Merge pull request KelvinTegelaar#1064 from KelvinTegelaar/dev

Dev to hotfix

Author: JohnDuprey

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenant.ps1

@@ -1,15 +1,24 @@
 function Push-AuditLogTenant {
     Param($Item)
 
+    # Get Table contexts
     $AuditBundleTable = Get-CippTable -tablename 'AuditLogBundles'
     $SchedulerConfig = Get-CIPPTable -TableName 'SchedulerConfig'
-    $CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
     $WebhookTable = Get-CippTable -tablename 'webhookTable'
-    $Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and Version eq '3'" | Where-Object { $_.Resource -match '^Audit' }
-    $ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$ContentType'"
     $ConfigTable = Get-CIPPTable -TableName 'WebhookRules'
+
+    # Query CIPPURL for linking
+    $CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
+
+    # Get all webhooks for the tenant
+    $Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and Version eq '3'" | Where-Object { $_.Resource -match '^Audit' }
+
+    # Get webhook rules
     $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
 
+    # Date filter for existing bundles
+    $LastHour = (Get-Date).AddHours(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
+
     $NewBundles = [System.Collections.Generic.List[object]]::new()
     foreach ($Webhook in $Webhooks) {
         # only process webhooks that are configured in the webhookrules table
@@ -28,6 +37,7 @@ function Push-AuditLogTenant {
             EndTime      = $Item.EndTime
         }
         $LogBundles = Get-CIPPAuditLogContentBundles @ContentBundleQuery
+        $ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$LogType' and Timestamp ge datetime'$($LastHour)'"
 
         foreach ($Bundle in $LogBundles) {
             if ($ExistingBundles.RowKey -notcontains $Bundle.contentId) {
@@ -61,5 +71,4 @@ function Push-AuditLogTenant {
         $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
         Write-Host "Started orchestration with ID = '$InstanceId'"
     }
-
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecOffloadFunctions.ps1

@@ -0,0 +1,56 @@
+
+Function Invoke-ExecOffloadFunctions {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.SuperAdmin.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $roles = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userRoles
+    if ('superadmin' -notin $roles) {
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::Forbidden
+                Body       = @{ error = 'You do not have permission to perform this action.' }
+            })
+        return
+    } else {
+        $Table = Get-CippTable -tablename 'Config'
+
+        if ($Request.Query.Action -eq 'ListCurrent') {
+            $CurrentState = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'OffloadFunctions' and RowKey eq 'OffloadFunctions'"
+            $CurrentState = if (!$CurrentState) {
+                [PSCustomObject]@{
+                    OffloadFunctions = $false
+                }
+            } else {
+                [PSCustomObject]@{
+                    OffloadFunctions = $CurrentState.state
+                }
+            }
+            Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                    StatusCode = [HttpStatusCode]::OK
+                    Body       = $CurrentState
+                })
+        } else {
+            Add-CIPPAzDataTableEntity @Table -Entity @{
+                PartitionKey = 'OffloadFunctions'
+                RowKey       = 'OffloadFunctions'
+                state        = $request.Body.OffloadFunctions
+            } -Force
+
+            if ($Request.Body.OffloadFunctions) {
+                $Results = 'Enabled Offload Functions'
+            } else {
+                $Results = 'Disabled Offload Functions'
+            }
+            Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                    StatusCode = [HttpStatusCode]::OK
+                    Body       = @{ results = $Results }
+                })
+        }
+
+    }
+}

Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1

@@ -25,7 +25,6 @@ function Write-LogMessage {
     if (!$tenant) { $tenant = 'None' }
     if (!$username) { $username = 'CIPP' }
     if ($sev -eq 'Debug' -and $env:DebugMode -ne $true) {
-        Write-Information 'Not writing to log file - Debug mode is not enabled.'
         return
     }
     $PartitionKey = (Get-Date -UFormat '%Y%m%d').ToString()
@@ -48,4 +47,4 @@ function Write-LogMessage {
 
