|
1 | 1 | using namespace System.Net |
2 | 2 |
|
3 | | -Function Invoke-ExecCombinedSetup { |
| 3 | +function Invoke-ExecCombinedSetup { |
4 | 4 | <# |
5 | 5 | .FUNCTIONALITY |
6 | 6 | Entrypoint,AnyTenant |
7 | 7 | .ROLE |
8 | 8 | CIPP.AppSettings.ReadWrite |
9 | 9 | #> |
| 10 | + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')] |
10 | 11 | [CmdletBinding()] |
11 | 12 | param($Request, $TriggerMetadata) |
12 | 13 | #Make arraylist of Results |
13 | 14 | $Results = [System.Collections.ArrayList]::new() |
14 | 15 | try { |
| 16 | + # Set up Azure context if needed for Key Vault access |
| 17 | + if ($env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true' -and $env:MSI_SECRET) { |
| 18 | + Disable-AzContextAutosave -Scope Process | Out-Null |
| 19 | + $null = Connect-AzAccount -Identity |
| 20 | + $SubscriptionId = $env:WEBSITE_OWNER_NAME -split '\+' | Select-Object -First 1 |
| 21 | + $null = Set-AzContext -SubscriptionId $SubscriptionId |
| 22 | + } |
15 | 23 | if ($request.body.selectedBaselines -and $request.body.baselineOption -eq 'downloadBaselines') { |
16 | 24 | #do a single download of the selected baselines. |
17 | 25 | foreach ($template in $request.body.selectedBaselines) { |
@@ -56,6 +64,47 @@ Function Invoke-ExecCombinedSetup { |
56 | 64 | $notificationResults = Set-CIPPNotificationConfig @notificationConfig |
57 | 65 | $Results.add($notificationResults) |
58 | 66 | } |
| 67 | + if ($Request.Body.selectedOption -eq 'Manual') { |
| 68 | + $KV = $env:WEBSITE_DEPLOYMENT_ID |
| 69 | + |
| 70 | + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { |
| 71 | + $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' |
| 72 | + $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'" |
| 73 | + if (!$Secret) { |
| 74 | + $Secret = [PSCustomObject]@{ |
| 75 | + 'PartitionKey' = 'Secret' |
| 76 | + 'RowKey' = 'Secret' |
| 77 | + 'TenantId' = '' |
| 78 | + 'RefreshToken' = '' |
| 79 | + 'ApplicationId' = '' |
| 80 | + 'ApplicationSecret' = '' |
| 81 | + } |
| 82 | + Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force |
| 83 | + } |
| 84 | + |
| 85 | + if ($Request.Body.tenantId) { $Secret.TenantId = $Request.Body.tenantid } |
| 86 | + if ($Request.Body.applicationId) { $Secret.ApplicationId = $Request.Body.applicationId } |
| 87 | + if ($Request.Body.ApplicationSecret) { $Secret.ApplicationSecret = $Request.Body.ApplicationSecret } |
| 88 | + Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force |
| 89 | + $Results.add('Manual credentials have been set in the DevSecrets table.') |
| 90 | + } else { |
| 91 | + if ($Request.Body.tenantId) { |
| 92 | + Set-AzKeyVaultSecret -VaultName $kv -Name 'tenantid' -SecretValue (ConvertTo-SecureString -String $Request.Body.tenantId -AsPlainText -Force) |
| 93 | + $Results.add('Set tenant ID in Key Vault.') |
| 94 | + } |
| 95 | + if ($Request.Body.applicationId) { |
| 96 | + Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $Request.Body.applicationId -AsPlainText -Force) |
| 97 | + $Results.add('Set application ID in Key Vault.') |
| 98 | + } |
| 99 | + if ($Request.Body.applicationSecret) { |
| 100 | + Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $Request.Body.applicationSecret -AsPlainText -Force) |
| 101 | + $Results.add('Set application secret in Key Vault.') |
| 102 | + } |
| 103 | + } |
| 104 | + |
| 105 | + $Results.add('Manual credentials setup has been completed.') |
| 106 | + } |
| 107 | + |
59 | 108 | $Results.add('Setup is now complete. You may navigate away from this page and start using CIPP.') |
60 | 109 | #one more force of reauth so env vars update. |
61 | 110 | $auth = Get-CIPPAuthentication |
|
0 commit comments