Merge pull request #1118 from JohnDuprey/dev

multi function node support

CIPPTimers.json

@@ -4,14 +4,23 @@
     "Description": "Orchestrator to process user scheduled tasks",
     "Cron": "0 */15 * * * *",
     "Priority": 1,
+    "RunOnProcessor": true,
+    "PreferredProcessor": "usertasks"
+  },
+  {
+    "Command": "Start-CIPPProcessorQueue",
+    "Description": "Timer to handle user initiated tasks",
+    "Cron": "0 */15 * * * *",
+    "Priority": 1,
     "RunOnProcessor": true
   },
   {
     "Command": "Start-AuditLogOrchestrator",
     "Description": "Orchestrator to process audit logs",
     "Cron": "0 */15 * * * *",
     "Priority": 2,
-    "RunOnProcessor": true
+    "RunOnProcessor": true,
+    "PreferredProcessor": "auditlog"
   },
   {
     "Command": "Start-WebhookOrchestrator",
@@ -25,7 +34,8 @@
     "Description": "Orchestrator to process standards",
     "Cron": "0 0 */4 * * *",
     "Priority": 4,
-    "RunOnProcessor": true
+    "RunOnProcessor": true,
+    "PreferredProcessor": "standards"
   },
   {
     "Command": "Start-CIPPGraphSubscriptionCleanupTimer",

Modules/CIPPCore/Public/Clear-CippDurables.ps1

@@ -3,14 +3,11 @@ function Clear-CippDurables {
     Param()
     # Collect info
     $StorageContext = New-AzStorageContext -ConnectionString $env:AzureWebJobsStorage
-    $FunctionName = $env:WEBSITE_SITE_NAME
+    $FunctionName = $env:WEBSITE_SITE_NAME -replace '-', ''
 
     # Get orchestrators
     $InstancesTable = Get-CippTable -TableName ('{0}Instances' -f $FunctionName)
     $HistoryTable = Get-CippTable -TableName ('{0}History' -f $FunctionName)
-    $Yesterday = (Get-Date).AddDays(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
-    $Filter = "CreatedTime ge datetime'$Yesterday' or RuntimeStatus eq 'Pending' or RuntimeStatus eq 'Running'"
-    $Instances = Get-CippAzDataTableEntity @InstancesTable -Filter $Filter
 
     $Queues = Get-AzStorageQueue -Context $StorageContext -Name ('{0}*' -f $FunctionName) | Select-Object -Property Name, ApproximateMessageCount, QueueClient
 
@@ -50,7 +47,7 @@ function Clear-CippDurables {
 
     Remove-AzDataTable @InstancesTable
     Remove-AzDataTable @HistoryTable
-    $BlobContainer = '{0}-largemessages' -f $Function.Name
+    $BlobContainer = '{0}-largemessages' -f $FunctionName
     if (Get-AzStorageContainer -Name $BlobContainer -Context $StorageContext -ErrorAction SilentlyContinue) {
         Write-Information "- Removing blob container: $BlobContainer"
         if ($PSCmdlet.ShouldProcess($BlobContainer, 'Remove Blob Container')) {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1

@@ -13,18 +13,29 @@ Function Invoke-ExecAccessChecks {
     $APIName = $TriggerMetadata.FunctionName
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
+    $Table = Get-CIPPTable -tablename 'AccessChecks'
 
     # Write to the Azure Functions log stream.
     Write-Host 'PowerShell HTTP trigger function processed a request.'
     if ($Request.Query.Permissions -eq 'true') {
-        $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -ExecutingUser $Request.Headers.'x-ms-client-principal'
+        if ($Request.Query.Cached -eq 'true') {
+            $Data = (Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq 'AccessPermissions'").Data | ConvertFrom-Json
+            $Results = $Data
+        } else {
+            $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -ExecutingUser $Request.Headers.'x-ms-client-principal'
+        }
     }
 
     if ($Request.Query.Tenants -eq 'true') {
         $Results = Test-CIPPAccessTenant -TenantCSV $Request.Body.tenantid -ExecutingUser $Request.Headers.'x-ms-client-principal'
     }
     if ($Request.Query.GDAP -eq 'true') {
-        $Results = Test-CIPPGDAPRelationships
+        if ($Request.Query.Cached -eq 'true') {
+            $Data = (Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq 'GDAPRelationships'").Data | ConvertFrom-Json
+            $Results = $Data
+        } else {
+            $Results = Test-CIPPGDAPRelationships
+        }
     }
 
     $body = [pscustomobject]@{'Results' = $Results }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1

