Merge pull request KelvinTegelaar#1193 from JohnDuprey/dev

bugfixes

Author: JohnDuprey

Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1

@@ -21,7 +21,7 @@ function Add-CIPPScheduledTask {
     $Parameters = [System.Collections.Hashtable]@{}
     foreach ($Key in $task.Parameters.PSObject.Properties.Name) {
         $Param = $task.Parameters.$Key
-        if ($Param -is [System.Collections.IDictionary]) {
+        if ($Param -is [System.Collections.IDictionary] -or $Param.Key) {
             $ht = @{}
             foreach ($p in $Param.GetEnumerator()) {
                 $ht[$p.Key] = $p.Value

Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1

@@ -14,10 +14,21 @@ function Get-CippAuditLogSearchResults {
         [string]$TenantFilter,
         [Parameter(ValueFromPipelineByPropertyName = $true, Mandatory = $true)]
         [Alias('id')]
-        [string]$QueryId
+        [string]$QueryId,
+        [switch]$CountOnly
     )
 
     process {
-        New-GraphGetRequest -uri ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999' -f $QueryId) -AsApp $true -tenantid $TenantFilter -ErrorAction Stop
+        $GraphRequest = @{
+            Uri      = ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999&$count=true' -f $QueryId)
+            Method   = 'GET'
+            AsApp    = $true
+            tenantid = $TenantFilter
+        }
+        if ($CountOnly.IsPresent) {
+            $GraphRequest.CountOnly = $true
+        }
+
+        New-GraphGetRequest @GraphRequest -ErrorAction Stop
     }
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1

@@ -13,7 +13,7 @@ Function Invoke-ExecRestoreBackup {
     $APIName = $TriggerMetadata.FunctionName
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
     try {
-        foreach ($line in ($Request.body | ConvertFrom-Json | Select-Object * -ExcludeProperty ETag)) {
+        foreach ($line in ($Request.body | ConvertFrom-Json | Select-Object * -ExcludeProperty ETag, Timestamp)) {
             Write-Host ($line)
             $Table = Get-CippTable -tablename $line.table
             $ht2 = @{}

Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-AuditLogOrchestrator.ps1

@@ -7,20 +7,28 @@ function Start-AuditLogOrchestrator {
     param()
     try {
         $AuditLogSearchesTable = Get-CIPPTable -TableName 'AuditLogSearches'
-        $AuditLogSearches = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "CippStatus eq 'Pending'"
+        $15MinutesAgo = (Get-Date).AddMinutes(-15).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
+        $1DayAgo = (Get-Date).AddDays(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
+        $AuditLogSearches = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "(CippStatus eq 'Pending' or (CippStatus eq 'Processing' and Timestamp le datetime'$15MinutesAgo')) and Timestamp ge datetime'$1DayAgo'" -Property PartitionKey, RowKey, Tenant, CippStatus, Timestamp
+
+        $WebhookRulesTable = Get-CIPPTable -TableName 'WebhookRules'
+        $WebhookRules = Get-CIPPAzDataTableEntity @WebhookRulesTable
 
