,6 @@ function Push-UploadApplication {
         $Table = Get-CippTable -tablename 'apps'
         $Filter = "PartitionKey eq 'apps' and RowKey eq '$($Item.Name)'"
 
-        $ModuleRoot = (Get-Module CIPPCore).ModuleBase
-        $CippRoot = (Get-Item $ModuleRoot).Parent.Parent
-        Set-Location $CippRoot
-
         $AppConfig = (Get-CIPPAzDataTableEntity @Table -filter $Filter).JSON | ConvertFrom-Json
         $intuneBody = $AppConfig.IntuneBody
         $tenants = if ($AppConfig.tenant -eq 'AllTenants') {
@@ -43,11 +39,11 @@ function Push-UploadApplication {
         $Intunexml = $null
         $Infile = $null
         if ($AppType -eq 'MSPApp') {
-            [xml]$Intunexml = Get-Content "AddMSPApp\$($AppConfig.MSPAppName).app.xml"
-            $Infile = "AddMSPApp\$($AppConfig.MSPAppName).intunewin"
+            [xml]$Intunexml = Get-Content (Join-Path $env:CIPPRootPath "AddMSPApp\$($AppConfig.MSPAppName).app.xml")
+            $Infile = Join-Path $env:CIPPRootPath "AddMSPApp\$($AppConfig.MSPAppName).intunewin"
         } elseif ($AppType -in @('Choco', 'Win32ScriptApp')) {
-            [xml]$Intunexml = Get-Content 'AddChocoApp\Choco.App.xml'
-            $Infile = "AddChocoApp\$($Intunexml.ApplicationInfo.FileName)"
+            [xml]$Intunexml = Get-Content (Join-Path $env:CIPPRootPath 'AddChocoApp\Choco.App.xml')
+            $Infile = Join-Path $env:CIPPRootPath "AddChocoApp\$($Intunexml.ApplicationInfo.FileName)"
         }
 
 

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecAppApprovalTemplate.ps1 → Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Push-ExecAppApprovalTemplate.ps1

@@ -80,6 +80,31 @@ function Push-ExecAppApprovalTemplate {
                 return $false
             }
 
+            $ForbiddenManifestProperties = @('keyCredentials', 'passwordCredentials')
+            $ManifestProperties = @($ApplicationManifest.PSObject.Properties.Name)
+            $ForbiddenPropertiesFound = @($ForbiddenManifestProperties | Where-Object { $_ -in $ManifestProperties })
+            if ($ForbiddenPropertiesFound.Count -gt 0) {
+                try {
+                    $SanitizedManifest = $ApplicationManifest | ConvertTo-Json -Depth 20 | ConvertFrom-Json
+                    foreach ($Property in $ForbiddenPropertiesFound) {
+                        $SanitizedManifest.PSObject.Properties.Remove($Property)
+                    }
+
+                    $ApplicationManifest = $SanitizedManifest
+                    $TemplateData.ApplicationManifest = $SanitizedManifest
+
+                    $Table.Force = $true
+                    Add-CIPPAzDataTableEntity @Table -Entity @{
+                        JSON         = [string]($TemplateData | ConvertTo-Json -Depth 20 -Compress)
+                        RowKey       = "$($Template.RowKey)"
+                        PartitionKey = 'AppApprovalTemplate'
+                    } | Out-Null
+                } catch {
+                    $ErrorMessage = Get-CippException -Exception $_
+                    Write-LogMessage -message "Failed to sanitize and persist manifest template '$TemplateId': $($ErrorMessage.NormalizedError)" -tenant $Item.Tenant -API 'Add App Manifest' -sev Error -LogData $ErrorMessage
+                }
+            }
+
             # Check for existing application by display name
             $ServicePrincipalList = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals?`$select=AppId,id,displayName&`$top=999" -tenantid $Item.Tenant
             $ExistingApp = $ServicePrincipalList | Where-Object { $_.displayName -eq $TemplateData.AppName }
@@ -109,7 +134,7 @@ function Push-ExecAppApprovalTemplate {
                 return $true
             }
 
