Merge pull request #262 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecJITAdminListAllTenants.ps1

@@ -0,0 +1,111 @@
+function Push-ExecJITAdminListAllTenants {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    param($Item)
+
+    $Tenant = Get-Tenants -TenantFilter $Item.customerId
+    $DomainName = $Tenant.defaultDomainName
+    $Table = Get-CIPPTable -TableName CacheJITAdmin
+
+    try {
+        # Get schema extensions
+        $Schema = Get-CIPPSchemaExtensions | Where-Object { $_.id -match '_cippUser' } | Select-Object -First 1
+
+        # Query users with JIT Admin enabled
+        $Query = @{
+            TenantFilter = $DomainName # Use $DomainName for the current tenant
+            Endpoint     = 'users'
+            Parameters   = @{
+                '$count'  = 'true'
+                '$select' = "id,accountEnabled,displayName,userPrincipalName,$($Schema.id)"
+                '$filter' = "$($Schema.id)/jitAdminEnabled eq true or $($Schema.id)/jitAdminEnabled eq false" # Fetches both states to cache current status
+            }
+        }
+        $Users = Get-GraphRequestList @Query | Where-Object { $_.id }
+
+        if ($Users) {
+            # Get role memberships
+            $BulkRequests = $Users | ForEach-Object { @(
+                    @{
+                        id     = $_.id
+                        method = 'GET'
+                        url    = "users/$($_.id)/memberOf/microsoft.graph.directoryRole/?`$select=id,displayName"
+                    }
+                )
+            }
+            # Ensure $BulkRequests is not empty or null before making the bulk request
+            if ($BulkRequests -and $BulkRequests.Count -gt 0) {
+                $RoleResults = New-GraphBulkRequest -tenantid $DomainName -Requests @($BulkRequests)
+
+                # Format the data
+                $Results = $Users | ForEach-Object {
+                    $currentUser = $_ # Capture current user in the loop
+                    $MemberOf = @() # Initialize as empty array
+                    if ($RoleResults) {
+                        $userRoleResult = $RoleResults | Where-Object -Property id -EQ $currentUser.id
+                        if ($userRoleResult -and $userRoleResult.body -and $userRoleResult.body.value) {
+                            $MemberOf = $userRoleResult.body.value | Select-Object displayName, id
+                        }
+                    }
+
+                    $jitAdminData = $currentUser.($Schema.id)
+                    $jitAdminEnabled = if ($jitAdminData -and $jitAdminData.PSObject.Properties['jitAdminEnabled']) { $jitAdminData.jitAdminEnabled } else { $false }
+                    $jitAdminExpiration = if ($jitAdminData -and $jitAdminData.PSObject.Properties['jitAdminExpiration']) { $jitAdminData.jitAdminExpiration } else { $null }
+
+                    [PSCustomObject]@{
+                        id                 = $currentUser.id
+                        displayName        = $currentUser.displayName
+                        userPrincipalName  = $currentUser.userPrincipalName
+                        accountEnabled     = $currentUser.accountEnabled
+                        jitAdminEnabled    = $jitAdminEnabled
+                        jitAdminExpiration = $jitAdminExpiration
+                        memberOf           = ($MemberOf | ConvertTo-Json -Depth 5 -Compress)
+                    }
+                }
+
+                # Add to Azure Table
+                foreach ($result in $Results) {
+                    $GUID = (New-Guid).Guid
+                    Write-Host ($result | ConvertTo-Json -Depth 10 -Compress)
+                    $GraphRequest = @{
+                        JITAdminUser = [string]($result | ConvertTo-Json -Depth 10 -Compress)
+                        RowKey       = [string]$GUID
+                        PartitionKey = 'JITAdminUser'
+                        Tenant       = [string]$DomainName
+                        UserId       = [string]$result.id # Add UserId for easier querying if needed
+                        UserUPN      = [string]$result.userPrincipalName # Add UserUPN for easier querying
+                    }
+                    Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
+                }
+            } else {
+                # No users with JIT Admin attributes found, or no users at all
+                Write-Host "No JIT Admin users or no users found to process for tenant $DomainName."
+            }
+        } else {
+            Write-Host "No users found for tenant $DomainName."
+        }
+
+    } catch {
+        $GUID = (New-Guid).Guid
+        $ErrorMessage = "Could not process JIT Admin users for Tenant: $($DomainName). Error: $($_.Exception.Message)"
+        if ($_.ScriptStackTrace) {
+            $ErrorMessage += " StackTrace: $($_.ScriptStackTrace)"
+        }
+        $ErrorJson = ConvertTo-Json -InputObject @{
+            Tenant    = $DomainName
+            Error     = $ErrorMessage
+            Exception = ($_.Exception.Message | ConvertTo-Json -Depth 3 -Compress)
+            Timestamp = (Get-Date).ToString('s')
+        }
+        $GraphRequest = @{
+            JITAdminUser = [string]$ErrorJson
+            RowKey       = [string]$GUID
+            PartitionKey = 'JITAdminUser'
+            Tenant       = [string]$DomainName
+        }
+        Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
+        Write-Error ('Error processing JIT Admin for {0}: {1}' -f $DomainName, $_.Exception.Message)
+    }
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAddAlert.ps1

@@ -17,6 +17,21 @@ function Invoke-ExecAddAlert {
     $Severity = 'Alert'
 
