Add headless macOS CLI workflow

2026-04-08 15:18:32 +02:00
parent faffa95d8a
commit 8fe71c0078
12 changed files with 917 additions and 66 deletions
--- a/Headless/IntuneManagement.Headless.psm1
+++ b/Headless/IntuneManagement.Headless.psm1
@@ -0,0 +1,311 @@
+function Get-DefaultIntunePolicyObjectTypes
+{
+    @(
+        "DeviceConfiguration",
+        "SettingsCatalog",
+        "AdministrativeTemplates",
+        "CompliancePolicies",
+        "EndpointSecurity",
+        "PolicySets"
+    )
+}
+
+function Get-IntuneManagementProjectRoot
+{
+    Split-Path -Parent $PSScriptRoot
+}
+
+function Resolve-HeadlessSettingsPath
+{
+    param([string]$SettingsFile)
+
+    if($SettingsFile)
+    {
+        return $SettingsFile
+    }
+
+    Join-Path ([IO.Path]::GetTempPath()) "IntuneManagement.Settings.json"
+}
+
+function New-TemporaryBatchFile
+{
+    param([string]$Prefix)
+
+    Join-Path ([IO.Path]::GetTempPath()) ("IntuneManagement.{0}.{1}.json" -f $Prefix, [guid]::NewGuid().ToString())
+}
+
+function Test-AuthParameters
+{
+    param(
+        [string]$Secret,
+        [string]$Certificate
+    )
+
+    if((-not $Secret) -and (-not $Certificate))
+    {
+        throw "Specify -Secret or -Certificate."
+    }
+}
+
+function Invoke-IntuneHeadlessBatch
+{
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [Parameter(Mandatory = $true)]
+        [psobject]$BatchConfig,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile
+    )
+
+    Test-AuthParameters -Secret $Secret -Certificate $Certificate
+
+    $projectRoot = Get-IntuneManagementProjectRoot
+    $startScript = Join-Path $projectRoot "Start-IntuneManagement.ps1"
+
+    if(-not (Test-Path $startScript))
+    {
+        throw "Could not find Start-IntuneManagement.ps1 in $projectRoot"
+    }
+
+    $settingsPath = Resolve-HeadlessSettingsPath $SettingsFile
+
+    $deleteBatchFile = $false
+    if(-not $BatchFile)
+    {
+        $BatchFile = New-TemporaryBatchFile "Batch"
+        $deleteBatchFile = $true
+    }
+
+    try
+    {
+        $BatchConfig | ConvertTo-Json -Depth 20 | Out-File -LiteralPath $BatchFile -Encoding utf8 -Force
+
+        $invokeParams = @{
+            Silent = $true
+            JSonSettings = $true
+            JSonFile = $settingsPath
+            TenantId = $TenantId
+            AppId = $AppId
+            SilentBatchFile = $BatchFile
+        }
+
+        if($Secret)
+        {
+            $invokeParams.Secret = $Secret
+        }
+        else
+        {
+            $invokeParams.Certificate = $Certificate
+        }
+
+        & $startScript @invokeParams
+    }
+    finally
+    {
+        if($deleteBatchFile -and (Test-Path $BatchFile))
+        {
+            Remove-Item -LiteralPath $BatchFile -Force -ErrorAction SilentlyContinue
+        }
+    }
+}
+
+function Export-IntunePolicies
+{
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [Parameter(Mandatory = $true)]
+        [string]$ExportPath,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile,
+
+        [string]$NameFilter = "",
+
+        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
+
+        [switch]$IncludeAssignments,
+
+        [switch]$AddCompanyName
+    )
+
+    $batchConfig = [PSCustomObject]@{
+        BulkExport = @(
+            [PSCustomObject]@{ Name = "txtExportPath"; Value = $ExportPath },
+            [PSCustomObject]@{ Name = "txtExportNameFilter"; Value = $NameFilter },
+            [PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
+            [PSCustomObject]@{ Name = "chkExportAssignments"; Value = $IncludeAssignments.IsPresent },
+            [PSCustomObject]@{ Name = "chkAddCompanyName"; Value = $AddCompanyName.IsPresent },
+            [PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
+        )
+    }
+
+    Invoke-IntuneHeadlessBatch `
+        -TenantId $TenantId `
+        -AppId $AppId `
