fix: track last setting update for triggers

also add env var backup table

Author: JohnDuprey

Modules/CIPPCore/Public/GraphHelper/Set-CIPPEnvVarBackup.ps1

@@ -0,0 +1,68 @@
+function Set-CIPPEnvVarBackup {
+    param()
+
+    $FunctionAppName = $env:WEBSITE_SITE_NAME
+    $PropertiesToBackup = @(
+        'AzureWebJobsStorage'
+        'WEBSITE_RUN_FROM_PACKAGE'
+        'FUNCTIONS_EXTENSION_VERSION'
+        'FUNCTIONS_WORKER_RUNTIME'
+        'CIPP_HOSTED'
+        'CIPP_HOSTED_KV_SUB'
+        'WEBSITE_ENABLE_SYNC_UPDATE_SITE'
+        'WEBSITE_AUTH_AAD_ALLOWED_TENANTS'
+    )
+
+    $RequiredProperties = @('AzureWebJobsStorage', 'FUNCTIONS_EXTENSION_VERSION', 'FUNCTIONS_WORKER_RUNTIME', 'WEBSITE_RUN_FROM_PACKAGE')
+
+    if ($env:WEBSITE_SKU -eq 'FlexConsumption') {
+        $RequiredProperties = $RequiredProperties | Where-Object { $_ -ne 'WEBSITE_RUN_FROM_PACKAGE' }
+    }
+
+    $Backup = @{}
+    foreach ($Property in $PropertiesToBackup) {
+        $Backup[$Property] = [environment]::GetEnvironmentVariable($Property)
+    }
+
+    $EnvBackupTable = Get-CIPPTable -tablename 'EnvVarBackups'
+    $CurrentBackup = Get-CIPPAzDataTableEntity @EnvBackupTable -Filter "PartitionKey eq 'EnvVarBackup' and RowKey eq '$FunctionAppName'"
+
+    # ConvertFrom-Json returns PSCustomObject - convert to hashtable for consistent key/value access
+    $CurrentValues = @{}
+    if ($CurrentBackup -and $CurrentBackup.Values) {
+        ($CurrentBackup.Values | ConvertFrom-Json).PSObject.Properties | ForEach-Object {
+            $CurrentValues[$_.Name] = $_.Value
+        }
+    }
+
+    $IsNew = $CurrentValues.Count -eq 0
+
+    if ($IsNew) {
+        # First capture - write everything from the live environment
+        $SavedValues = $Backup
+        Write-Information "Creating new environment variable backup for $FunctionAppName"
+    } else {
+        # Backup already exists - keep existing values fixed, only backfill any properties not yet captured
+        $SavedValues = $CurrentValues
+        foreach ($Property in $PropertiesToBackup) {
+            if (-not $SavedValues[$Property] -and $Backup[$Property]) {
+                Write-Information "Backfilling missing backup property '$Property' from current environment."
+                $SavedValues[$Property] = $Backup[$Property]
+            }
+        }
+        Write-Information "Environment variable backup already exists for $FunctionAppName - preserving fixed values"
+    }
+
+    # Validate all required properties are present in the final backup
+    $MissingRequired = $RequiredProperties | Where-Object { -not $SavedValues[$_] }
+    if ($MissingRequired) {
+        Write-Warning "Environment variable backup for $FunctionAppName is missing required properties: $($MissingRequired -join ', ')"
+    }
+
+    $Entity = @{
+        PartitionKey = 'EnvVarBackup'
+        RowKey       = $FunctionAppName
+        Values       = [string]($SavedValues | ConvertTo-Json -Compress)
+    }
+    Add-CIPPAzDataTableEntity @EnvBackupTable -Entity $Entity -Force | Out-Null
+}

Modules/CIPPCore/Public/GraphHelper/Set-CIPPOffloadFunctionTriggers.ps1

@@ -28,6 +28,15 @@ function Set-CIPPOffloadFunctionTriggers {
     $OffloadEnabled = $false
     [bool]::TryParse($OffloadConfig.state, [ref]$OffloadEnabled) | Out-Null
 
+    # Trigger Last change table
+    $TriggerChangeTable = Get-CippTable -tablename 'OffloadTriggerChange'
+    $LastChange = Get-CIPPAzDataTableEntity @TriggerChangeTable
+
+    if ($LastChange -and $LastChange.Timestamp -gt (Get-Date).AddMinutes(-30).ToUniversalTime() -and $LastChange.Offloading -eq $OffloadEnabled) {
+        Write-Information "Last trigger change was at $LastChange, skipping update to avoid rapid changes."
+        return $true
+    }
+
     # Determine resource group
     if ($env:WEBSITE_RESOURCE_GROUP) {
         $ResourceGroupName = $env:WEBSITE_RESOURCE_GROUP
@@ -70,6 +79,12 @@ function Set-CIPPOffloadFunctionTriggers {
             # Update app settings only if there are changes to make
             if ($AppSettings.Count -gt 0) {
                 if ($PSCmdlet.ShouldProcess($FunctionAppName, 'Disable non-HTTP triggers')) {
+                    $LastChange = @{
+                        PartitionKey = 'TriggerChange'
+                        RowKey       = 'LastChange'
+                        Offloading   = $OffloadEnabled
+                    }
+                    Add-CIPPAzDataTableEntity @TriggerChangeTable -Entity $LastChange -Force | Out-Null
                     Update-CIPPAzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $ResourceGroupName -AppSetting $AppSettings | Out-Null
                     Write-Information "Successfully disabled $($AppSettings.Count) non-HTTP trigger(s) on $FunctionAppName"
                 }
@@ -95,6 +110,12 @@ function Set-CIPPOffloadFunctionTriggers {
             # Update app settings with removal of keys only if there are changes to make
             if ($RemoveKeys.Count -gt 0) {
                 if ($PSCmdlet.ShouldProcess($FunctionAppName, 'Re-enable non-HTTP triggers')) {
+                    $LastChange = @{
+                        PartitionKey = 'TriggerChange'
+                        RowKey       = 'LastChange'
+                        Offloading   = $OffloadEnabled
+                    }
+                    Add-CIPPAzDataTableEntity @TriggerChangeTable -Entity $LastChange -Force | Out-Null
                     Update-CIPPAzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $ResourceGroupName -AppSetting @{} -RemoveKeys $RemoveKeys | Out-Null
                     Write-Information "Successfully re-enabled $($RemoveKeys.Count) non-HTTP trigger(s) on $FunctionAppName"
                 }

profile.ps1

@@ -127,6 +127,7 @@ if (!$LastStartup -or $CurrentVersion -ne $LastStartup.Version) {
 $SwVersion.Stop()
 $Timings['VersionCheck'] = $SwVersion.Elapsed.TotalMilliseconds
 
+Set-CIPPEnvVarBackup
 if ($env:AzureWebJobsStorage -ne 'UseDevelopmentStorage=true' -and $env:NonLocalHostAzurite -ne 'true') {
     Set-CIPPOffloadFunctionTriggers
 }