Merge pull request #93 from kylemar/main

add retires for replication

Author: merill

src/agentid/Add-MsIdClientSecretToAgentIdentityBlueprint.ps1

@@ -49,8 +49,29 @@ function Add-MsIdClientSecretToAgentIdentityBlueprint {
             endDateTime = (Get-Date).AddDays(90).ToString("yyyy-MM-ddTHH:mm:ssZ")
         }
 
-        # Add the secret to the application
-        $secretResult = Add-MgApplicationPassword -ApplicationId $AgentBlueprintId -PasswordCredential $passwordCredential
+        # Add the secret to the application with retry logic
+        $retryCount = 0
+        $maxRetries = 10
+        $secretResult = $null
+        $success = $false
+
+        while ($retryCount -lt $maxRetries -and -not $success) {
+            try {
+                $secretResult = Add-MgApplicationPassword -ApplicationId $AgentBlueprintId -PasswordCredential $passwordCredential -ErrorAction Stop
+                $success = $true
+            }
+            catch {
+                $retryCount++
+                if ($retryCount -lt $maxRetries) {
+                    Write-Host "Attempt $retryCount failed. Waiting 10 seconds before retry..." -ForegroundColor Yellow
+                    Start-Sleep -Seconds 10
+                }
+                else {
+                    Write-Error "Failed to add secret to Agent Blueprint after $maxRetries attempts: $_"
+                    throw
+                }
+            }
+        }
 
         Write-Host "Successfully added secret to Agent Blueprint" -ForegroundColor Green
         #Write-Host "Secret Value: $($secretResult.SecretText)" -ForegroundColor Red

src/agentid/Add-MsIdInheritablePermissionsToAgentIdentityBlueprint.ps1

@@ -103,10 +103,32 @@ function Add-MsIdInheritablePermissionsToAgentIdentityBlueprint {
         $JsonBody = $Body | ConvertTo-Json -Depth 5
         Write-Debug "Request Body: $JsonBody"
 
-        # Use Invoke-MgRestMethod to make the API call with the stored Agent Blueprint ID
+        # Use Invoke-MgRestMethod to make the API call with the stored Agent Blueprint ID with retry logic
         $apiUrl = "https://graph.microsoft.com/beta/applications/microsoft.graph.agentIdentityBlueprint/$($script:CurrentAgentBlueprintId)/inheritablePermissions"
         Write-Debug "API URL: $apiUrl"
-        $result = Invoke-MgRestMethod -Method POST -Uri $apiUrl -Body $JsonBody -ContentType "application/json"
+        
+        $retryCount = 0
+        $maxRetries = 10
+        $result = $null
+        $success = $false
+
+        while ($retryCount -lt $maxRetries -and -not $success) {
+            try {
+                $result = Invoke-MgRestMethod -Method POST -Uri $apiUrl -Body $JsonBody -ContentType "application/json" -ErrorAction Stop
+                $success = $true
+            }
+            catch {
+                $retryCount++
+                if ($retryCount -lt $maxRetries) {
+                    Write-Host "Attempt $retryCount failed. Waiting 10 seconds before retry..." -ForegroundColor Yellow
+                    Start-Sleep -Seconds 10
+                }
+                else {
+                    Write-Error "Failed to add inheritable permissions after $maxRetries attempts: $_"
+                    throw
+                }
+            }
+        }
 
         Write-Host "Successfully added inheritable permissions to Agent Identity Blueprints" -ForegroundColor Green
         Write-Host "Permissions are now available for inheritance by agent blueprints" -ForegroundColor Green

