[pull] dev from KelvinTegelaar:dev #6
+554,617
−327,734
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated Get-CIPPLicenseOverview to return TermInfo as an object instead of a JSON string. Refactored Push-ListLicensesQueue to store license data as JSON in the cache table. Simplified handling of TermInfo in related scripts, removing unnecessary conversions. Improved consistency and reliability in license data processing across modules.
Remove Az.KeyVault 6.3.1 module and add KeyVault secret cmdlets ,updated dev workflow file
Introduces Stopwatch-based timing for key initialization steps in profile.ps1, including Application Insights SDK load, module imports, TelemetryClient setup, Durable SDK import, Az context disable, authentication, and version check. Outputs a compressed JSON summary of timings for performance diagnostics.
Changed the Resource Graph API call in Invoke-ListApiTest.ps1 from a GET to a POST request with a JSON body and updated the API version. Set the default ContentType to 'application/json' in New-CIPPAzRestRequest.ps1 to ensure correct request formatting.
Replaces direct Az module calls in Clear-CippDurables.ps1 with new custom GraphHelper functions for Azure Storage queue and container operations. Adds new helper scripts: Clear-CIPPAzStorageQueue, Get-CIPPAzStorageContainer, Get-CIPPAzStorageQueue, Remove-CIPPAzStorageContainer, and New-CIPPAzStorageRequest to support REST-based, connection-string-driven storage management without Az module dependency.
Replaces direct Az PowerShell context and cmdlet usage with ARM REST API calls via managed identity for Function App settings and Key Vault access. Introduces helper functions Get-CIPPAzFunctionAppSetting and Update-CIPPAzFunctionAppSetting, and updates authentication, settings, and secret management scripts to use these. Removes redundant Connect-AzAccount and Set-AzContext logic, streamlining code for managed identity environments.
Deleted all files for Az.Accounts 4.0.2, Az.Functions 4.2.0, and Az.Storage 8.1.0 modules from the Modules directory. This change removes these specific versions and all their associated resources, scripts, and binaries.
Eliminated the code block that disabled AzContext autosave and its associated timing measurement. This streamlines the profile script and removes unnecessary operations.
Now retrieves authentication settings via Azure REST API first, falling back to the WEBSITE_AUTH_V2_CONFIG_JSON environment variable only if the REST call fails. This improves reliability by prioritizing live configuration data.
Introduces an AsyncLocal-based per-request cache for user roles in Test-CIPPAccessUserRole and initializes it in New-CippCoreRequest to reduce redundant lookups. Also refines stopwatch timing logic in profile.ps1 to ensure accurate measurement and avoid errors when Application Insights is not configured.
Introduces per-request timing using Stopwatch for key steps in New-CippCoreRequest, including access checks, tenant/group resolution, and endpoint invocation. Timings are logged in a structured format for improved observability and performance diagnostics.
Introduced per-call profiling using Stopwatch in Test-CIPPAccess and Test-CIPPAccessUserRole functions. Timings for key operations are collected and logged for performance analysis, aiding in identifying bottlenecks during authentication and authorization flows.
Replaced all Write-Information calls for timing output with Write-Debug in authentication, HTTP request, and profile scripts. Updated Enable-CippConsoleLogging to set DebugPreference when CIPP_CONSOLE_LOG_LEVEL is 'Debug'. This change improves control over timing log verbosity and aligns with standard debugging practices.
Updated various scripts to use Write-Debug instead of Write-Information for internal logging and status messages. This change helps reduce noise in standard output and aligns logging with debug-level verbosity.
Log messages now include tags if provided, formatted as a comma-separated list in square brackets before the message. This enhances log clarity by associating tags directly with their messages.
Introduces Tools/Build-FunctionPermissions.ps1 to generate a JSON cache of function permissions for the CIPPCore module. Updates Test-CIPPAccess.ps1 to load permission data from this cache for improved performance, falling back to Get-Help if needed. Modifies the dev_api GitHub Actions workflow to run the new script during the build process.
Add function permissions cache and build script
When sending webhook alerts, the script now checks for CFZTNA extension configuration and, if enabled, adds CF-Access-Client-Id and CF-Access-Client-Secret headers to the API request. Also improves error handling by returning error messages when webhook sending fails.
Updated multiple standards scripts to use 'CurrentValue' and 'ExpectedValue' objects in Set-CIPPStandardsCompareField for improved reporting consistency. Also fixed minor formatting, error handling, and parameter validation issues across several scripts.