     $Result = if ($Request.Body.sendEmailNow -or $Request.Body.sendWebhookNow -eq $true -or $Request.Body.writeLog -eq $true -or $Request.Body.sendPsaNow -eq $true) {
+        $sev = ([pscustomobject]$Request.body.Severity).value -join (',')
+        if ($Request.body.email -or $Request.body.webhook) {
+            Write-Host 'found config, setting'
+            $config = @{
+                email             = $Request.body.email
+                webhook           = $Request.body.webhook
+                onepertenant      = $Request.body.onePerTenant
+                logsToInclude     = $Request.body.logsToInclude
+                sendtoIntegration = $true
+                sev               = $sev
+            }
+            Write-Host "setting notification config to $($config | ConvertTo-Json)"
+            $Results = Set-cippNotificationConfig @Config
+            Write-Host $Results
+        }
         $Title = 'CIPP Notification Test'
         if ($Request.Body.sendEmailNow -eq $true) {
             $CIPPAlert = @{

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1

@@ -14,36 +14,16 @@ Function Invoke-ExecNotificationConfig {
     $Headers = $Request.Headers
     Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
-
-
     $sev = ([pscustomobject]$Request.body.Severity).value -join (',')
-    $results = try {
-        $Table = Get-CIPPTable -TableName SchedulerConfig
-        $SchedulerConfig = @{
-            'tenant'            = 'Any'
-            'tenantid'          = 'TenantId'
-            'type'              = 'CIPPNotifications'
-            'schedule'          = 'Every 15 minutes'
-            'Severity'          = [string]$sev
-            'email'             = "$($Request.Body.email)"
-            'webhook'           = "$($Request.Body.webhook)"
-            'onePerTenant'      = [boolean]$Request.Body.onePerTenant
-            'sendtoIntegration' = [boolean]$Request.Body.sendtoIntegration
-            'includeTenantId'   = [boolean]$Request.Body.includeTenantId
-            'PartitionKey'      = 'CippNotifications'
-            'RowKey'            = 'CippNotifications'
-        }
-        foreach ($logvalue in [pscustomobject]$Request.body.logsToInclude) {
-            $SchedulerConfig[([pscustomobject]$logvalue.value)] = $true
-        }
-
-        Add-CIPPAzDataTableEntity @Table -Entity $SchedulerConfig -Force | Out-Null
-        'Successfully set the configuration'
-    } catch {
-        "Failed to set configuration: $($_.Exception.message)"
+    $config = @{
+        email             = $Request.body.email
+        webhook           = $Request.body.webhook
+        onepertenant      = $Request.body.onePerTenant
+        logsToInclude     = $Request.body.logsToInclude
+        sendtoIntegration = $Request.body.sendtoIntegration
+        sev               = $sev
     }
-
-
+    $Results = Set-cippNotificationConfig @Config
     $body = [pscustomobject]@{'Results' = $Results }
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-AddGroupTemplate {
+function Invoke-AddGroupTemplate {
     <#
     .FUNCTIONALITY
         Entrypoint,AnyTenant
@@ -13,27 +13,27 @@ Function Invoke-AddGroupTemplate {
     $Headers = $Request.Headers
     Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
-    $GUID = (New-Guid).GUID
+    $GUID = $Request.Body.GUID ?? (New-Guid).GUID
     try {
-        if (!$Request.body.displayname) { throw 'You must enter a displayname' }
+        if (!$Request.Body.displayname) { throw 'You must enter a displayname' }
 
         $object = [PSCustomObject]@{
-            Displayname     = $request.body.displayName
-            Description     = $request.body.description
-            groupType       = $request.body.groupType
-            MembershipRules = $request.body.membershipRules
-            allowExternal   = $request.body.allowExternal
-            username        = $request.body.username
+            displayName     = $Request.Body.displayName
+            description     = $Request.Body.description
+            groupType       = $Request.Body.groupType
+            membershipRules = $Request.Body.membershipRules
+            allowExternal   = $Request.Body.allowExternal
+            username        = $Request.Body.username
             GUID            = $GUID
         } | ConvertTo-Json
         $Table = Get-CippTable -tablename 'templates'
         $Table.Force = $true
-        Add-CIPPAzDataTableEntity @Table -Entity @{
+        Add-CIPPAzDataTableEntity @Table -Force -Entity @{
             JSON         = "$object"
             RowKey       = "$GUID"
             PartitionKey = 'GroupTemplate'
         }
-        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Group template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug'
+        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Group template named $($Request.Body.displayname) with GUID $GUID" -Sev 'Debug'
 
         $body = [pscustomobject]@{'Results' = 'Successfully added template' }
     } catch {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupTemplates.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ListGroupTemplates {
+function Invoke-ListGroupTemplates {
     <#
     .FUNCTIONALITY
         Entrypoint,AnyTenant
@@ -22,8 +22,15 @@ Function Invoke-ListGroupTemplates {
     $Filter = "PartitionKey eq 'GroupTemplate'"
     $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object {
         $data = $_.JSON | ConvertFrom-Json
-        $data | Add-Member -MemberType NoteProperty -Name GUID -Value $_.RowKey -Force
-        $data
+        [PSCustomObject]@{
+            displayName     = $data.displayName
+            description     = $data.description
+            groupType       = $data.groupType
+            membershipRules = $data.membershipRules
+            allowExternal   = $data.allowExternal
+            username        = $data.username
+            GUID            = $_.RowKey
+        }
     } | Sort-Object -Property displayName
 
     if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property GUID -EQ $Request.query.id }