@@ -39,14 +39,26 @@ function Invoke-ExecCustomRole {
                 )
             } else {
                 $Body = foreach ($Role in $Body) {
-                    $Role.Permissions = $Role.Permissions | ConvertFrom-Json
+                    try {
+                        $Role.Permissions = $Role.Permissions | ConvertFrom-Json
+                    } catch {
+                        $Role.Permissions = ''
+                    }
                     if ($Role.AllowedTenants) {
-                        $Role.AllowedTenants = @($Role.AllowedTenants | ConvertFrom-Json)
+                        try {
+                            $Role.AllowedTenants = @($Role.AllowedTenants | ConvertFrom-Json)
+                        } catch {
+                            $Role.AllowedTenants = ''
+                        }
                     } else {
                         $Role | Add-Member -NotePropertyName AllowedTenants -NotePropertyValue @() -Force
                     }
                     if ($Role.BlockedTenants) {
-                        $Role.BlockedTenants = @($Role.BlockedTenants | ConvertFrom-Json)
+                        try {
+                            $Role.BlockedTenants = @($Role.BlockedTenants | ConvertFrom-Json)
+                        } catch {
+                            $Role.BlockedTenants = ''
+                        }
                     } else {
                         $Role | Add-Member -NotePropertyName BlockedTenants -NotePropertyValue @() -Force
                     }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1

@@ -14,23 +14,27 @@ function Invoke-ExecAppUpload {
     if ($Config -and $Config.state -eq $true) {
         if ($env:CIPP_PROCESSOR -ne 'true') {
             $ProcessorFunction = [PSCustomObject]@{
-                FunctionName      = 'CIPPFunctionProcessor'
+                PartitionKey      = 'Function'
+                RowKey            = 'Start-ApplicationOrchestrator'
                 ProcessorFunction = 'Start-ApplicationOrchestrator'
             }
-            Push-OutputBinding -Name QueueItem -Value $ProcessorFunction
+            $ProcessorQueue = Get-CIPPTable -TableName 'ProcessorQueue'
+            Add-AzDataTableEntity @ProcessorQueue -Entity $ProcessorFunction -Force
+            $Results = [pscustomobject]@{'Results' = 'Queueing application upload' }
         }
     } else {
         try {
             Start-ApplicationOrchestrator
+            $Results = [pscustomobject]@{'Results' = 'Started application upload' }
         } catch {
-            Write-Host "orchestrator error: $($_.Exception.Message)"
+            $Results = [pscustomobject]@{'Results' = "Failed to start application upload. Error: $($_.Exception.Message)" }
         }
     }
 
     $Results = [pscustomobject]@{'Results' = 'Started application queue' }
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
-            Body       = $results
+            Body       = $Results
         })
 
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecBPA.ps1

@@ -13,19 +13,23 @@ function Invoke-ExecBPA {
 
     if ($Config -and $Config.state -eq $true) {
         if ($env:CIPP_PROCESSOR -ne 'true') {
+            $ProcessorQueue = Get-CIPPTable -TableName 'ProcessorQueue'
             $ProcessorFunction = [PSCustomObject]@{
-                FunctionName      = 'CIPPFunctionProcessor'
-                ProcessorFunction = 'Start-BPAOrchestrator'
-                Parameters        = [PSCustomObject]@{
-                    TenantFilter = $Request.Query.TenantFilter
-                }
+                PartitionKey = 'Function'
+                RowKey       = "Start-BPAOrchestrator-$($Request.Query.TenantFilter)"
+                FunctionName = 'Start-BPAOrchestrator'
+                Parameters   = [string](ConvertTo-Json -Compress -InputObject @{
+                        TenantFilter = $Request.Query.TenantFilter
+                    })
             }
-            Push-OutputBinding -Name QueueItem -Value $ProcessorFunction
+            Add-AzDataTableEntity @ProcessorQueue -Entity $ProcessorFunction -Force
+            $Results = [pscustomobject]@{'Results' = 'BPA queued for execution' }
         }
     } else {
         Start-BPAOrchestrator -TenantFilter $Request.Query.TenantFilter
+        $Results = [pscustomobject]@{'Results' = 'BPA started' }
     }
-    $Results = [pscustomobject]@{'Results' = 'BPA started' }
+
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
             Body       = $Results

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecDomainAnalyser.ps1

@@ -14,17 +14,26 @@ function Invoke-ExecDomainAnalyser {
     if ($Config -and $Config.state -eq $true) {
         if ($env:CIPP_PROCESSOR -ne 'true') {
             $ProcessorFunction = [PSCustomObject]@{
-                FunctionName      = 'CIPPFunctionProcessor'
+                PartitionKey      = 'Function'
+                RowKey            = 'Start-DomainOrchestrator'
                 ProcessorFunction = 'Start-DomainOrchestrator'
             }
-            Push-OutputBinding -Name QueueItem -Value $ProcessorFunction
+            $ProcessorQueue = Get-CIPPTable -TableName 'ProcessorQueue'
+            Add-AzDataTableEntity @ProcessorQueue -Entity $ProcessorFunction -Force
+            $Results = [pscustomobject]@{'Results' = 'Queueing Domain Analyser' }
         }
     } else {
-        Start-DomainOrchestrator
+        $OrchStatus = Start-DomainOrchestrator
+        if ($OrchStatus) {
+            $Message = 'Domain Analyser started'
+        } else {
+            $Message = 'Domain Analyser error: check logs'
+        }
+        $Results = [pscustomobject]@{'Results' = $Message }
     }
 