-            $PropertiesToRemove = @('appId', 'id', 'createdDateTime', 'deletedDateTime', 'createdByAppId', 'publisherDomain', 'servicePrincipalLockConfiguration', 'identifierUris', 'applicationIdUris')
+            $PropertiesToRemove = @('appId', 'id', 'createdDateTime', 'deletedDateTime', 'createdByAppId', 'publisherDomain', 'servicePrincipalLockConfiguration', 'identifierUris', 'applicationIdUris', 'keyCredentials', 'passwordCredentials')
 
             # Strip tenant-specific data that might cause conflicts
             $CleanManifest = $ApplicationManifest | ConvertTo-Json -Depth 10 | ConvertFrom-Json

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 → Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1

@@ -310,14 +310,19 @@ function Push-ExecOnboardTenantQueue {
             # Check if the relationship was recently activated — Microsoft propagation may not have settled yet
             if ($Relationship.activatedDateTime) {
                 try {
-                    $ActivatedTime = [datetime]::Parse($Relationship.activatedDateTime)
-                    $MinutesSinceActivation = ([datetime]::UtcNow - $ActivatedTime).TotalMinutes
+                    $ActivatedTimeUtc = ([DateTimeOffset]$Relationship.activatedDateTime).UtcDateTime
+                    $MinutesSinceActivation = ([datetime]::UtcNow - $ActivatedTimeUtc).TotalMinutes
                     if ($MinutesSinceActivation -lt 15) {
+                        $RetryAtUtc = [Cronos.CronExpression]::Parse('* * * * *').GetNextOccurrence([DateTime]::UtcNow.AddMinutes(15), [TimeZoneInfo]::Utc)
+                        $RetryEpoch = ([DateTimeOffset]$RetryAtUtc).ToUnixTimeSeconds()
+                        $RetryDelayMinutes = ($RetryAtUtc - [DateTime]::UtcNow).TotalMinutes
+                        $MinutesSinceActivationDisplay = ('{0:N1}' -f $MinutesSinceActivation)
+                        $RetryDelayMinutesDisplay = ('{0:N1}' -f $RetryDelayMinutes)
+                        $RetryLogMessage = "GDAP relationship was activated $MinutesSinceActivationDisplay minutes ago. Rescheduling onboarding in $RetryDelayMinutesDisplay minutes to allow Microsoft propagation to settle."
                         $Logs.Add([PSCustomObject]@{
-                                Date = (Get-Date).ToUniversalTime()
-                                Log  = 'GDAP relationship was activated {0:N1} minutes ago. Rescheduling onboarding in 15 minutes to allow Microsoft propagation to settle.' -f $MinutesSinceActivation
-                            })
-                        $RetryEpoch = [int64](([datetime]::UtcNow.AddMinutes(15)) - (Get-Date '1/1/1970')).TotalSeconds
+                            Date = (Get-Date).ToUniversalTime()
+                                Log  = $RetryLogMessage
+                        })
                         $RetryParams = [PSCustomObject]@{
                             Item = [PSCustomObject]@{
                                 id                         = $Item.id
@@ -336,7 +341,7 @@ function Push-ExecOnboardTenantQueue {
                             ScheduledTime = $RetryEpoch
                         }
                         $null = Add-CIPPScheduledTask -Task $RetryTask -DesiredStartTime ([string]$RetryEpoch)
-                        $RetryMessage = 'Rescheduled: GDAP relationship was activated {0:N1} minutes ago. Retrying in 15 minutes to allow Microsoft propagation to settle.' -f $MinutesSinceActivation
+                        $RetryMessage = "Rescheduled: GDAP relationship was activated $MinutesSinceActivationDisplay minutes ago. Retrying in $RetryDelayMinutesDisplay minutes to allow Microsoft propagation to settle."
                         $OnboardingSteps.Step4.Status = 'pending'
                         $OnboardingSteps.Step4.Message = $RetryMessage
                         $TenantOnboarding.Status = 'running'

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1 → Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1