     $Table.Entity = $TableRow
     Add-CIPPAzDataTableEntity @Table | Out-Null
-}
+}

Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1

@@ -80,6 +80,6 @@ function Set-CIPPAssignedPolicy {
     } catch {
         #$ErrorMessage = Get-CippException -Exception $_
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-        Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId. Error:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId, using Platform $PlatformType and $Type. The error is:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1

@@ -20,10 +20,11 @@ function Invoke-CIPPStandardIntuneTemplate {
                 $displayname = $request.body.Displayname
                 $description = $request.body.Description
                 $RawJSON = $Request.body.RawJSON
+                $TemplateTypeURL = $Request.body.Type
 
-                Set-CIPPIntunePolicy -TemplateType $Request.body.Type -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $null -tenantFilter $Tenant
+                Set-CIPPIntunePolicy -TemplateType $Request.body.Type -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $Template.AssignedTo -tenantFilter $Tenant
 
-                #Legacy assign.
+                #Legacy assign, only required for older templates.
                 if ($Settings.AssignTo) {
                     Write-Host "Assigning Policy to $($Settings.AssignTo) the create ID is $($CreateRequest)"
                     if ($Settings.AssignTo -eq 'customGroup') { $Settings.AssignTo = $Settings.customGroup }
@@ -36,16 +37,6 @@ function Invoke-CIPPStandardIntuneTemplate {
                     }
                 }
 
-                if ($Template.AssignedTo) {
-                    Write-Host "New: Assigning Policy to $($Template.AssignedTo) the create ID is $($CreateRequest)"
-                    if ($ExistingID) {
-                        Set-CIPPAssignedPolicy -PolicyId $ExistingID.id -TenantFilter $tenant -GroupName $Template.AssignedTo -Type $TemplateTypeURL
-                        Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully updated Intune Template $PolicyName policy for $($Tenant)" -sev 'Info'
-                    } else {
-                        Set-CIPPAssignedPolicy -PolicyId $CreateRequest.id -TenantFilter $tenant -GroupName $Template.AssignedTo -Type $TemplateTypeURL
-                        Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully created Intune Template $PolicyName policy for $($Tenant)" -sev 'Info'
-                    }
-                }
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                 Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template $PolicyName, Error: $ErrorMessage" -sev 'Error'

Scheduler_GetQueue/run.ps1

@@ -27,6 +27,10 @@ $Tasks = foreach ($Tenant in $Tenants) {
     }
 }
 
+if (($Tasks | Measure-Object).Count -eq 0) {
+    return
+}
+
 $Queue = New-CippQueueEntry -Name 'Scheduler' -TotalTasks ($Tasks | Measure-Object).Count
 
 $Batch = foreach ($Task in $Tasks) {
@@ -49,4 +53,4 @@ $InputObject = [PSCustomObject]@{
 #Write-Information ($InputObject | ConvertTo-Json)
 $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
 Write-Information "Started orchestration with ID = '$InstanceId'"
-#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId
+#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId

Scheduler_PollAuditLogs/run.ps1

@@ -1,6 +1,14 @@
 param($Timer)
 
 try {
+    $ConfigTable = Get-CIPPTable -tablename Config
+    $Config = Get-CIPPAzDataTableEntity @ConfigTable -Filter "PartitionKey eq 'OffloadFunctions' and RowKey eq 'OffloadFunctions'"
+
+    if ($Config -and $Config.state -eq $true) {
+        Write-Host 'Offload functions are enabled. Exiting.'
+        return 0
+    }
+
     $webhookTable = Get-CIPPTable -tablename webhookTable
     $Webhooks = Get-CIPPAzDataTableEntity @webhookTable -Filter "Version eq '3'" | Where-Object { $_.Resource -match '^Audit' -and $_.Status -ne 'Disabled' }
     if (($Webhooks | Measure-Object).Count -eq 0) {

version_latest.txt

@@ -1 +1 @@
-6.2.2
+6.2.3