Merge pull request #498 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Alerts/Get-CippAlertBreachAlert.ps1

@@ -12,7 +12,7 @@ function Get-CippAlertBreachAlert {
     )
     try {
         $Search = New-BreachTenantSearch -TenantFilter $TenantFilter
-        Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $Search
+        Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $Search -PartitionKey BreachAlert
     } catch {
         Write-AlertMessage -tenant $($TenantFilter) -message "Could not get New Breaches for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
     }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListTenantAllowBlockListAllTenants.ps1

@@ -0,0 +1,46 @@
+function Push-ListTenantAllowBlockListAllTenants {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Item)
+
+    $Tenant = Get-Tenants -TenantFilter $Item.customerId
+    $domainName = $Tenant.defaultDomainName
+    $Table = Get-CIPPTable -TableName 'cacheTenantAllowBlockList'
+    $ListTypes = 'Sender', 'Url', 'FileHash', 'IP'
+
+    try {
+        foreach ($ListType in $ListTypes) {
+            $Entries = New-ExoRequest -tenantid $domainName -cmdlet 'Get-TenantAllowBlockListItems' -cmdParams @{ ListType = $ListType }
+            foreach ($Entry in $Entries) {
+                $CleanEntry = $Entry | Select-Object -ExcludeProperty *'@data.type'*, *'(DateTime])'*
+                $CleanEntry | Add-Member -MemberType NoteProperty -Name Tenant -Value $domainName -Force
+                $CleanEntry | Add-Member -MemberType NoteProperty -Name ListType -Value $ListType -Force
+                $Entity = @{
+                    Entry        = [string]($CleanEntry | ConvertTo-Json -Depth 10 -Compress)
+                    RowKey       = [string](New-Guid).Guid
+                    PartitionKey = 'TenantAllowBlockList'
+                    Tenant       = [string]$domainName
+                }
+                Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force | Out-Null
+            }
+        }
+    } catch {
+        $ErrorEntry = [pscustomobject]@{
+            Tenant      = $domainName
+            ListType    = 'Error'
+            Identity    = 'Error'
+            DisplayName = "Could not retrieve tenant allow/block list: $($_.Exception.Message)"
+            Timestamp   = (Get-Date).ToString('s')
+        }
+        $Entity = @{
+            Entry        = [string]($ErrorEntry | ConvertTo-Json -Depth 10 -Compress)
+            RowKey       = [string](New-Guid).Guid
+            PartitionKey = 'TenantAllowBlockList'
+            Tenant       = [string]$domainName
+        }
+        Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force | Out-Null
+    }
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-AddTenantAllowBlockList.ps1

@@ -1,4 +1,4 @@
-Function Invoke-AddTenantAllowBlockList {
+function Invoke-AddTenantAllowBlockList {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -9,14 +9,24 @@ Function Invoke-AddTenantAllowBlockList {
     param($Request, $TriggerMetadata)
 
     $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
     $BlockListObject = $Request.Body
-    if ($Request.Body.tenantId -eq 'AllTenants') { $Tenants = (Get-Tenants).defaultDomainName } else { $Tenants = @($Request.body.tenantId) }
+    $TenantID = $Request.Body.tenantID.value ?? $Request.Body.tenantID
+
+    if ($TenantID -eq 'AllTenants') {
+        $Tenants = (Get-Tenants).defaultDomainName
+    } elseif ($TenantID -is [array]) {
+        $Tenants = $TenantID
+    } else {
+        $Tenants = @($TenantID)
+    }
     $Results = [System.Collections.Generic.List[string]]::new()
     $Entries = @()
     if ($BlockListObject.entries -is [array]) {
         $Entries = $BlockListObject.entries
     } else {
-        $Entries = @($BlockListObject.entries -split "[,;]" | Where-Object { $_ -ne "" } | ForEach-Object { $_.Trim() })
+        $Entries = @($BlockListObject.entries -split '[,;]' | Where-Object { -not [string]::IsNullOrWhiteSpace($_) } | ForEach-Object { $_.Trim() })
     }
     foreach ($Tenant in $Tenants) {
         try {
@@ -38,19 +48,20 @@ Function Invoke-AddTenantAllowBlockList {
             }
 