         if (($AuditLogSearches | Measure-Object).Count -eq 0) {
             Write-Information 'No audit log searches available'
+        } elseif (($WebhookRules | Measure-Object).Count -eq 0) {
+            Write-Information 'No webhook rules defined'
         } else {
-            $Queue = New-CippQueueEntry -Name 'Audit Log Collection' -Reference 'AuditLogCollection' -TotalTasks ($AuditLogSearches).Count
-            $Batch = $AuditLogSearches | Sort-Object -Property Tenant -Unique | Select-Object @{Name = 'TenantFilter'; Expression = { $_.Tenant } }, @{Name = 'QueueId'; Expression = { $Queue.RowKey } }, @{Name = 'FunctionName'; Expression = { 'AuditLogTenant' } }
-
-            $InputObject = [PSCustomObject]@{
-                OrchestratorName = 'AuditLogs'
-                Batch            = @($Batch)
-                SkipLog          = $true
-            }
+            Write-Information "Audit Logs: Processing $($AuditLogSearches.Count) searches"
             if ($PSCmdlet.ShouldProcess('Start-AuditLogOrchestrator', 'Starting Audit Log Polling')) {
+                $Queue = New-CippQueueEntry -Name 'Audit Log Collection' -Reference 'AuditLogCollection' -TotalTasks ($AuditLogSearches).Count
+                $Batch = $AuditLogSearches | Sort-Object -Property Tenant -Unique | Select-Object @{Name = 'TenantFilter'; Expression = { $_.Tenant } }, @{Name = 'QueueId'; Expression = { $Queue.RowKey } }, @{Name = 'FunctionName'; Expression = { 'AuditLogTenant' } }
+
+                $InputObject = [PSCustomObject]@{
+                    OrchestratorName = 'AuditLogs'
+                    Batch            = @($Batch)
+                    SkipLog          = $true
+                }
                 Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
             }
         }

Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-UserTasksOrchestrator.ps1

@@ -16,7 +16,7 @@ function Start-UserTasksOrchestrator {
         $currentUnixTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
         if ($currentUnixTime -ge $task.ScheduledTime) {
             try {
-                $null = Update-AzDataTableEntity @Table -Entity @{
+                $null = Update-AzDataTableEntity -Force @Table -Entity @{
                     PartitionKey = $task.PartitionKey
                     RowKey       = $task.RowKey
                     ExecutedTime = "$currentUnixTime"
@@ -36,7 +36,9 @@ function Start-UserTasksOrchestrator {
                 if ($task.Tenant -eq 'AllTenants') {
                     $AllTenantCommands = foreach ($Tenant in $TenantList) {
                         $NewParams = $task.Parameters.Clone()
-                        $NewParams.TenantFilter = $Tenant.defaultDomainName
+                        if ((Get-Command $task.Command).Parameters.TenantFilter) {
+                            $NewParams.TenantFilter = $Tenant.defaultDomainName
+                        }
                         [pscustomobject]@{
                             Command      = $task.Command
                             Parameters   = $NewParams
@@ -46,13 +48,15 @@ function Start-UserTasksOrchestrator {
                     }
                     $Batch.AddRange($AllTenantCommands)
                 } else {
-                    $ScheduledCommand.Parameters['TenantFilter'] = $task.Tenant
+                    if ((Get-Command $task.Command).Parameters.TenantFilter) {
+                        $ScheduledCommand.Parameters['TenantFilter'] = $task.Tenant
+                    }
                     $Batch.Add($ScheduledCommand)
                 }
             } catch {
                 $errorMessage = $_.Exception.Message
 
-                $null = Update-AzDataTableEntity @Table -Entity @{
+                $null = Update-AzDataTableEntity -Force @Table -Entity @{
                     PartitionKey = $task.PartitionKey
                     RowKey       = $task.RowKey
                     Results      = "$errorMessage"

Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1

@@ -85,7 +85,12 @@ function Get-GraphRequestList {
     $GraphQuery = [System.UriBuilder]('https://graph.microsoft.com/{0}/{1}' -f $Version, $Endpoint)
     $ParamCollection = [System.Web.HttpUtility]::ParseQueryString([String]::Empty)
     foreach ($Item in ($Parameters.GetEnumerator() | Sort-Object -CaseSensitive -Property Key)) {
-        $ParamCollection.Add($Item.Key, $Item.Value)
+        if ($Item.Value -is [System.Boolean]) {
+            $Item.Value = $Item.Value.ToString().ToLower()
+        }
+        if ($Item.Value) {
+            $ParamCollection.Add($Item.Key, $Item.Value)
+        }
     }
     $GraphQuery.Query = $ParamCollection.ToString()
     $PartitionKey = Get-StringHash -String (@($Endpoint, $ParamCollection.ToString()) -join '-')
@@ -246,6 +251,7 @@ function Get-GraphRequestList {
             default {
                 try {
                     $QueueThresholdExceeded = $false
+
                     if ($Parameters.'$count' -and !$SkipCache -and !$NoPagination) {
                         if ($Count -gt $singleTenantThreshold) {
                             $QueueThresholdExceeded = $true
@@ -290,7 +296,7 @@ function Get-GraphRequestList {
 
