hudu / extension tweaks

improve more logging update hudu to accept entire integration config to check for ZTNA
KelvinTegelaar · Feb 8, 2025 · 59a7328 · 59a7328
1 parent e772de7
commit 59a7328
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 21 deletions.
diff --git a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1
@@ -3,7 +3,7 @@ function New-CIPPAPIConfig {
     [CmdletBinding(SupportsShouldProcess)]
     param (
         $APIName = 'CIPP API Config',
-        $ExecutingUser,
+        $Headers,
         [switch]$ResetSecret,
         [string]$AppName,
         [string]$AppId
@@ -60,7 +60,7 @@ function New-CIPPAPIConfig {
                 $APIIdUrl = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)" -NoAuthCheck $true -type PATCH -body "{`"identifierUris`":[`"api://$($APIApp.appId)`"]}"
                 Write-Information 'Adding serviceprincipal'
                 $ServicePrincipal = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/serviceprincipals' -NoAuthCheck $true -type POST -body "{`"accountEnabled`":true,`"appId`":`"$($APIApp.appId)`",`"displayName`":`"$AppName`",`"tags`":[`"WindowsAzureActiveDirectoryIntegratedApp`",`"AppServiceIntegratedApp`"]}"
-                Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Created CIPP-API App with name '$($APIApp.displayName)'." -Sev 'info'
+                Write-LogMessage -headers $Headers -API $APINAME -tenant 'None '-message "Created CIPP-API App with name '$($APIApp.displayName)'." -Sev 'info'
             }
         }
         if ($ResetSecret.IsPresent -and $APIApp) {
@@ -95,7 +95,7 @@ function New-CIPPAPIConfig {
                 )
                 $BatchResponse = New-GraphBulkRequest -tenantid $env:TenantID -NoAuthCheck $true -asapp $true -Requests $Requests
                 $APIPassword = $BatchResponse | Where-Object { $_.id -eq 'addNewPassword' } | Select-Object -ExpandProperty body
-                Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Reset CIPP-API Password for '$($APIApp.displayName)'." -Sev 'info'
+                Write-LogMessage -headers $Headers -API $APINAME -tenant 'None '-message "Reset CIPP-API Password for '$($APIApp.displayName)'." -Sev 'info'
             }
         }
 
@@ -109,7 +109,7 @@ function New-CIPPAPIConfig {
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
         Write-Information ($ErrorMessage | ConvertTo-Json -Depth 10)
-        Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None' -message "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError) Linenumber: $($_.InvocationInfo.ScriptLineNumber)" -Sev 'Error' -LogData $ErrorMessage
+        Write-LogMessage -headers $Headers -API $APINAME -tenant 'None' -message "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError) Linenumber: $($_.InvocationInfo.ScriptLineNumber)" -Sev 'Error' -LogData $ErrorMessage
         return @{
             Results = "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError)"
         }

diff --git a/...s/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 b/...s/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1
@@ -11,7 +11,7 @@ Function Invoke-ExecExtensionTest {
     param($Request, $TriggerMetadata)
 
     $APIName = $TriggerMetadata.FunctionName
-    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug'
     $Table = Get-CIPPTable -TableName Extensionsconfig
     $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json)
     # Interact with query parameters or the body of the request.
@@ -62,7 +62,7 @@ Function Invoke-ExecExtensionTest {
                 }
             }
             'Hudu' {
-                Connect-HuduAPI -configuration $Configuration.Hudu
+                Connect-HuduAPI -configuration $Configuration
                 $Version = Get-HuduAppInfo
                 if ($Version.version) {
                     $Results = [pscustomobject]@{'Results' = ('Successfully Connected to Hudu, version: {0}' -f $Version.version) }

diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1
@@ -33,7 +33,7 @@ function Invoke-ExecApiClient {
                 $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId
                 try {
                     $ApiConfig = @{
-                        ExecutingUser = $Request.Headers.'x-ms-client-principal'
+                        Headers = $Request.Headers
                     }
                     if ($ClientId) {
                         $ApiConfig.ClientId = $ClientId
@@ -43,7 +43,7 @@ function Invoke-ExecApiClient {
                         $ApiConfig.AppName = $Request.Body.AppName
                     }
                     $APIConfig = New-CIPPAPIConfig @ApiConfig
-                    Write-Host ($APIConfig | ConvertTo-Json)
+
                     $ClientId = $APIConfig.ApplicationID
                     $AddedText = $APIConfig.Results
                 } catch {
@@ -64,7 +64,7 @@ function Invoke-ExecApiClient {
                 $Client.Role = [string]$Request.Body.Role.value
                 $Client.IPRange = "$(@($IpRange) | ConvertTo-Json -Compress)"
                 $Client.Enabled = $Request.Body.Enabled ?? $false
-                Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info'
+                Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info'
                 $Results = 'API client updated'
             } else {
                 $Client = @{
@@ -109,8 +109,10 @@ function Invoke-ExecApiClient {
             try {
                 Set-CippApiAuth -RGName $RGName -FunctionAppName $FunctionAppName -TenantId $TenantId -ClientIds $ClientIds
                 $Body = @{ Results = 'API clients saved to Azure' }
+                Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message 'Saved API clients to Azure' -Sev 'Info'
             } catch {
                 $Body = @{ Results = 'Failed to save allowed API clients to Azure, ensure your function app has the appropriate rights to make changes to the Authentication settings.' }
+                Write-Information (Get-CippException -Exception $_ | ConvertTo-Json)
             }
         }
         'ResetSecret' {
@@ -121,7 +123,7 @@ function Invoke-ExecApiClient {
                     severity   = 'error'
                 }
             } else {
-                $ApiConfig = New-CIPPAPIConfig -ResetSecret -AppId $Request.Body.ClientId
+                $ApiConfig = New-CIPPAPIConfig -ResetSecret -AppId $Request.Body.ClientId -Headers $Request.Headers
 
