Merge pull request KelvinTegelaar#1772 from KelvinTegelaar/dev

Dev to release - CIPP X(10.0.0)

Author: KelvinTegelaar

.gitignore

@@ -10,6 +10,8 @@ ExcludedTenants
 SendNotifications/config.json
 .env
 Output/
+node_modules/.yarn-integrity
+yarn.lock
 
 # Cursor IDE
 .cursor/rules

CIPPTimers.json

@@ -222,5 +222,23 @@
     "Priority": 21,
     "RunOnProcessor": true,
     "IsSystem": true
+  },
+  {
+    "Id": "9a7f8e6d-5c4b-3a2d-1e0f-9b8c7d6e5f4a",
+    "Command": "Start-CIPPDBCacheOrchestrator",
+    "Description": "Timer to collect and cache Microsoft Graph data for all tenants",
+    "Cron": "0 0 3 * * *",
+    "Priority": 22,
+    "RunOnProcessor": true,
+    "IsSystem": true
+  },
+  {
+    "Id": "1f2e3d4c-5b6a-7c8d-9e0f-1a2b3c4d5e6f",
+    "Command": "Start-TestsOrchestrator",
+    "Description": "Timer to run security and compliance tests against cached data",
+    "Cron": "0 0 4 * * *",
+    "Priority": 23,
+    "RunOnProcessor": true,
+    "IsSystem": true
   }
 ]

ExampleReportTemplate.ps1

@@ -0,0 +1,19 @@
+$Table = Get-CippTable -tablename 'CippReportTemplates'
+
+# Dynamically discover all ZTNA test files
+$TestFiles = Get-ChildItem "C:\Github\CIPP-API\Modules\CIPPCore\Public\Tests\Invoke-CippTestZTNA*.ps1" | Sort-Object Name
+$AllTestIds = $TestFiles.BaseName | ForEach-Object { $_ -replace 'Invoke-CippTestZTNA', 'ZTNA' }
+
+Write-Host "Discovered $($AllTestIds.Count) ZTNA tests"
+
+$Entity = @{
+    RowKey        = 'd5d1e123-bce0-482d-971f-be6ed820dd92'
+    PartitionKey  = 'ReportingTemplate'
+    IdentityTests = [string]($AllTestIds | ConvertTo-Json -Compress)
+    Description   = 'Complete Zero Trust Network Assessment Report'
+    Name          = 'Full ZTNA Report'
+}
+
+Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force
+
+Write-Host "Report template created successfully with ID: $($Entity.RowKey)"

Modules/CIPPCore/Public/Add-CIPPDbItem.ps1

@@ -0,0 +1,91 @@
+function Add-CIPPDbItem {
+    <#
+    .SYNOPSIS
+        Add items to the CIPP Reporting database
+
+    .DESCRIPTION
+        Adds items to the CippReportingDB table with support for bulk inserts and count mode
+
+    .PARAMETER TenantFilter
+        The tenant domain or GUID (used as partition key)
+
+    .PARAMETER Type
+        The type of data being stored (used in row key)
+
+    .PARAMETER Data
+        Array of items to add to the database
+
+    .PARAMETER Count
+        If specified, stores a single row with count of each object property as separate properties
+
+    .EXAMPLE
+        Add-CIPPDbItem -TenantFilter 'contoso.onmicrosoft.com' -Type 'Groups' -Data $GroupsData
+
+    .EXAMPLE
+        Add-CIPPDbItem -TenantFilter 'contoso.onmicrosoft.com' -Type 'Groups' -Data $GroupsData -Count
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantFilter,
+
+        [Parameter(Mandatory = $true)]
+        [string]$Type,
+
+        [Parameter(Mandatory = $true)]
+        [AllowEmptyCollection()]
+        [array]$Data,
+
+        [Parameter(Mandatory = $false)]
+        [switch]$Count
+    )
+
+    try {
+        $Table = Get-CippTable -tablename 'CippReportingDB'
+
+        # Helper function to format RowKey values by removing disallowed characters
+        function Format-RowKey {
+            param([string]$RowKey)
+
+            # Remove disallowed characters: / \ # ? and control characters (U+0000 to U+001F and U+007F to U+009F)
+            $sanitized = $RowKey -replace '[/\\#?]', '_' -replace '[\u0000-\u001F\u007F-\u009F]', ''
+
+            return $sanitized
+        }
+
+        if ($Count) {
+            $Entity = @{
+                PartitionKey = $TenantFilter
+                RowKey       = Format-RowKey "$Type-Count"
+                DataCount    = [int]$Data.Count
+            }
+
+            Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force | Out-Null
+
+        } else {
+            #Get the existing type entries and nuke them. This ensures we don't have stale data.
+            $Filter = "PartitionKey eq '{0}' and RowKey ge '{1}-' and RowKey lt '{1}0'" -f $TenantFilter, $Type
+            $ExistingEntities = Get-CIPPAzDataTableEntity @Table -Filter $Filter
+            if ($ExistingEntities) {
+                Remove-AzDataTableEntity @Table -Entity $ExistingEntities -Force | Out-Null
+            }
+            $Entities = foreach ($Item in $Data) {
+                $ItemId = $Item.id ?? $Item.ExternalDirectoryObjectId ?? $Item.Identity ?? $Item.skuId
+                @{
+                    PartitionKey = $TenantFilter
+                    RowKey       = Format-RowKey "$Type-$ItemId"
+                    Data         = [string]($Item | ConvertTo-Json -Depth 10 -Compress)
+                    Type         = $Type
+                }
+            }
+            Add-CIPPAzDataTableEntity @Table -Entity $Entities -Force | Out-Null
+
+        }
+
+        Write-LogMessage -API 'CIPPDbItem' -tenant $TenantFilter -message "Added $($Data.Count) items of type $Type$(if ($Count) { ' (count mode)' })" -sev Info
+
+    } catch {
+        Write-LogMessage -API 'CIPPDbItem' -tenant $TenantFilter -message "Failed to add items of type $Type : $($_.Exception.Message)" -sev Error
+        throw
+    }
+}

Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1

@@ -46,8 +46,14 @@ function Add-CIPPScheduledTask {
                 return "Could not run task: $ErrorMessage"
             }
         } else {
+            if (!$Task.RowKey) {
+                $RowKey = (New-Guid).Guid
+            } else {
+                $RowKey = $Task.RowKey
+            }
+
             if ($DisallowDuplicateName) {
-                $Filter = "PartitionKey eq 'ScheduledTask' and Name eq '$($Task.Name)'"
+                $Filter = "PartitionKey eq 'ScheduledTask' and Name eq '$($Task.Name)' and TaskState ne 'Completed' and TaskState ne 'Failed'"
                 $ExistingTask = (Get-CIPPAzDataTableEntity @Table -Filter $Filter)
                 if ($ExistingTask) {
                     return "Task with name $($Task.Name) already exists"
@@ -110,11 +116,7 @@ function Add-CIPPScheduledTask {
             }
             $AdditionalProperties = ([PSCustomObject]$AdditionalProperties | ConvertTo-Json -Compress)
             if ($Parameters -eq 'null') { $Parameters = '' }
-            if (!$Task.RowKey) {
-                $RowKey = (New-Guid).Guid
-            } else {
-                $RowKey = $Task.RowKey
-            }
+
 
             $Recurrence = if ([string]::IsNullOrEmpty($task.Recurrence.value)) {
                 $task.Recurrence
@@ -258,7 +260,46 @@ function Add-CIPPScheduledTask {
                 return "Error - Could not add task: $ErrorMessage"
             }
             Write-LogMessage -headers $Headers -API 'ScheduledTask' -message "Added task $($entity.Name) with ID $($entity.RowKey)" -Sev 'Info' -Tenant $tenantFilter
-            return "Successfully added task: $($entity.Name)"
+
+            # Calculate relative time for next run
+            $scheduledEpoch = [int64]$entity.ScheduledTime
+            $currentTime = [datetime]::UtcNow
+
+            if ($scheduledEpoch -eq 0 -or $scheduledEpoch -le ([int64](($currentTime) - (Get-Date '1/1/1970')).TotalSeconds)) {
+                # Task will run at next 15-minute interval - calculate efficiently
+                $minutesToAdd = 15 - ($currentTime.Minute % 15)
+                $nextRunTime = $currentTime.AddMinutes($minutesToAdd).AddSeconds(-$currentTime.Second).AddMilliseconds(-$currentTime.Millisecond)
+                $timeUntilRun = $nextRunTime - $currentTime
+            } else {
+                # Task is scheduled for a specific time in the future
+                $scheduledTime = [datetime]'1/1/1970' + [TimeSpan]::FromSeconds($scheduledEpoch)
+                $timeUntilRun = $scheduledTime - $currentTime
+            }
+
+            # Format relative time
+            $relativeTime = switch ($timeUntilRun.TotalMinutes) {
+                { $_ -ge 1440 } {
+                    $days = [Math]::Floor($timeUntilRun.TotalDays)
+                    $hours = $timeUntilRun.Hours
+                    $result = "$days day$(if ($days -ne 1) { 's' })"
+                    if ($hours -gt 0) { $result += " and $hours hour$(if ($hours -ne 1) { 's' })" }
+                    $result
+                    break
+                }
+                { $_ -ge 60 } {
+                    $hours = [Math]::Floor($timeUntilRun.TotalHours)
+                    $minutes = $timeUntilRun.Minutes
+                    $result = "$hours hour$(if ($hours -ne 1) { 's' })"
+                    if ($minutes -gt 0) { $result += " and $minutes minute$(if ($minutes -ne 1) { 's' })" }
+                    $result
+                    break
+                }
+                { $_ -ge 2 } { "about $([Math]::Round($_)) minutes"; break }
+                { $_ -ge 1 } { 'about 1 minute'; break }
+                default { 'less than a minute' }
+            }
+
+            return "Successfully added task: $($entity.Name). It will run in $relativeTime."
         }
     } catch {
         Write-Warning "Failed to add scheduled task: $($_.Exception.Message)"

