improve template imports

bring in named location data

Author: JohnDuprey

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1

@@ -172,8 +172,14 @@ function Invoke-ExecCommunityRepo {
                         Write-Host 'Found a migration table, getting contents'
                         $MigrationTable = (Get-GitHubFileContents -FullName $FullName -Branch $Branch -Path $MigrationTable.path).content | ConvertFrom-Json
                     }
+
+                    $NamedLocations = $Files | Where-Object { $_.name -match 'ALLOWED COUNTRIES' }
+                    $LocationData = foreach ($Location in $NamedLocations) {
+                        (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $Location.path).content | ConvertFrom-Json
+                    }
                 }
-                Import-CommunityTemplate -Template $Content -SHA $Template.sha -MigrationTable $MigrationTable
+                Import-CommunityTemplate -Template $Content -SHA $Template.sha -MigrationTable $MigrationTable -LocationData $LocationData
+
                 $Results = @{
                     resultText = 'Template imported'
                     state      = 'success'

Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1

@@ -123,16 +123,19 @@ function New-CIPPCAPolicy {
         if (!$locations) { continue }
         foreach ($location in $locations) {
             if (!$location.displayName) { continue }
-            $CheckExististing = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations' -tenantid $TenantFilter -asApp $true
-            if ($Location.displayName -in $CheckExististing.displayName) {
+            $CheckExisting = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations' -tenantid $TenantFilter -asApp $true
+            if ($Location.displayName -in $CheckExisting.displayName) {
                 [pscustomobject]@{
-                    id   = ($CheckExististing | Where-Object -Property displayName -EQ $Location.displayName).id
-                    name = ($CheckExististing | Where-Object -Property displayName -EQ $Location.displayName).displayName
+                    id         = ($CheckExisting | Where-Object -Property displayName -EQ $Location.displayName).id
+                    name       = ($CheckExisting | Where-Object -Property displayName -EQ $Location.displayName).displayName
+                    templateId = $location.id
                 }
                 Write-LogMessage -Headers $User -API $APINAME -message "Matched a CA policy with the existing Named Location: $($location.displayName)" -Sev 'Info'
 
             } else {
                 if ($location.countriesAndRegions) { $location.countriesAndRegions = @($location.countriesAndRegions) }
+                $location | Select-Object * -ExcludeProperty id
+                Remove-ODataProperties -Object $location
                 $Body = ConvertTo-Json -InputObject $Location
                 $GraphRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations' -body $body -Type POST -tenantid $tenantfilter -asApp $true
                 $retryCount = 0
@@ -151,19 +154,21 @@ function New-CIPPCAPolicy {
             }
         }
     }
+    Write-Information 'Location Lookup Table:'
+    Write-Information ($LocationLookupTable | ConvertTo-Json -Depth 10)
 
     foreach ($location in $JSONobj.conditions.locations.includeLocations) {
-        Write-Information "Replacing named location - $location"
-        $lookup = $LocationLookupTable | Where-Object -Property name -EQ $location
-        Write-Information "Found $lookup"
+        $lookup = $LocationLookupTable | Where-Object { $_.name -eq $location -or $_.displayName -eq $location -or $_.templateId -eq $location }
         if (!$lookup) { continue }
+        Write-Information "Replacing named location - $location"
         $index = [array]::IndexOf($JSONobj.conditions.locations.includeLocations, $location)
         $JSONobj.conditions.locations.includeLocations[$index] = $lookup.id
     }
 
     foreach ($location in $JSONobj.conditions.locations.excludeLocations) {
-        $lookup = $LocationLookupTable | Where-Object -Property name -EQ $location
+        $lookup = $LocationLookupTable | Where-Object { $_.name -eq $location -or $_.displayName -eq $location -or $_.templateId -eq $location }
         if (!$lookup) { continue }
+        Write-Information "Replacing named location - $location"
         $index = [array]::IndexOf($JSONobj.conditions.locations.excludeLocations, $location)
         $JSONobj.conditions.locations.excludeLocations[$index] = $lookup.id
     }

Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1

@@ -39,24 +39,30 @@ function New-CIPPTemplateRun {
             if ($MigrationTable) {
                 $MigrationTable = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $MigrationTable.path).content | ConvertFrom-Json
             }
+            $NamedLocations = $Files | Where-Object { $_.name -match 'ALLOWED COUNTRIES' }
+            $LocationData = foreach ($Location in $NamedLocations) {
+                (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $Location.path).content | ConvertFrom-Json
+            }
+
             foreach ($File in $Files) {
-                if ($File.name -eq 'MigrationTable' -or $file.name -eq 'ALLOWED COUNTRIES') { continue }
-                $ExistingTemplate = $ExistingTemplates | Where-Object { (![string]::IsNullOrEmpty($_.displayName) -and (Get-SanitizedFilename -filename $_.displayName) -eq $File.name) -or (![string]::IsNullOrEmpty($_.templateName) -and (Get-SanitizedFilename -filename $_.templateName) -eq $File.name ) -and ![string]::IsNullOrEmpty($_.SHA) } | Select-Object -First 1
+                if ($File.name -eq 'MigrationTable' -or $file.name -match 'ALLOWED COUNTRIES') { continue }
+                Write-Information "Processing template file $($File.name) - Sanitized as $(Get-SanitizedFilename -filename $File.name)"
+                $ExistingTemplate = $ExistingTemplates | Where-Object { (![string]::IsNullOrEmpty($_.displayName) -and (Get-SanitizedFilename -filename $_.displayName) -eq (Get-SanitizedFilename -filename $File.name)) -or (![string]::IsNullOrEmpty($_.templateName) -and (Get-SanitizedFilename -filename $_.templateName) -eq (Get-SanitizedFilename -filename $File.name) ) -and ![string]::IsNullOrEmpty($_.SHA) } | Select-Object -First 1
 