- Improve error handling for scheduled user creation. - Ensure detailed error messages are thrown for user creation failures.
Eliminated an unnecessary Write-LogMessage call when retrieving a specific template by TemplateId to reduce log verbosity.
Refactored the function to use Microsoft Graph bulk requests for retrieving app registrations and service principals, reducing redundant API calls and improving performance. Enhanced permission extraction logic to handle cases where app registration is inaccessible by building permissions from service principal grants and assignments. Improved translation of permission IDs to claim values using bulk-fetched service principal details.
Added logic to convert non-string $CurrentValue and $ExpectedValue to compressed JSON strings in Set-CIPPStandardsCompareField. This ensures consistent handling of complex objects during comparison.
Streamlines retrieval and processing of Exchange Connector templates by fetching all relevant templates at once and using them for remediation, alerting, and reporting. Improves efficiency and consistency in connector management, and enhances reporting and alerting logic for template deployment status.
Updated all Write-LogMessage invocations to use the $Headers variable instead of $User for logging API actions in New-CIPPCAPolicy.ps1. This change ensures consistent use of the correct headers parameter throughout the script.
Replaces all instances of $Item.templateId with $Item.TemplateId for consistency and to match property naming conventions throughout Push-CIPPStandard.ps1.
Refactored multiple standards modules to use a consistent reporting format with CurrentValue and ExpectedValue objects in Set-CIPPStandardsCompareField. This improves clarity and uniformity in reporting compliance states across all standards.
Refactored group assignment logic in Invoke-AddMSPApp.ps1 and Invoke-AddOfficeApp.ps1 to support custom group assignments. Enhanced Set-CIPPAssignedApplication.ps1 to fetch group IDs with additional query parameters and fixed variable usage in group matching.
Corrects the assignment of the $assignTo variable to use the value of CustomGroup when AssignTo is 'customGroup'. Also updates function definition to use lowercase 'function' for consistency.
Added validation to ensure tenantFilter is present in the request body when creating a user. Returns a BadRequest response if tenantFilter is missing to prevent incomplete user creation.
Fix: Update return message for license assignment
Fix: Enhance error handling for user creation tasks
Refactored the filtering logic for the CountsOnly path to support combined TenantFilter and Type conditions. Now uses a list to build filter expressions and selects only relevant properties for results.
Introduces a new function to generate mailbox permission reports from the CIPP Reporting database. Supports grouping results by mailbox or by user, and includes error handling and logging.
Replaces individual requests with Microsoft Graph bulk requests for fetching Intune policy types, assignments, and device statuses. Improves performance and efficiency by batching requests, adds support for expanded assignment and device status retrieval, and enhances error handling and logging. Includes device statuses as well.
Introduces Set-CIPPDBCacheMailboxUsage and Set-CIPPDBCacheOneDriveUsage functions to cache mailbox and OneDrive usage details for tenants. Updates Push-CIPPDBCacheData to invoke these new functions and handle errors accordingly.
Added Get-CippExtensionReportingData to retrieve extension sync data from the new CIPP Reporting DB, replacing legacy cache calls. Updated Invoke-HuduExtensionSync to use the new function and handle inline members for roles and groups, and changed device compliance policy status retrieval. Improved API key retrieval logic in Get-ExtensionAPIKey.
Added Secure Score and Secure Score Control Profiles to Get-CippExtensionReportingData. Updated Invoke-NinjaOneTenantSync to use the new reporting data, improved mapping of cached data, and refactored role and group member retrieval to use inline properties instead of separate cache entries. Also adjusted device compliance policy status retrieval to query directly from the database.
Removed legacy Sync-CippExtensionData scheduled tasks and deprecated related code, transitioning all extension data sync to use CippReportingDB and Push-CIPPDBCacheData. Updated filtering logic and cache retrieval in Invoke-CustomDataSync, and added CacheExtensionSync to table cleanup. These changes streamline extension data management and remove obsolete scheduled tasks.
Introduces Search-CIPPDbData.ps1, a function for searching JSON objects in the CIPP Reporting DB across multiple data types and tenants using regex or wildcard terms. Also updates Get-CIPPDbItem.ps1 to handle 'allTenants' filtering logic for improved search support.
The CaseSensitive parameter was removed and replaced with MatchAll, which requires all search terms to be found when specified. The default behavior now matches any term. Documentation and logic were updated accordingly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )