Merge pull request #442 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 440c1bf18e21 · 2025-09-08T00:41:11.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Config/SchedulerRateLimits.json b/Config/SchedulerRateLimits.json
@@ -0,0 +1,10 @@
+[
+  {
+    "Command": "Sync-CIPPExtensionData",
+    "MaxRequests": 50
+  },
+  {
+    "Command": "Push-CIPPExtensionData",
+    "MaxRequests": 30
+  }
+]
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecAddTrustedIP {
+function Invoke-ExecAddTrustedIP {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -11,12 +11,13 @@ Function Invoke-ExecAddTrustedIP {
     param($Request, $TriggerMetadata)
 
     $Table = Get-CippTable -tablename 'trustedIps'
-    Add-CIPPAzDataTableEntity @Table -Entity @{
-        PartitionKey = $Request.Body.tenantfilter
-        RowKey       = $Request.Body.IP
-        state        = $Request.Body.State
-    } -Force
-
+    foreach ($IP in $Request.body.IP) {
+        Add-CIPPAzDataTableEntity @Table -Entity @{
+            PartitionKey = $Request.Body.tenantfilter
+            RowKey       = $IP
+            state        = $Request.Body.State
+        } -Force
+    }
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
             Body       = @{ results = "Added $($Request.Body.IP) to database with state $($Request.Body.State) for $($Request.Body.tenantfilter)" }
diff --git a/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-UserTasksOrchestrator.ps1 b/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-UserTasksOrchestrator.ps1
@@ -10,10 +10,39 @@ function Start-UserTasksOrchestrator {
     $1HourAgo = (Get-Date).AddHours(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
     $Filter = "PartitionKey eq 'ScheduledTask' and (TaskState eq 'Planned' or TaskState eq 'Failed - Planned' or (TaskState eq 'Running' and Timestamp lt datetime'$1HourAgo'))"
     $tasks = Get-CIPPAzDataTableEntity @Table -Filter $Filter
+
+    $RateLimitTable = Get-CIPPTable -tablename 'SchedulerRateLimits'
+    $RateLimits = Get-CIPPAzDataTableEntity @RateLimitTable -Filter "PartitionKey eq 'SchedulerRateLimits'"
+
+    $CIPPCoreModuleRoot = Get-Module -Name CIPPCore | Select-Object -ExpandProperty ModuleBase
+    $CIPPRoot = (Get-Item $CIPPCoreModuleRoot).Parent.Parent
+    $DefaultRateLimits = Get-Content -Path "$CIPPRoot/Config/SchedulerRateLimits.json" | ConvertFrom-Json
+    $NewRateLimits = foreach ($Limit in $DefaultRateLimits) {
+        if ($Limit.Command -notin $RateLimits.RowKey) {
+            @{
+                PartitionKey = 'SchedulerRateLimits'
+                RowKey       = $Limit.Command
+                MaxRequests  = $Limit.MaxRequests
+            }
+        }
+    }
+
+    if ($NewRateLimits) {
+        $null = Add-CIPPAzDataTableEntity @RateLimitTable -Entity $NewRateLimits -Force
+        $RateLimits = Get-CIPPAzDataTableEntity @RateLimitTable -Filter "PartitionKey eq 'SchedulerRateLimits'"
+    }
+
+    # Create a hashtable for quick rate limit lookups
+    $RateLimitLookup = @{}
+    foreach ($limit in $RateLimits) {
+        $RateLimitLookup[$limit.RowKey] = $limit.MaxRequests
+    }
+
     $Batch = [System.Collections.Generic.List[object]]::new()
     $TenantList = Get-Tenants -IncludeErrors
     foreach ($task in $tasks) {
         $tenant = $task.Tenant
+
         $currentUnixTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
         if ($currentUnixTime -ge $task.ScheduledTime) {
             try {
@@ -113,21 +142,62 @@ function Start-UserTasksOrchestrator {
             }
         }
     }
+
+    Write-Information 'Batching tasks for execution...'
+    Write-Information "Total tasks to process: $($Batch.Count)"
+
     if (($Batch | Measure-Object).Count -gt 0) {
-        # Create queue entry
-        $Queue = New-CippQueueEntry -Name 'Scheduled Tasks' -TotalTasks ($Batch | Measure-Object).Count
-        $QueueId = $Queue.RowKey
-        $Batch = $Batch | Select-Object *, @{Name = 'QueueId'; Expression = { $QueueId } }, @{Name = 'QueueName'; Expression = { '{0} - {1}' -f $_.TaskInfo.Name, ($_.TaskInfo.Tenant -ne 'AllTenants' ? $_.TaskInfo.Tenant : $_.Parameters.TenantFilter) } }
-
-        $InputObject = [PSCustomObject]@{
-            OrchestratorName = 'UserTaskOrchestrator'
-            Batch            = @($Batch)
-            SkipLog          = $true
+        # Group commands by type and apply rate limits
+        $CommandGroups = $Batch | Group-Object -Property Command
+        $ProcessedBatches = [System.Collections.Generic.List[object]]::new()
+
+        foreach ($CommandGroup in $CommandGroups) {
+            $CommandName = $CommandGroup.Name
+            $Commands = [System.Collections.Generic.List[object]]::new($CommandGroup.Group)
+
+            # Get rate limit for this command (default to 100 if not found)
+            $MaxItemsPerBatch = if ($RateLimitLookup.ContainsKey($CommandName)) {
+                $RateLimitLookup[$CommandName]
+            } else {
+                100
+            }
+
+            # Split into batches based on rate limit
+            while ($Commands.Count -gt 0) {
+                $BatchSize = [Math]::Min($Commands.Count, $MaxItemsPerBatch)
+                $CommandBatch = [System.Collections.Generic.List[object]]::new()
+
+                for ($i = 0; $i -lt $BatchSize; $i++) {
+                    $CommandBatch.Add($Commands[0])
+                    $Commands.RemoveAt(0)
+                }
+
+                $ProcessedBatches.Add($CommandBatch)
+            }
         }
-        #Write-Host ($InputObject | ConvertTo-Json -Depth 10)
 
