Merge pull request KelvinTegelaar#1631 from Zacgoose/docker_lb_updates

KelvinTegelaar · web-flow · commit e203c2e5a3c7 · 2025-10-01T21:39:36.000+02:00
Add NonLocalHostAzurite support and update PowerShell version
diff --git a/.env.example b/.env.example
@@ -0,0 +1,7 @@
+FUNCTIONS_WORKER_RUNTIME='powershell'
+FUNCTIONS_WORKER_RUNTIME_VERSION='7.4'
+AzureWebJobsStorage='DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNoBnZf6KgBVU4=;BlobEndpoint=http://azurite:10000/devstoreaccount1;QueueEndpoint=http://azurite:10001/devstoreaccount1;TableEndpoint=http://azurite:10002/devstoreaccount1;'
+DEV_SKIP_BPA_TIMER='true'
+DEV_SKIP_DOMAIN_TIMER='true'
+FUNCTIONS_EXTENSION_VERSION='4'
+NonLocalHostAzurite='true'
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # To enable ssh & remote debugging on app service change the base image to the one below
 # FROM mcr.microsoft.com/azure-functions/powershell:4-powershell7.2-appservice
-FROM mcr.microsoft.com/azure-functions/powershell:4-powershell7.2
+FROM mcr.microsoft.com/azure-functions/powershell:4-powershell7.4
 ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
     AzureFunctionsJobHost__Logging__Console__IsEnabled=true
 
-COPY . /home/site/wwwroot
+COPY . /home/site/wwwroot
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1
@@ -60,7 +60,7 @@ function Invoke-GetCippAlerts {
                 type  = 'error'
             })
     }
-    if ((!$env:WEBSITE_RUN_FROM_PACKAGE -or [string]::IsNullOrEmpty($env:WEBSITE_RUN_FROM_PACKAGE)) -and $env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true') {
+    if ((!$env:WEBSITE_RUN_FROM_PACKAGE -or [string]::IsNullOrEmpty($env:WEBSITE_RUN_FROM_PACKAGE)) -and $env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -ne 'true') {
         $Alerts.Add(
             @{
                 title = 'Function App in Write Mode'
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCombinedSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCombinedSetup.ps1
@@ -14,7 +14,7 @@ function Invoke-ExecCombinedSetup {
     $Results = [System.Collections.ArrayList]::new()
     try {
         # Set up Azure context if needed for Key Vault access
-        if ($env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true' -and $env:MSI_SECRET) {
+        if ($env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true' -and $env:MSI_SECRET -or $env:NonLocalHostAzurite -ne 'true') {
             Disable-AzContextAutosave -Scope Process | Out-Null
             $null = Connect-AzAccount -Identity
             $SubscriptionId = $env:WEBSITE_OWNER_NAME -split '\+' | Select-Object -First 1
@@ -67,7 +67,7 @@ function Invoke-ExecCombinedSetup {
         if ($Request.Body.selectedOption -eq 'Manual') {
             $KV = $env:WEBSITE_DEPLOYMENT_ID
 
-            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                 $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
                 $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
                 if (!$Secret) {
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCreateSAMApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCreateSAMApp.ps1
@@ -72,7 +72,7 @@ function Invoke-ExecCreateSAMApp {
             }
             $AppPassword = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/applications/$($AppId.id)/addPassword" -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body '{"passwordCredential":{"displayName":"CIPPInstall"}}' -ContentType 'application/json').secretText
 
-            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                 $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
                 $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
                 if (!$Secret) { $Secret = New-Object -TypeName PSObject }
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1
@@ -28,7 +28,7 @@ function Invoke-ExecSAMSetup {
     $Headers = $Request.Headers
     Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
-    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
         $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
         $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
         if (!$Secret) {
@@ -63,7 +63,7 @@ function Invoke-ExecSAMSetup {
         if ($Request.Query.count -lt 1 ) { $Results = 'No authentication code found. Please go back to the wizard.' }
 