Modules/CIPPCore/Public/Add-CippTestResult.ps1

@@ -0,0 +1,101 @@
+function Add-CippTestResult {
+    <#
+    .SYNOPSIS
+        Adds a test result to the CIPP test results database
+
+    .DESCRIPTION
+        Stores test result data in the CippTestResults table with tenant and test ID as keys
+
+    .PARAMETER TenantFilter
+        The tenant domain or GUID for the test result
+
+    .PARAMETER TestId
+        Unique identifier for the test
+
+    .PARAMETER Status
+        Test status (e.g., Pass, Fail, Skip)
+
+    .PARAMETER ResultMarkdown
+        Markdown formatted result details
+
+    .PARAMETER Risk
+        Risk level (e.g., High, Medium, Low)
+
+    .PARAMETER Name
+        Display name of the test
+
+    .PARAMETER Pillar
+        Security pillar category
+
+    .PARAMETER UserImpact
+        Impact level on users
+
+    .PARAMETER ImplementationEffort
+        Effort required for implementation
+
+    .PARAMETER Category
+        Test category or classification
+
+    .EXAMPLE
+        Add-CippTestResult -TenantFilter 'contoso.onmicrosoft.com' -TestId 'MFA-001' -Status 'Pass' -Name 'MFA Enabled' -Risk 'High'
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantFilter,
+
+        [Parameter(Mandatory = $true)]
+        [string]$TestId,
+
+        [Parameter(Mandatory = $false)]
+        [string]$testType = 'Identity',
+
+        [Parameter(Mandatory = $true)]
+        [string]$Status,
+
+        [Parameter(Mandatory = $false)]
+        [string]$ResultMarkdown,
+
+        [Parameter(Mandatory = $false)]
+        [string]$Risk,
+
+        [Parameter(Mandatory = $false)]
+        [string]$Name,
+
+        [Parameter(Mandatory = $false)]
+        [string]$Pillar,
+
+        [Parameter(Mandatory = $false)]
+        [string]$UserImpact,
+
+        [Parameter(Mandatory = $false)]
+        [string]$ImplementationEffort,
+
+        [Parameter(Mandatory = $false)]
+        [string]$Category
+    )
+
+    try {
+        $Table = Get-CippTable -tablename 'CippTestResults'
+
+        $Entity = @{
+            PartitionKey         = $TenantFilter
+            RowKey               = $TestId
+            Status               = $Status
+            ResultMarkdown       = $ResultMarkdown ?? ''
+            Risk                 = $Risk ?? ''
+            Name                 = $Name ?? ''
+            Pillar               = $Pillar ?? ''
+            UserImpact           = $UserImpact ?? ''
+            ImplementationEffort = $ImplementationEffort ?? ''
+            Category             = $Category ?? ''
+            TestType             = $TestType
+        }
+
+        Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force
+        Write-LogMessage -API 'CIPPTestResults' -tenant $TenantFilter -message "Added test result: $TestId - $Status" -sev Debug
+    } catch {
+        Write-LogMessage -API 'CIPPTestResults' -tenant $TenantFilter -message "Failed to add test result: $($_.Exception.Message)" -sev Error
+        throw
+    }
+}

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertAppSecretExpiry.ps1

@@ -31,6 +31,8 @@ function Get-CIPPAlertAppSecretExpiry {
                         AppName    = $App.displayName
                         AppId      = $App.appId
                         Expires    = $Credential.endDateTime
+                        SecretName = $Credential.displayName
+                        SecretID   = $Credential.keyId
                         Tenant     = $TenantFilter
                     }
                     $AlertData.Add($Message)