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
-            Body       = $results
+            Body       = $Results
         })
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1

@@ -19,14 +19,16 @@ Function Invoke-ExecStandardsRun {
     if ($Config -and $Config.state -eq $true) {
         if ($env:CIPP_PROCESSOR -ne 'true') {
             $ProcessorFunction = [PSCustomObject]@{
-                FunctionName      = 'CIPPFunctionProcessor'
+                PartitionKey      = 'Function'
+                RowKey            = "Invoke-CIPPStandardsRun-$tenantfilter"
                 ProcessorFunction = 'Invoke-CIPPStandardsRun'
-                Parameters        = [PSCustomObject]@{
-                    TenantFilter = $tenantfilter
-                    Force        = $true
-                }
+                Parameters        = [string](ConvertTo-Json -Compress -InputObject @{
+                        TenantFilter = $tenantfilter
+                        Force        = $true
+                    })
             }
-            Push-OutputBinding -Name QueueItem -Value $ProcessorFunction
+            $ProcessorQueue = Get-CIPPTable -TableName 'ProcessorQueue'
+            Add-AzDataTableEntity @ProcessorQueue -Entity $ProcessorFunction -Force
             $Results = "Successfully Queued Standards Run for Tenant $tenantfilter"
         }
     } else {

Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-WebhookOrchestrator.ps1

@@ -12,9 +12,9 @@ function Start-WebhookOrchestrator {
             Write-Information 'No webhook subscriptions found. Exiting.'
             return
         }
-        
+
         $WebhookIncomingTable = Get-CIPPTable -TableName WebhookIncoming
-        $WebhookIncoming = Get-CIPPAzDataTableEntity @WebhookIncomingTable -Property RowKey
+        $WebhookIncoming = Get-CIPPAzDataTableEntity @WebhookIncomingTable -Property PartitionKey, RowKey
         if (($WebhookIncoming | Measure-Object).Count -eq 0) {
             Write-Information 'No webhook incoming found. Exiting.'
             return

Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1

@@ -0,0 +1,23 @@
+function Start-CIPPProcessorQueue {
+    <#
+    .SYNOPSIS
+    Starts a specified function on the processor node
+    #>
+    [CmdletBinding(SupportsShouldProcess = $true)]
+    param()
+
+    $QueueTable = Get-CIPPTable -tablename 'ProcessorQueue'
+    $QueueItems = Get-CIPPAzDataTableEntity @QueueTable -Filter "PartitionKey eq 'Function'"
+
+    foreach ($QueueItem in $QueueItems) {
+        if ($PSCmdlet.ShouldProcess("Processing function $($QueueItem.ProcessorFunction)")) {
+            Remove-AzDataTableEntity @QueueTable -Entity $QueueItem
+            $Parameters = $QueueItem.Parameters | ConvertFrom-Json -AsHashtable
+            if (Get-Command -Name $QueueItem.FunctionName -Module CIPPCore -ErrorAction SilentlyContinue) {
+                & $QueueItem.FunctionName @Parameters
+            } else {
+                Write-Warning "Function $($QueueItem.FunctionName) not found"
+            }
+        }
+    }
+}

Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-UpdateTokensTimer.ps1

@@ -18,7 +18,7 @@ function Start-UpdateTokensTimer {
             $Secret = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
             if ($Secret) {
                 $Secret.RefreshToken = $Refreshtoken
-                Add-AzDataTableEntity @Table -Entity $Secret
+                Add-AzDataTableEntity @Table -Entity $Secret -Force
             } else {
                 Write-LogMessage -message 'Could not update refresh token. Will try again in 7 days.' -sev 'CRITICAL'
             }

Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1

@@ -9,7 +9,7 @@ function Get-CIPPAuthentication {
     try {
         if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
             $Table = Get-CIPPTable -tablename 'DevSecrets'
-            $Secret = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
+            $Secret = Get-AzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
             if (!$Secret) {
                 throw 'Development variables not set'
             }
@@ -20,7 +20,7 @@ function Get-CIPPAuthentication {
             }
         } else {
             Connect-AzAccount -Identity
-            $keyvaultname = $ENV:WEBSITE_DEPLOYMENT_ID -replace '-proc$', ''
+            $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
             $Variables | ForEach-Object {
                 Set-Item -Path ENV:$_ -Value (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name $_ -AsPlainText -ErrorAction Stop) -Force
             }