         if ($Request.Body.setkeys) {
-            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                 if ($Request.Body.TenantId) { $Secret.TenantId = $Request.Body.tenantid }
                 if ($Request.Body.RefreshToken) { $Secret.RefreshToken = $Request.Body.RefreshToken }
                 if ($Request.Body.applicationid) { $Secret.ApplicationId = $Request.Body.ApplicationId }
@@ -86,7 +86,7 @@ function Invoke-ExecSAMSetup {
                 $AppID = $Rows.appid
                 if (!$AppID -or $AppID -eq 'NotStarted') { $appid = $env:ApplicationID }
                 $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1
-                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                     $clientsecret = $Secret.ApplicationSecret
                 } else {
                     $clientsecret = Get-AzKeyVaultSecret -VaultName $kv -Name 'ApplicationSecret' -AsPlainText
@@ -95,7 +95,7 @@ function Invoke-ExecSAMSetup {
                 Write-Information "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" #-Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
                 $RefreshToken = Invoke-RestMethod -Method POST -Body "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -ContentType 'application/x-www-form-urlencoded'
 
-                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                     $Secret.RefreshToken = $RefreshToken.refresh_token
                     Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
                 } else {
@@ -192,7 +192,7 @@ function Invoke-ExecSAMSetup {
                     } until ($attempt -gt 5)
                 }
                 $AppPassword = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/applications/$($AppId.id)/addPassword" -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body '{"passwordCredential":{"displayName":"CIPPInstall"}}' -ContentType 'application/json').secretText
-                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                     $Secret.TenantId = $TenantId
                     $Secret.ApplicationId = $AppId.appId
                     $Secret.ApplicationSecret = $AppPassword
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecTokenExchange.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecTokenExchange.ps1
@@ -34,7 +34,7 @@ Function Invoke-ExecTokenExchange {
         # Make sure we get the latest authentication
         $auth = Get-CIPPAuthentication
 
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
             $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
             $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
             $ClientSecret = $Secret.applicationsecret
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecUpdateRefreshToken.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecUpdateRefreshToken.ps1
@@ -17,7 +17,7 @@ Function Invoke-ExecUpdateRefreshToken {
         # Handle refresh token update
         #make sure we get the latest authentication:
         $auth = Get-CIPPAuthentication
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
             $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
             $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
 
diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1
@@ -15,7 +15,7 @@ Function Invoke-ExecListAppId {
     Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
     $ResponseURL = "$(($Request.headers.'x-ms-original-url').replace('/api/ExecListAppId','/api/ExecSAMSetup'))"
     #make sure we get the very latest version of the appid from kv:
-    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
         $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
         $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
         $env:ApplicationID = $Secret.ApplicationID
diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-UpdateTokensTimer.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-UpdateTokensTimer.ps1
@@ -13,7 +13,7 @@ function Start-UpdateTokensTimer {
         $currentUTCtime = (Get-Date).ToUniversalTime()
         try {
             $Refreshtoken = (Get-GraphToken -ReturnRefresh $true).Refresh_token
-            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+            if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                 $Table = Get-CIPPTable -tablename 'DevSecrets'
                 $Secret = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
                 if ($Secret) {
@@ -57,7 +57,7 @@ function Start-UpdateTokensTimer {
             }
 
             if ($AppSecret) {
-                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+                if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                     $Table = Get-CIPPTable -tablename 'DevSecrets'
                     $Secret = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
                     $Secret.ApplicationSecret = $AppSecret.secretText
@@ -99,7 +99,7 @@ function Start-UpdateTokensTimer {
                 try {
                     Write-Information "Updating refresh token for tenant $($Tenant.displayName) - $($Tenant.customerId)"
                     $Refreshtoken = (Get-GraphToken -ReturnRefresh $true -TenantId $Tenant.customerId).Refresh_token
-                    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+                    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
                         $Table = Get-CIPPTable -tablename 'DevSecrets'
                         $Secret = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
                         if ($Secret) {
diff --git a/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 b/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1
@@ -7,7 +7,7 @@ function Get-CIPPAuthentication {
     $Variables = @('ApplicationID', 'ApplicationSecret', 'TenantID', 'RefreshToken')
 