             New-ExoRequest @ExoRequest
-
-            $results.add("Successfully added $($BlockListObject.Entries) as type $($BlockListObject.ListType) to the $($BlockListObject.listMethod) list for $tenant")
-            Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Tenant -message $result -Sev 'Info'
+            $Result = "Successfully added $($BlockListObject.Entries) as type $($BlockListObject.ListType) to the $($BlockListObject.listMethod) list for $tenant"
+            $Results.Add($Result)
+            Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message $Result -Sev 'Info'
         } catch {
-            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-            $results.add("Failed to create blocklist. Error: $ErrorMessage")
-            Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Tenant -message $result -Sev 'Error'
+            $ErrorMessage = Get-CippException -Exception $_
+            $Result = "Failed to create blocklist. Error: $($ErrorMessage.NormalizedError)"
+            $Results.Add($Result)
+            Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message $Result -Sev 'Error' -LogData $ErrorMessage
         }
     }
     return ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
             Body       = @{
-                'Results' = $results
+                'Results' = $Results
                 'Request' = $ExoRequest
             }
         })

Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1

@@ -1,4 +1,4 @@
-Function Invoke-ListTenantAllowBlockList {
+function Invoke-ListTenantAllowBlockList {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -11,21 +11,74 @@ Function Invoke-ListTenantAllowBlockList {
     $TenantFilter = $Request.Query.tenantFilter
     $ListTypes = 'Sender', 'Url', 'FileHash', 'IP'
     try {
-        $Results = $ListTypes | ForEach-Object -Parallel {
-            Import-Module CIPPCore
-            $TempResults = New-ExoRequest -tenantid $using:TenantFilter -cmdlet 'Get-TenantAllowBlockListItems' -cmdParams @{ListType = $_ }
-            $TempResults | Add-Member -MemberType NoteProperty -Name ListType -Value $_
-            $TempResults | Select-Object -ExcludeProperty *'@data.type'*, *'(DateTime])'*
-        } -ThrottleLimit 5
-
+        if ($TenantFilter -ne 'AllTenants') {
+            $Results = $ListTypes | ForEach-Object -Parallel {
+                Import-Module CIPPCore
+                $TempResults = New-ExoRequest -tenantid $using:TenantFilter -cmdlet 'Get-TenantAllowBlockListItems' -cmdParams @{ ListType = $_ }
+                $TempResults | Add-Member -MemberType NoteProperty -Name ListType -Value $_ -Force
+                $TempResults | Add-Member -MemberType NoteProperty -Name Tenant -Value $using:TenantFilter -Force
+                $TempResults | Select-Object -ExcludeProperty *'@data.type'*, *'(DateTime])'*
+            } -ThrottleLimit 5
+            $Metadata = [PSCustomObject]@{}
+        } else {
+            $Table = Get-CIPPTable -TableName 'cacheTenantAllowBlockList'
+            $PartitionKey = 'TenantAllowBlockList'
+            $Filter = "PartitionKey eq '$PartitionKey'"
+            $Rows = Get-CIPPAzDataTableEntity @Table -filter $Filter | Where-Object -Property Timestamp -GT (Get-Date).AddMinutes(-60)
+            $QueueReference = '{0}-{1}' -f $TenantFilter, $PartitionKey
+            $RunningQueue = Invoke-ListCippQueue -Reference $QueueReference | Where-Object { $_.Status -notmatch 'Completed' -and $_.Status -notmatch 'Failed' }
+            if ($RunningQueue) {
+                $Metadata = [PSCustomObject]@{
+                    QueueMessage = 'Still loading data for all tenants. Please check back in a few more minutes'
+                    QueueId      = $RunningQueue.RowKey
+                }
+                $Results = @()
+            } elseif (!$Rows -and !$RunningQueue) {
+                $TenantList = Get-Tenants -IncludeErrors
+                $Queue = New-CippQueueEntry -Name 'Tenant Allow/Block List - All Tenants' -Link '/tenant/administration/allow-block-list?customerId=AllTenants' -Reference $QueueReference -TotalTasks ($TenantList | Measure-Object).Count
+                $Metadata = [PSCustomObject]@{
+                    QueueMessage = 'Loading data for all tenants. Please check back in a few minutes'
+                    QueueId      = $Queue.RowKey
+                }
+                $InputObject = [PSCustomObject]@{
+                    OrchestratorName = 'TenantAllowBlockListOrchestrator'
+                    QueueFunction    = @{
+                        FunctionName = 'GetTenants'
+                        QueueId      = $Queue.RowKey
+                        TenantParams = @{
+                            IncludeErrors = $true
+                        }
+                        DurableName  = 'ListTenantAllowBlockListAllTenants'
+                    }
+                    SkipLog          = $true
+                }
+                Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress) | Out-Null
+                $Results = @()
+            } else {
+                $Metadata = [PSCustomObject]@{
+                    QueueId = $RunningQueue.RowKey ?? $null
+                }
+                $Results = foreach ($Row in $Rows) {
+                    $Row.Entry | ConvertFrom-Json
+                }
+            }
+        }
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
         $StatusCode = [HttpStatusCode]::Forbidden
         $Results = $ErrorMessage
     }
-    return [HttpResponseContext]@{
-            StatusCode = $StatusCode
-            Body       = @($Results)
+
+    if (!$Body) {
+        $Body = [PSCustomObject]@{
+            Results  = @($Results)
+            Metadata = $Metadata
         }
+    }
+
+    return [HttpResponseContext]@{
+        StatusCode = $StatusCode
+        Body       = $Body
+    }
 }