-        if ($PSCmdlet.ShouldProcess('Start-UserTasksOrchestrator', 'Starting User Tasks Orchestrator')) {
-            Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 10 -Compress)
+        # Process each batch separately
+        foreach ($ProcessedBatch in $ProcessedBatches) {
+            Write-Information "Processing batch with $($ProcessedBatch.Count) tasks..."
+            Write-Information 'Tasks by command:'
+            $ProcessedBatch | Group-Object -Property Command | ForEach-Object {
+                Write-Information " - $($_.Name): $($_.Count)"
+            }
+
+            # Create queue entry for each batch
+            $Queue = New-CippQueueEntry -Name "Scheduled Tasks - Batch #$($ProcessedBatches.IndexOf($ProcessedBatch) + 1) of $($ProcessedBatches.Count)"
+            $QueueId = $Queue.RowKey
+            $BatchWithQueue = $ProcessedBatch | Select-Object *, @{Name = 'QueueId'; Expression = { $QueueId } }, @{Name = 'QueueName'; Expression = { '{0} - {1}' -f $_.TaskInfo.Name, ($_.TaskInfo.Tenant -ne 'AllTenants' ? $_.TaskInfo.Tenant : $_.Parameters.TenantFilter) } }
+
+            $InputObject = [PSCustomObject]@{
+                OrchestratorName = 'UserTaskOrchestrator'
+                Batch            = @($BatchWithQueue)
+                SkipLog          = $true
+            }
+
+            if ($PSCmdlet.ShouldProcess('Start-UserTasksOrchestrator', 'Starting User Tasks Orchestrator')) {
+                Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 10 -Compress)
+            }
         }
     }
 }
diff --git a/Modules/CIPPCore/Public/Get-CIPPDrift.ps1 b/Modules/CIPPCore/Public/Get-CIPPDrift.ps1
@@ -29,6 +29,24 @@ function Get-CIPPDrift {
         [switch]$AllTenants
     )
 
