From fc7133f8c28c422fe7da006429a0edf7f719b870 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 28 Jan 2025 22:29:34 -0500 Subject: [PATCH] cache extension api keys reduce keyvault lookups increase performance --- .../Get-ExtensionAPIKey.ps1 | 30 +++++++++++++++++ .../Set-ExtensionAPIKey.ps1 | 33 +++++++++++++++++++ .../Public/Halo/Get-HaloToken.ps1 | 10 ++---- .../Public/Hudu/Connect-HuduAPI.ps1 | 12 ++----- .../Public/NinjaOne/Get-NinjaOneToken.ps1 | 14 +------- .../Public/PwPush/Set-PwPushConfig.ps1 | 10 ++---- .../Sherweb/Get-SherwebAuthentication.ps1 | 9 +---- 7 files changed, 72 insertions(+), 46 deletions(-) create mode 100644 Modules/CippExtensions/Public/Extension Functions/Get-ExtensionAPIKey.ps1 create mode 100644 Modules/CippExtensions/Public/Extension Functions/Set-ExtensionAPIKey.ps1 diff --git a/Modules/CippExtensions/Public/Extension Functions/Get-ExtensionAPIKey.ps1 b/Modules/CippExtensions/Public/Extension Functions/Get-ExtensionAPIKey.ps1 new file mode 100644 index 000000000000..deff07791101 --- /dev/null +++ b/Modules/CippExtensions/Public/Extension Functions/Get-ExtensionAPIKey.ps1 @@ -0,0 +1,30 @@ +function Get-ExtensionAPIKey { + <# + .FUNCTIONALITY + Internal + #> + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [string]$Extension, + [switch]$Force + ) + + $Var = "Ext_$Extension" + $APIKey = Get-Item -Path "ENV:$Var" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Value + if ($APIKey) { + Write-Information "Using cached API Key for $Extension" + } else { + Write-Information "Retrieving API Key for $Extension" + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' + $APIKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq '$Extension' and RowKey eq '$Extension'").APIKey + } else { + $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] + $null = Connect-AzAccount -Identity + $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name $Extension -AsPlainText) + } + Set-Item -Path "ENV:$Var" -Value $APIKey -Force -ErrorAction SilentlyContinue + } + return $APIKey +} diff --git a/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionAPIKey.ps1 b/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionAPIKey.ps1 new file mode 100644 index 000000000000..54c2c88b9061 --- /dev/null +++ b/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionAPIKey.ps1 @@ -0,0 +1,33 @@ +function Set-ExtensionAPIKey { + <# + .FUNCTIONALITY + Internal + #> + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '', Scope = 'Function')] + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [Parameter(Mandatory = $true)] + [string]$Extension, + [Parameter(Mandatory = $true)] + [string]$APIKey + ) + + if ($PSCmdlet.ShouldProcess('API Key', "Set API Key for $Extension")) { + $Var = "Ext_$Extension" + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' + $Secret = [PSCustomObject]@{ + 'PartitionKey' = $Extension + 'RowKey' = $Extension + 'APIKey' = $APIKey + } + Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force + } else { + $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] + $null = Connect-AzAccount -Identity + $null = Set-AzKeyVaultSecret -VaultName $keyvaultname -Name $Extension -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $APIKey) + } + Set-Item -Path "ENV:$Var" -Value $APIKey -Force -ErrorAction SilentlyContinue + } + return $true +} diff --git a/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 b/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 index 4fad5d783977..e2ba1492243a 100644 --- a/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 +++ b/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 @@ -4,14 +4,8 @@ function Get-HaloToken { $Configuration ) if (![string]::IsNullOrEmpty($Configuration.ClientID)) { - if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { - $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' - $Secret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'HaloPSA' and RowKey eq 'HaloPSA'").APIKey - } else { - $null = Connect-AzAccount -Identity - $VaultName = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] - $Secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name 'HaloPSA' -AsPlainText - } + $Secret = Get-ExtensionAPIKey -Extension 'Halo' + $body = @{ grant_type = 'client_credentials' client_id = $Configuration.ClientID diff --git a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 index 433bbe8547f5..cf4e4056c2b1 