Modules/CIPPCore/Public/GraphHelper/Write-AlertTrace.ps1

@@ -6,10 +6,10 @@ function Write-AlertTrace {
     param(
         $cmdletName,
         $data,
-        $tenantFilter
+        $tenantFilter,
+        [string]$PartitionKey = (Get-Date -UFormat '%Y%m%d').ToString()
     )
     $Table = Get-CIPPTable -tablename AlertLastRun
-    $PartitionKey = (Get-Date -UFormat '%Y%m%d').ToString()
     #Get current row and compare the $logData object. If it's the same, don't write it.
     $Row = Get-CIPPAzDataTableEntity @table -Filter "RowKey eq '$($tenantFilter)-$($cmdletName)' and PartitionKey eq '$PartitionKey'"
     try {

Modules/CIPPCore/Public/PermissionsTranslator.json

@@ -5328,12 +5328,12 @@
     "value": "AllSites.FullControl"
   },
   {
-    "description": "Allows to read the LAPs passwords.",
-    "displayName": "Manage LAPs passwords",
+    "description": "Allows to read the LAPS passwords.",
+    "displayName": "Manage LAPS passwords",
     "id": "280b3b69-0437-44b1-bc20-3b2fca1ee3e9",
     "Origin": "Delegated",
-    "userConsentDescription": "Allows to read the LAPs passwords.",
-    "userConsentDisplayName": "Manage LAPs passwords",
+    "userConsentDescription": "Allows to read the LAPS passwords.",
+    "userConsentDisplayName": "Manage LAPS passwords",
     "value": "DeviceLocalCredential.Read.All"
   },
   {

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1

@@ -59,7 +59,7 @@ function Invoke-CIPPStandardAutopilotProfile {
         if ($Settings.NotLocalAdmin -eq $true) { $userType = 'Standard' } else { $userType = 'Administrator' }
         if ($Settings.SelfDeployingMode -eq $true) {
             $DeploymentMode = 'shared'
-            $Setings.AllowWhiteGlove = $false
+            $Settings.AllowWhiteGlove = $false
         } else {
             $DeploymentMode = 'singleUser'
         }