src/agentid/Add-MsIdRedirectURIToAgentIdentityBlueprint.ps1

@@ -57,7 +57,29 @@ function Add-MsIdRedirectURIToAgentIdentityBlueprint {
 
         # First, get the current application configuration to preserve existing redirect URIs
         Write-Host "Retrieving current application configuration..." -ForegroundColor Yellow
-        $currentApp = Invoke-MgRestMethod -Method GET -Uri "https://graph.microsoft.com/v1.0/applications/$AgentBlueprintId" -ContentType "application/json"
+        
+        $retryCount = 0
+        $maxRetries = 10
+        $currentApp = $null
+        $success = $false
+
+        while ($retryCount -lt $maxRetries -and -not $success) {
+            try {
+                $currentApp = Invoke-MgRestMethod -Method GET -Uri "https://graph.microsoft.com/beta/applications/$AgentBlueprintId" -ContentType "application/json" -ErrorAction Stop
+                $success = $true
+            }
+            catch {
+                $retryCount++
+                if ($retryCount -lt $maxRetries) {
+                    Write-Host "Attempt $retryCount failed. Waiting 10 seconds before retry..." -ForegroundColor Yellow
+                    Start-Sleep -Seconds 10
+                }
+                else {
+                    Write-Error "Failed to retrieve application configuration after $maxRetries attempts: $_"
+                    throw
+                }
+            }
+        }
 
         # Get existing redirect URIs or initialize empty array
         $existingRedirectUris = @()
@@ -93,8 +115,29 @@ function Add-MsIdRedirectURIToAgentIdentityBlueprint {
         $JsonBody = $Body | ConvertTo-Json -Depth 5
         Write-Debug "Request Body: $JsonBody"
 
-        # Use Invoke-MgRestMethod to update the application
-        $updateResult = Invoke-MgRestMethod -Method PATCH -Uri "https://graph.microsoft.com/v1.0/applications/$AgentBlueprintId" -Body $JsonBody -ContentType "application/json"
+        # Use Invoke-MgRestMethod to update the application with retry logic
+        $retryCount = 0
+        $maxRetries = 10
+        $updateResult = $null
+        $success = $false
+
+        while ($retryCount -lt $maxRetries -and -not $success) {
+            try {
+                $updateResult = Invoke-MgRestMethod -Method PATCH -Uri "https://graph.microsoft.com/beta/applications/$AgentBlueprintId" -Body $JsonBody -ContentType "application/json" -ErrorAction Stop
+                $success = $true
+            }
+            catch {
+                $retryCount++
+                if ($retryCount -lt $maxRetries) {
+                    Write-Host "Attempt $retryCount failed. Waiting 10 seconds before retry..." -ForegroundColor Yellow
+                    Start-Sleep -Seconds 10
+                }
+                else {
+                    Write-Error "Failed to update redirect URI after $maxRetries attempts: $_"
+                    throw
+                }
+            }
+        }
 
         Write-Host "Successfully added web redirect URI to Agent Identity Blueprint" -ForegroundColor Green
         Write-Host "Total redirect URIs: $($updatedRedirectUris.Count)" -ForegroundColor Cyan

src/agentid/Add-MsIdScopeToAgentIdentityBlueprint.ps1

@@ -126,8 +126,29 @@ function Add-MsIdScopeToAgentIdentityBlueprint {
         $JsonBody = $Body | ConvertTo-Json -Depth 5
         Write-Debug "Request Body: $JsonBody"
 
-        # Use Invoke-MgRestMethod to update the application
-        $scopeResult = Invoke-MgRestMethod -Method PATCH -Uri "https://graph.microsoft.com/v1.0/applications/$AgentBlueprintId" -Body $JsonBody -ContentType "application/json"
+        # Use Invoke-MgRestMethod to update the application with retry logic
+        $retryCount = 0
+        $maxRetries = 10
+        $scopeResult = $null
+        $success = $false
+
+        while ($retryCount -lt $maxRetries -and -not $success) {
+            try {
+                $scopeResult = Invoke-MgRestMethod -Method PATCH -Uri "https://graph.microsoft.com/beta/applications/$AgentBlueprintId" -Body $JsonBody -ContentType "application/json" -ErrorAction Stop
+                $success = $true
+            }
+            catch {
+                $retryCount++
+                if ($retryCount -lt $maxRetries) {
+                    Write-Host "Attempt $retryCount failed. Waiting 10 seconds before retry..." -ForegroundColor Yellow
+                    Start-Sleep -Seconds 10
+                }
+                else {
+                    Write-Error "Failed to add OAuth2 permission scope after $maxRetries attempts: $_"
+                    throw
+                }
+            }
+        }
 