                     if (!$QueueThresholdExceeded) {
                         #nextLink should ONLY be used in direct calls with manual pagination. It should not be used in queueing
-                        if ($nextLink) { $GraphRequest.uri = $nextLink }
+                        if ($NoPagination.IsPresent -and $nextLink -match '^https://.+') { $GraphRequest.uri = $nextLink }
 
                         $GraphRequestResults = New-GraphGetRequest @GraphRequest -Caller 'Get-GraphRequestList' -ErrorAction Stop
                         $GraphRequestResults = $GraphRequestResults | Select-Object *, @{n = 'Tenant'; e = { $TenantFilter } }, @{n = 'CippStatus'; e = { 'Good' } }
@@ -313,7 +319,8 @@ function Get-GraphRequestList {
                     }
 
                 } catch {
-                    throw $_.Exception
+                    $Message = ('Exception at {0}:{1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message)
+                    throw $Message
                 }
             }
         }

Modules/CIPPCore/Public/New-CIPPBackup.ps1

@@ -24,7 +24,7 @@ function New-CIPPBackup {
                 )
                 $CSVfile = foreach ($CSVTable in $BackupTables) {
                     $Table = Get-CippTable -tablename $CSVTable
-                    Get-AzDataTableEntity @Table | Select-Object * -ExcludeProperty DomainAnalyser, table | Select-Object *, @{l = 'table'; e = { $CSVTable } }
+                    Get-AzDataTableEntity @Table | Select-Object * -ExcludeProperty DomainAnalyser, table, Timestamp, ETag | Select-Object *, @{l = 'table'; e = { $CSVTable } }
                 }
                 $RowKey = 'CIPPBackup' + '_' + (Get-Date).ToString('yyyy-MM-dd-HHmm')
                 $CSVfile

Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1

@@ -37,16 +37,18 @@ function Test-CIPPAuditLogRules {
     }
     #write-warning 'Getting audit records from Graph API'
     try {
+        $LogCount = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId -CountOnly
+        $RunGuid = (New-Guid).Guid
+        Write-Warning "Logs to process: $LogCount - SearchId: $SearchId - RunGuid: $($RunGuid) - $($TenantFilter)"
+        $Results.TotalLogs = $LogCount
+        Write-Information "RunGuid: $RunGud - Collecting logs"
         $SearchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
     } catch {
         Write-Warning "Error getting audit logs: $($_.Exception.Message)"
         Write-LogMessage -API 'Webhooks' -message "Error getting audit logs for search $($SearchId)" -LogData (Get-CippException -Exception $_) -sev Error -tenant $TenantFilter
         throw $_
     }
-    $LogCount = ($SearchResults | Measure-Object).Count
-    $RunGuid = New-Guid
-    Write-Warning "Logs to process: $LogCount - RunGuid: $($RunGuid) - $($TenantFilter)"
-    $Results.TotalLogs = $LogCount
+
     if ($LogCount -gt 0) {
         $LocationTable = Get-CIPPTable -TableName 'knownlocationdb'
         $ProcessedData = foreach ($AuditRecord in $SearchResults) {

profile.ps1

@@ -63,7 +63,7 @@ if (!$LastStartup -or $CurrentVersion -ne $LastStartup.Version) {
             Version      = $CurrentVersion
         }
     }
-    Update-AzDataTableEntity @Table -Entity $LastStartup
+    Update-AzDataTableEntity @Table -Entity $LastStartup -Force
 }
 # Uncomment the next line to enable legacy AzureRm alias in Azure PowerShell.
 # Enable-AzureRmAlias