+
+    $IntuneTable = Get-CippTable -tablename 'templates'
+    $IntuneFilter = "PartitionKey eq 'IntuneTemplate'"
+    $RawIntuneTemplates = (Get-CIPPAzDataTableEntity @IntuneTable -Filter $IntuneFilter)
+    $AllIntuneTemplates = $RawIntuneTemplates | ForEach-Object {
+        try {
+            $JSONData = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue
+            $data = $JSONData.RAWJson | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue
+            $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $JSONData.Displayname -Force
+            $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $JSONData.Description -Force
+            $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force
+            $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force
+            $data
+        } catch {
+            # Skip invalid templates
+        }
+    } | Sort-Object -Property displayName
+
     try {
         $AlignmentData = Get-CIPPTenantAlignment -TenantFilter $TenantFilter -TemplateId $TemplateId | Where-Object -Property standardType -EQ 'drift'
         if (-not $AlignmentData) {
@@ -64,16 +82,24 @@ function Get-CIPPDrift {
                         } else {
                             'New'
                         }
+                        #if the $ComparisonItem.StandardName contains *intuneTemplate*, then it's an Intune policy deviation, and we need to grab the correct displayname from the template table
+                        if ($ComparisonItem.StandardName -like '*intuneTemplate*') {
+                            $CompareGuid = $ComparisonItem.StandardName.Split('.') | Select-Object -Index 2
+                            Write-Host "Extracted GUID: $CompareGuid"
+                            $Template = $AllIntuneTemplates | Where-Object { $_.GUID -like "*$CompareGuid*" }
+                            if ($Template) { $displayName = $Template.displayName }
+                        }
                         $reason = if ($ExistingDriftStates.ContainsKey($ComparisonItem.StandardName)) { $ExistingDriftStates[$ComparisonItem.StandardName].Reason }
                         $User = if ($ExistingDriftStates.ContainsKey($ComparisonItem.StandardName)) { $ExistingDriftStates[$ComparisonItem.StandardName].User }
                         $StandardsDeviations.Add([PSCustomObject]@{
-                                standardName      = $ComparisonItem.StandardName
-                                expectedValue     = 'Compliant'
-                                receivedValue     = $ComparisonItem.StandardValue
-                                state             = 'current'
-                                Status            = $Status
-                                Reason            = $reason
-                                lastChangedByUser = $User
+                                standardName        = $ComparisonItem.StandardName
+                                standardDisplayName = $displayName
+                                expectedValue       = 'Compliant'
+                                receivedValue       = $ComparisonItem.StandardValue
+                                state               = 'current'
+                                Status              = $Status
+                                Reason              = $reason
+                                lastChangedByUser   = $User
                             })
                     }
                 }
@@ -194,22 +220,6 @@ function Get-CIPPDrift {
             # Get actual Intune templates from templates table
             if ($IntuneTemplateIds.Count -gt 0) {
                 try {
-                    $IntuneTable = Get-CippTable -tablename 'templates'
-                    $IntuneFilter = "PartitionKey eq 'IntuneTemplate'"
-                    $RawIntuneTemplates = (Get-CIPPAzDataTableEntity @IntuneTable -Filter $IntuneFilter)
-                    $AllIntuneTemplates = $RawIntuneTemplates | ForEach-Object {
-                        try {
-                            $JSONData = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue
-                            $data = $JSONData.RAWJson | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue
-                            $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $JSONData.Displayname -Force
-                            $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $JSONData.Description -Force
-                            $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force
-                            $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force
-                            $data
-                        } catch {
-                            # Skip invalid templates
-                        }
-                    } | Sort-Object -Property displayName
 
                     $TemplateIntuneTemplates = $AllIntuneTemplates | Where-Object { $_.GUID -in $IntuneTemplateIds }
                 } catch {
@@ -222,7 +232,6 @@ function Get-CIPPDrift {
                 $PolicyFound = $false
                 $tenantPolicy.policy | Add-Member -MemberType NoteProperty -Name 'URLName' -Value $TenantPolicy.Type -Force
                 $TenantPolicyName = if ($TenantPolicy.Policy.displayName) { $TenantPolicy.Policy.displayName } else { $TenantPolicy.Policy.name }
-
                 foreach ($TemplatePolicy in $TemplateIntuneTemplates) {
                     $TemplatePolicyName = if ($TemplatePolicy.displayName) { $TemplatePolicy.displayName } else { $TemplatePolicy.name }
 
diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1