@@ -5,7 +5,7 @@ function Push-UpdateTenants {
     #>
     Param($Item)
     $QueueReference = 'UpdateTenants'
-    $RunningQueue = Invoke-ListCippQueue -Reference $QueueReference | Where-Object { $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' }
+    $RunningQueue = Get-CIPPQueueData -Reference $QueueReference | Where-Object { $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' }
 
     $Queue = New-CippQueueEntry -Name 'Update Tenants' -Reference $QueueReference -TotalTasks 1
     try {

Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Tests/Invoke-CIPPDBTestsRun.ps1

@@ -0,0 +1,18 @@
+function Invoke-CIPPDBTestsRun {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Tenant.Tests.Read
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $false)]
+        [string]$TenantFilter = 'allTenants',
+
+        [Parameter(Mandatory = $false)]
+        [switch]$Force
+    )
+
+    return Start-CIPPDBTestsRun -TenantFilter $TenantFilter -Force:$Force
+}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Tests/Push-CIPPTest.ps1 → Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Tests/Push-CIPPTest.ps1

@@ -23,7 +23,7 @@ function Push-CIPPTest {
 
         $FunctionName = "Invoke-CippTest$TestId"
 
-        if (-not (Get-Command $FunctionName -ErrorAction SilentlyContinue)) {
+        if (-not (Get-Command $FunctionName -Module CIPPTests -ErrorAction SilentlyContinue)) {
             Write-LogMessage -API 'Tests' -tenant $TenantFilter -message "Test function not found: $FunctionName" -sev Error
             return @{ testRun = $false }
         }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogSearchCreation.ps1 → Modules/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogSearchCreation.ps1

@@ -28,12 +28,20 @@ function Push-AuditLogSearchCreation {
         }
         if ($PSCmdlet.ShouldProcess('Push-AuditLogSearchCreation', 'Creating Audit Log Search')) {
             $NewSearch = New-CippAuditLogSearch @LogSearch
-            Write-Information "Created audit log search $($Tenant.defaultDomainName) - $($NewSearch.displayName)"
+            if ($NewSearch.id) {
+                Write-Information "Created audit log search $($Tenant.defaultDomainName) - $($NewSearch.displayName)"
+            } elseif ($NewSearch.status -eq 'AuditingDisabledTenant') {
+                Write-Information "Skipping audit log search $($Tenant.defaultDomainName) because unified auditing is disabled for this tenant"
+                Write-LogMessage -API 'Audit Logs' -Message "Skipped audit log search creation for tenant $($Tenant.defaultDomainName) because unified auditing is disabled" -Sev Warning -tenant $Tenant.defaultDomainName
+            } else {
+                Write-Information "Audit log search creation returned no query id for tenant $($Tenant.defaultDomainName)"
+                Write-LogMessage -API 'Audit Logs' -Message "Audit log search creation returned no query id for tenant $($Tenant.defaultDomainName)" -Sev Warning -tenant $Tenant.defaultDomainName
+            }
         }
     } catch {
         Write-Information "Error creating audit log search $($Tenant.defaultDomainName) - $($_.Exception.Message)"
         Write-Information $_.InvocationInfo.PositionMessage
-        Write-LogMessage -API 'Audit Logs' -Message "Error creating audit log search for tenant $($Tenant.defaultDomainName): $($_.Exception.Message)" -Sev Error -LogData (Get-CippException -Exception $_)
+        Write-LogMessage -API 'Audit Logs' -tenant $Tenant.defaultDomainName -Message "Error creating audit log search for tenant $($Tenant.defaultDomainName): $($_.Exception.Message)" -Sev Error -LogData (Get-CippException -Exception $_)
     }
     return $true
 }

Modules/CIPPActivityTriggers/build.psd1

@@ -0,0 +1,8 @@
+@{
+    Path                     = 'CIPPActivityTriggers.psd1'
+    OutputDirectory          = '../../Output'
+    VersionedOutputDirectory = $false
+    Encoding                 = 'UTF8'
+    Prefix                   = $null
+    Suffix                   = $null
+}