         Write-Host "Successfully added OAuth2 permission scope to Agent Blueprint" -ForegroundColor Green
         Write-Host "Scope ID: $scopeId" -ForegroundColor Cyan

src/agentid/Connect-MsIdEntraAsUser.ps1

@@ -19,7 +19,7 @@ function Connect-MsIdEntraAsUser {
     [CmdletBinding()]
     param (
         [Parameter(Mandatory = $false)]
-        [string[]]$Scopes = @('AgentIdentityBlueprint.Create', 'AgentIdentityBlueprintPrincipal.Create', 'AppRoleAssignment.ReadWrite.All', 'Application.ReadWrite.All', 'User.ReadWrite.All')
+        [string[]]$Scopes = @('AgentIdentityBlueprint.Create', 'AgentIdentityBlueprintPrincipal.Create', 'AppRoleAssignment.ReadWrite.All', 'Application.ReadWrite.All', 'User.ReadWrite.All', 'AgentIdentityBlueprint.ReadWrite.All', 'AgentIdentityBlueprint.AddRemoveCreds.All')
     )
 
     # Ensure required modules are available

src/agentid/EnsureRequiredModules.ps1

@@ -3,7 +3,8 @@
 Ensures that required PowerShell modules are installed and imported
 
 .DESCRIPTION
-Checks for required modules and installs them if they are not available
+Checks for required modules and installs them if they are not available.
+Handles version conflicts by checking if compatible versions are already loaded.
 #>
 function EnsureRequiredModules {
     [CmdletBinding()]
@@ -16,7 +17,40 @@ function EnsureRequiredModules {
         'Microsoft.Graph.Identity.DirectoryManagement'
     )
 
+    # Check if there are version conflicts in loaded modules
+    $loadedGraphModules = Get-Module -Name Microsoft.Graph.* 
+    $hasVersionConflict = $false
+    
+    if ($loadedGraphModules) {
+        $authModule = $loadedGraphModules | Where-Object { $_.Name -eq 'Microsoft.Graph.Authentication' }
+        $otherModules = $loadedGraphModules | Where-Object { $_.Name -ne 'Microsoft.Graph.Authentication' }
+        
+        # Check if loaded modules have different versions of dependencies
+        foreach ($mod in $otherModules) {
+            $authDep = $mod.RequiredModules | Where-Object { $_.Name -eq 'Microsoft.Graph.Authentication' }
+            if ($authDep -and $authModule -and $authDep.Version -ne $authModule.Version) {
+                Write-Verbose "Version conflict detected: $($mod.Name) requires Microsoft.Graph.Authentication $($authDep.Version) but $($authModule.Version) is loaded"
+                $hasVersionConflict = $true
+                break
+            }
+        }
+    }
+
+    # If there's a version conflict, we need to start fresh
+    if ($hasVersionConflict) {
+        Write-Host "Detected module version conflicts. Removing all Microsoft.Graph modules from session..." -ForegroundColor Yellow
+        Get-Module -Name Microsoft.Graph.* | Remove-Module -Force -ErrorAction SilentlyContinue
+    }
+
     foreach ($module in $requiredModules) {
+        # Check if module is already loaded with compatible version
+        $loadedModule = Get-Module -Name $module
+        if ($loadedModule -and -not $hasVersionConflict) {
+            Write-Verbose "Module $module is already loaded (version $($loadedModule.Version))"
+            continue
+        }
+
+        # Install if not available
         if (!(Get-Module -ListAvailable -Name $module)) {
             Write-Host "Module $module not found. Installing..." -ForegroundColor Yellow
             try {

src/agentid/Get-MsIdAgentIdentity.ps1

@@ -39,7 +39,7 @@ function Get-MsIdAgentIdentity {
 
         # Call the Graph API to get the agent identity
         $uri = "https://graph.microsoft.com/beta/servicePrincipals/microsoft.graph.agentIdentity/$AgentId"
-        $result = Invoke-MgRestMethod -Method GET -Uri $uri
+        $result = Invoke-MgRestMethod -Method GET -Uri $uri -ErrorAction Stop
 
         Write-Verbose "Successfully retrieved Agent Identity"
         return $result