CPV Durable

Cleanup queue output bindings

Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1

@@ -0,0 +1,17 @@
+function Push-UpdatePermissionsQueue {
+    # Input bindings are passed in via param block.
+    param($Item)
+    Write-Host "Applying permissions for $($Item.defaultDomainName)"
+    $Table = Get-CIPPTable -TableName cpvtenants
+    $CPVRows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Tenant -EQ $Item.customerId
+    if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) {
+        Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message 'A New tenant has been added, or a new CIPP-SAM Application is in use' -Sev 'Warn' -API 'NewTenant'
+        Write-Host 'Adding CPV permissions'
+        Set-CIPPCPVConsent -Tenantfilter $Item.defaultDomainName
+    }
+
+    Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName
+    Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName
+
+    Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.defaultDomainName)" -Sev 'Info' -API 'UpdatePermissionsQueue'
+}

Scheduler_GetQueue/function.json

@@ -6,12 +6,6 @@
       "direction": "in",
       "type": "timerTrigger"
     },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "QueueItem",
-      "queueName": "CIPPGenericQueue"
-    },
     {
       "name": "starter",
       "type": "durableClient",

Scheduler_Standards/function.json

@@ -6,12 +6,6 @@
       "direction": "in",
       "type": "timerTrigger"
     },
-    {
-      "type": "queue",
-      "direction": "out",
-      "name": "QueueItem",
-      "queueName": "CIPPGenericQueue"
-    },
     {
       "name": "starter",
       "type": "durableClient",

UpdatePermissions/function.json

@@ -7,10 +7,9 @@
       "schedule": "0 0 0 * * *"
     },
     {
-      "type": "queue",
-      "direction": "out",
-      "name": "Msg",
-      "queueName": "cpvqueue"
+      "name": "starter",
+      "type": "durableClient",
+      "direction": "in"
     }
   ]
 }

UpdatePermissions/run.ps1

@@ -1,7 +1,16 @@
 # Input bindings are passed in via param block.
 param($Timer)
 
-$Tenants = get-tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantId }
-foreach ($Row in $Tenants) {
-    Push-OutputBinding -Name Msg -Value $row
-}
+try {
+    $Tenants = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantId } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ }
+
+    if (($Tenants | Measure-Object).Count -gt 0) {
+        $InputObject = [PSCustomObject]@{
+            OrchestratorName = 'UpdatePermissionsOrchestrator'
+            Batch            = @($Tenants)
+        }
+        #Write-Host ($InputObject | ConvertTo-Json)
+        $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5)
+        Write-Host "Started permissions orchestration with ID = '$InstanceId'"
+    }
+} catch {}