+        -Secret $Secret `
+        -Certificate $Certificate `
+        -BatchConfig $batchConfig `
+        -SettingsFile $SettingsFile `
+        -BatchFile $BatchFile
+}
+
+function Import-IntunePolicies
+{
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [Parameter(Mandatory = $true)]
+        [string]$ImportPath,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile,
+
+        [string]$NameFilter = "",
+
+        [ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
+        [string]$ImportType = "alwaysImport",
+
+        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
+
+        [switch]$IncludeAssignments,
+
+        [switch]$IncludeScopeTags,
+
+        [switch]$ReplaceDependencyIds
+    )
+
+    $batchConfig = [PSCustomObject]@{
+        BulkImport = @(
+            [PSCustomObject]@{ Name = "txtImportPath"; Value = $ImportPath },
+            [PSCustomObject]@{ Name = "txtImportNameFilter"; Value = $NameFilter },
+            [PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
+            [PSCustomObject]@{ Name = "chkImportScopes"; Value = $IncludeScopeTags.IsPresent },
+            [PSCustomObject]@{ Name = "chkImportAssignments"; Value = $IncludeAssignments.IsPresent },
+            [PSCustomObject]@{ Name = "chkReplaceDependencyIDs"; Value = $ReplaceDependencyIds.IsPresent },
+            [PSCustomObject]@{ Name = "cbImportType"; Value = $ImportType },
+            [PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
+        )
+    }
+
+    Invoke-IntuneHeadlessBatch `
+        -TenantId $TenantId `
+        -AppId $AppId `
+        -Secret $Secret `
+        -Certificate $Certificate `
+        -BatchConfig $batchConfig `
+        -SettingsFile $SettingsFile `
+        -BatchFile $BatchFile
+}
+
+function Invoke-IntunePolicyAction
+{
+    [CmdletBinding(DefaultParameterSetName = 'Export')]
+    param(
+        [Parameter(Mandatory = $true)]
+        [ValidateSet("Export","Import")]
+        [string]$Action,
+
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile,
+
+        [string]$NameFilter = "",
+
+        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
+
+        [string]$ExportPath,
+
+        [string]$ImportPath,
+
+        [ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
+        [string]$ImportType = "alwaysImport",
+
+        [switch]$IncludeAssignments,
+
+        [switch]$AddCompanyName,
+
+        [switch]$IncludeScopeTags,
+
+        [switch]$ReplaceDependencyIds
+    )
+
+    switch($Action)
+    {
+        "Export"
+        {
+            if(-not $ExportPath) { throw "Export requires -ExportPath." }
+            Export-IntunePolicies `
+                -TenantId $TenantId `
+                -AppId $AppId `
+                -Secret $Secret `
+                -Certificate $Certificate `
+                -ExportPath $ExportPath `
+                -SettingsFile $SettingsFile `
+                -BatchFile $BatchFile `
+                -NameFilter $NameFilter `
+                -ObjectTypes $ObjectTypes `
+                -IncludeAssignments:$IncludeAssignments `
+                -AddCompanyName:$AddCompanyName
+        }
+        "Import"
+        {
+            if(-not $ImportPath) { throw "Import requires -ImportPath." }
+            Import-IntunePolicies `
+                -TenantId $TenantId `
+                -AppId $AppId `
+                -Secret $Secret `
+                -Certificate $Certificate `
+                -ImportPath $ImportPath `
+                -SettingsFile $SettingsFile `
+                -BatchFile $BatchFile `
+                -NameFilter $NameFilter `
+                -ImportType $ImportType `
+                -ObjectTypes $ObjectTypes `
+                -IncludeAssignments:$IncludeAssignments `
+                -IncludeScopeTags:$IncludeScopeTags `
+                -ReplaceDependencyIds:$ReplaceDependencyIds
+        }
+    }
+}