Optional filtering by Entra ID Groups (#54)

Merge with dev for next test release.

Author: sambetts

src/AnalyticsEngine/App.ControlPanel.Engine/SolutionInstallVerifier.cs

@@ -21,6 +21,7 @@
 using WebJob.Office365ActivityImporter.Engine;
 using WebJob.Office365ActivityImporter.Engine.ActivityAPI;
 using WebJob.Office365ActivityImporter.Engine.Graph.UsageReports;
+using WebJob.Office365ActivityImporter.Engine.Graph.User;
 using static App.ControlPanel.Engine.Models.AutodetectedSqlAndFtpDetails;
 
 namespace App.ControlPanel.Engine
@@ -308,7 +309,10 @@ async Task VerifyTeamsAndUserActivityImport(string clientId, string tenantId, st
 
             var graphClient = new Microsoft.Graph.GraphServiceClient(auth.Creds);
 
-            var teamsUserUsageLoader = new TeamsUserUsageLoader(new WebJob.Office365ActivityImporter.Engine.Graph.ManualGraphCallClient(auth, telemetry), telemetry);
+            var teamsUserUsageLoader = new TeamsUserUsageLoader(new WebJob.Office365ActivityImporter.Engine.Graph.ManualGraphCallClient(auth, telemetry), 
+                new NoUsersHaveGroupsUserGroupsCache(_logger),
+                new Common.Entities.Config.UserGroupsFilterModel(string.Empty),
+                telemetry);
 
             // Usage reports
             if (Config.SolutionConfig.ImportTaskSettings.GraphUsageReports)

src/AnalyticsEngine/Common/DataUtils/ConsoleApp.cs

@@ -1,6 +1,5 @@
 using Microsoft.Extensions.Logging;
 using System;
-using System.Configuration;
 
 namespace DataUtils
 {
@@ -35,34 +34,16 @@ public static void BombOut(bool error)
             }
         }
 
-        public static void PrintStartupAndLoggingConfig(ILogger logger)
+        public static void PrintStartupAndLoggingConfig(string efConnectionString, string buildLabel, string userGroupsFilterString, ILogger logger)
         {
-            if (logger is null)
-            {
-                throw new ArgumentNullException(nameof(logger));
-            }
 
-            var buildLabel = ConfigurationManager.AppSettings["BuildLabel"];
             logger.LogInformation($"Office 365 Advanced Analytics engine START: '{buildLabel}'.");
-
-            string efConnectionString = ConfigurationManager.ConnectionStrings["SPOInsightsEntities"].ConnectionString;
             var sqlConnectionInfo = new System.Data.SqlClient.SqlConnectionStringBuilder(efConnectionString);
             logger.LogInformation($"Destination SQL Server='{sqlConnectionInfo.DataSource}', DB='{sqlConnectionInfo.InitialCatalog}'.");
-
-            bool loggingEnabled = ConfigurationManager.AppSettings["ImportLogging"] == "True";
-#if DEBUG
-            loggingEnabled = true;
-#endif
-
-            if (loggingEnabled)
+            if (!string.IsNullOrEmpty(userGroupsFilterString))
             {
-                logger.LogInformation("Import logging is ENABLED.");
-            }
-            else
-            {
-                logger.LogInformation("Import logging is disabled. Add key 'ImportLogging' value 'True' to configuration to enable full logging.");
+                logger.LogWarning($"WARNING: User groups import filter configured: '{userGroupsFilterString}'. Will not import data for users not in those groups");
             }
         }
-
     }
 }

src/AnalyticsEngine/Common/DataUtils/JobTimer.cs

@@ -1,4 +1,5 @@
-using System;
+using Microsoft.Extensions.Logging;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using static DataUtils.AnalyticsLogger;

src/AnalyticsEngine/Common/Entities/Config/AppConfig.cs

@@ -20,6 +20,7 @@ public AppConfig()
             this.AppInsightsApiKey = ConfigurationManager.AppSettings["AppInsightsApiKey"];
             this.AppInsightsAppId = ConfigurationManager.AppSettings["AppInsightsAppId"];
 