     try {
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
             $Table = Get-CIPPTable -tablename 'DevSecrets'
             $Secret = Get-AzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
             if (!$Secret) {
diff --git a/Modules/CippExtensions/Public/Extension Functions/Get-ExtensionAPIKey.ps1 b/Modules/CippExtensions/Public/Extension Functions/Get-ExtensionAPIKey.ps1
@@ -16,7 +16,7 @@ function Get-ExtensionAPIKey {
         Write-Information "Using cached API Key for $Extension"
     } else {
         Write-Information "Retrieving API Key for $Extension"
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
             $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
             $APIKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq '$Extension' and RowKey eq '$Extension'").APIKey
         } else {
diff --git a/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionAPIKey.ps1 b/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionAPIKey.ps1
@@ -14,7 +14,7 @@ function Set-ExtensionAPIKey {
 
     if ($PSCmdlet.ShouldProcess('API Key', "Set API Key for $Extension")) {
         $Var = "Ext_$Extension"
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
             $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
             $Secret = [PSCustomObject]@{
                 'PartitionKey' = $Extension
diff --git a/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1 b/Modules/CippExtensions/Public/HIBP/Get-HIBPAuth.ps1
@@ -5,7 +5,7 @@ function Get-HIBPAuth {
         Write-Information 'Using cached API Key for HIBP'
         $Secret = $APIKey
     } else {
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {
             $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
             $Secret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'HIBP' and RowKey eq 'HIBP'").APIKey
         } else {
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -19,17 +19,13 @@ services:
       - FUNCTIONS_WORKER_RUNTIME=${FUNCTIONS_WORKER_RUNTIME}
       - FUNCTIONS_WORKER_RUNTIME_VERSION=${FUNCTIONS_WORKER_RUNTIME_VERSION}
       - AzureWebJobsStorage=${AzureWebJobsStorage}
-      - ApplicationID=${ApplicationID}
-      - ApplicationSecret=${ApplicationSecret}
-      - RefreshToken=${RefreshToken}
-      - TenantID=${TenantID}
       - DEV_SKIP_BPA_TIMER=${DEV_SKIP_BPA_TIMER}
       - DEV_SKIP_DOMAIN_TIMER=${DEV_SKIP_DOMAIN_TIMER}
-      - SetFromProfile=${SetFromProfile}
       - FUNCTIONS_EXTENSION_VERSION=${FUNCTIONS_EXTENSION_VERSION}
       - AzureWebJobs.BestPracticeAnalyser_OrchestrationStarterTimer.Disabled=true
       - AzureWebJobs.Domain_OrchestrationStarterTimer.Disabled=true
       - WEBSITE_HOSTNAME=cippapi
+      - NonLocalHostAzurite=${NonLocalHostAzurite}
     depends_on:
       - azurite
     networks:

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ function Invoke-GetCippAlerts {`
`60`	`60`	`type = 'error'`
`61`	`61`	`})`
`62`	`62`	`}`
`63`		`- if ((!$env:WEBSITE_RUN_FROM_PACKAGE -or [string]::IsNullOrEmpty($env:WEBSITE_RUN_FROM_PACKAGE)) -and $env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true') {`
	`63`	`+ if ((!$env:WEBSITE_RUN_FROM_PACKAGE -or [string]::IsNullOrEmpty($env:WEBSITE_RUN_FROM_PACKAGE)) -and $env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -ne 'true') {`
`64`	`64`	`$Alerts.Add(`
`65`	`65`	`@{`
`66`	`66`	`title = 'Function App in Write Mode'`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ function Invoke-ExecCreateSAMApp {`
`72`	`72`	`}`
`73`	`73`	`$AppPassword = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/applications/$($AppId.id)/addPassword" -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body '{"passwordCredential":{"displayName":"CIPPInstall"}}' -ContentType 'application/json').secretText`
`74`	`74`
`75`		`- if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {`
	`75`	`+ if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true' -or $env:NonLocalHostAzurite -eq 'true') {`
`76`	`76`	`$DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'`
`77`	`77`	`$Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"`
`78`	`78`	`if (!$Secret) { $Secret = New-Object -TypeName PSObject }`