                 if ($ApiConfig.ApplicationSecret) {
                     $Results = @{
@@ -152,13 +154,13 @@ function Invoke-ExecApiClient {
 
                     $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey, ETag
                     Remove-AzDataTableEntity @Table -Entity $Client
-                    Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info'
+                    Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info'
                     $Body = @{ Results = "API client $ClientId deleted" }
                 } else {
                     $Body = @{ Results = "API client $ClientId not found or not a valid CIPP-API application" }
                 }
             } catch {
-                Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Failed to remove app registration for $ClientId" -Sev 'Warning'
+                Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Failed to remove app registration for $ClientId" -Sev 'Warning'
             }
         }
         default {

diff --git a/Modules/CippExtensions/Public/Extension Functions/Push-CippExtensionData.ps1 b/Modules/CippExtensions/Public/Extension Functions/Push-CippExtensionData.ps1
@@ -11,7 +11,7 @@ function Push-CippExtensionData {
         'Hudu' {
             if ($Config.Hudu.Enabled) {
                 Write-Host 'Perfoming Hudu Extension Sync...'
-                Invoke-HuduExtensionSync -Configuration $Config.Hudu -TenantFilter $TenantFilter
+                Invoke-HuduExtensionSync -Configuration $Config -TenantFilter $TenantFilter
             }
         }
     }

diff --git a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1
@@ -6,12 +6,11 @@ function Connect-HuduAPI {
 
     $APIKey = Get-ExtensionAPIKey -Extension 'Hudu'
 
-    # Add logic to check if we're using CloudFlare Tunnel (if Hudu.CFEnabled checkbox is checked from Extensions.json). If the checkbox is checked, pull CloudFlare ClientID and API Key and add as a header
-    if ($Configuration.CFEnabled) {
-        $CFClientID = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareClientID' -AsPlainText)
-        $CFAPIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareAPIKey' -AsPlainText)
-        New-HuduCustomHeaders -Headers @{'CF-Access-Client-Id' = "$CFClientID"; 'CF-Access-Client-Secret' = "$CFAPIKey" }
+    if ($Configuration.Hudu.CFEnabled -eq $true -and $Configuration.CFZTNA.Enabled -eq $true) {
+        $CFAPIKey = Get-ExtensionAPIKey -Extension 'CFZTNA'
+        New-HuduCustomHeaders -Headers @{'CF-Access-Client-Id' = $Configuration.CFZTNA.ClientId; 'CF-Access-Client-Secret' = "$CFAPIKey" }
+        Write-Information 'CF-Access-Client-Id and CF-Access-Client-Secret headers added to Hudu API request'
     }
-    New-HuduBaseURL -BaseURL $Configuration.BaseURL
+    New-HuduBaseURL -BaseURL $Configuration.Hudu.BaseURL
     New-HuduAPIKey -ApiKey $APIKey
 }
diff --git a/Modules/CippExtensions/Public/Hudu/Get-HuduFieldMapping.ps1 b/Modules/CippExtensions/Public/Hudu/Get-HuduFieldMapping.ps1
@@ -28,7 +28,7 @@ function Get-HuduFieldMapping {
 
     $Table = Get-CIPPTable -TableName Extensionsconfig
     try {
-        $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop).Hudu
+        $Configuration = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop
         Connect-HuduAPI -configuration $Configuration
 
         $AssetLayouts = Get-HuduAssetLayouts | Select-Object @{Name = 'FieldType' ; Expression = { 'Layouts' } }, @{Name = 'value'; Expression = { $_.id } }, name, fields

diff --git a/Modules/CippExtensions/Public/Hudu/Get-HuduMapping.ps1 b/Modules/CippExtensions/Public/Hudu/Get-HuduMapping.ps1
@@ -23,7 +23,7 @@ function Get-HuduMapping {
     $Tenants = Get-Tenants -IncludeErrors
     $Table = Get-CIPPTable -TableName Extensionsconfig
     try {
-        $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop).Hudu
+        $Configuration = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop
 
         Connect-HuduAPI -configuration $Configuration
         $HuduCompanies = Get-HuduCompanies