+            this.BuildLabel = ConfigurationManager.AppSettings["BuildLabel"];
 
             this.ClientID = ConfigurationManager.AppSettings.Get("ClientID");
             this.ClientSecret = ConfigurationManager.AppSettings.Get("ClientSecret");
@@ -28,6 +29,9 @@ public AppConfig()
             this.AADInstance = ConfigurationManager.AppSettings.Get("AADInstance");
             this.KeyVaultUrl = ConfigurationManager.AppSettings.Get("KeyVaultUrl");
 
+            // New: UserGroupsFilter (optional)
+            this.UserGroupsFilter = ConfigurationManager.AppSettings.Get("UserGroupsFilter");
+
             var useClientCertificate = ConfigurationManager.AppSettings.Get("UseClientCertificate");
             if (!string.IsNullOrEmpty(useClientCertificate))
             {
@@ -73,7 +77,7 @@ public AppConfig()
             }
         }
 
-
+        public string BuildLabel { get; set; }
         public string AppInsightsContainerName { get; set; }
         public string AppInsightsApiKey { get; set; }
         public string AppInsightsAppId { get; set; }
@@ -132,5 +136,10 @@ public List<string> ContentTypesToRead
         public string StatsApiUrl { get; set; } = null;
 
         public AppConnectionStrings ConnectionStrings { get; set; } = null;
+
+        /// <summary>
+        /// Optional filter for user groups
+        /// </summary>
+        public string UserGroupsFilter { get; set; }
     }
 }

src/AnalyticsEngine/Common/Entities/Config/UserGroupsFilterModel.cs

@@ -0,0 +1,48 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text.RegularExpressions;
+
+namespace Common.Entities.Config
+{
+    /// <summary>
+    /// Model to represent and match Entra ID group names from a filter string.
+    /// </summary>
+    public class UserGroupsFilterModel
+    {
+        public List<string> Patterns { get; }
+
+        public UserGroupsFilterModel() : this(string.Empty) { }
+        public UserGroupsFilterModel(string filterString)
+        {
+            if (string.IsNullOrWhiteSpace(filterString))
+            {
+                Patterns = new List<string>();
+            }
+            else
+            {
+                Patterns = filterString.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries)
+                    .Select(p => p.Trim())
+                    .Where(p => !string.IsNullOrEmpty(p))
+                    .ToList();
+            }
+        }
+
+        /// <summary>
+        /// Checks if the given group name matches any filter pattern (supports * wildcard).
+        /// </summary>
+        public bool Matches(string groupName)
+        {
+            if (string.IsNullOrEmpty(groupName) || Patterns.Count == 0)
+                return false;
+
+            foreach (var pattern in Patterns)
+            {
+                var regexPattern = "^" + Regex.Escape(pattern).Replace("\\*", ".*") + "$";
+                if (Regex.IsMatch(groupName, regexPattern, RegexOptions.IgnoreCase))
+                    return true;
+            }
+            return false;
+        }
+    }
+}

src/AnalyticsEngine/Common/Entities/Entities.csproj

@@ -78,6 +78,7 @@
     <Compile Include="Config\AppConfig.cs" />
     <Compile Include="Config\AppConnectionStrings.cs" />
     <Compile Include="Config\ImportConfig.cs" />
+    <Compile Include="Config\UserGroupsFilterModel.cs" />
     <Compile Include="Entities\AuditLog\CopilotEvents.cs" />
     <Compile Include="Entities\OnlineMeeting.cs" />
     <Compile Include="Entities\UsageReports\AppPlatformUserActivityLog.cs" />

src/AnalyticsEngine/Tests.UnitTests/ActivityImporterTests.cs

@@ -21,6 +21,7 @@
 using WebJob.Office365ActivityImporter.Engine.ActivityAPI.Loaders;
 using WebJob.Office365ActivityImporter.Engine.Entities;
 using WebJob.Office365ActivityImporter.Engine.Entities.Serialisation;
+using WebJob.Office365ActivityImporter.Engine.Graph.User;
 
 namespace Tests.UnitTests
 {
@@ -146,7 +147,8 @@ public async Task OneDriveAppearsAsSPEventTests()
             var oneDriveEvent = DataGenerators.GetRandomSharePointLog();
             oneDriveEvent.Workload = ActivityImportConstants.WORKLOAD_OD;
             hits.Add(oneDriveEvent);
-            var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), AnalyticsLogger.ConsoleOnlyTracer(), new AppConfig());
+            var logger = AnalyticsLogger.ConsoleOnlyTracer();
+            var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), new NoUsersHaveGroupsUserGroupsCache(logger), logger, new AppConfig());
 
             await hits.CommitAllToSQL(sqlPersist);
 
@@ -181,7 +183,8 @@ public async Task RealSPActivityImportTests()
 
                 // Save
                 int preSPLogsInsertSPEventsCount = db.sharepoint_events.Count();
-                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), AnalyticsLogger.ConsoleOnlyTracer(), new AppConfig());
+                var logger = AnalyticsLogger.ConsoleOnlyTracer();
+                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), new NoUsersHaveGroupsUserGroupsCache(logger), logger, new AppConfig());
                 await sharePointLogs.CommitAllToSQL(sqlPersist);
 
                 // Validate new count
@@ -248,7 +251,8 @@ public async Task RealOtherActivityImportTests()
 
                 // Save
                 int preSPLogsInsertSPEventsCount = db.AuditEventsCommon.Count();
-                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), AnalyticsLogger.ConsoleOnlyTracer(), new AppConfig());
+                var logger = AnalyticsLogger.ConsoleOnlyTracer();
+                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), new NoUsersHaveGroupsUserGroupsCache(logger), logger, new AppConfig());
                 await otherLogs.CommitAllToSQL(sqlPersist);
 
                 // Validate new events count
@@ -442,7 +446,9 @@ public async Task DuplicateActivitiesTest()
             using (var db = new AnalyticsEntitiesContext())
             {
                 int preInsertCount = db.sharepoint_events.Count();
-                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), AnalyticsLogger.ConsoleOnlyTracer(), new AppConfig());
+
+                var logger = AnalyticsLogger.ConsoleOnlyTracer();
+                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), new NoUsersHaveGroupsUserGroupsCache(logger), logger, new AppConfig());
 
                 // Create content-set for two different-but-same-id activities
                 TestActivityReportSet duplicateContent = new TestActivityReportSet() { randomActivity, duplicateIdRandomActivity };
@@ -557,7 +563,9 @@ async Task InsertAndTestSPEvents(int count, bool allRandomLookups)
 
                 // Save
                 var tempCache = ActivityImportCache.GetEmptyCache();
-                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), AnalyticsLogger.ConsoleOnlyTracer(), new AppConfig());
+
+                var logger = AnalyticsLogger.ConsoleOnlyTracer();
+                var sqlPersist = new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), new NoUsersHaveGroupsUserGroupsCache(logger), logger, new AppConfig());
 
                 var s = await hitsActivity.CommitAllToSQL(sqlPersist);
 
@@ -657,7 +665,9 @@ public async Task FakeActivityTests()
                 var importer = new ActivityWebImporter(fakeClient, s, telemetry);
 
                 // Download all the things & get stats.
-                var stats = await importer.LoadReportsAndSave(new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), telemetry, s));
+
+                var logger = AnalyticsLogger.ConsoleOnlyTracer();
+                var stats = await importer.LoadReportsAndSave(new ActivityReportSqlPersistenceManager(new AllowAllFilterConfig(), new NoUsersHaveGroupsUserGroupsCache(logger), logger, new AppConfig()));
 
                 var contentMetaDataLoader = new WebContentMetaDataLoader(telemetry, fakeClient, s);
 

src/AnalyticsEngine/Tests.UnitTests/FakeLoaderClasses/MockUserGroupsCache.cs

@@ -0,0 +1,28 @@
+using Common.Entities.Config;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using WebJob.Office365ActivityImporter.Engine.Graph.User;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Tests.UnitTests.FakeLoaderClasses
+{
+    public class MockUserGroupsCache : UserGroupsCache
+    {
+        private readonly Dictionary<string, List<string>> _mockGroups;
+
+        public MockUserGroupsCache(Dictionary<string, List<string>> mockGroups, ILogger logger = null)
+            : base(logger)
+        {
+            _mockGroups = mockGroups ?? new Dictionary<string, List<string>>(StringComparer.OrdinalIgnoreCase);
+        }
+
+        protected override Task<List<string>> LoadGroupsFromExternalAsync(string upn)
+        {
+            if (_mockGroups.TryGetValue(upn, out var groups))
+                return Task.FromResult(groups);
+            return Task.FromResult(new List<string>());
+        }
+    }
+}

src/AnalyticsEngine/Tests.UnitTests/GraphImportTests.cs

@@ -35,7 +35,7 @@ public async Task UserAppLoaderFakeTest()
         {
             const int users = 10000;
             var l = new FakeUserAppLoader(AnalyticsLogger.ConsoleOnlyTracer(), users);
-            var updates = await l.LoadAndSave();
+            var updates = await l.LoadAndSave(new NoUsersHaveGroupsUserGroupsCache(AnalyticsLogger.ConsoleOnlyTracer()), new UserGroupsFilterModel());
             Assert.IsTrue(updates == users);
         }
 
@@ -56,7 +56,7 @@ public async Task UserAppLoaderRealTest()
             await userUpdater.InsertAndUpdateDatabaseUsersFromGraph();
 
             var updater = new UserAppLogUpdater(telemetry, new AppConfig());
-            var sucess = await updater.UpdateUserInstalledApps(graphClient);
+            var sucess = await updater.UpdateUserInstalledApps(graphClient, new NoUsersHaveGroupsUserGroupsCache(telemetry), new UserGroupsFilterModel());
             Assert.IsTrue(sucess);
         }
 

src/AnalyticsEngine/Tests.UnitTests/GraphUsageReportImportTests.cs

@@ -9,6 +9,7 @@
 using WebJob.Office365ActivityImporter.Engine;
 using WebJob.Office365ActivityImporter.Engine.Graph;
 using WebJob.Office365ActivityImporter.Engine.Graph.UsageReports.Aggregate;
+using WebJob.Office365ActivityImporter.Engine.Graph.User;
 
 namespace Tests.UnitTests
 {
@@ -58,10 +59,14 @@ public async Task AllO365ActivityTests()
             var telemetry = AnalyticsLogger.ConsoleOnlyTracer();
             var authConfig = new AppConfig();
 
-            var graphImporter = new GraphImporter(telemetry, authConfig);
             var graphAppIndentityOAuthContext = new GraphAppIndentityOAuthContext(telemetry, authConfig.ClientID, authConfig.TenantGUID.ToString(), authConfig.ClientSecret, authConfig.KeyVaultUrl, authConfig.UseClientCertificate);
+            await graphAppIndentityOAuthContext.InitClientCredential();
+
+            var graphClient = new Microsoft.Graph.GraphServiceClient(graphAppIndentityOAuthContext.Creds);
+            var graphImporter = new GraphImporter(telemetry, new NoUsersHaveGroupsUserGroupsCache(telemetry), graphAppIndentityOAuthContext, graphClient, authConfig);
 
-            await graphImporter.GetAndSaveActivityReportsMultiThreaded(1, new ManualGraphCallClient(graphAppIndentityOAuthContext, telemetry));
+            await graphImporter.GetAndSaveActivityReportsMultiThreaded(1, new ManualGraphCallClient(graphAppIndentityOAuthContext, telemetry), 
+                new NoUsersHaveGroupsUserGroupsCache(telemetry), new UserGroupsFilterModel());
         }
 
         [TestMethod]