                 $UpdateNeeded = $false
                 if ($ExistingTemplate -and $ExistingTemplate.SHA -ne $File.sha) {
                     $Name = $ExistingTemplate.displayName ?? $ExistingTemplate.templateName
                     Write-Information "Existing template $($Name) found, but SHA is different. Updating template."
                     $UpdateNeeded = $true
                     "Template $($Name) needs to be updated as the SHA is different"
-                } else {
+                } elseif ($ExistingTemplate -and $ExistingTemplate.SHA -eq $File.sha) {
                     Write-Information "Existing template $($File.name) found, but SHA is the same. No update needed."
                     "Template $($File.name) found, but SHA is the same. No update needed."
                 }
 
                 if (!$ExistingTemplate -or $UpdateNeeded) {
                     $Template = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $File.path).content | ConvertFrom-Json
-                    Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable
+                    Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable -LocationData $LocationData
                     if ($UpdateNeeded) {
                         Write-Information "Template $($File.name) needs to be updated as the SHA is different"
                         "Template $($File.name) updated"
@@ -69,6 +75,7 @@ function New-CIPPTemplateRun {
         } catch {
             $Message = "Failed to get data from community repo $($TemplateSettings.templateRepo.value). Error: $($_.Exception.Message)"
             Write-LogMessage -API 'Community Repo' -tenant $TenantFilter -message $Message -sev Error
+            Write-Information $_.InvocationInfo.PositionMessage
             return "Failed to get data from community repo $($TemplateSettings.templateRepo.value). Error: $($_.Exception.Message)"
         }
     } else {

Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1

@@ -8,6 +8,7 @@ function Import-CommunityTemplate {
         $Template,
         $SHA,
         $MigrationTable,
+        $LocationData,
         [switch]$Force
     )
 
@@ -104,13 +105,29 @@ function Import-CommunityTemplate {
                     $id = $Template.id
                     $Template = $Template | Select-Object * -ExcludeProperty lastModifiedDateTime, 'assignments', '#microsoft*', '*@odata.navigationLink', '*@odata.associationLink', '*@odata.context', 'ScopeTagIds', 'supportsScopeTags', 'createdDateTime', '@odata.id', '@odata.editLink', '*odata.type', '[email protected]', createdDateTime, '[email protected]'
                     Remove-ODataProperties -Object $Template
+
+                    $LocationInfo = [system.collections.generic.list[object]]::new()
+                    if ($LocationData) {
+                        $LocationData | ForEach-Object {
+                            if ($Template.conditions.locations.includeLocations -contains $_.id -or $Template.conditions.locations.excludeLocations -contains $_.id) {
+                                Write-Information "Adding location info for location ID $($_.id)"
+                                $LocationInfo.Add($_)
+                            }
+                        }
+                        if ($LocationInfo.Count -gt 0) {
+                            $Template | Add-Member -MemberType NoteProperty -Name LocationInfo -Value $LocationInfo -Force
+                        }
+                    }
+
                     $RawJson = ConvertTo-Json -InputObject $Template -Depth 100 -Compress
                     #Replace the ids with the displayname by using the migration table, this is a simple find and replace each instance in the JSON.
                     $MigrationTable.objects | ForEach-Object {
                         if ($RawJson -match $_.ID) {
                             $RawJson = $RawJson.Replace($_.ID, $($_.DisplayName))
                         }
                     }
+
+
                     $entity = @{
                         JSON         = "$RawJson"
                         PartitionKey = 'CATemplate'

Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1

@@ -13,7 +13,7 @@ function Invoke-GitHubApiRequest {
 
     $Table = Get-CIPPTable -TableName Extensionsconfig
     $ExtensionConfig = (Get-CIPPAzDataTableEntity @Table).config
-    if (Test-Json -Json $ExtensionConfig) {
+    if ($ExtensionConfig -and (Test-Json -Json $ExtensionConfig)) {
         $Configuration = ($ExtensionConfig | ConvertFrom-Json).GitHub
     } else {
         $Configuration = @{ Enabled = $false }
@@ -64,6 +64,8 @@ function Invoke-GitHubApiRequest {
             Body   = $Body
             Accept = $Accept
         }
-        (Invoke-RestMethod -Uri 'https://cippy.azurewebsites.net/api/ExecGitHubAction' -Method POST -Body ($Action | ConvertTo-Json -Depth 10) -ContentType 'application/json').Results
+        $Body = $Action | ConvertTo-Json -Depth 10
+
+        (Invoke-RestMethod -Uri 'https://cippy.azurewebsites.net/api/ExecGitHubAction' -Method POST -Body $Body -ContentType 'application/json').Results
     }
 }