100644 --- a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 @@ -4,19 +4,13 @@ function Connect-HuduAPI { $Configuration ) - if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { - $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' - $APIKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Hudu' and RowKey eq 'Hudu'").APIKey - } else { - $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] - $null = Connect-AzAccount -Identity - $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'Hudu' -AsPlainText) - } + $APIKey = Get-ExtensionAPIKey -Extension 'Hudu' + # Add logic to check if we're using CloudFlare Tunnel (if Hudu.CFEnabled checkbox is checked from Extensions.json). If the checkbox is checked, pull CloudFlare ClientID and API Key and add as a header if ($Configuration.CFEnabled) { $CFClientID = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareClientID' -AsPlainText) $CFAPIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareAPIKey' -AsPlainText) - New-HuduCustomHeaders -Headers @{"CF-Access-Client-Id" = "$CFClientID"; "CF-Access-Client-Secret" = "$CFAPIKey"} + New-HuduCustomHeaders -Headers @{'CF-Access-Client-Id' = "$CFClientID"; 'CF-Access-Client-Secret' = "$CFAPIKey" } } New-HuduBaseURL -BaseURL $Configuration.BaseURL New-HuduAPIKey -ApiKey $APIKey diff --git a/Modules/CippExtensions/Public/NinjaOne/Get-NinjaOneToken.ps1 b/Modules/CippExtensions/Public/NinjaOne/Get-NinjaOneToken.ps1 index d7102d7d0e27..b0d9afc053f7 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Get-NinjaOneToken.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Get-NinjaOneToken.ps1 @@ -4,19 +4,7 @@ function Get-NinjaOneToken { $Configuration ) - - if (!$ENV:NinjaClientSecret) { - if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { - $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' - $ClientSecret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'NinjaOne' and RowKey eq 'NinjaOne'").APIKey - } else { - $null = Connect-AzAccount -Identity - $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] - $ClientSecret = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'NinjaOne' -AsPlainText) - } - } else { - $ClientSecret = $ENV:NinjaClientSecret - } + $ClientSecret = Get-ExtensionAPIKey -Extension 'NinjaOne' $body = @{ grant_type = 'client_credentials' diff --git a/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 b/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 index 82021abb0539..321534395f9f 100644 --- a/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 +++ b/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 @@ -18,14 +18,8 @@ function Set-PwPushConfig { $InitParams.BaseUrl = $Configuration.BaseUrl } if (![string]::IsNullOrEmpty($Configuration.EmailAddress)) { - if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { - $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' - $ApiKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'PWPush' and RowKey eq 'PWPush'").APIKey - } else { - $null = Connect-AzAccount -Identity - $VaultName = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] - $ApiKey = Get-AzKeyVaultSecret -VaultName $VaultName -Name 'PWPush' -AsPlainText - } + $ApiKey = Get-ExtensionAPIKey -Extension 'PWPush' + if (![string]::IsNullOrEmpty($ApiKey)) { $InitParams.APIKey = $ApiKey $InitParams.EmailAddress = $Configuration.EmailAddress diff --git a/Modules/CippExtensions/Public/Sherweb/Get-SherwebAuthentication.ps1 b/Modules/CippExtensions/Public/Sherweb/Get-SherwebAuthentication.ps1 index 457308343457..a137e8bdc78a 100644 --- a/Modules/CippExtensions/Public/Sherweb/Get-SherwebAuthentication.ps1 +++ b/Modules/CippExtensions/Public/Sherweb/Get-SherwebAuthentication.ps1 @@ -1,15 +1,8 @@ function Get-SherwebAuthentication { $Table = Get-CIPPTable -TableName Extensionsconfig $Config = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).Sherweb + $APIKey = Get-ExtensionAPIKey -Extension 'Sherweb' - if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { - $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' - $APIKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Sherweb' and RowKey eq 'Sherweb'").APIKey - } else { - $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] - $null = Connect-AzAccount -Identity - $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'sherweb' -AsPlainText) - } $AuthBody = @{ client_id = $Config.clientId client_secret = $APIKey